73 Commits

Author SHA1 Message Date
Moxie Marlinspike
14b8f97de2 Reorganize session store load/store operations. 2014-10-20 12:14:17 -07:00
Moxie Marlinspike
d902c12941 Break core ratchet out into libaxolotol.
1) Break the core cryptography functions out into libaxolotol.

2) The objective for this code is a Java library that isn't
   dependent on any Android functions.  However, while the
   code has been separated from any Android functionality,
   it is still an 'android library project' because of the
   JNI.
2014-10-20 12:10:02 -07:00
Jake McGinty
34e147838a use apply for preferences instead of commit
// FREEBIE
2014-06-12 14:45:51 -07:00
Moxie Marlinspike
68747142d6 Add correct contextual menu options on 'Send' button.
[Send TextSecure message | Send unencrypted SMS | Send encrypted SMS]

// FREEBIE
2014-06-11 15:34:01 -07:00
Moxie Marlinspike
12d217991c Use dynamic PBE iteration count.
Fixes #184
Fixes #247
2014-06-03 17:59:11 -07:00
Moxie Marlinspike
0574ec170a Display legacy message error when V1 message is received. 2014-04-16 11:47:51 -07:00
Moxie Marlinspike
1d07ca3e6f Remove V1 code. 2014-04-16 11:47:51 -07:00
Moxie Marlinspike
5a3daf4846 Curve25519 keys to 1 mod 8 for ephemerals. 2014-04-02 22:10:51 -07:00
Moxie Marlinspike
fd1a18d2d0 Don't display duplicate push messages. 2014-04-02 22:10:50 -07:00
Moxie Marlinspike
ad5d6d5bb7 Add refresh path for PreKey queue. 2014-04-02 22:10:50 -07:00
Moxie Marlinspike
926d3c929f Handle simultaneous initiate protocol case.
1) Modify SessionRecord to store a list of "previous" sessions
   in addition to the current active session.  Previous sessions
   can be used for receiving messages, but not for sending
   messages.

2) When a possible "simultaneous initiate" is detected, push the
   current session onto the "previous session" stack instead of
   clearing it and starting over.

3) Additionally, mark the new session created on a received
   possible "simultaneous initiate" as stale for sending.  The
   next outgoing message would trigger a full prekey refresh.

4) Work to do: outgoing messages on the SMS transport should
   probably not use the existing session if it's marked stale
   for sending.  These messages need to fail and notify the user,
   similar to how we'll handle SMS fallback to push users before
   a prekey session is created.
2014-04-02 22:10:50 -07:00
Benjamin Albrecht
0f6c7660cb Use modern icons in info and alert dialogs for ICS+ 2014-03-01 14:42:12 +01:00
Moxie Marlinspike
19dddd7adf Support for an 'end session' protocol message.
1) On the push side, this message is a flag in PushMessageContent.
   Any secure message with that flag will terminate the current
   sessin.

2) On the SMS side, there is an "end session" wire type and
   the convention that a message with this wire type must be
   secure and contain the string "TERMINATE."
2014-02-19 13:50:32 -08:00
Jake McGinty
9d9a0ec218 collection of fixes based on comments/small aesthetic stuff // FREEBIE 2014-02-18 16:42:44 -08:00
Moxie Marlinspike
3999171377 Introduce registration-time ID for detecting stale sessions.
1) At registration time, a client generates a random ID and
   transmits to the the server.

2) The server provides that registration ID to any client
   that requests a prekey.

3) Clients include that registration ID in any
   PreKeyWhisperMessage.

4) Clients include that registration ID in their sendMessage
   API call to the server.

5) The server verifies that the registration ID included in
   an API call is the same as the current registration ID
   for the destination device.  Otherwise, it notifies the
   sender that their session is stale.
2014-02-18 12:51:23 -08:00
Moxie Marlinspike
e7e5bc0884 Verify identity keys on outgoing messages.
If PreKeyEntity identity key doesn't match local DB, fail
outgoing message and queue "incoming" identity key update
message for manual user approval.
2014-02-16 15:23:49 -08:00
Moxie Marlinspike
7c46f3cbf8 Fill in group creation actions 2014-02-13 17:10:20 -08:00
Moxie Marlinspike
0ace469d74 Support for multi-device.
1) In addition to the Recipient interface, there is now
   RecipientDevice.  A Recipient can have multiple corresponding
   RecipientDevices.  All addressing is done to a Recipient, but
   crypto sessions and transport delivery are done to
   RecipientDevice.

2) The Push transport handles the discovery and session setup
   of additional Recipient devices.

3) Some internal rejiggering of Groups.
2014-02-02 19:38:06 -08:00
Moxie Marlinspike
327ee4ff62 Remove unnecessary classes, up prekey limit to 100 2014-01-06 14:38:14 -08:00
Moxie Marlinspike
44092a3eff Support for Axolotl protocol.
1) Split code into v1 and v2 message paths.

2) Do the Axolotl protocol for v2.

3) Switch all v2 entities to protobuf.
2014-01-06 14:37:52 -08:00
Moxie Marlinspike
dadabdfaa8 Make UI responsive to UniversalTransport upgrades. 2014-01-06 14:36:23 -08:00
Moxie Marlinspike
c38a8aa699 Migrate to Curve25519.
1) Generate a Curve25519 identity key.

2) Use Curve25519 ephemerals and identities for v2 3DHE agreements.

3) Initiate v2 key exchange messages.

4) Accept v1 key exchange messages.

