example/omemo_dart_example.dart

@@ -119,8 +119,6 @@ void main() async {
     aliceDevice.id,
     // The deserialised keys
     keys,
-    // Since the message was not delayed, we use the current time
-    DateTime.now().millisecondsSinceEpoch,
   );
 
   // All Bob has to do now is replace the OMEMO wrapper element 

lib/src/double_ratchet/double_ratchet.dart

@@ -68,7 +68,6 @@ class OmemoDoubleRatchet {
     this.sessionAd,
     this.mkSkipped, // MKSKIPPED
     this.acknowledged,
-    this.kexTimestamp,
   );
 
   factory OmemoDoubleRatchet.fromJson(Map<String, dynamic> data) {
@@ -86,7 +85,6 @@ class OmemoDoubleRatchet {
       'ik_pub': 'base/64/encoded',
       'session_ad': 'base/64/encoded',
       'acknowledged': true | false,
-      'kex_timestamp': int,
       'mkskipped': [
         {
           'key': 'base/64/encoded',
@@ -131,7 +129,6 @@ class OmemoDoubleRatchet {
       base64.decode(data['session_ad']! as String),
       mkSkipped,
       data['acknowledged']! as bool,
-      data['kex_timestamp']! as int,
     );
   }
   
@@ -163,10 +160,6 @@ class OmemoDoubleRatchet {
 
   final Map<SkippedKey, List<int>> mkSkipped;
 
-  /// The point in time at which we performed the kex exchange to create this ratchet.
-  /// Precision is milliseconds since epoch.
-  int kexTimestamp;
-
   /// Indicates whether we received an empty OMEMO message after building a session with
   /// the device.
   bool acknowledged;
@@ -174,7 +167,7 @@ class OmemoDoubleRatchet {
   /// Create an OMEMO session using the Signed Pre Key [spk], the shared secret [sk] that
   /// was obtained using a X3DH and the associated data [ad] that was also obtained through
   /// a X3DH. [ik] refers to Bob's (the receiver's) IK public key.
-  static Future<OmemoDoubleRatchet> initiateNewSession(OmemoPublicKey spk, OmemoPublicKey ik, List<int> sk, List<int> ad, int timestamp) async {
+  static Future<OmemoDoubleRatchet> initiateNewSession(OmemoPublicKey spk, OmemoPublicKey ik, List<int> sk, List<int> ad) async {
     final dhs = await OmemoKeyPair.generateNewPair(KeyPairType.x25519);
     final dhr = spk;
     final rk  = await kdfRk(sk, await omemoDH(dhs, dhr, 0));
@@ -193,7 +186,6 @@ class OmemoDoubleRatchet {
       ad,
       {},
       false,
-      timestamp,
     );
   }
 
@@ -201,7 +193,7 @@ class OmemoDoubleRatchet {
   /// Pre Key keypair [spk], the shared secret [sk] that was obtained through a X3DH and
   /// the associated data [ad] that was also obtained through a X3DH. [ik] refers to
   /// Alice's (the initiator's) IK public key.
-  static Future<OmemoDoubleRatchet> acceptNewSession(OmemoKeyPair spk, OmemoPublicKey ik, List<int> sk, List<int> ad, int kexTimestamp) async {
+  static Future<OmemoDoubleRatchet> acceptNewSession(OmemoKeyPair spk, OmemoPublicKey ik, List<int> sk, List<int> ad) async {
     return OmemoDoubleRatchet(
       spk,
       null,
@@ -215,7 +207,6 @@ class OmemoDoubleRatchet {
       ad,
       {},
       false,
-      kexTimestamp,
     );
   }
 
@@ -242,7 +233,6 @@ class OmemoDoubleRatchet {
       'session_ad': base64.encode(sessionAd),
       'mkskipped': mkSkippedSerialised,
       'acknowledged': acknowledged,
-      'kex_timestamp': kexTimestamp,
     };
   }
   
