vanitasvitae
/
Smack
mirror of https://github.com/vanitasvitae/Smack.git
1
0
Fork 0
Code Issues Releases Wiki Activity
Smack/smack-omemo/src/main/java/org/jivesoftware/smackx/omemo/internal/CipherAndAuthTag.java

89 lines
2.6 KiB
Java
Raw Normal View History

Add OMEMO support This commit adds the modules smack-omemo and smack-omemo-signal. smack-omemo is licensed under the Apache license like the rest of the smack project. smack-omemo-signal on the other hand is licensed under the GPLv3. Due to the fact, that smack-omemo is not of much use without smack-omemo-signal, the OMEMO feature can currently only be used by GPLv3 compatible software. This may change in the future, when a more permissively licensed module becomes available. Fixes SMACK-743.
2017-06-02 12:26:37 +02:00
/**
*
Do not explicity select the (crypto) Provider in smack-omemo This makes the system select the "best" available provider. Also the 'BC' provider in newer Android version does not longer implement certain Ciphers, which causes an NoSuchAlgorithmException if the Cipher is requested explicitly by the 'BC' provider: E/XmppService: XmppServiceConnection - Error while sending pending messages org.jivesoftware.smackx.omemo.exceptions.CryptoFailedException: java.security.NoSuchAlgorithmException: The BC provider no longer provides an implementation for Cipher.AES/GCM/NoPadding. Please see https://android-developers.googleblog.com/2018/03/cryptography-changes-in-android-p.html for more details. at org.jivesoftware.smackx.omemo.OmemoService.encrypt(OmemoService.java:375) at org.jivesoftware.smackx.omemo.OmemoService.createOmemoMessage(OmemoService.java:537) at org.jivesoftware.smackx.omemo.OmemoManager.encrypt(OmemoManager.java:341) at org.jivesoftware.smackx.omemo.OmemoManager.encrypt(OmemoManager.java:314) at es.iecisa.xmppservice.XmppServiceConnection.lambda$sendMessage$0(XmppServiceConnection.java:516) at es.iecisa.xmppservice.-$$Lambda$XmppServiceConnection$aBU_80chagvypMTSd-aSm7pRQRY.run(Unknown Source:4) at java.lang.Thread.run(Thread.java:764) Caused by: java.security.NoSuchAlgorithmException: The BC provider no longer provides an implementation for Cipher.AES/GCM/NoPadding. Please see https://android-developers.googleblog.com/2018/03/cryptography-changes-in-android-p.html for more details. at sun.security.jca.Providers.checkBouncyCastleDeprecation(Providers.java:563) at sun.security.jca.Providers.checkBouncyCastleDeprecation(Providers.java:346) at javax.crypto.Cipher.createCipher(Cipher.java:722) at javax.crypto.Cipher.getInstance(Cipher.java:717) at javax.crypto.Cipher.getInstance(Cipher.java:674) at org.jivesoftware.smackx.omemo.util.OmemoMessageBuilder.setMessage(OmemoMessageBuilder.java:169) at org.jivesoftware.smackx.omemo.util.OmemoMessageBuilder.<init>(OmemoMessageBuilder.java:116) at org.jivesoftware.smackx.omemo.OmemoService.encrypt(OmemoService.java:372) at org.jivesoftware.smackx.omemo.OmemoService.createOmemoMessage(OmemoService.java:537) at org.jivesoftware.smackx.omemo.OmemoManager.encrypt(OmemoManager.java:341) at org.jivesoftware.smackx.omemo.OmemoManager.encrypt(OmemoManager.java:314) at es.iecisa.xmppservice.XmppServiceConnection.lambda$sendMessage$0(XmppServiceConnection.java:516) at es.iecisa.xmppservice.-$$Lambda$XmppServiceConnection$aBU_80chagvypMTSd-aSm7pRQRY.run(Unknown Source:4) at java.lang.Thread.run(Thread.java:764)
2019-04-02 15:55:31 +02:00
* Copyright 2017 Paul Schaub, 2019 Florian Schmaus
Add OMEMO support This commit adds the modules smack-omemo and smack-omemo-signal. smack-omemo is licensed under the Apache license like the rest of the smack project. smack-omemo-signal on the other hand is licensed under the GPLv3. Due to the fact, that smack-omemo is not of much use without smack-omemo-signal, the OMEMO feature can currently only be used by GPLv3 compatible software. This may change in the future, when a more permissively licensed module becomes available. Fixes SMACK-743.
