PapaTutuWawa/omemo_dart
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: PapaTutuWawa:1472624b1d80ef94663114ac4273e51daed65882
Branches Tags
PapaTutuWawa:master
PapaTutuWawa:fix/ci
PapaTutuWawa:v0.6.0
PapaTutuWawa:v0.5.0
PapaTutuWawa:v0.4.3
PapaTutuWawa:v0.4.2
PapaTutuWawa:v0.4.1
PapaTutuWawa:v0.3.2
PapaTutuWawa:v0.3.1
PapaTutuWawa:v0.3.0
PapaTutuWawa:v0.2.1
PapaTutuWawa:v0.2.0
PapaTutuWawa:v0.1.3
PapaTutuWawa:v0.1.2
PapaTutuWawa:v0.1.1
PapaTutuWawa:v0.1.0
..
compare: PapaTutuWawa:7c3a9a75df36026d8d258f6f812a373531f71f1c
Branches Tags
PapaTutuWawa:master
PapaTutuWawa:fix/ci
PapaTutuWawa:v0.6.0
PapaTutuWawa:v0.5.0
PapaTutuWawa:v0.4.3
PapaTutuWawa:v0.4.2
PapaTutuWawa:v0.4.1
PapaTutuWawa:v0.3.2
PapaTutuWawa:v0.3.1
PapaTutuWawa:v0.3.0
PapaTutuWawa:v0.2.1
PapaTutuWawa:v0.2.0
PapaTutuWawa:v0.1.3
PapaTutuWawa:v0.1.2
PapaTutuWawa:v0.1.1
PapaTutuWawa:v0.1.0

No commits in common. "1472624b1d80ef94663114ac4273e51daed65882" and "7c3a9a75df36026d8d258f6f812a373531f71f1c" have entirely different histories.
1472624b1d ... 7c3a9a75df

8 changed files with 107 additions and 179 deletions
Show Stats Expand all files Collapse all files

2
example/omemo_dart_example.dart
View File

@ -119,8 +119,6 @@ void main() async {
aliceDevice.id,
// The deserialised keys
keys,
// Since the message was not delayed, we use the current time
DateTime.now().millisecondsSinceEpoch,
);
// All Bob has to do now is replace the OMEMO wrapper element

