private PreKeyBundle createBobPreKeyBundle(AxolotlStore bobStore)
{
ECKeyPair bobUnsignedPreKey = Curve.generateKeyPair();
uint bobUnsignedPreKeyId = (uint)new Random().Next((int)Medium.MAX_VALUE);
byte[] bobSignature = Curve.calculateSignature(bobStore.GetIdentityKeyPair().getPrivateKey(),
bobSignedPreKey.getPublicKey().serialize());
PreKeyBundle bobPreKeyBundle = new PreKeyBundle(1, 1,
bobUnsignedPreKeyId, bobUnsignedPreKey.getPublicKey(),
bobSignedPreKeyId, bobSignedPreKey.getPublicKey(),
bobSignature, bobStore.GetIdentityKeyPair().getPublicKey());
bobStore.StoreSignedPreKey(bobSignedPreKeyId, new SignedPreKeyRecord(bobSignedPreKeyId, DateUtil.currentTimeMillis(), bobSignedPreKey, bobSignature));
bobStore.StorePreKey(bobUnsignedPreKeyId, new PreKeyRecord(bobUnsignedPreKeyId, bobUnsignedPreKey));
return bobPreKeyBundle;
}
/**
* Build a new session from a {@link org.whispersystems.libaxolotl.state.PreKeyBundle} retrieved from
* a server.
*
* @param preKey A PreKey for the destination recipient, retrieved from a server.
* @throws InvalidKeyException when the {@link org.whispersystems.libaxolotl.state.PreKeyBundle} is
* badly formatted.
* @throws org.whispersystems.libaxolotl.UntrustedIdentityException when the sender's
* {@link IdentityKey} is not
* trusted.
*/
public void process(PreKeyBundle preKey)
{
lock (SessionCipher.SESSION_LOCK)
{
if (!identityKeyStore.IsTrustedIdentity(remoteAddress.getName(), preKey.getIdentityKey()))
{
throw new UntrustedIdentityException(remoteAddress.getName(), preKey.getIdentityKey());
}
if (preKey.getSignedPreKey() != null &&
!Curve.verifySignature(preKey.getIdentityKey().getPublicKey(),
preKey.getSignedPreKey().serialize(),
preKey.getSignedPreKeySignature()))
{
throw new InvalidKeyException("Invalid signature on device key!");
}
if (preKey.getSignedPreKey() == null && preKey.getPreKey() == null)
{
throw new InvalidKeyException("Both signed and unsigned prekeys are absent!");
}
bool supportsV3 = preKey.getSignedPreKey() != null;
SessionRecord sessionRecord = sessionStore.LoadSession(remoteAddress);
ECKeyPair ourBaseKey = Curve.generateKeyPair();
ECPublicKey theirSignedPreKey = supportsV3 ? preKey.getSignedPreKey() : preKey.getPreKey();
ECPublicKey test = preKey.getPreKey(); // TODO: cleanup
May<ECPublicKey> theirOneTimePreKey = (test == null) ? May<ECPublicKey>.NoValue : new May<ECPublicKey>(test);
May<uint> theirOneTimePreKeyId = theirOneTimePreKey.HasValue ? new May<uint>(preKey.getPreKeyId()) :
May<uint>.NoValue;
AliceAxolotlParameters.Builder parameters = AliceAxolotlParameters.newBuilder();
parameters.setOurBaseKey(ourBaseKey)
.setOurIdentityKey(identityKeyStore.GetIdentityKeyPair())
.setTheirIdentityKey(preKey.getIdentityKey())
.setTheirSignedPreKey(theirSignedPreKey)
.setTheirRatchetKey(theirSignedPreKey)
.setTheirOneTimePreKey(supportsV3 ? theirOneTimePreKey : May<ECPublicKey>.NoValue);
if (!sessionRecord.isFresh()) sessionRecord.archiveCurrentState();
RatchetingSession.initializeSession(sessionRecord.getSessionState(),
supportsV3 ? (uint)3 : 2,
parameters.create());
sessionRecord.getSessionState().setUnacknowledgedPreKeyMessage(theirOneTimePreKeyId, preKey.getSignedPreKeyId(), ourBaseKey.getPublicKey());
sessionRecord.getSessionState().setLocalRegistrationId(identityKeyStore.GetLocalRegistrationId());
sessionRecord.getSessionState().setRemoteRegistrationId(preKey.getRegistrationId());
