PapaTutuWawa/omemo_dart
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: PapaTutuWawa:0ffc0b067a8996a0e3f35c3ef567ef75b7ce940e
Branches Tags
PapaTutuWawa:master
PapaTutuWawa:fix/ci
PapaTutuWawa:v0.6.0
PapaTutuWawa:v0.5.0
PapaTutuWawa:v0.4.3
PapaTutuWawa:v0.4.2
PapaTutuWawa:v0.4.1
PapaTutuWawa:v0.3.2
PapaTutuWawa:v0.3.1
PapaTutuWawa:v0.3.0
PapaTutuWawa:v0.2.1
PapaTutuWawa:v0.2.0
PapaTutuWawa:v0.1.3
PapaTutuWawa:v0.1.2
PapaTutuWawa:v0.1.1
PapaTutuWawa:v0.1.0
..
compare: PapaTutuWawa:04bb70d6572a1ae98e351e09fe5e53a18ea51ead
Branches Tags
PapaTutuWawa:master
PapaTutuWawa:fix/ci
PapaTutuWawa:v0.6.0
PapaTutuWawa:v0.5.0
PapaTutuWawa:v0.4.3
PapaTutuWawa:v0.4.2
PapaTutuWawa:v0.4.1
PapaTutuWawa:v0.3.2
PapaTutuWawa:v0.3.1
PapaTutuWawa:v0.3.0
PapaTutuWawa:v0.2.1
PapaTutuWawa:v0.2.0
PapaTutuWawa:v0.1.3
PapaTutuWawa:v0.1.2
PapaTutuWawa:v0.1.1
PapaTutuWawa:v0.1.0

No commits in common. "0ffc0b067a8996a0e3f35c3ef567ef75b7ce940e" and "04bb70d6572a1ae98e351e09fe5e53a18ea51ead" have entirely different histories.
0ffc0b067a ... 04bb70d657

36 changed files with 1173 additions and 964 deletions
Show Stats Expand all files Collapse all files

81
example/omemo_dart_example.dart
View File

@ -8,45 +8,28 @@ void main() async {
const aliceJid = 'alice@some.server';
const bobJid = 'bob@other.serve';
// You are Alice and want to begin using OMEMO, so you first create an OmemoManager.
final aliceManager = OmemoManager(
// Generate Alice's OMEMO device bundle. We can specify how many One-time Prekeys we want, but
// per default, omemo_dart generates 100 (recommended by XEP-0384).
await OmemoDevice.generateNewDevice(aliceJid),
// You are Alice and want to begin using OMEMO, so you first create a SessionManager
final aliceSession = await OmemoSessionManager.generateNewIdentity(
// The bare Jid of Alice as a String
aliceJid,
// The trust manager we want to use. In this case, we use the provided one that
// implements "Blind Trust Before Verification". To make things simpler, we keep
// no persistent data and can thus use the MemoryBTBVTrustManager. If we wanted to keep
// the state, we would have to override BlindTrustBeforeVerificationTrustManager.
MemoryBTBVTrustManager(),
// This function is called whenever we need to send an OMEMO heartbeat to [recipient].
// [result] is the encryted data to include. This needs to be wired into your XMPP library's
// OMEMO implementation.
// For simplicity, we use an empty function and imagine it works.
(result, recipient) async => {},
// This function is called whenever we need to fetch the device list for [jid].
// This needs to be wired into your XMPP library's OMEMO implementation.
// For simplicity, we use an empty function and imagine it works.
(jid) async => [],
// This function is called whenever we need to fetch the device bundle with id [id] from [jid].
// This needs to be wired into your XMPP library's OMEMO implementation.
// For simplicity, we use an empty function and imagine it works.
(jid, id) async => null,
// This function is called whenever we need to subscribe to [jid]'s device list PubSub node.
// This needs to be wired into your XMPP library's OMEMO implementation.
// For simplicity, we use an empty function and imagine it works.
(jid) async {},
// Here we specify how many Onetime Prekeys we want to have. XEP-0384 recommends around
// 100 OPKs, so let's generate 100. The parameter defaults to 100.
//opkAmount: 100,
);
// Alice now wants to chat with Bob at his bare Jid "bob@other.server". To make things
// simple, we just generate the identity bundle ourselves. In the real world, we would
// request it using PEP and then convert the device bundle into a OmemoBundle object.
final bobManager = OmemoManager(
await OmemoDevice.generateNewDevice(bobJid),
final bobSession = await OmemoSessionManager.generateNewIdentity(
bobJid,
MemoryBTBVTrustManager(),
(result, recipient) async => {},
(jid) async => [],
(jid, id) async => null,
(jid) async {},
// Just for illustrative purposes
opkAmount: 1,
);
// Alice prepares to send the message to Bob, so she builds the message stanza and
@ -73,18 +56,19 @@ void main() async {
// Since Alice has no open session with Bob, we need to tell the session manager to build
// it when sending the message.
final message = await aliceSession.onOutgoingStanza(
OmemoOutgoingStanza(
final message = await aliceSession.encryptToJid(
// The bare receiver Jid
[bobJid],
// The payload we want to encrypt, i.e. the envelope.
bobJid,
// The envelope we want to encrypt
envelope,
),
// Since this is the first time Alice contacts Bob from this device, we need to create
// a new session. Let's also assume that Bob only has one device. We may, however,
// add more bundles to newSessions, if we know of more.
newSessions: [
await bobSession.getDeviceBundle(),
],
);
// In a proper implementation, we should also do some error checking here.
// Alice now builds the actual message stanza for Bob
final payload = base64.encode(message.ciphertext!);
final aliceDevice = await aliceSession.getDevice();
@ -126,26 +110,17 @@ void main() async {
// Bob extracts the payload and attempts to decrypt it.
// ignore: unused_local_variable
final bobMessage = await bobManager.onIncomingStanza(
OmemoIncomingStanza(
// The bare sender JID of the message. In this case, it's Alice's.
final bobMessage = await bobSession.decryptMessage(
// base64 decode the payload
base64.decode(payload),
// Specify the Jid of the sender
aliceJid,
// The 'sid' attribute of the <header /> element. Here, we know that Alice only has one device.
// Specify the device identifier of the sender (the "sid" attribute of <header />)
aliceDevice.id,
// Time the message was sent. Since the message was not delayed, we use the
// current time.
DateTime.now().millisecondsSinceEpoch,
/// The decoded <key /> elements. from the header. Note that we only include the ones
/// relevant for Bob, so all children of <keys jid='$bobJid' />.
// The deserialised keys
keys,
/// The text of the <payload /> element, if it exists. If not, then the message might be
/// a hearbeat, where no payload is sent. In that case, use null.
payload,
),
// Since the message was not delayed, we use the current time
DateTime.now().millisecondsSinceEpoch,
);
// All Bob has to do now is replace the OMEMO wrapper element

1
lib/omemo_dart.dart
View File

@ -12,6 +12,7 @@ export 'src/omemo/events.dart';
export 'src/omemo/fingerprint.dart';
export 'src/omemo/omemomanager.dart';
export 'src/omemo/ratchet_map_key.dart';
export 'src/omemo/sessionmanager.dart';
export 'src/omemo/stanza.dart';
export 'src/trust/base.dart';
export 'src/trust/btbv.dart';