2017-06-02 12:26:37 +02:00
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.jivesoftware.smackx.omemo.internal;
Add CustomImportOrder checkstyle rule And matching ImportOrder settings for Eclipse in resources/eclipse/smack.importorder
2017-06-14 17:12:43 +02:00
import static org.jivesoftware.smackx.omemo.util.OmemoConstants.Crypto.CIPHERMODE;
import static org.jivesoftware.smackx.omemo.util.OmemoConstants.Crypto.KEYTYPE;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
Add OMEMO support This commit adds the modules smack-omemo and smack-omemo-signal. smack-omemo is licensed under the Apache license like the rest of the smack project. smack-omemo-signal on the other hand is licensed under the GPLv3. Due to the fact, that smack-omemo is not of much use without smack-omemo-signal, the OMEMO feature can currently only be used by GPLv3 compatible software. This may change in the future, when a more permissively licensed module becomes available. Fixes SMACK-743.
2017-06-02 12:26:37 +02:00
import javax.crypto.Cipher;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
Add CustomImportOrder checkstyle rule And matching ImportOrder settings for Eclipse in resources/eclipse/smack.importorder
2017-06-14 17:12:43 +02:00
import org.jivesoftware.smackx.omemo.exceptions.CryptoFailedException;
Add OMEMO support This commit adds the modules smack-omemo and smack-omemo-signal. smack-omemo is licensed under the Apache license like the rest of the smack project. smack-omemo-signal on the other hand is licensed under the GPLv3. Due to the fact, that smack-omemo is not of much use without smack-omemo-signal, the OMEMO feature can currently only be used by GPLv3 compatible software. This may change in the future, when a more permissively licensed module becomes available. Fixes SMACK-743.
2017-06-02 12:26:37 +02:00
/**
* Encapsulate Cipher and AuthTag.
*
* @author Paul Schaub
*/
public class CipherAndAuthTag {
private final byte[] key, iv, authTag;
Rework support for XEP-0384: OMEMO Encryption Changes: Rework integration tests New structure of base integration test classes bump dependency on signal-protocol-java from 2.4.0 to 2.6.2 Introduced CachingOmemoStore implementations Use CachingOmemoStore classes in integration tests Removed OmemoSession classes (replaced with more logical OmemoRatchet classes) Consequently also removed load/storeOmemoSession methods from OmemoStore Removed some clutter from KeyUtil classes Moved trust decision related code from OmemoStore to TrustCallback Require authenticated connection for many functions Add async initialization function in OmemoStore Refactor omemo test package (/java/org/jivesoftware/smack/omemo -> /java/org/jivesoftware/smackx) Remove OmemoStore method isFreshInstallation() as well as defaultDeviceId related stuff FileBasedOmemoStore: Add cleaner methods to store/load base data types (Using tryWithResource, only for future releases, once Android API gets bumped) Attempt to make OmemoManager thread safe new logic for getInstanceFor() deviceId determination OmemoManagers encrypt methods now don't throw exceptions when encryption for some devices fails. Instead message gets encrypted when possible and more information about failures gets returned alongside the message itself Added OmemoMessage class for that purpose Reworked entire OmemoService class Use safer logic for creating trust-ignoring messages (like ratchet-update messages) Restructure elements/provider in order to prepare for OMEMO namespace bumps Remove OmemoManager.regenerate() methods in favor of getInstanceFor(connection, randomDeviceId) Removed some unnecessary configuration options Prepare for support of more AES message key types Simplify session creation Where possible, avoid side effects in methods Add UntrustedOmemoIdentityException Add TrustState enum More improved tests
2018-06-13 12:29:16 +02:00
private final boolean wasPreKey;
Add OMEMO support This commit adds the modules smack-omemo and smack-omemo-signal. smack-omemo is licensed under the Apache license like the rest of the smack project. smack-omemo-signal on the other hand is licensed under the GPLv3. Due to the fact, that smack-omemo is not of much use without smack-omemo-signal, the OMEMO feature can currently only be used by GPLv3 compatible software. This may change in the future, when a more permissively licensed module becomes available. Fixes SMACK-743.