@@ -278,18 +268,18 @@ class OmemoDoubleRatchet {
   }
 
   Future<void> _dhRatchet(OmemoMessage header) async {
-    pn = ns;
+    pn = header.n!;
     ns = 0;
     nr = 0;
     dhr = OmemoPublicKey.fromBytes(header.dhPub!, KeyPairType.x25519);
 
     final newRk = await kdfRk(rk, await omemoDH(dhs, dhr!, 0));
-    rk = List.from(newRk);
+    rk = newRk;
-    ckr = List.from(newRk);
+    ckr = newRk;
     dhs = await OmemoKeyPair.generateNewPair(KeyPairType.x25519);
     final newNewRk = await kdfRk(rk, await omemoDH(dhs, dhr!, 0));
-    rk = List.from(newNewRk);
+    rk = newNewRk;
-    cks = List.from(newNewRk);
+    cks = newNewRk;
   }
 
   /// Encrypt [plaintext] using the Double Ratchet.
@@ -323,8 +313,8 @@ class OmemoDoubleRatchet {
     }
 
     final dhPubMatches = listsEqual(
-      header.dhPub!,
+      header.dhPub ?? <int>[],
-      (await dhr?.getBytes()) ?? <int>[],
+      await dhr?.getBytes() ?? <int>[],
     );
     if (!dhPubMatches) {
       await _skipMessageKeys(header.pn!);
@@ -340,40 +330,12 @@ class OmemoDoubleRatchet {
     return decrypt(mk, ciphertext, concat([sessionAd, header.writeToBuffer()]), sessionAd);
   }
 
-  OmemoDoubleRatchet clone() {
-    return OmemoDoubleRatchet(
-      dhs,
-      dhr,
-      rk,
-      cks != null ?
-        List<int>.from(cks!) :
-        null,
-      ckr != null ?
-        List<int>.from(ckr!) :
-        null,
-      ns,
-      nr,
-      pn,
-      ik,
-      sessionAd,
-      Map<SkippedKey, List<int>>.from(mkSkipped),
-      acknowledged,
-      kexTimestamp,
-    );
-  }
-  
   @visibleForTesting
   Future<bool> equals(OmemoDoubleRatchet other) async {
-    final dhrMatch = dhr == null ?
-      other.dhr == null :
     // ignore: invalid_use_of_visible_for_testing_member
-      other.dhr != null && await dhr!.equals(other.dhr!);
+    final dhrMatch = dhr == null ? other.dhr == null : await dhr!.equals(other.dhr!);
-    final ckrMatch = ckr == null ?
+    final ckrMatch = ckr == null ? other.ckr == null : listsEqual(ckr!, other.ckr!);
-      other.ckr == null :
+    final cksMatch = cks == null ? other.cks == null : listsEqual(cks!, other.cks!);
-      other.ckr != null && listsEqual(ckr!, other.ckr!);
-    final cksMatch = cks == null ?
-      other.cks == null :
-      other.cks != null && listsEqual(cks!, other.cks!);
  
     // ignore: invalid_use_of_visible_for_testing_member
     final dhsMatch = await dhs.equals(other.dhs);
@@ -389,7 +351,6 @@ class OmemoDoubleRatchet {
       ns == other.ns &&
       nr == other.nr &&
       pn == other.pn &&
-      listsEqual(sessionAd, other.sessionAd) &&
+      listsEqual(sessionAd, other.sessionAd);
-      kexTimestamp == other.kexTimestamp;
   }
 }

lib/src/errors.dart

@@ -30,16 +30,3 @@ class NoDecryptionKeyException implements Exception {
 class UnknownSignedPrekeyException implements Exception {
   String errMsg() => 'Unknown Signed Prekey used.';
 }
-
-/// Triggered by the Session Manager when the received Key Exchange message does not meet
-/// the requirement that a key exchange, given that the ratchet already exists, must be
-/// sent after its creation.
-class InvalidKeyExchangeException implements Exception {
-  String errMsg() => 'The key exchange was sent before the last kex finished';
-}
-
-/// Triggered by the Session Manager when a message's sequence number is smaller than we
-/// expect it to be.
-class MessageAlreadyDecryptedException implements Exception {
-  String errMsg() => 'The message has already been decrypted';
-}

