2012-12-24 16:40:37 +00:00
|
|
|
/**
|
2011-12-20 18:20:44 +00:00
|
|
|
* Copyright (C) 2011 Whisper Systems
|
2012-12-24 16:40:37 +00:00
|
|
|
*
|
2011-12-20 18:20:44 +00:00
|
|
|
* This program is free software: you can redistribute it and/or modify
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
|
|
|
* the Free Software Foundation, either version 3 of the License, or
|
|
|
|
* (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
2012-12-24 16:40:37 +00:00
|
|
|
*
|
2011-12-20 18:20:44 +00:00
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
*/
|
|
|
|
package org.thoughtcrime.securesms.crypto;
|
|
|
|
|
2012-12-24 16:40:37 +00:00
|
|
|
import android.content.Context;
|
|
|
|
import android.database.Cursor;
|
2013-05-15 21:09:13 +00:00
|
|
|
import android.preference.PreferenceManager;
|
2012-12-24 16:40:37 +00:00
|
|
|
import android.util.Log;
|
2011-12-20 18:20:44 +00:00
|
|
|
|
2013-05-15 21:09:13 +00:00
|
|
|
import org.thoughtcrime.securesms.ApplicationPreferencesActivity;
|
2011-12-20 18:20:44 +00:00
|
|
|
import org.thoughtcrime.securesms.database.DatabaseFactory;
|
|
|
|
import org.thoughtcrime.securesms.database.EncryptingSmsDatabase;
|
Major storage layer refactoring to set the stage for clean GCM.
1) We now try to hand out cursors at a minimum. There has always been
a fairly clean insertion layer that handles encrypting message bodies,
but the process of decrypting message bodies has always been less than
ideal. Here we introduce a "Reader" interface that will decrypt message
bodies when appropriate and return objects that encapsulate record state.
No more MessageDisplayHelper. The MmsSmsDatabase interface is also more
sane.
2) We finally rid ourselves of the technical debt associated with TextSecure's
initial usage of the default SMS DB. In that world, we weren't able to use
anything other than the default "Inbox, Outbox, Sent" types to describe a
message, and had to overload the message content itself with a set of
local "prefixes" to describe what it was (encrypted, asymetric encrypted,
remote encrypted, a key exchange, procssed key exchange), and so on.
This includes a major schema update that transforms the "type" field into
a bitmask that describes everything that used to be encoded in a prefix,
and prefixes have been completely eliminated from the system.
No more Prefix.java
3) Refactoring of the MultipartMessageHandler code. It's less of a mess, and
hopefully more clear as to what's going on.
The next step is to remove what we can from SmsTransportDetails and genericize
that interface for a GCM equivalent.
2013-04-20 19:22:04 +00:00
|
|
|
import org.thoughtcrime.securesms.database.MmsDatabase;
|
2011-12-20 18:20:44 +00:00
|
|
|
import org.thoughtcrime.securesms.database.SmsDatabase;
|
Major storage layer refactoring to set the stage for clean GCM.
1) We now try to hand out cursors at a minimum. There has always been
a fairly clean insertion layer that handles encrypting message bodies,
but the process of decrypting message bodies has always been less than
ideal. Here we introduce a "Reader" interface that will decrypt message
bodies when appropriate and return objects that encapsulate record state.
No more MessageDisplayHelper. The MmsSmsDatabase interface is also more
sane.
2) We finally rid ourselves of the technical debt associated with TextSecure's
initial usage of the default SMS DB. In that world, we weren't able to use
anything other than the default "Inbox, Outbox, Sent" types to describe a
message, and had to overload the message content itself with a set of
local "prefixes" to describe what it was (encrypted, asymetric encrypted,
remote encrypted, a key exchange, procssed key exchange), and so on.
This includes a major schema update that transforms the "type" field into
a bitmask that describes everything that used to be encoded in a prefix,
and prefixes have been completely eliminated from the system.
No more Prefix.java
3) Refactoring of the MultipartMessageHandler code. It's less of a mess, and
hopefully more clear as to what's going on.
The next step is to remove what we can from SmsTransportDetails and genericize
that interface for a GCM equivalent.
2013-04-20 19:22:04 +00:00
|
|
|
import org.thoughtcrime.securesms.database.model.SmsMessageRecord;
|
2011-12-20 18:20:44 +00:00
|
|
|
import org.thoughtcrime.securesms.mms.TextTransport;
|
2013-02-08 19:57:54 +00:00
|
|
|
import org.thoughtcrime.securesms.notifications.MessageNotifier;
|
2011-12-20 18:20:44 +00:00
|
|
|
import org.thoughtcrime.securesms.recipients.Recipient;
|
|
|
|
import org.thoughtcrime.securesms.recipients.RecipientFactory;
|
|
|
|
import org.thoughtcrime.securesms.recipients.RecipientFormattingException;
|
|
|
|
import org.thoughtcrime.securesms.recipients.Recipients;
|
|
|
|
import org.thoughtcrime.securesms.sms.SmsTransportDetails;
|
|
|
|
import org.thoughtcrime.securesms.util.Hex;
|
2013-07-10 01:26:18 +00:00
|
|
|
import org.thoughtcrime.securesms.util.TextSecurePreferences;
|
2011-12-20 18:20:44 +00:00
|
|
|
import org.thoughtcrime.securesms.util.WorkerThread;
|
|
|
|
|
Major storage layer refactoring to set the stage for clean GCM.
1) We now try to hand out cursors at a minimum. There has always been
a fairly clean insertion layer that handles encrypting message bodies,
but the process of decrypting message bodies has always been less than
ideal. Here we introduce a "Reader" interface that will decrypt message
bodies when appropriate and return objects that encapsulate record state.
No more MessageDisplayHelper. The MmsSmsDatabase interface is also more
sane.
2) We finally rid ourselves of the technical debt associated with TextSecure's
initial usage of the default SMS DB. In that world, we weren't able to use
anything other than the default "Inbox, Outbox, Sent" types to describe a
message, and had to overload the message content itself with a set of
local "prefixes" to describe what it was (encrypted, asymetric encrypted,
remote encrypted, a key exchange, procssed key exchange), and so on.
This includes a major schema update that transforms the "type" field into
a bitmask that describes everything that used to be encoded in a prefix,
and prefixes have been completely eliminated from the system.
No more Prefix.java
3) Refactoring of the MultipartMessageHandler code. It's less of a mess, and
hopefully more clear as to what's going on.
The next step is to remove what we can from SmsTransportDetails and genericize
that interface for a GCM equivalent.