2017-06-02 12:26:37 +02:00
Rework support for XEP-0384: OMEMO Encryption Changes: Rework integration tests New structure of base integration test classes bump dependency on signal-protocol-java from 2.4.0 to 2.6.2 Introduced CachingOmemoStore implementations Use CachingOmemoStore classes in integration tests Removed OmemoSession classes (replaced with more logical OmemoRatchet classes) Consequently also removed load/storeOmemoSession methods from OmemoStore Removed some clutter from KeyUtil classes Moved trust decision related code from OmemoStore to TrustCallback Require authenticated connection for many functions Add async initialization function in OmemoStore Refactor omemo test package (/java/org/jivesoftware/smack/omemo -> /java/org/jivesoftware/smackx) Remove OmemoStore method isFreshInstallation() as well as defaultDeviceId related stuff FileBasedOmemoStore: Add cleaner methods to store/load base data types (Using tryWithResource, only for future releases, once Android API gets bumped) Attempt to make OmemoManager thread safe new logic for getInstanceFor() deviceId determination OmemoManagers encrypt methods now don't throw exceptions when encryption for some devices fails. Instead message gets encrypted when possible and more information about failures gets returned alongside the message itself Added OmemoMessage class for that purpose Reworked entire OmemoService class Use safer logic for creating trust-ignoring messages (like ratchet-update messages) Restructure elements/provider in order to prepare for OMEMO namespace bumps Remove OmemoManager.regenerate() methods in favor of getInstanceFor(connection, randomDeviceId) Removed some unnecessary configuration options Prepare for support of more AES message key types Simplify session creation Where possible, avoid side effects in methods Add UntrustedOmemoIdentityException Add TrustState enum More improved tests
2018-06-13 12:29:16 +02:00
public CipherAndAuthTag(byte[] key, byte[] iv, byte[] authTag, boolean wasPreKey) {
Add OMEMO support This commit adds the modules smack-omemo and smack-omemo-signal. smack-omemo is licensed under the Apache license like the rest of the smack project. smack-omemo-signal on the other hand is licensed under the GPLv3. Due to the fact, that smack-omemo is not of much use without smack-omemo-signal, the OMEMO feature can currently only be used by GPLv3 compatible software. This may change in the future, when a more permissively licensed module becomes available. Fixes SMACK-743.
