mirror of
https://github.com/oxen-io/session-android.git
synced 2024-12-22 07:57:30 +00:00
We need to force plaintext on key exchange messages.
This commit is contained in:
Moxie Marlinspike
parent
c5ed820590
commit
93c0fffc31
@ -58,7 +58,7 @@ public class KeyExchangeInitiator {
|
|||||||
LinkedList<Recipient> list = new LinkedList<Recipient>();
|
LinkedList<Recipient> list = new LinkedList<Recipient>();
|
||||||
list.add(recipient);
|
list.add(recipient);
|
||||||
|
|
||||||
MessageSender.send(context, masterSecret, new Recipients(list), -1, message.serialize(), false);
|
MessageSender.send(context, masterSecret, new Recipients(list), -1, message.serialize(), true);
|
||||||
}
|
}
|
||||||
|
|
||||||
private static boolean hasInitiatedSession(Context context, MasterSecret masterSecret, Recipient recipient) {
|
private static boolean hasInitiatedSession(Context context, MasterSecret masterSecret, Recipient recipient) {
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
/**
|
/**
|
||||||
* Copyright (C) 2011 Whisper Systems
|
* Copyright (C) 2011 Whisper Systems
|
||||||
*
|
*
|
||||||
* This program is free software: you can redistribute it and/or modify
|
* This program is free software: you can redistribute it and/or modify
|
||||||
* it under the terms of the GNU General Public License as published by
|
* it under the terms of the GNU General Public License as published by
|
||||||
* the Free Software Foundation, either version 3 of the License, or
|
* the Free Software Foundation, either version 3 of the License, or
|
||||||
@ -10,14 +10,15 @@
|
|||||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
* GNU General Public License for more details.
|
* GNU General Public License for more details.
|
||||||
*
|
*
|
||||||
* You should have received a copy of the GNU General Public License
|
* You should have received a copy of the GNU General Public License
|
||||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
*/
|
*/
|
||||||
package org.thoughtcrime.securesms.crypto;
|
package org.thoughtcrime.securesms.crypto;
|
||||||
|
|
||||||
import java.util.LinkedList;
|
import android.content.Context;
|
||||||
import java.util.List;
|
import android.content.Intent;
|
||||||
|
import android.util.Log;
|
||||||
|
|
||||||
import org.bouncycastle.util.Arrays;
|
import org.bouncycastle.util.Arrays;
|
||||||
import org.thoughtcrime.securesms.database.LocalKeyRecord;
|
import org.thoughtcrime.securesms.database.LocalKeyRecord;
|
||||||
@ -30,18 +31,17 @@ import org.thoughtcrime.securesms.service.KeyCachingService;
|
|||||||
import org.thoughtcrime.securesms.sms.MessageSender;
|
import org.thoughtcrime.securesms.sms.MessageSender;
|
||||||
import org.thoughtcrime.securesms.util.Conversions;
|
import org.thoughtcrime.securesms.util.Conversions;
|
||||||
|
|
||||||
import android.content.Context;
|
import java.util.LinkedList;
|
||||||
import android.content.Intent;
|
import java.util.List;
|
||||||
import android.util.Log;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* This class processes key exchange interactions.
|
* This class processes key exchange interactions.
|
||||||
*
|
*
|
||||||
* @author Moxie Marlinspike
|
* @author Moxie Marlinspike
|
||||||
*/
|
*/
|
||||||
|
|
||||||
public class KeyExchangeProcessor {
|
public class KeyExchangeProcessor {
|
||||||
|
|
||||||
public static final String SECURITY_UPDATE_EVENT = "org.thoughtcrime.securesms.KEY_EXCHANGE_UPDATE";
|
public static final String SECURITY_UPDATE_EVENT = "org.thoughtcrime.securesms.KEY_EXCHANGE_UPDATE";
|
||||||
|
|
||||||
private Context context;
|
private Context context;
|
||||||
@ -55,7 +55,7 @@ public class KeyExchangeProcessor {
|
|||||||
this.context = context;
|
this.context = context;
|
||||||
this.recipient = recipient;
|
this.recipient = recipient;
|
||||||
this.masterSecret = masterSecret;
|
this.masterSecret = masterSecret;
