PapaTutuWawa/omemo_dart
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: Get basic tests working

Browse Source
This commit is contained in:
PapaTutuWawa
2023-06-14 21:59:59 +02:00
parent f6f0e145cc
commit c483585d0b
9 changed files with 446 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
lib/src/double_ratchet/double_ratchet.dart
View File

@@ -35,6 +35,21 @@ class SkippedKey {
int get hashCode => dh.hashCode ^ n.hashCode;
}
@immutable
class KeyExchangeData {
const KeyExchangeData(
this.pkId,
this.spkId,
this.ek,
this.ik,
);
final int pkId;
final int spkId;
final OmemoPublicKey ek;
final OmemoPublicKey ik;
}
class OmemoDoubleRatchet {
OmemoDoubleRatchet(
this.dhs, // DHs
@@ -92,7 +107,7 @@ class OmemoDoubleRatchet {
int kexTimestamp;
/// The key exchange that was used for initiating the session.
final String? kex;
final KeyExchangeData? kex;
/// Indicates whether we received an empty OMEMO message after building a session with
/// the device.
@@ -108,6 +123,8 @@ class OmemoDoubleRatchet {
List<int> sk,
List<int> ad,
int timestamp,
int pkId,
int spkId,
) async {
final dhs = await OmemoKeyPair.generateNewPair(KeyPairType.x25519);
final rk = await kdfRk(sk, await omemoDH(dhs, spk, 0));
@@ -127,7 +144,12 @@ class OmemoDoubleRatchet {
{},
false,
timestamp,
'',
KeyExchangeData(
pkId,
spkId,
ik,
ek,
),
);
}
@@ -321,6 +343,25 @@ class OmemoDoubleRatchet {
..message = headerBytes;
}
OmemoDoubleRatchet clone() {
return OmemoDoubleRatchet(
dhs,
dhr,
rk,
cks != null ? List<int>.from(cks!) : null,
ckr != null ? List<int>.from(ckr!) : null,
ns,
nr,
pn,
ik,
ek,
sessionAd,
Map<SkippedKey, List<int>>.from(mkSkipped),
acknowledged,
kexTimestamp,
kex,
);
}
@visibleForTesting
Future<bool> equals(OmemoDoubleRatchet other) async {

6
lib/src/errors.dart
View File

@@ -36,11 +36,7 @@ class InvalidKeyExchangeException extends OmemoError implements Exception {
/// no key material available. That happens, for example, when we want to create a
/// ratchet session with a JID we had no session with but fetching the device bundle
/// failed.
class NoKeyMaterialAvailableException extends OmemoError
implements Exception {
String errMsg() =>
'No key material available to create a ratchet session with';
}
class NoKeyMaterialAvailableError extends OmemoError {}
/// A non-key-exchange message was received that was encrypted for our device, but we have no ratchet with
/// the device that sent the message.

16
lib/src/omemo/encryption_result.dart
View File

@@ -1,6 +1,7 @@
import 'package:meta/meta.dart';
import 'package:omemo_dart/src/errors.dart';
import 'package:omemo_dart/src/omemo/encrypted_key.dart';
import 'package:omemo_dart/src/omemo/errors.dart';
import 'package:omemo_dart/src/omemo/ratchet_map_key.dart';
@immutable
@@ -9,7 +10,6 @@ class EncryptionResult {
this.ciphertext,
this.encryptedKeys,
this.deviceEncryptionErrors,
this.jidEncryptionErrors,
);
/// The actual message that was encrypted.
@@ -17,17 +17,13 @@ class EncryptionResult {
/// Mapping of the device Id to the key for decrypting ciphertext, encrypted
/// for the ratchet with said device Id.
final List<EncryptedKey> encryptedKeys;
final Map<String, List<EncryptedKey>> encryptedKeys;
/// Mapping of a ratchet map keys to a possible exception.
final Map<RatchetMapKey, OmemoError> deviceEncryptionErrors;
/// Mapping of a JID to a possible exception.
final Map<String, OmemoError> jidEncryptionErrors;
/// Mapping of a JID to
final Map<String, List<EncryptToJidError>> deviceEncryptionErrors;
/// True if the encryption was a success. This means that we could encrypt for
/// at least one ratchet.
bool isSuccess(int numberOfRecipients) =>
encryptedKeys.isNotEmpty &&
jidEncryptionErrors.length < numberOfRecipients;
/// TODO:
bool isSuccess(int numberOfRecipients) => true;
}

