Commit Graph

1362 Commits

Author SHA1 Message Date
Moxie Marlinspike
e7b6a852c5 Fix bug caused by 1mod8 compatibility issue.
In the switch from v3, we bind identities in the message MAC
instead of doing the 1mod8 trick.  Since identity keys were
never set as 1mod8, it seemed like we could just remove it.

However, PreKeys are durable.  If an old client upgrades to v3,
it has a bunch of keys that *were* set to 1mod8 floating around.
The Curve25519 donna code re-sets the private key bits on every
operation, which results in a different key, and breaks the output
of an agreement.

So now we don't intentionally generate keys with 1mod8, but we
have to remove the donna code to honor existing 1mod8 keys for
the rest of time.  Trevor is squarely to blame.

// FREEBIE
2014-10-23 17:11:46 -07:00
Moxie Marlinspike
9dfaf19516 Merge pull request #2028 from mcginty/revert-generic-contenttype
revert content-type generics
2014-10-22 19:37:45 -07:00
Jake McGinty
34aece0b43 revert content-type generics
// FREEBIE
2014-10-22 19:37:04 -07:00
Moxie Marlinspike
9768de2d5e Short circuit self-send.
// FREEBIE
2014-10-22 18:28:03 -07:00
Moxie Marlinspike
c3eb0ea9db Check job requirements are satisfied in between retry iterations.
// FREEBIE
2014-10-21 13:50:38 -07:00
Moxie Marlinspike
4cdc0a3e61 Make signed prekey generation happen through the job queue. 2014-10-21 12:47:08 -07:00
Moxie Marlinspike
b568ce70b2 Make delivery receipts work correctly for groups. 2014-10-20 21:06:34 -07:00
Moxie Marlinspike
18b0601990 Dependency updates and gradle housekeeping. 2014-10-20 21:06:09 -07:00
Moxie Marlinspike
b308996885 Switch to using our own JobManager.
// FREEBIE
2014-10-20 19:13:06 -07:00
Moxie Marlinspike
73d896f378 Index shouldn't be unique. 2014-10-20 19:02:42 -07:00
Moxie Marlinspike
36ec1d84a1 Implement delivery receipts.
1) Support a "receipt" push message type.

2) Identify messages by timestamp.

3) Introduce a JobManager to handle the queue for network
   dependent jobs.
2014-10-20 19:02:42 -07:00
Moxie Marlinspike
8d6b9ae43e Incorporate PR feedback. Add license and eliminate duplicate code.
// FREEBIE
2014-10-20 18:38:52 -07:00
Moxie Marlinspike
a95cc0eba2 Switch to byte array.
// FREEBIE
2014-10-20 18:35:45 -07:00
Moxie Marlinspike
58d101ff2e Support for job "group ids."
A job can specify a group id, and jobs with the same group id
will run sequentially.
2014-10-20 18:35:45 -07:00
Moxie Marlinspike
544f06451f Persistent job queue, derivative of android-priority-jobqueue.
// FREEBIE
2014-10-20 18:35:45 -07:00
Moxie Marlinspike
20cf775b1e Fix up routing activity actions. 2014-10-20 14:55:34 -07:00
Moxie Marlinspike
5fcc135f81 Make sure senderkeys encrypt is correctly initialized. 2014-10-20 12:25:40 -07:00
Moxie Marlinspike
9a0ed659f7 Initial support for sender keys. 2014-10-20 12:25:40 -07:00
Moxie Marlinspike
54612159be Update ed25519 extract and tests 2014-10-20 12:25:40 -07:00
Moxie Marlinspike
355d0be78a Introduce new simultaneous initiate strategy.
1) Fix bugs that prevented decrypt() from being non-transactional
   in some cases.

2) Introduce a new unified storage interface.

