1
0
Fork 0
mirror of https://github.com/vanitasvitae/Smack.git synced 2024-12-24 19:47:58 +01:00

More progress on JET

This commit is contained in:
vanitasvitae 2017-07-30 22:31:29 +02:00
parent c82b25ea09
commit b0b46ad167
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311
12 changed files with 339 additions and 65 deletions

View file

@ -0,0 +1,43 @@
/**
*
* Copyright 2017 Paul Schaub
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.jivesoftware.smackx.ciphers;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import javax.crypto.NoSuchPaddingException;
public class Aes128GcmNoPadding extends AesGcmNoPadding {
public static final String NAMESPACE = "urn:xmpp:ciphers:aes-128-gcm-nopadding:0";
public Aes128GcmNoPadding() throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException,
NoSuchProviderException, InvalidAlgorithmParameterException {
super(128);
}
public Aes128GcmNoPadding(byte[] keyAndIv) throws NoSuchProviderException, InvalidAlgorithmParameterException,
NoSuchAlgorithmException, InvalidKeyException, NoSuchPaddingException {
super(AesGcmNoPadding.copyOfRange(keyAndIv, 0, keyAndIv.length / 2), //Key
AesGcmNoPadding.copyOfRange(keyAndIv, keyAndIv.length / 2, keyAndIv.length / 2)); //IV
}
@Override
public String getNamespace() {
return NAMESPACE;
}
}

View file

@ -0,0 +1,43 @@
/**
*
* Copyright 2017 Paul Schaub
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.jivesoftware.smackx.ciphers;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import javax.crypto.NoSuchPaddingException;
public class Aes256GcmNoPadding extends AesGcmNoPadding {
public static final String NAMESPACE = "urn:xmpp:ciphers:aes-256-gcm-nopadding:0";
public Aes256GcmNoPadding() throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException,
NoSuchProviderException, InvalidAlgorithmParameterException {
super(256);
}
public Aes256GcmNoPadding(byte[] keyAndIv) throws NoSuchProviderException, InvalidAlgorithmParameterException,
NoSuchAlgorithmException, InvalidKeyException, NoSuchPaddingException {
super(AesGcmNoPadding.copyOfRange(keyAndIv, 0, keyAndIv.length / 2), //Key
AesGcmNoPadding.copyOfRange(keyAndIv, keyAndIv.length / 2, keyAndIv.length / 2)); //IV
}
@Override
public String getNamespace() {
return NAMESPACE;
}
}

View file

@ -0,0 +1,105 @@
/**
*
* Copyright 2017 Paul Schaub
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.jivesoftware.smackx.ciphers;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
public abstract class AesGcmNoPadding {
public static final String keyType = "AES";
public static final String cipherMode = "AES/GCM/NoPadding";
private final int length;
protected final Cipher cipher;
protected final byte[] key, iv, keyAndIv;
public AesGcmNoPadding(int length) throws NoSuchAlgorithmException, NoSuchProviderException,
NoSuchPaddingException, InvalidAlgorithmParameterException, InvalidKeyException {
this.length = length;
KeyGenerator keyGenerator = KeyGenerator.getInstance(keyType);
keyGenerator.init(length);
key = keyGenerator.generateKey().getEncoded();
SecureRandom secureRandom = new SecureRandom();
iv = new byte[length];
secureRandom.nextBytes(iv);
keyAndIv = new byte[2 * length];
System.arraycopy(key, 0, keyAndIv, 0, length);
System.arraycopy(iv, 0, keyAndIv, length, length);
SecretKey secretKey = new SecretKeySpec(key, keyType);
IvParameterSpec ivSpec = new IvParameterSpec(iv);
cipher = Cipher.getInstance(cipherMode, "BC");
cipher.init(Cipher.ENCRYPT_MODE, secretKey, ivSpec);
}
public AesGcmNoPadding(byte[] key, byte[] iv) throws NoSuchPaddingException, NoSuchAlgorithmException,
NoSuchProviderException, InvalidAlgorithmParameterException, InvalidKeyException {
this.length = key.length;
this.key = key;
this.iv = iv;
keyAndIv = new byte[2 * length];
System.arraycopy(key, 0, keyAndIv, 0, length);
System.arraycopy(iv, 0, keyAndIv, length, length);
cipher = Cipher.getInstance(cipherMode, "BC");
SecretKeySpec keySpec = new SecretKeySpec(key, keyType);
IvParameterSpec ivSpec = new IvParameterSpec(iv);
cipher.init(Cipher.DECRYPT_MODE, keySpec, ivSpec);
}
public byte[] getKeyAndIv() {
return keyAndIv.clone();
}
public byte[] getKey() {
return key.clone();
}
public byte[] getIv() {
return iv.clone();
}
public int getLength() {
return length;
}
public Cipher getCipher() {
return cipher;
}
public abstract String getNamespace();
public static byte[] copyOfRange(byte[] source, int start, int end) {
byte[] copy = new byte[end - start];
System.arraycopy(source, start, copy, 0, end - start);
return copy;
}
}