2017-06-02 12:26:37 +02:00
this.authTag = authTag;
this.key = key;
this.iv = iv;
Rework support for XEP-0384: OMEMO Encryption Changes: Rework integration tests New structure of base integration test classes bump dependency on signal-protocol-java from 2.4.0 to 2.6.2 Introduced CachingOmemoStore implementations Use CachingOmemoStore classes in integration tests Removed OmemoSession classes (replaced with more logical OmemoRatchet classes) Consequently also removed load/storeOmemoSession methods from OmemoStore Removed some clutter from KeyUtil classes Moved trust decision related code from OmemoStore to TrustCallback Require authenticated connection for many functions Add async initialization function in OmemoStore Refactor omemo test package (/java/org/jivesoftware/smack/omemo -> /java/org/jivesoftware/smackx) Remove OmemoStore method isFreshInstallation() as well as defaultDeviceId related stuff FileBasedOmemoStore: Add cleaner methods to store/load base data types (Using tryWithResource, only for future releases, once Android API gets bumped) Attempt to make OmemoManager thread safe new logic for getInstanceFor() deviceId determination OmemoManagers encrypt methods now don't throw exceptions when encryption for some devices fails. Instead message gets encrypted when possible and more information about failures gets returned alongside the message itself Added OmemoMessage class for that purpose Reworked entire OmemoService class Use safer logic for creating trust-ignoring messages (like ratchet-update messages) Restructure elements/provider in order to prepare for OMEMO namespace bumps Remove OmemoManager.regenerate() methods in favor of getInstanceFor(connection, randomDeviceId) Removed some unnecessary configuration options Prepare for support of more AES message key types Simplify session creation Where possible, avoid side effects in methods Add UntrustedOmemoIdentityException Add TrustState enum More improved tests
2018-06-13 12:29:16 +02:00
this.wasPreKey = wasPreKey;
Add OMEMO support This commit adds the modules smack-omemo and smack-omemo-signal. smack-omemo is licensed under the Apache license like the rest of the smack project. smack-omemo-signal on the other hand is licensed under the GPLv3. Due to the fact, that smack-omemo is not of much use without smack-omemo-signal, the OMEMO feature can currently only be used by GPLv3 compatible software. This may change in the future, when a more permissively licensed module becomes available. Fixes SMACK-743.
2017-06-02 12:26:37 +02:00
}
public Cipher getCipher() throws CryptoFailedException {
Cipher cipher;
try {
Do not explicity select the (crypto) Provider in smack-omemo This makes the system select the "best" available provider. Also the 'BC' provider in newer Android version does not longer implement certain Ciphers, which causes an NoSuchAlgorithmException if the Cipher is requested explicitly by the 'BC' provider: E/XmppService: XmppServiceConnection - Error while sending pending messages org.jivesoftware.smackx.omemo.exceptions.CryptoFailedException: java.security.NoSuchAlgorithmException: The BC provider no longer provides an implementation for Cipher.AES/GCM/NoPadding. Please see https://android-developers.googleblog.com/2018/03/cryptography-changes-in-android-p.html for more details. at org.jivesoftware.smackx.omemo.OmemoService.encrypt(OmemoService.java:375) at org.jivesoftware.smackx.omemo.OmemoService.createOmemoMessage(OmemoService.java:537) at org.jivesoftware.smackx.omemo.OmemoManager.encrypt(OmemoManager.java:341) at org.jivesoftware.smackx.omemo.OmemoManager.encrypt(OmemoManager.java:314) at es.iecisa.xmppservice.XmppServiceConnection.lambda$sendMessage$0(XmppServiceConnection.java:516) at es.iecisa.xmppservice.