private KeyExchangeMessage processInitiate(KeyExchangeMessage message)
{
uint flags = KeyExchangeMessage.RESPONSE_FLAG;
SessionRecord sessionRecord = sessionStore.LoadSession(remoteAddress);
if (message.getVersion() >= 3 &&
!Curve.verifySignature(message.getIdentityKey().getPublicKey(),
message.getBaseKey().serialize(),
message.getBaseKeySignature()))
{
throw new InvalidKeyException("Bad signature!");
}
SymmetricAxolotlParameters.Builder builder = SymmetricAxolotlParameters.newBuilder();
if (!sessionRecord.getSessionState().hasPendingKeyExchange())
{
builder.setOurIdentityKey(identityKeyStore.GetIdentityKeyPair())
.setOurBaseKey(Curve.generateKeyPair())
.setOurRatchetKey(Curve.generateKeyPair());
}
else
{
builder.setOurIdentityKey(sessionRecord.getSessionState().getPendingKeyExchangeIdentityKey())
.setOurBaseKey(sessionRecord.getSessionState().getPendingKeyExchangeBaseKey())
.setOurRatchetKey(sessionRecord.getSessionState().getPendingKeyExchangeRatchetKey());
flags |= KeyExchangeMessage.SIMULTAENOUS_INITIATE_FLAG;
}
builder.setTheirBaseKey(message.getBaseKey())
.setTheirRatchetKey(message.getRatchetKey())
.setTheirIdentityKey(message.getIdentityKey());
SymmetricAxolotlParameters parameters = builder.create();
if (!sessionRecord.isFresh()) sessionRecord.archiveCurrentState();
RatchetingSession.initializeSession(sessionRecord.getSessionState(),
Math.Min(message.getMaxVersion(), CiphertextMessage.CURRENT_VERSION),
parameters);
sessionStore.StoreSession(remoteAddress, sessionRecord);
identityKeyStore.SaveIdentity(remoteAddress.getName(), message.getIdentityKey());
byte[] baseKeySignature = Curve.calculateSignature(parameters.getOurIdentityKey().getPrivateKey(),
parameters.getOurBaseKey().getPublicKey().serialize());
return new KeyExchangeMessage(sessionRecord.getSessionState().getSessionVersion(),
message.getSequence(), flags,
parameters.getOurBaseKey().getPublicKey(),
baseKeySignature, parameters.getOurRatchetKey().getPublicKey(),
parameters.getOurIdentityKey().getPublicKey());
}
private void processResponse(KeyExchangeMessage message)
{
SessionRecord sessionRecord = sessionStore.LoadSession(remoteAddress);
SessionState sessionState = sessionRecord.getSessionState();
bool hasPendingKeyExchange = sessionState.hasPendingKeyExchange();
bool isSimultaneousInitiateResponse = message.isResponseForSimultaneousInitiate();
if (!hasPendingKeyExchange || sessionState.getPendingKeyExchangeSequence() != message.getSequence())
{
//Log.w(TAG, "No matching sequence for response. Is simultaneous initiate response: " + isSimultaneousInitiateResponse);
if (!isSimultaneousInitiateResponse) throw new StaleKeyExchangeException();
else return;
}
SymmetricAxolotlParameters.Builder parameters = SymmetricAxolotlParameters.newBuilder();
parameters.setOurBaseKey(sessionRecord.getSessionState().getPendingKeyExchangeBaseKey())
.setOurRatchetKey(sessionRecord.getSessionState().getPendingKeyExchangeRatchetKey())
.setOurIdentityKey(sessionRecord.getSessionState().getPendingKeyExchangeIdentityKey())
.setTheirBaseKey(message.getBaseKey())
.setTheirRatchetKey(message.getRatchetKey())
.setTheirIdentityKey(message.getIdentityKey());
if (!sessionRecord.isFresh()) sessionRecord.archiveCurrentState();
RatchetingSession.initializeSession(sessionRecord.getSessionState(),
Math.Min(message.getMaxVersion(), CiphertextMessage.CURRENT_VERSION),
parameters.create());
if (sessionRecord.getSessionState().getSessionVersion() >= 3 &&
!Curve.verifySignature(message.getIdentityKey().getPublicKey(),
message.getBaseKey().serialize(),
message.getBaseKeySignature()))
{
throw new InvalidKeyException("Base key signature doesn't match!");
}
sessionStore.StoreSession(remoteAddress, sessionRecord);
identityKeyStore.SaveIdentity(remoteAddress.getName(), message.getIdentityKey());
}
/**
* Build a new session from a {@link org.whispersystems.libaxolotl.protocol.KeyExchangeMessage}
* received from a remote client.
*
* @param message The received KeyExchangeMessage.
* @return The KeyExchangeMessage to respond with, or null if no response is necessary.
* @throws InvalidKeyException if the received KeyExchangeMessage is badly formatted.
*/
public KeyExchangeMessage process(KeyExchangeMessage message)
{
lock (SessionCipher.SESSION_LOCK)
{
if (!identityKeyStore.IsTrustedIdentity(remoteAddress.getName(), message.getIdentityKey()))
{
throw new UntrustedIdentityException(remoteAddress.getName(), message.getIdentityKey());
}
KeyExchangeMessage responseMessage = null;
if (message.isInitiate()) responseMessage = processInitiate(message);
else processResponse(message);
return responseMessage;
}
}