|
||||||
|
|
||||||
this.remoteKeyRecord = new RemoteKeyRecord(context, recipient);
|
this.remoteKeyRecord = new RemoteKeyRecord(context, recipient);
|
||||||
this.localKeyRecord = new LocalKeyRecord(context, masterSecret, recipient);
|
this.localKeyRecord = new LocalKeyRecord(context, masterSecret, recipient);
|
||||||
this.sessionRecord = new SessionRecord(context, masterSecret, recipient);
|
this.sessionRecord = new SessionRecord(context, masterSecret, recipient);
|
||||||
@ -64,19 +64,19 @@ public class KeyExchangeProcessor {
|
|||||||
public boolean hasCompletedSession() {
|
public boolean hasCompletedSession() {
|
||||||
return sessionRecord.getLocalFingerprint() != null;
|
return sessionRecord.getLocalFingerprint() != null;
|
||||||
}
|
}
|
||||||
|
|
||||||
public boolean hasSameSessionIdentity(KeyExchangeMessage message) {
|
public boolean hasSameSessionIdentity(KeyExchangeMessage message) {
|
||||||
return
|
return
|
||||||
(this.sessionRecord.getIdentityKey() != null) &&
|
(this.sessionRecord.getIdentityKey() != null) &&
|
||||||
(message.getIdentityKey() != null) &&
|
(message.getIdentityKey() != null) &&
|
||||||
(this.sessionRecord.getIdentityKey().equals(message.getIdentityKey()) &&
|
(this.sessionRecord.getIdentityKey().equals(message.getIdentityKey()) &&
|
||||||
!isRemoteKeyExchangeForExistingSession(message));
|
!isRemoteKeyExchangeForExistingSession(message));
|
||||||
}
|
}
|
||||||
|
|
||||||
public boolean hasInitiatedSession() {
|
public boolean hasInitiatedSession() {
|
||||||
return localKeyRecord.getCurrentKeyPair() != null;
|
return localKeyRecord.getCurrentKeyPair() != null;
|
||||||
}
|
}
|
||||||
|
|
||||||
private boolean needsResponseFromUs() {
|
private boolean needsResponseFromUs() {
|
||||||
return !hasInitiatedSession() || remoteKeyRecord.getCurrentRemoteKey() != null;
|
return !hasInitiatedSession() || remoteKeyRecord.getCurrentRemoteKey() != null;
|
||||||
}
|
}
|
||||||
@ -84,56 +84,56 @@ public class KeyExchangeProcessor {
|
|||||||
public boolean isRemoteKeyExchangeForExistingSession(KeyExchangeMessage message) {
|
public boolean isRemoteKeyExchangeForExistingSession(KeyExchangeMessage message) {
|
||||||
return Arrays.areEqual(message.getPublicKey().getFingerprintBytes(), sessionRecord.getRemoteFingerprint());
|
return Arrays.areEqual(message.getPublicKey().getFingerprintBytes(), sessionRecord.getRemoteFingerprint());
|
||||||
}
|
}
|
||||||
|
|
||||||
public boolean isLocalKeyExchangeForExistingSession(KeyExchangeMessage message) {
|
public boolean isLocalKeyExchangeForExistingSession(KeyExchangeMessage message) {
|
||||||
return Arrays.areEqual(message.getPublicKey().getFingerprintBytes(), sessionRecord.getLocalFingerprint());
|
return Arrays.areEqual(message.getPublicKey().getFingerprintBytes(), sessionRecord.getLocalFingerprint());
|
||||||
}
|
}
|
||||||
|
|
||||||
public boolean isStale(KeyExchangeMessage message) {
|
public boolean isStale(KeyExchangeMessage message) {
|
||||||
int responseKeyId = Conversions.highBitsToMedium(message.getPublicKey().getId());
|
int responseKeyId = Conversions.highBitsToMedium(message.getPublicKey().getId());
|
||||||
|
|
||||||
Log.w("KeyExchangeProcessor", "Key Exchange High ID Bits: " + responseKeyId);
|
Log.w("KeyExchangeProcessor", "Key Exchange High ID Bits: " + responseKeyId);
|
||||||
|
|
||||||
return responseKeyId != 0 &&
|
return responseKeyId != 0 &&
|
||||||
(localKeyRecord.getCurrentKeyPair() != null && localKeyRecord.getCurrentKeyPair().getId() != responseKeyId);
|
(localKeyRecord.getCurrentKeyPair() != null && localKeyRecord.getCurrentKeyPair().getId() != responseKeyId);
|
||||||
}
|
}
|
||||||
|
|
||||||
public boolean processKeyExchangeMessage(KeyExchangeMessage message, long threadId) {
|
public boolean processKeyExchangeMessage(KeyExchangeMessage message, long threadId) {
|
||||||
