aboutsummaryrefslogtreecommitdiffstats
path: root/tests/src/main/java/org/whispersystems
diff options
context:
space:
mode:
authorMoxie Marlinspike <moxie@thoughtcrime.org>2015-01-08 13:48:49 -0800
committerMoxie Marlinspike <moxie@thoughtcrime.org>2015-01-08 14:09:01 -0800
commit6445ea5f13850f42c3952bd06a2369317683ed88 (patch)
treef2bb37c8cf4710ff6a6a37a3e7e702c5a21ca504 /tests/src/main/java/org/whispersystems
parenta4d8f7f6a4c4e9e89db35f299e558dceee2362a1 (diff)
Break project up into Java and Android build/test.
Diffstat (limited to 'tests/src/main/java/org/whispersystems')
-rw-r--r--tests/src/main/java/org/whispersystems/libaxolotl/InMemoryAxolotlStore.java112
-rw-r--r--tests/src/main/java/org/whispersystems/libaxolotl/InMemoryIdentityKeyStore.java51
-rw-r--r--tests/src/main/java/org/whispersystems/libaxolotl/InMemoryPreKeyStore.java41
-rw-r--r--tests/src/main/java/org/whispersystems/libaxolotl/InMemorySessionStore.java68
-rw-r--r--tests/src/main/java/org/whispersystems/libaxolotl/InMemorySignedPreKeyStore.java58
-rw-r--r--tests/src/main/java/org/whispersystems/libaxolotl/SessionBuilderTest.java590
-rw-r--r--tests/src/main/java/org/whispersystems/libaxolotl/SessionCipherTest.java198
-rw-r--r--tests/src/main/java/org/whispersystems/libaxolotl/SimultaneousInitiateTests.java487
-rw-r--r--tests/src/main/java/org/whispersystems/libaxolotl/ecc/Curve25519Test.java136
-rw-r--r--tests/src/main/java/org/whispersystems/libaxolotl/groups/GroupCipherTest.java146
-rw-r--r--tests/src/main/java/org/whispersystems/libaxolotl/groups/InMemorySenderKeyStore.java33
-rw-r--r--tests/src/main/java/org/whispersystems/libaxolotl/kdf/HKDFTest.java137
-rw-r--r--tests/src/main/java/org/whispersystems/libaxolotl/ratchet/ChainKeyTest.java58
-rw-r--r--tests/src/main/java/org/whispersystems/libaxolotl/ratchet/RatchetingSessionTest.java231
-rw-r--r--tests/src/main/java/org/whispersystems/libaxolotl/ratchet/RootKeyTest.java82
15 files changed, 2428 insertions, 0 deletions
diff --git a/tests/src/main/java/org/whispersystems/libaxolotl/InMemoryAxolotlStore.java b/tests/src/main/java/org/whispersystems/libaxolotl/InMemoryAxolotlStore.java
new file mode 100644
index 00000000..e375c574
--- /dev/null
+++ b/tests/src/main/java/org/whispersystems/libaxolotl/InMemoryAxolotlStore.java
@@ -0,0 +1,112 @@
+package org.whispersystems.libaxolotl;
+
+import org.whispersystems.libaxolotl.state.AxolotlStore;
+import org.whispersystems.libaxolotl.state.PreKeyRecord;
+import org.whispersystems.libaxolotl.state.SessionRecord;
+import org.whispersystems.libaxolotl.state.SignedPreKeyRecord;
+
+import java.util.List;
+
+public class InMemoryAxolotlStore implements AxolotlStore {
+
+ private final InMemoryIdentityKeyStore identityKeyStore = new InMemoryIdentityKeyStore();
+ private final InMemoryPreKeyStore preKeyStore = new InMemoryPreKeyStore();
+ private final InMemorySessionStore sessionStore = new InMemorySessionStore();
+ private final InMemorySignedPreKeyStore signedPreKeyStore = new InMemorySignedPreKeyStore();
+
+
+ @Override
+ public IdentityKeyPair getIdentityKeyPair() {
+ return identityKeyStore.getIdentityKeyPair();
+ }
+
+ @Override
+ public int getLocalRegistrationId() {
+ return identityKeyStore.getLocalRegistrationId();
+ }
+
+ @Override
+ public void saveIdentity(long recipientId, IdentityKey identityKey) {
+ identityKeyStore.saveIdentity(recipientId, identityKey);
+ }
+
+ @Override
+ public boolean isTrustedIdentity(long recipientId, IdentityKey identityKey) {
+ return identityKeyStore.isTrustedIdentity(recipientId, identityKey);
+ }
+
+ @Override
+ public PreKeyRecord loadPreKey(int preKeyId) throws InvalidKeyIdException {
+ return preKeyStore.loadPreKey(preKeyId);
+ }
+
+ @Override
+ public void storePreKey(int preKeyId, PreKeyRecord record) {
+ preKeyStore.storePreKey(preKeyId, record);
+ }
+
+ @Override
+ public boolean containsPreKey(int preKeyId) {
+ return preKeyStore.containsPreKey(preKeyId);
+ }
+
+ @Override
+ public void removePreKey(int preKeyId) {
+ preKeyStore.removePreKey(preKeyId);
+ }
+
+ @Override
+ public SessionRecord loadSession(long recipientId, int deviceId) {
+ return sessionStore.loadSession(recipientId, deviceId);
+ }
+
+ @Override
+ public List<Integer> getSubDeviceSessions(long recipientId) {
+ return sessionStore.getSubDeviceSessions(recipientId);
+ }
+
+ @Override
+ public void storeSession(long recipientId, int deviceId, SessionRecord record) {
+ sessionStore.storeSession(recipientId, deviceId, record);
+ }
+
+ @Override
+ public boolean containsSession(long recipientId, int deviceId) {
+ return sessionStore.containsSession(recipientId, deviceId);
+ }
+
+ @Override
+ public void deleteSession(long recipientId, int deviceId) {
+ sessionStore.deleteSession(recipientId, deviceId);
+ }
+
+ @Override
+ public void deleteAllSessions(long recipientId) {
+ sessionStore.deleteAllSessions(recipientId);
+ }
+
+ @Override
+ public SignedPreKeyRecord loadSignedPreKey(int signedPreKeyId) throws InvalidKeyIdException {
+ return signedPreKeyStore.loadSignedPreKey(signedPreKeyId);
+ }
+
+ @Override
+ public List<SignedPreKeyRecord> loadSignedPreKeys() {
+ return signedPreKeyStore.loadSignedPreKeys();
+ }
+
+ @Override
+ public void storeSignedPreKey(int signedPreKeyId, SignedPreKeyRecord record) {
+ signedPreKeyStore.storeSignedPreKey(signedPreKeyId, record);
+ }
+
+ @Override
+ public boolean containsSignedPreKey(int signedPreKeyId) {
+ return signedPreKeyStore.containsSignedPreKey(signedPreKeyId);
+ }
+
+ @Override
+ public void removeSignedPreKey(int signedPreKeyId) {
+ signedPreKeyStore.removeSignedPreKey(signedPreKeyId);
+ }
+}
diff --git a/tests/src/main/java/org/whispersystems/libaxolotl/InMemoryIdentityKeyStore.java b/tests/src/main/java/org/whispersystems/libaxolotl/InMemoryIdentityKeyStore.java
new file mode 100644
index 00000000..acb6110a
--- /dev/null
+++ b/tests/src/main/java/org/whispersystems/libaxolotl/InMemoryIdentityKeyStore.java
@@ -0,0 +1,51 @@
+package org.whispersystems.libaxolotl;
+
+import org.whispersystems.libaxolotl.ecc.Curve;
+import org.whispersystems.libaxolotl.ecc.ECKeyPair;
+import org.whispersystems.libaxolotl.state.IdentityKeyStore;
+
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import java.util.HashMap;
+import java.util.Map;
+
+public class InMemoryIdentityKeyStore implements IdentityKeyStore {
+
+ private final Map<Long, IdentityKey> trustedKeys = new HashMap<>();
+
+ private final IdentityKeyPair identityKeyPair;
+ private final int localRegistrationId;
+
+ public InMemoryIdentityKeyStore() {
+ try {
+ ECKeyPair identityKeyPairKeys = Curve.generateKeyPair();
+
+ this.identityKeyPair = new IdentityKeyPair(new IdentityKey(identityKeyPairKeys.getPublicKey()),
+ identityKeyPairKeys.getPrivateKey());
+ this.localRegistrationId = SecureRandom.getInstance("SHA1PRNG").nextInt(16380) + 1;
+ } catch (NoSuchAlgorithmException e) {
+ throw new AssertionError(e);
+ }
+ }
+
+ @Override
+ public IdentityKeyPair getIdentityKeyPair() {
+ return identityKeyPair;
+ }
+
+ @Override
+ public int getLocalRegistrationId() {
+ return localRegistrationId;
+ }
+
+ @Override
+ public void saveIdentity(long recipientId, IdentityKey identityKey) {
+ trustedKeys.put(recipientId, identityKey);
+ }
+
+ @Override
+ public boolean isTrustedIdentity(long recipientId, IdentityKey identityKey) {
+ IdentityKey trusted = trustedKeys.get(recipientId);
+ return (trusted == null || trusted.equals(identityKey));
+ }
+}
diff --git a/tests/src/main/java/org/whispersystems/libaxolotl/InMemoryPreKeyStore.java b/tests/src/main/java/org/whispersystems/libaxolotl/InMemoryPreKeyStore.java
new file mode 100644
index 00000000..a2ea6811
--- /dev/null
+++ b/tests/src/main/java/org/whispersystems/libaxolotl/InMemoryPreKeyStore.java
@@ -0,0 +1,41 @@
+package org.whispersystems.libaxolotl;
+
+import org.whispersystems.libaxolotl.state.PreKeyRecord;
+import org.whispersystems.libaxolotl.state.PreKeyStore;
+
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.Map;
+
+public class InMemoryPreKeyStore implements PreKeyStore {
+
+ private final Map<Integer, byte[]> store = new HashMap<>();
+
+ @Override
+ public PreKeyRecord loadPreKey(int preKeyId) throws InvalidKeyIdException {
+ try {
+ if (!store.containsKey(preKeyId)) {
+ throw new InvalidKeyIdException("No such prekeyrecord!");
+ }
+
+ return new PreKeyRecord(store.get(preKeyId));
+ } catch (IOException e) {
+ throw new AssertionError(e);
+ }
+ }
+
+ @Override
+ public void storePreKey(int preKeyId, PreKeyRecord record) {
+ store.put(preKeyId, record.serialize());
+ }
+
+ @Override
+ public boolean containsPreKey(int preKeyId) {
+ return store.containsKey(preKeyId);
+ }
+
+ @Override
+ public void removePreKey(int preKeyId) {
+ store.remove(preKeyId);
+ }
+}
diff --git a/tests/src/main/java/org/whispersystems/libaxolotl/InMemorySessionStore.java b/tests/src/main/java/org/whispersystems/libaxolotl/InMemorySessionStore.java
new file mode 100644
index 00000000..2d03d437
--- /dev/null
+++ b/tests/src/main/java/org/whispersystems/libaxolotl/InMemorySessionStore.java
@@ -0,0 +1,68 @@
+package org.whispersystems.libaxolotl;
+
+import org.whispersystems.libaxolotl.state.SessionRecord;
+import org.whispersystems.libaxolotl.state.SessionStore;
+import org.whispersystems.libaxolotl.util.Pair;
+
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Map;
+
+public class InMemorySessionStore implements SessionStore {
+
+ private Map<Pair<Long, Integer>, byte[]> sessions = new HashMap<>();
+
+ public InMemorySessionStore() {}
+
+ @Override
+ public synchronized SessionRecord loadSession(long recipientId, int deviceId) {
+ try {
+ if (containsSession(recipientId, deviceId)) {
+ return new SessionRecord(sessions.get(new Pair<>(recipientId, deviceId)));
+ } else {
+ return new SessionRecord();
+ }
+ } catch (IOException e) {
+ throw new AssertionError(e);
+ }
+ }
+
+ @Override
+ public synchronized List<Integer> getSubDeviceSessions(long recipientId) {
+ List<Integer> deviceIds = new LinkedList<>();
+
+ for (Pair<Long, Integer> key : sessions.keySet()) {
+ if (key.first() == recipientId) {
+ deviceIds.add(key.second());
+ }
+ }
+
+ return deviceIds;
+ }
+
+ @Override
+ public synchronized void storeSession(long recipientId, int deviceId, SessionRecord record) {
+ sessions.put(new Pair<>(recipientId, deviceId), record.serialize());
+ }
+
+ @Override
+ public synchronized boolean containsSession(long recipientId, int deviceId) {
+ return sessions.containsKey(new Pair<>(recipientId, deviceId));
+ }
+
+ @Override
+ public synchronized void deleteSession(long recipientId, int deviceId) {
+ sessions.remove(new Pair<>(recipientId, deviceId));
+ }
+
+ @Override
+ public synchronized void deleteAllSessions(long recipientId) {
+ for (Pair<Long, Integer> key : sessions.keySet()) {
+ if (key.first() == recipientId) {
+ sessions.remove(key);
+ }
+ }
+ }
+}
diff --git a/tests/src/main/java/org/whispersystems/libaxolotl/InMemorySignedPreKeyStore.java b/tests/src/main/java/org/whispersystems/libaxolotl/InMemorySignedPreKeyStore.java
new file mode 100644
index 00000000..9f452d6d
--- /dev/null
+++ b/tests/src/main/java/org/whispersystems/libaxolotl/InMemorySignedPreKeyStore.java
@@ -0,0 +1,58 @@
+package org.whispersystems.libaxolotl;
+
+import org.whispersystems.libaxolotl.state.SignedPreKeyRecord;
+import org.whispersystems.libaxolotl.state.SignedPreKeyStore;
+
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Map;
+
+public class InMemorySignedPreKeyStore implements SignedPreKeyStore {
+
+ private final Map<Integer, byte[]> store = new HashMap<>();
+
+ @Override
+ public SignedPreKeyRecord loadSignedPreKey(int signedPreKeyId) throws InvalidKeyIdException {
+ try {
+ if (!store.containsKey(signedPreKeyId)) {
+ throw new InvalidKeyIdException("No such signedprekeyrecord! " + signedPreKeyId);
+ }
+
+ return new SignedPreKeyRecord(store.get(signedPreKeyId));
+ } catch (IOException e) {
+ throw new AssertionError(e);
+ }
+ }
+
+ @Override
+ public List<SignedPreKeyRecord> loadSignedPreKeys() {
+ try {
+ List<SignedPreKeyRecord> results = new LinkedList<>();
+
+ for (byte[] serialized : store.values()) {
+ results.add(new SignedPreKeyRecord(serialized));
+ }
+
+ return results;
+ } catch (IOException e) {
+ throw new AssertionError(e);
+ }
+ }
+
+ @Override
+ public void storeSignedPreKey(int signedPreKeyId, SignedPreKeyRecord record) {
+ store.put(signedPreKeyId, record.serialize());
+ }
+
+ @Override
+ public boolean containsSignedPreKey(int signedPreKeyId) {
+ return store.containsKey(signedPreKeyId);
+ }
+
+ @Override
+ public void removeSignedPreKey(int signedPreKeyId) {
+ store.remove(signedPreKeyId);
+ }
+}
diff --git a/tests/src/main/java/org/whispersystems/libaxolotl/SessionBuilderTest.java b/tests/src/main/java/org/whispersystems/libaxolotl/SessionBuilderTest.java
new file mode 100644
index 00000000..0912493e
--- /dev/null
+++ b/tests/src/main/java/org/whispersystems/libaxolotl/SessionBuilderTest.java
@@ -0,0 +1,590 @@
+package org.whispersystems.libaxolotl;
+
+import junit.framework.TestCase;
+
+import org.whispersystems.libaxolotl.ecc.Curve;
+import org.whispersystems.libaxolotl.ecc.ECKeyPair;
+import org.whispersystems.libaxolotl.protocol.CiphertextMessage;
+import org.whispersystems.libaxolotl.protocol.KeyExchangeMessage;
+import org.whispersystems.libaxolotl.protocol.PreKeyWhisperMessage;
+import org.whispersystems.libaxolotl.protocol.WhisperMessage;
+import org.whispersystems.libaxolotl.state.AxolotlStore;
+import org.whispersystems.libaxolotl.state.IdentityKeyStore;
+import org.whispersystems.libaxolotl.state.PreKeyBundle;
+import org.whispersystems.libaxolotl.state.PreKeyRecord;
+import org.whispersystems.libaxolotl.state.SignedPreKeyRecord;
+import org.whispersystems.libaxolotl.util.Pair;
+
+import java.util.HashSet;
+import java.util.Set;
+
+public class SessionBuilderTest extends TestCase {
+
+ private static final long ALICE_RECIPIENT_ID = 5L;
+ private static final long BOB_RECIPIENT_ID = 2L;
+
+ public void testBasicPreKeyV2()
+ throws InvalidKeyException, InvalidVersionException, InvalidMessageException, InvalidKeyIdException, DuplicateMessageException, LegacyMessageException, UntrustedIdentityException, NoSessionException {
+ AxolotlStore aliceStore = new InMemoryAxolotlStore();
+ SessionBuilder aliceSessionBuilder = new SessionBuilder(aliceStore, BOB_RECIPIENT_ID, 1);
+
+ AxolotlStore bobStore = new InMemoryAxolotlStore();
+ ECKeyPair bobPreKeyPair = Curve.generateKeyPair();
+ PreKeyBundle bobPreKey = new PreKeyBundle(bobStore.getLocalRegistrationId(), 1,
+ 31337, bobPreKeyPair.getPublicKey(),
+ 0, null, null,
+ bobStore.getIdentityKeyPair().getPublicKey());
+
+ aliceSessionBuilder.process(bobPreKey);
+
+ assertTrue(aliceStore.containsSession(BOB_RECIPIENT_ID, 1));
+ assertTrue(aliceStore.loadSession(BOB_RECIPIENT_ID, 1).getSessionState().getSessionVersion() == 2);
+
+ String originalMessage = "L'homme est condamné à être libre";
+ SessionCipher aliceSessionCipher = new SessionCipher(aliceStore, BOB_RECIPIENT_ID, 1);
+ CiphertextMessage outgoingMessage = aliceSessionCipher.encrypt(originalMessage.getBytes());
+
+ assertTrue(outgoingMessage.getType() == CiphertextMessage.PREKEY_TYPE);
+
+ PreKeyWhisperMessage incomingMessage = new PreKeyWhisperMessage(outgoingMessage.serialize());
+ bobStore.storePreKey(31337, new PreKeyRecord(bobPreKey.getPreKeyId(), bobPreKeyPair));
+
+ SessionCipher bobSessionCipher = new SessionCipher(bobStore, ALICE_RECIPIENT_ID, 1);
+ byte[] plaintext = bobSessionCipher.decrypt(incomingMessage);
+
+ assertTrue(bobStore.containsSession(ALICE_RECIPIENT_ID, 1));
+ assertTrue(bobStore.loadSession(ALICE_RECIPIENT_ID, 1).getSessionState().getSessionVersion() == 2);
+ assertTrue(originalMessage.equals(new String(plaintext)));
+
+ CiphertextMessage bobOutgoingMessage = bobSessionCipher.encrypt(originalMessage.getBytes());