lib/src/helpers.dart

@@ -73,7 +73,3 @@ OmemoKeyPair? decodeKeyPairIfNotNull(String? pk, String? sk, KeyPairType type) {
     type,
   );
 }
-
-int getTimestamp() {
-  return DateTime.now().millisecondsSinceEpoch;
-}

lib/src/omemo/sessionmanager.dart

@@ -154,7 +154,6 @@ class OmemoSessionManager {
       bundle.ik,
       kexResult.sk,
       kexResult.ad,
-      getTimestamp(),
     );
 
     await _trustManager.onNewSession(jid, deviceId);
@@ -201,7 +200,6 @@ class OmemoSessionManager {
       OmemoPublicKey.fromBytes(kex.ik!, KeyPairType.ed25519),
       kexResult.sk,
       kexResult.ad,
-      getTimestamp(),
     );
 
     await _trustManager.onNewSession(jid, deviceId);
@@ -242,11 +240,7 @@ class OmemoSessionManager {
     final kex = <int, OmemoKeyExchange>{};
     if (newSessions != null) {
       for (final newSession in newSessions) {
-        kex[newSession.id] = await addSessionFromBundle(
+        kex[newSession.id] = await addSessionFromBundle(newSession.jid, newSession.id, newSession);
-          newSession.jid,
-          newSession.id,
-          newSession,
-        );
       }
     }
     
@@ -306,7 +300,7 @@ class OmemoSessionManager {
   /// [mapKey] with [oldRatchet].
   Future<void> _restoreRatchet(RatchetMapKey mapKey, OmemoDoubleRatchet oldRatchet) async {
     await _lock.synchronized(() {
-      _log.finest('Restoring ratchet ${mapKey.jid}:${mapKey.deviceId} to ${oldRatchet.nr}');
+      _log.finest('Restoring ratchet ${mapKey.jid}:${mapKey.deviceId}');
       _ratchetMap[mapKey] = oldRatchet;
 
       // Commit the ratchet
@@ -324,15 +318,12 @@ class OmemoSessionManager {
   /// <keys /> element with a "jid" attribute matching our own. [senderJid] refers to the
   /// bare Jid of the sender. [senderDeviceId] refers to the "sid" attribute of the
   /// <encrypted /> element.
-  /// [timestamp] refers to the time the message was sent. This might be either what the
-  /// server tells you via "XEP-0203: Delayed Delivery" or the point in time at which
-  /// you received the stanza, if no Delayed Delivery element was found.
   ///
   /// If the received message is an empty OMEMO message, i.e. there is no <payload />
   /// element, then [ciphertext] must be set to null. In this case, this function
   /// will return null as there is no message to be decrypted. This, however, is used
   /// to set up sessions or advance the ratchets.
-  Future<String?> decryptMessage(List<int>? ciphertext, String senderJid, int senderDeviceId, List<EncryptedKey> keys, int timestamp) async {
+  Future<String?> decryptMessage(List<int>? ciphertext, String senderJid, int senderDeviceId, List<EncryptedKey> keys) async {
     // Try to find a session we can decrypt with.
     var device = await getDevice();
     final rawKey = keys.firstWhereOrNull((key) => key.rid == device.id);
@@ -344,32 +335,22 @@ class OmemoSessionManager {
     final decodedRawKey = base64.decode(rawKey.value);
     OmemoAuthenticatedMessage authMessage;
     OmemoDoubleRatchet? oldRatchet;
-    OmemoMessage? message;
     if (rawKey.kex) {
       // If the ratchet already existed, we store it. If it didn't, oldRatchet will stay
       // null.
-      final oldRatchet = (await _getRatchet(ratchetKey))?.clone();
+      oldRatchet = await _getRatchet(ratchetKey);
-      final kex = OmemoKeyExchange.fromBuffer(decodedRawKey);
-      authMessage = kex.message!;
-      message = OmemoMessage.fromBuffer(authMessage.message!);
-
-      // Guard against old key exchanges
-      if (oldRatchet != null) {
-        _log.finest('KEX for existent ratchet. ${oldRatchet.pn}');
-        if (oldRatchet.kexTimestamp > timestamp) {
-          throw InvalidKeyExchangeException();
-        }
-      }
 