67
lib/src/double_ratchet/double_ratchet.dart
View File

@ -68,7 +68,6 @@ class OmemoDoubleRatchet {
this.sessionAd,
this.mkSkipped, // MKSKIPPED
this.acknowledged,
this.kexTimestamp,
);
factory OmemoDoubleRatchet.fromJson(Map<String, dynamic> data) {
@ -86,7 +85,6 @@ class OmemoDoubleRatchet {
'ik_pub': 'base/64/encoded',
'session_ad': 'base/64/encoded',
'acknowledged': true | false,
'kex_timestamp': int,
'mkskipped': [
{
'key': 'base/64/encoded',
@ -131,7 +129,6 @@ class OmemoDoubleRatchet {
base64.decode(data['session_ad']! as String),
mkSkipped,
data['acknowledged']! as bool,
data['kex_timestamp']! as int,
);
}
@ -163,10 +160,6 @@ class OmemoDoubleRatchet {
final Map<SkippedKey, List<int>> mkSkipped;
/// The point in time at which we performed the kex exchange to create this ratchet.
/// Precision is milliseconds since epoch.
int kexTimestamp;
/// Indicates whether we received an empty OMEMO message after building a session with
/// the device.
bool acknowledged;
@ -174,7 +167,7 @@ class OmemoDoubleRatchet {
/// Create an OMEMO session using the Signed Pre Key [spk], the shared secret [sk] that
/// was obtained using a X3DH and the associated data [ad] that was also obtained through
/// a X3DH. [ik] refers to Bob's (the receiver's) IK public key.
static Future<OmemoDoubleRatchet> initiateNewSession(OmemoPublicKey spk, OmemoPublicKey ik, List<int> sk, List<int> ad, int timestamp) async {
static Future<OmemoDoubleRatchet> initiateNewSession(OmemoPublicKey spk, OmemoPublicKey ik, List<int> sk, List<int> ad) async {
final dhs = await OmemoKeyPair.generateNewPair(KeyPairType.x25519);
final dhr = spk;
final rk = await kdfRk(sk, await omemoDH(dhs, dhr, 0));
@ -193,7 +186,6 @@ class OmemoDoubleRatchet {
ad,
{},
false,
timestamp,
);
}
@ -201,7 +193,7 @@ class OmemoDoubleRatchet {
/// Pre Key keypair [spk], the shared secret [sk] that was obtained through a X3DH and
/// the associated data [ad] that was also obtained through a X3DH. [ik] refers to
/// Alice's (the initiator's) IK public key.
static Future<OmemoDoubleRatchet> acceptNewSession(OmemoKeyPair spk, OmemoPublicKey ik, List<int> sk, List<int> ad, int kexTimestamp) async {
static Future<OmemoDoubleRatchet> acceptNewSession(OmemoKeyPair spk, OmemoPublicKey ik, List<int> sk, List<int> ad) async {
return OmemoDoubleRatchet(
spk,
null,
@ -215,7 +207,6 @@ class OmemoDoubleRatchet {
ad,
{},
false,
kexTimestamp,
);
}
@ -242,7 +233,6 @@ class OmemoDoubleRatchet {