+ assertTrue(bobOutgoingMessage.getType() == CiphertextMessage.WHISPER_TYPE);
+
+ byte[] alicePlaintext = aliceSessionCipher.decrypt((WhisperMessage)bobOutgoingMessage);
+ assertTrue(new String(alicePlaintext).equals(originalMessage));
+
+ runInteraction(aliceStore, bobStore);
+
+ aliceStore = new InMemoryAxolotlStore();
+ aliceSessionBuilder = new SessionBuilder(aliceStore, BOB_RECIPIENT_ID, 1);
+ aliceSessionCipher = new SessionCipher(aliceStore, BOB_RECIPIENT_ID, 1);
+
+ bobPreKeyPair = Curve.generateKeyPair();
+ bobPreKey = new PreKeyBundle(bobStore.getLocalRegistrationId(),
+ 1, 31338, bobPreKeyPair.getPublicKey(),
+ 0, null, null, bobStore.getIdentityKeyPair().getPublicKey());
+
+ bobStore.storePreKey(31338, new PreKeyRecord(bobPreKey.getPreKeyId(), bobPreKeyPair));
+ aliceSessionBuilder.process(bobPreKey);
+
+ outgoingMessage = aliceSessionCipher.encrypt(originalMessage.getBytes());
+
+ try {
+ bobSessionCipher.decrypt(new PreKeyWhisperMessage(outgoingMessage.serialize()));
+ throw new AssertionError("shouldn't be trusted!");
+ } catch (UntrustedIdentityException uie) {
+ bobStore.saveIdentity(ALICE_RECIPIENT_ID, new PreKeyWhisperMessage(outgoingMessage.serialize()).getIdentityKey());
+ }
+
+ plaintext = bobSessionCipher.decrypt(new PreKeyWhisperMessage(outgoingMessage.serialize()));
+
+ assertTrue(new String(plaintext).equals(originalMessage));
+
+ bobPreKey = new PreKeyBundle(bobStore.getLocalRegistrationId(), 1,
+ 31337, Curve.generateKeyPair().getPublicKey(),
+ 0, null, null,
+ aliceStore.getIdentityKeyPair().getPublicKey());
+
+ try {
+ aliceSessionBuilder.process(bobPreKey);
+ throw new AssertionError("shoulnd't be trusted!");
+ } catch (UntrustedIdentityException uie) {
+ // good
+ }
+ }
+
+ public void testBasicPreKeyV3()
+ throws InvalidKeyException, InvalidVersionException, InvalidMessageException, InvalidKeyIdException, DuplicateMessageException, LegacyMessageException, UntrustedIdentityException, NoSessionException {
+ AxolotlStore aliceStore = new InMemoryAxolotlStore();
+ SessionBuilder aliceSessionBuilder = new SessionBuilder(aliceStore, BOB_RECIPIENT_ID, 1);
+
+ final AxolotlStore bobStore = new InMemoryAxolotlStore();
+ ECKeyPair bobPreKeyPair = Curve.generateKeyPair();
+ ECKeyPair bobSignedPreKeyPair = Curve.generateKeyPair();
+ byte[] bobSignedPreKeySignature = Curve.calculateSignature(bobStore.getIdentityKeyPair().getPrivateKey(),
+ bobSignedPreKeyPair.getPublicKey().serialize());
+
+ PreKeyBundle bobPreKey = new PreKeyBundle(bobStore.getLocalRegistrationId(), 1,
+ 31337, bobPreKeyPair.getPublicKey(),
+ 22, bobSignedPreKeyPair.getPublicKey(),
+ bobSignedPreKeySignature,
+ bobStore.getIdentityKeyPair().getPublicKey());
+
+ aliceSessionBuilder.process(bobPreKey);
+
+ assertTrue(aliceStore.containsSession(BOB_RECIPIENT_ID, 1));
+ assertTrue(aliceStore.loadSession(BOB_RECIPIENT_ID, 1).getSessionState().getSessionVersion() == 3);
+
+ final String originalMessage = "L'homme est condamné à être libre";
+ SessionCipher aliceSessionCipher = new SessionCipher(aliceStore, BOB_RECIPIENT_ID, 1);
+ CiphertextMessage outgoingMessage = aliceSessionCipher.encrypt(originalMessage.getBytes());
+
+ assertTrue(outgoingMessage.getType() == CiphertextMessage.PREKEY_TYPE);
+
+ PreKeyWhisperMessage incomingMessage = new PreKeyWhisperMessage(outgoingMessage.serialize());
+ bobStore.storePreKey(31337, new PreKeyRecord(bobPreKey.getPreKeyId(), bobPreKeyPair));
+ bobStore.storeSignedPreKey(22, new SignedPreKeyRecord(22, System.currentTimeMillis(), bobSignedPreKeyPair, bobSignedPreKeySignature));
+
+ SessionCipher bobSessionCipher = new SessionCipher(bobStore, ALICE_RECIPIENT_ID, 1);
+ byte[] plaintext = bobSessionCipher.decrypt(incomingMessage, new SessionCipher.DecryptionCallback() {
+ @Override
+ public void handlePlaintext(byte[] plaintext) {
+ assertTrue(originalMessage.equals(new String(plaintext)));
+ assertFalse(bobStore.containsSession(ALICE_RECIPIENT_ID, 1));
+ }
+ });
+
+ assertTrue(bobStore.containsSession(ALICE_RECIPIENT_ID, 1));
+ assertTrue(bobStore.loadSession(ALICE_RECIPIENT_ID, 1).getSessionState().getSessionVersion() == 3);
+ assertTrue(bobStore.loadSession(ALICE_RECIPIENT_ID, 1).getSessionState().getAliceBaseKey() != null);
+ assertTrue(originalMessage.equals(new String(plaintext)));
+
+ CiphertextMessage bobOutgoingMessage = bobSessionCipher.encrypt(originalMessage.getBytes());
+ assertTrue(bobOutgoingMessage.getType() == CiphertextMessage.WHISPER_TYPE);
+
+ byte[] alicePlaintext = aliceSessionCipher.decrypt(new WhisperMessage(bobOutgoingMessage.serialize()));
+ assertTrue(new String(alicePlaintext).equals(originalMessage));
+
+ runInteraction(aliceStore, bobStore);
+
+ aliceStore = new InMemoryAxolotlStore();
+ aliceSessionBuilder = new SessionBuilder(aliceStore, BOB_RECIPIENT_ID, 1);
+ aliceSessionCipher = new SessionCipher(aliceStore, BOB_RECIPIENT_ID, 1);
+
+ bobPreKeyPair = Curve.generateKeyPair();
+ bobSignedPreKeyPair = Curve.generateKeyPair();
+ bobSignedPreKeySignature = Curve.calculateSignature(bobStore.getIdentityKeyPair().getPrivateKey(), bobSignedPreKeyPair.getPublicKey().serialize());
+ bobPreKey = new PreKeyBundle(bobStore.getLocalRegistrationId(),
+ 1, 31338, bobPreKeyPair.getPublicKey(),
+ 23, bobSignedPreKeyPair.getPublicKey(), bobSignedPreKeySignature,
+ bobStore.getIdentityKeyPair().getPublicKey());
+
+ bobStore.storePreKey(31338, new PreKeyRecord(bobPreKey.getPreKeyId(), bobPreKeyPair));
+ bobStore.storeSignedPreKey(23, new SignedPreKeyRecord(23, System.currentTimeMillis(), bobSignedPreKeyPair, bobSignedPreKeySignature));
+ aliceSessionBuilder.process(bobPreKey);
+
+ outgoingMessage = aliceSessionCipher.encrypt(originalMessage.getBytes());
+
+ try {
+ plaintext = bobSessionCipher.decrypt(new PreKeyWhisperMessage(outgoingMessage.serialize()));
+ throw new AssertionError("shouldn't be trusted!");
+ } catch (UntrustedIdentityException uie) {
+ bobStore.saveIdentity(ALICE_RECIPIENT_ID, new PreKeyWhisperMessage(outgoingMessage.serialize()).getIdentityKey());
+ }
+
+ plaintext = bobSessionCipher.decrypt(new PreKeyWhisperMessage(outgoingMessage.serialize()));
+ assertTrue(new String(plaintext).equals(originalMessage));
+
+ bobPreKey = new PreKeyBundle(bobStore.getLocalRegistrationId(), 1,
+ 31337, Curve.generateKeyPair().getPublicKey(),
+ 23, bobSignedPreKeyPair.getPublicKey(), bobSignedPreKeySignature,
+ aliceStore.getIdentityKeyPair().getPublicKey());
+
+ try {
+ aliceSessionBuilder.process(bobPreKey);
+ throw new AssertionError("shoulnd't be trusted!");
+ } catch (UntrustedIdentityException uie) {
+ // good
+ }
+ }
+
+ public void testBadSignedPreKeySignature() throws InvalidKeyException, UntrustedIdentityException {
+ AxolotlStore aliceStore = new InMemoryAxolotlStore();
+ SessionBuilder aliceSessionBuilder = new SessionBuilder(aliceStore, BOB_RECIPIENT_ID, 1);
+
+ IdentityKeyStore bobIdentityKeyStore = new InMemoryIdentityKeyStore();
+
+ ECKeyPair bobPreKeyPair = Curve.generateKeyPair();
+ ECKeyPair bobSignedPreKeyPair = Curve.generateKeyPair();
+ byte[] bobSignedPreKeySignature = Curve.calculateSignature(bobIdentityKeyStore.getIdentityKeyPair().getPrivateKey(),
+ bobSignedPreKeyPair.getPublicKey().serialize());
+
+
+ for (int i=0;i<bobSignedPreKeySignature.length * 8;i++) {
+ byte[] modifiedSignature = new byte[bobSignedPreKeySignature.length];
+ System.arraycopy(bobSignedPreKeySignature, 0, modifiedSignature, 0, modifiedSignature.length);
+
+ modifiedSignature[i/8] ^= (0x01 << (i % 8));
+
+ PreKeyBundle bobPreKey = new PreKeyBundle(bobIdentityKeyStore.getLocalRegistrationId(), 1,
+ 31337, bobPreKeyPair.getPublicKey(),
+ 22, bobSignedPreKeyPair.getPublicKey(), modifiedSignature,
+ bobIdentityKeyStore.getIdentityKeyPair().getPublicKey());
+
+ try {
+ aliceSessionBuilder.process(bobPreKey);
+ throw new AssertionError("Accepted modified device key signature!");
+ } catch (InvalidKeyException ike) {
+ // good
+ }
+ }
+
+ PreKeyBundle bobPreKey = new PreKeyBundle(bobIdentityKeyStore.getLocalRegistrationId(), 1,
+ 31337, bobPreKeyPair.getPublicKey(),
+ 22, bobSignedPreKeyPair.getPublicKey(), bobSignedPreKeySignature,
+ bobIdentityKeyStore.getIdentityKeyPair().getPublicKey());
+
+ aliceSessionBuilder.process(bobPreKey);
+ }
+
+ public void testRepeatBundleMessageV2() throws InvalidKeyException, UntrustedIdentityException, InvalidVersionException, InvalidMessageException, InvalidKeyIdException, DuplicateMessageException, LegacyMessageException, NoSessionException {
+ AxolotlStore aliceStore = new InMemoryAxolotlStore();
+ SessionBuilder aliceSessionBuilder = new SessionBuilder(aliceStore, BOB_RECIPIENT_ID, 1);
+
+ AxolotlStore bobStore = new InMemoryAxolotlStore();
+
+ ECKeyPair bobPreKeyPair = Curve.generateKeyPair();
+ ECKeyPair bobSignedPreKeyPair = Curve.generateKeyPair();
+ byte[] bobSignedPreKeySignature = Curve.calculateSignature(bobStore.getIdentityKeyPair().getPrivateKey(),
+ bobSignedPreKeyPair.getPublicKey().serialize());
+
+ PreKeyBundle bobPreKey = new PreKeyBundle(bobStore.getLocalRegistrationId(), 1,
+ 31337, bobPreKeyPair.getPublicKey(),
+ 0, null, null,
+ bobStore.getIdentityKeyPair().getPublicKey());
+
+ bobStore.storePreKey(31337, new PreKeyRecord(bobPreKey.getPreKeyId(), bobPreKeyPair));
+ bobStore.storeSignedPreKey(22, new SignedPreKeyRecord(22, System.currentTimeMillis(), bobSignedPreKeyPair, bobSignedPreKeySignature));
+
+ aliceSessionBuilder.process(bobPreKey);
+
+ String originalMessage = "L'homme est condamné à être libre";
+ SessionCipher aliceSessionCipher = new SessionCipher(aliceStore, BOB_RECIPIENT_ID, 1);
+ CiphertextMessage outgoingMessageOne = aliceSessionCipher.encrypt(originalMessage.getBytes());
+ CiphertextMessage outgoingMessageTwo = aliceSessionCipher.encrypt(originalMessage.getBytes());
+
+ assertTrue(outgoingMessageOne.getType() == CiphertextMessage.PREKEY_TYPE);
+
+ PreKeyWhisperMessage incomingMessage = new PreKeyWhisperMessage(outgoingMessageOne.serialize());
+
+ SessionCipher bobSessionCipher = new SessionCipher(bobStore, ALICE_RECIPIENT_ID, 1);
+
+ byte[] plaintext = bobSessionCipher.decrypt(incomingMessage);
+ assertTrue(originalMessage.equals(new String(plaintext)));
+
+ CiphertextMessage bobOutgoingMessage = bobSessionCipher.encrypt(originalMessage.getBytes());
+
+ byte[] alicePlaintext = aliceSessionCipher.decrypt(new WhisperMessage(bobOutgoingMessage.serialize()));
+ assertTrue(originalMessage.equals(new String(alicePlaintext)));
+
+ // The test
+
+ PreKeyWhisperMessage incomingMessageTwo = new PreKeyWhisperMessage(outgoingMessageTwo.serialize());
+
+ plaintext = bobSessionCipher.decrypt(incomingMessageTwo);
+ assertTrue(originalMessage.equals(new String(plaintext)));
+
+ bobOutgoingMessage = bobSessionCipher.encrypt(originalMessage.getBytes());
+ alicePlaintext = aliceSessionCipher.decrypt(new WhisperMessage(bobOutgoingMessage.serialize()));
+ assertTrue(originalMessage.equals(new String(alicePlaintext)));
+
+ }
+
+ public void testRepeatBundleMessageV3() throws InvalidKeyException, UntrustedIdentityException, InvalidVersionException, InvalidMessageException, InvalidKeyIdException, DuplicateMessageException, LegacyMessageException, NoSessionException {
+ AxolotlStore aliceStore = new InMemoryAxolotlStore();
+ SessionBuilder aliceSessionBuilder = new SessionBuilder(aliceStore, BOB_RECIPIENT_ID, 1);
+
+ AxolotlStore bobStore = new InMemoryAxolotlStore();
+
+ ECKeyPair bobPreKeyPair = Curve.generateKeyPair();
+ ECKeyPair bobSignedPreKeyPair = Curve.generateKeyPair();
+ byte[] bobSignedPreKeySignature = Curve.calculateSignature(bobStore.getIdentityKeyPair().getPrivateKey(),
+ bobSignedPreKeyPair.getPublicKey().serialize());
+
+ PreKeyBundle bobPreKey = new PreKeyBundle(bobStore.getLocalRegistrationId(), 1,
+ 31337, bobPreKeyPair.getPublicKey(),
+ 22, bobSignedPreKeyPair.getPublicKey(), bobSignedPreKeySignature,
+ bobStore.getIdentityKeyPair().getPublicKey());
+
+ bobStore.storePreKey(31337, new PreKeyRecord(bobPreKey.getPreKeyId(), bobPreKeyPair));
+ bobStore.storeSignedPreKey(22, new SignedPreKeyRecord(22, System.currentTimeMillis(), bobSignedPreKeyPair, bobSignedPreKeySignature));
+
+ aliceSessionBuilder.process(bobPreKey);
+
+ String originalMessage = "L'homme est condamné à être libre";
+ SessionCipher aliceSessionCipher = new SessionCipher(aliceStore, BOB_RECIPIENT_ID, 1);
+ CiphertextMessage outgoingMessageOne = aliceSessionCipher.encrypt(originalMessage.getBytes());
+ CiphertextMessage outgoingMessageTwo = aliceSessionCipher.encrypt(originalMessage.getBytes());
+
+ assertTrue(outgoingMessageOne.getType() == CiphertextMessage.PREKEY_TYPE);
+ assertTrue(outgoingMessageTwo.getType() == CiphertextMessage.PREKEY_TYPE);
+
+ PreKeyWhisperMessage incomingMessage = new PreKeyWhisperMessage(outgoingMessageOne.serialize());
+
+ SessionCipher bobSessionCipher = new SessionCipher(bobStore, ALICE_RECIPIENT_ID, 1);
+
+ byte[] plaintext = bobSessionCipher.decrypt(incomingMessage);
+ assertTrue(originalMessage.equals(new String(plaintext)));
+
+ CiphertextMessage bobOutgoingMessage = bobSessionCipher.encrypt(originalMessage.getBytes());
+
+ byte[] alicePlaintext = aliceSessionCipher.decrypt(new WhisperMessage(bobOutgoingMessage.serialize()));
+ assertTrue(originalMessage.equals(new String(alicePlaintext)));
+
+ // The test
+
+ PreKeyWhisperMessage incomingMessageTwo = new PreKeyWhisperMessage(outgoingMessageTwo.serialize());
+
+ plaintext = bobSessionCipher.decrypt(new PreKeyWhisperMessage(incomingMessageTwo.serialize()));
+ assertTrue(originalMessage.equals(new String(plaintext)));
+
+ bobOutgoingMessage = bobSessionCipher.encrypt(originalMessage.getBytes());
+ alicePlaintext = aliceSessionCipher.decrypt(new WhisperMessage(bobOutgoingMessage.serialize()));
+ assertTrue(originalMessage.equals(new String(alicePlaintext)));
+
+ }
+
+ public void testBadMessageBundle() throws InvalidKeyException, UntrustedIdentityException, InvalidVersionException, InvalidMessageException, DuplicateMessageException, LegacyMessageException, InvalidKeyIdException {
+ AxolotlStore aliceStore = new InMemoryAxolotlStore();
+ SessionBuilder aliceSessionBuilder = new SessionBuilder(aliceStore, BOB_RECIPIENT_ID, 1);
+
+ AxolotlStore bobStore = new InMemoryAxolotlStore();
+
+ ECKeyPair bobPreKeyPair = Curve.generateKeyPair();
+ ECKeyPair bobSignedPreKeyPair = Curve.generateKeyPair();
+ byte[] bobSignedPreKeySignature = Curve.calculateSignature(bobStore.getIdentityKeyPair().getPrivateKey(),
+ bobSignedPreKeyPair.getPublicKey().serialize());
+
+ PreKeyBundle bobPreKey = new PreKeyBundle(bobStore.getLocalRegistrationId(), 1,
+ 31337, bobPreKeyPair.getPublicKey(),
+ 22, bobSignedPreKeyPair.getPublicKey(), bobSignedPreKeySignature,
+ bobStore.getIdentityKeyPair().getPublicKey());
+
+ bobStore.storePreKey(31337, new PreKeyRecord(bobPreKey.getPreKeyId(), bobPreKeyPair));
+ bobStore.storeSignedPreKey(22, new SignedPreKeyRecord(22, System.currentTimeMillis(), bobSignedPreKeyPair, bobSignedPreKeySignature));
+
+ aliceSessionBuilder.process(bobPreKey);
+
+ String originalMessage = "L'homme est condamné à être libre";
+ SessionCipher aliceSessionCipher = new SessionCipher(aliceStore, BOB_RECIPIENT_ID, 1);
+ CiphertextMessage outgoingMessageOne = aliceSessionCipher.encrypt(originalMessage.getBytes());
+
+ assertTrue(outgoingMessageOne.getType() == CiphertextMessage.PREKEY_TYPE);
+
+ byte[] goodMessage = outgoingMessageOne.serialize();
+ byte[] badMessage = new byte[goodMessage.length];
+ System.arraycopy(goodMessage, 0, badMessage, 0, badMessage.length);
+
+ badMessage[badMessage.length-10] ^= 0x01;
+
+ PreKeyWhisperMessage incomingMessage = new PreKeyWhisperMessage(badMessage);
+ SessionCipher bobSessionCipher = new SessionCipher(bobStore, ALICE_RECIPIENT_ID, 1);
+
+ byte[] plaintext = new byte[0];
+
+ try {
+ plaintext = bobSessionCipher.decrypt(incomingMessage);
+ throw new AssertionError("Decrypt should have failed!");
+ } catch (InvalidMessageException e) {
+ // good.