2013-04-20 19:22:04 +00:00
|
|
|
import java.io.IOException;
|
|
|
|
import java.util.LinkedList;
|
|
|
|
import java.util.List;
|
|
|
|
|
2011-12-20 18:20:44 +00:00
|
|
|
import ws.com.google.android.mms.ContentType;
|
|
|
|
import ws.com.google.android.mms.MmsException;
|
|
|
|
import ws.com.google.android.mms.pdu.MultimediaMessagePdu;
|
|
|
|
import ws.com.google.android.mms.pdu.PduParser;
|
2013-04-26 01:59:49 +00:00
|
|
|
import ws.com.google.android.mms.pdu.RetrieveConf;
|
2013-05-16 20:48:44 +00:00
|
|
|
import ws.com.google.android.mms.pdu.SendReq;
|
2012-12-24 16:40:37 +00:00
|
|
|
|
2011-12-20 18:20:44 +00:00
|
|
|
/**
|
|
|
|
* A work queue for processing a number of encryption operations.
|
2012-12-24 16:40:37 +00:00
|
|
|
*
|
2011-12-20 18:20:44 +00:00
|
|
|
* @author Moxie Marlinspike
|
|
|
|
*/
|
|
|
|
|
|
|
|
public class DecryptingQueue {
|
|
|
|
|
Major storage layer refactoring to set the stage for clean GCM.
1) We now try to hand out cursors at a minimum. There has always been
a fairly clean insertion layer that handles encrypting message bodies,
but the process of decrypting message bodies has always been less than
ideal. Here we introduce a "Reader" interface that will decrypt message
bodies when appropriate and return objects that encapsulate record state.
No more MessageDisplayHelper. The MmsSmsDatabase interface is also more
sane.
2) We finally rid ourselves of the technical debt associated with TextSecure's
initial usage of the default SMS DB. In that world, we weren't able to use
anything other than the default "Inbox, Outbox, Sent" types to describe a
message, and had to overload the message content itself with a set of
local "prefixes" to describe what it was (encrypted, asymetric encrypted,
remote encrypted, a key exchange, procssed key exchange), and so on.
This includes a major schema update that transforms the "type" field into
a bitmask that describes everything that used to be encoded in a prefix,
and prefixes have been completely eliminated from the system.
No more Prefix.java
3) Refactoring of the MultipartMessageHandler code. It's less of a mess, and
hopefully more clear as to what's going on.
The next step is to remove what we can from SmsTransportDetails and genericize
that interface for a GCM equivalent.
2013-04-20 19:22:04 +00:00
|
|
|
private static final List<Runnable> workQueue = new LinkedList<Runnable>();
|
2012-12-24 16:40:37 +00:00
|
|
|
|
2011-12-20 18:20:44 +00:00
|
|
|
static {
|
Major storage layer refactoring to set the stage for clean GCM.
1) We now try to hand out cursors at a minimum. There has always been
a fairly clean insertion layer that handles encrypting message bodies,
but the process of decrypting message bodies has always been less than
ideal. Here we introduce a "Reader" interface that will decrypt message
bodies when appropriate and return objects that encapsulate record state.
No more MessageDisplayHelper. The MmsSmsDatabase interface is also more
sane.
2) We finally rid ourselves of the technical debt associated with TextSecure's
initial usage of the default SMS DB. In that world, we weren't able to use
anything other than the default "Inbox, Outbox, Sent" types to describe a
message, and had to overload the message content itself with a set of
local "prefixes" to describe what it was (encrypted, asymetric encrypted,
remote encrypted, a key exchange, procssed key exchange), and so on.
This includes a major schema update that transforms the "type" field into
a bitmask that describes everything that used to be encoded in a prefix,
and prefixes have been completely eliminated from the system.
No more Prefix.java
3) Refactoring of the MultipartMessageHandler code. It's less of a mess, and
hopefully more clear as to what's going on.
The next step is to remove what we can from SmsTransportDetails and genericize
that interface for a GCM equivalent.
2013-04-20 19:22:04 +00:00
|
|
|
Thread workerThread = new WorkerThread(workQueue, "Async Decryption Thread");
|
2011-12-20 18:20:44 +00:00
|
|
|
workerThread.start();
|
2012-12-24 16:40:37 +00:00
|
|
|
}
|
|
|
|
|
Major storage layer refactoring to set the stage for clean GCM.
1) We now try to hand out cursors at a minimum. There has always been
a fairly clean insertion layer that handles encrypting message bodies,
but the process of decrypting message bodies has always been less than
ideal. Here we introduce a "Reader" interface that will decrypt message
bodies when appropriate and return objects that encapsulate record state.
No more MessageDisplayHelper. The MmsSmsDatabase interface is also more
sane.
2) We finally rid ourselves of the technical debt associated with TextSecure's
initial usage of the default SMS DB. In that world, we weren't able to use
anything other than the default "Inbox, Outbox, Sent" types to describe a
message, and had to overload the message content itself with a set of
local "prefixes" to describe what it was (encrypted, asymetric encrypted,
remote encrypted, a key exchange, procssed key exchange), and so on.
This includes a major schema update that transforms the "type" field into
a bitmask that describes everything that used to be encoded in a prefix,
and prefixes have been completely eliminated from the system.
No more Prefix.java
3) Refactoring of the MultipartMessageHandler code. It's less of a mess, and
hopefully more clear as to what's going on.
The next step is to remove what we can from SmsTransportDetails and genericize
that interface for a GCM equivalent.
2013-04-20 19:22:04 +00:00
|
|
|
public static void scheduleDecryption(Context context, MasterSecret masterSecret,
|
|
|
|
long messageId, long threadId, MultimediaMessagePdu mms)
|
|
|
|
{
|
2011-12-20 18:20:44 +00:00
|
|
|
MmsDecryptionItem runnable = new MmsDecryptionItem(context, masterSecret, messageId, threadId, mms);
|
|
|
|
synchronized (workQueue) {
|
|
|
|
workQueue.add(runnable);
|
|
|
|
workQueue.notifyAll();
|
|
|
|
}
|
|
|
|
}
|
2012-12-24 16:40:37 +00:00
|
|
|
|
Major storage layer refactoring to set the stage for clean GCM.
1) We now try to hand out cursors at a minimum. There has always been
a fairly clean insertion layer that handles encrypting message bodies,
but the process of decrypting message bodies has always been less than
ideal. Here we introduce a "Reader" interface that will decrypt message
bodies when appropriate and return objects that encapsulate record state.
No more MessageDisplayHelper. The MmsSmsDatabase interface is also more
sane.
2) We finally rid ourselves of the technical debt associated with TextSecure's
initial usage of the default SMS DB. In that world, we weren't able to use
anything other than the default "Inbox, Outbox, Sent" types to describe a
message, and had to overload the message content itself with a set of
local "prefixes" to describe what it was (encrypted, asymetric encrypted,
remote encrypted, a key exchange, procssed key exchange), and so on.
This includes a major schema update that transforms the "type" field into
a bitmask that describes everything that used to be encoded in a prefix,
and prefixes have been completely eliminated from the system.
No more Prefix.java
3) Refactoring of the MultipartMessageHandler code. It's less of a mess, and
hopefully more clear as to what's going on.
The next step is to remove what we can from SmsTransportDetails and genericize
that interface for a GCM equivalent.
2013-04-20 19:22:04 +00:00
|
|
|
public static void scheduleDecryption(Context context, MasterSecret masterSecret,
|
2013-05-15 21:09:13 +00:00
|
|
|
long messageId, long threadId, String originator,
|
|
|
|
String body, boolean isSecureMessage, boolean isKeyExchange)
|
Major storage layer refactoring to set the stage for clean GCM.