sessionRecord.getSessionState().setAliceBaseKey(ourBaseKey.getPublicKey().serialize());
sessionStore.StoreSession(remoteAddress, sessionRecord);
identityKeyStore.SaveIdentity(remoteAddress.getName(), preKey.getIdentityKey());
}
}
private PreKeyBundle createAlicePreKeyBundle(AxolotlStore aliceStore)
{
ECKeyPair aliceUnsignedPreKey = Curve.generateKeyPair();
uint aliceUnsignedPreKeyId = (uint)new Random().Next((int)Medium.MAX_VALUE);
byte[] aliceSignature = Curve.calculateSignature(aliceStore.GetIdentityKeyPair().getPrivateKey(),
aliceSignedPreKey.getPublicKey().serialize());
PreKeyBundle alicePreKeyBundle = new PreKeyBundle(1, 1,
aliceUnsignedPreKeyId, aliceUnsignedPreKey.getPublicKey(),
aliceSignedPreKeyId, aliceSignedPreKey.getPublicKey(),
aliceSignature, aliceStore.GetIdentityKeyPair().getPublicKey());
aliceStore.StoreSignedPreKey(aliceSignedPreKeyId, new SignedPreKeyRecord(aliceSignedPreKeyId, DateUtil.currentTimeMillis(), aliceSignedPreKey, aliceSignature));
aliceStore.StorePreKey(aliceUnsignedPreKeyId, new PreKeyRecord(aliceUnsignedPreKeyId, aliceUnsignedPreKey));
return alicePreKeyBundle;
}
public void testBasicPreKeyV2()
{
AxolotlStore aliceStore = new TestInMemoryAxolotlStore();
SessionBuilder aliceSessionBuilder = new SessionBuilder(aliceStore, BOB_ADDRESS);
AxolotlStore bobStore = new TestInMemoryAxolotlStore();
ECKeyPair bobPreKeyPair = Curve.generateKeyPair();
PreKeyBundle bobPreKey = new PreKeyBundle(bobStore.GetLocalRegistrationId(), 1,
31337, bobPreKeyPair.getPublicKey(),
0, null, null,
bobStore.GetIdentityKeyPair().getPublicKey());
aliceSessionBuilder.process(bobPreKey);
Assert.IsTrue(aliceStore.ContainsSession(BOB_ADDRESS));
Assert.AreEqual((uint)2, aliceStore.LoadSession(BOB_ADDRESS).getSessionState().getSessionVersion());
String originalMessage = "L'homme est condamné à être libre";
SessionCipher aliceSessionCipher = new SessionCipher(aliceStore, BOB_ADDRESS);
CiphertextMessage outgoingMessage = aliceSessionCipher.encrypt(Encoding.UTF8.GetBytes(originalMessage));
Assert.AreEqual(CiphertextMessage.PREKEY_TYPE, outgoingMessage.getType());
PreKeyWhisperMessage incomingMessage = new PreKeyWhisperMessage(outgoingMessage.serialize());
bobStore.StorePreKey(31337, new PreKeyRecord(bobPreKey.getPreKeyId(), bobPreKeyPair));
SessionCipher bobSessionCipher = new SessionCipher(bobStore, ALICE_ADDRESS);
byte[] plaintext = bobSessionCipher.decrypt(incomingMessage);
Assert.IsTrue(bobStore.ContainsSession(ALICE_ADDRESS));
Assert.AreEqual((uint)2, bobStore.LoadSession(ALICE_ADDRESS).getSessionState().getSessionVersion());
Assert.AreEqual(originalMessage, Encoding.UTF8.GetString(plaintext));
CiphertextMessage bobOutgoingMessage = bobSessionCipher.encrypt(Encoding.UTF8.GetBytes(originalMessage));
Assert.AreEqual(CiphertextMessage.WHISPER_TYPE, bobOutgoingMessage.getType());
byte[] alicePlaintext = aliceSessionCipher.decrypt((WhisperMessage)bobOutgoingMessage);
Assert.AreEqual(originalMessage, Encoding.UTF8.GetString(alicePlaintext));
runInteraction(aliceStore, bobStore);
aliceStore = new TestInMemoryAxolotlStore();
aliceSessionBuilder = new SessionBuilder(aliceStore, BOB_ADDRESS);
aliceSessionCipher = new SessionCipher(aliceStore, BOB_ADDRESS);
bobPreKeyPair = Curve.generateKeyPair();
bobPreKey = new PreKeyBundle(bobStore.GetLocalRegistrationId(),
1, 31338, bobPreKeyPair.getPublicKey(),
0, null, null, bobStore.GetIdentityKeyPair().getPublicKey());
bobStore.StorePreKey(31338, new PreKeyRecord(bobPreKey.getPreKeyId(), bobPreKeyPair));