+ }
+
+ assertTrue(bobStore.containsPreKey(31337));
+
+ plaintext = bobSessionCipher.decrypt(new PreKeyWhisperMessage(goodMessage));
+
+ assertTrue(originalMessage.equals(new String(plaintext)));
+ assertTrue(!bobStore.containsPreKey(31337));
+ }
+
+ public void testBasicKeyExchange() throws InvalidKeyException, LegacyMessageException, InvalidMessageException, DuplicateMessageException, UntrustedIdentityException, StaleKeyExchangeException, InvalidVersionException, NoSessionException {
+ AxolotlStore aliceStore = new InMemoryAxolotlStore();
+ SessionBuilder aliceSessionBuilder = new SessionBuilder(aliceStore, BOB_RECIPIENT_ID, 1);
+
+ AxolotlStore bobStore = new InMemoryAxolotlStore();
+ SessionBuilder bobSessionBuilder = new SessionBuilder(bobStore, ALICE_RECIPIENT_ID, 1);
+
+ KeyExchangeMessage aliceKeyExchangeMessage = aliceSessionBuilder.process();
+ assertTrue(aliceKeyExchangeMessage != null);
+
+ byte[] aliceKeyExchangeMessageBytes = aliceKeyExchangeMessage.serialize();
+ KeyExchangeMessage bobKeyExchangeMessage = bobSessionBuilder.process(new KeyExchangeMessage(aliceKeyExchangeMessageBytes));
+
+ assertTrue(bobKeyExchangeMessage != null);
+
+ byte[] bobKeyExchangeMessageBytes = bobKeyExchangeMessage.serialize();
+ KeyExchangeMessage response = aliceSessionBuilder.process(new KeyExchangeMessage(bobKeyExchangeMessageBytes));
+
+ assertTrue(response == null);
+ assertTrue(aliceStore.containsSession(BOB_RECIPIENT_ID, 1));
+ assertTrue(bobStore.containsSession(ALICE_RECIPIENT_ID, 1));
+
+ runInteraction(aliceStore, bobStore);
+
+ aliceStore = new InMemoryAxolotlStore();
+ aliceSessionBuilder = new SessionBuilder(aliceStore, BOB_RECIPIENT_ID, 1);
+ aliceKeyExchangeMessage = aliceSessionBuilder.process();
+
+ try {
+ bobKeyExchangeMessage = bobSessionBuilder.process(aliceKeyExchangeMessage);
+ throw new AssertionError("This identity shouldn't be trusted!");
+ } catch (UntrustedIdentityException uie) {
+ bobStore.saveIdentity(ALICE_RECIPIENT_ID, aliceKeyExchangeMessage.getIdentityKey());
+ bobKeyExchangeMessage = bobSessionBuilder.process(aliceKeyExchangeMessage);
+ }
+
+ assertTrue(aliceSessionBuilder.process(bobKeyExchangeMessage) == null);
+
+ runInteraction(aliceStore, bobStore);
+ }
+
+ public void testSimultaneousKeyExchange()
+ throws InvalidKeyException, DuplicateMessageException, LegacyMessageException, InvalidMessageException, UntrustedIdentityException, StaleKeyExchangeException, NoSessionException {
+ AxolotlStore aliceStore = new InMemoryAxolotlStore();
+ SessionBuilder aliceSessionBuilder = new SessionBuilder(aliceStore, BOB_RECIPIENT_ID, 1);
+
+ AxolotlStore bobStore = new InMemoryAxolotlStore();
+ SessionBuilder bobSessionBuilder = new SessionBuilder(bobStore, ALICE_RECIPIENT_ID, 1);
+
+ KeyExchangeMessage aliceKeyExchange = aliceSessionBuilder.process();
+ KeyExchangeMessage bobKeyExchange = bobSessionBuilder.process();
+
+ assertTrue(aliceKeyExchange != null);
+ assertTrue(bobKeyExchange != null);
+
+ KeyExchangeMessage aliceResponse = aliceSessionBuilder.process(bobKeyExchange);
+ KeyExchangeMessage bobResponse = bobSessionBuilder.process(aliceKeyExchange);
+
+ assertTrue(aliceResponse != null);
+ assertTrue(bobResponse != null);
+
+ KeyExchangeMessage aliceAck = aliceSessionBuilder.process(bobResponse);
+ KeyExchangeMessage bobAck = bobSessionBuilder.process(aliceResponse);
+
+ assertTrue(aliceAck == null);
+ assertTrue(bobAck == null);
+
+ runInteraction(aliceStore, bobStore);
+ }
+
+ public void testOptionalOneTimePreKey() throws Exception {
+ AxolotlStore aliceStore = new InMemoryAxolotlStore();
+ SessionBuilder aliceSessionBuilder = new SessionBuilder(aliceStore, BOB_RECIPIENT_ID, 1);
+
+ AxolotlStore bobStore = new InMemoryAxolotlStore();
+
+ ECKeyPair bobPreKeyPair = Curve.generateKeyPair();
+ ECKeyPair bobSignedPreKeyPair = Curve.generateKeyPair();
+ byte[] bobSignedPreKeySignature = Curve.calculateSignature(bobStore.getIdentityKeyPair().getPrivateKey(),
+ bobSignedPreKeyPair.getPublicKey().serialize());
+
+ PreKeyBundle bobPreKey = new PreKeyBundle(bobStore.getLocalRegistrationId(), 1,
+ 0, null,
+ 22, bobSignedPreKeyPair.getPublicKey(),
+ bobSignedPreKeySignature,
+ bobStore.getIdentityKeyPair().getPublicKey());
+
+ aliceSessionBuilder.process(bobPreKey);
+
+ assertTrue(aliceStore.containsSession(BOB_RECIPIENT_ID, 1));
+ assertTrue(aliceStore.loadSession(BOB_RECIPIENT_ID, 1).getSessionState().getSessionVersion() == 3);
+
+ String originalMessage = "L'homme est condamné à être libre";
+ SessionCipher aliceSessionCipher = new SessionCipher(aliceStore, BOB_RECIPIENT_ID, 1);
+ CiphertextMessage outgoingMessage = aliceSessionCipher.encrypt(originalMessage.getBytes());
+
+ assertTrue(outgoingMessage.getType() == CiphertextMessage.PREKEY_TYPE);
+
+ PreKeyWhisperMessage incomingMessage = new PreKeyWhisperMessage(outgoingMessage.serialize());
+ assertTrue(!incomingMessage.getPreKeyId().isPresent());
+
+ bobStore.storePreKey(31337, new PreKeyRecord(bobPreKey.getPreKeyId(), bobPreKeyPair));
+ bobStore.storeSignedPreKey(22, new SignedPreKeyRecord(22, System.currentTimeMillis(), bobSignedPreKeyPair, bobSignedPreKeySignature));
+
+ SessionCipher bobSessionCipher = new SessionCipher(bobStore, ALICE_RECIPIENT_ID, 1);
+ byte[] plaintext = bobSessionCipher.decrypt(incomingMessage);
+
+ assertTrue(bobStore.containsSession(ALICE_RECIPIENT_ID, 1));
+ assertTrue(bobStore.loadSession(ALICE_RECIPIENT_ID, 1).getSessionState().getSessionVersion() == 3);
+ assertTrue(bobStore.loadSession(ALICE_RECIPIENT_ID, 1).getSessionState().getAliceBaseKey() != null);
+ assertTrue(originalMessage.equals(new String(plaintext)));
+ }
+
+
+ private void runInteraction(AxolotlStore aliceStore, AxolotlStore bobStore)
+ throws DuplicateMessageException, LegacyMessageException, InvalidMessageException, NoSessionException
+ {
+ SessionCipher aliceSessionCipher = new SessionCipher(aliceStore, BOB_RECIPIENT_ID, 1);
+ SessionCipher bobSessionCipher = new SessionCipher(bobStore, ALICE_RECIPIENT_ID, 1);
+
+ String originalMessage = "smert ze smert";
+ CiphertextMessage aliceMessage = aliceSessionCipher.encrypt(originalMessage.getBytes());
+
+ assertTrue(aliceMessage.getType() == CiphertextMessage.WHISPER_TYPE);
+
+ byte[] plaintext = bobSessionCipher.decrypt(new WhisperMessage(aliceMessage.serialize()));
+ assertTrue(new String(plaintext).equals(originalMessage));
+
+ CiphertextMessage bobMessage = bobSessionCipher.encrypt(originalMessage.getBytes());
+
+ assertTrue(bobMessage.getType() == CiphertextMessage.WHISPER_TYPE);
+
+ plaintext = aliceSessionCipher.decrypt(new WhisperMessage(bobMessage.serialize()));
+ assertTrue(new String(plaintext).equals(originalMessage));
+
+ for (int i=0;i<10;i++) {
+ String loopingMessage = ("What do we mean by saying that existence precedes essence? " +
+ "We mean that man first of all exists, encounters himself, " +
+ "surges up in the world--and defines himself aftward. " + i);
+ CiphertextMessage aliceLoopingMessage = aliceSessionCipher.encrypt(loopingMessage.getBytes());
+
+ byte[] loopingPlaintext = bobSessionCipher.decrypt(new WhisperMessage(aliceLoopingMessage.serialize()));
+ assertTrue(new String(loopingPlaintext).equals(loopingMessage));
+ }
+
+ for (int i=0;i<10;i++) {
+ String loopingMessage = ("What do we mean by saying that existence precedes essence? " +
+ "We mean that man first of all exists, encounters himself, " +
+ "surges up in the world--and defines himself aftward. " + i);
+ CiphertextMessage bobLoopingMessage = bobSessionCipher.encrypt(loopingMessage.getBytes());
+
+ byte[] loopingPlaintext = aliceSessionCipher.decrypt(new WhisperMessage(bobLoopingMessage.serialize()));
+ assertTrue(new String(loopingPlaintext).equals(loopingMessage));
+ }
+
+ Set<Pair<String, CiphertextMessage>> aliceOutOfOrderMessages = new HashSet<>();
+
+ for (int i=0;i<10;i++) {
+ String loopingMessage = ("What do we mean by saying that existence precedes essence? " +
+ "We mean that man first of all exists, encounters himself, " +
+ "surges up in the world--and defines himself aftward. " + i);
+ CiphertextMessage aliceLoopingMessage = aliceSessionCipher.encrypt(loopingMessage.getBytes());
+
+ aliceOutOfOrderMessages.add(new Pair<>(loopingMessage, aliceLoopingMessage));
+ }
+
+ for (int i=0;i<10;i++) {
+ String loopingMessage = ("What do we mean by saying that existence precedes essence? " +
+ "We mean that man first of all exists, encounters himself, " +
+ "surges up in the world--and defines himself aftward. " + i);
+ CiphertextMessage aliceLoopingMessage = aliceSessionCipher.encrypt(loopingMessage.getBytes());
+
+ byte[] loopingPlaintext = bobSessionCipher.decrypt(new WhisperMessage(aliceLoopingMessage.serialize()));
+ assertTrue(new String(loopingPlaintext).equals(loopingMessage));
+ }
+
+ for (int i=0;i<10;i++) {
+ String loopingMessage = ("You can only desire based on what you know: " + i);
+ CiphertextMessage bobLoopingMessage = bobSessionCipher.encrypt(loopingMessage.getBytes());
+
+ byte[] loopingPlaintext = aliceSessionCipher.decrypt(new WhisperMessage(bobLoopingMessage.serialize()));
+ assertTrue(new String(loopingPlaintext).equals(loopingMessage));
+ }
+
+ for (Pair<String, CiphertextMessage> aliceOutOfOrderMessage : aliceOutOfOrderMessages) {
+ byte[] outOfOrderPlaintext = bobSessionCipher.decrypt(new WhisperMessage(aliceOutOfOrderMessage.second().serialize()));
+ assertTrue(new String(outOfOrderPlaintext).equals(aliceOutOfOrderMessage.first()));
+ }
+ }
+
+
+}
diff --git a/tests/src/main/java/org/whispersystems/libaxolotl/SessionCipherTest.java b/tests/src/main/java/org/whispersystems/libaxolotl/SessionCipherTest.java
new file mode 100644
index 00000000..e956ed77
--- /dev/null
+++ b/tests/src/main/java/org/whispersystems/libaxolotl/SessionCipherTest.java
@@ -0,0 +1,198 @@
+package org.whispersystems.libaxolotl;
+
+import junit.framework.TestCase;
+
+import org.whispersystems.libaxolotl.ecc.Curve;
+import org.whispersystems.libaxolotl.ecc.ECKeyPair;
+import org.whispersystems.libaxolotl.ecc.ECPublicKey;
+import org.whispersystems.libaxolotl.protocol.CiphertextMessage;
+import org.whispersystems.libaxolotl.protocol.WhisperMessage;
+import org.whispersystems.libaxolotl.ratchet.AliceAxolotlParameters;
+import org.whispersystems.libaxolotl.ratchet.BobAxolotlParameters;
+import org.whispersystems.libaxolotl.ratchet.RatchetingSession;
+import org.whispersystems.libaxolotl.state.AxolotlStore;
+import org.whispersystems.libaxolotl.state.SessionRecord;
+import org.whispersystems.libaxolotl.state.SessionState;
+import org.whispersystems.libaxolotl.util.guava.Optional;
+
+import java.security.NoSuchAlgorithmException;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+import java.util.Random;
+
+
+public class SessionCipherTest extends TestCase {
+
+ public void testBasicSessionV2()
+ throws InvalidKeyException, DuplicateMessageException,
+ LegacyMessageException, InvalidMessageException, NoSuchAlgorithmException, NoSessionException
+ {
+ SessionRecord aliceSessionRecord = new SessionRecord();
+ SessionRecord bobSessionRecord = new SessionRecord();
+
+ initializeSessionsV2(aliceSessionRecord.getSessionState(), bobSessionRecord.getSessionState());
+ runInteraction(aliceSessionRecord, bobSessionRecord);
+ }
+
+ public void testBasicSessionV3()
+ throws InvalidKeyException, DuplicateMessageException,
+ LegacyMessageException, InvalidMessageException, NoSuchAlgorithmException, NoSessionException
+ {
+ SessionRecord aliceSessionRecord = new SessionRecord();
+ SessionRecord bobSessionRecord = new SessionRecord();
+
+ initializeSessionsV3(aliceSessionRecord.getSessionState(), bobSessionRecord.getSessionState());
+ runInteraction(aliceSessionRecord, bobSessionRecord);
+ }
+
+ private void runInteraction(SessionRecord aliceSessionRecord, SessionRecord bobSessionRecord)
+ throws DuplicateMessageException, LegacyMessageException, InvalidMessageException, NoSuchAlgorithmException, NoSessionException {
+ AxolotlStore aliceStore = new InMemoryAxolotlStore();
+ AxolotlStore bobStore = new InMemoryAxolotlStore();
+
+ aliceStore.storeSession(2L, 1, aliceSessionRecord);
+ bobStore.storeSession(3L, 1, bobSessionRecord);
+
+ SessionCipher aliceCipher = new SessionCipher(aliceStore, 2L, 1);
+ SessionCipher bobCipher = new SessionCipher(bobStore, 3L, 1);
+
+ byte[] alicePlaintext = "This is a plaintext message.".getBytes();