1) We now try to hand out cursors at a minimum. There has always been
a fairly clean insertion layer that handles encrypting message bodies,
but the process of decrypting message bodies has always been less than
ideal. Here we introduce a "Reader" interface that will decrypt message
bodies when appropriate and return objects that encapsulate record state.
No more MessageDisplayHelper. The MmsSmsDatabase interface is also more
sane.
2) We finally rid ourselves of the technical debt associated with TextSecure's
initial usage of the default SMS DB. In that world, we weren't able to use
anything other than the default "Inbox, Outbox, Sent" types to describe a
message, and had to overload the message content itself with a set of
local "prefixes" to describe what it was (encrypted, asymetric encrypted,
remote encrypted, a key exchange, procssed key exchange), and so on.
This includes a major schema update that transforms the "type" field into
a bitmask that describes everything that used to be encoded in a prefix,
and prefixes have been completely eliminated from the system.
No more Prefix.java
3) Refactoring of the MultipartMessageHandler code. It's less of a mess, and
hopefully more clear as to what's going on.
The next step is to remove what we can from SmsTransportDetails and genericize
that interface for a GCM equivalent.
2013-04-20 19:22:04 +00:00
|
|
|
{
|
2013-05-15 21:09:13 +00:00
|
|
|
DecryptionWorkItem runnable = new DecryptionWorkItem(context, masterSecret, messageId, threadId,
|
|
|
|
originator, body, isSecureMessage, isKeyExchange);
|
2011-12-20 18:20:44 +00:00
|
|
|
synchronized (workQueue) {
|
|
|
|
workQueue.add(runnable);
|
|
|
|
workQueue.notifyAll();
|
|
|
|
}
|
|
|
|
}
|
2012-12-24 16:40:37 +00:00
|
|
|
|
2011-12-20 18:20:44 +00:00
|
|
|
public static void schedulePendingDecrypts(Context context, MasterSecret masterSecret) {
|
|
|
|
Log.w("DecryptingQueue", "Processing pending decrypts...");
|
2012-12-24 16:40:37 +00:00
|
|
|
|
Major storage layer refactoring to set the stage for clean GCM.
1) We now try to hand out cursors at a minimum. There has always been
a fairly clean insertion layer that handles encrypting message bodies,
but the process of decrypting message bodies has always been less than
ideal. Here we introduce a "Reader" interface that will decrypt message
bodies when appropriate and return objects that encapsulate record state.
No more MessageDisplayHelper. The MmsSmsDatabase interface is also more
sane.
2) We finally rid ourselves of the technical debt associated with TextSecure's
initial usage of the default SMS DB. In that world, we weren't able to use
anything other than the default "Inbox, Outbox, Sent" types to describe a
message, and had to overload the message content itself with a set of
local "prefixes" to describe what it was (encrypted, asymetric encrypted,
remote encrypted, a key exchange, procssed key exchange), and so on.
This includes a major schema update that transforms the "type" field into
a bitmask that describes everything that used to be encoded in a prefix,
and prefixes have been completely eliminated from the system.
No more Prefix.java
3) Refactoring of the MultipartMessageHandler code. It's less of a mess, and
hopefully more clear as to what's going on.
The next step is to remove what we can from SmsTransportDetails and genericize
that interface for a GCM equivalent.
2013-04-20 19:22:04 +00:00
|
|
|
EncryptingSmsDatabase.Reader reader = null;
|
|
|
|
SmsMessageRecord record;
|
|
|
|
|
2011-12-20 18:20:44 +00:00
|
|
|
try {
|
Major storage layer refactoring to set the stage for clean GCM.
1) We now try to hand out cursors at a minimum. There has always been
a fairly clean insertion layer that handles encrypting message bodies,
but the process of decrypting message bodies has always been less than
ideal. Here we introduce a "Reader" interface that will decrypt message
bodies when appropriate and return objects that encapsulate record state.
No more MessageDisplayHelper. The MmsSmsDatabase interface is also more
sane.
2) We finally rid ourselves of the technical debt associated with TextSecure's
initial usage of the default SMS DB. In that world, we weren't able to use
anything other than the default "Inbox, Outbox, Sent" types to describe a
message, and had to overload the message content itself with a set of
local "prefixes" to describe what it was (encrypted, asymetric encrypted,
remote encrypted, a key exchange, procssed key exchange), and so on.
This includes a major schema update that transforms the "type" field into
a bitmask that describes everything that used to be encoded in a prefix,
and prefixes have been completely eliminated from the system.
No more Prefix.java
3) Refactoring of the MultipartMessageHandler code. It's less of a mess, and
hopefully more clear as to what's going on.
The next step is to remove what we can from SmsTransportDetails and genericize
that interface for a GCM equivalent.
2013-04-20 19:22:04 +00:00
|
|
|
reader = DatabaseFactory.getEncryptingSmsDatabase(context).getDecryptInProgressMessages(masterSecret);
|
2012-12-24 16:40:37 +00:00
|
|
|
|
Major storage layer refactoring to set the stage for clean GCM.
1) We now try to hand out cursors at a minimum. There has always been
a fairly clean insertion layer that handles encrypting message bodies,
but the process of decrypting message bodies has always been less than
ideal. Here we introduce a "Reader" interface that will decrypt message
bodies when appropriate and return objects that encapsulate record state.
No more MessageDisplayHelper. The MmsSmsDatabase interface is also more
sane.
2) We finally rid ourselves of the technical debt associated with TextSecure's
initial usage of the default SMS DB. In that world, we weren't able to use
anything other than the default "Inbox, Outbox, Sent" types to describe a
message, and had to overload the message content itself with a set of
local "prefixes" to describe what it was (encrypted, asymetric encrypted,
remote encrypted, a key exchange, procssed key exchange), and so on.
This includes a major schema update that transforms the "type" field into
a bitmask that describes everything that used to be encoded in a prefix,
and prefixes have been completely eliminated from the system.
No more Prefix.java
3) Refactoring of the MultipartMessageHandler code. It's less of a mess, and
hopefully more clear as to what's going on.
The next step is to remove what we can from SmsTransportDetails and genericize
that interface for a GCM equivalent.
2013-04-20 19:22:04 +00:00
|
|
|
while ((record = reader.getNext()) != null) {
|
|
|
|
scheduleDecryptFromCursor(context, masterSecret, record);
|
|
|
|
}
|
2011-12-20 18:20:44 +00:00
|
|
|
} finally {
|
Major storage layer refactoring to set the stage for clean GCM.
1) We now try to hand out cursors at a minimum. There has always been
a fairly clean insertion layer that handles encrypting message bodies,
but the process of decrypting message bodies has always been less than
ideal. Here we introduce a "Reader" interface that will decrypt message
bodies when appropriate and return objects that encapsulate record state.
No more MessageDisplayHelper. The MmsSmsDatabase interface is also more
sane.
2) We finally rid ourselves of the technical debt associated with TextSecure's
initial usage of the default SMS DB. In that world, we weren't able to use
anything other than the default "Inbox, Outbox, Sent" types to describe a
message, and had to overload the message content itself with a set of
local "prefixes" to describe what it was (encrypted, asymetric encrypted,
remote encrypted, a key exchange, procssed key exchange), and so on.
This includes a major schema update that transforms the "type" field into
a bitmask that describes everything that used to be encoded in a prefix,
and prefixes have been completely eliminated from the system.