230
lib/protobuf/schema.pb.dart
View File

@ -10,35 +10,12 @@ import 'dart:core' as $core;
import 'package:protobuf/protobuf.dart' as $pb;
class OMEMOMessage extends $pb.GeneratedMessage {
static final $pb.BuilderInfo _i = $pb.BuilderInfo(
const $core.bool.fromEnvironment('protobuf.omit_message_names')
? ''
: 'OMEMOMessage',
createEmptyInstance: create)
..a<$core.int>(
1,
const $core.bool.fromEnvironment('protobuf.omit_field_names')
? ''
: 'n',
$pb.PbFieldType.QU3)
..a<$core.int>(
2,
const $core.bool.fromEnvironment('protobuf.omit_field_names')
? ''
: 'pn',
$pb.PbFieldType.QU3)
..a<$core.List<$core.int>>(
3,
const $core.bool.fromEnvironment('protobuf.omit_field_names')
? ''
: 'dhPub',
$pb.PbFieldType.QY)
..a<$core.List<$core.int>>(
4,
const $core.bool.fromEnvironment('protobuf.omit_field_names')
? ''
: 'ciphertext',
$pb.PbFieldType.OY);
static final $pb.BuilderInfo _i = $pb.BuilderInfo(const $core.bool.fromEnvironment('protobuf.omit_message_names') ? '' : 'OMEMOMessage', createEmptyInstance: create)
..a<$core.int>(1, const $core.bool.fromEnvironment('protobuf.omit_field_names') ? '' : 'n', $pb.PbFieldType.QU3)
..a<$core.int>(2, const $core.bool.fromEnvironment('protobuf.omit_field_names') ? '' : 'pn', $pb.PbFieldType.QU3)
..a<$core.List<$core.int>>(3, const $core.bool.fromEnvironment('protobuf.omit_field_names') ? '' : 'dhPub', $pb.PbFieldType.QY)
..a<$core.List<$core.int>>(4, const $core.bool.fromEnvironment('protobuf.omit_field_names') ? '' : 'ciphertext', $pb.PbFieldType.OY)
;
OMEMOMessage._() : super();
factory OMEMOMessage({
@ -62,40 +39,31 @@ class OMEMOMessage extends $pb.GeneratedMessage {
}
return _result;
}
factory OMEMOMessage.fromBuffer($core.List<$core.int> i,
[$pb.ExtensionRegistry r = $pb.ExtensionRegistry.EMPTY]) =>
create()..mergeFromBuffer(i, r);
factory OMEMOMessage.fromJson($core.String i,
[$pb.ExtensionRegistry r = $pb.ExtensionRegistry.EMPTY]) =>
create()..mergeFromJson(i, r);
@$core.Deprecated('Using this can add significant overhead to your binary. '
factory OMEMOMessage.fromBuffer($core.List<$core.int> i, [$pb.ExtensionRegistry r = $pb.ExtensionRegistry.EMPTY]) => create()..mergeFromBuffer(i, r);
factory OMEMOMessage.fromJson($core.String i, [$pb.ExtensionRegistry r = $pb.ExtensionRegistry.EMPTY]) => create()..mergeFromJson(i, r);
@$core.Deprecated(
'Using this can add significant overhead to your binary. '
'Use [GeneratedMessageGenericExtensions.deepCopy] instead. '
'Will be removed in next major version')
OMEMOMessage clone() => OMEMOMessage()..mergeFromMessage(this);
@$core.Deprecated('Using this can add significant overhead to your binary. '
@$core.Deprecated(
'Using this can add significant overhead to your binary. '
'Use [GeneratedMessageGenericExtensions.rebuild] instead. '
'Will be removed in next major version')
OMEMOMessage copyWith(void Function(OMEMOMessage) updates) =>
super.copyWith((message) => updates(message as OMEMOMessage))
as OMEMOMessage; // ignore: deprecated_member_use
OMEMOMessage copyWith(void Function(OMEMOMessage) updates) => super.copyWith((message) => updates(message as OMEMOMessage)) as OMEMOMessage; // ignore: deprecated_member_use
$pb.BuilderInfo get info_ => _i;
@$core.pragma('dart2js:noInline')
static OMEMOMessage create() => OMEMOMessage._();
OMEMOMessage createEmptyInstance() => create();
static $pb.PbList<OMEMOMessage> createRepeated() =>
$pb.PbList<OMEMOMessage>();
static $pb.PbList<OMEMOMessage> createRepeated() => $pb.PbList<OMEMOMessage>();
@$core.pragma('dart2js:noInline')
static OMEMOMessage getDefault() => _defaultInstance ??=
$pb.GeneratedMessage.$_defaultFor<OMEMOMessage>(create);
static OMEMOMessage getDefault() => _defaultInstance ??= $pb.GeneratedMessage.$_defaultFor<OMEMOMessage>(create);
static OMEMOMessage? _defaultInstance;
@$pb.TagNumber(1)
$core.int get n => $_getIZ(0);
@$pb.TagNumber(1)
set n($core.int v) {
$_setUnsignedInt32(0, v);
}
set n($core.int v) { $_setUnsignedInt32(0, v); }
@$pb.TagNumber(1)
$core.bool hasN() => $_has(0);
@$pb.TagNumber(1)
@ -104,10 +72,7 @@ class OMEMOMessage extends $pb.GeneratedMessage {
@$pb.TagNumber(2)
$core.int get pn => $_getIZ(1);
@$pb.TagNumber(2)
set pn($core.int v) {
$_setUnsignedInt32(1, v);
}
set pn($core.int v) { $_setUnsignedInt32(1, v); }
@$pb.TagNumber(2)
$core.bool hasPn() => $_has(1);
@$pb.TagNumber(2)
@ -116,10 +81,7 @@ class OMEMOMessage extends $pb.GeneratedMessage {
@$pb.TagNumber(3)
$core.List<$core.int> get dhPub => $_getN(2);
@$pb.TagNumber(3)
set dhPub($core.List<$core.int> v) {
$_setBytes(2, v);
}
set dhPub($core.List<$core.int> v) { $_setBytes(2, v); }
@$pb.TagNumber(3)
$core.bool hasDhPub() => $_has(2);
@$pb.TagNumber(3)
@ -128,10 +90,7 @@ class OMEMOMessage extends $pb.GeneratedMessage {
@$pb.TagNumber(4)
$core.List<$core.int> get ciphertext => $_getN(3);
@$pb.TagNumber(4)
set ciphertext($core.List<$core.int> v) {
$_setBytes(3, v);
}
set ciphertext($core.List<$core.int> v) { $_setBytes(3, v); }
@$pb.TagNumber(4)
$core.bool hasCiphertext() => $_has(3);
@$pb.TagNumber(4)
@ -139,23 +98,10 @@ class OMEMOMessage extends $pb.GeneratedMessage {
}
class OMEMOAuthenticatedMessage extends $pb.GeneratedMessage {
static final $pb.BuilderInfo _i = $pb.BuilderInfo(
const $core.bool.fromEnvironment('protobuf.omit_message_names')
? ''
: 'OMEMOAuthenticatedMessage',
createEmptyInstance: create)
..a<$core.List<$core.int>>(
1,
const $core.bool.fromEnvironment('protobuf.omit_field_names')
? ''
: 'mac',
$pb.PbFieldType.QY)
..a<$core.List<$core.int>>(
2,
const $core.bool.fromEnvironment('protobuf.omit_field_names')
? ''
: 'message',
$pb.PbFieldType.QY);
static final $pb.BuilderInfo _i = $pb.BuilderInfo(const $core.bool.fromEnvironment('protobuf.omit_message_names') ? '' : 'OMEMOAuthenticatedMessage', createEmptyInstance: create)
..a<$core.List<$core.int>>(1, const $core.bool.fromEnvironment('protobuf.omit_field_names') ? '' : 'mac', $pb.PbFieldType.QY)
..a<$core.List<$core.int>>(2, const $core.bool.fromEnvironment('protobuf.omit_field_names') ? '' : 'message', $pb.PbFieldType.QY)
;
OMEMOAuthenticatedMessage._() : super();
factory OMEMOAuthenticatedMessage({
@ -171,42 +117,31 @@ class OMEMOAuthenticatedMessage extends $pb.GeneratedMessage {
}
return _result;
}
factory OMEMOAuthenticatedMessage.fromBuffer($core.List<$core.int> i,
[$pb.ExtensionRegistry r = $pb.ExtensionRegistry.EMPTY]) =>
create()..mergeFromBuffer(i, r);
factory OMEMOAuthenticatedMessage.fromJson($core.String i,
[$pb.ExtensionRegistry r = $pb.ExtensionRegistry.EMPTY]) =>
create()..mergeFromJson(i, r);
@$core.Deprecated('Using this can add significant overhead to your binary. '
factory OMEMOAuthenticatedMessage.fromBuffer($core.List<$core.int> i, [$pb.ExtensionRegistry r = $pb.ExtensionRegistry.EMPTY]) => create()..mergeFromBuffer(i, r);
factory OMEMOAuthenticatedMessage.fromJson($core.String i, [$pb.ExtensionRegistry r = $pb.ExtensionRegistry.EMPTY]) => create()..mergeFromJson(i, r);
@$core.Deprecated(
'Using this can add significant overhead to your binary. '
'Use [GeneratedMessageGenericExtensions.deepCopy] instead. '
'Will be removed in next major version')
OMEMOAuthenticatedMessage clone() =>
OMEMOAuthenticatedMessage()..mergeFromMessage(this);
@$core.Deprecated('Using this can add significant overhead to your binary. '
OMEMOAuthenticatedMessage clone() => OMEMOAuthenticatedMessage()..mergeFromMessage(this);
@$core.Deprecated(
'Using this can add significant overhead to your binary. '
'Use [GeneratedMessageGenericExtensions.rebuild] instead. '
'Will be removed in next major version')
OMEMOAuthenticatedMessage copyWith(
void Function(OMEMOAuthenticatedMessage) updates) =>
super.copyWith((message) => updates(message as OMEMOAuthenticatedMessage))
as OMEMOAuthenticatedMessage; // ignore: deprecated_member_use
OMEMOAuthenticatedMessage copyWith(void Function(OMEMOAuthenticatedMessage) updates) => super.copyWith((message) => updates(message as OMEMOAuthenticatedMessage)) as OMEMOAuthenticatedMessage; // ignore: deprecated_member_use
$pb.BuilderInfo get info_ => _i;
@$core.pragma('dart2js:noInline')
static OMEMOAuthenticatedMessage create() => OMEMOAuthenticatedMessage._();
OMEMOAuthenticatedMessage createEmptyInstance() => create();
static $pb.PbList<OMEMOAuthenticatedMessage> createRepeated() =>
$pb.PbList<OMEMOAuthenticatedMessage>();
static $pb.PbList<OMEMOAuthenticatedMessage> createRepeated() => $pb.PbList<OMEMOAuthenticatedMessage>();
@$core.pragma('dart2js:noInline')
static OMEMOAuthenticatedMessage getDefault() => _defaultInstance ??=
$pb.GeneratedMessage.$_defaultFor<OMEMOAuthenticatedMessage>(create);
static OMEMOAuthenticatedMessage getDefault() => _defaultInstance ??= $pb.GeneratedMessage.$_defaultFor<OMEMOAuthenticatedMessage>(create);
static OMEMOAuthenticatedMessage? _defaultInstance;
@$pb.TagNumber(1)
$core.List<$core.int> get mac => $_getN(0);
@$pb.TagNumber(1)
set mac($core.List<$core.int> v) {
$_setBytes(0, v);
}
set mac($core.List<$core.int> v) { $_setBytes(0, v); }
@$pb.TagNumber(1)
$core.bool hasMac() => $_has(0);
@$pb.TagNumber(1)
@ -215,10 +150,7 @@ class OMEMOAuthenticatedMessage extends $pb.GeneratedMessage {
@$pb.TagNumber(2)
$core.List<$core.int> get message => $_getN(1);
@$pb.TagNumber(2)
set message($core.List<$core.int> v) {
$_setBytes(1, v);
}
set message($core.List<$core.int> v) { $_setBytes(1, v); }
@$pb.TagNumber(2)
$core.bool hasMessage() => $_has(1);
@$pb.TagNumber(2)
@ -226,41 +158,13 @@ class OMEMOAuthenticatedMessage extends $pb.GeneratedMessage {
}
class OMEMOKeyExchange extends $pb.GeneratedMessage {
static final $pb.BuilderInfo _i = $pb.BuilderInfo(
const $core.bool.fromEnvironment('protobuf.omit_message_names')
? ''
: 'OMEMOKeyExchange',
createEmptyInstance: create)
..a<$core.int>(
1,
const $core.bool.fromEnvironment('protobuf.omit_field_names')
? ''
: 'pkId',
$pb.PbFieldType.QU3)
..a<$core.int>(
2,
const $core.bool.fromEnvironment('protobuf.omit_field_names')
? ''
: 'spkId',
$pb.PbFieldType.QU3)
..a<$core.List<$core.int>>(
3,
const $core.bool.fromEnvironment('protobuf.omit_field_names')
? ''
: 'ik',
$pb.PbFieldType.QY)
..a<$core.List<$core.int>>(
4,
const $core.bool.fromEnvironment('protobuf.omit_field_names')
? ''
: 'ek',
$pb.PbFieldType.QY)
..aQM<OMEMOAuthenticatedMessage>(
5,
const $core.bool.fromEnvironment('protobuf.omit_field_names')
? ''
: 'message',
subBuilder: OMEMOAuthenticatedMessage.create);
static final $pb.BuilderInfo _i = $pb.BuilderInfo(const $core.bool.fromEnvironment('protobuf.omit_message_names') ? '' : 'OMEMOKeyExchange', createEmptyInstance: create)
..a<$core.int>(1, const $core.bool.fromEnvironment('protobuf.omit_field_names') ? '' : 'pkId', $pb.PbFieldType.QU3)
..a<$core.int>(2, const $core.bool.fromEnvironment('protobuf.omit_field_names') ? '' : 'spkId', $pb.PbFieldType.QU3)
..a<$core.List<$core.int>>(3, const $core.bool.fromEnvironment('protobuf.omit_field_names') ? '' : 'ik', $pb.PbFieldType.QY)
..a<$core.List<$core.int>>(4, const $core.bool.fromEnvironment('protobuf.omit_field_names') ? '' : 'ek', $pb.PbFieldType.QY)
..aQM<OMEMOAuthenticatedMessage>(5, const $core.bool.fromEnvironment('protobuf.omit_field_names') ? '' : 'message', subBuilder: OMEMOAuthenticatedMessage.create)
;
OMEMOKeyExchange._() : super();
factory OMEMOKeyExchange({
@ -288,40 +192,31 @@ class OMEMOKeyExchange extends $pb.GeneratedMessage {
}
return _result;
}
factory OMEMOKeyExchange.fromBuffer($core.List<$core.int> i,
[$pb.ExtensionRegistry r = $pb.ExtensionRegistry.EMPTY]) =>
create()..mergeFromBuffer(i, r);
factory OMEMOKeyExchange.fromJson($core.String i,
[$pb.ExtensionRegistry r = $pb.ExtensionRegistry.EMPTY]) =>
create()..mergeFromJson(i, r);
@$core.Deprecated('Using this can add significant overhead to your binary. '
factory OMEMOKeyExchange.fromBuffer($core.List<$core.int> i, [$pb.ExtensionRegistry r = $pb.ExtensionRegistry.EMPTY]) => create()..mergeFromBuffer(i, r);
factory OMEMOKeyExchange.fromJson($core.String i, [$pb.ExtensionRegistry r = $pb.ExtensionRegistry.EMPTY]) => create()..mergeFromJson(i, r);
@$core.Deprecated(
'Using this can add significant overhead to your binary. '
'Use [GeneratedMessageGenericExtensions.deepCopy] instead. '
'Will be removed in next major version')
OMEMOKeyExchange clone() => OMEMOKeyExchange()..mergeFromMessage(this);
@$core.Deprecated('Using this can add significant overhead to your binary. '
@$core.Deprecated(
'Using this can add significant overhead to your binary. '
'Use [GeneratedMessageGenericExtensions.rebuild] instead. '
'Will be removed in next major version')
OMEMOKeyExchange copyWith(void Function(OMEMOKeyExchange) updates) =>
super.copyWith((message) => updates(message as OMEMOKeyExchange))
as OMEMOKeyExchange; // ignore: deprecated_member_use
OMEMOKeyExchange copyWith(void Function(OMEMOKeyExchange) updates) => super.copyWith((message) => updates(message as OMEMOKeyExchange)) as OMEMOKeyExchange; // ignore: deprecated_member_use
$pb.BuilderInfo get info_ => _i;
@$core.pragma('dart2js:noInline')
static OMEMOKeyExchange create() => OMEMOKeyExchange._();
OMEMOKeyExchange createEmptyInstance() => create();
static $pb.PbList<OMEMOKeyExchange> createRepeated() =>
$pb.PbList<OMEMOKeyExchange>();
static $pb.PbList<OMEMOKeyExchange> createRepeated() => $pb.PbList<OMEMOKeyExchange>();
@$core.pragma('dart2js:noInline')
static OMEMOKeyExchange getDefault() => _defaultInstance ??=
$pb.GeneratedMessage.$_defaultFor<OMEMOKeyExchange>(create);
static OMEMOKeyExchange getDefault() => _defaultInstance ??= $pb.GeneratedMessage.$_defaultFor<OMEMOKeyExchange>(create);
static OMEMOKeyExchange? _defaultInstance;
@$pb.TagNumber(1)
$core.int get pkId => $_getIZ(0);
@$pb.TagNumber(1)
set pkId($core.int v) {
$_setUnsignedInt32(0, v);
}
set pkId($core.int v) { $_setUnsignedInt32(0, v); }
@$pb.TagNumber(1)
$core.bool hasPkId() => $_has(0);
@$pb.TagNumber(1)
@ -330,10 +225,7 @@ class OMEMOKeyExchange extends $pb.GeneratedMessage {
@$pb.TagNumber(2)
$core.int get spkId => $_getIZ(1);
@$pb.TagNumber(2)
set spkId($core.int v) {
$_setUnsignedInt32(1, v);
}
set spkId($core.int v) { $_setUnsignedInt32(1, v); }
@$pb.TagNumber(2)
$core.bool hasSpkId() => $_has(1);
@$pb.TagNumber(2)
@ -342,10 +234,7 @@ class OMEMOKeyExchange extends $pb.GeneratedMessage {
@$pb.TagNumber(3)
$core.List<$core.int> get ik => $_getN(2);
@$pb.TagNumber(3)
set ik($core.List<$core.int> v) {
$_setBytes(2, v);
}
set ik($core.List<$core.int> v) { $_setBytes(2, v); }
@$pb.TagNumber(3)
$core.bool hasIk() => $_has(2);
@$pb.TagNumber(3)
@ -354,10 +243,7 @@ class OMEMOKeyExchange extends $pb.GeneratedMessage {
@$pb.TagNumber(4)
$core.List<$core.int> get ek => $_getN(3);
@$pb.TagNumber(4)
set ek($core.List<$core.int> v) {
$_setBytes(3, v);
}
set ek($core.List<$core.int> v) { $_setBytes(3, v); }
@$pb.TagNumber(4)
$core.bool hasEk() => $_has(3);
@$pb.TagNumber(4)
@ -366,10 +252,7 @@ class OMEMOKeyExchange extends $pb.GeneratedMessage {
@$pb.TagNumber(5)
OMEMOAuthenticatedMessage get message => $_getN(4);
@$pb.TagNumber(5)
set message(OMEMOAuthenticatedMessage v) {
setField(5, v);
}
set message(OMEMOAuthenticatedMessage v) { setField(5, v); }
@$pb.TagNumber(5)
$core.bool hasMessage() => $_has(4);
@$pb.TagNumber(5)
@ -377,3 +260,4 @@ class OMEMOKeyExchange extends $pb.GeneratedMessage {
@$pb.TagNumber(5)
OMEMOAuthenticatedMessage ensureMessage() => $_ensure(4);
}

1
lib/protobuf/schema.pbenum.dart
View File

@ -4,3 +4,4 @@
//
// @dart = 2.12
// ignore_for_file: annotate_overrides,camel_case_types,constant_identifier_names,directives_ordering,library_prefixes,non_constant_identifier_names,prefer_final_fields,return_of_invalid_type,unnecessary_const,unnecessary_import,unnecessary_this,unused_import,unused_shown_name