+ CiphertextMessage message = aliceCipher.encrypt(alicePlaintext);
+ byte[] bobPlaintext = bobCipher.decrypt(new WhisperMessage(message.serialize()));
+
+ assertTrue(Arrays.equals(alicePlaintext, bobPlaintext));
+
+ byte[] bobReply = "This is a message from Bob.".getBytes();
+ CiphertextMessage reply = bobCipher.encrypt(bobReply);
+ byte[] receivedReply = aliceCipher.decrypt(new WhisperMessage(reply.serialize()));
+
+ assertTrue(Arrays.equals(bobReply, receivedReply));
+
+ List<CiphertextMessage> aliceCiphertextMessages = new ArrayList<>();
+ List<byte[]> alicePlaintextMessages = new ArrayList<>();
+
+ for (int i=0;i<50;i++) {
+ alicePlaintextMessages.add(("смерть за смерть " + i).getBytes());
+ aliceCiphertextMessages.add(aliceCipher.encrypt(("смерть за смерть " + i).getBytes()));
+ }
+
+ long seed = System.currentTimeMillis();
+
+ Collections.shuffle(aliceCiphertextMessages, new Random(seed));
+ Collections.shuffle(alicePlaintextMessages, new Random(seed));
+
+ for (int i=0;i<aliceCiphertextMessages.size() / 2;i++) {
+ byte[] receivedPlaintext = bobCipher.decrypt(new WhisperMessage(aliceCiphertextMessages.get(i).serialize()));
+ assertTrue(Arrays.equals(receivedPlaintext, alicePlaintextMessages.get(i)));
+ }
+
+ List<CiphertextMessage> bobCiphertextMessages = new ArrayList<>();
+ List<byte[]> bobPlaintextMessages = new ArrayList<>();
+
+ for (int i=0;i<20;i++) {
+ bobPlaintextMessages.add(("смерть за смерть " + i).getBytes());
+ bobCiphertextMessages.add(bobCipher.encrypt(("смерть за смерть " + i).getBytes()));
+ }
+
+ seed = System.currentTimeMillis();
+
+ Collections.shuffle(bobCiphertextMessages, new Random(seed));
+ Collections.shuffle(bobPlaintextMessages, new Random(seed));
+
+ for (int i=0;i<bobCiphertextMessages.size() / 2;i++) {
+ byte[] receivedPlaintext = aliceCipher.decrypt(new WhisperMessage(bobCiphertextMessages.get(i).serialize()));
+ assertTrue(Arrays.equals(receivedPlaintext, bobPlaintextMessages.get(i)));
+ }
+
+ for (int i=aliceCiphertextMessages.size()/2;i<aliceCiphertextMessages.size();i++) {
+ byte[] receivedPlaintext = bobCipher.decrypt(new WhisperMessage(aliceCiphertextMessages.get(i).serialize()));
+ assertTrue(Arrays.equals(receivedPlaintext, alicePlaintextMessages.get(i)));
+ }
+
+ for (int i=bobCiphertextMessages.size() / 2;i<bobCiphertextMessages.size();i++) {
+ byte[] receivedPlaintext = aliceCipher.decrypt(new WhisperMessage(bobCiphertextMessages.get(i).serialize()));
+ assertTrue(Arrays.equals(receivedPlaintext, bobPlaintextMessages.get(i)));
+ }
+ }
+
+
+ private void initializeSessionsV2(SessionState aliceSessionState, SessionState bobSessionState)
+ throws InvalidKeyException
+ {
+ ECKeyPair aliceIdentityKeyPair = Curve.generateKeyPair();
+ IdentityKeyPair aliceIdentityKey = new IdentityKeyPair(new IdentityKey(aliceIdentityKeyPair.getPublicKey()),
+ aliceIdentityKeyPair.getPrivateKey());
+ ECKeyPair aliceBaseKey = Curve.generateKeyPair();
+ ECKeyPair aliceEphemeralKey = Curve.generateKeyPair();
+
+ ECKeyPair bobIdentityKeyPair = Curve.generateKeyPair();
+ IdentityKeyPair bobIdentityKey = new IdentityKeyPair(new IdentityKey(bobIdentityKeyPair.getPublicKey()),
+ bobIdentityKeyPair.getPrivateKey());
+ ECKeyPair bobBaseKey = Curve.generateKeyPair();
+ ECKeyPair bobEphemeralKey = bobBaseKey;
+
+ AliceAxolotlParameters aliceParameters = AliceAxolotlParameters.newBuilder()
+ .setOurIdentityKey(aliceIdentityKey)
+ .setOurBaseKey(aliceBaseKey)
+ .setTheirIdentityKey(bobIdentityKey.getPublicKey())
+ .setTheirSignedPreKey(bobEphemeralKey.getPublicKey())
+ .setTheirRatchetKey(bobEphemeralKey.getPublicKey())
+ .setTheirOneTimePreKey(Optional.<ECPublicKey>absent())
+ .create();
+
+ BobAxolotlParameters bobParameters = BobAxolotlParameters.newBuilder()
+ .setOurIdentityKey(bobIdentityKey)
+ .setOurOneTimePreKey(Optional.<ECKeyPair>absent())
+ .setOurRatchetKey(bobEphemeralKey)
+ .setOurSignedPreKey(bobBaseKey)
+ .setTheirBaseKey(aliceBaseKey.getPublicKey())
+ .setTheirIdentityKey(aliceIdentityKey.getPublicKey())
+ .create();
+
+ RatchetingSession.initializeSession(aliceSessionState, 2, aliceParameters);
+ RatchetingSession.initializeSession(bobSessionState, 2, bobParameters);
+ }
+
+ private void initializeSessionsV3(SessionState aliceSessionState, SessionState bobSessionState)
+ throws InvalidKeyException
+ {
+ ECKeyPair aliceIdentityKeyPair = Curve.generateKeyPair();
+ IdentityKeyPair aliceIdentityKey = new IdentityKeyPair(new IdentityKey(aliceIdentityKeyPair.getPublicKey()),
+ aliceIdentityKeyPair.getPrivateKey());
+ ECKeyPair aliceBaseKey = Curve.generateKeyPair();
+ ECKeyPair aliceEphemeralKey = Curve.generateKeyPair();
+
+ ECKeyPair alicePreKey = aliceBaseKey;
+
+ ECKeyPair bobIdentityKeyPair = Curve.generateKeyPair();
+ IdentityKeyPair bobIdentityKey = new IdentityKeyPair(new IdentityKey(bobIdentityKeyPair.getPublicKey()),
+ bobIdentityKeyPair.getPrivateKey());
+ ECKeyPair bobBaseKey = Curve.generateKeyPair();
+ ECKeyPair bobEphemeralKey = bobBaseKey;
+
+ ECKeyPair bobPreKey = Curve.generateKeyPair();
+
+ AliceAxolotlParameters aliceParameters = AliceAxolotlParameters.newBuilder()
+ .setOurBaseKey(aliceBaseKey)
+ .setOurIdentityKey(aliceIdentityKey)
+ .setTheirOneTimePreKey(Optional.<ECPublicKey>absent())
+ .setTheirRatchetKey(bobEphemeralKey.getPublicKey())
+ .setTheirSignedPreKey(bobBaseKey.getPublicKey())
+ .setTheirIdentityKey(bobIdentityKey.getPublicKey())
+ .create();
+
+ BobAxolotlParameters bobParameters = BobAxolotlParameters.newBuilder()
+ .setOurRatchetKey(bobEphemeralKey)
+ .setOurSignedPreKey(bobBaseKey)
+ .setOurOneTimePreKey(Optional.<ECKeyPair>absent())
+ .setOurIdentityKey(bobIdentityKey)
+ .setTheirIdentityKey(aliceIdentityKey.getPublicKey())
+ .setTheirBaseKey(aliceBaseKey.getPublicKey())
+ .create();
+
+ RatchetingSession.initializeSession(aliceSessionState, 3, aliceParameters);
+ RatchetingSession.initializeSession(bobSessionState, 3, bobParameters);
+ }
+}
diff --git a/tests/src/main/java/org/whispersystems/libaxolotl/SimultaneousInitiateTests.java b/tests/src/main/java/org/whispersystems/libaxolotl/SimultaneousInitiateTests.java
new file mode 100644
index 00000000..f09fedf8
--- /dev/null
+++ b/tests/src/main/java/org/whispersystems/libaxolotl/SimultaneousInitiateTests.java
@@ -0,0 +1,487 @@
+package org.whispersystems.libaxolotl;
+
+import junit.framework.TestCase;
+
+import org.whispersystems.libaxolotl.ecc.Curve;
+import org.whispersystems.libaxolotl.ecc.ECKeyPair;
+import org.whispersystems.libaxolotl.protocol.CiphertextMessage;
+import org.whispersystems.libaxolotl.protocol.PreKeyWhisperMessage;
+import org.whispersystems.libaxolotl.protocol.WhisperMessage;
+import org.whispersystems.libaxolotl.state.AxolotlStore;
+import org.whispersystems.libaxolotl.state.PreKeyBundle;
+import org.whispersystems.libaxolotl.state.PreKeyRecord;
+import org.whispersystems.libaxolotl.state.SignedPreKeyRecord;
+import org.whispersystems.libaxolotl.util.Medium;
+
+import java.util.Arrays;
+import java.util.Random;
+
+public class SimultaneousInitiateTests extends TestCase {
+
+ private static final long BOB_RECIPENT_ID = 12345;
+ private static final long ALICE_RECIPIENT_ID = 6789;
+
+ private static final ECKeyPair aliceSignedPreKey = Curve.generateKeyPair();
+ private static final ECKeyPair bobSignedPreKey = Curve.generateKeyPair();
+
+ private static final int aliceSignedPreKeyId = new Random().nextInt(Medium.MAX_VALUE);
+ private static final int bobSignedPreKeyId = new Random().nextInt(Medium.MAX_VALUE);
+
+ public void testBasicSimultaneousInitiate()
+ throws InvalidKeyException, UntrustedIdentityException, InvalidVersionException,
+ InvalidMessageException, DuplicateMessageException, LegacyMessageException,
+ InvalidKeyIdException, NoSessionException
+ {
+ AxolotlStore aliceStore = new InMemoryAxolotlStore();
+ AxolotlStore bobStore = new InMemoryAxolotlStore();
+
+ PreKeyBundle alicePreKeyBundle = createAlicePreKeyBundle(aliceStore);
+ PreKeyBundle bobPreKeyBundle = createBobPreKeyBundle(bobStore);
+
+ SessionBuilder aliceSessionBuilder = new SessionBuilder(aliceStore, BOB_RECIPENT_ID, 1);
+ SessionBuilder bobSessionBuilder = new SessionBuilder(bobStore, ALICE_RECIPIENT_ID, 1);
+
+ SessionCipher aliceSessionCipher = new SessionCipher(aliceStore, BOB_RECIPENT_ID, 1);
+ SessionCipher bobSessionCipher = new SessionCipher(bobStore, ALICE_RECIPIENT_ID, 1);
+
+ aliceSessionBuilder.process(bobPreKeyBundle);
+ bobSessionBuilder.process(alicePreKeyBundle);
+
+ CiphertextMessage messageForBob = aliceSessionCipher.encrypt("hey there".getBytes());
+ CiphertextMessage messageForAlice = bobSessionCipher.encrypt("sample message".getBytes());
+
+ assertTrue(messageForBob.getType() == CiphertextMessage.PREKEY_TYPE);
+ assertTrue(messageForAlice.getType() == CiphertextMessage.PREKEY_TYPE);
+
+ assertFalse(isSessionIdEqual(aliceStore, bobStore));
+
+ byte[] alicePlaintext = aliceSessionCipher.decrypt(new PreKeyWhisperMessage(messageForAlice.serialize()));
+ byte[] bobPlaintext = bobSessionCipher.decrypt(new PreKeyWhisperMessage(messageForBob.serialize()));
+
+ assertTrue(new String(alicePlaintext).equals("sample message"));
+ assertTrue(new String(bobPlaintext).equals("hey there"));
+
+ assertTrue(aliceStore.loadSession(BOB_RECIPENT_ID, 1).getSessionState().getSessionVersion() == 3);
+ assertTrue(bobStore.loadSession(ALICE_RECIPIENT_ID, 1).getSessionState().getSessionVersion() == 3);
+
+ assertFalse(isSessionIdEqual(aliceStore, bobStore));
+
+ CiphertextMessage aliceResponse = aliceSessionCipher.encrypt("second message".getBytes());
+
+ assertTrue(aliceResponse.getType() == CiphertextMessage.WHISPER_TYPE);
+
+ byte[] responsePlaintext = bobSessionCipher.decrypt(new WhisperMessage(aliceResponse.serialize()));
+
+ assertTrue(new String(responsePlaintext).equals("second message"));
+ assertTrue(isSessionIdEqual(aliceStore, bobStore));
+
+ CiphertextMessage finalMessage = bobSessionCipher.encrypt("third message".getBytes());
+
+ assertTrue(finalMessage.getType() == CiphertextMessage.WHISPER_TYPE);
+
+ byte[] finalPlaintext = aliceSessionCipher.decrypt(new WhisperMessage(finalMessage.serialize()));
+
+ assertTrue(new String(finalPlaintext).equals("third message"));
+ assertTrue(isSessionIdEqual(aliceStore, bobStore));
+ }
+
+ public void testLostSimultaneousInitiate() throws InvalidKeyException, UntrustedIdentityException, InvalidVersionException, InvalidMessageException, DuplicateMessageException, LegacyMessageException, InvalidKeyIdException, NoSessionException {
+ AxolotlStore aliceStore = new InMemoryAxolotlStore();
+ AxolotlStore bobStore = new InMemoryAxolotlStore();
+
+ PreKeyBundle alicePreKeyBundle = createAlicePreKeyBundle(aliceStore);
+ PreKeyBundle bobPreKeyBundle = createBobPreKeyBundle(bobStore);
+
+ SessionBuilder aliceSessionBuilder = new SessionBuilder(aliceStore, BOB_RECIPENT_ID, 1);
+ SessionBuilder bobSessionBuilder = new SessionBuilder(bobStore, ALICE_RECIPIENT_ID, 1);
+
+ SessionCipher aliceSessionCipher = new SessionCipher(aliceStore, BOB_RECIPENT_ID, 1);
+ SessionCipher bobSessionCipher = new SessionCipher(bobStore, ALICE_RECIPIENT_ID, 1);
+
+ aliceSessionBuilder.process(bobPreKeyBundle);
+ bobSessionBuilder.process(alicePreKeyBundle);
+
+ CiphertextMessage messageForBob = aliceSessionCipher.encrypt("hey there".getBytes());
+ CiphertextMessage messageForAlice = bobSessionCipher.encrypt("sample message".getBytes());
+
+ assertTrue(messageForBob.getType() == CiphertextMessage.PREKEY_TYPE);
+ assertTrue(messageForAlice.getType() == CiphertextMessage.PREKEY_TYPE);
+
+ assertFalse(isSessionIdEqual(aliceStore, bobStore));
+
+ byte[] bobPlaintext = bobSessionCipher.decrypt(new PreKeyWhisperMessage(messageForBob.serialize()));
+
+ assertTrue(new String(bobPlaintext).equals("hey there"));
+ assertTrue(bobStore.loadSession(ALICE_RECIPIENT_ID, 1).getSessionState().getSessionVersion() == 3);
+
+ CiphertextMessage aliceResponse = aliceSessionCipher.encrypt("second message".getBytes());
+
+ assertTrue(aliceResponse.getType() == CiphertextMessage.PREKEY_TYPE);
+
+ byte[] responsePlaintext = bobSessionCipher.decrypt(new PreKeyWhisperMessage(aliceResponse.serialize()));
+
+ assertTrue(new String(responsePlaintext).equals("second message"));
+ assertTrue(isSessionIdEqual(aliceStore, bobStore));
+
+ CiphertextMessage finalMessage = bobSessionCipher.encrypt("third message".getBytes());
+