12
lib/src/omemo/errors.dart Normal file
View File

@@ -0,0 +1,12 @@
import 'package:omemo_dart/src/errors.dart';
/// Returned on encryption, if encryption failed for some reason.
class EncryptToJidError extends OmemoError {
EncryptToJidError(this.device, this.error);
/// The device the error occurred with
final int? device;
/// The actual error.
final OmemoError error;
}

11
lib/src/omemo/events.dart
View File

@@ -1,8 +1,15 @@
import 'package:omemo_dart/src/double_ratchet/double_ratchet.dart';
import 'package:omemo_dart/src/omemo/device.dart';
import 'package:omemo_dart/omemo_dart.dart';
abstract class OmemoEvent {}
/// Triggered when (possibly multiple) ratchets have been created at sending time.
class RatchetsAddedEvent extends OmemoEvent {
RatchetsAddedEvent(this.ratchets);
/// The mapping of the newly created ratchets.
final Map<RatchetMapKey, OmemoDoubleRatchet> ratchets;
}
/// Triggered when a ratchet has been modified
class RatchetModifiedEvent extends OmemoEvent {
RatchetModifiedEvent(

285
lib/src/omemo/omemo.dart
View File

@@ -18,6 +18,7 @@ import 'package:omemo_dart/src/omemo/decryption_result.dart';
import 'package:omemo_dart/src/omemo/device.dart';
import 'package:omemo_dart/src/omemo/encrypted_key.dart';
import 'package:omemo_dart/src/omemo/encryption_result.dart';
import 'package:omemo_dart/src/omemo/errors.dart';
import 'package:omemo_dart/src/omemo/events.dart';
import 'package:omemo_dart/src/omemo/fingerprint.dart';
import 'package:omemo_dart/src/omemo/ratchet_map_key.dart';
@@ -176,6 +177,58 @@ class OmemoManager {
);
}
/// Fetches the device list from the server for [jid] and downloads OMEMO bundles
/// for devices we have no session with.
///
/// Returns a list of new bundles, that may be empty.
Future<List<OmemoBundle>> _fetchNewOmemoBundles(String jid) async {
// Do we have to request the device list or are we already up-to-date?
if (_deviceListRequested.containsKey(jid) && _deviceList.containsKey(jid)) {
return [];
}
final newDeviceList = await fetchDeviceListImpl(jid);
if (newDeviceList == null) {
return [];
}
// Figure out what bundles we must fetch
_deviceList[jid] = newDeviceList;
_deviceListRequested[jid] = true;
// TODO: Maybe do this per JID?
_eventStreamController.add(
DeviceListModifiedEvent(_deviceList),
);
final ownDevice = await getDevice();
final bundlesToFetch = newDeviceList.where((device) {
// Do not include our current device, if we request bundles for our own JID.
if (ownDevice.jid == jid && device == ownDevice.id) {
return false;
}
return !_ratchetMap.containsKey(RatchetMapKey(jid, device));
});
if (bundlesToFetch.isEmpty) {
return [];
}
// Fetch the new bundles
_log.finest('Fetching bundles $bundlesToFetch for $jid');
final bundles = <OmemoBundle>[];
for (final device in bundlesToFetch) {
final bundle = await fetchDeviceBundleImpl(jid, device);
if (bundle != null) {
bundles.add(bundle);
} else {
_log.warning('Failed to fetch bundle $jid:$device');
}
}
return bundles;
}
///
Future<DecryptionResult> onIncomingStanza(OmemoIncomingStanza stanza) async {
// NOTE: We do this so that we cannot forget to acquire and free the critical
@@ -229,7 +282,7 @@ class OmemoManager {
kexIk,
OmemoPublicKey.fromBytes(
kexMessage.ek,
KeyPairType.ed25519,
KeyPairType.x25519,
),