52
lib/protobuf/schema.pbjson.dart
View File

@ -8,53 +8,41 @@
import 'dart:core' as $core;
import 'dart:convert' as $convert;
import 'dart:typed_data' as $typed_data;
@$core.Deprecated('Use oMEMOMessageDescriptor instead')
const OMEMOMessage$json = {
const OMEMOMessage$json = const {
'1': 'OMEMOMessage',
'2': [
{'1': 'n', '3': 1, '4': 2, '5': 13, '10': 'n'},
{'1': 'pn', '3': 2, '4': 2, '5': 13, '10': 'pn'},
{'1': 'dh_pub', '3': 3, '4': 2, '5': 12, '10': 'dhPub'},
{'1': 'ciphertext', '3': 4, '4': 1, '5': 12, '10': 'ciphertext'},
'2': const [
const {'1': 'n', '3': 1, '4': 2, '5': 13, '10': 'n'},
const {'1': 'pn', '3': 2, '4': 2, '5': 13, '10': 'pn'},
const {'1': 'dh_pub', '3': 3, '4': 2, '5': 12, '10': 'dhPub'},
const {'1': 'ciphertext', '3': 4, '4': 1, '5': 12, '10': 'ciphertext'},
],
};
/// Descriptor for `OMEMOMessage`. Decode as a `google.protobuf.DescriptorProto`.
final $typed_data.Uint8List oMEMOMessageDescriptor = $convert.base64Decode(
'CgxPTUVNT01lc3NhZ2USDAoBbhgBIAIoDVIBbhIOCgJwbhgCIAIoDVICcG4SFQoGZGhfcHViGAMgAigMUgVkaFB1YhIeCgpjaXBoZXJ0ZXh0GAQgASgMUgpjaXBoZXJ0ZXh0');
final $typed_data.Uint8List oMEMOMessageDescriptor = $convert.base64Decode('CgxPTUVNT01lc3NhZ2USDAoBbhgBIAIoDVIBbhIOCgJwbhgCIAIoDVICcG4SFQoGZGhfcHViGAMgAigMUgVkaFB1YhIeCgpjaXBoZXJ0ZXh0GAQgASgMUgpjaXBoZXJ0ZXh0');
@$core.Deprecated('Use oMEMOAuthenticatedMessageDescriptor instead')
const OMEMOAuthenticatedMessage$json = {
const OMEMOAuthenticatedMessage$json = const {
'1': 'OMEMOAuthenticatedMessage',
'2': [
{'1': 'mac', '3': 1, '4': 2, '5': 12, '10': 'mac'},
{'1': 'message', '3': 2, '4': 2, '5': 12, '10': 'message'},
'2': const [
const {'1': 'mac', '3': 1, '4': 2, '5': 12, '10': 'mac'},
const {'1': 'message', '3': 2, '4': 2, '5': 12, '10': 'message'},
],
};
/// Descriptor for `OMEMOAuthenticatedMessage`. Decode as a `google.protobuf.DescriptorProto`.
final $typed_data.Uint8List oMEMOAuthenticatedMessageDescriptor =
$convert.base64Decode(
'ChlPTUVNT0F1dGhlbnRpY2F0ZWRNZXNzYWdlEhAKA21hYxgBIAIoDFIDbWFjEhgKB21lc3NhZ2UYAiACKAxSB21lc3NhZ2U=');
final $typed_data.Uint8List oMEMOAuthenticatedMessageDescriptor = $convert.base64Decode('ChlPTUVNT0F1dGhlbnRpY2F0ZWRNZXNzYWdlEhAKA21hYxgBIAIoDFIDbWFjEhgKB21lc3NhZ2UYAiACKAxSB21lc3NhZ2U=');
@$core.Deprecated('Use oMEMOKeyExchangeDescriptor instead')
const OMEMOKeyExchange$json = {
const OMEMOKeyExchange$json = const {
'1': 'OMEMOKeyExchange',
'2': [
{'1': 'pk_id', '3': 1, '4': 2, '5': 13, '10': 'pkId'},
{'1': 'spk_id', '3': 2, '4': 2, '5': 13, '10': 'spkId'},
{'1': 'ik', '3': 3, '4': 2, '5': 12, '10': 'ik'},
{'1': 'ek', '3': 4, '4': 2, '5': 12, '10': 'ek'},
{
'1': 'message',
'3': 5,
'4': 2,
'5': 11,
'6': '.OMEMOAuthenticatedMessage',
'10': 'message'
},
'2': const [
const {'1': 'pk_id', '3': 1, '4': 2, '5': 13, '10': 'pkId'},
const {'1': 'spk_id', '3': 2, '4': 2, '5': 13, '10': 'spkId'},
const {'1': 'ik', '3': 3, '4': 2, '5': 12, '10': 'ik'},
const {'1': 'ek', '3': 4, '4': 2, '5': 12, '10': 'ek'},
const {'1': 'message', '3': 5, '4': 2, '5': 11, '6': '.OMEMOAuthenticatedMessage', '10': 'message'},
],
};
/// Descriptor for `OMEMOKeyExchange`. Decode as a `google.protobuf.DescriptorProto`.
final $typed_data.Uint8List oMEMOKeyExchangeDescriptor = $convert.base64Decode(
'ChBPTUVNT0tleUV4Y2hhbmdlEhMKBXBrX2lkGAEgAigNUgRwa0lkEhUKBnNwa19pZBgCIAIoDVIFc3BrSWQSDgoCaWsYAyACKAxSAmlrEg4KAmVrGAQgAigMUgJlaxI0CgdtZXNzYWdlGAUgAigLMhouT01FTU9BdXRoZW50aWNhdGVkTWVzc2FnZVIHbWVzc2FnZQ==');
final $typed_data.Uint8List oMEMOKeyExchangeDescriptor = $convert.base64Decode('ChBPTUVNT0tleUV4Y2hhbmdlEhMKBXBrX2lkGAEgAigNUgRwa0lkEhUKBnNwa19pZBgCIAIoDVIFc3BrSWQSDgoCaWsYAyACKAxSAmlrEg4KAmVrGAQgAigMUgJlaxI0CgdtZXNzYWdlGAUgAigLMhouT01FTU9BdXRoZW50aWNhdGVkTWVzc2FnZVIHbWVzc2FnZQ==');

1
lib/protobuf/schema.pbserver.dart
View File

@ -6,3 +6,4 @@
// ignore_for_file: annotate_overrides,camel_case_types,constant_identifier_names,deprecated_member_use_from_same_package,directives_ordering,library_prefixes,non_constant_identifier_names,prefer_final_fields,return_of_invalid_type,unnecessary_const,unnecessary_import,unnecessary_this,unused_import,unused_shown_name
export 'schema.pb.dart';

28
lib/src/crypto.dart
View File

@ -6,11 +6,7 @@ import 'package:omemo_dart/src/keys.dart';
/// it indicates which of [kp] ([identityKey] == 1) or [pk] ([identityKey] == 2)
/// is the identity key. This is needed since the identity key pair/public key is
/// an Ed25519 key, but we need them as X25519 keys for DH.
Future<List<int>> omemoDH(
OmemoKeyPair kp,
OmemoPublicKey pk,
int identityKey,
) async {
Future<List<int>> omemoDH(OmemoKeyPair kp, OmemoPublicKey pk, int identityKey) async {
var ckp = kp;
var cpk = pk;
@ -29,6 +25,7 @@ Future<List<int>> omemoDH(
}
class HkdfKeyResult {
const HkdfKeyResult(this.encryptionKey, this.authenticationKey, this.iv);
final List<int> encryptionKey;
final List<int> authenticationKey;
@ -38,8 +35,7 @@ class HkdfKeyResult {
/// cryptography _really_ wants to check the MAC output from AES-256-CBC. Since
/// we don't have it, we need the MAC check to always "pass".
class NoMacSecretBox extends SecretBox {
NoMacSecretBox(super.cipherText, {required super.nonce})
: super(mac: Mac.empty);
NoMacSecretBox(super.cipherText, { required super.nonce }) : super(mac: Mac.empty);
@override
Future<void> checkMac({
@ -64,20 +60,12 @@ Future<HkdfKeyResult> deriveEncryptionKeys(List<int> input, String info) async {
);
final bytes = await result.extractBytes();
return HkdfKeyResult(
bytes.sublist(0, 32),
bytes.sublist(32, 64),
bytes.sublist(64, 80),
);
return HkdfKeyResult(bytes.sublist(0, 32), bytes.sublist(32, 64), bytes.sublist(64, 80));
}
/// A small helper function to make AES-256-CBC easier. Encrypt [plaintext] using [key] as
/// the encryption key and [iv] as the IV. Returns the ciphertext.
Future<List<int>> aes256CbcEncrypt(
List<int> plaintext,
List<int> key,
List<int> iv,
) async {
Future<List<int>> aes256CbcEncrypt(List<int> plaintext, List<int> key, List<int> iv) async {
final algorithm = AesCbc.with256bits(
macAlgorithm: MacAlgorithm.empty,
);
@ -92,11 +80,7 @@ Future<List<int>> aes256CbcEncrypt(
/// A small helper function to make AES-256-CBC easier. Decrypt [ciphertext] using [key] as
/// the encryption key and [iv] as the IV. Returns the ciphertext.
Future<List<int>> aes256CbcDecrypt(
List<int> ciphertext,
List<int> key,
List<int> iv,
) async {
Future<List<int>> aes256CbcDecrypt(List<int> ciphertext, List<int> key, List<int> iv) async {
final algorithm = AesCbc.with256bits(
macAlgorithm: MacAlgorithm.empty,
);

20
lib/src/double_ratchet/crypto.dart
View File

@ -10,19 +10,12 @@ const encryptHkdfInfoString = 'OMEMO Message Key Material';
/// Signals ENCRYPT function as specified by OMEMO 0.8.3.
/// Encrypt [plaintext] using the message key [mk], given associated_data [associatedData]
/// and the AD output from the X3DH [sessionAd].
Future<List<int>> encrypt(
List<int> mk,
List<int> plaintext,
List<int> associatedData,
List<int> sessionAd,
) async {
Future<List<int>> encrypt(List<int> mk, List<int> plaintext, List<int> associatedData, List<int> sessionAd) async {
// Generate encryption, authentication key and IV
final keys = await deriveEncryptionKeys(mk, encryptHkdfInfoString);
final ciphertext =
await aes256CbcEncrypt(plaintext, keys.encryptionKey, keys.iv);
final ciphertext = await aes256CbcEncrypt(plaintext, keys.encryptionKey, keys.iv);
final header =
OmemoMessage.fromBuffer(associatedData.sublist(sessionAd.length))
final header = OmemoMessage.fromBuffer(associatedData.sublist(sessionAd.length))
..ciphertext = ciphertext;
final headerBytes = header.writeToBuffer();
final hmacInput = concat([sessionAd, headerBytes]);
@ -36,12 +29,7 @@ Future<List<int>> encrypt(
/// Signals DECRYPT function as specified by OMEMO 0.8.3.
/// Decrypt [ciphertext] with the message key [mk], given the associated_data [associatedData]
/// and the AD output from the X3DH.
Future<List<int>> decrypt(
List<int> mk,
List<int> ciphertext,
List<int> associatedData,
List<int> sessionAd,
) async {
Future<List<int>> decrypt(List<int> mk, List<int> ciphertext, List<int> associatedData, List<int> sessionAd) async {
// Generate encryption, authentication key and IV
final keys = await deriveEncryptionKeys(mk, encryptHkdfInfoString);

86
lib/src/double_ratchet/double_ratchet.dart
View File

@ -99,8 +99,7 @@ class OmemoDoubleRatchet {
// NOTE: Dart has some issues with just casting a List<dynamic> to List<Map<...>>, as
// such we need to convert the items by hand.
final mkSkipped = Map<SkippedKey, List<int>>.fromEntries(
(data['mkskipped']! as List<dynamic>)
.map<MapEntry<SkippedKey, List<int>>>(
(data['mkskipped']! as List<dynamic>).map<MapEntry<SkippedKey, List<int>>>(
(entry) {
final map = entry as Map<String, dynamic>;
final key = SkippedKey.fromJson(map);
@ -179,13 +178,7 @@ class OmemoDoubleRatchet {
/// Create an OMEMO session using the Signed Pre Key [spk], the shared secret [sk] that
/// was obtained using a X3DH and the associated data [ad] that was also obtained through
/// a X3DH. [ik] refers to Bob's (the receiver's) IK public key.
static Future<OmemoDoubleRatchet> initiateNewSession(
OmemoPublicKey spk,
OmemoPublicKey ik,
List<int> sk,
List<int> ad,
int timestamp,
) async {
static Future<OmemoDoubleRatchet> initiateNewSession(OmemoPublicKey spk, OmemoPublicKey ik, List<int> sk, List<int> ad, int timestamp) async {
final dhs = await OmemoKeyPair.generateNewPair(KeyPairType.x25519);
final dhr = spk;
final rk = await kdfRk(sk, await omemoDH(dhs, dhr, 0));
@ -213,13 +206,7 @@ class OmemoDoubleRatchet {
/// Pre Key keypair [spk], the shared secret [sk] that was obtained through a X3DH and
/// the associated data [ad] that was also obtained through a X3DH. [ik] refers to
/// Alice's (the initiator's) IK public key.
static Future<OmemoDoubleRatchet> acceptNewSession(
OmemoKeyPair spk,
OmemoPublicKey ik,
List<int> sk,
List<int> ad,
int kexTimestamp,
) async {
static Future<OmemoDoubleRatchet> acceptNewSession(OmemoKeyPair spk, OmemoPublicKey ik, List<int> sk, List<int> ad, int kexTimestamp) async {
return OmemoDoubleRatchet(
spk,
null,
@ -239,8 +226,7 @@ class OmemoDoubleRatchet {
}
Future<Map<String, dynamic>> toJson() async {
final mkSkippedSerialised =
List<Map<String, dynamic>>.empty(growable: true);
final mkSkippedSerialised = List<Map<String, dynamic>>.empty(growable: true);
for (final entry in mkSkipped.entries) {
final result = await entry.key.toJson();
result['key'] = base64.encode(entry.value);
@ -273,10 +259,7 @@ class OmemoDoubleRatchet {
return HEX.encode(await curveKey.getBytes());
}
Future<List<int>?> _trySkippedMessageKeys(
OmemoMessage header,
List<int> ciphertext,
) async {
Future<List<int>?> _trySkippedMessageKeys(OmemoMessage header, List<int> ciphertext) async {
final key = SkippedKey(
OmemoPublicKey.fromBytes(header.dhPub!, KeyPairType.x25519),
header.n!,
@ -285,12 +268,7 @@ class OmemoDoubleRatchet {
final mk = mkSkipped[key]!;
mkSkipped.remove(key);
return decrypt(
mk,
ciphertext,
concat([sessionAd, header.writeToBuffer()]),
sessionAd,
);
return decrypt(mk, ciphertext, concat([sessionAd, header.writeToBuffer()]), sessionAd);
}
return null;
@ -342,12 +320,7 @@ class OmemoDoubleRatchet {
return RatchetStep(
header,
await encrypt(
mk,
plaintext,
concat([sessionAd, header.writeToBuffer()]),
sessionAd,
),
await encrypt(mk, plaintext, concat([sessionAd, header.writeToBuffer()]), sessionAd),
);
}
@ -355,10 +328,7 @@ class OmemoDoubleRatchet {
/// Ratchet. Returns the decrypted (raw) plaintext.
///
/// Throws an SkippingTooManyMessagesException if too many messages were to be skipped.
Future<List<int>> ratchetDecrypt(
OmemoMessage header,
List<int> ciphertext,
) async {
Future<List<int>> ratchetDecrypt(OmemoMessage header, List<int> ciphertext) async {
// Check if we skipped too many messages
final plaintext = await _trySkippedMessageKeys(header, ciphertext);
if (plaintext != null) {
@ -380,12 +350,7 @@ class OmemoDoubleRatchet {
ckr = newCkr;
nr++;
return decrypt(
mk,
ciphertext,
concat([sessionAd, header.writeToBuffer()]),
sessionAd,
);
return decrypt(mk, ciphertext, concat([sessionAd, header.writeToBuffer()]), sessionAd);
}
OmemoDoubleRatchet clone() {
@ -393,8 +358,12 @@ class OmemoDoubleRatchet {
dhs,
dhr,
rk,
cks != null ? List<int>.from(cks!) : null,
ckr != null ? List<int>.from(ckr!) : null,
cks != null ?
List<int>.from(cks!) :
null,
ckr != null ?
List<int>.from(ckr!) :
null,
ns,
nr,
pn,
@ -412,8 +381,12 @@ class OmemoDoubleRatchet {
dhs,
dhr,
rk,
cks != null ? List<int>.from(cks!) : null,
ckr != null ? List<int>.from(ckr!) : null,
cks != null ?
List<int>.from(cks!) :
null,
ckr != null ?
List<int>.from(ckr!) :
null,
ns,
nr,
pn,
@ -428,17 +401,16 @@ class OmemoDoubleRatchet {
@visibleForTesting
Future<bool> equals(OmemoDoubleRatchet other) async {
final dhrMatch = dhr == null
? other.dhr == null
:
final dhrMatch = dhr == null ?
other.dhr == null :
// ignore: invalid_use_of_visible_for_testing_member
other.dhr != null && await dhr!.equals(other.dhr!);
final ckrMatch = ckr == null
? other.ckr == null
: other.ckr != null && listsEqual(ckr!, other.ckr!);
final cksMatch = cks == null
? other.cks == null
: other.cks != null && listsEqual(cks!, other.cks!);
final ckrMatch = ckr == null ?
other.ckr == null :
other.ckr != null && listsEqual(ckr!, other.ckr!);
final cksMatch = cks == null ?
other.cks == null :
other.cks != null && listsEqual(cks!, other.cks!);
// ignore: invalid_use_of_visible_for_testing_member
final dhsMatch = await dhs.equals(other.dhs);