View file

@ -0,0 +1,22 @@
/**
*
* Copyright 2017 Paul Schaub
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/**
* Smack's API for XEP-XXXX: Ciphers</a>.
* This contains some AES cipher utility functions.
*/
package org.jivesoftware.smackx.ciphers;

View file

@ -20,13 +20,14 @@ import java.io.File;
import java.util.HashMap;
import java.util.Map;
import java.util.WeakHashMap;
import java.util.logging.Logger;
import org.jivesoftware.smack.Manager;
import org.jivesoftware.smack.XMPPConnection;
import org.jivesoftware.smackx.jet.internal.JetSecurity;
import org.jivesoftware.smackx.jft.JingleFileTransferManager;
import org.jivesoftware.smackx.jft.controller.OutgoingFileOfferController;
import org.jivesoftware.smackx.jft.internal.JingleOutgoingFileOffer;
import org.jivesoftware.smackx.jingle.JingleDescriptionManager;
import org.jivesoftware.smackx.jingle.JingleManager;
import org.jivesoftware.smackx.jingle.JingleTransportManager;
import org.jivesoftware.smackx.jingle.components.JingleContent;
@ -39,16 +40,17 @@ import org.jxmpp.jid.FullJid;
/**
* Manager for Jingle Encrypted Transfers (XEP-XXXX).
*/
public final class JetManager extends Manager {
private static final Logger LOGGER = Logger.getLogger(JetManager.class.getName());
public final class JetManager extends Manager implements JingleDescriptionManager {
private static final WeakHashMap<XMPPConnection, JetManager> INSTANCES = new WeakHashMap<>();
private static final Map<String, JingleEncryptionMethod> encryptionMethods = new HashMap<>();
private final JingleManager jingleManager;
static {
JingleManager.addJingleSecurityAdapter(new JetSecurityAdapter());
}
private JetManager(XMPPConnection connection) {
super(connection);
this.jingleManager = JingleManager.getInstanceFor(connection);
@ -65,7 +67,7 @@ public final class JetManager extends Manager {
return manager;
}
public OutgoingFileOfferController sendEncryptedFile(FullJid recipient, File file, String encryptionMethodNamespace) throws Exception {
public OutgoingFileOfferController sendEncryptedFile(FullJid recipient, File file, JingleEncryptionMethod method) throws Exception {
if (file == null || !file.exists()) {
throw new IllegalArgumentException("File MUST NOT be null and MUST exist.");
}
@ -81,16 +83,15 @@ public final class JetManager extends Manager {
JingleTransportManager transportManager = jingleManager.getBestAvailableTransportManager();
content.setTransport(transportManager.createTransport(content));
JetSecurity security = new JetSecurity(encryptionMethodNamespace, connection());
JetSecurity security = new JetSecurity(method, recipient, content.getName());
content.setSecurity(security);
session.initiate(connection());
return offer;
}
public void registerEncryptionMethod(String namespace, JingleEncryptionMethod method) {
encryptionMethods.put(namespace, method);
public void registerEncryptionMethod(JingleEncryptionMethod method) {
encryptionMethods.put(method.getNamespace(), method);
}
public void unregisterEncryptionMethod(String namespace) {
@ -101,4 +102,18 @@ public final class JetManager extends Manager {
return encryptionMethods.get(namespace);
}
@Override
public String getNamespace() {
return JetSecurity.NAMESPACE;
}
@Override
public void notifySessionInitiate(JingleSession session) {
JingleFileTransferManager.getInstanceFor(connection()).notifySessionInitiate(session);
}
@Override
public void notifyContentAdd(JingleSession session, JingleContent content) {
JingleFileTransferManager.getInstanceFor(connection()).notifyContentAdd(session, content);
}
}

View file

@ -0,0 +1,35 @@
/**
*
* Copyright 2017 Paul Schaub
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.jivesoftware.smackx.jet;
import org.jivesoftware.smackx.jet.element.JetSecurityElement;
import org.jivesoftware.smackx.jet.internal.JetSecurity;
import org.jivesoftware.smackx.jingle.adapter.JingleSecurityAdapter;
import org.jivesoftware.smackx.jingle.element.JingleContentSecurityElement;
public class JetSecurityAdapter implements JingleSecurityAdapter<JetSecurity> {
@Override
public JetSecurity securityFromElement(JingleContentSecurityElement element) {
return new JetSecurity((JetSecurityElement) element);
}
@Override
public String getNamespace() {
return JetSecurity.NAMESPACE;
}
}