int initiateKeyId = Conversions.lowBitsToMedium(message.getPublicKey().getId());
|
int initiateKeyId = Conversions.lowBitsToMedium(message.getPublicKey().getId());
|
||||||
message.getPublicKey().setId(initiateKeyId);
|
message.getPublicKey().setId(initiateKeyId);
|
||||||
|
|
||||||
if (needsResponseFromUs()) {
|
if (needsResponseFromUs()) {
|
||||||
List<Recipient> recipients = new LinkedList<Recipient>();
|
List<Recipient> recipients = new LinkedList<Recipient>();
|
||||||
recipients.add(recipient);
|
recipients.add(recipient);
|
||||||
|
|
||||||
localKeyRecord = KeyUtil.initializeRecordFor(recipient, context, masterSecret);
|
localKeyRecord = KeyUtil.initializeRecordFor(recipient, context, masterSecret);
|
||||||
KeyExchangeMessage ourMessage = new KeyExchangeMessage(context, masterSecret, Math.min(Message.SUPPORTED_VERSION, message.getMaxVersion()), localKeyRecord, initiateKeyId);
|
KeyExchangeMessage ourMessage = new KeyExchangeMessage(context, masterSecret, Math.min(Message.SUPPORTED_VERSION, message.getMaxVersion()), localKeyRecord, initiateKeyId);
|
||||||
Log.w("KeyExchangeProcessor", "Responding with key exchange message fingerprint: " + ourMessage.getPublicKey().getFingerprint());
|
Log.w("KeyExchangeProcessor", "Responding with key exchange message fingerprint: " + ourMessage.getPublicKey().getFingerprint());
|
||||||
Log.w("KeyExchangeProcessor", "Which has a local key record fingerprint: " + localKeyRecord.getCurrentKeyPair().getPublicKey().getFingerprint());
|
Log.w("KeyExchangeProcessor", "Which has a local key record fingerprint: " + localKeyRecord.getCurrentKeyPair().getPublicKey().getFingerprint());
|
||||||
MessageSender.send(context, masterSecret, new Recipients(recipients), threadId, ourMessage.serialize(), false);
|
MessageSender.send(context, masterSecret, new Recipients(recipients), threadId, ourMessage.serialize(), true);
|
||||||
}
|
}
|
||||||
|
|
||||||
remoteKeyRecord.setCurrentRemoteKey(message.getPublicKey());
|
remoteKeyRecord.setCurrentRemoteKey(message.getPublicKey());
|
||||||
remoteKeyRecord.setLastRemoteKey(message.getPublicKey());
|
remoteKeyRecord.setLastRemoteKey(message.getPublicKey());
|
||||||
remoteKeyRecord.save();
|
remoteKeyRecord.save();
|
||||||
|
|
||||||
sessionRecord.setSessionId(localKeyRecord.getCurrentKeyPair().getPublicKey().getFingerprintBytes(),
|
sessionRecord.setSessionId(localKeyRecord.getCurrentKeyPair().getPublicKey().getFingerprintBytes(),
|
||||||
remoteKeyRecord.getCurrentRemoteKey().getFingerprintBytes());
|
remoteKeyRecord.getCurrentRemoteKey().getFingerprintBytes());
|
||||||
sessionRecord.setIdentityKey(message.getIdentityKey());
|
sessionRecord.setIdentityKey(message.getIdentityKey());
|
||||||
sessionRecord.setSessionVersion(Math.min(Message.SUPPORTED_VERSION, message.getMaxVersion()));
|
sessionRecord.setSessionVersion(Math.min(Message.SUPPORTED_VERSION, message.getMaxVersion()));
|
||||||
|
|
||||||
Log.w("KeyExchangeUtil", "Setting session version: " + Math.min(Message.SUPPORTED_VERSION, message.getMaxVersion()));
|
Log.w("KeyExchangeUtil", "Setting session version: " + Math.min(Message.SUPPORTED_VERSION, message.getMaxVersion()));
|
||||||
|
|
||||||
sessionRecord.save();
|
sessionRecord.save();
|
||||||
|
|
||||||
DecryptingQueue.scheduleRogueMessages(context, masterSecret, recipient);
|
DecryptingQueue.scheduleRogueMessages(context, masterSecret, recipient);
|
||||||
|
|
||||||
Intent intent = new Intent(SECURITY_UPDATE_EVENT);
|
Intent intent = new Intent(SECURITY_UPDATE_EVENT);
|
||||||
intent.putExtra("thread_id", threadId);
|
intent.putExtra("thread_id", threadId);
|
||||||
intent.setPackage(context.getPackageName());
|
intent.setPackage(context.getPackageName());
|
||||||
context.sendBroadcast(intent, KeyCachingService.KEY_PERMISSION);
|
context.sendBroadcast(intent, KeyCachingService.KEY_PERMISSION);
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user