19
lib/src/errors.dart
View File

@ -2,10 +2,8 @@ abstract class OmemoException {}
/// Triggered during X3DH if the signature if the SPK does verify to the actual SPK.
class InvalidSignatureException extends OmemoException implements Exception {
String errMsg() =>
'The signature of the SPK does not match the provided signature';
String errMsg() => 'The signature of the SPK does not match the provided signature';
}
/// Triggered by the Double Ratchet if the computed HMAC does not match the attached HMAC.
/// Triggered by the Session Manager if the computed HMAC does not match the attached HMAC.
class InvalidMessageHMACException extends OmemoException implements Exception {
@ -14,14 +12,12 @@ class InvalidMessageHMACException extends OmemoException implements Exception {
/// Triggered by the Double Ratchet if skipping messages would cause skipping more than
/// MAXSKIP messages
class SkippingTooManyMessagesException extends OmemoException
implements Exception {
class SkippingTooManyMessagesException extends OmemoException implements Exception {
String errMsg() => 'Skipping messages would cause a skip bigger than MAXSKIP';
}
/// Triggered by the Session Manager if the message key is not encrypted for the device.
class NotEncryptedForDeviceException extends OmemoException
implements Exception {
class NotEncryptedForDeviceException extends OmemoException implements Exception {
String errMsg() => 'Not encrypted for this device';
}
@ -45,8 +41,7 @@ class InvalidKeyExchangeException extends OmemoException implements Exception {
/// Triggered by the Session Manager when a message's sequence number is smaller than we
/// expect it to be.
class MessageAlreadyDecryptedException extends OmemoException
implements Exception {
class MessageAlreadyDecryptedException extends OmemoException implements Exception {
String errMsg() => 'The message has already been decrypted';
}
@ -54,8 +49,6 @@ class MessageAlreadyDecryptedException extends OmemoException
/// no key material available. That happens, for example, when we want to create a
/// ratchet session with a JID we had no session with but fetching the device bundle
/// failed.
class NoKeyMaterialAvailableException extends OmemoException
implements Exception {
String errMsg() =>
'No key material available to create a ratchet session with';
class NoKeyMaterialAvailableException extends OmemoException implements Exception {
String errMsg() => 'No key material available to create a ratchet session with';
}

6
lib/src/helpers.dart
View File

@ -43,11 +43,7 @@ int generateRandom32BitNumber() {
return Random.secure().nextInt(4294967295 /*pow(2, 32) - 1*/);
}
OmemoPublicKey? decodeKeyIfNotNull(
Map<String, dynamic> map,
String key,
KeyPairType type,
) {
OmemoPublicKey? decodeKeyIfNotNull(Map<String, dynamic> map, String key, KeyPairType type) {
if (map[key] == null) return null;
return OmemoPublicKey.fromBytes(

36
lib/src/keys.dart
View File

@ -31,10 +31,7 @@ class OmemoPublicKey {
Future<String> asBase64() async => base64Encode(_pubkey.bytes);
Future<OmemoPublicKey> toCurve25519() async {
assert(
type == KeyPairType.ed25519,
'Cannot convert non-Ed25519 public key to X25519',
);
assert(type == KeyPairType.ed25519, 'Cannot convert non-Ed25519 public key to X25519');
final pkc = Uint8List(publicKeyLength);
TweetNaClExt.crypto_sign_ed25519_pk_to_x25519_pk(
@ -42,17 +39,14 @@ class OmemoPublicKey {
Uint8List.fromList(await getBytes()),
);
return OmemoPublicKey(
SimplePublicKey(List<int>.from(pkc), type: KeyPairType.x25519),
);
return OmemoPublicKey(SimplePublicKey(List<int>.from(pkc), type: KeyPairType.x25519));
}
SimplePublicKey asPublicKey() => _pubkey;
@visibleForTesting
Future<bool> equals(OmemoPublicKey key) async {
return type == key.type &&
listsEqual(
return type == key.type && listsEqual(
await getBytes(),
await key.getBytes(),
);
@ -67,10 +61,7 @@ class OmemoPrivateKey {
Future<List<int>> getBytes() async => _privkey;
Future<OmemoPrivateKey> toCurve25519() async {
assert(
type == KeyPairType.ed25519,
'Cannot convert non-Ed25519 private key to X25519',
);
assert(type == KeyPairType.ed25519, 'Cannot convert non-Ed25519 private key to X25519');
final skc = Uint8List(privateKeyLength);
TweetNaClExt.crypto_sign_ed25519_sk_to_x25519_sk(
@ -83,8 +74,7 @@ class OmemoPrivateKey {
@visibleForTesting
Future<bool> equals(OmemoPrivateKey key) async {
return type == key.type &&
listsEqual(
return type == key.type && listsEqual(
await getBytes(),
await key.getBytes(),
);
@ -97,11 +87,7 @@ class OmemoKeyPair {
/// Create an OmemoKeyPair just from a [type] and the bytes of the private and public
/// key.
factory OmemoKeyPair.fromBytes(
List<int> publicKey,
List<int> privateKey,
KeyPairType type,
) {
factory OmemoKeyPair.fromBytes(List<int> publicKey, List<int> privateKey, KeyPairType type) {
return OmemoKeyPair(
OmemoPublicKey.fromBytes(
publicKey,
@ -118,10 +104,7 @@ class OmemoKeyPair {
/// Generate a completely new random OmemoKeyPair of type [type]. [type] must be either
/// KeyPairType.ed25519 or KeyPairType.x25519.
static Future<OmemoKeyPair> generateNewPair(KeyPairType type) async {
assert(
type == KeyPairType.ed25519 || type == KeyPairType.x25519,
'Keypair must be either Ed25519 or X25519',
);
assert(type == KeyPairType.ed25519 || type == KeyPairType.x25519, 'Keypair must be either Ed25519 or X25519');
SimpleKeyPair kp;
if (type == KeyPairType.ed25519) {
@ -150,10 +133,7 @@ class OmemoKeyPair {
/// Return the bytes that comprise the public key.
Future<OmemoKeyPair> toCurve25519() async {
assert(
type == KeyPairType.ed25519,
'Cannot convert non-Ed25519 keypair to X25519',
);
assert(type == KeyPairType.ed25519, 'Cannot convert non-Ed25519 keypair to X25519');
return OmemoKeyPair(
await pk.toCurve25519(),

7
lib/src/omemo/bundle.dart
View File

@ -4,6 +4,7 @@ import 'package:hex/hex.dart';
import 'package:omemo_dart/src/keys.dart';
class OmemoBundle {
const OmemoBundle(
this.jid,
this.id,
@ -13,23 +14,17 @@ class OmemoBundle {
this.ikEncoded,
this.opksEncoded,
);
/// The bare Jid the Bundle belongs to
final String jid;
/// The device Id
final int id;
/// The SPK but base64 encoded
final String spkEncoded;
final int spkId;
/// The SPK signature but base64 encoded
final String spkSignatureEncoded;
/// The IK but base64 encoded
final String ikEncoded;
/// The mapping of a OPK's id to the base64 encoded data
final Map<int, String> opksEncoded;

17
lib/src/omemo/device.dart
View File

@ -93,10 +93,7 @@ class OmemoDevice {
}
/// Generate a completely new device, i.e. cryptographic identity.
static Future<OmemoDevice> generateNewDevice(
String jid, {
int opkAmount = 100,
}) async {
static Future<OmemoDevice> generateNewDevice(String jid, { int opkAmount = 100 }) async {
final id = generateRandom32BitNumber();
final ik = await OmemoKeyPair.generateNewPair(KeyPairType.ed25519);
final spk = await OmemoKeyPair.generateNewPair(KeyPairType.x25519);
@ -122,16 +119,13 @@ class OmemoDevice {
/// The signed prekey...
final OmemoKeyPair spk;
/// ...its Id, ...
final int spkId;
/// ...and its signature
final List<int> spkSignature;
/// The old Signed Prekey...
final OmemoKeyPair? oldSpk;
/// ...and its Id
final int? oldSpkId;
@ -257,9 +251,7 @@ class OmemoDevice {
} else {
for (final entry in opks.entries) {
// ignore: invalid_use_of_visible_for_testing_member
final matches =
// ignore: invalid_use_of_visible_for_testing_member
await other.opks[entry.key]?.equals(entry.value) ?? false;
final matches = await other.opks[entry.key]?.equals(entry.value) ?? false;
if (!matches) {
opksMatch = false;
}
@ -271,10 +263,7 @@ class OmemoDevice {
// ignore: invalid_use_of_visible_for_testing_member
final spkMatch = await spk.equals(other.spk);
// ignore: invalid_use_of_visible_for_testing_member
final oldSpkMatch = oldSpk != null
// ignore: invalid_use_of_visible_for_testing_member
? await oldSpk!.equals(other.oldSpk!)
: other.oldSpk == null;
final oldSpkMatch = oldSpk != null ? await oldSpk!.equals(other.oldSpk!) : other.oldSpk == null;
return id == other.id &&
ikMatch &&
spkMatch &&

1
lib/src/omemo/encrypted_key.dart
View File

@ -4,6 +4,7 @@ import 'package:meta/meta.dart';
/// <keys /> header.
@immutable
class EncryptedKey {
const EncryptedKey(this.jid, this.rid, this.value, this.kex);
final String jid;
final int rid;

11
lib/src/omemo/encryption_result.dart
View File

@ -5,12 +5,7 @@ import 'package:omemo_dart/src/omemo/ratchet_map_key.dart';
@immutable
class EncryptionResult {
const EncryptionResult(
this.ciphertext,
this.encryptedKeys,
this.deviceEncryptionErrors,
this.jidEncryptionErrors,
);
const EncryptionResult(this.ciphertext, this.encryptedKeys, this.deviceEncryptionErrors, this.jidEncryptionErrors);
/// The actual message that was encrypted.
final List<int>? ciphertext;
@ -27,7 +22,5 @@ class EncryptionResult {
/// True if the encryption was a success. This means that we could encrypt for
/// at least one ratchet.
bool isSuccess(int numberOfRecipients) =>
encryptedKeys.isNotEmpty &&
jidEncryptionErrors.length < numberOfRecipients;
bool isSuccess(int numberOfRecipients) => encryptedKeys.isNotEmpty && jidEncryptionErrors.length < numberOfRecipients;
}

8
lib/src/omemo/events.dart
View File

@ -5,13 +5,7 @@ abstract class OmemoEvent {}
/// Triggered when a ratchet has been modified
class RatchetModifiedEvent extends OmemoEvent {
RatchetModifiedEvent(
this.jid,
this.deviceId,
this.ratchet,
this.added,
this.replaced,
);
RatchetModifiedEvent(this.jid, this.deviceId, this.ratchet, this.added, this.replaced);
final String jid;
final int deviceId;
final OmemoDoubleRatchet ratchet;