No more Prefix.java
3) Refactoring of the MultipartMessageHandler code. It's less of a mess, and
hopefully more clear as to what's going on.
The next step is to remove what we can from SmsTransportDetails and genericize
that interface for a GCM equivalent.
2013-04-20 19:22:04 +00:00
|
|
|
if (reader != null)
|
|
|
|
reader.close();
|
2011-12-20 18:20:44 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
public static void scheduleRogueMessages(Context context, MasterSecret masterSecret, Recipient recipient) {
|
Major storage layer refactoring to set the stage for clean GCM.
1) We now try to hand out cursors at a minimum. There has always been
a fairly clean insertion layer that handles encrypting message bodies,
but the process of decrypting message bodies has always been less than
ideal. Here we introduce a "Reader" interface that will decrypt message
bodies when appropriate and return objects that encapsulate record state.
No more MessageDisplayHelper. The MmsSmsDatabase interface is also more
sane.
2) We finally rid ourselves of the technical debt associated with TextSecure's
initial usage of the default SMS DB. In that world, we weren't able to use
anything other than the default "Inbox, Outbox, Sent" types to describe a
message, and had to overload the message content itself with a set of
local "prefixes" to describe what it was (encrypted, asymetric encrypted,
remote encrypted, a key exchange, procssed key exchange), and so on.
This includes a major schema update that transforms the "type" field into
a bitmask that describes everything that used to be encoded in a prefix,
and prefixes have been completely eliminated from the system.
No more Prefix.java
3) Refactoring of the MultipartMessageHandler code. It's less of a mess, and
hopefully more clear as to what's going on.
The next step is to remove what we can from SmsTransportDetails and genericize
that interface for a GCM equivalent.
2013-04-20 19:22:04 +00:00
|
|
|
SmsDatabase.Reader reader = null;
|
|
|
|
SmsMessageRecord record;
|
2012-12-24 16:40:37 +00:00
|
|
|
|
2011-12-20 18:20:44 +00:00
|
|
|
try {
|
Major storage layer refactoring to set the stage for clean GCM.
1) We now try to hand out cursors at a minimum. There has always been
a fairly clean insertion layer that handles encrypting message bodies,
but the process of decrypting message bodies has always been less than
ideal. Here we introduce a "Reader" interface that will decrypt message
bodies when appropriate and return objects that encapsulate record state.
No more MessageDisplayHelper. The MmsSmsDatabase interface is also more
sane.
2) We finally rid ourselves of the technical debt associated with TextSecure's
initial usage of the default SMS DB. In that world, we weren't able to use
anything other than the default "Inbox, Outbox, Sent" types to describe a
message, and had to overload the message content itself with a set of
local "prefixes" to describe what it was (encrypted, asymetric encrypted,
remote encrypted, a key exchange, procssed key exchange), and so on.
This includes a major schema update that transforms the "type" field into
a bitmask that describes everything that used to be encoded in a prefix,
and prefixes have been completely eliminated from the system.
No more Prefix.java
3) Refactoring of the MultipartMessageHandler code. It's less of a mess, and
hopefully more clear as to what's going on.
The next step is to remove what we can from SmsTransportDetails and genericize
that interface for a GCM equivalent.
2013-04-20 19:22:04 +00:00
|
|
|
Cursor cursor = DatabaseFactory.getSmsDatabase(context).getEncryptedRogueMessages(recipient);
|
|
|
|
reader = DatabaseFactory.getEncryptingSmsDatabase(context).readerFor(masterSecret, cursor);
|
2012-12-24 16:40:37 +00:00
|
|
|
|
Major storage layer refactoring to set the stage for clean GCM.
1) We now try to hand out cursors at a minimum. There has always been
a fairly clean insertion layer that handles encrypting message bodies,
but the process of decrypting message bodies has always been less than
ideal. Here we introduce a "Reader" interface that will decrypt message
bodies when appropriate and return objects that encapsulate record state.
No more MessageDisplayHelper. The MmsSmsDatabase interface is also more
sane.
2) We finally rid ourselves of the technical debt associated with TextSecure's
initial usage of the default SMS DB. In that world, we weren't able to use
anything other than the default "Inbox, Outbox, Sent" types to describe a
message, and had to overload the message content itself with a set of
local "prefixes" to describe what it was (encrypted, asymetric encrypted,
remote encrypted, a key exchange, procssed key exchange), and so on.
This includes a major schema update that transforms the "type" field into
a bitmask that describes everything that used to be encoded in a prefix,
and prefixes have been completely eliminated from the system.
No more Prefix.java
3) Refactoring of the MultipartMessageHandler code. It's less of a mess, and
hopefully more clear as to what's going on.
The next step is to remove what we can from SmsTransportDetails and genericize
that interface for a GCM equivalent.
2013-04-20 19:22:04 +00:00
|
|
|
while ((record = reader.getNext()) != null) {
|
|
|
|
DatabaseFactory.getSmsDatabase(context).markAsDecrypting(record.getId());
|
|
|
|
scheduleDecryptFromCursor(context, masterSecret, record);
|
|
|
|
}
|
2011-12-20 18:20:44 +00:00
|
|
|
} finally {
|
Major storage layer refactoring to set the stage for clean GCM.
1) We now try to hand out cursors at a minimum. There has always been
a fairly clean insertion layer that handles encrypting message bodies,
but the process of decrypting message bodies has always been less than
ideal. Here we introduce a "Reader" interface that will decrypt message
bodies when appropriate and return objects that encapsulate record state.
No more MessageDisplayHelper. The MmsSmsDatabase interface is also more
sane.
2) We finally rid ourselves of the technical debt associated with TextSecure's
initial usage of the default SMS DB. In that world, we weren't able to use
anything other than the default "Inbox, Outbox, Sent" types to describe a
message, and had to overload the message content itself with a set of
local "prefixes" to describe what it was (encrypted, asymetric encrypted,
remote encrypted, a key exchange, procssed key exchange), and so on.
This includes a major schema update that transforms the "type" field into
a bitmask that describes everything that used to be encoded in a prefix,
and prefixes have been completely eliminated from the system.
No more Prefix.java
3) Refactoring of the MultipartMessageHandler code. It's less of a mess, and
hopefully more clear as to what's going on.
The next step is to remove what we can from SmsTransportDetails and genericize
that interface for a GCM equivalent.
2013-04-20 19:22:04 +00:00
|
|
|
if (reader != null)
|
|
|
|
reader.close();
|
2012-12-24 16:40:37 +00:00
|
|
|
}
|
2011-12-20 18:20:44 +00:00
|
|
|
}
|
2012-12-24 16:40:37 +00:00
|
|
|
|
Major storage layer refactoring to set the stage for clean GCM.
1) We now try to hand out cursors at a minimum. There has always been
a fairly clean insertion layer that handles encrypting message bodies,
but the process of decrypting message bodies has always been less than
ideal. Here we introduce a "Reader" interface that will decrypt message
bodies when appropriate and return objects that encapsulate record state.
No more MessageDisplayHelper. The MmsSmsDatabase interface is also more
sane.