+ assertTrue(finalMessage.getType() == CiphertextMessage.WHISPER_TYPE);
+
+ byte[] finalPlaintext = aliceSessionCipher.decrypt(new WhisperMessage(finalMessage.serialize()));
+
+ assertTrue(new String(finalPlaintext).equals("third message"));
+ assertTrue(isSessionIdEqual(aliceStore, bobStore));
+ }
+
+ public void testSimultaneousInitiateLostMessage()
+ throws InvalidKeyException, UntrustedIdentityException, InvalidVersionException,
+ InvalidMessageException, DuplicateMessageException, LegacyMessageException,
+ InvalidKeyIdException, NoSessionException
+ {
+ AxolotlStore aliceStore = new InMemoryAxolotlStore();
+ AxolotlStore bobStore = new InMemoryAxolotlStore();
+
+ PreKeyBundle alicePreKeyBundle = createAlicePreKeyBundle(aliceStore);
+ PreKeyBundle bobPreKeyBundle = createBobPreKeyBundle(bobStore);
+
+ SessionBuilder aliceSessionBuilder = new SessionBuilder(aliceStore, BOB_RECIPENT_ID, 1);
+ SessionBuilder bobSessionBuilder = new SessionBuilder(bobStore, ALICE_RECIPIENT_ID, 1);
+
+ SessionCipher aliceSessionCipher = new SessionCipher(aliceStore, BOB_RECIPENT_ID, 1);
+ SessionCipher bobSessionCipher = new SessionCipher(bobStore, ALICE_RECIPIENT_ID, 1);
+
+ aliceSessionBuilder.process(bobPreKeyBundle);
+ bobSessionBuilder.process(alicePreKeyBundle);
+
+ CiphertextMessage messageForBob = aliceSessionCipher.encrypt("hey there".getBytes());
+ CiphertextMessage messageForAlice = bobSessionCipher.encrypt("sample message".getBytes());
+
+ assertTrue(messageForBob.getType() == CiphertextMessage.PREKEY_TYPE);
+ assertTrue(messageForAlice.getType() == CiphertextMessage.PREKEY_TYPE);
+
+ assertFalse(isSessionIdEqual(aliceStore, bobStore));
+
+ byte[] alicePlaintext = aliceSessionCipher.decrypt(new PreKeyWhisperMessage(messageForAlice.serialize()));
+ byte[] bobPlaintext = bobSessionCipher.decrypt(new PreKeyWhisperMessage(messageForBob.serialize()));
+
+ assertTrue(new String(alicePlaintext).equals("sample message"));
+ assertTrue(new String(bobPlaintext).equals("hey there"));
+
+ assertTrue(aliceStore.loadSession(BOB_RECIPENT_ID, 1).getSessionState().getSessionVersion() == 3);
+ assertTrue(bobStore.loadSession(ALICE_RECIPIENT_ID, 1).getSessionState().getSessionVersion() == 3);
+
+ assertFalse(isSessionIdEqual(aliceStore, bobStore));
+
+ CiphertextMessage aliceResponse = aliceSessionCipher.encrypt("second message".getBytes());
+
+ assertTrue(aliceResponse.getType() == CiphertextMessage.WHISPER_TYPE);
+
+// byte[] responsePlaintext = bobSessionCipher.decrypt(new WhisperMessage(aliceResponse.serialize()));
+//
+// assertTrue(new String(responsePlaintext).equals("second message"));
+// assertTrue(isSessionIdEqual(aliceStore, bobStore));
+ assertFalse(isSessionIdEqual(aliceStore, bobStore));
+
+ CiphertextMessage finalMessage = bobSessionCipher.encrypt("third message".getBytes());
+
+ assertTrue(finalMessage.getType() == CiphertextMessage.WHISPER_TYPE);
+
+ byte[] finalPlaintext = aliceSessionCipher.decrypt(new WhisperMessage(finalMessage.serialize()));
+
+ assertTrue(new String(finalPlaintext).equals("third message"));
+ assertTrue(isSessionIdEqual(aliceStore, bobStore));
+ }
+
+ public void testSimultaneousInitiateRepeatedMessages()
+ throws InvalidKeyException, UntrustedIdentityException, InvalidVersionException,
+ InvalidMessageException, DuplicateMessageException, LegacyMessageException,
+ InvalidKeyIdException, NoSessionException
+ {
+ AxolotlStore aliceStore = new InMemoryAxolotlStore();
+ AxolotlStore bobStore = new InMemoryAxolotlStore();
+
+ PreKeyBundle alicePreKeyBundle = createAlicePreKeyBundle(aliceStore);
+ PreKeyBundle bobPreKeyBundle = createBobPreKeyBundle(bobStore);
+
+ SessionBuilder aliceSessionBuilder = new SessionBuilder(aliceStore, BOB_RECIPENT_ID, 1);
+ SessionBuilder bobSessionBuilder = new SessionBuilder(bobStore, ALICE_RECIPIENT_ID, 1);
+
+ SessionCipher aliceSessionCipher = new SessionCipher(aliceStore, BOB_RECIPENT_ID, 1);
+ SessionCipher bobSessionCipher = new SessionCipher(bobStore, ALICE_RECIPIENT_ID, 1);
+
+ aliceSessionBuilder.process(bobPreKeyBundle);
+ bobSessionBuilder.process(alicePreKeyBundle);
+
+ CiphertextMessage messageForBob = aliceSessionCipher.encrypt("hey there".getBytes());
+ CiphertextMessage messageForAlice = bobSessionCipher.encrypt("sample message".getBytes());
+
+ assertTrue(messageForBob.getType() == CiphertextMessage.PREKEY_TYPE);
+ assertTrue(messageForAlice.getType() == CiphertextMessage.PREKEY_TYPE);
+
+ assertFalse(isSessionIdEqual(aliceStore, bobStore));
+
+ byte[] alicePlaintext = aliceSessionCipher.decrypt(new PreKeyWhisperMessage(messageForAlice.serialize()));
+ byte[] bobPlaintext = bobSessionCipher.decrypt(new PreKeyWhisperMessage(messageForBob.serialize()));
+
+ assertTrue(new String(alicePlaintext).equals("sample message"));
+ assertTrue(new String(bobPlaintext).equals("hey there"));
+
+ assertTrue(aliceStore.loadSession(BOB_RECIPENT_ID, 1).getSessionState().getSessionVersion() == 3);
+ assertTrue(bobStore.loadSession(ALICE_RECIPIENT_ID, 1).getSessionState().getSessionVersion() == 3);
+
+ assertFalse(isSessionIdEqual(aliceStore, bobStore));
+
+ for (int i=0;i<50;i++) {
+ CiphertextMessage messageForBobRepeat = aliceSessionCipher.encrypt("hey there".getBytes());
+ CiphertextMessage messageForAliceRepeat = bobSessionCipher.encrypt("sample message".getBytes());
+
+ assertTrue(messageForBobRepeat.getType() == CiphertextMessage.WHISPER_TYPE);
+ assertTrue(messageForAliceRepeat.getType() == CiphertextMessage.WHISPER_TYPE);
+
+ assertFalse(isSessionIdEqual(aliceStore, bobStore));
+
+ byte[] alicePlaintextRepeat = aliceSessionCipher.decrypt(new WhisperMessage(messageForAliceRepeat.serialize()));
+ byte[] bobPlaintextRepeat = bobSessionCipher.decrypt(new WhisperMessage(messageForBobRepeat.serialize()));
+
+ assertTrue(new String(alicePlaintextRepeat).equals("sample message"));
+ assertTrue(new String(bobPlaintextRepeat).equals("hey there"));
+
+ assertFalse(isSessionIdEqual(aliceStore, bobStore));
+ }
+
+ CiphertextMessage aliceResponse = aliceSessionCipher.encrypt("second message".getBytes());
+
+ assertTrue(aliceResponse.getType() == CiphertextMessage.WHISPER_TYPE);
+
+ byte[] responsePlaintext = bobSessionCipher.decrypt(new WhisperMessage(aliceResponse.serialize()));
+
+ assertTrue(new String(responsePlaintext).equals("second message"));
+ assertTrue(isSessionIdEqual(aliceStore, bobStore));
+
+ CiphertextMessage finalMessage = bobSessionCipher.encrypt("third message".getBytes());
+
+ assertTrue(finalMessage.getType() == CiphertextMessage.WHISPER_TYPE);
+
+ byte[] finalPlaintext = aliceSessionCipher.decrypt(new WhisperMessage(finalMessage.serialize()));
+
+ assertTrue(new String(finalPlaintext).equals("third message"));
+ assertTrue(isSessionIdEqual(aliceStore, bobStore));
+ }
+
+ public void testRepeatedSimultaneousInitiateRepeatedMessages()
+ throws InvalidKeyException, UntrustedIdentityException, InvalidVersionException,
+ InvalidMessageException, DuplicateMessageException, LegacyMessageException,
+ InvalidKeyIdException, NoSessionException
+ {
+ AxolotlStore aliceStore = new InMemoryAxolotlStore();
+ AxolotlStore bobStore = new InMemoryAxolotlStore();
+
+
+ SessionBuilder aliceSessionBuilder = new SessionBuilder(aliceStore, BOB_RECIPENT_ID, 1);
+ SessionBuilder bobSessionBuilder = new SessionBuilder(bobStore, ALICE_RECIPIENT_ID, 1);
+
+ SessionCipher aliceSessionCipher = new SessionCipher(aliceStore, BOB_RECIPENT_ID, 1);
+ SessionCipher bobSessionCipher = new SessionCipher(bobStore, ALICE_RECIPIENT_ID, 1);
+
+ for (int i=0;i<15;i++) {
+ PreKeyBundle alicePreKeyBundle = createAlicePreKeyBundle(aliceStore);
+ PreKeyBundle bobPreKeyBundle = createBobPreKeyBundle(bobStore);
+
+ aliceSessionBuilder.process(bobPreKeyBundle);
+ bobSessionBuilder.process(alicePreKeyBundle);
+
+ CiphertextMessage messageForBob = aliceSessionCipher.encrypt("hey there".getBytes());
+ CiphertextMessage messageForAlice = bobSessionCipher.encrypt("sample message".getBytes());
+
+ assertTrue(messageForBob.getType() == CiphertextMessage.PREKEY_TYPE);
+ assertTrue(messageForAlice.getType() == CiphertextMessage.PREKEY_TYPE);
+
+ assertFalse(isSessionIdEqual(aliceStore, bobStore));
+
+ byte[] alicePlaintext = aliceSessionCipher.decrypt(new PreKeyWhisperMessage(messageForAlice.serialize()));
+ byte[] bobPlaintext = bobSessionCipher.decrypt(new PreKeyWhisperMessage(messageForBob.serialize()));
+
+ assertTrue(new String(alicePlaintext).equals("sample message"));
+ assertTrue(new String(bobPlaintext).equals("hey there"));
+
+ assertTrue(aliceStore.loadSession(BOB_RECIPENT_ID, 1).getSessionState().getSessionVersion() == 3);
+ assertTrue(bobStore.loadSession(ALICE_RECIPIENT_ID, 1).getSessionState().getSessionVersion() == 3);
+
+ assertFalse(isSessionIdEqual(aliceStore, bobStore));
+ }
+
+ for (int i=0;i<50;i++) {
+ CiphertextMessage messageForBobRepeat = aliceSessionCipher.encrypt("hey there".getBytes());
+ CiphertextMessage messageForAliceRepeat = bobSessionCipher.encrypt("sample message".getBytes());
+
+ assertTrue(messageForBobRepeat.getType() == CiphertextMessage.WHISPER_TYPE);
+ assertTrue(messageForAliceRepeat.getType() == CiphertextMessage.WHISPER_TYPE);
+
+ assertFalse(isSessionIdEqual(aliceStore, bobStore));
+
+ byte[] alicePlaintextRepeat = aliceSessionCipher.decrypt(new WhisperMessage(messageForAliceRepeat.serialize()));
+ byte[] bobPlaintextRepeat = bobSessionCipher.decrypt(new WhisperMessage(messageForBobRepeat.serialize()));
+
+ assertTrue(new String(alicePlaintextRepeat).equals("sample message"));
+ assertTrue(new String(bobPlaintextRepeat).equals("hey there"));
+
+ assertFalse(isSessionIdEqual(aliceStore, bobStore));
+ }
+
+ CiphertextMessage aliceResponse = aliceSessionCipher.encrypt("second message".getBytes());
+
+ assertTrue(aliceResponse.getType() == CiphertextMessage.WHISPER_TYPE);
+
+ byte[] responsePlaintext = bobSessionCipher.decrypt(new WhisperMessage(aliceResponse.serialize()));
+
+ assertTrue(new String(responsePlaintext).equals("second message"));
+ assertTrue(isSessionIdEqual(aliceStore, bobStore));
+
+ CiphertextMessage finalMessage = bobSessionCipher.encrypt("third message".getBytes());
+
+ assertTrue(finalMessage.getType() == CiphertextMessage.WHISPER_TYPE);
+
+ byte[] finalPlaintext = aliceSessionCipher.decrypt(new WhisperMessage(finalMessage.serialize()));
+
+ assertTrue(new String(finalPlaintext).equals("third message"));
+ assertTrue(isSessionIdEqual(aliceStore, bobStore));
+ }
+
+ public void testRepeatedSimultaneousInitiateLostMessageRepeatedMessages()
+ throws InvalidKeyException, UntrustedIdentityException, InvalidVersionException,
+ InvalidMessageException, DuplicateMessageException, LegacyMessageException,
+ InvalidKeyIdException, NoSessionException
+ {
+ AxolotlStore aliceStore = new InMemoryAxolotlStore();
+ AxolotlStore bobStore = new InMemoryAxolotlStore();
+
+
+ SessionBuilder aliceSessionBuilder = new SessionBuilder(aliceStore, BOB_RECIPENT_ID, 1);
+ SessionBuilder bobSessionBuilder = new SessionBuilder(bobStore, ALICE_RECIPIENT_ID, 1);
+
+ SessionCipher aliceSessionCipher = new SessionCipher(aliceStore, BOB_RECIPENT_ID, 1);
+ SessionCipher bobSessionCipher = new SessionCipher(bobStore, ALICE_RECIPIENT_ID, 1);
+
+// PreKeyBundle aliceLostPreKeyBundle = createAlicePreKeyBundle(aliceStore);
+ PreKeyBundle bobLostPreKeyBundle = createBobPreKeyBundle(bobStore);
+
+ aliceSessionBuilder.process(bobLostPreKeyBundle);
+// bobSessionBuilder.process(aliceLostPreKeyBundle);
+
+ CiphertextMessage lostMessageForBob = aliceSessionCipher.encrypt("hey there".getBytes());
+// CiphertextMessage lostMessageForAlice = bobSessionCipher.encrypt("sample message".getBytes());
+
+ for (int i=0;i<15;i++) {
+ PreKeyBundle alicePreKeyBundle = createAlicePreKeyBundle(aliceStore);
+ PreKeyBundle bobPreKeyBundle = createBobPreKeyBundle(bobStore);
+
+ aliceSessionBuilder.process(bobPreKeyBundle);
+ bobSessionBuilder.process(alicePreKeyBundle);
+
+ CiphertextMessage messageForBob = aliceSessionCipher.encrypt("hey there".getBytes());
+ CiphertextMessage messageForAlice = bobSessionCipher.encrypt("sample message".getBytes());
+
+ assertTrue(messageForBob.getType() == CiphertextMessage.PREKEY_TYPE);
+ assertTrue(messageForAlice.getType() == CiphertextMessage.PREKEY_TYPE);
+
+ assertFalse(isSessionIdEqual(aliceStore, bobStore));
+
+ byte[] alicePlaintext = aliceSessionCipher.decrypt(new PreKeyWhisperMessage(messageForAlice.serialize()));