View file

@ -19,6 +19,7 @@ package org.jivesoftware.smackx.jet;
import java.security.NoSuchAlgorithmException;
import org.jivesoftware.smack.SmackException;
import org.jivesoftware.smack.XMPPConnection;
import org.jivesoftware.smack.XMPPException;
import org.jivesoftware.smack.packet.ExtensionElement;
@ -40,4 +41,8 @@ public interface JingleEncryptionMethod {
super(throwable);
}
}
XMPPConnection getConnection();
String getNamespace();
}

View file

@ -57,4 +57,16 @@ public class JetSecurityElement extends JingleContentSecurityElement {
public String getNamespace() {
return JetSecurity.NAMESPACE;
}
public String getMethodNamespace() {
return child.getNamespace();
}
public ExtensionElement getChild() {
return child;
}
public String getName() {
return name;
}
}

View file

@ -20,18 +20,14 @@ import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.jivesoftware.smack.XMPPConnection;
import org.jivesoftware.smack.SmackException;
import org.jivesoftware.smack.XMPPException;
import org.jivesoftware.smack.packet.ExtensionElement;
import org.jivesoftware.smackx.bytestreams.BytestreamSession;
import org.jivesoftware.smackx.jet.JetManager;
import org.jivesoftware.smackx.ciphers.Aes256GcmNoPadding;
import org.jivesoftware.smackx.ciphers.AesGcmNoPadding;
import org.jivesoftware.smackx.jet.JingleEncryptionMethod;
import org.jivesoftware.smackx.jet.element.JetSecurityElement;
import org.jivesoftware.smackx.jingle.callbacks.JingleSecurityCallback;
@ -39,6 +35,8 @@ import org.jivesoftware.smackx.jingle.components.JingleSecurity;
import org.jivesoftware.smackx.jingle.element.JingleContentSecurityInfoElement;
import org.jivesoftware.smackx.jingle.element.JingleElement;
import org.jxmpp.jid.FullJid;
/**
* Created by vanitas on 22.07.17.
*/
@ -49,49 +47,35 @@ public class JetSecurity extends JingleSecurity<JetSecurityElement> {
private final String methodNamespace;
private final Cipher cipher;
private AesGcmNoPadding aesKey;
private ExtensionElement child;
private String name;
public JetSecurity(Cipher cipher, ExtensionElement child) {
public JetSecurity(JetSecurityElement element) {
super();
this.cipher = cipher;
this.child = child;
this.methodNamespace = child.getNamespace();
this.child = element.getChild();
this.methodNamespace = element.getMethodNamespace();
this.name = element.getName();
}
public JetSecurity(String methodNamespace, XMPPConnection connection)
public JetSecurity(JingleEncryptionMethod method, FullJid recipient, String name)
throws NoSuchAlgorithmException, NoSuchProviderException, NoSuchPaddingException,
InvalidAlgorithmParameterException, InvalidKeyException {
this.methodNamespace = methodNamespace;
InvalidAlgorithmParameterException, InvalidKeyException, InterruptedException,
JingleEncryptionMethod.JingleEncryptionException, SmackException.NotConnectedException,
SmackException.NoResponseException {
JetManager jetManager = JetManager.getInstanceFor(connection);
JingleEncryptionMethod encryptionMethod = jetManager.getEncryptionMethod(methodNamespace);
if (encryptionMethod == null) {
throw new IllegalStateException("No encryption method with namespace " + methodNamespace + " registered.");
}
this.methodNamespace = method.getNamespace();
this.aesKey = new Aes256GcmNoPadding();
this.child = method.encryptJingleTransfer(recipient, aesKey.getKeyAndIv());
this.name = name;
}
//Create key and cipher
int keyLength = 256;
String keyType = "AES";
String cipherMode = "AES/GCM/NoPadding";
KeyGenerator keyGenerator = KeyGenerator.getInstance(keyType);
keyGenerator.init(keyLength);
byte[] key = keyGenerator.generateKey().getEncoded();
SecureRandom secureRandom = new SecureRandom();
byte[] iv = new byte[keyLength];
secureRandom.nextBytes(iv);
byte[] keyAndIv = new byte[2 * keyLength];
System.arraycopy(key, 0, keyAndIv, 0, keyLength);
System.arraycopy(iv, 0, keyAndIv, keyLength, keyLength);
SecretKey secretKey = new SecretKeySpec(key, keyType);
IvParameterSpec ivSpec = new IvParameterSpec(iv);
cipher = Cipher.getInstance(cipherMode, "BC");
cipher.init(Cipher.ENCRYPT_MODE, secretKey, ivSpec);
public void decryptEncryptionKey(JingleEncryptionMethod method, FullJid sender)
throws InterruptedException, JingleEncryptionMethod.JingleEncryptionException, XMPPException.XMPPErrorException,
SmackException.NotConnectedException, SmackException.NoResponseException, NoSuchAlgorithmException,
InvalidAlgorithmParameterException, NoSuchProviderException, InvalidKeyException, NoSuchPaddingException {
byte[] keyAndIv = method.decryptJingleTransfer(sender, child);
aesKey = new Aes256GcmNoPadding(keyAndIv);
}
@Override
@ -106,13 +90,20 @@ public class JetSecurity extends JingleSecurity<JetSecurityElement> {
@Override
public void decryptIncomingBytestream(BytestreamSession bytestreamSession, JingleSecurityCallback callback) {
JetSecurityBytestreamSession securityBytestreamSession = new JetSecurityBytestreamSession(bytestreamSession, cipher);
if (aesKey == null) {
throw new IllegalStateException("Encryption key has not yet been decrypted.");
}
JetSecurityBytestreamSession securityBytestreamSession = new JetSecurityBytestreamSession(bytestreamSession, aesKey.getCipher());
callback.onSecurityReady(securityBytestreamSession);
}
@Override
public void encryptIncomingBytestream(BytestreamSession bytestreamSession, JingleSecurityCallback callback) {
JetSecurityBytestreamSession securityBytestreamSession = new JetSecurityBytestreamSession(bytestreamSession, cipher);
public void encryptOutgoingBytestream(BytestreamSession bytestreamSession, JingleSecurityCallback callback) {
JetSecurityBytestreamSession securityBytestreamSession = new JetSecurityBytestreamSession(bytestreamSession, aesKey.getCipher());
callback.onSecurityReady(securityBytestreamSession);
}
public String getMethodNamespace() {
return methodNamespace;
}
}