2) We finally rid ourselves of the technical debt associated with TextSecure's
initial usage of the default SMS DB. In that world, we weren't able to use
anything other than the default "Inbox, Outbox, Sent" types to describe a
message, and had to overload the message content itself with a set of
local "prefixes" to describe what it was (encrypted, asymetric encrypted,
remote encrypted, a key exchange, procssed key exchange), and so on.
This includes a major schema update that transforms the "type" field into
a bitmask that describes everything that used to be encoded in a prefix,
and prefixes have been completely eliminated from the system.
No more Prefix.java
3) Refactoring of the MultipartMessageHandler code. It's less of a mess, and
hopefully more clear as to what's going on.
The next step is to remove what we can from SmsTransportDetails and genericize
that interface for a GCM equivalent.
2013-04-20 19:22:04 +00:00
|
|
|
private static void scheduleDecryptFromCursor(Context context, MasterSecret masterSecret,
|
|
|
|
SmsMessageRecord record)
|
|
|
|
{
|
|
|
|
long messageId = record.getId();
|
2013-05-15 21:09:13 +00:00
|
|
|
long threadId = record.getThreadId();
|
2013-04-30 18:14:01 +00:00
|
|
|
String body = record.getBody().getBody();
|
Major storage layer refactoring to set the stage for clean GCM.
1) We now try to hand out cursors at a minimum. There has always been
a fairly clean insertion layer that handles encrypting message bodies,
but the process of decrypting message bodies has always been less than
ideal. Here we introduce a "Reader" interface that will decrypt message
bodies when appropriate and return objects that encapsulate record state.
No more MessageDisplayHelper. The MmsSmsDatabase interface is also more
sane.
2) We finally rid ourselves of the technical debt associated with TextSecure's
initial usage of the default SMS DB. In that world, we weren't able to use
anything other than the default "Inbox, Outbox, Sent" types to describe a
message, and had to overload the message content itself with a set of
local "prefixes" to describe what it was (encrypted, asymetric encrypted,
remote encrypted, a key exchange, procssed key exchange), and so on.
This includes a major schema update that transforms the "type" field into
a bitmask that describes everything that used to be encoded in a prefix,
and prefixes have been completely eliminated from the system.
No more Prefix.java
3) Refactoring of the MultipartMessageHandler code. It's less of a mess, and
hopefully more clear as to what's going on.
The next step is to remove what we can from SmsTransportDetails and genericize
that interface for a GCM equivalent.
2013-04-20 19:22:04 +00:00
|
|
|
String originator = record.getIndividualRecipient().getNumber();
|
|
|
|
boolean isSecureMessage = record.isSecure();
|
2013-05-15 21:09:13 +00:00
|
|
|
boolean isKeyExchange = record.isKeyExchange();
|
2011-12-20 18:20:44 +00:00
|
|
|
|
2013-05-15 21:09:13 +00:00
|
|
|
scheduleDecryption(context, masterSecret, messageId, threadId,
|
|
|
|
originator, body, isSecureMessage, isKeyExchange);
|
2011-12-20 18:20:44 +00:00
|
|
|
}
|
2012-12-24 16:40:37 +00:00
|
|
|
|
2011-12-20 18:20:44 +00:00
|
|
|
private static class MmsDecryptionItem implements Runnable {
|
|
|
|
private long messageId;
|
|
|
|
private long threadId;
|
|
|
|
private Context context;
|
|
|
|
private MasterSecret masterSecret;
|
|
|
|
private MultimediaMessagePdu pdu;
|
2012-12-24 16:40:37 +00:00
|
|
|
|
Major storage layer refactoring to set the stage for clean GCM.
1) We now try to hand out cursors at a minimum. There has always been
a fairly clean insertion layer that handles encrypting message bodies,
but the process of decrypting message bodies has always been less than
ideal. Here we introduce a "Reader" interface that will decrypt message
bodies when appropriate and return objects that encapsulate record state.
No more MessageDisplayHelper. The MmsSmsDatabase interface is also more
sane.
2) We finally rid ourselves of the technical debt associated with TextSecure's
initial usage of the default SMS DB. In that world, we weren't able to use
anything other than the default "Inbox, Outbox, Sent" types to describe a
message, and had to overload the message content itself with a set of
local "prefixes" to describe what it was (encrypted, asymetric encrypted,
remote encrypted, a key exchange, procssed key exchange), and so on.
This includes a major schema update that transforms the "type" field into
a bitmask that describes everything that used to be encoded in a prefix,
and prefixes have been completely eliminated from the system.
No more Prefix.java
3) Refactoring of the MultipartMessageHandler code. It's less of a mess, and
hopefully more clear as to what's going on.
The next step is to remove what we can from SmsTransportDetails and genericize
that interface for a GCM equivalent.
2013-04-20 19:22:04 +00:00
|
|
|
public MmsDecryptionItem(Context context, MasterSecret masterSecret,
|
|
|
|
long messageId, long threadId, MultimediaMessagePdu pdu)
|
|
|
|
{
|
2011-12-20 18:20:44 +00:00
|
|
|
this.context = context;
|
|
|
|
this.masterSecret = masterSecret;
|
|
|
|
this.messageId = messageId;
|
|
|
|
this.threadId = threadId;
|
|
|
|
this.pdu = pdu;
|
|
|
|
}
|
2012-12-24 16:40:37 +00:00
|
|
|
|
2011-12-20 18:20:44 +00:00
|
|
|
private byte[] getEncryptedData() {
|
|
|
|
for (int i=0;i<pdu.getBody().getPartsNum();i++) {
|
|
|
|
Log.w("DecryptingQueue", "Content type (" + i + "): " + new String(pdu.getBody().getPart(i).getContentType()));
|
|
|
|
if (new String(pdu.getBody().getPart(i).getContentType()).equals(ContentType.TEXT_PLAIN)) {
|
|
|
|
return pdu.getBody().getPart(i).getData();
|
|
|
|
}
|
|
|
|
}
|
2012-12-24 16:40:37 +00:00
|
|
|
|
2011-12-20 18:20:44 +00:00
|
|
|
return null;
|
|
|
|
}
|
2012-12-24 16:40:37 +00:00
|
|
|
|
2013-02-08 19:57:54 +00:00
|
|
|
@Override
|
2011-12-20 18:20:44 +00:00
|
|
|
public void run() {
|
Major storage layer refactoring to set the stage for clean GCM.
1) We now try to hand out cursors at a minimum. There has always been
a fairly clean insertion layer that handles encrypting message bodies,
but the process of decrypting message bodies has always been less than
ideal. Here we introduce a "Reader" interface that will decrypt message
bodies when appropriate and return objects that encapsulate record state.
No more MessageDisplayHelper. The MmsSmsDatabase interface is also more
sane.
2) We finally rid ourselves of the technical debt associated with TextSecure's
initial usage of the default SMS DB. In that world, we weren't able to use
anything other than the default "Inbox, Outbox, Sent" types to describe a
message, and had to overload the message content itself with a set of
local "prefixes" to describe what it was (encrypted, asymetric encrypted,
remote encrypted, a key exchange, procssed key exchange), and so on.
This includes a major schema update that transforms the "type" field into
a bitmask that describes everything that used to be encoded in a prefix,
and prefixes have been completely eliminated from the system.
