clean & refactor session protocol encryption

2025-08-11 20:47:42 +00:00 · 2021-03-12 13:37:16 +11:00
parent 60f51af295
commit 91f9138d62
21 changed files with 105 additions and 111 deletions
--- a/libsession/src/main/java/org/session/libsession/messaging/sending_receiving/MessageSenderEncryption.kt
+++ b/libsession/src/main/java/org/session/libsession/messaging/sending_receiving/MessageSenderEncryption.kt
@@ -1,11 +1,53 @@
 package org.session.libsession.messaging.sending_receiving

+import com.goterl.lazycode.lazysodium.LazySodiumAndroid
+import com.goterl.lazycode.lazysodium.SodiumAndroid
+import com.goterl.lazycode.lazysodium.interfaces.Box
+import com.goterl.lazycode.lazysodium.interfaces.Sign
+
 import org.session.libsession.messaging.MessagingConfiguration
+import org.session.libsession.messaging.sending_receiving.MessageSender.Error
+import org.session.libsession.utilities.KeyPairUtilities
+
+import org.session.libsignal.service.loki.utilities.removing05PrefixIfNeeded
+import org.session.libsignal.utilities.Hex
+import org.session.libsignal.utilities.logging.Log

 object MessageSenderEncryption {

-    internal fun encryptWithSessionProtocol(plaintext: ByteArray, recipientPublicKey: String): ByteArray{
-        return MessagingConfiguration.shared.sessionProtocol.encrypt(plaintext, recipientPublicKey)
+    private val sodium by lazy { LazySodiumAndroid(SodiumAndroid()) }
+
+    /**
+     * Encrypts `plaintext` using the Session protocol for `hexEncodedX25519PublicKey`.
+     *
+     * @param plaintext the plaintext to encrypt. Must already be padded.
+     * @param recipientHexEncodedX25519PublicKey the X25519 public key to encrypt for. Could be the Session ID of a user, or the public key of a closed group.
+     *
+     * @return the encrypted message.
+     */
+    internal fun encryptWithSessionProtocol(plaintext: ByteArray, recipientHexEncodedX25519PublicKey: String): ByteArray{
+        val context = MessagingConfiguration.shared.context
+        val userED25519KeyPair = KeyPairUtilities.getUserED25519KeyPair(context) ?: throw Error.NoUserED25519KeyPair
+        val recipientX25519PublicKey = Hex.fromStringCondensed(recipientHexEncodedX25519PublicKey.removing05PrefixIfNeeded())
+
+        val verificationData = plaintext + userED25519KeyPair.publicKey.asBytes + recipientX25519PublicKey
+        val signature = ByteArray(Sign.BYTES)
+        try {
+            sodium.cryptoSignDetached(signature, verificationData, verificationData.size.toLong(), userED25519KeyPair.secretKey.asBytes)
+        } catch (exception: Exception) {
+            Log.d("Loki", "Couldn't sign message due to error: $exception.")
+            throw Error.SigningFailed
+        }
+        val plaintextWithMetadata = plaintext + userED25519KeyPair.publicKey.asBytes + signature
+        val ciphertext = ByteArray(plaintextWithMetadata.size + Box.SEALBYTES)
+        try {
+            sodium.cryptoBoxSeal(ciphertext, plaintextWithMetadata, plaintextWithMetadata.size.toLong(), recipientX25519PublicKey)
+        } catch (exception: Exception) {
+            Log.d("Loki", "Couldn't encrypt message due to error: $exception.")
+            throw Error.EncryptionFailed
+        }
+
+        return ciphertext
    }