aliceSessionBuilder.process(bobPreKey);
outgoingMessage = aliceSessionCipher.encrypt(Encoding.UTF8.GetBytes(originalMessage));
try
{
bobSessionCipher.decrypt(new PreKeyWhisperMessage(outgoingMessage.serialize()));
throw new Exception("shouldn't be trusted!");
}
catch (UntrustedIdentityException uie)
{
bobStore.SaveIdentity(ALICE_ADDRESS.getName(), new PreKeyWhisperMessage(outgoingMessage.serialize()).getIdentityKey());
}
plaintext = bobSessionCipher.decrypt(new PreKeyWhisperMessage(outgoingMessage.serialize()));
Assert.AreEqual(originalMessage, Encoding.UTF8.GetString(plaintext));
bobPreKey = new PreKeyBundle(bobStore.GetLocalRegistrationId(), 1,
31337, Curve.generateKeyPair().getPublicKey(),
0, null, null,
aliceStore.GetIdentityKeyPair().getPublicKey());
try
{
aliceSessionBuilder.process(bobPreKey);
throw new Exception("shoulnd't be trusted!");
}
catch (UntrustedIdentityException uie)
{
// good
}
}
public void testOptionalOneTimePreKey()
{
AxolotlStore aliceStore = new TestInMemoryAxolotlStore();
SessionBuilder aliceSessionBuilder = new SessionBuilder(aliceStore, BOB_ADDRESS);
AxolotlStore bobStore = new TestInMemoryAxolotlStore();
ECKeyPair bobPreKeyPair = Curve.generateKeyPair();
ECKeyPair bobSignedPreKeyPair = Curve.generateKeyPair();
byte[] bobSignedPreKeySignature = Curve.calculateSignature(bobStore.GetIdentityKeyPair().getPrivateKey(),
bobSignedPreKeyPair.getPublicKey().serialize());
PreKeyBundle bobPreKey = new PreKeyBundle(bobStore.GetLocalRegistrationId(), 1,
0, null,
22, bobSignedPreKeyPair.getPublicKey(),
bobSignedPreKeySignature,
bobStore.GetIdentityKeyPair().getPublicKey());
aliceSessionBuilder.process(bobPreKey);
Assert.IsTrue(aliceStore.ContainsSession(BOB_ADDRESS));
Assert.AreEqual((uint)3, aliceStore.LoadSession(BOB_ADDRESS).getSessionState().getSessionVersion());
String originalMessage = "L'homme est condamné à être libre";
SessionCipher aliceSessionCipher = new SessionCipher(aliceStore, BOB_ADDRESS);
CiphertextMessage outgoingMessage = aliceSessionCipher.encrypt(Encoding.UTF8.GetBytes(originalMessage));
Assert.AreEqual(outgoingMessage.getType(), CiphertextMessage.PREKEY_TYPE);
PreKeyWhisperMessage incomingMessage = new PreKeyWhisperMessage(outgoingMessage.serialize());
Assert.IsFalse(incomingMessage.getPreKeyId().HasValue);
bobStore.StorePreKey(31337, new PreKeyRecord(bobPreKey.getPreKeyId(), bobPreKeyPair));
bobStore.StoreSignedPreKey(22, new SignedPreKeyRecord(22, DateUtil.currentTimeMillis(), bobSignedPreKeyPair, bobSignedPreKeySignature));
SessionCipher bobSessionCipher = new SessionCipher(bobStore, ALICE_ADDRESS);
byte[] plaintext = bobSessionCipher.decrypt(incomingMessage);
Assert.IsTrue(bobStore.ContainsSession(ALICE_ADDRESS));
Assert.AreEqual((uint)3, bobStore.LoadSession(ALICE_ADDRESS).getSessionState().getSessionVersion());
Assert.IsNotNull(bobStore.LoadSession(ALICE_ADDRESS).getSessionState().getAliceBaseKey());
Assert.AreEqual(originalMessage, Encoding.UTF8.GetString(plaintext));
}
public void testBadMessageBundle()
{
AxolotlStore aliceStore = new TestInMemoryAxolotlStore();
SessionBuilder aliceSessionBuilder = new SessionBuilder(aliceStore, BOB_ADDRESS);
AxolotlStore bobStore = new TestInMemoryAxolotlStore();
ECKeyPair bobPreKeyPair = Curve.generateKeyPair();
ECKeyPair bobSignedPreKeyPair = Curve.generateKeyPair();
byte[] bobSignedPreKeySignature = Curve.calculateSignature(bobStore.GetIdentityKeyPair().getPrivateKey(),