'session_ad': base64.encode(sessionAd),
'mkskipped': mkSkippedSerialised,
'acknowledged': acknowledged,
'kex_timestamp': kexTimestamp,
};
}
@ -278,18 +268,18 @@ class OmemoDoubleRatchet {
}
Future<void> _dhRatchet(OmemoMessage header) async {
pn = ns;
pn = header.n!;
ns = 0;
nr = 0;
dhr = OmemoPublicKey.fromBytes(header.dhPub!, KeyPairType.x25519);
final newRk = await kdfRk(rk, await omemoDH(dhs, dhr!, 0));
rk = List.from(newRk);
ckr = List.from(newRk);
rk = newRk;
ckr = newRk;
dhs = await OmemoKeyPair.generateNewPair(KeyPairType.x25519);
final newNewRk = await kdfRk(rk, await omemoDH(dhs, dhr!, 0));
rk = List.from(newNewRk);
cks = List.from(newNewRk);
rk = newNewRk;
cks = newNewRk;
}
/// Encrypt [plaintext] using the Double Ratchet.
@ -323,8 +313,8 @@ class OmemoDoubleRatchet {
}
final dhPubMatches = listsEqual(
header.dhPub!,
(await dhr?.getBytes()) ?? <int>[],
header.dhPub ?? <int>[],
await dhr?.getBytes() ?? <int>[],
);
if (!dhPubMatches) {
await _skipMessageKeys(header.pn!);
@ -340,40 +330,12 @@ class OmemoDoubleRatchet {
return decrypt(mk, ciphertext, concat([sessionAd, header.writeToBuffer()]), sessionAd);
}
OmemoDoubleRatchet clone() {
return OmemoDoubleRatchet(
dhs,
dhr,
rk,
cks != null ?
List<int>.from(cks!) :
null,
ckr != null ?
List<int>.from(ckr!) :
null,
ns,
nr,
pn,
ik,
sessionAd,
Map<SkippedKey, List<int>>.from(mkSkipped),
acknowledged,
kexTimestamp,
);
}
@visibleForTesting
Future<bool> equals(OmemoDoubleRatchet other) async {
final dhrMatch = dhr == null ?
other.dhr == null :
// ignore: invalid_use_of_visible_for_testing_member
other.dhr != null && await dhr!.equals(other.dhr!);
final ckrMatch = ckr == null ?
other.ckr == null :
other.ckr != null && listsEqual(ckr!, other.ckr!);
final cksMatch = cks == null ?
other.cks == null :
other.cks != null && listsEqual(cks!, other.cks!);
// ignore: invalid_use_of_visible_for_testing_member
final dhrMatch = dhr == null ? other.dhr == null : await dhr!.equals(other.dhr!);
final ckrMatch = ckr == null ? other.ckr == null : listsEqual(ckr!, other.ckr!);
final cksMatch = cks == null ? other.cks == null : listsEqual(cks!, other.cks!);
// ignore: invalid_use_of_visible_for_testing_member
final dhsMatch = await dhs.equals(other.dhs);
@ -389,7 +351,6 @@ class OmemoDoubleRatchet {
ns == other.ns &&
nr == other.nr &&
pn == other.pn &&
listsEqual(sessionAd, other.sessionAd) &&
kexTimestamp == other.kexTimestamp;
listsEqual(sessionAd, other.sessionAd);
}
}