       // TODO(PapaTutuWawa): Only do this when we should
+      final kex = OmemoKeyExchange.fromBuffer(decodedRawKey);
       await _addSessionFromKeyExchange(
         senderJid,
         senderDeviceId,
         kex,
       );
 
+      authMessage = kex.message!;
+
       // Replace the OPK
-      // TODO(PapaTutuWawa): Replace the OPK when we know that the KEX worked
       await _deviceLock.synchronized(() async {
         device = await device.replaceOnetimePrekey(kex.pkId!);
 
@@ -378,7 +359,6 @@ class OmemoSessionManager {
       });
     } else {
       authMessage = OmemoAuthenticatedMessage.fromBuffer(decodedRawKey);
-      message = OmemoMessage.fromBuffer(authMessage.message!);
     }
     
     final devices = _deviceMap[senderJid];
@@ -389,10 +369,11 @@ class OmemoSessionManager {
       throw NoDecryptionKeyException();
     }
 
+    final message = OmemoMessage.fromBuffer(authMessage.message!);
     List<int>? keyAndHmac;
     // We can guarantee that the ratchet exists at this point in time
     final ratchet = (await _getRatchet(ratchetKey))!;
-    oldRatchet ??= ratchet.clone();
+    oldRatchet ??= ratchet ;
 
     try {
       if (rawKey.kex) {

test/double_ratchet_test.dart

@@ -84,14 +84,12 @@ void main() {
       ikBob.pk,
       resultAlice.sk,
       resultAlice.ad,
-      0,
     );
     final bobsRatchet = await OmemoDoubleRatchet.acceptNewSession(
       spkBob,
       ikAlice.pk,
       resultBob.sk,
       resultBob.ad,
-      0,
     );
 
     expect(alicesRatchet.sessionAd, bobsRatchet.sessionAd);

test/omemo_test.dart

@@ -90,7 +90,6 @@ void main() {
       aliceJid,
       await aliceSession.getDeviceId(),
       aliceMessage.encryptedKeys,
-      0,
     );
     expect(messagePlaintext, bobMessage);
     // The ratchet should be modified two times: Once for when the ratchet is created and
@@ -122,7 +121,6 @@ void main() {
       bobJid,
       await bobSession.getDeviceId(),
       bobResponseMessage.encryptedKeys,
-      0,
     );
     expect(bobResponseText, aliceReceivedMessage);
   });
@@ -172,7 +170,6 @@ void main() {
       aliceJid,
       await aliceSession.getDeviceId(),
       aliceMessage.encryptedKeys,
-      0,
     );
     expect(messagePlaintext, bobMessage);
 
@@ -192,7 +189,6 @@ void main() {
       bobJid,
       await bobSession.getDeviceId(),
       bobResponseMessage.encryptedKeys,
-      0,
     );
     expect(bobResponseText, aliceReceivedMessage);
 
@@ -249,7 +245,6 @@ void main() {
       aliceJid,
       await aliceSession1.getDeviceId(),
       aliceMessage.encryptedKeys,
-      0,
     );
     expect(messagePlaintext, bobMessage);
 