138
lib/src/omemo/omemomanager.dart
View File

@ -33,10 +33,7 @@ class _InternalDecryptionResult {
this.ratchetCreated,
this.ratchetReplaced,
this.payload,
) : assert(
!ratchetCreated || !ratchetReplaced,
'Ratchet must be either replaced or created',
);
) : assert(!ratchetCreated || !ratchetReplaced, 'Ratchet must be either replaced or created');
final bool ratchetCreated;
final bool ratchetReplaced;
final String? payload;
@ -58,8 +55,7 @@ class OmemoManager {
/// Send an empty OMEMO:2 message using the encrypted payload @result to
/// @recipientJid.
final Future<void> Function(EncryptionResult result, String recipientJid)
sendEmptyOmemoMessageImpl;
final Future<void> Function(EncryptionResult result, String recipientJid) sendEmptyOmemoMessageImpl;
/// Fetch the list of device ids associated with @jid. If the device list cannot be
/// fetched, return null.
@ -73,17 +69,13 @@ class OmemoManager {
/// Map bare JID to its known devices
Map<String, List<int>> _deviceList = {};
/// Map bare JIDs to whether we already requested the device list once
final Map<String, bool> _deviceListRequested = {};
/// Map bare a ratchet key to its ratchet. Note that this is also locked by
/// _ratchetCriticalSectionLock.
Map<RatchetMapKey, OmemoDoubleRatchet> _ratchetMap = {};
/// Map bare JID to whether we already tried to subscribe to the device list node.
final Map<String, bool> _subscriptionMap = {};
/// For preventing a race condition in encryption/decryption
final Map<String, Queue<Completer<void>>> _ratchetCriticalSectionQueue = {};
final Lock _ratchetCriticalSectionLock = Lock();
@ -98,8 +90,7 @@ class OmemoManager {
OmemoDevice _device;
/// The event bus of the session manager
final StreamController<OmemoEvent> _eventStreamController =
StreamController<OmemoEvent>.broadcast();
final StreamController<OmemoEvent> _eventStreamController = StreamController<OmemoEvent>.broadcast();
Stream<OmemoEvent> get eventStream => _eventStreamController.stream;
/// Enter the critical section for performing cryptographic operations on the ratchets
@ -133,10 +124,7 @@ class OmemoManager {
});
}
Future<String?> _decryptAndVerifyHmac(
List<int>? ciphertext,
List<int> keyAndHmac,
) async {
Future<String?> _decryptAndVerifyHmac(List<int>? ciphertext, List<int> keyAndHmac) async {
// Empty OMEMO messages should just have the key decrypted and/or session set up.
if (ciphertext == null) {
return null;
@ -145,18 +133,13 @@ class OmemoManager {
final key = keyAndHmac.sublist(0, 32);
final hmac = keyAndHmac.sublist(32, 48);
final derivedKeys = await deriveEncryptionKeys(key, omemoPayloadInfoString);
final computedHmac =
await truncatedHmac(ciphertext, derivedKeys.authenticationKey);
final computedHmac = await truncatedHmac(ciphertext, derivedKeys.authenticationKey);
if (!listsEqual(hmac, computedHmac)) {
throw InvalidMessageHMACException();
}
return utf8.decode(
await aes256CbcDecrypt(
ciphertext,
derivedKeys.encryptionKey,
derivedKeys.iv,
),
await aes256CbcDecrypt(ciphertext, derivedKeys.encryptionKey, derivedKeys.iv),
);
}
@ -184,18 +167,13 @@ class OmemoManager {
_ratchetMap[key] = ratchet;
// Commit the ratchet
_eventStreamController
.add(RatchetModifiedEvent(jid, deviceId, ratchet, true, false));
_eventStreamController.add(RatchetModifiedEvent(jid, deviceId, ratchet, true, false));
}
/// Build a new session with the user at [jid] with the device [deviceId] using data
/// from the key exchange [kex]. In case [kex] contains an unknown Signed Prekey
/// identifier an UnknownSignedPrekeyException will be thrown.
Future<OmemoDoubleRatchet> _addSessionFromKeyExchange(
String jid,
int deviceId,
OmemoKeyExchange kex,
) async {
Future<OmemoDoubleRatchet> _addSessionFromKeyExchange(String jid, int deviceId, OmemoKeyExchange kex) async {
// Pick the correct SPK
final device = await getDevice();
OmemoKeyPair spk;
@ -225,20 +203,13 @@ class OmemoManager {
getTimestamp(),
);
// Notify the trust manager
await trustManager.onNewSession(jid, deviceId);
return ratchet;
}
/// Create a ratchet session initiated by Alice to the user with Jid [jid] and the device
/// [deviceId] from the bundle [bundle].
@visibleForTesting
Future<OmemoKeyExchange> addSessionFromBundle(
String jid,
int deviceId,
OmemoBundle bundle,
) async {
Future<OmemoKeyExchange> addSessionFromBundle(String jid, int deviceId, OmemoBundle bundle) async {
final device = await getDevice();
final kexResult = await x3dhFromBundle(
bundle,
@ -267,9 +238,7 @@ class OmemoManager {
/// [mapKey] with [oldRatchet].
/// NOTE: Must be called from within the ratchet critical section
void _restoreRatchet(RatchetMapKey mapKey, OmemoDoubleRatchet oldRatchet) {
_log.finest(
'Restoring ratchet ${mapKey.jid}:${mapKey.deviceId} to ${oldRatchet.nr}',
);
_log.finest('Restoring ratchet ${mapKey.jid}:${mapKey.deviceId} to ${oldRatchet.nr}');
_ratchetMap[mapKey] = oldRatchet;
// Commit the ratchet
@ -296,13 +265,7 @@ class OmemoManager {
/// element, then [ciphertext] must be set to null. In this case, this function
/// will return null as there is no message to be decrypted. This, however, is used
/// to set up sessions or advance the ratchets.
Future<_InternalDecryptionResult> _decryptMessage(
List<int>? ciphertext,
String senderJid,
int senderDeviceId,
List<EncryptedKey> keys,
int timestamp,
) async {
Future<_InternalDecryptionResult> _decryptMessage(List<int>? ciphertext, String senderJid, int senderDeviceId, List<EncryptedKey> keys, int timestamp) async {
// Try to find a session we can decrypt with.
var device = await getDevice();
final rawKey = keys.firstWhereOrNull((key) => key.rid == device.id);
@ -326,21 +289,17 @@ class OmemoManager {
// Guard against old key exchanges
if (oldRatchet != null) {
_log.finest(
'KEX for existent ratchet ${ratchetKey.toJsonKey()}. ${oldRatchet.kexTimestamp} > $timestamp: ${oldRatchet.kexTimestamp > timestamp}',
);
_log.finest('KEX for existent ratchet ${ratchetKey.toJsonKey()}. ${oldRatchet.kexTimestamp} > $timestamp: ${oldRatchet.kexTimestamp > timestamp}');
if (oldRatchet.kexTimestamp > timestamp) {
throw InvalidKeyExchangeException();
}
}
final r =
await _addSessionFromKeyExchange(senderJid, senderDeviceId, kex);
final r = await _addSessionFromKeyExchange(senderJid, senderDeviceId, kex);
// Try to decrypt with the new ratchet r
try {
keyAndHmac =
await r.ratchetDecrypt(message, authMessage.writeToBuffer());
keyAndHmac = await r.ratchetDecrypt(message, authMessage.writeToBuffer());
final result = await _decryptAndVerifyHmac(ciphertext, keyAndHmac);
// Add the new ratchet
@ -390,8 +349,7 @@ class OmemoManager {
try {
if (rawKey.kex) {
keyAndHmac =
await ratchet.ratchetDecrypt(message, authMessage.writeToBuffer());
keyAndHmac = await ratchet.ratchetDecrypt(message, authMessage.writeToBuffer());
} else {
keyAndHmac = await ratchet.ratchetDecrypt(message, decodedRawKey);
}
@ -432,14 +390,14 @@ class OmemoManager {
Future<List<OmemoBundle>> _fetchNewBundles(String jid) async {
// Check if we already requested the device list for [jid]
List<int> bundlesToFetch;
if (!_deviceListRequested.containsKey(jid) ||
!_deviceList.containsKey(jid)) {
if (!_deviceListRequested.containsKey(jid) || !_deviceList.containsKey(jid)) {
// We don't have an up-to-date version of the device list
final newDeviceList = await fetchDeviceListImpl(jid);
if (newDeviceList == null) return [];
_deviceList[jid] = newDeviceList;
bundlesToFetch = newDeviceList.where((id) {
bundlesToFetch = newDeviceList
.where((id) {
return !_ratchetMap.containsKey(RatchetMapKey(jid, id)) ||
_deviceList[jid]?.contains(id) == false;
}).toList();
@ -476,10 +434,7 @@ class OmemoManager {
/// does not contain a <payload /> element. This means that the ciphertext attribute of
/// the result will be null as well.
/// NOTE: Must be called within the ratchet critical section
Future<EncryptionResult> _encryptToJids(
List<String> jids,
String? plaintext,
) async {
Future<EncryptionResult> _encryptToJids(List<String> jids, String? plaintext) async {
final encryptedKeys = List<EncryptedKey>.empty(growable: true);
var ciphertext = const <int>[];
@ -540,13 +495,11 @@ class OmemoManager {
var ratchet = _ratchetMap[ratchetKey];
if (ratchet == null) {
_log.severe('Ratchet ${ratchetKey.toJsonKey()} does not exist.');
deviceEncryptionErrors[ratchetKey] =
NoKeyMaterialAvailableException();
deviceEncryptionErrors[ratchetKey] = NoKeyMaterialAvailableException();
continue;
}
final ciphertext =
(await ratchet.ratchetEncrypt(keyPayload)).ciphertext;
final ciphertext = (await ratchet.ratchetEncrypt(keyPayload)).ciphertext;
if (kex.containsKey(ratchetKey)) {
// The ratchet did not exist
@ -567,8 +520,7 @@ class OmemoManager {
} else if (!ratchet.acknowledged) {
// The ratchet exists but is not acked
if (ratchet.kex != null) {
final oldKex =
OmemoKeyExchange.fromBuffer(base64.decode(ratchet.kex!))
final oldKex = OmemoKeyExchange.fromBuffer(base64.decode(ratchet.kex!))
..message = OmemoAuthenticatedMessage.fromBuffer(ciphertext);
encryptedKeys.add(
@ -581,9 +533,7 @@ class OmemoManager {
);
} else {
// The ratchet is not acked but we don't have the old key exchange
_log.warning(
'Ratchet for $jid:$deviceId is not acked but the kex attribute is null',
);
_log.warning('Ratchet for $jid:$deviceId is not acked but the kex attribute is null');
encryptedKeys.add(
EncryptedKey(
jid,
@ -606,13 +556,13 @@ class OmemoManager {
}
// Commit the ratchet
_eventStreamController
.add(RatchetModifiedEvent(jid, deviceId, ratchet, false, false));
_eventStreamController.add(RatchetModifiedEvent(jid, deviceId, ratchet, false, false));
}
}
return EncryptionResult(
plaintext != null ? ciphertext : null,
plaintext != null ?
ciphertext : null,
encryptedKeys,
deviceEncryptionErrors,
jidEncryptionErrors,
@ -629,12 +579,13 @@ class OmemoManager {
_subscriptionMap[stanza.bareSenderJid] = true;
}
final ratchetKey =
RatchetMapKey(stanza.bareSenderJid, stanza.senderDeviceId);
final ratchetKey = RatchetMapKey(stanza.bareSenderJid, stanza.senderDeviceId);
final _InternalDecryptionResult result;
try {
result = await _decryptMessage(
stanza.payload != null ? base64.decode(stanza.payload!) : null,
stanza.payload != null ?
base64.decode(stanza.payload!) :
null,
stanza.bareSenderJid,
stanza.senderDeviceId,
stanza.keys,
@ -650,10 +601,7 @@ class OmemoManager {
// Check if the ratchet is acked
final ratchet = getRatchet(ratchetKey);
assert(
ratchet != null,
'We decrypted the message, so the ratchet must exist',
);
assert(ratchet != null, 'We decrypted the message, so the ratchet must exist');
if (ratchet!.acknowledged) {
// Ratchet is acknowledged
@ -725,24 +673,18 @@ class OmemoManager {
}
/// Mark the ratchet for device [deviceId] from [jid] as acked.
Future<void> ratchetAcknowledged(
String jid,
int deviceId, {
bool enterCriticalSection = true,
}) async {
Future<void> ratchetAcknowledged(String jid, int deviceId, { bool enterCriticalSection = true }) async {
if (enterCriticalSection) await _enterRatchetCriticalSection(jid);
final key = RatchetMapKey(jid, deviceId);
if (_ratchetMap.containsKey(key)) {
final ratchet = _ratchetMap[key]!..acknowledged = true;
final ratchet = _ratchetMap[key]!
..acknowledged = true;
// Commit it
_eventStreamController
.add(RatchetModifiedEvent(jid, deviceId, ratchet, false, false));
_eventStreamController.add(RatchetModifiedEvent(jid, deviceId, ratchet, false, false));
} else {
_log.severe(
'Attempted to acknowledge ratchet ${key.toJsonKey()}, even though it does not exist',
);
_log.severe('Attempted to acknowledge ratchet ${key.toJsonKey()}, even though it does not exist');
}
if (enterCriticalSection) await _leaveRatchetCriticalSection(jid);
@ -769,8 +711,7 @@ class OmemoManager {
Future<OmemoBundle> getDeviceBundle() async => (await getDevice()).toBundle();
/// Directly aquire the current device's fingerprint.
Future<String> getDeviceFingerprint() async =>
(await getDevice()).getFingerprint();
Future<String> getDeviceFingerprint() async => (await getDevice()).getFingerprint();
/// Returns the fingerprints for all devices of [jid] that we have a session with.
/// If there are not sessions with [jid], then returns null.
@ -813,10 +754,7 @@ class OmemoManager {
_eventStreamController.add(DeviceListModifiedEvent(_deviceList));
}
void initialize(
Map<RatchetMapKey, OmemoDoubleRatchet> ratchetMap,
Map<String, List<int>> deviceList,
) {
void initialize(Map<RatchetMapKey, OmemoDoubleRatchet> ratchetMap, Map<String, List<int>> deviceList) {
_deviceList = deviceList;
_ratchetMap = ratchetMap;
}

4
lib/src/omemo/ratchet_map_key.dart
View File

@ -23,9 +23,7 @@ class RatchetMapKey {
@override
bool operator ==(Object other) {
return other is RatchetMapKey &&
jid == other.jid &&
deviceId == other.deviceId;
return other is RatchetMapKey && jid == other.jid && deviceId == other.deviceId;
}
@override