13
lib/src/errors.dart
View File

@ -30,16 +30,3 @@ class NoDecryptionKeyException implements Exception {
class UnknownSignedPrekeyException implements Exception {
String errMsg() => 'Unknown Signed Prekey used.';
}
/// Triggered by the Session Manager when the received Key Exchange message does not meet
/// the requirement that a key exchange, given that the ratchet already exists, must be
/// sent after its creation.
class InvalidKeyExchangeException implements Exception {
String errMsg() => 'The key exchange was sent before the last kex finished';
}
/// Triggered by the Session Manager when a message's sequence number is smaller than we
/// expect it to be.
class MessageAlreadyDecryptedException implements Exception {
String errMsg() => 'The message has already been decrypted';
}

4
lib/src/helpers.dart
View File

@ -73,7 +73,3 @@ OmemoKeyPair? decodeKeyPairIfNotNull(String? pk, String? sk, KeyPairType type) {
type,
);
}
int getTimestamp() {
return DateTime.now().millisecondsSinceEpoch;
}

37
lib/src/omemo/sessionmanager.dart
View File

@ -154,7 +154,6 @@ class OmemoSessionManager {
bundle.ik,
kexResult.sk,
kexResult.ad,
getTimestamp(),
);
await _trustManager.onNewSession(jid, deviceId);
@ -201,7 +200,6 @@ class OmemoSessionManager {
OmemoPublicKey.fromBytes(kex.ik!, KeyPairType.ed25519),
kexResult.sk,
kexResult.ad,
getTimestamp(),
);
await _trustManager.onNewSession(jid, deviceId);
@ -242,11 +240,7 @@ class OmemoSessionManager {
final kex = <int, OmemoKeyExchange>{};
if (newSessions != null) {
for (final newSession in newSessions) {
kex[newSession.id] = await addSessionFromBundle(
newSession.jid,
newSession.id,
newSession,
);
kex[newSession.id] = await addSessionFromBundle(newSession.jid, newSession.id, newSession);
}
}
@ -306,7 +300,7 @@ class OmemoSessionManager {
/// [mapKey] with [oldRatchet].
Future<void> _restoreRatchet(RatchetMapKey mapKey, OmemoDoubleRatchet oldRatchet) async {
await _lock.synchronized(() {
_log.finest('Restoring ratchet ${mapKey.jid}:${mapKey.deviceId} to ${oldRatchet.nr}');
_log.finest('Restoring ratchet ${mapKey.jid}:${mapKey.deviceId}');
_ratchetMap[mapKey] = oldRatchet;
// Commit the ratchet
@ -324,15 +318,12 @@ class OmemoSessionManager {
/// <keys /> element with a "jid" attribute matching our own. [senderJid] refers to the
/// bare Jid of the sender. [senderDeviceId] refers to the "sid" attribute of the
/// <encrypted /> element.
/// [timestamp] refers to the time the message was sent. This might be either what the
/// server tells you via "XEP-0203: Delayed Delivery" or the point in time at which
/// you received the stanza, if no Delayed Delivery element was found.
///
/// If the received message is an empty OMEMO message, i.e. there is no <payload />
/// element, then [ciphertext] must be set to null. In this case, this function
/// will return null as there is no message to be decrypted. This, however, is used
/// to set up sessions or advance the ratchets.
Future<String?> decryptMessage(List<int>? ciphertext, String senderJid, int senderDeviceId, List<EncryptedKey> keys, int timestamp) async {
Future<String?> decryptMessage(List<int>? ciphertext, String senderJid, int senderDeviceId, List<EncryptedKey> keys) async {
// Try to find a session we can decrypt with.
var device = await getDevice();
final rawKey = keys.firstWhereOrNull((key) => key.rid == device.id);
@ -344,32 +335,22 @@ class OmemoSessionManager {
final decodedRawKey = base64.decode(rawKey.value);
OmemoAuthenticatedMessage authMessage;
OmemoDoubleRatchet? oldRatchet;
OmemoMessage? message;
if (rawKey.kex) {
// If the ratchet already existed, we store it. If it didn't, oldRatchet will stay
// null.
final oldRatchet = (await _getRatchet(ratchetKey))?.clone();
final kex = OmemoKeyExchange.fromBuffer(decodedRawKey);
authMessage = kex.message!;
message = OmemoMessage.fromBuffer(authMessage.message!);
// Guard against old key exchanges
if (oldRatchet != null) {
_log.finest('KEX for existent ratchet. ${oldRatchet.pn}');
if (oldRatchet.kexTimestamp > timestamp) {
throw InvalidKeyExchangeException();
}
}
oldRatchet = await _getRatchet(ratchetKey);
// TODO(PapaTutuWawa): Only do this when we should
final kex = OmemoKeyExchange.fromBuffer(decodedRawKey);
await _addSessionFromKeyExchange(
senderJid,
senderDeviceId,
kex,
);
authMessage = kex.message!;
// Replace the OPK
// TODO(PapaTutuWawa): Replace the OPK when we know that the KEX worked
await _deviceLock.synchronized(() async {
device = await device.replaceOnetimePrekey(kex.pkId!);
@ -378,7 +359,6 @@ class OmemoSessionManager {
});
} else {
authMessage = OmemoAuthenticatedMessage.fromBuffer(decodedRawKey);
message = OmemoMessage.fromBuffer(authMessage.message!);
}
final devices = _deviceMap[senderJid];
@ -389,10 +369,11 @@ class OmemoSessionManager {
throw NoDecryptionKeyException();
}
final message = OmemoMessage.fromBuffer(authMessage.message!);
List<int>? keyAndHmac;
// We can guarantee that the ratchet exists at this point in time
final ratchet = (await _getRatchet(ratchetKey))!;
oldRatchet ??= ratchet.clone();
oldRatchet ??= ratchet ;
try {
if (rawKey.kex) {

2
test/double_ratchet_test.dart
View File

@ -84,14 +84,12 @@ void main() {
ikBob.pk,
resultAlice.sk,
resultAlice.ad,
0,
);
final bobsRatchet = await OmemoDoubleRatchet.acceptNewSession(
spkBob,
ikAlice.pk,
resultBob.sk,
resultBob.ad,
0,
);
expect(alicesRatchet.sessionAd, bobsRatchet.sessionAd);