3) Transition simultaneous initiate from the "needs refresh"
   strategy to one that uses session state resurrection and
   promotion.
2014-10-20 12:25:40 -07:00
Moxie Marlinspike
73b75a4a27 Fix build. 2014-10-20 12:25:40 -07:00
Moxie Marlinspike
c4209a65e3 Don't assert on bad padding. 2014-10-20 12:25:40 -07:00
Moxie Marlinspike
9dce376780 Correctly handle formatting when "one time PreKey" is absent. 2014-10-20 12:25:40 -07:00
Moxie Marlinspike
07c61394e9 When processing PreKeyBundle, archive current session if it exists. 2014-10-20 12:25:40 -07:00
Moxie Marlinspike
3e287f930d Better thread safety for session building <-> use. 2014-10-20 12:25:40 -07:00
Moxie Marlinspike
7b1a37bd91 Make registration ID optionally extended. 2014-10-20 12:25:40 -07:00
Moxie Marlinspike
2db44a1578 Make generated PreKeyIds exclude both 0 and Medium.MAX_VALUE. 2014-10-20 12:25:40 -07:00
Moxie Marlinspike
006c9aae7b Only remove unsigned prekey if bundled message decrypts properly. 2014-10-20 12:25:39 -07:00
Moxie Marlinspike
b147a90463 This exception is never thrown. 2014-10-20 12:25:39 -07:00
Moxie Marlinspike
741171c49f Switch to CBC mode with a derived IV.
1) Since we're not CPU or space constrained (and are in fact
   padding), and since keystream reuse would be more catastrophic
   than IV reuse without chosen plaintext.
2014-10-20 12:25:39 -07:00
Moxie Marlinspike
c375ed8638 MIPS NDK support. Apparently there are mips devices... 2014-10-20 12:25:39 -07:00
Moxie Marlinspike
238f29c90a Updated to latest of Trevor's ref10-extract 2014-10-20 12:25:39 -07:00
Moxie Marlinspike
084f27a2e8 omg trevor 2014-10-20 12:25:39 -07:00
Moxie Marlinspike
27b5bf54cc Remove 1 mod 8. 2014-10-20 12:25:39 -07:00
Moxie Marlinspike
eda393b11c Minor refactoring and renaming. 2014-10-20 12:25:38 -07:00
Moxie Marlinspike
c330eef7b9 Make PreKeyWhisperMessage decrypt more reliably atomic. 2014-10-20 12:25:38 -07:00
Moxie Marlinspike
1eb3884b7a Update to latest ref10-extract ed25519 2014-10-20 12:25:38 -07:00
Moxie Marlinspike
5ea3b3038e Remove verification tag.
1) Remove verification tag from PreKeyWhisperMessage.

2) Include sender and recipient identity keys in the MAC of
   each WhisperMessage.
2014-10-20 12:25:38 -07:00
Moxie Marlinspike
641ac9aed9 Rename axolotl terminology.
1) ephemeralKey -> ratchetKey

2) Have the caller specify Alice/Bob orientation.

3) Reorganize verification tag.

4) Remove verification tag from key exchange messages, replace
   with signatures in both directions.
2014-10-20 12:25:38 -07:00
Moxie Marlinspike
82bd75fb75 Fix padding problem. 2014-10-20 12:25:38 -07:00
Moxie Marlinspike
c94a7b1eff Make sure "previous counter" is never negative. 2014-10-20 12:25:38 -07:00
Moxie Marlinspike
4caebdcd06 Update tests for new API. 2014-10-20 12:25:38 -07:00
Moxie Marlinspike
b3cece27d6 Update SessionCipher javadocs. 2014-10-20 12:25:38 -07:00
Moxie Marlinspike
819982af7b Rearrange decrypt API.
1) Change SessionBuilder to only establish sessions via
   KeyExchangeMessage and PreKeyBundles.

2) Change SessionCipher to decrypt either WhisperMessage
   or PreKeyWhisperMessage items, automatically building
   a session for the latter.

3) Change SessionCipher to tear down new sessions built
   with PreKeyWhisperMessages if the embedded WhsiperMessage
   fails to decrypt.
2014-10-20 12:25:38 -07:00
Moxie Marlinspike
42cf53e487 Rename "pendingPreKey" to "unacknowledgedPreKeyMessage" 2014-10-20 12:23:15 -07:00
Moxie Marlinspike
e0d2398ca5 Rename InitializationParameters -> AxolotlParameters 2014-10-20 12:23:14 -07:00
Moxie Marlinspike
3f299936bf Only create signed prekey if push registered. 2014-10-20 12:23:14 -07:00
Moxie Marlinspike
540592d71f Upgrade libaxolotl to the latest gradle plugin. 2014-10-20 12:23:14 -07:00
Moxie Marlinspike
5a9e5672d3 Updated README 2014-10-20 12:23:11 -07:00
Moxie Marlinspike
0a23b5fcd5 Added helper method for generating signed PreKeys. 2014-10-20 12:23:10 -07:00