void SessionBuilder::process(const PreKeyBundle &preKey)
{
if (!identityKeyStore->isTrustedIdentity(recipientId, preKey.getIdentityKey())) {
throw UntrustedIdentityException(QString("Untrusted identity: %1").arg(recipientId));
}
if (!preKey.getSignedPreKey().serialize().isEmpty() &&
!Curve::verifySignature(preKey.getSignedPreKey(),
preKey.getIdentityKey().getPublicKey().serialize(),
preKey.getSignedPreKeySignature()))
{
qWarning() << preKey.getIdentityKey().getPublicKey().serialize().toHex();
qWarning() << preKey.getSignedPreKey().serialize().toHex();
qWarning() << preKey.getSignedPreKeySignature().toHex();
throw InvalidKeyException("Invalid signature on device key!");
}
if (preKey.getSignedPreKey().serialize().isEmpty() && preKey.getPreKey().serialize().isEmpty()) {
throw InvalidKeyException("Both signed and unsigned prekeys are absent!");
}
bool supportsV3 = !preKey.getSignedPreKey().serialize().isEmpty();
SessionRecord *sessionRecord = sessionStore->loadSession(recipientId, deviceId);
ECKeyPair ourBaseKey = Curve::generateKeyPair();
DjbECPublicKey theirSignedPreKey = supportsV3 ? preKey.getSignedPreKey() : preKey.getPreKey();
DjbECPublicKey theirOneTimePreKey = preKey.getPreKey();
int theirOneTimePreKeyId = theirOneTimePreKey.serialize().isEmpty() ? -1 : preKey.getPreKeyId();
AliceAxolotlParameters parameters;
parameters.setOurBaseKey(ourBaseKey);
parameters.setOurIdentityKey(identityKeyStore->getIdentityKeyPair());
parameters.setTheirIdentityKey(preKey.getIdentityKey());
parameters.setTheirSignedPreKey(theirSignedPreKey);
parameters.setTheirRatchetKey(theirSignedPreKey);
if (supportsV3) {
parameters.setTheirOneTimePreKey(theirOneTimePreKey);
}
if (!sessionRecord->isFresh()) sessionRecord->archiveCurrentState();
RatchetingSession::initializeSession(sessionRecord->getSessionState(),
supportsV3 ? 3 : 2,
parameters);
sessionRecord->getSessionState()->setUnacknowledgedPreKeyMessage(theirOneTimePreKeyId, preKey.getSignedPreKeyId(), ourBaseKey.getPublicKey());
sessionRecord->getSessionState()->setLocalRegistrationId(identityKeyStore->getLocalRegistrationId());
sessionRecord->getSessionState()->setRemoteRegistrationId(preKey.getRegistrationId());
sessionRecord->getSessionState()->setAliceBaseKey(ourBaseKey.getPublicKey().serialize());
sessionStore->storeSession(recipientId, deviceId, sessionRecord);
identityKeyStore->saveIdentity(recipientId, preKey.getIdentityKey());
}
TPElement* OpenSSLRSAPermutation::invert(TPElement * tpEl) {
if (!isKeySet())
throw IllegalStateException("keys aren't set");
// If only the public key was set and not the private key - can't do the invert, throw exception.
if (privKey == NULL && pubKey != NULL)
throw InvalidKeyException("in order to decrypt a message, this object must be initialized with private key");
RSAElement * rsaEl = dynamic_cast<RSAElement *>(tpEl);
if (!rsaEl)
throw invalid_argument("trapdoor element type doesn't match the trapdoor permutation type");
// gets the pointer for the native object.
biginteger elementP = rsaEl->getElement();
// Allocate a new byte array to hold the output.
int size = RSA_size(rsa);
std::shared_ptr<byte> ret(new byte[size], std::default_delete<byte[]>());
size_t encodedSize = bytesCount(elementP);
std::shared_ptr<byte> encodedBi(new byte[encodedSize], std::default_delete<byte[]>());
encodeBigInteger(elementP, encodedBi.get(), encodedSize);
string st(encodedBi.get(), encodedBi.get()+encodedSize);
// invert the RSA permutation on the given bytes.
int sucess = RSA_private_decrypt(encodedSize, encodedBi.get(), ret.get(), rsa, RSA_NO_PADDING);
biginteger resValue = decodeBigInteger(ret.get(), size);
// creates and initialize a RSAElement with the result.
RSAElement * returnEl = new RSAElement(modulus, resValue, false);
return returnEl; // return the result TPElement.