-$$Lambda$XmppServiceConnection$aBU_80chagvypMTSd-aSm7pRQRY.run(Unknown Source:4) at java.lang.Thread.run(Thread.java:764) Caused by: java.security.NoSuchAlgorithmException: The BC provider no longer provides an implementation for Cipher.AES/GCM/NoPadding. Please see https://android-developers.googleblog.com/2018/03/cryptography-changes-in-android-p.html for more details. at sun.security.jca.Providers.checkBouncyCastleDeprecation(Providers.java:563) at sun.security.jca.Providers.checkBouncyCastleDeprecation(Providers.java:346) at javax.crypto.Cipher.createCipher(Cipher.java:722) at javax.crypto.Cipher.getInstance(Cipher.java:717) at javax.crypto.Cipher.getInstance(Cipher.java:674) at org.jivesoftware.smackx.omemo.util.OmemoMessageBuilder.setMessage(OmemoMessageBuilder.java:169) at org.jivesoftware.smackx.omemo.util.OmemoMessageBuilder.<init>(OmemoMessageBuilder.java:116) at org.jivesoftware.smackx.omemo.OmemoService.encrypt(OmemoService.java:372) at org.jivesoftware.smackx.omemo.OmemoService.createOmemoMessage(OmemoService.java:537) at org.jivesoftware.smackx.omemo.OmemoManager.encrypt(OmemoManager.java:341) at org.jivesoftware.smackx.omemo.OmemoManager.encrypt(OmemoManager.java:314) at es.iecisa.xmppservice.XmppServiceConnection.lambda$sendMessage$0(XmppServiceConnection.java:516) at es.iecisa.xmppservice.-$$Lambda$XmppServiceConnection$aBU_80chagvypMTSd-aSm7pRQRY.run(Unknown Source:4) at java.lang.Thread.run(Thread.java:764)
2019-04-02 15:55:31 +02:00
cipher = Cipher.getInstance(CIPHERMODE);
Add OMEMO support This commit adds the modules smack-omemo and smack-omemo-signal. smack-omemo is licensed under the Apache license like the rest of the smack project. smack-omemo-signal on the other hand is licensed under the GPLv3. Due to the fact, that smack-omemo is not of much use without smack-omemo-signal, the OMEMO feature can currently only be used by GPLv3 compatible software. This may change in the future, when a more permissively licensed module becomes available. Fixes SMACK-743.
2017-06-02 12:26:37 +02:00
SecretKeySpec keySpec = new SecretKeySpec(key, KEYTYPE);
IvParameterSpec ivSpec = new IvParameterSpec(iv);
cipher.init(Cipher.DECRYPT_MODE, keySpec, ivSpec);
} catch (NoSuchAlgorithmException | java.security.InvalidKeyException |
InvalidAlgorithmParameterException |
Do not explicity select the (crypto) Provider in smack-omemo This makes the system select the "best" available provider. Also the 'BC' provider in newer Android version does not longer implement certain Ciphers, which causes an NoSuchAlgorithmException if the Cipher is requested explicitly by the 'BC' provider: E/XmppService: XmppServiceConnection - Error while sending pending messages org.jivesoftware.smackx.omemo.exceptions.CryptoFailedException: java.security.NoSuchAlgorithmException: The BC provider no longer provides an implementation for Cipher.AES/GCM/NoPadding. Please see https://android-developers.googleblog.com/2018/03/cryptography-changes-in-android-p.html for more details. at org.jivesoftware.smackx.omemo.OmemoService.encrypt(OmemoService.java:375) at org.jivesoftware.smackx.omemo.OmemoService.createOmemoMessage(OmemoService.java:537) at org.jivesoftware.smackx.omemo.OmemoManager.encrypt(OmemoManager.java:341) at org.jivesoftware.smackx.omemo.OmemoManager.encrypt(OmemoManager.java:314) at es.iecisa.xmppservice.XmppServiceConnection.lambda$sendMessage$0(XmppServiceConnection.java:516) at es.iecisa.xmppservice.-$$Lambda$XmppServiceConnection$aBU_80chagvypMTSd-aSm7pRQRY.run(Unknown Source:4) at java.lang.Thread.run(Thread.java:764) Caused by: java.security.NoSuchAlgorithmException: The BC provider no longer provides an implementation for Cipher.AES/GCM/NoPadding. Please see https://android-developers.googleblog.com/2018/03/cryptography-changes-in-android-p.html for more details. at sun.security.jca.Providers.checkBouncyCastleDeprecation(Providers.java:563) at sun.security.jca.Providers.checkBouncyCastleDeprecation(Providers.java:346) at javax.crypto.Cipher.createCipher(Cipher.java:722) at javax.crypto.Cipher.getInstance(Cipher.java:717) at javax.crypto.Cipher.getInstance(Cipher.java:674) at org.jivesoftware.smackx.omemo.util.OmemoMessageBuilder.setMessage(OmemoMessageBuilder.java:169) at org.jivesoftware.smackx.omemo.util.OmemoMessageBuilder.