Rework PEP content verification

Now checks which part(s) are out of sync w/ local storage, and updates
only those, rather than assuming the entire node corrupt and
overwriting it all (especially relevant for preKey list)
This commit is contained in:
Andreas Straub 2015-07-03 13:20:27 +02:00
parent 9a0232f7e7
commit 18c1e15d00
2 changed files with 62 additions and 48 deletions

View File

@ -655,42 +655,6 @@ public class AxolotlService {
}); });
} }
private boolean validateBundle(PreKeyBundle bundle) {
if (bundle == null || bundle.getIdentityKey() == null
|| bundle.getSignedPreKey() == null || bundle.getSignedPreKeySignature() == null) {
return false;
}
try {
SignedPreKeyRecord signedPreKeyRecord = axolotlStore.loadSignedPreKey(bundle.getSignedPreKeyId());
IdentityKey identityKey = axolotlStore.getIdentityKeyPair().getPublicKey();
Log.d(Config.LOGTAG,"own identity key:"+identityKey.getFingerprint()+", foreign: "+bundle.getIdentityKey().getFingerprint());
Log.d(Config.LOGTAG,"bundle: "+Boolean.toString(bundle.getSignedPreKey().equals(signedPreKeyRecord.getKeyPair().getPublicKey()))
+" " + Boolean.toString(Arrays.equals(bundle.getSignedPreKeySignature(), signedPreKeyRecord.getSignature()))
+" " + Boolean.toString( bundle.getIdentityKey().equals(identityKey)));
return bundle.getSignedPreKey().equals(signedPreKeyRecord.getKeyPair().getPublicKey())
&& Arrays.equals(bundle.getSignedPreKeySignature(), signedPreKeyRecord.getSignature())
&& bundle.getIdentityKey().equals(identityKey);
} catch (InvalidKeyIdException ignored) {
return false;
}
}
private boolean validatePreKeys(Map<Integer, ECPublicKey> keys) {
if(keys == null) { return false; }
for(Integer id:keys.keySet()) {
try {
PreKeyRecord preKeyRecord = axolotlStore.loadPreKey(id);
if(!preKeyRecord.getKeyPair().getPublicKey().equals(keys.get(id))) {
return false;
}
} catch (InvalidKeyIdException ignored) {
return false;
}
}
return true;
}
public void publishBundlesIfNeeded() { public void publishBundlesIfNeeded() {
IqPacket packet = mXmppConnectionService.getIqGenerator().retrieveBundlesForDevice(account.getJid().toBareJid(), ownDeviceId); IqPacket packet = mXmppConnectionService.getIqGenerator().retrieveBundlesForDevice(account.getJid().toBareJid(), ownDeviceId);
mXmppConnectionService.sendIqPacket(account, packet, new OnIqPacketReceived() { mXmppConnectionService.sendIqPacket(account, packet, new OnIqPacketReceived() {
@ -698,25 +662,75 @@ public class AxolotlService {
public void onIqPacketReceived(Account account, IqPacket packet) { public void onIqPacketReceived(Account account, IqPacket packet) {
PreKeyBundle bundle = mXmppConnectionService.getIqParser().bundle(packet); PreKeyBundle bundle = mXmppConnectionService.getIqParser().bundle(packet);
Map<Integer, ECPublicKey> keys = mXmppConnectionService.getIqParser().preKeyPublics(packet); Map<Integer, ECPublicKey> keys = mXmppConnectionService.getIqParser().preKeyPublics(packet);
SignedPreKeyRecord signedPreKeyRecord; boolean flush = false;
List<PreKeyRecord> preKeyRecords; if (bundle == null) {
if (!validateBundle(bundle) || keys.isEmpty() || !validatePreKeys(keys)) { Log.e(Config.LOGTAG, "Received invalid bundle:" + packet);
int numSignedPreKeys = axolotlStore.loadSignedPreKeys().size(); bundle = new PreKeyBundle(-1, -1, -1 , null, -1, null, null, null);
flush = true;
}
if (keys == null) {
Log.e(Config.LOGTAG, "Received invalid prekeys:" + packet);
}
try { try {
signedPreKeyRecord = KeyHelper.generateSignedPreKey( boolean changed = false;
axolotlStore.getIdentityKeyPair(), numSignedPreKeys + 1); // Validate IdentityKey
axolotlStore.storeSignedPreKey(signedPreKeyRecord.getId(), signedPreKeyRecord); IdentityKeyPair identityKeyPair = axolotlStore.getIdentityKeyPair();
if (flush || !identityKeyPair.getPublicKey().equals(bundle.getIdentityKey())) {
preKeyRecords = KeyHelper.generatePreKeys( Log.d(Config.LOGTAG, "Adding own IdentityKey " + identityKeyPair.getPublicKey() + " to PEP.");
axolotlStore.getCurrentPreKeyId(), NUM_KEYS_TO_PUBLISH); changed = true;