View file

@ -102,8 +102,7 @@ public class JingleContent implements JingleTransportCallback, JingleSecurityCal
if (descriptionAdapter != null) {
description = descriptionAdapter.descriptionFromElement(content.getCreator(), content.getSenders(), content.getName(), content.getDisposition(), descriptionElement);
} else {
throw new AssertionError("DescriptionProvider for " + descriptionElement.getNamespace() +
" seems to be registered, but no corresponding JingleDescriptionAdapter was found.");
throw new AssertionError("Unsupported Description: " + descriptionElement.getNamespace());
}
}
@ -113,8 +112,7 @@ public class JingleContent implements JingleTransportCallback, JingleSecurityCal
if (transportAdapter != null) {
transport = transportAdapter.transportFromElement(transportElement);
} else {
throw new AssertionError("TransportProvider for " + transportElement.getNamespace() +
" seems to be registered, but no corresponding JingleTransportAdapter was found.");
throw new AssertionError("Unsupported Transport: " + transportElement.getNamespace());
}
}
@ -124,8 +122,7 @@ public class JingleContent implements JingleTransportCallback, JingleSecurityCal
if (securityAdapter != null) {
security = securityAdapter.securityFromElement(securityElement);
} else {
throw new AssertionError("SecurityProvider for " + securityElement.getNamespace() +
" seems to be registered, but no corresponding JingleSecurityAdapter was found.");
throw new AssertionError("Unsupported Security: " + securityElement.getNamespace());
}
}
@ -341,7 +338,7 @@ public class JingleContent implements JingleTransportCallback, JingleSecurityCal
getSecurity().decryptIncomingBytestream(bytestreamSession, this);
} else if (isSending()) {
LOGGER.log(Level.INFO, "Encrypt outgoing Bytestream.");
getSecurity().encryptIncomingBytestream(bytestreamSession, this);
getSecurity().encryptOutgoingBytestream(bytestreamSession, this);
}
} else {
description.onBytestreamReady(bytestreamSession);

View file

@ -45,5 +45,5 @@ public abstract class JingleSecurity<D extends JingleContentSecurityElement> {
public abstract void decryptIncomingBytestream(BytestreamSession bytestreamSession, JingleSecurityCallback callback);
public abstract void encryptIncomingBytestream(BytestreamSession bytestreamSession, JingleSecurityCallback callbacks);
public abstract void encryptOutgoingBytestream(BytestreamSession bytestreamSession, JingleSecurityCallback callbacks);
}

View file

@ -799,10 +799,16 @@ public final class OmemoManager extends Manager implements JingleEncryptionMetho
*
* @return the connection of this manager
*/
XMPPConnection getConnection() {
@Override
public XMPPConnection getConnection() {
return connection();
}
@Override
public String getNamespace() {
return OMEMO_NAMESPACE_V_AXOLOTL;
}
/**
* Return the OMEMO service object.
*