5) TOFU Curve25519 identities.
2014-01-06 14:36:22 -08:00
Moxie Marlinspike
dbc070cd65 Refactor the ciphertext message parsing and building. 2014-01-06 14:36:22 -08:00
Moxie Marlinspike
073b1f69e3 Rollbacks, v2 sms-transport key exchanges, push identity conflicts.
1) Stop protocol rollbacks.

2) Handle v2 version key exchange messages.

3) Handle identity key conflicts on prekeybundle messages.
2014-01-06 14:35:53 -08:00
Moxie Marlinspike
8f6590b738 Handle notifications and receiving push when locked. 2014-01-06 14:35:53 -08:00
Moxie Marlinspike
0dd36c64a4 Basic support for encrypted push-based attachments.
1) Move the attachment structures into the encrypted message body.

2) Encrypt attachments with symmetric keys transmitted in the
   encryptd attachment pointer structure.

3) Correctly handle asynchronous decryption and categorization of
   encrypted push messages.

TODO: Correct notification process and network/interruption
      retries.
2014-01-06 14:35:53 -08:00
Moxie Marlinspike
1bbcedabd4 Added SMS transport support for PreKeyBundle messages.
1) Added SMS transport support.

2) Keep track of whether a PreKeyBundle message has gotten
   a response, and send them as subsequent messages until
   one has been received.
2014-01-06 14:35:52 -08:00
Moxie Marlinspike
c3b8b62d32 Delete pre-key record when establishing agreement. 2014-01-06 14:35:52 -08:00
Moxie Marlinspike
43492b66c4 Rename EncryptedMessage 2014-01-06 14:35:52 -08:00
Moxie Marlinspike
7f642666dd Basic support for prekeybundle message delivery and receipt. 2014-01-06 14:35:52 -08:00
Moxie Marlinspike
1cc2762656 Refactor relationship between SessionCipher and Message. 2014-01-06 14:35:52 -08:00
Moxie Marlinspike
d1969412fb Move PreKey ids to be Mediums, generate in circular buffer. 2014-01-06 14:35:51 -08:00
Moxie Marlinspike
499de2d2bf Move prekey jsonifcation into the push code, add identity key. 2014-01-06 14:35:51 -08:00
Moxie Marlinspike
b8f663b69c Move common crypto classes into TextSecureLibrary.
1) Move all the crypto classes from securesms.crypto.

2) Move all the crypto storage from securesms.database.keys

3) Replace the old imported BC code with spongycastle.
2014-01-06 14:35:51 -08:00
Moxie Marlinspike
2042ca6cb7 Generate "prekeys" at push registration time.
This generates a large number of key exchange messages and
registers them with the server during signup.
2014-01-06 14:34:47 -08:00
Moxie Marlinspike
9287d413ac Support for incoming attachments.
1) Refactored MMS layer to use abstracted types.

2) Added support for retrieving attachment IDs.
2014-01-06 14:33:52 -08:00
Moxie Marlinspike
1ac06312a0 Move directory and push service socket into library. 2014-01-06 14:21:50 -08:00
Moxie Marlinspike
a200d29514 Move most of Util into library 2014-01-06 14:21:50 -08:00
Moxie Marlinspike
21eee19380 Split into library project and add shared preferences layer of indirection. 2014-01-06 14:20:59 -08:00
Simeon Morgan
4931d7327b Switch to two-space indentation, remove inline comments. 2013-11-14 17:53:38 +11:00
Simeon Morgan
adfa3c1b10 Optimised use of buffers when decrypting to avoid unnecessary array copying properly. 2013-11-12 13:37:57 +11:00
Simeon Morgan
3cc6344c8b Optimised use of buffers when decrypting to avoid unnecessary array copying 2013-11-12 13:31:30 +11:00
Simeon Morgan
546dd5485c Fix issue #410: DecryptingPartInputStream could return more data than requested, causing segfaults in BitmapFactory on Android 4.4. 2013-11-12 12:57:47 +11:00
Moxie Marlinspike
f26b9070f2 Update PRNG fix code sample.
Google updated their code sample to account for restrictive
SELinux configurations on some devices.
2013-10-13 04:06:58 -07:00
Moxie Marlinspike
b14d9d84ad Fix for Android PRNG bug.
There is apparently an Android vulnerability with the PRNG it
provides through the JCE. This uses their suggested code to patch
the PRNG, and provides the option to regenerate identity keys.

http://android-developers.blogspot.com/2013/08/some-securerandom-thoughts.html
2013-08-15 11:27:14 -07:00
Moxie Marlinspike
8281ef18d4 Fix for ShortBufferException problem introduced in Android 4.3
Not really sure how it's possible for the system to give us an
extra block of data, but it does if both the input and output
buffers are sized the same during the first decrypt.  This
fixes things, but I wish I better understood why it was broken.
2013-08-10 09:09:00 -07:00
Moxie Marlinspike
d97252d8d6 Add ability to disable local encryption passphrase. 2013-07-01 10:15:36 -07:00
Moxie Marlinspike
288b416988 Fix NPEs 2013-06-25 13:20:29 -07:00
Moxie Marlinspike
8524cc5598 Resolved a few MMS issues.
1) Fixed the "Unsupported Encoding!" problem.

2) Workaround for the Sprint issue, where the MMSC is adding a single
   extra byte to the end of each encrypted message.

3) Fixed the "large blob of base64 text" on encrypted MMS problem.
2013-06-15 09:06:15 -07:00
Moxie Marlinspike
24fc93e9ae Switch to a more heavily TOFU model for identity keys.
1) There is no longer a concept of "verified" or "unverified."
   Only "what we saw last time" and "different from last time."

2) Let's eliminate "verify session," since we're all about
   identity keys now.

3) Mark manually processed key exchanges as processed.
2013-05-23 16:36:24 -07:00