+ byte[] bobPlaintext = bobSessionCipher.decrypt(new PreKeyWhisperMessage(messageForBob.serialize()));
+
+ assertTrue(new String(alicePlaintext).equals("sample message"));
+ assertTrue(new String(bobPlaintext).equals("hey there"));
+
+ assertTrue(aliceStore.loadSession(BOB_RECIPENT_ID, 1).getSessionState().getSessionVersion() == 3);
+ assertTrue(bobStore.loadSession(ALICE_RECIPIENT_ID, 1).getSessionState().getSessionVersion() == 3);
+
+ assertFalse(isSessionIdEqual(aliceStore, bobStore));
+ }
+
+ for (int i=0;i<50;i++) {
+ CiphertextMessage messageForBobRepeat = aliceSessionCipher.encrypt("hey there".getBytes());
+ CiphertextMessage messageForAliceRepeat = bobSessionCipher.encrypt("sample message".getBytes());
+
+ assertTrue(messageForBobRepeat.getType() == CiphertextMessage.WHISPER_TYPE);
+ assertTrue(messageForAliceRepeat.getType() == CiphertextMessage.WHISPER_TYPE);
+
+ assertFalse(isSessionIdEqual(aliceStore, bobStore));
+
+ byte[] alicePlaintextRepeat = aliceSessionCipher.decrypt(new WhisperMessage(messageForAliceRepeat.serialize()));
+ byte[] bobPlaintextRepeat = bobSessionCipher.decrypt(new WhisperMessage(messageForBobRepeat.serialize()));
+
+ assertTrue(new String(alicePlaintextRepeat).equals("sample message"));
+ assertTrue(new String(bobPlaintextRepeat).equals("hey there"));
+
+ assertFalse(isSessionIdEqual(aliceStore, bobStore));
+ }
+
+ CiphertextMessage aliceResponse = aliceSessionCipher.encrypt("second message".getBytes());
+
+ assertTrue(aliceResponse.getType() == CiphertextMessage.WHISPER_TYPE);
+
+ byte[] responsePlaintext = bobSessionCipher.decrypt(new WhisperMessage(aliceResponse.serialize()));
+
+ assertTrue(new String(responsePlaintext).equals("second message"));
+ assertTrue(isSessionIdEqual(aliceStore, bobStore));
+
+ CiphertextMessage finalMessage = bobSessionCipher.encrypt("third message".getBytes());
+
+ assertTrue(finalMessage.getType() == CiphertextMessage.WHISPER_TYPE);
+
+ byte[] finalPlaintext = aliceSessionCipher.decrypt(new WhisperMessage(finalMessage.serialize()));
+
+ assertTrue(new String(finalPlaintext).equals("third message"));
+ assertTrue(isSessionIdEqual(aliceStore, bobStore));
+
+ byte[] lostMessagePlaintext = bobSessionCipher.decrypt(new PreKeyWhisperMessage(lostMessageForBob.serialize()));
+ assertTrue(new String(lostMessagePlaintext).equals("hey there"));
+
+ assertFalse(isSessionIdEqual(aliceStore, bobStore));
+
+ CiphertextMessage blastFromThePast = bobSessionCipher.encrypt("unexpected!".getBytes());
+ byte[] blastFromThePastPlaintext = aliceSessionCipher.decrypt(new WhisperMessage(blastFromThePast.serialize()));
+
+ assertTrue(new String(blastFromThePastPlaintext).equals("unexpected!"));
+ assertTrue(isSessionIdEqual(aliceStore, bobStore));
+ }
+
+ private boolean isSessionIdEqual(AxolotlStore aliceStore, AxolotlStore bobStore) {
+ return Arrays.equals(aliceStore.loadSession(BOB_RECIPENT_ID, 1).getSessionState().getAliceBaseKey(),
+ bobStore.loadSession(ALICE_RECIPIENT_ID, 1).getSessionState().getAliceBaseKey());
+ }
+
+ private PreKeyBundle createAlicePreKeyBundle(AxolotlStore aliceStore) throws InvalidKeyException {
+ ECKeyPair aliceUnsignedPreKey = Curve.generateKeyPair();
+ int aliceUnsignedPreKeyId = new Random().nextInt(Medium.MAX_VALUE);
+ byte[] aliceSignature = Curve.calculateSignature(aliceStore.getIdentityKeyPair().getPrivateKey(),
+ aliceSignedPreKey.getPublicKey().serialize());
+
+ PreKeyBundle alicePreKeyBundle = new PreKeyBundle(1, 1,
+ aliceUnsignedPreKeyId, aliceUnsignedPreKey.getPublicKey(),
+ aliceSignedPreKeyId, aliceSignedPreKey.getPublicKey(),
+ aliceSignature, aliceStore.getIdentityKeyPair().getPublicKey());
+
+ aliceStore.storeSignedPreKey(aliceSignedPreKeyId, new SignedPreKeyRecord(aliceSignedPreKeyId, System.currentTimeMillis(), aliceSignedPreKey, aliceSignature));
+ aliceStore.storePreKey(aliceUnsignedPreKeyId, new PreKeyRecord(aliceUnsignedPreKeyId, aliceUnsignedPreKey));
+
+ return alicePreKeyBundle;
+ }
+
+ private PreKeyBundle createBobPreKeyBundle(AxolotlStore bobStore) throws InvalidKeyException {
+ ECKeyPair bobUnsignedPreKey = Curve.generateKeyPair();
+ int bobUnsignedPreKeyId = new Random().nextInt(Medium.MAX_VALUE);
+ byte[] bobSignature = Curve.calculateSignature(bobStore.getIdentityKeyPair().getPrivateKey(),
+ bobSignedPreKey.getPublicKey().serialize());
+
+ PreKeyBundle bobPreKeyBundle = new PreKeyBundle(1, 1,
+ bobUnsignedPreKeyId, bobUnsignedPreKey.getPublicKey(),
+ bobSignedPreKeyId, bobSignedPreKey.getPublicKey(),
+ bobSignature, bobStore.getIdentityKeyPair().getPublicKey());
+
+ bobStore.storeSignedPreKey(bobSignedPreKeyId, new SignedPreKeyRecord(bobSignedPreKeyId, System.currentTimeMillis(), bobSignedPreKey, bobSignature));
+ bobStore.storePreKey(bobUnsignedPreKeyId, new PreKeyRecord(bobUnsignedPreKeyId, bobUnsignedPreKey));
+
+ return bobPreKeyBundle;
+ }
+}
diff --git a/tests/src/main/java/org/whispersystems/libaxolotl/ecc/Curve25519Test.java b/tests/src/main/java/org/whispersystems/libaxolotl/ecc/Curve25519Test.java
new file mode 100644
index 00000000..b10085bb
--- /dev/null
+++ b/tests/src/main/java/org/whispersystems/libaxolotl/ecc/Curve25519Test.java
@@ -0,0 +1,136 @@
+package org.whispersystems.libaxolotl.ecc;
+
+import junit.framework.TestCase;
+
+import org.whispersystems.libaxolotl.InvalidKeyException;
+
+import java.util.Arrays;
+
+
+public class Curve25519Test extends TestCase {
+
+ public void testAgreement() throws InvalidKeyException {
+ byte[] alicePublic = {(byte) 0x05, (byte) 0x1b, (byte) 0xb7, (byte) 0x59, (byte) 0x66,
+ (byte) 0xf2, (byte) 0xe9, (byte) 0x3a, (byte) 0x36, (byte) 0x91,
+ (byte) 0xdf, (byte) 0xff, (byte) 0x94, (byte) 0x2b, (byte) 0xb2,
+ (byte) 0xa4, (byte) 0x66, (byte) 0xa1, (byte) 0xc0, (byte) 0x8b,
+ (byte) 0x8d, (byte) 0x78, (byte) 0xca, (byte) 0x3f, (byte) 0x4d,
+ (byte) 0x6d, (byte) 0xf8, (byte) 0xb8, (byte) 0xbf, (byte) 0xa2,
+ (byte) 0xe4, (byte) 0xee, (byte) 0x28};
+
+ byte[] alicePrivate = {(byte) 0xc8, (byte) 0x06, (byte) 0x43, (byte) 0x9d, (byte) 0xc9,
+ (byte) 0xd2, (byte) 0xc4, (byte) 0x76, (byte) 0xff, (byte) 0xed,
+ (byte) 0x8f, (byte) 0x25, (byte) 0x80, (byte) 0xc0, (byte) 0x88,
+ (byte) 0x8d, (byte) 0x58, (byte) 0xab, (byte) 0x40, (byte) 0x6b,
+ (byte) 0xf7, (byte) 0xae, (byte) 0x36, (byte) 0x98, (byte) 0x87,
+ (byte) 0x90, (byte) 0x21, (byte) 0xb9, (byte) 0x6b, (byte) 0xb4,
+ (byte) 0xbf, (byte) 0x59};
+
+ byte[] bobPublic = {(byte) 0x05, (byte) 0x65, (byte) 0x36, (byte) 0x14, (byte) 0x99,
+ (byte) 0x3d, (byte) 0x2b, (byte) 0x15, (byte) 0xee, (byte) 0x9e,
+ (byte) 0x5f, (byte) 0xd3, (byte) 0xd8, (byte) 0x6c, (byte) 0xe7,
+ (byte) 0x19, (byte) 0xef, (byte) 0x4e, (byte) 0xc1, (byte) 0xda,
+ (byte) 0xae, (byte) 0x18, (byte) 0x86, (byte) 0xa8, (byte) 0x7b,
+ (byte) 0x3f, (byte) 0x5f, (byte) 0xa9, (byte) 0x56, (byte) 0x5a,
+ (byte) 0x27, (byte) 0xa2, (byte) 0x2f};
+
+ byte[] bobPrivate = {(byte) 0xb0, (byte) 0x3b, (byte) 0x34, (byte) 0xc3, (byte) 0x3a,
+ (byte) 0x1c, (byte) 0x44, (byte) 0xf2, (byte) 0x25, (byte) 0xb6,
+ (byte) 0x62, (byte) 0xd2, (byte) 0xbf, (byte) 0x48, (byte) 0x59,
+ (byte) 0xb8, (byte) 0x13, (byte) 0x54, (byte) 0x11, (byte) 0xfa,
+ (byte) 0x7b, (byte) 0x03, (byte) 0x86, (byte) 0xd4, (byte) 0x5f,
+ (byte) 0xb7, (byte) 0x5d, (byte) 0xc5, (byte) 0xb9, (byte) 0x1b,
+ (byte) 0x44, (byte) 0x66};
+
+ byte[] shared = {(byte) 0x32, (byte) 0x5f, (byte) 0x23, (byte) 0x93, (byte) 0x28,
+ (byte) 0x94, (byte) 0x1c, (byte) 0xed, (byte) 0x6e, (byte) 0x67,
+ (byte) 0x3b, (byte) 0x86, (byte) 0xba, (byte) 0x41, (byte) 0x01,
+ (byte) 0x74, (byte) 0x48, (byte) 0xe9, (byte) 0x9b, (byte) 0x64,
+ (byte) 0x9a, (byte) 0x9c, (byte) 0x38, (byte) 0x06, (byte) 0xc1,
+ (byte) 0xdd, (byte) 0x7c, (byte) 0xa4, (byte) 0xc4, (byte) 0x77,
+ (byte) 0xe6, (byte) 0x29};
+
+ ECPublicKey alicePublicKey = Curve.decodePoint(alicePublic, 0);
+ ECPrivateKey alicePrivateKey = Curve.decodePrivatePoint(alicePrivate);
+
+ ECPublicKey bobPublicKey = Curve.decodePoint(bobPublic, 0);
+ ECPrivateKey bobPrivateKey = Curve.decodePrivatePoint(bobPrivate);
+
+ byte[] sharedOne = Curve.calculateAgreement(alicePublicKey, bobPrivateKey);
+ byte[] sharedTwo = Curve.calculateAgreement(bobPublicKey, alicePrivateKey);
+
+ assertTrue(Arrays.equals(sharedOne, shared));
+ assertTrue(Arrays.equals(sharedTwo, shared));
+ }
+
+ public void testRandomAgreements() throws InvalidKeyException {
+ for (int i=0;i<50;i++) {
+ ECKeyPair alice = Curve.generateKeyPair();
+ ECKeyPair bob = Curve.generateKeyPair();
+
+ byte[] sharedAlice = Curve.calculateAgreement(bob.getPublicKey(), alice.getPrivateKey());
+ byte[] sharedBob = Curve.calculateAgreement(alice.getPublicKey(), bob.getPrivateKey());
+
+ assertTrue(Arrays.equals(sharedAlice, sharedBob));
+ }
+ }
+
+ public void testSignature() throws InvalidKeyException {
+ byte[] aliceIdentityPrivate = {(byte)0xc0, (byte)0x97, (byte)0x24, (byte)0x84, (byte)0x12,
+ (byte)0xe5, (byte)0x8b, (byte)0xf0, (byte)0x5d, (byte)0xf4,
+ (byte)0x87, (byte)0x96, (byte)0x82, (byte)0x05, (byte)0x13,
+ (byte)0x27, (byte)0x94, (byte)0x17, (byte)0x8e, (byte)0x36,
+ (byte)0x76, (byte)0x37, (byte)0xf5, (byte)0x81, (byte)0x8f,
+ (byte)0x81, (byte)0xe0, (byte)0xe6, (byte)0xce, (byte)0x73,
+ (byte)0xe8, (byte)0x65};
+
+ byte[] aliceIdentityPublic = {(byte)0x05, (byte)0xab, (byte)0x7e, (byte)0x71, (byte)0x7d,
+ (byte)0x4a, (byte)0x16, (byte)0x3b, (byte)0x7d, (byte)0x9a,
+ (byte)0x1d, (byte)0x80, (byte)0x71, (byte)0xdf, (byte)0xe9,
+ (byte)0xdc, (byte)0xf8, (byte)0xcd, (byte)0xcd, (byte)0x1c,
+ (byte)0xea, (byte)0x33, (byte)0x39, (byte)0xb6, (byte)0x35,
+ (byte)0x6b, (byte)0xe8, (byte)0x4d, (byte)0x88, (byte)0x7e,
+ (byte)0x32, (byte)0x2c, (byte)0x64};
+
+ byte[] aliceEphemeralPublic = {(byte)0x05, (byte)0xed, (byte)0xce, (byte)0x9d, (byte)0x9c,
+ (byte)0x41, (byte)0x5c, (byte)0xa7, (byte)0x8c, (byte)0xb7,
+ (byte)0x25, (byte)0x2e, (byte)0x72, (byte)0xc2, (byte)0xc4,
+ (byte)0xa5, (byte)0x54, (byte)0xd3, (byte)0xeb, (byte)0x29,
+ (byte)0x48, (byte)0x5a, (byte)0x0e, (byte)0x1d, (byte)0x50,
+ (byte)0x31, (byte)0x18, (byte)0xd1, (byte)0xa8, (byte)0x2d,
+ (byte)0x99, (byte)0xfb, (byte)0x4a};
+
+ byte[] aliceSignature = {(byte)0x5d, (byte)0xe8, (byte)0x8c, (byte)0xa9, (byte)0xa8,
+ (byte)0x9b, (byte)0x4a, (byte)0x11, (byte)0x5d, (byte)0xa7,
+ (byte)0x91, (byte)0x09, (byte)0xc6, (byte)0x7c, (byte)0x9c,
+ (byte)0x74, (byte)0x64, (byte)0xa3, (byte)0xe4, (byte)0x18,
+ (byte)0x02, (byte)0x74, (byte)0xf1, (byte)0xcb, (byte)0x8c,
+ (byte)0x63, (byte)0xc2, (byte)0x98, (byte)0x4e, (byte)0x28,
+ (byte)0x6d, (byte)0xfb, (byte)0xed, (byte)0xe8, (byte)0x2d,
+ (byte)0xeb, (byte)0x9d, (byte)0xcd, (byte)0x9f, (byte)0xae,
+ (byte)0x0b, (byte)0xfb, (byte)0xb8, (byte)0x21, (byte)0x56,
+ (byte)0x9b, (byte)0x3d, (byte)0x90, (byte)0x01, (byte)0xbd,
+ (byte)0x81, (byte)0x30, (byte)0xcd, (byte)0x11, (byte)0xd4,
+ (byte)0x86, (byte)0xce, (byte)0xf0, (byte)0x47, (byte)0xbd,
+ (byte)0x60, (byte)0xb8, (byte)0x6e, (byte)0x88};
+
+ ECPrivateKey alicePrivateKey = Curve.decodePrivatePoint(aliceIdentityPrivate);
+ ECPublicKey alicePublicKey = Curve.decodePoint(aliceIdentityPublic, 0);
+ ECPublicKey aliceEphemeral = Curve.decodePoint(aliceEphemeralPublic, 0);
+
+ if (!Curve.verifySignature(alicePublicKey, aliceEphemeral.serialize(), aliceSignature)) {
+ throw new AssertionError("Sig verification failed!");
+ }
+
+ for (int i=0;i<aliceSignature.length;i++) {
+ byte[] modifiedSignature = new byte[aliceSignature.length];
+ System.arraycopy(aliceSignature, 0, modifiedSignature, 0, modifiedSignature.length);
+
+ modifiedSignature[i] ^= 0x01;
+
+ if (Curve.verifySignature(alicePublicKey, aliceEphemeral.serialize(), modifiedSignature)) {
+ throw new AssertionError("Sig verification succeeded!");
+ }
+ }
+ }
+}
diff --git a/tests/src/main/java/org/whispersystems/libaxolotl/groups/GroupCipherTest.java b/tests/src/main/java/org/whispersystems/libaxolotl/groups/GroupCipherTest.java
new file mode 100644
index 00000000..7c9892b0
--- /dev/null
+++ b/tests/src/main/java/org/whispersystems/libaxolotl/groups/GroupCipherTest.java
@@ -0,0 +1,146 @@
+package org.whispersystems.libaxolotl.groups;
+
+import junit.framework.TestCase;
+
+import org.whispersystems.libaxolotl.DuplicateMessageException;
+import org.whispersystems.libaxolotl.InvalidMessageException;
+import org.whispersystems.libaxolotl.LegacyMessageException;
+import org.whispersystems.libaxolotl.NoSessionException;