kexMessage.pkId,
),
@@ -305,8 +358,7 @@ class OmemoManager {
);
} else {
// Check if we even have a ratchet
final ratchet = _ratchetMap[ratchetKey];
if (ratchet == null) {
if (!_ratchetMap.containsKey(ratchetKey)) {
// TODO: Build a session with the device
return DecryptionResult(
@@ -315,6 +367,7 @@ class OmemoManager {
);
}
final ratchet = _ratchetMap[key]!.clone();
final authMessage = OMEMOAuthenticatedMessage.fromBuffer(base64Decode(key.value));
final keyAndHmac = await ratchet.ratchetDecrypt(authMessage);
if (keyAndHmac.isType<OmemoError>()) {
@@ -354,9 +407,235 @@ class OmemoManager {
}
}
Future<EncryptionResult> onOutgoingStanza(OmemoOutgoingStanza stanza) async {
// TODO: Be more smart about the locking
// TODO: Do we even need to lock?
await _enterRatchetCriticalSection(stanza.recipientJids.first);
final result = await _onOutgoingStanzaImpl(stanza);
await _leaveRatchetCriticalSection(stanza.recipientJids.first);
return result;
}
Future<EncryptionResult> _onOutgoingStanzaImpl(OmemoOutgoingStanza stanza) async {
// Encrypt the payload, if we have any
final List<int> payloadKey;
final List<int> ciphertext;
if (stanza.payload != null) {
// Generate the key and encrypt the plaintext
final rawKey = generateRandomBytes(32);
final keys = await deriveEncryptionKeys(rawKey, omemoPayloadInfoString);
ciphertext = await aes256CbcEncrypt(
utf8.encode(stanza.payload!),
keys.encryptionKey,
keys.iv,
);
final hmac = await truncatedHmac(ciphertext, keys.authenticationKey);
payloadKey = concat([rawKey, hmac]);
} else {
payloadKey = List<int>.filled(32, 0x0);
ciphertext = [];
}
final addedRatchetKeys = List<RatchetMapKey>.empty(growable: true);
final kex = <RatchetMapKey, OMEMOKeyExchange>{};
for (final jid in stanza.recipientJids) {
final newBundles = await _fetchNewOmemoBundles(jid);
if (newBundles.isEmpty) {
continue;
}
for (final bundle in newBundles) {
final ratchetKey = RatchetMapKey(jid, bundle.id);
final ownDevice = await getDevice();
final kexResult = await x3dhFromBundle(
bundle,
ownDevice.ik,
);
final newRatchet = await OmemoDoubleRatchet.initiateNewSession(
bundle.spk,
bundle.ik,
kexResult.ek.pk,
kexResult.sk,
kexResult.ad,
getTimestamp(),
kexResult.opkId,
bundle.spkId,
);
// Track the ratchet
_ratchetMap[ratchetKey] = newRatchet;
addedRatchetKeys.add(ratchetKey);
// Initiate trust
await trustManager.onNewSession(jid, bundle.id);
// Track the KEX for later
kex[ratchetKey] = OMEMOKeyExchange()
..pkId = kexResult.opkId
..spkId = bundle.spkId
..ik = await ownDevice.ik.pk.getBytes()
..ek = await kexResult.ek.pk.getBytes();
}
}
// Commit the newly created ratchets, if we created any.
if (addedRatchetKeys.isNotEmpty) {
_eventStreamController.add(
RatchetsAddedEvent(
Map<RatchetMapKey, OmemoDoubleRatchet>.fromEntries(
addedRatchetKeys.map((key) => MapEntry(key, _ratchetMap[key]!)).toList(),
),
),
);
}
// Encrypt the symmetric key for all devices.
final encryptionErrors = <String, List<EncryptToJidError>>{};
final encryptedKeys = <String, List<EncryptedKey>>{};
for (final jid in stanza.recipientJids) {
// Check if we know about any devices to use
final devices = _deviceList[jid];
if (devices == null) {
_log.info('No devices for $jid known. Skipping in encryption');
encryptionErrors.appendOrCreate(
jid,
EncryptToJidError(