152
test/omemo_test.dart
View File

@ -90,7 +90,6 @@ void main() {
aliceJid,
await aliceSession.getDeviceId(),
aliceMessage.encryptedKeys,
0,
);
expect(messagePlaintext, bobMessage);
// The ratchet should be modified two times: Once for when the ratchet is created and
@ -122,7 +121,6 @@ void main() {
bobJid,
await bobSession.getDeviceId(),
bobResponseMessage.encryptedKeys,
0,
);
expect(bobResponseText, aliceReceivedMessage);
});
@ -172,7 +170,6 @@ void main() {
aliceJid,
await aliceSession.getDeviceId(),
aliceMessage.encryptedKeys,
0,
);
expect(messagePlaintext, bobMessage);
@ -192,7 +189,6 @@ void main() {
bobJid,
await bobSession.getDeviceId(),
bobResponseMessage.encryptedKeys,
0,
);
expect(bobResponseText, aliceReceivedMessage);
@ -249,7 +245,6 @@ void main() {
aliceJid,
await aliceSession1.getDeviceId(),
aliceMessage.encryptedKeys,
0,
);
expect(messagePlaintext, bobMessage);
@ -259,7 +254,6 @@ void main() {
aliceJid,
await aliceSession1.getDeviceId(),
aliceMessage.encryptedKeys,
0,
);
expect(messagePlaintext, aliceMessage2);
});
@ -300,7 +294,6 @@ void main() {
aliceJid,
await aliceSession.getDeviceId(),
aliceMessage.encryptedKeys,
0,
);
expect(bobMessage, null);
@ -378,7 +371,6 @@ void main() {
aliceJid,
await aliceSession.getDeviceId(),
aliceMessage.encryptedKeys,
0,
);
expect(messagePlaintext, bobMessage);
});
@ -445,7 +437,6 @@ void main() {
aliceJid,
await aliceSession.getDeviceId(),
aliceMessage.encryptedKeys,
0,
);
for (var i = 0; i < 100; i++) {
@ -465,7 +456,6 @@ void main() {
bobJid,
await bobSession.getDeviceId(),
bobResponseMessage.encryptedKeys,
0,
);
expect(messageText, aliceReceivedMessage);
}
@ -620,7 +610,6 @@ void main() {
aliceJid,
await aliceSession.getDeviceId(),
msg1.encryptedKeys,
0,
);
final aliceRatchet1 = aliceSession.getRatchet(
bobJid,
@ -645,7 +634,6 @@ void main() {
aliceJid,
await aliceSession.getDeviceId(),
msg2.encryptedKeys,
getTimestamp(),
);
final aliceRatchet2 = aliceSession.getRatchet(
bobJid,
@ -665,7 +653,7 @@ void main() {
expect(await bobRatchet1.equals(bobRatchet2), false);
});
test('Test receiving old messages including a KEX', () async {
test('Test receiving an old message that contains a KEX', () async {
const aliceJid = 'alice@server.example';
const bobJid = 'bob@other.server.example';
// Alice and Bob generate their sessions
@ -680,9 +668,6 @@ void main() {
opkAmount: 2,
);
final bobsReceivedMessages = List<EncryptionResult>.empty(growable: true);
final bobsReceivedMessagesTimestamps = List<int>.empty(growable: true);
// Alice sends Bob a message
final msg1 = await aliceSession.encryptToJid(
bobJid,
@ -691,16 +676,12 @@ void main() {
await bobSession.getDeviceBundle(),
],
);
bobsReceivedMessages.add(msg1);
final t1 = getTimestamp();
bobsReceivedMessagesTimestamps.add(t1);
await bobSession.decryptMessage(
msg1.ciphertext,
aliceJid,
await aliceSession.getDeviceId(),
msg1.encryptedKeys,
t1,
);
// Bob responds
@ -708,69 +689,97 @@ void main() {
aliceJid,
'Hello!',
);
await aliceSession.decryptMessage(
msg2.ciphertext,
bobJid,
await bobSession.getDeviceId(),
msg2.encryptedKeys,
getTimestamp(),
);
// Send some messages between the two
for (var i = 0; i < 100; i++) {
final msg = await aliceSession.encryptToJid(
bobJid,
'Hello $i',
);
bobsReceivedMessages.add(msg);
final t = getTimestamp();