+import org.whispersystems.libaxolotl.ecc.ECKeyPair;
+import org.whispersystems.libaxolotl.protocol.SenderKeyDistributionMessage;
+import org.whispersystems.libaxolotl.util.KeyHelper;
+
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import java.util.ArrayList;
+
+public class GroupCipherTest extends TestCase {
+
+ public void testBasicEncryptDecrypt()
+ throws LegacyMessageException, DuplicateMessageException, InvalidMessageException, NoSessionException
+ {
+ InMemorySenderKeyStore aliceStore = new InMemorySenderKeyStore();
+ InMemorySenderKeyStore bobStore = new InMemorySenderKeyStore();
+
+ GroupSessionBuilder aliceSessionBuilder = new GroupSessionBuilder(aliceStore);
+ GroupSessionBuilder bobSessionBuilder = new GroupSessionBuilder(bobStore);
+
+ GroupCipher aliceGroupCipher = new GroupCipher(aliceStore, "groupWithBobInIt");
+ GroupCipher bobGroupCipher = new GroupCipher(bobStore, "groupWithBobInIt::aliceUserName");
+
+ byte[] aliceSenderKey = KeyHelper.generateSenderKey();
+ ECKeyPair aliceSenderSigningKey = KeyHelper.generateSenderSigningKey();
+ int aliceSenderKeyId = KeyHelper.generateSenderKeyId();
+
+ SenderKeyDistributionMessage aliceDistributionMessage =
+ aliceSessionBuilder.process("groupWithBobInIt", aliceSenderKeyId, 0,
+ aliceSenderKey, aliceSenderSigningKey);
+
+ bobSessionBuilder.process("groupWithBobInIt::aliceUserName", aliceDistributionMessage);
+
+ byte[] ciphertextFromAlice = aliceGroupCipher.encrypt("smert ze smert".getBytes());
+ byte[] plaintextFromAlice = bobGroupCipher.decrypt(ciphertextFromAlice);
+
+ assertTrue(new String(plaintextFromAlice).equals("smert ze smert"));
+ }
+
+ public void testBasicRatchet()
+ throws LegacyMessageException, DuplicateMessageException, InvalidMessageException, NoSessionException
+ {
+ InMemorySenderKeyStore aliceStore = new InMemorySenderKeyStore();
+ InMemorySenderKeyStore bobStore = new InMemorySenderKeyStore();
+
+ GroupSessionBuilder aliceSessionBuilder = new GroupSessionBuilder(aliceStore);
+ GroupSessionBuilder bobSessionBuilder = new GroupSessionBuilder(bobStore);
+
+ GroupCipher aliceGroupCipher = new GroupCipher(aliceStore, "groupWithBobInIt");
+ GroupCipher bobGroupCipher = new GroupCipher(bobStore, "groupWithBobInIt::aliceUserName");
+
+ byte[] aliceSenderKey = KeyHelper.generateSenderKey();
+ ECKeyPair aliceSenderSigningKey = KeyHelper.generateSenderSigningKey();
+ int aliceSenderKeyId = KeyHelper.generateSenderKeyId();
+
+ SenderKeyDistributionMessage aliceDistributionMessage =
+ aliceSessionBuilder.process("groupWithBobInIt", aliceSenderKeyId, 0,
+ aliceSenderKey, aliceSenderSigningKey);
+
+ bobSessionBuilder.process("groupWithBobInIt::aliceUserName", aliceDistributionMessage);
+
+ byte[] ciphertextFromAlice = aliceGroupCipher.encrypt("smert ze smert".getBytes());
+ byte[] ciphertextFromAlice2 = aliceGroupCipher.encrypt("smert ze smert2".getBytes());
+ byte[] ciphertextFromAlice3 = aliceGroupCipher.encrypt("smert ze smert3".getBytes());
+
+ byte[] plaintextFromAlice = bobGroupCipher.decrypt(ciphertextFromAlice);
+
+ try {
+ bobGroupCipher.decrypt(ciphertextFromAlice);
+ throw new AssertionError("Should have ratcheted forward!");
+ } catch (DuplicateMessageException dme) {
+ // good
+ }
+
+ byte[] plaintextFromAlice2 = bobGroupCipher.decrypt(ciphertextFromAlice2);
+ byte[] plaintextFromAlice3 = bobGroupCipher.decrypt(ciphertextFromAlice3);
+
+ assertTrue(new String(plaintextFromAlice).equals("smert ze smert"));
+ assertTrue(new String(plaintextFromAlice2).equals("smert ze smert2"));
+ assertTrue(new String(plaintextFromAlice3).equals("smert ze smert3"));
+ }
+
+ public void testOutOfOrder()
+ throws LegacyMessageException, DuplicateMessageException, InvalidMessageException, NoSessionException
+ {
+ InMemorySenderKeyStore aliceStore = new InMemorySenderKeyStore();
+ InMemorySenderKeyStore bobStore = new InMemorySenderKeyStore();
+
+ GroupSessionBuilder aliceSessionBuilder = new GroupSessionBuilder(aliceStore);
+ GroupSessionBuilder bobSessionBuilder = new GroupSessionBuilder(bobStore);
+
+ GroupCipher aliceGroupCipher = new GroupCipher(aliceStore, "groupWithBobInIt");
+ GroupCipher bobGroupCipher = new GroupCipher(bobStore, "groupWithBobInIt::aliceUserName");
+
+ byte[] aliceSenderKey = KeyHelper.generateSenderKey();
+ ECKeyPair aliceSenderSigningKey = KeyHelper.generateSenderSigningKey();
+ int aliceSenderKeyId = KeyHelper.generateSenderKeyId();
+
+ SenderKeyDistributionMessage aliceDistributionMessage =
+ aliceSessionBuilder.process("groupWithBobInIt", aliceSenderKeyId, 0,
+ aliceSenderKey, aliceSenderSigningKey);
+
+ bobSessionBuilder.process("groupWithBobInIt::aliceUserName", aliceDistributionMessage);
+
+
+ ArrayList<byte[]> ciphertexts = new ArrayList<>(100);
+
+ for (int i=0;i<100;i++) {
+ ciphertexts.add(aliceGroupCipher.encrypt("up the punks".getBytes()));
+ }
+
+ while (ciphertexts.size() > 0) {
+ int index = randomInt() % ciphertexts.size();
+ byte[] ciphertext = ciphertexts.remove(index);
+ byte[] plaintext = bobGroupCipher.decrypt(ciphertext);
+
+ assertTrue(new String(plaintext).equals("up the punks"));
+ }
+ }
+
+ public void testEncryptNoSession() {
+ InMemorySenderKeyStore aliceStore = new InMemorySenderKeyStore();
+ GroupCipher aliceGroupCipher = new GroupCipher(aliceStore, "groupWithBobInIt");
+ try {
+ aliceGroupCipher.encrypt("up the punks".getBytes());
+ throw new AssertionError("Should have failed!");
+ } catch (NoSessionException nse) {
+ // good
+ }
+ }
+
+ private int randomInt() {
+ try {
+ return SecureRandom.getInstance("SHA1PRNG").nextInt(Integer.MAX_VALUE);
+ } catch (NoSuchAlgorithmException e) {
+ throw new AssertionError(e);
+ }
+ }
+}
diff --git a/tests/src/main/java/org/whispersystems/libaxolotl/groups/InMemorySenderKeyStore.java b/tests/src/main/java/org/whispersystems/libaxolotl/groups/InMemorySenderKeyStore.java
new file mode 100644
index 00000000..c012566a
--- /dev/null
+++ b/tests/src/main/java/org/whispersystems/libaxolotl/groups/InMemorySenderKeyStore.java
@@ -0,0 +1,33 @@
+package org.whispersystems.libaxolotl.groups;
+
+import org.whispersystems.libaxolotl.groups.state.SenderKeyRecord;
+import org.whispersystems.libaxolotl.groups.state.SenderKeyStore;
+
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.Map;
+
+public class InMemorySenderKeyStore implements SenderKeyStore {
+
+ private final Map<String, SenderKeyRecord> store = new HashMap<>();
+
+ @Override
+ public void storeSenderKey(String senderKeyId, SenderKeyRecord record) {
+ store.put(senderKeyId, record);
+ }
+
+ @Override
+ public SenderKeyRecord loadSenderKey(String senderKeyId) {
+ try {
+ SenderKeyRecord record = store.get(senderKeyId);
+
+ if (record == null) {
+ return new SenderKeyRecord();
+ } else {
+ return new SenderKeyRecord(record.serialize());
+ }
+ } catch (IOException e) {
+ throw new AssertionError(e);
+ }
+ }
+}
diff --git a/tests/src/main/java/org/whispersystems/libaxolotl/kdf/HKDFTest.java b/tests/src/main/java/org/whispersystems/libaxolotl/kdf/HKDFTest.java
new file mode 100644
index 00000000..4cf7166a
--- /dev/null
+++ b/tests/src/main/java/org/whispersystems/libaxolotl/kdf/HKDFTest.java
@@ -0,0 +1,137 @@
+package org.whispersystems.libaxolotl.kdf;
+
+import junit.framework.TestCase;
+
+import java.util.Arrays;
+
+public class HKDFTest extends TestCase {
+
+ public void testVectorV3() {
+ byte[] ikm = {0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b};
+
+ byte[] salt = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
+ 0x0a, 0x0b, 0x0c};
+
+ byte[] info = {(byte) 0xf0, (byte) 0xf1, (byte) 0xf2, (byte) 0xf3, (byte) 0xf4,
+ (byte) 0xf5, (byte) 0xf6, (byte) 0xf7, (byte) 0xf8, (byte) 0xf9};
+
+ byte[] okm = {(byte) 0x3c, (byte) 0xb2, (byte) 0x5f, (byte) 0x25, (byte) 0xfa,
+ (byte) 0xac, (byte) 0xd5, (byte) 0x7a, (byte) 0x90, (byte) 0x43,
+ (byte) 0x4f, (byte) 0x64, (byte) 0xd0, (byte) 0x36, (byte) 0x2f,
+ (byte) 0x2a, (byte) 0x2d, (byte) 0x2d, (byte) 0x0a, (byte) 0x90,
+ (byte) 0xcf, (byte) 0x1a, (byte) 0x5a, (byte) 0x4c, (byte) 0x5d,
+ (byte) 0xb0, (byte) 0x2d, (byte) 0x56, (byte) 0xec, (byte) 0xc4,
+ (byte) 0xc5, (byte) 0xbf, (byte) 0x34, (byte) 0x00, (byte) 0x72,
+ (byte) 0x08, (byte) 0xd5, (byte) 0xb8, (byte) 0x87, (byte) 0x18,
+ (byte) 0x58, (byte) 0x65};
+
+ byte[] actualOutput = HKDF.createFor(3).deriveSecrets(ikm, salt, info, 42);
+
+ assertTrue(Arrays.equals(okm, actualOutput));
+ }
+
+ public void testVectorLongV3() {
+ byte[] ikm = {(byte) 0x00, (byte) 0x01, (byte) 0x02, (byte) 0x03, (byte) 0x04,
+ (byte) 0x05, (byte) 0x06, (byte) 0x07, (byte) 0x08, (byte) 0x09,
+ (byte) 0x0a, (byte) 0x0b, (byte) 0x0c, (byte) 0x0d, (byte) 0x0e,
+ (byte) 0x0f, (byte) 0x10, (byte) 0x11, (byte) 0x12, (byte) 0x13,
+ (byte) 0x14, (byte) 0x15, (byte) 0x16, (byte) 0x17, (byte) 0x18,
+ (byte) 0x19, (byte) 0x1a, (byte) 0x1b, (byte) 0x1c, (byte) 0x1d,
+ (byte) 0x1e, (byte) 0x1f, (byte) 0x20, (byte) 0x21, (byte) 0x22,
+ (byte) 0x23, (byte) 0x24, (byte) 0x25, (byte) 0x26, (byte) 0x27,
+ (byte) 0x28, (byte) 0x29, (byte) 0x2a, (byte) 0x2b, (byte) 0x2c,
+ (byte) 0x2d, (byte) 0x2e, (byte) 0x2f, (byte) 0x30, (byte) 0x31,
+ (byte) 0x32, (byte) 0x33, (byte) 0x34, (byte) 0x35, (byte) 0x36,
+ (byte) 0x37, (byte) 0x38, (byte) 0x39, (byte) 0x3a, (byte) 0x3b,
+ (byte) 0x3c, (byte) 0x3d, (byte) 0x3e, (byte) 0x3f, (byte) 0x40,
+ (byte) 0x41, (byte) 0x42, (byte) 0x43, (byte) 0x44, (byte) 0x45,
+ (byte) 0x46, (byte) 0x47, (byte) 0x48, (byte) 0x49, (byte) 0x4a,
+ (byte) 0x4b, (byte) 0x4c, (byte) 0x4d, (byte) 0x4e, (byte) 0x4f};
+
+ byte[] salt = {(byte) 0x60, (byte) 0x61, (byte) 0x62, (byte) 0x63, (byte) 0x64,
+ (byte) 0x65, (byte) 0x66, (byte) 0x67, (byte) 0x68, (byte) 0x69,
+ (byte) 0x6a, (byte) 0x6b, (byte) 0x6c, (byte) 0x6d, (byte) 0x6e,
+ (byte) 0x6f, (byte) 0x70, (byte) 0x71, (byte) 0x72, (byte) 0x73,
+ (byte) 0x74, (byte) 0x75, (byte) 0x76, (byte) 0x77, (byte) 0x78,
+ (byte) 0x79, (byte) 0x7a, (byte) 0x7b, (byte) 0x7c, (byte) 0x7d,
+ (byte) 0x7e, (byte) 0x7f, (byte) 0x80, (byte) 0x81, (byte) 0x82,
+ (byte) 0x83, (byte) 0x84, (byte) 0x85, (byte) 0x86, (byte) 0x87,
+ (byte) 0x88, (byte) 0x89, (byte) 0x8a, (byte) 0x8b, (byte) 0x8c,
+ (byte) 0x8d, (byte) 0x8e, (byte) 0x8f, (byte) 0x90, (byte) 0x91,
+ (byte) 0x92, (byte) 0x93, (byte) 0x94, (byte) 0x95, (byte) 0x96,
+ (byte) 0x97, (byte) 0x98, (byte) 0x99, (byte) 0x9a, (byte) 0x9b,
+ (byte) 0x9c, (byte) 0x9d, (byte) 0x9e, (byte) 0x9f, (byte) 0xa0,
+ (byte) 0xa1, (byte) 0xa2, (byte) 0xa3, (byte) 0xa4, (byte) 0xa5,
+ (byte) 0xa6, (byte) 0xa7, (byte) 0xa8, (byte) 0xa9, (byte) 0xaa,
+ (byte) 0xab, (byte) 0xac, (byte) 0xad, (byte) 0xae, (byte) 0xaf};
+
+ byte[] info = {(byte) 0xb0, (byte) 0xb1, (byte) 0xb2, (byte) 0xb3, (byte) 0xb4,
+ (byte) 0xb5, (byte) 0xb6, (byte) 0xb7, (byte) 0xb8, (byte) 0xb9,
+ (byte) 0xba, (byte) 0xbb, (byte) 0xbc, (byte) 0xbd, (byte) 0xbe,
+ (byte) 0xbf, (byte) 0xc0, (byte) 0xc1, (byte) 0xc2, (byte) 0xc3,
+ (byte) 0xc4, (byte) 0xc5, (byte) 0xc6, (byte) 0xc7, (byte) 0xc8,
+ (byte) 0xc9, (byte) 0xca, (byte) 0xcb, (byte) 0xcc, (byte) 0xcd,
+ (byte) 0xce, (byte) 0xcf, (byte) 0xd0, (byte) 0xd1, (byte) 0xd2,
+ (byte) 0xd3, (byte) 0xd4, (byte) 0xd5, (byte) 0xd6, (byte) 0xd7,
+ (byte) 0xd8, (byte) 0xd9, (byte) 0xda, (byte) 0xdb, (byte) 0xdc,
+ (byte) 0xdd, (byte) 0xde, (byte) 0xdf, (byte) 0xe0, (byte) 0xe1,
+ (byte) 0xe2, (byte) 0xe3, (byte) 0xe4, (byte) 0xe5, (byte) 0xe6,
+ (byte) 0xe7, (byte) 0xe8, (byte) 0xe9, (byte) 0xea, (byte) 0xeb,
+ (byte) 0xec, (byte) 0xed, (byte) 0xee, (byte) 0xef, (byte) 0xf0,
+ (byte) 0xf1, (byte) 0xf2, (byte) 0xf3, (byte) 0xf4, (byte) 0xf5,
+ (byte) 0xf6, (byte) 0xf7, (byte) 0xf8, (byte) 0xf9, (byte) 0xfa,
+ (byte) 0xfb, (byte) 0xfc, (byte) 0xfd, (byte) 0xfe, (byte) 0xff};
+
+ byte[] okm = {(byte) 0xb1, (byte) 0x1e, (byte) 0x39, (byte) 0x8d, (byte) 0xc8,
+ (byte) 0x03, (byte) 0x27, (byte) 0xa1, (byte) 0xc8, (byte) 0xe7,
+ (byte) 0xf7, (byte) 0x8c, (byte) 0x59, (byte) 0x6a, (byte) 0x49,
+ (byte) 0x34, (byte) 0x4f, (byte) 0x01, (byte) 0x2e, (byte) 0xda,
+ (byte) 0x2d, (byte) 0x4e, (byte) 0xfa, (byte) 0xd8, (byte) 0xa0,
+ (byte) 0x50, (byte) 0xcc, (byte) 0x4c, (byte) 0x19, (byte) 0xaf,
+ (byte) 0xa9, (byte) 0x7c, (byte) 0x59, (byte) 0x04, (byte) 0x5a,
+ (byte) 0x99, (byte) 0xca, (byte) 0xc7, (byte) 0x82, (byte) 0x72,
+ (byte) 0x71, (byte) 0xcb, (byte) 0x41, (byte) 0xc6, (byte) 0x5e,
+ (byte) 0x59, (byte) 0x0e, (byte) 0x09, (byte) 0xda, (byte) 0x32,