No more Prefix.java
3) Refactoring of the MultipartMessageHandler code. It's less of a mess, and
hopefully more clear as to what's going on.
The next step is to remove what we can from SmsTransportDetails and genericize
that interface for a GCM equivalent.
2013-04-20 19:22:04 +00:00
|
|
|
MmsDatabase database = DatabaseFactory.getMmsDatabase(context);
|
2012-12-24 16:40:37 +00:00
|
|
|
|
2011-12-20 18:20:44 +00:00
|
|
|
try {
|
|
|
|
String messageFrom = pdu.getFrom().getString();
|
2012-12-24 16:40:37 +00:00
|
|
|
Recipients recipients = RecipientFactory.getRecipientsFromString(context, messageFrom, false);
|
2011-12-20 18:20:44 +00:00
|
|
|
Recipient recipient = recipients.getPrimaryRecipient();
|
|
|
|
byte[] ciphertextPduBytes = getEncryptedData();
|
|
|
|
|
|
|
|
if (ciphertextPduBytes == null) {
|
|
|
|
Log.w("DecryptingQueue", "No encoded PNG data found on parts.");
|
|
|
|
database.markAsDecryptFailed(messageId, threadId);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!KeyUtil.isSessionFor(context, recipient)) {
|
|
|
|
Log.w("DecryptingQueue", "No such recipient session for MMS...");
|
|
|
|
database.markAsNoSession(messageId, threadId);
|
|
|
|
return;
|
|
|
|
}
|
2012-12-24 16:40:37 +00:00
|
|
|
|
2011-12-20 18:20:44 +00:00
|
|
|
byte[] plaintextPduBytes;
|
2012-12-24 16:40:37 +00:00
|
|
|
|
2011-12-20 18:20:44 +00:00
|
|
|
synchronized (SessionCipher.CIPHER_LOCK) {
|
|
|
|
Log.w("DecryptingQueue", "Decrypting: " + Hex.toString(ciphertextPduBytes));
|
2012-12-24 16:40:37 +00:00
|
|
|
SessionCipher cipher = new SessionCipher(context, masterSecret, recipient, new TextTransport());
|
2013-05-25 20:17:18 +00:00
|
|
|
try {
|
|
|
|
plaintextPduBytes = cipher.decryptMessage(ciphertextPduBytes);
|
|
|
|
} catch (InvalidMessageException ime) {
|
|
|
|
// XXX - For some reason, Sprint seems to append a single character to the
|
|
|
|
// end of message text segments. I don't know why, so here we just try
|
|
|
|
// truncating the message by one if the MAC fails.
|
|
|
|
if (ciphertextPduBytes.length > 2) {
|
|
|
|
Log.w("DecryptingQueue", "Attempting truncated decrypt...");
|
|
|
|
byte[] truncated = new byte[ciphertextPduBytes.length - 1];
|
|
|
|
System.arraycopy(ciphertextPduBytes, 0, truncated, 0, truncated.length);
|
|
|
|
plaintextPduBytes = cipher.decryptMessage(truncated);
|
|
|
|
} else {
|
|
|
|
throw ime;
|
|
|
|
}
|
|
|
|
}
|
2011-12-20 18:20:44 +00:00
|
|
|
}
|
2012-12-24 16:40:37 +00:00
|
|
|
|
2013-05-16 20:48:44 +00:00
|
|
|
MultimediaMessagePdu plaintextGenericPdu = (MultimediaMessagePdu)new PduParser(plaintextPduBytes).parse();
|
|
|
|
RetrieveConf plaintextPdu = new RetrieveConf(plaintextGenericPdu.getPduHeaders(),
|
|
|
|
plaintextGenericPdu.getBody());
|
2011-12-20 18:20:44 +00:00
|
|
|
Log.w("DecryptingQueue", "Successfully decrypted MMS!");
|
Major storage layer refactoring to set the stage for clean GCM.
1) We now try to hand out cursors at a minimum. There has always been
a fairly clean insertion layer that handles encrypting message bodies,
but the process of decrypting message bodies has always been less than
ideal. Here we introduce a "Reader" interface that will decrypt message
bodies when appropriate and return objects that encapsulate record state.
No more MessageDisplayHelper. The MmsSmsDatabase interface is also more
sane.
2) We finally rid ourselves of the technical debt associated with TextSecure's
initial usage of the default SMS DB. In that world, we weren't able to use
anything other than the default "Inbox, Outbox, Sent" types to describe a
message, and had to overload the message content itself with a set of
local "prefixes" to describe what it was (encrypted, asymetric encrypted,
remote encrypted, a key exchange, procssed key exchange), and so on.
This includes a major schema update that transforms the "type" field into
a bitmask that describes everything that used to be encoded in a prefix,
and prefixes have been completely eliminated from the system.
No more Prefix.java
3) Refactoring of the MultipartMessageHandler code. It's less of a mess, and
hopefully more clear as to what's going on.
The next step is to remove what we can from SmsTransportDetails and genericize
that interface for a GCM equivalent.
2013-04-20 19:22:04 +00:00
|
|
|
database.insertSecureDecryptedMessageInbox(masterSecret, plaintextPdu, threadId);
|
2012-12-24 16:40:37 +00:00
|
|
|
database.delete(messageId);
|
2011-12-20 18:20:44 +00:00
|
|
|
} catch (RecipientFormattingException rfe) {
|
|
|
|
Log.w("DecryptingQueue", rfe);
|
|
|
|
database.markAsDecryptFailed(messageId, threadId);
|
|
|
|
} catch (InvalidMessageException ime) {
|
|
|
|
Log.w("DecryptingQueue", ime);
|
2012-12-24 16:40:37 +00:00
|
|
|
database.markAsDecryptFailed(messageId, threadId);
|
2011-12-20 18:20:44 +00:00
|
|
|
} catch (MmsException mme) {
|
|
|
|
Log.w("DecryptingQueue", mme);
|
2012-12-24 16:40:37 +00:00
|
|
|
database.markAsDecryptFailed(messageId, threadId);
|
2011-12-20 18:20:44 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2012-12-24 16:40:37 +00:00
|
|
|
|
|
|
|
|
2011-12-20 18:20:44 +00:00
|
|
|
private static class DecryptionWorkItem implements Runnable {
|
2012-12-24 16:40:37 +00:00
|
|
|
|
2013-05-15 21:09:13 +00:00
|
|
|
private final long messageId;
|
|
|
|
private final long threadId;
|
|
|
|
private final Context context;
|
Major storage layer refactoring to set the stage for clean GCM.
1) We now try to hand out cursors at a minimum. There has always been
a fairly clean insertion layer that handles encrypting message bodies,
but the process of decrypting message bodies has always been less than
ideal. Here we introduce a "Reader" interface that will decrypt message
bodies when appropriate and return objects that encapsulate record state.
No more MessageDisplayHelper. The MmsSmsDatabase interface is also more
sane.
2) We finally rid ourselves of the technical debt associated with TextSecure's
initial usage of the default SMS DB. In that world, we weren't able to use
anything other than the default "Inbox, Outbox, Sent" types to describe a
message, and had to overload the message content itself with a set of
local "prefixes" to describe what it was (encrypted, asymetric encrypted,
remote encrypted, a key exchange, procssed key exchange), and so on.