679
lib/src/omemo/sessionmanager.dart Normal file
View File

@ -0,0 +1,679 @@
import 'dart:async';
import 'dart:convert';
import 'package:collection/collection.dart';
import 'package:cryptography/cryptography.dart';
import 'package:hex/hex.dart';
import 'package:logging/logging.dart';
import 'package:meta/meta.dart';
import 'package:omemo_dart/src/crypto.dart';
import 'package:omemo_dart/src/double_ratchet/double_ratchet.dart';
import 'package:omemo_dart/src/errors.dart';
import 'package:omemo_dart/src/helpers.dart';
import 'package:omemo_dart/src/keys.dart';
import 'package:omemo_dart/src/omemo/bundle.dart';
import 'package:omemo_dart/src/omemo/constants.dart';
import 'package:omemo_dart/src/omemo/device.dart';
import 'package:omemo_dart/src/omemo/encrypted_key.dart';
import 'package:omemo_dart/src/omemo/encryption_result.dart';
import 'package:omemo_dart/src/omemo/events.dart';
import 'package:omemo_dart/src/omemo/fingerprint.dart';
import 'package:omemo_dart/src/omemo/ratchet_map_key.dart';
import 'package:omemo_dart/src/protobuf/omemo_authenticated_message.dart';
import 'package:omemo_dart/src/protobuf/omemo_key_exchange.dart';
import 'package:omemo_dart/src/protobuf/omemo_message.dart';
import 'package:omemo_dart/src/trust/base.dart';
import 'package:omemo_dart/src/x3dh/x3dh.dart';
import 'package:synchronized/synchronized.dart';
@Deprecated('Use OmemoManager instead')
class OmemoSessionManager {
@Deprecated('Use OmemoManager instead')
OmemoSessionManager(this._device, this._deviceMap, this._ratchetMap, this._trustManager)
: _lock = Lock(),
_deviceLock = Lock(),
_eventStreamController = StreamController<OmemoEvent>.broadcast(),
_log = Logger('OmemoSessionManager');
/// Deserialise the OmemoSessionManager from JSON data [data] that does not contain
/// the ratchet sessions.
@Deprecated('Use OmemoManager instead')
factory OmemoSessionManager.fromJsonWithoutSessions(
Map<String, dynamic> data,
Map<RatchetMapKey, OmemoDoubleRatchet> ratchetMap,
TrustManager trustManager,
) {
// NOTE: Dart has some issues with just casting a List<dynamic> to List<Map<...>>, as
// such we need to convert the items by hand.
return OmemoSessionManager(
OmemoDevice.fromJson(data['device']! as Map<String, dynamic>),
(data['devices']! as Map<String, dynamic>).map<String, List<int>>(
(key, value) {
return MapEntry(
key,
(value as List<dynamic>).map<int>((i) => i as int).toList(),
);
}
),
ratchetMap,
trustManager,
);
}
/// Generate a new cryptographic identity.
static Future<OmemoSessionManager> generateNewIdentity(String jid, TrustManager trustManager, { int opkAmount = 100 }) async {
assert(opkAmount > 0, 'opkAmount must be bigger than 0.');
final device = await OmemoDevice.generateNewDevice(jid, opkAmount: opkAmount);
return OmemoSessionManager(device, {}, {}, trustManager);
}
/// Logging
Logger _log;
/// Lock for _ratchetMap and _bundleMap
final Lock _lock;
/// Mapping of the Device Id to its OMEMO session
final Map<RatchetMapKey, OmemoDoubleRatchet> _ratchetMap;
/// Mapping of a bare Jid to its Device Ids
final Map<String, List<int>> _deviceMap;
/// The event bus of the session manager
final StreamController<OmemoEvent> _eventStreamController;
/// Our own keys...
// ignore: prefer_final_fields
OmemoDevice _device;
/// and its lock
final Lock _deviceLock;
/// The trust manager
final TrustManager _trustManager;
TrustManager get trustManager => _trustManager;
/// A stream that receives events regarding the session
Stream<OmemoEvent> get eventStream => _eventStreamController.stream;
/// Returns our own device.
Future<OmemoDevice> getDevice() async {
return _deviceLock.synchronized(() => _device);
}
/// Returns the id attribute of our own device. This is just a short-hand for
/// ```await (session.getDevice()).id```.
Future<int> getDeviceId() async {
return _deviceLock.synchronized(() => _device.id);
}
/// Returns the device as an OmemoBundle. This is just a short-hand for
/// ```await (await session.getDevice()).toBundle()```.
Future<OmemoBundle> getDeviceBundle() async {
return _deviceLock.synchronized(() async => _device.toBundle());
}
/// Add a session [ratchet] with the [deviceId] to the internal tracking state.
Future<void> _addSession(String jid, int deviceId, OmemoDoubleRatchet ratchet) async {
await _lock.synchronized(() async {
// Add the bundle Id
if (!_deviceMap.containsKey(jid)) {
_deviceMap[jid] = [deviceId];
// Commit the device map
_eventStreamController.add(DeviceListModifiedEvent(_deviceMap));
} else {
// Prevent having the same device multiple times in the list
if (!_deviceMap[jid]!.contains(deviceId)) {
_deviceMap[jid]!.add(deviceId);
// Commit the device map
_eventStreamController.add(DeviceListModifiedEvent(_deviceMap));
}
}
// Add the ratchet session
final key = RatchetMapKey(jid, deviceId);
_ratchetMap[key] = ratchet;
// Commit the ratchet
_eventStreamController.add(RatchetModifiedEvent(jid, deviceId, ratchet, true, false));
});
}
/// Create a ratchet session initiated by Alice to the user with Jid [jid] and the device
/// [deviceId] from the bundle [bundle].
@visibleForTesting
Future<OmemoKeyExchange> addSessionFromBundle(String jid, int deviceId, OmemoBundle bundle) async {
final device = await getDevice();
final kexResult = await x3dhFromBundle(
bundle,
device.ik,
);
final ratchet = await OmemoDoubleRatchet.initiateNewSession(
bundle.spk,
bundle.ik,
kexResult.sk,
kexResult.ad,
getTimestamp(),
);
await _trustManager.onNewSession(jid, deviceId);
await _addSession(jid, deviceId, ratchet);
return OmemoKeyExchange()
..pkId = kexResult.opkId
..spkId = bundle.spkId
..ik = await device.ik.pk.getBytes()
..ek = await kexResult.ek.pk.getBytes();
}
/// Build a new session with the user at [jid] with the device [deviceId] using data
/// from the key exchange [kex]. In case [kex] contains an unknown Signed Prekey
/// identifier an UnknownSignedPrekeyException will be thrown.
Future<OmemoDoubleRatchet> _addSessionFromKeyExchange(String jid, int deviceId, OmemoKeyExchange kex) async {
// Pick the correct SPK
final device = await getDevice();
final spk = await _lock.synchronized(() async {
if (kex.spkId == _device.spkId) {
return _device.spk;
} else if (kex.spkId == _device.oldSpkId) {
return _device.oldSpk;
}
return null;
});
if (spk == null) {
throw UnknownSignedPrekeyException();
}
final kexResult = await x3dhFromInitialMessage(
X3DHMessage(
OmemoPublicKey.fromBytes(kex.ik!, KeyPairType.ed25519),
OmemoPublicKey.fromBytes(kex.ek!, KeyPairType.x25519),
kex.pkId!,
),
spk,
device.opks.values.elementAt(kex.pkId!),
device.ik,
);
final ratchet = await OmemoDoubleRatchet.acceptNewSession(
spk,
OmemoPublicKey.fromBytes(kex.ik!, KeyPairType.ed25519),
kexResult.sk,
kexResult.ad,
getTimestamp(),
);
return ratchet;
}
/// Like [encryptToJids] but only for one Jid [jid].
Future<EncryptionResult> encryptToJid(String jid, String? plaintext, { List<OmemoBundle>? newSessions }) {
return encryptToJids([jid], plaintext, newSessions: newSessions);
}
/// Encrypt the key [plaintext] for all known bundles of the Jids in [jids]. Returns a
/// map that maps the device Id to the ciphertext of [plaintext].
///
/// If [plaintext] is null, then the result will be an empty OMEMO message, i.e. one that
/// does not contain a <payload /> element. This means that the ciphertext attribute of
/// the result will be null as well.
Future<EncryptionResult> encryptToJids(List<String> jids, String? plaintext, { List<OmemoBundle>? newSessions }) async {
final encryptedKeys = List<EncryptedKey>.empty(growable: true);
var ciphertext = const <int>[];
var keyPayload = const <int>[];
if (plaintext != null) {
// Generate the key and encrypt the plaintext
final key = generateRandomBytes(32);
final keys = await deriveEncryptionKeys(key, omemoPayloadInfoString);
ciphertext = await aes256CbcEncrypt(
utf8.encode(plaintext),
keys.encryptionKey,
keys.iv,
);
final hmac = await truncatedHmac(ciphertext, keys.authenticationKey);
keyPayload = concat([key, hmac]);
} else {
keyPayload = List<int>.filled(32, 0x0);
}
final kex = <int, OmemoKeyExchange>{};
if (newSessions != null) {
for (final newSession in newSessions) {
kex[newSession.id] = await addSessionFromBundle(
newSession.jid,
newSession.id,
newSession,
);
}
}
await _lock.synchronized(() async {
// We assume that the user already checked if the session exists
for (final jid in jids) {
for (final deviceId in _deviceMap[jid]!) {
// Empty OMEMO messages are allowed to bypass trust
if (plaintext != null) {
// Only encrypt to devices that are trusted
if (!(await _trustManager.isTrusted(jid, deviceId))) continue;
// Onyl encrypt to devices that are enabled
if (!(await _trustManager.isEnabled(jid, deviceId))) continue;
}
final ratchetKey = RatchetMapKey(jid, deviceId);
var ratchet = _ratchetMap[ratchetKey]!;
final ciphertext = (await ratchet.ratchetEncrypt(keyPayload)).ciphertext;
if (kex.isNotEmpty && kex.containsKey(deviceId)) {
// The ratchet did not exist
final k = kex[deviceId]!
..message = OmemoAuthenticatedMessage.fromBuffer(ciphertext);
final buffer = base64.encode(k.writeToBuffer());
encryptedKeys.add(
EncryptedKey(
jid,
deviceId,
buffer,
true,
),
);
ratchet = ratchet.cloneWithKex(buffer);
_ratchetMap[ratchetKey] = ratchet;
} else if (!ratchet.acknowledged) {
// The ratchet exists but is not acked
if (ratchet.kex != null) {
final oldKex = OmemoKeyExchange.fromBuffer(base64.decode(ratchet.kex!))
..message = OmemoAuthenticatedMessage.fromBuffer(ciphertext);
encryptedKeys.add(
EncryptedKey(
jid,
deviceId,
base64.encode(oldKex.writeToBuffer()),
true,
),
);
} else {
// The ratchet is not acked but we don't have the old key exchange
_log.warning('Ratchet for $jid:$deviceId is not acked but the kex attribute is null');
encryptedKeys.add(
EncryptedKey(
jid,
deviceId,
base64.encode(ciphertext),
false,
),
);
}
} else {
// The ratchet exists and is acked
encryptedKeys.add(
EncryptedKey(
jid,
deviceId,
base64.encode(ciphertext),
false,
),
);
}
// Commit the ratchet
_eventStreamController.add(RatchetModifiedEvent(jid, deviceId, ratchet, false, false));
}
}
});
return EncryptionResult(
plaintext != null ? ciphertext : null,
encryptedKeys,
const <RatchetMapKey, OmemoException>{},
const <String, OmemoException>{},
);
}
/// In case a decryption error occurs, the Double Ratchet spec says to just restore
/// the ratchet to its old state. As such, this function restores the ratchet at
/// [mapKey] with [oldRatchet].
Future<void> _restoreRatchet(RatchetMapKey mapKey, OmemoDoubleRatchet oldRatchet) async {
await _lock.synchronized(() {
_log.finest('Restoring ratchet ${mapKey.jid}:${mapKey.deviceId} to ${oldRatchet.nr}');
_ratchetMap[mapKey] = oldRatchet;
// Commit the ratchet
_eventStreamController.add(
RatchetModifiedEvent(
mapKey.jid,
mapKey.deviceId,
oldRatchet,
false,
false,
),
);
});
}
Future<String?> _decryptAndVerifyHmac(List<int>? ciphertext, List<int> keyAndHmac) async {
// Empty OMEMO messages should just have the key decrypted and/or session set up.
if (ciphertext == null) {
return null;
}
final key = keyAndHmac.sublist(0, 32);
final hmac = keyAndHmac.sublist(32, 48);
final derivedKeys = await deriveEncryptionKeys(key, omemoPayloadInfoString);
final computedHmac = await truncatedHmac(ciphertext, derivedKeys.authenticationKey);
if (!listsEqual(hmac, computedHmac)) {
throw InvalidMessageHMACException();
}
return utf8.decode(
await aes256CbcDecrypt(ciphertext, derivedKeys.encryptionKey, derivedKeys.iv),
);
}
/// Attempt to decrypt [ciphertext]. [keys] refers to the <key /> elements inside the
/// <keys /> element with a "jid" attribute matching our own. [senderJid] refers to the
/// bare Jid of the sender. [senderDeviceId] refers to the "sid" attribute of the
/// <encrypted /> element.
/// [timestamp] refers to the time the message was sent. This might be either what the
/// server tells you via "XEP-0203: Delayed Delivery" or the point in time at which
/// you received the stanza, if no Delayed Delivery element was found.
///
/// If the received message is an empty OMEMO message, i.e. there is no <payload />
/// element, then [ciphertext] must be set to null. In this case, this function
/// will return null as there is no message to be decrypted. This, however, is used
/// to set up sessions or advance the ratchets.
Future<String?> decryptMessage(List<int>? ciphertext, String senderJid, int senderDeviceId, List<EncryptedKey> keys, int timestamp) async {
// Try to find a session we can decrypt with.
var device = await getDevice();
final rawKey = keys.firstWhereOrNull((key) => key.rid == device.id);
if (rawKey == null) {
throw NotEncryptedForDeviceException();
}
final ratchetKey = RatchetMapKey(senderJid, senderDeviceId);
final decodedRawKey = base64.decode(rawKey.value);
List<int>? keyAndHmac;
OmemoAuthenticatedMessage authMessage;
OmemoDoubleRatchet? oldRatchet;
OmemoMessage? message;
if (rawKey.kex) {
// If the ratchet already existed, we store it. If it didn't, oldRatchet will stay
// null.
final oldRatchet = (await _getRatchet(ratchetKey))?.clone();
final kex = OmemoKeyExchange.fromBuffer(decodedRawKey);
authMessage = kex.message!;
message = OmemoMessage.fromBuffer(authMessage.message!);
// Guard against old key exchanges
if (oldRatchet != null) {
_log.finest('KEX for existent ratchet. ${oldRatchet.pn}');
if (oldRatchet.kexTimestamp > timestamp) {
throw InvalidKeyExchangeException();
}
// Try to decrypt it
try {
final decrypted = await oldRatchet.ratchetDecrypt(message, authMessage.writeToBuffer());
// Commit the ratchet
_eventStreamController.add(
RatchetModifiedEvent(
senderJid,
senderDeviceId,
oldRatchet,
false,
false,
),
);
final plaintext = await _decryptAndVerifyHmac(
ciphertext,
decrypted,
);
await _addSession(senderJid, senderDeviceId, oldRatchet);
return plaintext;
} catch (_) {
_log.finest('Failed to use old ratchet with KEX for existing ratchet');
}
}
final r = await _addSessionFromKeyExchange(senderJid, senderDeviceId, kex);
await _trustManager.onNewSession(senderJid, senderDeviceId);
await _addSession(senderJid, senderDeviceId, r);
// Replace the OPK
// TODO(PapaTutuWawa): Replace the OPK when we know that the KEX worked
await _deviceLock.synchronized(() async {
device = await device.replaceOnetimePrekey(kex.pkId!);
// Commit the device
_eventStreamController.add(DeviceModifiedEvent(device));
});
} else {
authMessage = OmemoAuthenticatedMessage.fromBuffer(decodedRawKey);
message = OmemoMessage.fromBuffer(authMessage.message!);
}
final devices = _deviceMap[senderJid];
if (devices == null) {
throw NoDecryptionKeyException();
}
if (!devices.contains(senderDeviceId)) {
throw NoDecryptionKeyException();
}
// We can guarantee that the ratchet exists at this point in time
final ratchet = (await _getRatchet(ratchetKey))!;
oldRatchet ??= ratchet.clone();
try {
if (rawKey.kex) {
keyAndHmac = await ratchet.ratchetDecrypt(message, authMessage.writeToBuffer());
} else {
keyAndHmac = await ratchet.ratchetDecrypt(message, decodedRawKey);
}
} catch (_) {
await _restoreRatchet(ratchetKey, oldRatchet);
rethrow;
}
// Commit the ratchet
_eventStreamController.add(
RatchetModifiedEvent(
senderJid,
senderDeviceId,
ratchet,
false,
false,
),
);
try {
return _decryptAndVerifyHmac(ciphertext, keyAndHmac);
} catch (_) {
await _restoreRatchet(ratchetKey, oldRatchet);
rethrow;
}
}
/// Returns the list of hex-encoded fingerprints we have for sessions with [jid].
Future<List<DeviceFingerprint>> getHexFingerprintsForJid(String jid) async {
final fingerprints = List<DeviceFingerprint>.empty(growable: true);
await _lock.synchronized(() async {
// Get devices for jid
final devices = _deviceMap[jid] ?? [];
for (final deviceId in devices) {
final ratchet = _ratchetMap[RatchetMapKey(jid, deviceId)]!;
fingerprints.add(
DeviceFingerprint(
deviceId,
HEX.encode(await ratchet.ik.getBytes()),
),
);
}
});
return fingerprints;
}
/// Returns the hex-encoded fingerprint of the current device.
Future<DeviceFingerprint> getHexFingerprintForDevice() async {
final device = await getDevice();
return DeviceFingerprint(
device.id,
HEX.encode(await device.ik.pk.getBytes()),
);
}
/// Replaces the Signed Prekey and its signature in our own device bundle. Triggers
/// a DeviceModifiedEvent when done.
/// See https://xmpp.org/extensions/xep-0384.html#protocol-key_exchange under the point
/// "signed PreKey rotation period" for recommendations.
Future<void> rotateSignedPrekey() async {
await _deviceLock.synchronized(() async {
_device = await _device.replaceSignedPrekey();
// Commit the new device
_eventStreamController.add(DeviceModifiedEvent(_device));
});
}
/// Returns the device map, i.e. the mapping of bare Jid to its device identifiers
/// we have built sessions with.
Future<Map<String, List<int>>> getDeviceMap() async {
return _lock.synchronized(() => _deviceMap);
}
/// Removes the ratchet identified by [jid] and [deviceId] from the session manager.
/// Also triggers events for commiting the new device map to storage and removing
/// the old ratchet.
Future<void> removeRatchet(String jid, int deviceId) async {
await _lock.synchronized(() async {
// Remove the ratchet
_ratchetMap.remove(RatchetMapKey(jid, deviceId));
// Commit it
_eventStreamController.add(RatchetRemovedEvent(jid, deviceId));
// Remove the device from jid
_deviceMap[jid]!.remove(deviceId);
if (_deviceMap[jid]!.isEmpty) {
_deviceMap.remove(jid);
}
// Commit it
_eventStreamController.add(DeviceListModifiedEvent(_deviceMap));
});
}
/// Removes all ratchets for Jid [jid]. Triggers a DeviceMapModified event at the end and an
/// RatchetRemovedEvent for each ratchet.
Future<void> removeAllRatchets(String jid) async {
await _lock.synchronized(() async {
for (final deviceId in _deviceMap[jid]!) {
// Remove the ratchet
_ratchetMap.remove(RatchetMapKey(jid, deviceId));
// Commit it
_eventStreamController.add(RatchetRemovedEvent(jid, deviceId));
}
// Remove the device from jid
_deviceMap.remove(jid);
// Commit it
_eventStreamController.add(DeviceListModifiedEvent(_deviceMap));
});
}
/// Returns the list of device identifiers belonging to [jid] that are yet unacked, i.e.
/// we have not yet received an empty OMEMO message from.
Future<List<int>?> getUnacknowledgedRatchets(String jid) async {
return _lock.synchronized(() async {
final ret = List<int>.empty(growable: true);
final devices = _deviceMap[jid];
if (devices == null) return null;
for (final device in devices) {
final ratchet = _ratchetMap[RatchetMapKey(jid, device)]!;
if (!ratchet.acknowledged) ret.add(device);
}
return ret;
});
}
/// Returns true if the ratchet for [jid] with device identifier [deviceId] is
/// acknowledged. Returns false if not.
Future<bool> isRatchetAcknowledged(String jid, int deviceId) async {
return _lock.synchronized(() => _ratchetMap[RatchetMapKey(jid, deviceId)]!.acknowledged);
}
/// Mark the ratchet for device [deviceId] from [jid] as acked.
Future<void> ratchetAcknowledged(String jid, int deviceId) async {
await _lock.synchronized(() async {
final ratchet = _ratchetMap[RatchetMapKey(jid, deviceId)]!
..acknowledged = true;
// Commit it
_eventStreamController.add(RatchetModifiedEvent(jid, deviceId, ratchet, false, false));
});
}
/// Generates an entirely new device. May be useful when the user wants to reset their cryptographic
/// identity. Triggers an event to commit it to storage.
Future<void> regenerateDevice({ int opkAmount = 100 }) async {
await _deviceLock.synchronized(() async {
_device = await OmemoDevice.generateNewDevice(_device.jid, opkAmount: opkAmount);
// Commit it
_eventStreamController.add(DeviceModifiedEvent(_device));
});
}
/// Make our device have a new identifier. Only useful before publishing it as a bundle
/// to make sure that our device has a id that is account unique.
Future<void> regenerateDeviceId() async {
await _deviceLock.synchronized(() async {
_device = _device.withNewId();
// Commit it
_eventStreamController.add(DeviceModifiedEvent(_device));
});
}
Future<OmemoDoubleRatchet?> _getRatchet(RatchetMapKey key) async {
return _lock.synchronized(() async {
return _ratchetMap[key];
});
}
@visibleForTesting
OmemoDoubleRatchet getRatchet(String jid, int deviceId) => _ratchetMap[RatchetMapKey(jid, deviceId)]!;
@visibleForTesting
Map<RatchetMapKey, OmemoDoubleRatchet> getRatchetMap() => _ratchetMap;
/// Serialise the entire session manager into a JSON object.
Future<Map<String, dynamic>> toJsonWithoutSessions() async {
/*
{
'devices': {
'alice@...': [1, 2, ...],
'bob@...': [1],
...
},
'device': { ... },
}
*/
return {
'devices': _deviceMap,
'device': await (await getDevice()).toJson(),
};
}
}