 }
--- a/libsession/src/main/java/org/session/libsession/utilities/IdentityKeyUtil.java
+++ b/libsession/src/main/java/org/session/libsession/utilities/IdentityKeyUtil.java
@@ -0,0 +1,111 @@
+/*
+ * Copyright (C) 2011 Whisper Systems
+ * Copyright (C) 2013 Open Whisper Systems
+ * 
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package org.session.libsession.utilities;
+
+import android.content.Context;
+import android.content.SharedPreferences;
+import android.content.SharedPreferences.Editor;
+import androidx.annotation.NonNull;
+
+import org.session.libsignal.libsignal.ecc.ECPublicKey;
+import org.session.libsignal.libsignal.IdentityKey;
+import org.session.libsignal.libsignal.IdentityKeyPair;
+import org.session.libsignal.libsignal.InvalidKeyException;
+import org.session.libsignal.libsignal.ecc.Curve;
+import org.session.libsignal.libsignal.ecc.ECKeyPair;
+import org.session.libsignal.libsignal.ecc.ECPrivateKey;
+
+import org.session.libsignal.utilities.Base64;
+
+import java.io.IOException;
+
+/**
+ * Utility class for working with identity keys.
+ * 
+ * @author Moxie Marlinspike
+ */
+public class IdentityKeyUtil {
+
+  private static final String MASTER_SECRET_UTIL_PREFERENCES_NAME = "SecureSMS-Preferences";
+
+  @SuppressWarnings("unused")
+  private static final String TAG = IdentityKeyUtil.class.getSimpleName();
+
+  public static final String IDENTITY_PUBLIC_KEY_PREF                    = "pref_identity_public_v3";
+  public static final String IDENTITY_PRIVATE_KEY_PREF                   = "pref_identity_private_v3";
+  public static final String ED25519_PUBLIC_KEY                          = "pref_ed25519_public_key";
+  public static final String ED25519_SECRET_KEY                          = "pref_ed25519_secret_key";
+  public static final String LOKI_SEED                                   = "loki_seed";
+
+  public static boolean hasIdentityKey(Context context) {
+    SharedPreferences preferences = context.getSharedPreferences(MASTER_SECRET_UTIL_PREFERENCES_NAME, 0);
+
+    return
+        preferences.contains(IDENTITY_PUBLIC_KEY_PREF) &&
+        preferences.contains(IDENTITY_PRIVATE_KEY_PREF);
+  }
+
+  public static @NonNull IdentityKey getIdentityKey(@NonNull Context context) {
+    if (!hasIdentityKey(context)) throw new AssertionError("There isn't one!");
+
+    try {
+      byte[] publicKeyBytes = Base64.decode(retrieve(context, IDENTITY_PUBLIC_KEY_PREF));
+      return new IdentityKey(publicKeyBytes, 0);
+    } catch (IOException | InvalidKeyException e) {
+      throw new AssertionError(e);
+    }
+  }
+
+  public static @NonNull IdentityKeyPair getIdentityKeyPair(@NonNull Context context) {
+    if (!hasIdentityKey(context)) throw new AssertionError("There isn't one!");
+
+    try {
+      IdentityKey  publicKey  = getIdentityKey(context);
+      ECPrivateKey privateKey = Curve.decodePrivatePoint(Base64.decode(retrieve(context, IDENTITY_PRIVATE_KEY_PREF)));
+
+      return new IdentityKeyPair(publicKey, privateKey);
+    } catch (IOException e) {
+      throw new AssertionError(e);
+    }
+  }
+
+  public static void generateIdentityKeyPair(@NonNull Context context) {
+    ECKeyPair keyPair = Curve.generateKeyPair();
+    ECPublicKey publicKey = keyPair.getPublicKey();
+    ECPrivateKey privateKey = keyPair.getPrivateKey();
+    save(context, IDENTITY_PUBLIC_KEY_PREF, Base64.encodeBytes(publicKey.serialize()));
+    save(context, IDENTITY_PRIVATE_KEY_PREF, Base64.encodeBytes(privateKey.serialize()));
+  }
+
+  public static String retrieve(Context context, String key) {
+    SharedPreferences preferences = context.getSharedPreferences(MASTER_SECRET_UTIL_PREFERENCES_NAME, 0);
+    return preferences.getString(key, null);
+  }
+
+  public static void save(Context context, String key, String value) {
