Commit Graph

1145 Commits

Author SHA1 Message Date
Moxie Marlinspike
9a0ed659f7 Initial support for sender keys. 2014-10-20 12:25:40 -07:00
Moxie Marlinspike
54612159be Update ed25519 extract and tests 2014-10-20 12:25:40 -07:00
Moxie Marlinspike
355d0be78a Introduce new simultaneous initiate strategy.
1) Fix bugs that prevented decrypt() from being non-transactional
   in some cases.

2) Introduce a new unified storage interface.

3) Transition simultaneous initiate from the "needs refresh"
   strategy to one that uses session state resurrection and
   promotion.
2014-10-20 12:25:40 -07:00
Moxie Marlinspike
73b75a4a27 Fix build. 2014-10-20 12:25:40 -07:00
Moxie Marlinspike
c4209a65e3 Don't assert on bad padding. 2014-10-20 12:25:40 -07:00
Moxie Marlinspike
9dce376780 Correctly handle formatting when "one time PreKey" is absent. 2014-10-20 12:25:40 -07:00
Moxie Marlinspike
07c61394e9 When processing PreKeyBundle, archive current session if it exists. 2014-10-20 12:25:40 -07:00
Moxie Marlinspike
3e287f930d Better thread safety for session building <-> use. 2014-10-20 12:25:40 -07:00
Moxie Marlinspike
7b1a37bd91 Make registration ID optionally extended. 2014-10-20 12:25:40 -07:00
Moxie Marlinspike
2db44a1578 Make generated PreKeyIds exclude both 0 and Medium.MAX_VALUE. 2014-10-20 12:25:40 -07:00
Moxie Marlinspike
006c9aae7b Only remove unsigned prekey if bundled message decrypts properly. 2014-10-20 12:25:39 -07:00
Moxie Marlinspike
b147a90463 This exception is never thrown. 2014-10-20 12:25:39 -07:00
Moxie Marlinspike
741171c49f Switch to CBC mode with a derived IV.
1) Since we're not CPU or space constrained (and are in fact
   padding), and since keystream reuse would be more catastrophic
   than IV reuse without chosen plaintext.
2014-10-20 12:25:39 -07:00
Moxie Marlinspike
c375ed8638 MIPS NDK support. Apparently there are mips devices... 2014-10-20 12:25:39 -07:00
Moxie Marlinspike
238f29c90a Updated to latest of Trevor's ref10-extract 2014-10-20 12:25:39 -07:00
Moxie Marlinspike
084f27a2e8 omg trevor 2014-10-20 12:25:39 -07:00
Moxie Marlinspike
27b5bf54cc Remove 1 mod 8. 2014-10-20 12:25:39 -07:00
Moxie Marlinspike
eda393b11c Minor refactoring and renaming. 2014-10-20 12:25:38 -07:00
Moxie Marlinspike
c330eef7b9 Make PreKeyWhisperMessage decrypt more reliably atomic. 2014-10-20 12:25:38 -07:00
Moxie Marlinspike
1eb3884b7a Update to latest ref10-extract ed25519 2014-10-20 12:25:38 -07:00
Moxie Marlinspike
5ea3b3038e Remove verification tag.
1) Remove verification tag from PreKeyWhisperMessage.

2) Include sender and recipient identity keys in the MAC of
   each WhisperMessage.
2014-10-20 12:25:38 -07:00
Moxie Marlinspike
641ac9aed9 Rename axolotl terminology.
1) ephemeralKey -> ratchetKey

2) Have the caller specify Alice/Bob orientation.

3) Reorganize verification tag.

4) Remove verification tag from key exchange messages, replace
   with signatures in both directions.
2014-10-20 12:25:38 -07:00
Moxie Marlinspike
82bd75fb75 Fix padding problem. 2014-10-20 12:25:38 -07:00
Moxie Marlinspike
c94a7b1eff Make sure "previous counter" is never negative. 2014-10-20 12:25:38 -07:00
Moxie Marlinspike
4caebdcd06 Update tests for new API. 2014-10-20 12:25:38 -07:00
Moxie Marlinspike
b3cece27d6 Update SessionCipher javadocs. 2014-10-20 12:25:38 -07:00
Moxie Marlinspike
819982af7b Rearrange decrypt API.
1) Change SessionBuilder to only establish sessions via
   KeyExchangeMessage and PreKeyBundles.