1
lib/src/protobuf/omemo_authenticated_message.dart
View File

@ -2,6 +2,7 @@ import 'package:omemo_dart/src/helpers.dart';
import 'package:omemo_dart/src/protobuf/protobuf.dart';
class OmemoAuthenticatedMessage {
OmemoAuthenticatedMessage();
factory OmemoAuthenticatedMessage.fromBuffer(List<int> data) {

1
lib/src/protobuf/omemo_message.dart
View File

@ -2,6 +2,7 @@ import 'package:omemo_dart/src/helpers.dart';
import 'package:omemo_dart/src/protobuf/protobuf.dart';
class OmemoMessage {
OmemoMessage();
factory OmemoMessage.fromBuffer(List<int> data) {

1
lib/src/protobuf/protobuf.dart
View File

@ -13,6 +13,7 @@ int fieldId(int number, int type) {
}
class VarintDecode {
const VarintDecode(this.n, this.length);
final int n;
final int length;

53
lib/src/trust/btbv.dart
View File

@ -15,25 +15,18 @@ enum BTBVTrustState {
int _trustToInt(BTBVTrustState state) {
switch (state) {
case BTBVTrustState.notTrusted:
return 1;
case BTBVTrustState.blindTrust:
return 2;
case BTBVTrustState.verified:
return 3;
case BTBVTrustState.notTrusted: return 1;
case BTBVTrustState.blindTrust: return 2;
case BTBVTrustState.verified: return 3;
}
}
BTBVTrustState _trustFromInt(int i) {
switch (i) {
case 1:
return BTBVTrustState.notTrusted;
case 2:
return BTBVTrustState.blindTrust;
case 3:
return BTBVTrustState.verified;
default:
return BTBVTrustState.notTrusted;
case 1: return BTBVTrustState.notTrusted;
case 2: return BTBVTrustState.blindTrust;
case 3: return BTBVTrustState.verified;
default: return BTBVTrustState.notTrusted;
}
}
@ -146,11 +139,7 @@ abstract class BlindTrustBeforeVerificationTrustManager extends TrustManager {
}
/// Sets the trust of [jid]'s device with identifier [deviceId] to [state].
Future<void> setDeviceTrust(
String jid,
int deviceId,
BTBVTrustState state,
) async {
Future<void> setDeviceTrust(String jid, int deviceId, BTBVTrustState state) async {
await _lock.synchronized(() async {
trustCache[RatchetMapKey(jid, deviceId)] = state;
@ -183,14 +172,10 @@ abstract class BlindTrustBeforeVerificationTrustManager extends TrustManager {
Future<Map<String, dynamic>> toJson() async {
return {
'devices': devices,
'trust': trustCache.map(
(key, value) => MapEntry(
key.toJsonKey(),
_trustToInt(value),
),
),
'enable':
enablementCache.map((key, value) => MapEntry(key.toJsonKey(), value)),
'trust': trustCache.map((key, value) => MapEntry(
key.toJsonKey(), _trustToInt(value),
),),
'enable': enablementCache.map((key, value) => MapEntry(key.toJsonKey(), value)),
};
}
@ -207,11 +192,8 @@ abstract class BlindTrustBeforeVerificationTrustManager extends TrustManager {
/// From a serialized version of a BTBV trust manager, extract the trust cache.
/// NOTE: This is needed as Dart cannot just cast a List<dynamic> to List<int> and so on.
static Map<RatchetMapKey, BTBVTrustState> trustCacheFromJson(
Map<String, dynamic> json,
) {
return (json['trust']! as Map<String, dynamic>)
.map<RatchetMapKey, BTBVTrustState>(
static Map<RatchetMapKey, BTBVTrustState> trustCacheFromJson(Map<String, dynamic> json) {
return (json['trust']! as Map<String, dynamic>).map<RatchetMapKey, BTBVTrustState>(
(key, value) => MapEntry(
RatchetMapKey.fromJsonKey(key),
_trustFromInt(value as int),
@ -221,9 +203,7 @@ abstract class BlindTrustBeforeVerificationTrustManager extends TrustManager {
/// From a serialized version of a BTBV trust manager, extract the enable cache.
/// NOTE: This is needed as Dart cannot just cast a List<dynamic> to List<int> and so on.
static Map<RatchetMapKey, bool> enableCacheFromJson(
Map<String, dynamic> json,
) {
static Map<RatchetMapKey, bool> enableCacheFromJson(Map<String, dynamic> json) {
return (json['enable']! as Map<String, dynamic>).map<RatchetMapKey, bool>(
(key, value) => MapEntry(
RatchetMapKey.fromJsonKey(key),
@ -246,8 +226,7 @@ abstract class BlindTrustBeforeVerificationTrustManager extends TrustManager {
Future<void> commitState();
@visibleForTesting
BTBVTrustState getDeviceTrust(String jid, int deviceId) =>
trustCache[RatchetMapKey(jid, deviceId)]!;
BTBVTrustState getDeviceTrust(String jid, int deviceId) => trustCache[RatchetMapKey(jid, deviceId)]!;
}
/// A BTBV TrustManager that does not commit its state to persistent storage. Well suited

20
lib/src/x3dh/x3dh.dart
View File

@ -12,6 +12,7 @@ const omemoX3DHInfoString = 'OMEMO X3DH';
/// Performed by Alice
class X3DHAliceResult {
const X3DHAliceResult(this.ek, this.sk, this.opkId, this.ad);
final OmemoKeyPair ek;
final List<int> sk;
@ -21,6 +22,7 @@ class X3DHAliceResult {
/// Received by Bob
class X3DHMessage {
const X3DHMessage(this.ik, this.ek, this.opkId);
final OmemoPublicKey ik;
final OmemoPublicKey ek;
@ -28,6 +30,7 @@ class X3DHMessage {
}
class X3DHBobResult {
const X3DHBobResult(this.sk, this.ad);
final List<int> sk;
final List<int> ad;
@ -36,10 +39,7 @@ class X3DHBobResult {
/// Sign [message] using the keypair [keyPair]. Note that [keyPair] must be
/// a Ed25519 keypair.
Future<List<int>> sig(OmemoKeyPair keyPair, List<int> message) async {
assert(
keyPair.type == KeyPairType.ed25519,
'Signature keypair must be Ed25519',
);
assert(keyPair.type == KeyPairType.ed25519, 'Signature keypair must be Ed25519');
final signature = await Ed25519().sign(
message,
keyPair: await keyPair.asKeyPair(),
@ -70,10 +70,7 @@ Future<List<int>> kdf(List<int> km) async {
/// Alice builds a session with Bob using his bundle [bundle] and Alice's identity key
/// pair [ik].
Future<X3DHAliceResult> x3dhFromBundle(
OmemoBundle bundle,
OmemoKeyPair ik,
) async {
Future<X3DHAliceResult> x3dhFromBundle(OmemoBundle bundle, OmemoKeyPair ik) async {
// Check the signature first
final signatureValue = await Ed25519().verify(
await bundle.spk.getBytes(),
@ -111,12 +108,7 @@ Future<X3DHAliceResult> x3dhFromBundle(
/// Bob builds the X3DH shared secret from the inital message [msg], the SPK [spk], the
/// OPK [opk] that was selected by Alice and our IK [ik]. Returns the shared secret.
Future<X3DHBobResult> x3dhFromInitialMessage(
X3DHMessage msg,
OmemoKeyPair spk,
OmemoKeyPair opk,
OmemoKeyPair ik,
) async {
Future<X3DHBobResult> x3dhFromInitialMessage(X3DHMessage msg, OmemoKeyPair spk, OmemoKeyPair opk, OmemoKeyPair ik) async {
final dh1 = await omemoDH(spk, msg.ik, 2);
final dh2 = await omemoDH(ik, msg.ek, 1);
final dh3 = await omemoDH(spk, msg.ek, 0);

7
test/double_ratchet_test.dart
View File

@ -76,6 +76,7 @@ void main() {
print('X3DH key exchange done');
// Alice and Bob now share sk as a common secret and ad
// Build a session
final alicesRatchet = await OmemoDoubleRatchet.initiateNewSession(
@ -100,8 +101,7 @@ void main() {
if (i.isEven) {
// Alice encrypts a message
final aliceRatchetResult =
await alicesRatchet.ratchetEncrypt(utf8.encode(messageText));
final aliceRatchetResult = await alicesRatchet.ratchetEncrypt(utf8.encode(messageText));
print('Alice sent the message');
// Alice sends it to Bob
@ -117,8 +117,7 @@ void main() {
expect(utf8.encode(messageText), bobRatchetResult);
} else {
// Bob sends a message to Alice
final bobRatchetResult =
await bobsRatchet.ratchetEncrypt(utf8.encode(messageText));
final bobRatchetResult = await bobsRatchet.ratchetEncrypt(utf8.encode(messageText));
print('Bob sent the message');
// Bobs sends it to Alice

44
test/omemo_test.dart
View File

@ -35,9 +35,9 @@ void main() {
expect(await device.ik.equals(newDevice.ik), true);
expect(await device.spk.equals(newDevice.spk), true);
final oldSpkMatch = device.oldSpk != null
? await device.oldSpk!.equals(newDevice.oldSpk!)
: newDevice.oldSpk == null;
final oldSpkMatch = device.oldSpk != null ?
await device.oldSpk!.equals(newDevice.oldSpk!) :
newDevice.oldSpk == null;
expect(oldSpkMatch, true);
expect(listsEqual(device.spkSignature, newDevice.spkSignature), true);
});
@ -107,10 +107,8 @@ void main() {
);
// Ratchets are acked
await aliceSession.ratchetAcknowledged(
bobJid, await bobSession.getDeviceId());
await bobSession.ratchetAcknowledged(
aliceJid, await aliceSession.getDeviceId());
await aliceSession.ratchetAcknowledged(bobJid, await bobSession.getDeviceId());
await bobSession.ratchetAcknowledged(aliceJid, await aliceSession.getDeviceId());
// Bob responds to Alice
const bobResponseText = 'Oh, hello Alice!';
@ -133,8 +131,7 @@ void main() {
expect(bobResponseText, aliceReceivedMessage);
});
test('Test using OMEMO sessions with only two devices for the receiver',
() async {
test('Test using OMEMO sessions with only two devices for the receiver', () async {
const aliceJid = 'alice@server.example';
const bobJid = 'bob@other.server.example';
@ -184,10 +181,8 @@ void main() {
expect(messagePlaintext, bobMessage);
// Ratchets are acked
await aliceSession.ratchetAcknowledged(
bobJid, await bobSession.getDeviceId());
await bobSession.ratchetAcknowledged(
aliceJid, await aliceSession.getDeviceId());
await aliceSession.ratchetAcknowledged(bobJid, await bobSession.getDeviceId());
await bobSession.ratchetAcknowledged(aliceJid, await aliceSession.getDeviceId());
// Bob responds to Alice
const bobResponseText = 'Oh, hello Alice!';
@ -462,10 +457,8 @@ void main() {
);
// Ratchets are acked
await aliceSession.ratchetAcknowledged(
bobJid, await bobSession.getDeviceId());
await bobSession.ratchetAcknowledged(
aliceJid, await aliceSession.getDeviceId());
await aliceSession.ratchetAcknowledged(bobJid, await bobSession.getDeviceId());
await bobSession.ratchetAcknowledged(aliceJid, await aliceSession.getDeviceId());
for (var i = 0; i < 100; i++) {
final messageText = 'Test Message #$i';
@ -604,8 +597,7 @@ void main() {
// ...
// Alice marks the ratchet as acknowledged
await aliceSession.ratchetAcknowledged(
bobJid, await bobSession.getDeviceId());
await aliceSession.ratchetAcknowledged(bobJid, await bobSession.getDeviceId());
expect(
(await aliceSession.getUnacknowledgedRatchets(bobJid))!.isEmpty,
true,
@ -734,6 +726,7 @@ void main() {
msg2.encryptedKeys,
getTimestamp(),
);
});
test('Test receiving old messages including a KEX', () async {
@ -775,10 +768,8 @@ void main() {
);
// Ratchets are acked
await aliceSession.ratchetAcknowledged(
bobJid, await bobSession.getDeviceId());
await bobSession.ratchetAcknowledged(
aliceJid, await aliceSession.getDeviceId());
await aliceSession.ratchetAcknowledged(bobJid, await bobSession.getDeviceId());
await bobSession.ratchetAcknowledged(aliceJid, await aliceSession.getDeviceId());
// Bob responds
final msg2 = await bobSession.encryptToJid(
@ -847,6 +838,7 @@ void main() {
expect(errorCounter, 100);
expect(await ratchetPreError.equals(ratchetPostError), true);
final msg3 = await aliceSession.encryptToJid(
bobJid,
'Are you okay?',
@ -911,10 +903,8 @@ void main() {
);
// Now the acks reach us
await aliceSession.ratchetAcknowledged(
bobJid, await bobSession.getDeviceId());
await bobSession.ratchetAcknowledged(
aliceJid, await aliceSession.getDeviceId());
await aliceSession.ratchetAcknowledged(bobJid, await bobSession.getDeviceId());
await bobSession.ratchetAcknowledged(aliceJid, await aliceSession.getDeviceId());
// Alice sends another message
final msg3 = await aliceSession.encryptToJid(