This includes a major schema update that transforms the "type" field into
a bitmask that describes everything that used to be encoded in a prefix,
and prefixes have been completely eliminated from the system.
No more Prefix.java
3) Refactoring of the MultipartMessageHandler code. It's less of a mess, and
hopefully more clear as to what's going on.
The next step is to remove what we can from SmsTransportDetails and genericize
that interface for a GCM equivalent.
2013-04-20 19:22:04 +00:00
|
|
|
private final MasterSecret masterSecret;
|
2013-05-15 21:09:13 +00:00
|
|
|
private final String body;
|
|
|
|
private final String originator;
|
|
|
|
private final boolean isSecureMessage;
|
|
|
|
private final boolean isKeyExchange;
|
2012-12-24 16:40:37 +00:00
|
|
|
|
2013-05-15 21:09:13 +00:00
|
|
|
public DecryptionWorkItem(Context context, MasterSecret masterSecret, long messageId, long threadId,
|
|
|
|
String originator, String body, boolean isSecureMessage, boolean isKeyExchange)
|
Major storage layer refactoring to set the stage for clean GCM.
1) We now try to hand out cursors at a minimum. There has always been
a fairly clean insertion layer that handles encrypting message bodies,
but the process of decrypting message bodies has always been less than
ideal. Here we introduce a "Reader" interface that will decrypt message
bodies when appropriate and return objects that encapsulate record state.
No more MessageDisplayHelper. The MmsSmsDatabase interface is also more
sane.
2) We finally rid ourselves of the technical debt associated with TextSecure's
initial usage of the default SMS DB. In that world, we weren't able to use
anything other than the default "Inbox, Outbox, Sent" types to describe a
message, and had to overload the message content itself with a set of
local "prefixes" to describe what it was (encrypted, asymetric encrypted,
remote encrypted, a key exchange, procssed key exchange), and so on.
This includes a major schema update that transforms the "type" field into
a bitmask that describes everything that used to be encoded in a prefix,
and prefixes have been completely eliminated from the system.
No more Prefix.java
3) Refactoring of the MultipartMessageHandler code. It's less of a mess, and
hopefully more clear as to what's going on.
The next step is to remove what we can from SmsTransportDetails and genericize
that interface for a GCM equivalent.
2013-04-20 19:22:04 +00:00
|
|
|
{
|
2013-05-15 21:09:13 +00:00
|
|
|
this.context = context;
|
|
|
|
this.messageId = messageId;
|
|
|
|
this.threadId = threadId;
|
|
|
|
this.masterSecret = masterSecret;
|
|
|
|
this.body = body;
|
|
|
|
this.originator = originator;
|
Major storage layer refactoring to set the stage for clean GCM.
1) We now try to hand out cursors at a minimum. There has always been
a fairly clean insertion layer that handles encrypting message bodies,
but the process of decrypting message bodies has always been less than
ideal. Here we introduce a "Reader" interface that will decrypt message
bodies when appropriate and return objects that encapsulate record state.
No more MessageDisplayHelper. The MmsSmsDatabase interface is also more
sane.
2) We finally rid ourselves of the technical debt associated with TextSecure's
initial usage of the default SMS DB. In that world, we weren't able to use
anything other than the default "Inbox, Outbox, Sent" types to describe a
message, and had to overload the message content itself with a set of
local "prefixes" to describe what it was (encrypted, asymetric encrypted,
remote encrypted, a key exchange, procssed key exchange), and so on.
This includes a major schema update that transforms the "type" field into
a bitmask that describes everything that used to be encoded in a prefix,
and prefixes have been completely eliminated from the system.
No more Prefix.java
3) Refactoring of the MultipartMessageHandler code. It's less of a mess, and
hopefully more clear as to what's going on.
The next step is to remove what we can from SmsTransportDetails and genericize
that interface for a GCM equivalent.
2013-04-20 19:22:04 +00:00
|
|
|
this.isSecureMessage = isSecureMessage;
|
2013-05-15 21:09:13 +00:00
|
|
|
this.isKeyExchange = isKeyExchange;
|
2011-12-20 18:20:44 +00:00
|
|
|
}
|
2012-12-24 16:40:37 +00:00
|
|
|
|
2011-12-20 18:20:44 +00:00
|
|
|
private void handleRemoteAsymmetricEncrypt() {
|
|
|
|
EncryptingSmsDatabase database = DatabaseFactory.getEncryptingSmsDatabase(context);
|
|
|
|
String plaintextBody;
|
|
|
|
|
|
|
|
synchronized (SessionCipher.CIPHER_LOCK) {
|
|
|
|
try {
|
|
|
|
Log.w("DecryptingQueue", "Parsing recipient for originator: " + originator);
|
2012-12-24 16:40:37 +00:00
|
|
|
Recipients recipients = RecipientFactory.getRecipientsFromString(context, originator, false);
|
2011-12-20 18:20:44 +00:00
|
|
|
Recipient recipient = recipients.getPrimaryRecipient();
|
|
|
|
Log.w("DecryptingQueue", "Parsed Recipient: " + recipient.getNumber());
|
2012-12-24 16:40:37 +00:00
|
|
|
|
2011-12-20 18:20:44 +00:00
|
|
|
if (!KeyUtil.isSessionFor(context, recipient)) {
|
|
|
|
Log.w("DecryptingQueue", "No such recipient session...");
|
|
|
|
database.markAsNoSession(messageId);
|
|
|
|
return;
|
|
|
|
}
|
2012-12-24 16:40:37 +00:00
|
|
|
|
|
|
|
SessionCipher cipher = new SessionCipher(context, masterSecret, recipient, new SmsTransportDetails());
|
2011-12-20 18:20:44 +00:00
|
|
|
plaintextBody = new String(cipher.decryptMessage(body.getBytes()));
|
|
|
|
} catch (InvalidMessageException e) {
|
|
|
|
Log.w("DecryptionQueue", e);
|
|
|
|
database.markAsDecryptFailed(messageId);
|
|
|
|
return;
|
|
|
|
} catch (RecipientFormattingException e) {
|
|
|
|
Log.w("DecryptionQueue", e);
|
|
|
|
database.markAsDecryptFailed(messageId);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
Major storage layer refactoring to set the stage for clean GCM.
1) We now try to hand out cursors at a minimum. There has always been
a fairly clean insertion layer that handles encrypting message bodies,
but the process of decrypting message bodies has always been less than
ideal. Here we introduce a "Reader" interface that will decrypt message
bodies when appropriate and return objects that encapsulate record state.
No more MessageDisplayHelper. The MmsSmsDatabase interface is also more
sane.
2) We finally rid ourselves of the technical debt associated with TextSecure's
initial usage of the default SMS DB. In that world, we weren't able to use
anything other than the default "Inbox, Outbox, Sent" types to describe a
message, and had to overload the message content itself with a set of
local "prefixes" to describe what it was (encrypted, asymetric encrypted,
remote encrypted, a key exchange, procssed key exchange), and so on.
This includes a major schema update that transforms the "type" field into
a bitmask that describes everything that used to be encoded in a prefix,
and prefixes have been completely eliminated from the system.