2) Change SessionCipher to decrypt either WhisperMessage
   or PreKeyWhisperMessage items, automatically building
   a session for the latter.

3) Change SessionCipher to tear down new sessions built
   with PreKeyWhisperMessages if the embedded WhsiperMessage
   fails to decrypt.
2014-10-20 12:25:38 -07:00
Moxie Marlinspike
42cf53e487 Rename "pendingPreKey" to "unacknowledgedPreKeyMessage" 2014-10-20 12:23:15 -07:00
Moxie Marlinspike
e0d2398ca5 Rename InitializationParameters -> AxolotlParameters 2014-10-20 12:23:14 -07:00
Moxie Marlinspike
3f299936bf Only create signed prekey if push registered. 2014-10-20 12:23:14 -07:00
Moxie Marlinspike
540592d71f Upgrade libaxolotl to the latest gradle plugin. 2014-10-20 12:23:14 -07:00
Moxie Marlinspike
5a9e5672d3 Updated README 2014-10-20 12:23:11 -07:00
Moxie Marlinspike
0a23b5fcd5 Added helper method for generating signed PreKeys. 2014-10-20 12:23:10 -07:00
Moxie Marlinspike
f0c22d593f Simplify/clarify internal interfaces and introduce optional types. 2014-10-20 12:23:10 -07:00
Moxie Marlinspike
5f5ddd7c26 Generate SignedPreKey records, improve SignedPreKey cleanup. 2014-10-20 12:23:08 -07:00
Moxie Marlinspike
144f269059 Upgrade curve25519-donna to latest. 2014-10-20 12:17:24 -07:00
Moxie Marlinspike
0d532afd8e Rename 'device key' to 'signed prekey'. 2014-10-20 12:17:24 -07:00
Moxie Marlinspike
07fd17ccda Add padding for push messages.
1) Use 'bit padding.'

1) By default, pad at 160 byte increments.
2014-10-20 12:17:23 -07:00
Moxie Marlinspike
fcaa3f0d73 Simplify HKDF interface. 2014-10-20 12:17:23 -07:00
Moxie Marlinspike
64b40df15b Add V3 support for KeyExchangeMessage case.
1) V3 KeyExchangeMessages can now contain signatures and
   verification tags.
2014-10-20 12:17:23 -07:00
Moxie Marlinspike
77ff9cece8 Add a 'verification tag' to incoming PreKeyWhisperMessage bundles. 2014-10-20 12:17:23 -07:00
Moxie Marlinspike
6326ef73f3 Split HKDF secret derivation and parsing. 2014-10-20 12:17:23 -07:00
Moxie Marlinspike
f29d1e6269 Add support for a compliant HKDF implementation. 2014-10-20 12:17:23 -07:00
Moxie Marlinspike
d6c5e92c9d Collapse RatchetingSessionV2 and RatchetingSessionV3. 2014-10-20 12:17:23 -07:00
Moxie Marlinspike
811479d168 Add first cut of protocol v3 support.
1) Use the new /v2/keys API for storing/retrieving prekey bundles.

2) For sessions built with PreKeyBundle and PreKeyWhisperMessage,
   use a v3 ratcheting session when available.
2014-10-20 12:17:23 -07:00
Moxie Marlinspike
2ed8d333d9 Add ed25519 2014-10-20 12:14:18 -07:00
Moxie Marlinspike
79020cd33c Better FS Locking. 2014-10-20 12:14:18 -07:00
Moxie Marlinspike
c8757c2134 Make helper static. 2014-10-20 12:14:18 -07:00
Moxie Marlinspike
2a65257182 Add serialization helpers for IdentityKeyPair. 2014-10-20 12:14:18 -07:00
Moxie Marlinspike
931605a1c4 Move identity key verification into libaxolotol. With tests. 2014-10-20 12:14:18 -07:00