179
test/omemomanager_test.dart
View File

@ -5,15 +5,6 @@ import 'package:omemo_dart/src/protobuf/omemo_key_exchange.dart';
import 'package:omemo_dart/src/trust/always.dart';
import 'package:test/test.dart';
class TestingTrustManager extends AlwaysTrustingTrustManager {
final Map<String, int> devices = {};
@override
Future<void> onNewSession(String jid, int deviceId) async {
devices[jid] = deviceId;
}
}
void main() {
Logger.root
..level = Level.ALL
@ -28,8 +19,7 @@ void main() {
var aliceEmptyMessageSent = 0;
var bobEmptyMessageSent = 0;
final aliceDevice =
await OmemoDevice.generateNewDevice(aliceJid, opkAmount: 1);
final aliceDevice = await OmemoDevice.generateNewDevice(aliceJid, opkAmount: 1);
final bobDevice = await OmemoDevice.generateNewDevice(bobJid, opkAmount: 1);
final aliceManager = OmemoManager(
@ -124,8 +114,7 @@ void main() {
var aliceEmptyMessageSent = 0;
var bobEmptyMessageSent = 0;
final aliceDevice =
await OmemoDevice.generateNewDevice(aliceJid, opkAmount: 1);
final aliceDevice = await OmemoDevice.generateNewDevice(aliceJid, opkAmount: 1);
final bobDevice = await OmemoDevice.generateNewDevice(bobJid, opkAmount: 1);
final aliceManager = OmemoManager(
@ -237,8 +226,7 @@ void main() {
test('Test accessing data without it existing', () async {
const aliceJid = 'alice@server1';
const bobJid = 'bob@server2';
final aliceDevice =
await OmemoDevice.generateNewDevice(aliceJid, opkAmount: 1);
final aliceDevice = await OmemoDevice.generateNewDevice(aliceJid, opkAmount: 1);
final aliceManager = OmemoManager(
aliceDevice,
@ -267,12 +255,9 @@ void main() {
const bobJid = 'bob@server2';
var oldDevice = true;
final aliceDevice =
await OmemoDevice.generateNewDevice(aliceJid, opkAmount: 1);
final bobOldDevice =
await OmemoDevice.generateNewDevice(bobJid, opkAmount: 1);
final bobCurrentDevice =
await OmemoDevice.generateNewDevice(bobJid, opkAmount: 1);
final aliceDevice = await OmemoDevice.generateNewDevice(aliceJid, opkAmount: 1);
final bobOldDevice = await OmemoDevice.generateNewDevice(bobJid, opkAmount: 1);
final bobCurrentDevice = await OmemoDevice.generateNewDevice(bobJid, opkAmount: 1);
final aliceManager = OmemoManager(
aliceDevice,
@ -281,13 +266,15 @@ void main() {
(jid) async {
expect(jid, bobJid);
return oldDevice ? [bobOldDevice.id] : [bobCurrentDevice.id];
return oldDevice ?
[ bobOldDevice.id ] :
[ bobCurrentDevice.id ];
},
(jid, id) async {
expect(jid, bobJid);
return oldDevice
? bobOldDevice.toBundle()
: bobCurrentDevice.toBundle();
return oldDevice ?
bobOldDevice.toBundle() :
bobCurrentDevice.toBundle();
},
(jid) async {},
);
@ -352,12 +339,9 @@ void main() {
const bobJid = 'bob@server2';
var bothDevices = false;
final aliceDevice =
await OmemoDevice.generateNewDevice(aliceJid, opkAmount: 1);
final bobDevice1 =
await OmemoDevice.generateNewDevice(bobJid, opkAmount: 1);
final bobDevice2 =
await OmemoDevice.generateNewDevice(bobJid, opkAmount: 1);
final aliceDevice = await OmemoDevice.generateNewDevice(aliceJid, opkAmount: 1);
final bobDevice1 = await OmemoDevice.generateNewDevice(bobJid, opkAmount: 1);
final bobDevice2 = await OmemoDevice.generateNewDevice(bobJid, opkAmount: 1);
final aliceManager = OmemoManager(
aliceDevice,
@ -368,7 +352,9 @@ void main() {
return [
bobDevice1.id,
if (bothDevices) bobDevice2.id,
if (bothDevices)
bobDevice2.id,
];
},
(jid, id) async {
@ -461,12 +447,9 @@ void main() {
const bobJid = 'bob@server2';
var bothDevices = false;
final aliceDevice =
await OmemoDevice.generateNewDevice(aliceJid, opkAmount: 1);
final bobDevice1 =
await OmemoDevice.generateNewDevice(bobJid, opkAmount: 1);
final bobDevice2 =
await OmemoDevice.generateNewDevice(bobJid, opkAmount: 1);
final aliceDevice = await OmemoDevice.generateNewDevice(aliceJid, opkAmount: 1);
final bobDevice1 = await OmemoDevice.generateNewDevice(bobJid, opkAmount: 1);
final bobDevice2 = await OmemoDevice.generateNewDevice(bobJid, opkAmount: 1);
final aliceManager = OmemoManager(
aliceDevice,
@ -477,7 +460,9 @@ void main() {
return [
bobDevice1.id,
if (bothDevices) bobDevice2.id,
if (bothDevices)
bobDevice2.id,
];
},
(jid, id) async {
@ -609,11 +594,9 @@ void main() {
const bobJid = 'bob@server2';
const cocoJid = 'coco@server3';
final aliceDevice =
await OmemoDevice.generateNewDevice(aliceJid, opkAmount: 1);
final aliceDevice = await OmemoDevice.generateNewDevice(aliceJid, opkAmount: 1);
final bobDevice = await OmemoDevice.generateNewDevice(bobJid, opkAmount: 1);
final cocoDevice =
await OmemoDevice.generateNewDevice(cocoJid, opkAmount: 1);
final cocoDevice = await OmemoDevice.generateNewDevice(cocoJid, opkAmount: 1);
final aliceManager = OmemoManager(
aliceDevice,
@ -695,8 +678,7 @@ void main() {
const bobJid = 'bob@server2';
var failure = false;
final aliceDevice =
await OmemoDevice.generateNewDevice(aliceJid, opkAmount: 1);
final aliceDevice = await OmemoDevice.generateNewDevice(aliceJid, opkAmount: 1);
final bobDevice = await OmemoDevice.generateNewDevice(bobJid, opkAmount: 1);
final aliceManager = OmemoManager(
@ -706,12 +688,16 @@ void main() {
(jid) async {
expect(jid, bobJid);
return failure ? null : [bobDevice.id];
return failure ?
null :
[bobDevice.id];
},
(jid, id) async {
expect(jid, bobJid);
return failure ? null : bobDevice.toBundle();
return failure ?
null :
bobDevice.toBundle();
},
(jid) async {},
);
@ -783,8 +769,7 @@ void main() {
const aliceJid = 'alice@server1';
const bobJid = 'bob@server2';
final aliceDevice =
await OmemoDevice.generateNewDevice(aliceJid, opkAmount: 1);
final aliceDevice = await OmemoDevice.generateNewDevice(aliceJid, opkAmount: 1);
final aliceManager = OmemoManager(
aliceDevice,
@ -812,11 +797,7 @@ void main() {
);
expect(aliceResult.isSuccess(1), false);
expect(
aliceResult.jidEncryptionErrors[bobJid]
is NoKeyMaterialAvailableException,
true,
);
expect(aliceResult.jidEncryptionErrors[bobJid] is NoKeyMaterialAvailableException, true);
});
test('Test sending a message two two JIDs with failed lookups', () async {
@ -824,8 +805,7 @@ void main() {
const bobJid = 'bob@server2';
const cocoJid = 'coco@server3';
final aliceDevice =
await OmemoDevice.generateNewDevice(aliceJid, opkAmount: 1);
final aliceDevice = await OmemoDevice.generateNewDevice(aliceJid, opkAmount: 1);
final bobDevice = await OmemoDevice.generateNewDevice(bobJid, opkAmount: 1);
final aliceManager = OmemoManager(
@ -866,11 +846,7 @@ void main() {
);
expect(aliceResult.isSuccess(2), true);
expect(
aliceResult.jidEncryptionErrors[cocoJid]
is NoKeyMaterialAvailableException,
true,
);
expect(aliceResult.jidEncryptionErrors[cocoJid] is NoKeyMaterialAvailableException, true);
// Bob decrypts it
final bobResult = await bobManager.onIncomingStanza(
@ -890,8 +866,7 @@ void main() {
const aliceJid = 'alice@server1';
const bobJid = 'bob@server2';
final aliceDevice =
await OmemoDevice.generateNewDevice(aliceJid, opkAmount: 1);
final aliceDevice = await OmemoDevice.generateNewDevice(aliceJid, opkAmount: 1);
final bobDevice = await OmemoDevice.generateNewDevice(bobJid, opkAmount: 1);
final aliceManager = OmemoManager(
@ -936,6 +911,7 @@ void main() {
aliceMessage.encryptedKeys,
base64.encode(aliceMessage.ciphertext!),
),
);
// Ratchets are acked
@ -972,8 +948,7 @@ void main() {
const aliceJid = 'alice@server1';
const bobJid = 'bob@server2';
final aliceDevice =
await OmemoDevice.generateNewDevice(aliceJid, opkAmount: 1);
final aliceDevice = await OmemoDevice.generateNewDevice(aliceJid, opkAmount: 1);
final bobDevice = await OmemoDevice.generateNewDevice(bobJid, opkAmount: 1);
EncryptionResult? aliceEmptyMessage;
@ -1100,17 +1075,14 @@ void main() {
expect(aliceResult4.payload, "That's okay.");
});
test(
'Test removing all ratchets and sending a message without post-heartbeat ack',
() async {
test('Test removing all ratchets and sending a message without post-heartbeat ack', () async {
// This test is the same as "Test removing all ratchets and sending a message" except
// that bob does not ack the ratchet after Alice's heartbeat after she recreated
// all ratchets.
const aliceJid = 'alice@server1';
const bobJid = 'bob@server2';
final aliceDevice =
await OmemoDevice.generateNewDevice(aliceJid, opkAmount: 1);
final aliceDevice = await OmemoDevice.generateNewDevice(aliceJid, opkAmount: 1);
final bobDevice = await OmemoDevice.generateNewDevice(bobJid, opkAmount: 1);
EncryptionResult? aliceEmptyMessage;
@ -1235,8 +1207,7 @@ void main() {
const aliceJid = 'alice@server1';
const bobJid = 'bob@server2';
final aliceDevice =
await OmemoDevice.generateNewDevice(aliceJid, opkAmount: 1);
final aliceDevice = await OmemoDevice.generateNewDevice(aliceJid, opkAmount: 1);
final bobDevice = await OmemoDevice.generateNewDevice(bobJid, opkAmount: 1);
final aliceManager = OmemoManager(
@ -1379,68 +1350,4 @@ void main() {
expect(bobResult4.error, null);
expect(bobResult4.payload, 'Hi Bob');
});
test('Test correct trust behaviour on receiving', () async {
const aliceJid = 'alice@server1';
const bobJid = 'bob@server2';
final aliceDevice =
await OmemoDevice.generateNewDevice(aliceJid, opkAmount: 1);
final bobDevice = await OmemoDevice.generateNewDevice(bobJid, opkAmount: 1);
final aliceManager = OmemoManager(
aliceDevice,
AlwaysTrustingTrustManager(),
(result, recipientJid) async {},
(jid) async {
expect(jid, bobJid);
return [bobDevice.id];
},
(jid, id) async {
expect(jid, bobJid);
return bobDevice.toBundle();
},
(jid) async {},
);
final bobManager = OmemoManager(
bobDevice,
TestingTrustManager(),
(result, recipientJid) async {},
(jid) async {
expect(jid, aliceJid);
return [aliceDevice.id];
},
(jid, id) async {
expect(jid, aliceJid);
return aliceDevice.toBundle();
},
(jid) async {},
);
// Alice sends Bob a message
final aliceResult1 = await aliceManager.onOutgoingStanza(
const OmemoOutgoingStanza(
[bobJid],
'Hello World!',
),
);
// Bob decrypts Alice's message
final bobResult1 = await bobManager.onIncomingStanza(
OmemoIncomingStanza(
aliceJid,
aliceDevice.id,
DateTime.now().millisecondsSinceEpoch,
aliceResult1.encryptedKeys,
base64.encode(aliceResult1.ciphertext!),
),
);
expect(bobResult1.error, null);
// Bob should have some trust state
expect(
(bobManager.trustManager as TestingTrustManager).devices[aliceJid],
await aliceManager.getDeviceId(),
);
});
}

21
test/serialisation_test.dart
View File

@ -22,16 +22,14 @@ void main() {
expect(await oldDevice.equals(newDevice), true);
});
test('Test serialising and deserialising the Device after rotating the SPK',
() async {
test('Test serialising and deserialising the Device after rotating the SPK', () async {
// Generate a random session
final oldSession = await OmemoSessionManager.generateNewIdentity(
'user@test.server',
AlwaysTrustingTrustManager(),
opkAmount: 1,
);
final oldDevice =
await (await oldSession.getDevice()).replaceSignedPrekey();
final oldDevice = await (await oldSession.getDevice()).replaceSignedPrekey();
final serialised = jsonify(await oldDevice.toJson());
final newDevice = OmemoDevice.fromJson(serialised);
@ -66,8 +64,7 @@ void main() {
aliceMessage.encryptedKeys,
getTimestamp(),
);
final aliceOld =
aliceSession.getRatchet(bobJid, await bobSession.getDeviceId());
final aliceOld = aliceSession.getRatchet(bobJid, await bobSession.getDeviceId());
final aliceSerialised = jsonify(await aliceOld.toJson());
final aliceNew = OmemoDoubleRatchet.fromJson(aliceSerialised);
@ -119,8 +116,7 @@ void main() {
expect(result2.deviceId, test2.deviceId);
});
test('Test serializing and deserializing the components of the BTBV manager',
() async {
test('Test serializing and deserializing the components of the BTBV manager', () async {
// Caroline's BTBV manager
final btbv = MemoryBTBVTrustManager();
// Example data
@ -134,20 +130,17 @@ void main() {
await btbv.onNewSession(bobJid, 4);
final serialized = jsonify(await btbv.toJson());
final deviceList =
BlindTrustBeforeVerificationTrustManager.deviceListFromJson(
final deviceList = BlindTrustBeforeVerificationTrustManager.deviceListFromJson(
serialized,
);
expect(btbv.devices, deviceList);
final trustCache =
BlindTrustBeforeVerificationTrustManager.trustCacheFromJson(
final trustCache = BlindTrustBeforeVerificationTrustManager.trustCacheFromJson(
serialized,
);
expect(btbv.trustCache, trustCache);
final enableCache =
BlindTrustBeforeVerificationTrustManager.enableCacheFromJson(
final enableCache = BlindTrustBeforeVerificationTrustManager.enableCacheFromJson(
serialized,
);
expect(btbv.enablementCache, enableCache);

6
test/x3dh_test.dart
View File

@ -73,11 +73,7 @@ void main() {
await x3dhFromBundle(bundleBob, ikAlice);
} catch(e) {
exception = true;
expect(
e is InvalidSignatureException,
true,
reason: 'Expected InvalidSignatureException, but got $e',
);
expect(e is InvalidSignatureException, true, reason: 'Expected InvalidSignatureException, but got $e');
}
expect(exception, true, reason: 'Expected test failure');