<init>(OmemoMessageBuilder.java:116) at org.jivesoftware.smackx.omemo.OmemoService.encrypt(OmemoService.java:372) at org.jivesoftware.smackx.omemo.OmemoService.createOmemoMessage(OmemoService.java:537) at org.jivesoftware.smackx.omemo.OmemoManager.encrypt(OmemoManager.java:341) at org.jivesoftware.smackx.omemo.OmemoManager.encrypt(OmemoManager.java:314) at es.iecisa.xmppservice.XmppServiceConnection.lambda$sendMessage$0(XmppServiceConnection.java:516) at es.iecisa.xmppservice.-$$Lambda$XmppServiceConnection$aBU_80chagvypMTSd-aSm7pRQRY.run(Unknown Source:4) at java.lang.Thread.run(Thread.java:764)
2019-04-02 15:55:31 +02:00
NoSuchPaddingException e) {
Add OMEMO support This commit adds the modules smack-omemo and smack-omemo-signal. smack-omemo is licensed under the Apache license like the rest of the smack project. smack-omemo-signal on the other hand is licensed under the GPLv3. Due to the fact, that smack-omemo is not of much use without smack-omemo-signal, the OMEMO feature can currently only be used by GPLv3 compatible software. This may change in the future, when a more permissively licensed module becomes available. Fixes SMACK-743.
2017-06-02 12:26:37 +02:00
throw new CryptoFailedException(e);
}
return cipher;
}
public byte[] getAuthTag() {
if (authTag != null) {
return authTag.clone();
}
return null;
}
public byte[] getKey() {
if (key != null) {
return key.clone();
}
return null;
}
public byte[] getIv() {
if (iv != null) {
return iv.clone();
}
return null;
}
Rework support for XEP-0384: OMEMO Encryption Changes: Rework integration tests New structure of base integration test classes bump dependency on signal-protocol-java from 2.4.0 to 2.6.2 Introduced CachingOmemoStore implementations Use CachingOmemoStore classes in integration tests Removed OmemoSession classes (replaced with more logical OmemoRatchet classes) Consequently also removed load/storeOmemoSession methods from OmemoStore Removed some clutter from KeyUtil classes Moved trust decision related code from OmemoStore to TrustCallback Require authenticated connection for many functions Add async initialization function in OmemoStore Refactor omemo test package (/java/org/jivesoftware/smack/omemo -> /java/org/jivesoftware/smackx) Remove OmemoStore method isFreshInstallation() as well as defaultDeviceId related stuff FileBasedOmemoStore: Add cleaner methods to store/load base data types (Using tryWithResource, only for future releases, once Android API gets bumped) Attempt to make OmemoManager thread safe new logic for getInstanceFor() deviceId determination OmemoManagers encrypt methods now don't throw exceptions when encryption for some devices fails. Instead message gets encrypted when possible and more information about failures gets returned alongside the message itself Added OmemoMessage class for that purpose Reworked entire OmemoService class Use safer logic for creating trust-ignoring messages (like ratchet-update messages) Restructure elements/provider in order to prepare for OMEMO namespace bumps Remove OmemoManager.regenerate() methods in favor of getInstanceFor(connection, randomDeviceId) Removed some unnecessary configuration options Prepare for support of more AES message key types Simplify session creation Where possible, avoid side effects in methods Add UntrustedOmemoIdentityException Add TrustState enum More improved tests
2018-06-13 12:29:16 +02:00
public boolean wasPreKeyEncrypted() {
return wasPreKey;
}
Add OMEMO support This commit adds the modules smack-omemo and smack-omemo-signal. smack-omemo is licensed under the Apache license like the rest of the smack project. smack-omemo-signal on the other hand is licensed under the GPLv3. Due to the fact, that smack-omemo is not of much use without smack-omemo-signal, the OMEMO feature can currently only be used by GPLv3 compatible software. This may change in the future, when a more permissively licensed module becomes available. Fixes SMACK-743.
2017-06-02 12:26:37 +02:00
}