}
SteadyStateSolver* SteadyStateSolverFactory::New(std::string name, ExecutableModel* m) const {
for (SteadyStateSolverRegistrars::const_iterator it(mRegisteredSteadyStateSolvers.begin()); it != mRegisteredSteadyStateSolvers.end(); ++it) {
if ((*it)->getName() == name) {
return (*it)->construct(m);
}
}
Log(Logger::LOG_ERROR) << "No such SteadyStateSolver '" << name << "'";
throw InvalidKeyException("No such SteadyStateSolver: " + name);
}
Transposition::Transposition(const string& key)
{
if ( !validKey(key) )
throw InvalidKeyException();
_key = key;
_cols = key.length();
_rows = 0;
}
std::string get(std::string key) {
auto res = findKey(key);
if (res == _children.end()) {
//std::cerr << "GET failure : invalid key\n";
//std::cerr << "dump : \n" << dump();
throw InvalidKeyException();
}
KeyValuePair *k = static_cast<KeyValuePair*>(*res);
return k->value();
}
KeyExchangeMessage SessionBuilder::processInitiate(QSharedPointer<KeyExchangeMessage> message)
{
int flags = KeyExchangeMessage::RESPONSE_FLAG;
SessionRecord *sessionRecord = sessionStore->loadSession(recipientId, deviceId);
if (message->getVersion() >= 3 &&
!Curve::verifySignature(message->getIdentityKey().getPublicKey(),
message->getBaseKey().serialize(),
message->getBaseKeySignature()))
{
throw InvalidKeyException("Bad signature!");
}
SymmetricAxolotlParameters parameters;
if (!sessionRecord->getSessionState()->hasPendingKeyExchange()) {
parameters.setOurIdentityKey(identityKeyStore->getIdentityKeyPair());
parameters.setOurBaseKey(Curve::generateKeyPair());
parameters.setOurRatchetKey(Curve::generateKeyPair());
} else {
parameters.setOurIdentityKey(sessionRecord->getSessionState()->getPendingKeyExchangeIdentityKey());
parameters.setOurBaseKey(sessionRecord->getSessionState()->getPendingKeyExchangeBaseKey());
parameters.setOurRatchetKey(sessionRecord->getSessionState()->getPendingKeyExchangeRatchetKey());
flags |= KeyExchangeMessage::SIMULTAENOUS_INITIATE_FLAG;
}
parameters.setTheirBaseKey(message->getBaseKey());
parameters.setTheirRatchetKey(message->getRatchetKey());
parameters.setTheirIdentityKey(message->getIdentityKey());
if (!sessionRecord->isFresh()) sessionRecord->archiveCurrentState();
RatchetingSession::initializeSession(sessionRecord->getSessionState(),
qMin(message->getMaxVersion(), CURRENT_VERSION),
parameters);
sessionStore->storeSession(recipientId, deviceId, sessionRecord);
identityKeyStore->saveIdentity(recipientId, message->getIdentityKey());
QByteArray baseKeySignature = Curve::calculateSignature(parameters.getOurIdentityKey().getPrivateKey(),
parameters.getOurBaseKey().getPublicKey().serialize());
return KeyExchangeMessage(sessionRecord->getSessionState()->getSessionVersion(),
message->getSequence(), flags,
parameters.getOurBaseKey().getPublicKey(),
baseKeySignature, parameters.getOurRatchetKey().getPublicKey(),
parameters.getOurIdentityKey().getPublicKey());
}
void SessionBuilder::processResponse(QSharedPointer<KeyExchangeMessage> message)
{
SessionRecord *sessionRecord = sessionStore->loadSession(recipientId, deviceId);
SessionState *sessionState = sessionRecord->getSessionState();
bool hasPendingKeyExchange = sessionState->hasPendingKeyExchange();
bool isSimultaneousInitiateResponse = message->isResponseForSimultaneousInitiate();
if (!hasPendingKeyExchange || sessionState->getPendingKeyExchangeSequence() != message->getSequence()) {
if (!isSimultaneousInitiateResponse) throw StaleKeyExchangeException("");
else return;
}
SymmetricAxolotlParameters parameters;
parameters.setOurBaseKey(sessionRecord->getSessionState()->getPendingKeyExchangeBaseKey());
parameters.setOurRatchetKey(sessionRecord->getSessionState()->getPendingKeyExchangeRatchetKey());
parameters.setOurIdentityKey(sessionRecord->getSessionState()->getPendingKeyExchangeIdentityKey());
parameters.setTheirBaseKey(message->getBaseKey());
parameters.setTheirRatchetKey(message->getRatchetKey());
parameters.setTheirIdentityKey(message->getIdentityKey());
if (!sessionRecord->isFresh()) sessionRecord->archiveCurrentState();
RatchetingSession::initializeSession(sessionRecord->getSessionState(),
qMin(message->getMaxVersion(), CURRENT_VERSION),
parameters);
if (sessionRecord->getSessionState()->getSessionVersion() >= 3 &&
!Curve::verifySignature(message->getIdentityKey().getPublicKey(),
message->getBaseKey().serialize(),
message->getBaseKeySignature()))
{
throw InvalidKeyException("Base key signature doesn't match!");
}
sessionStore->storeSession(recipientId, deviceId, sessionRecord);
identityKeyStore->saveIdentity(recipientId, message->getIdentityKey());
}