@@ -259,7 +254,6 @@ void main() {
       aliceJid,
       await aliceSession1.getDeviceId(),
       aliceMessage.encryptedKeys,
-      0,
     );
     expect(messagePlaintext, aliceMessage2);
   });
@@ -300,7 +294,6 @@ void main() {
       aliceJid,
       await aliceSession.getDeviceId(),
       aliceMessage.encryptedKeys,
-      0,
     );
     expect(bobMessage, null);
 
@@ -378,7 +371,6 @@ void main() {
       aliceJid,
       await aliceSession.getDeviceId(),
       aliceMessage.encryptedKeys,
-      0,
     );
     expect(messagePlaintext, bobMessage);
   });
@@ -445,7 +437,6 @@ void main() {
       aliceJid,
       await aliceSession.getDeviceId(),
       aliceMessage.encryptedKeys,
-      0,
     );
 
     for (var i = 0; i < 100; i++) {
@@ -465,7 +456,6 @@ void main() {
         bobJid,
         await bobSession.getDeviceId(),
         bobResponseMessage.encryptedKeys,
-        0,
       );
       expect(messageText, aliceReceivedMessage);
     }
@@ -620,7 +610,6 @@ void main() {
       aliceJid,
       await aliceSession.getDeviceId(),
       msg1.encryptedKeys,
-      0,
     );
     final aliceRatchet1 = aliceSession.getRatchet(
       bobJid,
@@ -645,7 +634,6 @@ void main() {
       aliceJid,
       await aliceSession.getDeviceId(),
       msg2.encryptedKeys,
-      getTimestamp(),
     );
     final aliceRatchet2 = aliceSession.getRatchet(
       bobJid,
@@ -665,7 +653,7 @@ void main() {
     expect(await bobRatchet1.equals(bobRatchet2), false);
   });
 
-  test('Test receiving old messages including a KEX', () async {
+  test('Test receiving an old message that contains a KEX', () async {
     const aliceJid = 'alice@server.example';
     const bobJid = 'bob@other.server.example';
     // Alice and Bob generate their sessions
@@ -680,9 +668,6 @@ void main() {
       opkAmount: 2,
     );
 
-    final bobsReceivedMessages = List<EncryptionResult>.empty(growable: true);
-    final bobsReceivedMessagesTimestamps = List<int>.empty(growable: true);
-    
     // Alice sends Bob a message
     final msg1 = await aliceSession.encryptToJid(
       bobJid,
@@ -691,16 +676,12 @@ void main() {
         await bobSession.getDeviceBundle(),
       ],
     );
-    bobsReceivedMessages.add(msg1);
-    final t1 = getTimestamp();
-    bobsReceivedMessagesTimestamps.add(t1);
 
     await bobSession.decryptMessage(
       msg1.ciphertext,
       aliceJid,
       await aliceSession.getDeviceId(),
       msg1.encryptedKeys,
-      t1,
     );
 
     // Bob responds
@@ -708,68 +689,96 @@ void main() {
       aliceJid,
       'Hello!',
     );
-
     await aliceSession.decryptMessage(
       msg2.ciphertext,
       bobJid,
       await bobSession.getDeviceId(),
       msg2.encryptedKeys,
-      getTimestamp(),
     );
 