for (PreKeyRecord record : preKeyRecords) {
axolotlStore.storePreKey(record.getId(), record);
} }
// Validate signedPreKeyRecord + ID
SignedPreKeyRecord signedPreKeyRecord;
int numSignedPreKeys = axolotlStore.loadSignedPreKeys().size();
try {
signedPreKeyRecord = axolotlStore.loadSignedPreKey(bundle.getSignedPreKeyId());
if ( flush
||!bundle.getSignedPreKey().equals(signedPreKeyRecord.getKeyPair().getPublicKey())
|| !Arrays.equals(bundle.getSignedPreKeySignature(), signedPreKeyRecord.getSignature())) {
Log.d(Config.LOGTAG, "Adding new signedPreKey with ID " + (numSignedPreKeys + 1) + " to PEP.");
signedPreKeyRecord = KeyHelper.generateSignedPreKey(identityKeyPair, numSignedPreKeys + 1);
axolotlStore.storeSignedPreKey(signedPreKeyRecord.getId(), signedPreKeyRecord);
changed = true;
}
} catch (InvalidKeyIdException e) {
Log.d(Config.LOGTAG, "Adding new signedPreKey with ID " + (numSignedPreKeys + 1) + " to PEP.");
signedPreKeyRecord = KeyHelper.generateSignedPreKey(identityKeyPair, numSignedPreKeys + 1);
axolotlStore.storeSignedPreKey(signedPreKeyRecord.getId(), signedPreKeyRecord);
changed = true;
}
// Validate PreKeys
Set<PreKeyRecord> preKeyRecords = new HashSet<>();
if (keys != null) {
for (Integer id : keys.keySet()) {
try {
PreKeyRecord preKeyRecord = axolotlStore.loadPreKey(id);
if (preKeyRecord.getKeyPair().getPublicKey().equals(keys.get(id))) {
preKeyRecords.add(preKeyRecord);
}
} catch (InvalidKeyIdException ignored) {
}
}
}
int newKeys = NUM_KEYS_TO_PUBLISH - preKeyRecords.size();
if (newKeys > 0) {
List<PreKeyRecord> newRecords = KeyHelper.generatePreKeys(
axolotlStore.getCurrentPreKeyId()+1, newKeys);
preKeyRecords.addAll(newRecords);
for (PreKeyRecord record : newRecords) {
axolotlStore.storePreKey(record.getId(), record);
}
changed = true;
Log.d(Config.LOGTAG, "Adding " + newKeys + " new preKeys to PEP.");
}
if(changed) {
IqPacket publish = mXmppConnectionService.getIqGenerator().publishBundles( IqPacket publish = mXmppConnectionService.getIqGenerator().publishBundles(
signedPreKeyRecord, axolotlStore.getIdentityKeyPair().getPublicKey(), signedPreKeyRecord, axolotlStore.getIdentityKeyPair().getPublicKey(),
preKeyRecords, ownDeviceId); preKeyRecords, ownDeviceId);
Log.d(Config.LOGTAG, "Bundle " + getOwnDeviceId() + " not in PEP. Publishing: " + publish); Log.d(Config.LOGTAG, "Bundle " + getOwnDeviceId() + " in PEP not current. Publishing: " + publish);
mXmppConnectionService.sendIqPacket(account, publish, new OnIqPacketReceived() { mXmppConnectionService.sendIqPacket(account, publish, new OnIqPacketReceived() {
@Override @Override
public void onIqPacketReceived(Account account, IqPacket packet) { public void onIqPacketReceived(Account account, IqPacket packet) {
@ -724,12 +738,12 @@ public class AxolotlService {
Log.d(Config.LOGTAG, "Published bundle, got: " + packet); Log.d(Config.LOGTAG, "Published bundle, got: " + packet);
} }
}); });
}
} catch (InvalidKeyException e) { } catch (InvalidKeyException e) {
Log.e(Config.LOGTAG, "Failed to publish bundle " + getOwnDeviceId() + ", reason: " + e.getMessage()); Log.e(Config.LOGTAG, "Failed to publish bundle " + getOwnDeviceId() + ", reason: " + e.getMessage());
return; return;
} }
} }
}
}); });
} }

View File

@ -152,7 +152,7 @@ public class IqGenerator extends AbstractGenerator {
} }
public IqPacket publishBundles(final SignedPreKeyRecord signedPreKeyRecord, final IdentityKey identityKey, public IqPacket publishBundles(final SignedPreKeyRecord signedPreKeyRecord, final IdentityKey identityKey,
final List<PreKeyRecord> preKeyRecords, final int deviceId) { final Set<PreKeyRecord> preKeyRecords, final int deviceId) {
final Element item = new Element("item"); final Element item = new Element("item");
final Element bundle = item.addChild("bundle", AxolotlService.PEP_PREFIX); final Element bundle = item.addChild("bundle", AxolotlService.PEP_PREFIX);
final Element signedPreKeyPublic = bundle.addChild("signedPreKeyPublic"); final Element signedPreKeyPublic = bundle.addChild("signedPreKeyPublic");