ceokot bee287bb7e
Add Session Id blinding (#862)
* feat: Add Session Id blinding

Including modified version of lazysodium-android to expose missing libsodium functions, we could build from a fork which we still need to setup.

* Add v4 onion request handling

* Update SOGS signature construction

* Fix SOGS signature construction

* Update onion request

* Update signature data

* Keep path prefixes for v4 endpoints

* Update SOGS signature message

* Rename to remove api version suffix

* Update onion response parsing

* Refactor file download paths

* Implement request batching

* Refactor batch response handling

* Handle batch endpoint responses

* Update batch endpoint responses

* Update attachment download handling

* Handle file downloads

* Handle inbox messages

* Fix issue with file downloads

* Preserve image bytearray encoding

* Refactor

* Open group message requests

* Check id blinding in user detail bottom sheet rather

* Message validation refactor

* Cache last inbox/outbox server ids

* Update message encryption/decryption

* Refactor

* Refactor

* Bypass user details bottom sheet in open groups for blinded session ids

* Fix capabilities call auth

* Refactor

* Revert default server details

* Update sodium dependency to forked repo

* Fix attachment upload

* Revert "Update sodium dependency to forked repo"

This reverts commit c7db9529f900d09585ab94e440f6645faa88544e.

* Add signed sodium lib

* Update contact id truncation and mention logic

* Open group inbox messaging fix

* Refactor

* Update blinded id check

* Fix open group message sends

* Fix crash on open group direct message send

* Direct message refactor

* Direct message encrypt/decrypt fixes

* Use updated curve25519 version

* Updated lazysodium dependency

* Update encryption/decryption calls

* Handle direct message parse errors

* Minor refactor

* Existing chat refactor

* Update encryption & decryption parameters

* Fix authenticated ciphertext size

* Set direct message sync target

* Update direct message thread lookup

* Add blinded id mapping table

* Add blinded id mapping table

* Update threads after sends

* Update open group message timestamp handling

* Filter unblinded contacts

* Format blinded id mentions

* Add message deleted field

* Hide open group inbox id

* Update message request response handling

* Update message request response sender handling

* Fix mentions of blinded ids

* Handle open group poll failure

* fix: add log for failed open group onion request, add decoding body for blinding required error at destination

* fix: change the error check

* Persist group members

* Reschedule polling after capabilities update

* Retry on other exceptions

* Minor refactor

* Open group profile fix

* Group member db schema update

* Fix ban request key

* Update ban response type

* Ban endpoint updates

* Ban endpoint updates

* Delete messages

Co-authored-by: charles <charles@oxen.io>
Co-authored-by: jubb <hjubb@users.noreply.github.com>
2022-08-10 18:17:48 +10:00
2021-06-02 09:19:30 +10:00
2022-08-10 18:17:48 +10:00
2021-05-18 14:18:16 +10:00
2022-08-10 18:17:48 +10:00
2022-08-10 18:17:48 +10:00
2021-05-24 13:22:17 +10:00
2021-06-01 17:16:34 +10:00
2011-12-20 10:20:44 -08:00
2022-04-08 16:09:02 +10:00
2022-08-10 18:17:48 +10:00

Session Android

Download on the Google Play Store

Add the F-Droid repo

Download the APK from here

Summary

Session integrates directly with Oxen Service Nodes, which are a set of distributed, decentralized and Sybil resistant nodes. Service Nodes act as servers which store messages offline, and a set of nodes which allow for onion routing functionality obfuscating users' IP addresses. For a full understanding of how Session works, read the Session Whitepaper.

Want to contribute? Found a bug or have a feature request?

Please search for any existing issues that describe your bugs in order to avoid duplicate submissions. Submissions can be made by making a pull request to our dev branch. If you don't know where to start contributing, try reading the Github issues page for ideas.

Build instructions

Build instructions can be found in BUILDING.md.

Translations

Want to help us translate Session into your language? You can do so at https://crowdin.com/project/session-android!

Verifying signatures

Step 1:

wget https://raw.githubusercontent.com/oxen-io/oxen-core/master/utils/gpg_keys/KeeJef.asc
gpg --import KeeJef.asc

Step 2:

Get the signed hash for this release. SESSION_VERSION needs to be updated for the release you want to verify.

export SESSION_VERSION=1.10.4
wget https://github.com/oxen-io/session-android/releases/download/$SESSION_VERSION/signatures.asc

Step 3:

Verify the signature of the hashes of the files.

gpg --verify signatures.asc 2>&1 |grep "Good signature from"

The command above should print "Good signature from "Kee Jefferys...". If it does, the hashes are valid but we still have to make the sure the signed hashes matches the downloaded files.

Step 4:

Make sure the two commands below returns the same hash. If they do, files are valid.

sha256sum session-$SESSION_VERSION-universal.apk
grep universal.apk signatures.asc

License

Copyright 2011 Whisper Systems

Copyright 2013-2017 Open Whisper Systems

Copyright 2019-2021 The Oxen Project

Licensed under the GPLv3: http://www.gnu.org/licenses/gpl-3.0.html

Socials

Description
A private messenger for Android.
Readme SSPL-1.0
Languages
Kotlin 55.7%
Java 42.4%
C++ 1.7%