No more Prefix.java
3) Refactoring of the MultipartMessageHandler code. It's less of a mess, and
hopefully more clear as to what's going on.
The next step is to remove what we can from SmsTransportDetails and genericize
that interface for a GCM equivalent.
2013-04-20 19:22:04 +00:00
|
|
|
database.updateMessageBody(masterSecret, messageId, plaintextBody);
|
2013-02-08 19:57:54 +00:00
|
|
|
MessageNotifier.updateNotification(context, masterSecret);
|
2011-12-20 18:20:44 +00:00
|
|
|
}
|
2012-12-24 16:40:37 +00:00
|
|
|
|
2011-12-20 18:20:44 +00:00
|
|
|
private void handleLocalAsymmetricEncrypt() {
|
|
|
|
EncryptingSmsDatabase database = DatabaseFactory.getEncryptingSmsDatabase(context);
|
|
|
|
String plaintextBody;
|
2012-12-24 16:40:37 +00:00
|
|
|
|
2011-12-20 18:20:44 +00:00
|
|
|
try {
|
|
|
|
AsymmetricMasterCipher asymmetricMasterCipher = new AsymmetricMasterCipher(MasterSecretUtil.getAsymmetricMasterSecret(context, masterSecret));
|
Major storage layer refactoring to set the stage for clean GCM.
1) We now try to hand out cursors at a minimum. There has always been
a fairly clean insertion layer that handles encrypting message bodies,
but the process of decrypting message bodies has always been less than
ideal. Here we introduce a "Reader" interface that will decrypt message
bodies when appropriate and return objects that encapsulate record state.
No more MessageDisplayHelper. The MmsSmsDatabase interface is also more
sane.
2) We finally rid ourselves of the technical debt associated with TextSecure's
initial usage of the default SMS DB. In that world, we weren't able to use
anything other than the default "Inbox, Outbox, Sent" types to describe a
message, and had to overload the message content itself with a set of
local "prefixes" to describe what it was (encrypted, asymetric encrypted,
remote encrypted, a key exchange, procssed key exchange), and so on.
This includes a major schema update that transforms the "type" field into
a bitmask that describes everything that used to be encoded in a prefix,
and prefixes have been completely eliminated from the system.
No more Prefix.java
3) Refactoring of the MultipartMessageHandler code. It's less of a mess, and
hopefully more clear as to what's going on.
The next step is to remove what we can from SmsTransportDetails and genericize
that interface for a GCM equivalent.
2013-04-20 19:22:04 +00:00
|
|
|
plaintextBody = asymmetricMasterCipher.decryptBody(body);
|
2013-05-15 21:09:13 +00:00
|
|
|
|
|
|
|
if (isKeyExchange) {
|
|
|
|
handleKeyExchangeProcessing(plaintextBody);
|
|
|
|
}
|
|
|
|
|
|
|
|
database.updateMessageBody(masterSecret, messageId, plaintextBody);
|
|
|
|
MessageNotifier.updateNotification(context, masterSecret);
|
2011-12-20 18:20:44 +00:00
|
|
|
} catch (InvalidMessageException ime) {
|
|
|
|
Log.w("DecryptionQueue", ime);
|
|
|
|
database.markAsDecryptFailed(messageId);
|
|
|
|
} catch (IOException e) {
|
|
|
|
Log.w("DecryptionQueue", e);
|
|
|
|
database.markAsDecryptFailed(messageId);
|
|
|
|
}
|
2013-05-15 21:09:13 +00:00
|
|
|
}
|
2012-12-24 16:40:37 +00:00
|
|
|
|
2013-05-15 21:09:13 +00:00
|
|
|
private void handleKeyExchangeProcessing(String plaintxtBody) {
|
2013-07-10 01:26:18 +00:00
|
|
|
if (TextSecurePreferences.isAutoRespondKeyExchangeEnabled(context)) {
|
2013-05-15 21:09:13 +00:00
|
|
|
try {
|
|
|
|
Recipient recipient = new Recipient(null, originator, null, null);
|
|
|
|
KeyExchangeMessage keyExchangeMessage = new KeyExchangeMessage(plaintxtBody);
|
|
|
|
KeyExchangeProcessor processor = new KeyExchangeProcessor(context, masterSecret, recipient);
|
|
|
|
|
|
|
|
Log.w("DecryptingQuue", "KeyExchange with fingerprint: " + keyExchangeMessage.getPublicKey().getFingerprint());
|
|
|
|
|
|
|
|
if (processor.isStale(keyExchangeMessage)) {
|
|
|
|
DatabaseFactory.getEncryptingSmsDatabase(context).markAsStaleKeyExchange(messageId);
|
2013-05-23 23:36:24 +00:00
|
|
|
} else if (processor.isTrusted(keyExchangeMessage)) {
|
2013-05-15 21:09:13 +00:00
|
|
|
DatabaseFactory.getEncryptingSmsDatabase(context).markAsProcessedKeyExchange(messageId);
|
|
|
|
processor.processKeyExchangeMessage(keyExchangeMessage, threadId);
|
|
|
|
}
|
|
|
|
} catch (InvalidVersionException e) {
|
|
|
|
Log.w("DecryptingQueue", e);
|
|
|
|
} catch (InvalidKeyException e) {
|
|
|
|
Log.w("DecryptingQueue", e);
|
|
|
|
}
|
|
|
|
}
|
2011-12-20 18:20:44 +00:00
|
|
|
}
|
2012-12-24 16:40:37 +00:00
|
|
|
|
2013-02-08 19:57:54 +00:00
|
|
|
@Override
|
2012-12-24 16:40:37 +00:00
|
|
|
public void run() {
|
Major storage layer refactoring to set the stage for clean GCM.
1) We now try to hand out cursors at a minimum. There has always been
a fairly clean insertion layer that handles encrypting message bodies,
but the process of decrypting message bodies has always been less than
ideal. Here we introduce a "Reader" interface that will decrypt message
bodies when appropriate and return objects that encapsulate record state.
No more MessageDisplayHelper. The MmsSmsDatabase interface is also more
sane.
2) We finally rid ourselves of the technical debt associated with TextSecure's
initial usage of the default SMS DB. In that world, we weren't able to use
anything other than the default "Inbox, Outbox, Sent" types to describe a
message, and had to overload the message content itself with a set of
local "prefixes" to describe what it was (encrypted, asymetric encrypted,
remote encrypted, a key exchange, procssed key exchange), and so on.
This includes a major schema update that transforms the "type" field into
a bitmask that describes everything that used to be encoded in a prefix,
and prefixes have been completely eliminated from the system.
No more Prefix.java
3) Refactoring of the MultipartMessageHandler code. It's less of a mess, and
hopefully more clear as to what's going on.
The next step is to remove what we can from SmsTransportDetails and genericize
that interface for a GCM equivalent.
2013-04-20 19:22:04 +00:00
|
|
|
if (isSecureMessage) {
|
|
|
|
handleRemoteAsymmetricEncrypt();
|
|
|
|
} else {
|
|
|
|
handleLocalAsymmetricEncrypt();
|
|
|
|
}
|
2011-12-20 18:20:44 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|