+    SharedPreferences preferences   = context.getSharedPreferences(MASTER_SECRET_UTIL_PREFERENCES_NAME, 0);
+    Editor preferencesEditor        = preferences.edit();
+
+    preferencesEditor.putString(key, value);
+    if (!preferencesEditor.commit()) throw new AssertionError("failed to save identity key/value to shared preferences");
+  }
+
+  public static void delete(Context context, String key) {
+    context.getSharedPreferences(MASTER_SECRET_UTIL_PREFERENCES_NAME, 0).edit().remove(key).commit();
+  }
+}
--- a/libsession/src/main/java/org/session/libsession/utilities/KeyPairUtilities.kt
+++ b/libsession/src/main/java/org/session/libsession/utilities/KeyPairUtilities.kt
@@ -0,0 +1,60 @@
+package org.session.libsession.utilities
+
+import android.content.Context
+import com.goterl.lazycode.lazysodium.LazySodiumAndroid
+import com.goterl.lazycode.lazysodium.SodiumAndroid
+import com.goterl.lazycode.lazysodium.utils.Key
+import com.goterl.lazycode.lazysodium.utils.KeyPair
+import org.session.libsignal.utilities.Base64
+import org.session.libsignal.utilities.Hex
+import org.session.libsignal.libsignal.ecc.DjbECPrivateKey
+import org.session.libsignal.libsignal.ecc.DjbECPublicKey
+import org.session.libsignal.libsignal.ecc.ECKeyPair
+
+object KeyPairUtilities {
+
+    private val sodium by lazy { LazySodiumAndroid(SodiumAndroid()) }
+
+    fun generate(): KeyPairGenerationResult {
+        val seed = sodium.randomBytesBuf(16)
+        try {
+            return generate(seed)
+        } catch (exception: Exception) {
+            return generate()
+        }
+    }
+
+    fun generate(seed: ByteArray): KeyPairGenerationResult {
+        val padding = ByteArray(16) { 0 }
+        val ed25519KeyPair = sodium.cryptoSignSeedKeypair(seed + padding)
+        val sodiumX25519KeyPair = sodium.convertKeyPairEd25519ToCurve25519(ed25519KeyPair)
+        val x25519KeyPair = ECKeyPair(DjbECPublicKey(sodiumX25519KeyPair.publicKey.asBytes), DjbECPrivateKey(sodiumX25519KeyPair.secretKey.asBytes))
+        return KeyPairGenerationResult(seed, ed25519KeyPair, x25519KeyPair)
+    }
+
+    fun store(context: Context, seed: ByteArray, ed25519KeyPair: KeyPair, x25519KeyPair: ECKeyPair) {
+        IdentityKeyUtil.save(context, IdentityKeyUtil.LOKI_SEED, Hex.toStringCondensed(seed))
+        IdentityKeyUtil.save(context, IdentityKeyUtil.IDENTITY_PUBLIC_KEY_PREF, Base64.encodeBytes(x25519KeyPair.publicKey.serialize()))
+        IdentityKeyUtil.save(context, IdentityKeyUtil.IDENTITY_PRIVATE_KEY_PREF, Base64.encodeBytes(x25519KeyPair.privateKey.serialize()))
+        IdentityKeyUtil.save(context, IdentityKeyUtil.ED25519_PUBLIC_KEY, Base64.encodeBytes(ed25519KeyPair.publicKey.asBytes))
+        IdentityKeyUtil.save(context, IdentityKeyUtil.ED25519_SECRET_KEY, Base64.encodeBytes(ed25519KeyPair.secretKey.asBytes))
+    }
+
+    fun hasV2KeyPair(context: Context): Boolean {
+        return (IdentityKeyUtil.retrieve(context, IdentityKeyUtil.ED25519_SECRET_KEY) != null)
+    }
+
+    fun getUserED25519KeyPair(context: Context): KeyPair? {
+        val base64EncodedED25519PublicKey = IdentityKeyUtil.retrieve(context, IdentityKeyUtil.ED25519_PUBLIC_KEY) ?: return null
+        val base64EncodedED25519SecretKey = IdentityKeyUtil.retrieve(context, IdentityKeyUtil.ED25519_SECRET_KEY) ?: return null
+        val ed25519PublicKey = Key.fromBytes(Base64.decode(base64EncodedED25519PublicKey))
+        val ed25519SecretKey = Key.fromBytes(Base64.decode(base64EncodedED25519SecretKey))
+        return KeyPair(ed25519PublicKey, ed25519SecretKey)
+    }
+
+    data class KeyPairGenerationResult(
+            val seed: ByteArray,
+            val ed25519KeyPair: KeyPair,
+            val x25519KeyPair: ECKeyPair
+    )
+}