bobSignedPreKeyPair.getPublicKey().serialize());
PreKeyBundle bobPreKey = new PreKeyBundle(bobStore.GetLocalRegistrationId(), 1,
31337, bobPreKeyPair.getPublicKey(),
22, bobSignedPreKeyPair.getPublicKey(), bobSignedPreKeySignature,
bobStore.GetIdentityKeyPair().getPublicKey());
bobStore.StorePreKey(31337, new PreKeyRecord(bobPreKey.getPreKeyId(), bobPreKeyPair));
bobStore.StoreSignedPreKey(22, new SignedPreKeyRecord(22, DateUtil.currentTimeMillis(), bobSignedPreKeyPair, bobSignedPreKeySignature));
aliceSessionBuilder.process(bobPreKey);
String originalMessage = "L'homme est condamné à être libre";
SessionCipher aliceSessionCipher = new SessionCipher(aliceStore, BOB_ADDRESS);
CiphertextMessage outgoingMessageOne = aliceSessionCipher.encrypt(Encoding.UTF8.GetBytes(originalMessage));
Assert.AreEqual(CiphertextMessage.PREKEY_TYPE, outgoingMessageOne.getType());
byte[] goodMessage = outgoingMessageOne.serialize();
byte[] badMessage = new byte[goodMessage.Length];
Array.Copy(goodMessage, 0, badMessage, 0, badMessage.Length);
badMessage[badMessage.Length - 10] ^= 0x01;
PreKeyWhisperMessage incomingMessage = new PreKeyWhisperMessage(badMessage);
SessionCipher bobSessionCipher = new SessionCipher(bobStore, ALICE_ADDRESS);
byte[] plaintext = new byte[0];
try
{
plaintext = bobSessionCipher.decrypt(incomingMessage);
throw new Exception("Decrypt should have failed!");
}
catch (InvalidMessageException e)
{
// good.
}
Assert.IsTrue(bobStore.ContainsPreKey(31337));
plaintext = bobSessionCipher.decrypt(new PreKeyWhisperMessage(goodMessage));
Assert.AreEqual(originalMessage, Encoding.UTF8.GetString(plaintext));
Assert.IsFalse(bobStore.ContainsPreKey(31337));
}
public void testRepeatBundleMessageV3()
{
AxolotlStore aliceStore = new TestInMemoryAxolotlStore();
SessionBuilder aliceSessionBuilder = new SessionBuilder(aliceStore, BOB_ADDRESS);
AxolotlStore bobStore = new TestInMemoryAxolotlStore();
ECKeyPair bobPreKeyPair = Curve.generateKeyPair();
ECKeyPair bobSignedPreKeyPair = Curve.generateKeyPair();
byte[] bobSignedPreKeySignature = Curve.calculateSignature(bobStore.GetIdentityKeyPair().getPrivateKey(),
bobSignedPreKeyPair.getPublicKey().serialize());
PreKeyBundle bobPreKey = new PreKeyBundle(bobStore.GetLocalRegistrationId(), 1,
31337, bobPreKeyPair.getPublicKey(),
22, bobSignedPreKeyPair.getPublicKey(), bobSignedPreKeySignature,
bobStore.GetIdentityKeyPair().getPublicKey());
bobStore.StorePreKey(31337, new PreKeyRecord(bobPreKey.getPreKeyId(), bobPreKeyPair));
bobStore.StoreSignedPreKey(22, new SignedPreKeyRecord(22, DateUtil.currentTimeMillis(), bobSignedPreKeyPair, bobSignedPreKeySignature));
aliceSessionBuilder.process(bobPreKey);
String originalMessage = "L'homme est condamné à être libre";
SessionCipher aliceSessionCipher = new SessionCipher(aliceStore, BOB_ADDRESS);
CiphertextMessage outgoingMessageOne = aliceSessionCipher.encrypt(Encoding.UTF8.GetBytes(originalMessage));
CiphertextMessage outgoingMessageTwo = aliceSessionCipher.encrypt(Encoding.UTF8.GetBytes(originalMessage));
Assert.AreEqual(CiphertextMessage.PREKEY_TYPE, outgoingMessageOne.getType());
Assert.AreEqual(CiphertextMessage.PREKEY_TYPE, outgoingMessageTwo.getType());
PreKeyWhisperMessage incomingMessage = new PreKeyWhisperMessage(outgoingMessageOne.serialize());
SessionCipher bobSessionCipher = new SessionCipher(bobStore, ALICE_ADDRESS);
byte[] plaintext = bobSessionCipher.decrypt(incomingMessage);