-    // Send some messages between the two
+    // Due to some issue with the transport protocol, the first message Bob received is
-    for (var i = 0; i < 100; i++) {
+    // received again
-      final msg = await aliceSession.encryptToJid(
-        bobJid,
-        'Hello $i',
-      );
-      bobsReceivedMessages.add(msg);
-      final t = getTimestamp();
-      bobsReceivedMessagesTimestamps.add(t);
-      final result = await bobSession.decryptMessage(
-        msg.ciphertext,
-        aliceJid,
-        await aliceSession.getDeviceId(),
-        msg.encryptedKeys,
-        t,
-      );
-
-      expect(result, 'Hello $i');
-    }
-
-    // Due to some issue with the transport protocol, the messages to Bob are received
-    // again.
-    final ratchetPreError = bobSession
-      .getRatchet(aliceJid, await aliceSession.getDeviceId())
-      .clone();
-    var invalidKex = 0;
-    var errorCounter = 0;
-    for (var i = 0; i < bobsReceivedMessages.length; i++) {
-      final msg = bobsReceivedMessages[i];
     try {
       await bobSession.decryptMessage(
-          msg.ciphertext,
+        msg1.ciphertext,
         aliceJid,
         await aliceSession.getDeviceId(),
-          msg.encryptedKeys,
+        msg1.encryptedKeys,
-          bobsReceivedMessagesTimestamps[i],
       );
       expect(true, false);
-      } on InvalidMessageHMACException catch (_) {
+    } on InvalidMessageHMACException {
-        errorCounter++;
+      // NOOP
-      } on InvalidKeyExchangeException catch (_) {
+    }
-        invalidKex++;
+
+    final msg3 = await aliceSession.encryptToJid(
+      bobJid,
+      'Are you okay?',
+    );
+    final result = await bobSession.decryptMessage(
+      msg3.ciphertext,
+      aliceJid,
+      await aliceSession.getDeviceId(),
+      msg3.encryptedKeys,
+    );
+
+    expect(result, 'Are you okay?');
+  });
+
+  test('Test receiving an old message that does not contain a KEX', () async {
+    const aliceJid = 'alice@server.example';
+    const bobJid = 'bob@other.server.example';
+    // Alice and Bob generate their sessions
+    final aliceSession = await OmemoSessionManager.generateNewIdentity(
+      aliceJid,
+      AlwaysTrustingTrustManager(),
+      opkAmount: 1,
+    );
+    final bobSession = await OmemoSessionManager.generateNewIdentity(
+      bobJid,
+      AlwaysTrustingTrustManager(),
+      opkAmount: 2,
+    );
+
+    // Alice sends Bob a message
+    final msg1 = await aliceSession.encryptToJid(
+      bobJid,
+      'Hallo Welt',
+      newSessions: [
+        await bobSession.getDeviceBundle(),
+      ],
+    );
+    await bobSession.decryptMessage(
+      msg1.ciphertext,
+      aliceJid,
+      await aliceSession.getDeviceId(),
+      msg1.encryptedKeys,
+    );
+
+    // Bob responds
+    final msg2 = await bobSession.encryptToJid(
+      aliceJid,
+      'Hello!',
+    );
+    await aliceSession.decryptMessage(
+      msg2.ciphertext,
+      bobJid,
+      await bobSession.getDeviceId(),
+      msg2.encryptedKeys,
+    );
+
+    // Due to some issue with the transport protocol, the first message Alice received is
+    // received again.
+    try {
+      await aliceSession.decryptMessage(
+        msg2.ciphertext,
+        bobJid,
+        await bobSession.getDeviceId(),
+        msg2.encryptedKeys,
+      );
+      expect(true, false);
+    } catch (_) {
+      // NOOP
     }
-    }
-    final ratchetPostError = bobSession
-      .getRatchet(aliceJid, await aliceSession.getDeviceId())
-      .clone();
-
-    // The 100 messages including the initial KEX message
-    expect(invalidKex, 1);
-    expect(errorCounter, 100);
-    expect(await ratchetPreError.equals(ratchetPostError), true);
-
 
     final msg3 = await aliceSession.encryptToJid(
       bobJid,
@@ -780,7 +789,6 @@ void main() {
       aliceJid,
       await aliceSession.getDeviceId(),
       msg3.encryptedKeys,
-      104,
     );
 
     expect(result, 'Are you okay?');

test/serialisation_test.dart

@@ -62,7 +62,6 @@ void main() {
       aliceJid,
       await aliceSession.getDeviceId(),
       aliceMessage.encryptedKeys,
-      getTimestamp(),
     );
     final aliceOld = aliceSession.getRatchet(bobJid, await bobSession.getDeviceId());
     final aliceSerialised = jsonify(await aliceOld.toJson());