bobsReceivedMessagesTimestamps.add(t);
final result = await bobSession.decryptMessage(
msg.ciphertext,
// Due to some issue with the transport protocol, the first message Bob received is
// received again
try {
await bobSession.decryptMessage(
msg1.ciphertext,
aliceJid,
await aliceSession.getDeviceId(),
msg.encryptedKeys,
t,
msg1.encryptedKeys,
);
expect(result, 'Hello $i');
expect(true, false);
} on InvalidMessageHMACException {
// NOOP
}
final msg3 = await aliceSession.encryptToJid(
bobJid,
'Are you okay?',
);
final result = await bobSession.decryptMessage(
msg3.ciphertext,
aliceJid,
await aliceSession.getDeviceId(),
msg3.encryptedKeys,
);
expect(result, 'Are you okay?');
});
test('Test receiving an old message that does not contain a KEX', () async {
const aliceJid = 'alice@server.example';
const bobJid = 'bob@other.server.example';
// Alice and Bob generate their sessions
final aliceSession = await OmemoSessionManager.generateNewIdentity(
aliceJid,
AlwaysTrustingTrustManager(),
opkAmount: 1,
);
final bobSession = await OmemoSessionManager.generateNewIdentity(
bobJid,
AlwaysTrustingTrustManager(),
opkAmount: 2,
);
// Alice sends Bob a message
final msg1 = await aliceSession.encryptToJid(
bobJid,
'Hallo Welt',
newSessions: [
await bobSession.getDeviceBundle(),
],
);
await bobSession.decryptMessage(
msg1.ciphertext,
aliceJid,
await aliceSession.getDeviceId(),
msg1.encryptedKeys,
);
// Bob responds
final msg2 = await bobSession.encryptToJid(
aliceJid,
'Hello!',
);
await aliceSession.decryptMessage(
msg2.ciphertext,
bobJid,
await bobSession.getDeviceId(),
msg2.encryptedKeys,
);
// Due to some issue with the transport protocol, the first message Alice received is
// received again.
try {
await aliceSession.decryptMessage(
msg2.ciphertext,
bobJid,
await bobSession.getDeviceId(),
msg2.encryptedKeys,
);
expect(true, false);
} catch (_) {
// NOOP
}
// Due to some issue with the transport protocol, the messages to Bob are received
// again.
final ratchetPreError = bobSession
.getRatchet(aliceJid, await aliceSession.getDeviceId())
.clone();
var invalidKex = 0;
var errorCounter = 0;
for (var i = 0; i < bobsReceivedMessages.length; i++) {
final msg = bobsReceivedMessages[i];
try {
await bobSession.decryptMessage(
msg.ciphertext,
aliceJid,
await aliceSession.getDeviceId(),
msg.encryptedKeys,
bobsReceivedMessagesTimestamps[i],
);
expect(true, false);
} on InvalidMessageHMACException catch (_) {
errorCounter++;
} on InvalidKeyExchangeException catch (_) {
invalidKex++;
}
}
final ratchetPostError = bobSession
.getRatchet(aliceJid, await aliceSession.getDeviceId())
.clone();
// The 100 messages including the initial KEX message
expect(invalidKex, 1);
expect(errorCounter, 100);
expect(await ratchetPreError.equals(ratchetPostError), true);
final msg3 = await aliceSession.encryptToJid(
bobJid,
'Are you okay?',
@ -780,7 +789,6 @@ void main() {
aliceJid,
await aliceSession.getDeviceId(),
msg3.encryptedKeys,
104,
);
expect(result, 'Are you okay?');

1
test/serialisation_test.dart
View File

@ -62,7 +62,6 @@ void main() {
aliceJid,
await aliceSession.getDeviceId(),
aliceMessage.encryptedKeys,
getTimestamp(),
);
final aliceOld = aliceSession.getRatchet(bobJid, await bobSession.getDeviceId());
final aliceSerialised = jsonify(await aliceOld.toJson());