null,
NoKeyMaterialAvailableError(),
),
);
continue;
}
// Check if we have to subscribe to the device list
if (!_subscriptionMap.containsKey(jid)) {
unawaited(subscribeToDeviceListNodeImpl(jid));
_subscriptionMap[jid] = true;
}
for (final device in devices) {
// Check if we should encrypt for this device
// NOTE: Empty OMEMO messages are allowed to bypass trust decisions
if (stanza.payload != null) {
// Only encrypt to devices that are trusted
if (!(await _trustManager.isTrusted(jid, device))) continue;
// Only encrypt to devices that are enabled
if (!(await _trustManager.isEnabled(jid, device))) continue;
}
// Check if the ratchet exists
final ratchetKey = RatchetMapKey(jid, device);
if (!_ratchetMap.containsKey(ratchetKey)) {
// NOTE: The earlier loop should have created a new ratchet
_log.warning('No ratchet for $jid:$device found.');
encryptionErrors.appendOrCreate(
jid,
EncryptToJidError(
device,
NoSessionWithDeviceError(),
),
);
continue;
}
// Encrypt
final ratchet = _ratchetMap[ratchetKey]!.clone();
final authMessage = await ratchet.ratchetEncrypt(payloadKey);
// Package
if (kex.containsKey(ratchetKey)) {
final kexMessage = kex[ratchetKey]!..message = authMessage;
encryptedKeys.appendOrCreate(
jid,
EncryptedKey(
jid,
device,
base64Encode(kexMessage.writeToBuffer()),
true,
),
);
} else if (!ratchet.acknowledged) {
// The ratchet as not yet been acked
if (ratchet.kex == null) {
// The ratchet is not acked but we also don't have an old KEX to send with it
_log.warning('Ratchet $jid:$device is not acked but has no previous KEX.');
encryptedKeys.appendOrCreate(
jid,
EncryptedKey(
jid,
device,
base64Encode(authMessage.writeToBuffer()),
false,
),
);
continue;
}
// Keep sending the old KEX
final kexMessage = OMEMOKeyExchange()
..pkId = ratchet.kex!.pkId
..spkId = ratchet.kex!.spkId
..ik = await ratchet.kex!.ik.getBytes()
..ek = await ratchet.kex!.ek.getBytes()
..message = authMessage;
encryptedKeys.appendOrCreate(
jid,
EncryptedKey(
jid,
device,
base64Encode(kexMessage.writeToBuffer()),
true,
),
);
} else {
// The ratchet exists and is acked
encryptedKeys.appendOrCreate(
jid,
EncryptedKey(
jid,
device,
base64Encode(authMessage.writeToBuffer()),
false,
),
);
}
}
}
return EncryptionResult(
ciphertext,
encryptedKeys,
encryptionErrors,
);
}
// TODO
Future<void> sendOmemoHeartbeat(String jid) async {}
// TODO
Future<void> removeAllRatchets(String jid) async {}
// TODO
Future<void> onDeviceListUpdate(String jid, List<int> devices) async {}
// TODO
Future<void> onNewConnection() async {}
// TODO
Future<void> ratchetAcknowledged(String jid, int device) async {}
// TODO
Future<List<DeviceFingerprint>> getFingerprintsForJid(String jid) async => [];
/// Returns the device used for encryption and decryption.
Future<OmemoDevice> getDevice() => _deviceLock.synchronized(() => _device);
/// Returns the id of the device used for encryption and decryption.
Future<int> getDeviceId() async => (await getDevice()).id;
@visibleForTesting
OmemoDoubleRatchet getRatchet(RatchetMapKey key) => _ratchetMap[key]!;
}

2
lib/src/omemo/stanza.dart
View File

@@ -41,5 +41,5 @@ class OmemoOutgoingStanza {
final List<String> recipientJids;
/// The serialised XML data that should be encrypted.
final String payload;
final String? payload;
}