Assert.AreEqual(originalMessage, Encoding.UTF8.GetString(plaintext));
CiphertextMessage bobOutgoingMessage = bobSessionCipher.encrypt(Encoding.UTF8.GetBytes(originalMessage));
byte[] alicePlaintext = aliceSessionCipher.decrypt(new WhisperMessage(bobOutgoingMessage.serialize()));
Assert.AreEqual(originalMessage, Encoding.UTF8.GetString(alicePlaintext));
// The test
PreKeyWhisperMessage incomingMessageTwo = new PreKeyWhisperMessage(outgoingMessageTwo.serialize());
plaintext = bobSessionCipher.decrypt(new PreKeyWhisperMessage(incomingMessageTwo.serialize()));
Assert.AreEqual(originalMessage, Encoding.UTF8.GetString(plaintext));
bobOutgoingMessage = bobSessionCipher.encrypt(Encoding.UTF8.GetBytes(originalMessage));
alicePlaintext = aliceSessionCipher.decrypt(new WhisperMessage(bobOutgoingMessage.serialize()));
Assert.AreEqual(originalMessage, Encoding.UTF8.GetString(alicePlaintext));
}
public void testBadSignedPreKeySignature()
{
AxolotlStore aliceStore = new TestInMemoryAxolotlStore();
SessionBuilder aliceSessionBuilder = new SessionBuilder(aliceStore, BOB_ADDRESS);
IdentityKeyStore bobIdentityKeyStore = new TestInMemoryIdentityKeyStore();
ECKeyPair bobPreKeyPair = Curve.generateKeyPair();
ECKeyPair bobSignedPreKeyPair = Curve.generateKeyPair();
byte[] bobSignedPreKeySignature = Curve.calculateSignature(bobIdentityKeyStore.GetIdentityKeyPair().getPrivateKey(),
bobSignedPreKeyPair.getPublicKey().serialize());
for (int i = 0; i < bobSignedPreKeySignature.Length * 8; i++)
{
byte[] modifiedSignature = new byte[bobSignedPreKeySignature.Length];
Array.Copy(bobSignedPreKeySignature, 0, modifiedSignature, 0, modifiedSignature.Length);
modifiedSignature[i / 8] ^= (byte)(0x01 << (i % 8));
PreKeyBundle bobPreKey = new PreKeyBundle(bobIdentityKeyStore.GetLocalRegistrationId(), 1,
31337, bobPreKeyPair.getPublicKey(),
22, bobSignedPreKeyPair.getPublicKey(), modifiedSignature,
bobIdentityKeyStore.GetIdentityKeyPair().getPublicKey());
try
{
aliceSessionBuilder.process(bobPreKey);
throw new Exception("Accepted modified device key signature!");
}
catch (InvalidKeyException ike)
{
// good
}
}
PreKeyBundle bobPreKey2 = new PreKeyBundle(bobIdentityKeyStore.GetLocalRegistrationId(), 1,
31337, bobPreKeyPair.getPublicKey(),
22, bobSignedPreKeyPair.getPublicKey(), bobSignedPreKeySignature,
bobIdentityKeyStore.GetIdentityKeyPair().getPublicKey());
aliceSessionBuilder.process(bobPreKey2);
}
/// <summary>
/// Start a session for communicating with a remote party.
/// </summary>
/// <param name="remoteAddress">Remote party</param>
/// <param name="preKey">Pre Key for that remote party, pulled from the server (or pulled from memory, like in this demo).</param>
public void SetupSession(AxolotlAddress remoteAddress, PreKeyBundle preKey)
{
sessionBuilder = new SessionBuilder(axolotlStore, remoteAddress);
sessionBuilder.process(preKey);
sessionCipher = new SessionCipher(axolotlStore, remoteAddress);
}
/// <summary>
/// Instead of calling a real server on the Internet, alice or bob can ask the each others' axolotlStore objects to give them a signed prekey.
/// </summary>
/// <returns>A signed pre key for THIS user</returns>
public PreKeyBundle GetMySignedPreKey()
{
PreKeyBundle bundle = new PreKeyBundle(
registrationId, DEVICE_ID,
0, null,
signedPreKey.getId(), signedPreKey.getKeyPair().getPublicKey(), signedPreKey.getSignature(),
identityKeyPair.getPublicKey());
return bundle;
}