+ (byte) 0x75, (byte) 0x60, (byte) 0x0c, (byte) 0x2f, (byte) 0x09,
+ (byte) 0xb8, (byte) 0x36, (byte) 0x77, (byte) 0x93, (byte) 0xa9,
+ (byte) 0xac, (byte) 0xa3, (byte) 0xdb, (byte) 0x71, (byte) 0xcc,
+ (byte) 0x30, (byte) 0xc5, (byte) 0x81, (byte) 0x79, (byte) 0xec,
+ (byte) 0x3e, (byte) 0x87, (byte) 0xc1, (byte) 0x4c, (byte) 0x01,
+ (byte) 0xd5, (byte) 0xc1, (byte) 0xf3, (byte) 0x43, (byte) 0x4f,
+ (byte) 0x1d, (byte) 0x87};
+
+ byte[] actualOutput = HKDF.createFor(3).deriveSecrets(ikm, salt, info, 82);
+ assertTrue(Arrays.equals(okm, actualOutput));
+ }
+
+ public void testVectorV2() {
+ byte[] ikm = {0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b};
+
+ byte[] salt = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
+ 0x0a, 0x0b, 0x0c};
+
+ byte[] info = {(byte)0xf0, (byte)0xf1, (byte)0xf2, (byte)0xf3, (byte)0xf4,
+ (byte)0xf5, (byte)0xf6, (byte)0xf7, (byte)0xf8, (byte)0xf9};
+
+ byte[] okm = {(byte)0x6e, (byte)0xc2, (byte)0x55, (byte)0x6d, (byte)0x5d,
+ (byte)0x7b, (byte)0x1d, (byte)0x81, (byte)0xde, (byte)0xe4,
+ (byte)0x22, (byte)0x2a, (byte)0xd7, (byte)0x48, (byte)0x36,
+ (byte)0x95, (byte)0xdd, (byte)0xc9, (byte)0x8f, (byte)0x4f,
+ (byte)0x5f, (byte)0xab, (byte)0xc0, (byte)0xe0, (byte)0x20,
+ (byte)0x5d, (byte)0xc2, (byte)0xef, (byte)0x87, (byte)0x52,
+ (byte)0xd4, (byte)0x1e, (byte)0x04, (byte)0xe2, (byte)0xe2,
+ (byte)0x11, (byte)0x01, (byte)0xc6, (byte)0x8f, (byte)0xf0,
+ (byte)0x93, (byte)0x94, (byte)0xb8, (byte)0xad, (byte)0x0b,
+ (byte)0xdc, (byte)0xb9, (byte)0x60, (byte)0x9c, (byte)0xd4,
+ (byte)0xee, (byte)0x82, (byte)0xac, (byte)0x13, (byte)0x19,
+ (byte)0x9b, (byte)0x4a, (byte)0xa9, (byte)0xfd, (byte)0xa8,
+ (byte)0x99, (byte)0xda, (byte)0xeb, (byte)0xec};
+
+ byte[] actualOutput = HKDF.createFor(2).deriveSecrets(ikm, salt, info, 64);
+ assertTrue(Arrays.equals(okm, actualOutput));
+ }
+}
diff --git a/tests/src/main/java/org/whispersystems/libaxolotl/ratchet/ChainKeyTest.java b/tests/src/main/java/org/whispersystems/libaxolotl/ratchet/ChainKeyTest.java
new file mode 100644
index 00000000..ad17ebb9
--- /dev/null
+++ b/tests/src/main/java/org/whispersystems/libaxolotl/ratchet/ChainKeyTest.java
@@ -0,0 +1,58 @@
+package org.whispersystems.libaxolotl.ratchet;
+
+import junit.framework.TestCase;
+
+import org.whispersystems.libaxolotl.kdf.HKDF;
+
+import java.security.NoSuchAlgorithmException;
+import java.util.Arrays;
+
+public class ChainKeyTest extends TestCase {
+
+ public void testChainKeyDerivationV2() throws NoSuchAlgorithmException {
+
+ byte[] seed = {(byte) 0x8a, (byte) 0xb7, (byte) 0x2d, (byte) 0x6f, (byte) 0x4c,
+ (byte) 0xc5, (byte) 0xac, (byte) 0x0d, (byte) 0x38, (byte) 0x7e,
+ (byte) 0xaf, (byte) 0x46, (byte) 0x33, (byte) 0x78, (byte) 0xdd,
+ (byte) 0xb2, (byte) 0x8e, (byte) 0xdd, (byte) 0x07, (byte) 0x38,
+ (byte) 0x5b, (byte) 0x1c, (byte) 0xb0, (byte) 0x12, (byte) 0x50,
+ (byte) 0xc7, (byte) 0x15, (byte) 0x98, (byte) 0x2e, (byte) 0x7a,
+ (byte) 0xd4, (byte) 0x8f};
+
+ byte[] messageKey = {(byte) 0x02, (byte) 0xa9, (byte) 0xaa, (byte) 0x6c, (byte) 0x7d,
+ (byte) 0xbd, (byte) 0x64, (byte) 0xf9, (byte) 0xd3, (byte) 0xaa,
+ (byte) 0x92, (byte) 0xf9, (byte) 0x2a, (byte) 0x27, (byte) 0x7b,
+ (byte) 0xf5, (byte) 0x46, (byte) 0x09, (byte) 0xda, (byte) 0xdf,
+ (byte) 0x0b, (byte) 0x00, (byte) 0x82, (byte) 0x8a, (byte) 0xcf,
+ (byte) 0xc6, (byte) 0x1e, (byte) 0x3c, (byte) 0x72, (byte) 0x4b,
+ (byte) 0x84, (byte) 0xa7};
+
+ byte[] macKey = {(byte) 0xbf, (byte) 0xbe, (byte) 0x5e, (byte) 0xfb, (byte) 0x60,
+ (byte) 0x30, (byte) 0x30, (byte) 0x52, (byte) 0x67, (byte) 0x42,
+ (byte) 0xe3, (byte) 0xee, (byte) 0x89, (byte) 0xc7, (byte) 0x02,
+ (byte) 0x4e, (byte) 0x88, (byte) 0x4e, (byte) 0x44, (byte) 0x0f,
+ (byte) 0x1f, (byte) 0xf3, (byte) 0x76, (byte) 0xbb, (byte) 0x23,
+ (byte) 0x17, (byte) 0xb2, (byte) 0xd6, (byte) 0x4d, (byte) 0xeb,
+ (byte) 0x7c, (byte) 0x83};
+
+ byte[] nextChainKey = {(byte) 0x28, (byte) 0xe8, (byte) 0xf8, (byte) 0xfe, (byte) 0xe5,
+ (byte) 0x4b, (byte) 0x80, (byte) 0x1e, (byte) 0xef, (byte) 0x7c,
+ (byte) 0x5c, (byte) 0xfb, (byte) 0x2f, (byte) 0x17, (byte) 0xf3,
+ (byte) 0x2c, (byte) 0x7b, (byte) 0x33, (byte) 0x44, (byte) 0x85,
+ (byte) 0xbb, (byte) 0xb7, (byte) 0x0f, (byte) 0xac, (byte) 0x6e,
+ (byte) 0xc1, (byte) 0x03, (byte) 0x42, (byte) 0xa2, (byte) 0x46,
+ (byte) 0xd1, (byte) 0x5d};
+
+ ChainKey chainKey = new ChainKey(HKDF.createFor(2), seed, 0);
+
+ assertTrue(Arrays.equals(chainKey.getKey(), seed));
+ assertTrue(Arrays.equals(chainKey.getMessageKeys().getCipherKey().getEncoded(), messageKey));
+ assertTrue(Arrays.equals(chainKey.getMessageKeys().getMacKey().getEncoded(), macKey));
+ assertTrue(Arrays.equals(chainKey.getNextChainKey().getKey(), nextChainKey));
+ assertTrue(chainKey.getIndex() == 0);
+ assertTrue(chainKey.getMessageKeys().getCounter() == 0);
+ assertTrue(chainKey.getNextChainKey().getIndex() == 1);
+ assertTrue(chainKey.getNextChainKey().getMessageKeys().getCounter() == 1);
+ }
+
+}
diff --git a/tests/src/main/java/org/whispersystems/libaxolotl/ratchet/RatchetingSessionTest.java b/tests/src/main/java/org/whispersystems/libaxolotl/ratchet/RatchetingSessionTest.java
new file mode 100644
index 00000000..93929455
--- /dev/null
+++ b/tests/src/main/java/org/whispersystems/libaxolotl/ratchet/RatchetingSessionTest.java
@@ -0,0 +1,231 @@
+package org.whispersystems.libaxolotl.ratchet;
+
+import junit.framework.TestCase;
+
+import org.whispersystems.libaxolotl.IdentityKey;
+import org.whispersystems.libaxolotl.IdentityKeyPair;
+import org.whispersystems.libaxolotl.InvalidKeyException;
+import org.whispersystems.libaxolotl.ecc.Curve;
+import org.whispersystems.libaxolotl.ecc.ECKeyPair;
+import org.whispersystems.libaxolotl.ecc.ECPrivateKey;
+import org.whispersystems.libaxolotl.ecc.ECPublicKey;
+import org.whispersystems.libaxolotl.state.SessionState;
+import org.whispersystems.libaxolotl.util.guava.Optional;
+
+import java.util.Arrays;
+
+public class RatchetingSessionTest extends TestCase {
+
+ public void testRatchetingSessionAsBob() throws InvalidKeyException {
+ byte[] bobPublic = {(byte) 0x05, (byte) 0x2c, (byte) 0xb4, (byte) 0x97,
+ (byte) 0x76, (byte) 0xb8, (byte) 0x77, (byte) 0x02,
+ (byte) 0x05, (byte) 0x74, (byte) 0x5a, (byte) 0x3a,
+ (byte) 0x6e, (byte) 0x24, (byte) 0xf5, (byte) 0x79,
+ (byte) 0xcd, (byte) 0xb4, (byte) 0xba, (byte) 0x7a,
+ (byte) 0x89, (byte) 0x04, (byte) 0x10, (byte) 0x05,
+ (byte) 0x92, (byte) 0x8e, (byte) 0xbb, (byte) 0xad,
+ (byte) 0xc9, (byte) 0xc0, (byte) 0x5a, (byte) 0xd4,
+ (byte) 0x58};
+
+ byte[] bobPrivate = {(byte) 0xa1, (byte) 0xca, (byte) 0xb4, (byte) 0x8f,
+ (byte) 0x7c, (byte) 0x89, (byte) 0x3f, (byte) 0xaf,
+ (byte) 0xa9, (byte) 0x88, (byte) 0x0a, (byte) 0x28,
+ (byte) 0xc3, (byte) 0xb4, (byte) 0x99, (byte) 0x9d,
+ (byte) 0x28, (byte) 0xd6, (byte) 0x32, (byte) 0x95,
+ (byte) 0x62, (byte) 0xd2, (byte) 0x7a, (byte) 0x4e,
+ (byte) 0xa4, (byte) 0xe2, (byte) 0x2e, (byte) 0x9f,
+ (byte) 0xf1, (byte) 0xbd, (byte) 0xd6, (byte) 0x5a};
+
+ byte[] bobIdentityPublic = {(byte) 0x05, (byte) 0xf1, (byte) 0xf4, (byte) 0x38,
+ (byte) 0x74, (byte) 0xf6, (byte) 0x96, (byte) 0x69,
+ (byte) 0x56, (byte) 0xc2, (byte) 0xdd, (byte) 0x47,
+ (byte) 0x3f, (byte) 0x8f, (byte) 0xa1, (byte) 0x5a,
+ (byte) 0xde, (byte) 0xb7, (byte) 0x1d, (byte) 0x1c,
+ (byte) 0xb9, (byte) 0x91, (byte) 0xb2, (byte) 0x34,
+ (byte) 0x16, (byte) 0x92, (byte) 0x32, (byte) 0x4c,
+ (byte) 0xef, (byte) 0xb1, (byte) 0xc5, (byte) 0xe6,
+ (byte) 0x26};
+
+ byte[] bobIdentityPrivate = {(byte) 0x48, (byte) 0x75, (byte) 0xcc, (byte) 0x69,
+ (byte) 0xdd, (byte) 0xf8, (byte) 0xea, (byte) 0x07,
+ (byte) 0x19, (byte) 0xec, (byte) 0x94, (byte) 0x7d,
+ (byte) 0x61, (byte) 0x08, (byte) 0x11, (byte) 0x35,
+ (byte) 0x86, (byte) 0x8d, (byte) 0x5f, (byte) 0xd8,
+ (byte) 0x01, (byte) 0xf0, (byte) 0x2c, (byte) 0x02,
+ (byte) 0x25, (byte) 0xe5, (byte) 0x16, (byte) 0xdf,
+ (byte) 0x21, (byte) 0x56, (byte) 0x60, (byte) 0x5e};
+
+ byte[] aliceBasePublic = {(byte) 0x05, (byte) 0x47, (byte) 0x2d, (byte) 0x1f,
+ (byte) 0xb1, (byte) 0xa9, (byte) 0x86, (byte) 0x2c,
+ (byte) 0x3a, (byte) 0xf6, (byte) 0xbe, (byte) 0xac,
+ (byte) 0xa8, (byte) 0x92, (byte) 0x02, (byte) 0x77,
+ (byte) 0xe2, (byte) 0xb2, (byte) 0x6f, (byte) 0x4a,
+ (byte) 0x79, (byte) 0x21, (byte) 0x3e, (byte) 0xc7,
+ (byte) 0xc9, (byte) 0x06, (byte) 0xae, (byte) 0xb3,
+ (byte) 0x5e, (byte) 0x03, (byte) 0xcf, (byte) 0x89,
+ (byte) 0x50};
+
+ byte[] aliceEphemeralPublic = {(byte) 0x05, (byte) 0x6c, (byte) 0x3e, (byte) 0x0d,
+ (byte) 0x1f, (byte) 0x52, (byte) 0x02, (byte) 0x83,
+ (byte) 0xef, (byte) 0xcc, (byte) 0x55, (byte) 0xfc,
+ (byte) 0xa5, (byte) 0xe6, (byte) 0x70, (byte) 0x75,
+ (byte) 0xb9, (byte) 0x04, (byte) 0x00, (byte) 0x7f,
+ (byte) 0x18, (byte) 0x81, (byte) 0xd1, (byte) 0x51,
+ (byte) 0xaf, (byte) 0x76, (byte) 0xdf, (byte) 0x18,
+ (byte) 0xc5, (byte) 0x1d, (byte) 0x29, (byte) 0xd3,
+ (byte) 0x4b};
+
+ byte[] aliceIdentityPublic = {(byte) 0x05, (byte) 0xb4, (byte) 0xa8, (byte) 0x45,
+ (byte) 0x56, (byte) 0x60, (byte) 0xad, (byte) 0xa6,
+ (byte) 0x5b, (byte) 0x40, (byte) 0x10, (byte) 0x07,
+ (byte) 0xf6, (byte) 0x15, (byte) 0xe6, (byte) 0x54,
+ (byte) 0x04, (byte) 0x17, (byte) 0x46, (byte) 0x43,
+ (byte) 0x2e, (byte) 0x33, (byte) 0x39, (byte) 0xc6,
+ (byte) 0x87, (byte) 0x51, (byte) 0x49, (byte) 0xbc,
+ (byte) 0xee, (byte) 0xfc, (byte) 0xb4, (byte) 0x2b,
+ (byte) 0x4a};
+
+ byte[] senderChain = {(byte)0xd2, (byte)0x2f, (byte)0xd5, (byte)0x6d, (byte)0x3f,
+ (byte)0xec, (byte)0x81, (byte)0x9c, (byte)0xf4, (byte)0xc3,
+ (byte)0xd5, (byte)0x0c, (byte)0x56, (byte)0xed, (byte)0xfb,
+ (byte)0x1c, (byte)0x28, (byte)0x0a, (byte)0x1b, (byte)0x31,
+ (byte)0x96, (byte)0x45, (byte)0x37, (byte)0xf1, (byte)0xd1,
+ (byte)0x61, (byte)0xe1, (byte)0xc9, (byte)0x31, (byte)0x48,
+ (byte)0xe3, (byte)0x6b};
+
+ IdentityKey bobIdentityKeyPublic = new IdentityKey(bobIdentityPublic, 0);
+ ECPrivateKey bobIdentityKeyPrivate = Curve.decodePrivatePoint(bobIdentityPrivate);
+ IdentityKeyPair bobIdentityKey = new IdentityKeyPair(bobIdentityKeyPublic, bobIdentityKeyPrivate);
+ ECPublicKey bobEphemeralPublicKey = Curve.decodePoint(bobPublic, 0);
+ ECPrivateKey bobEphemeralPrivateKey = Curve.decodePrivatePoint(bobPrivate);
+ ECKeyPair bobEphemeralKey = new ECKeyPair(bobEphemeralPublicKey, bobEphemeralPrivateKey);
+ ECKeyPair bobBaseKey = bobEphemeralKey;
+
+ ECPublicKey aliceBasePublicKey = Curve.decodePoint(aliceBasePublic, 0);
+ ECPublicKey aliceEphemeralPublicKey = Curve.decodePoint(aliceEphemeralPublic, 0);
+ IdentityKey aliceIdentityPublicKey = new IdentityKey(aliceIdentityPublic, 0);
+
+ BobAxolotlParameters parameters = BobAxolotlParameters.newBuilder()
+ .setOurIdentityKey(bobIdentityKey)
+ .setOurSignedPreKey(bobBaseKey)
+ .setOurRatchetKey(bobEphemeralKey)
+ .setOurOneTimePreKey(Optional.<ECKeyPair>absent())
+ .setTheirIdentityKey(aliceIdentityPublicKey)
+ .setTheirBaseKey(aliceBasePublicKey)
+ .create();
+
+ SessionState session = new SessionState();
+
+ RatchetingSession.initializeSession(session, 2, parameters);
+
+ assertTrue(session.getLocalIdentityKey().equals(bobIdentityKey.getPublicKey()));
+ assertTrue(session.getRemoteIdentityKey().equals(aliceIdentityPublicKey));
+ assertTrue(Arrays.equals(session.getSenderChainKey().getKey(), senderChain));
+ }
+
+ public void testRatchetingSessionAsAlice() throws InvalidKeyException {
+ byte[] bobPublic = {(byte) 0x05, (byte) 0x2c, (byte) 0xb4, (byte) 0x97, (byte) 0x76,
+ (byte) 0xb8, (byte) 0x77, (byte) 0x02, (byte) 0x05, (byte) 0x74,
+ (byte) 0x5a, (byte) 0x3a, (byte) 0x6e, (byte) 0x24, (byte) 0xf5,
+ (byte) 0x79, (byte) 0xcd, (byte) 0xb4, (byte) 0xba, (byte) 0x7a,
+ (byte) 0x89, (byte) 0x04, (byte) 0x10, (byte) 0x05, (byte) 0x92,
+ (byte) 0x8e, (byte) 0xbb, (byte) 0xad, (byte) 0xc9, (byte) 0xc0,
+ (byte) 0x5a, (byte) 0xd4, (byte) 0x58};
+
+ byte[] bobIdentityPublic = {(byte) 0x05, (byte) 0xf1, (byte) 0xf4, (byte) 0x38, (byte) 0x74,
+ (byte) 0xf6, (byte) 0x96, (byte) 0x69, (byte) 0x56, (byte) 0xc2,
+ (byte) 0xdd, (byte) 0x47, (byte) 0x3f, (byte) 0x8f, (byte) 0xa1,
+ (byte) 0x5a, (byte) 0xde, (byte) 0xb7, (byte) 0x1d, (byte) 0x1c,
+ (byte) 0xb9, (byte) 0x91, (byte) 0xb2, (byte) 0x34, (byte) 0x16,
+ (byte) 0x92, (byte) 0x32, (byte) 0x4c, (byte) 0xef, (byte) 0xb1,
+ (byte) 0xc5, (byte) 0xe6, (byte) 0x26};
+
+ byte[] aliceBasePublic = {(byte) 0x05, (byte) 0x47, (byte) 0x2d, (byte) 0x1f, (byte) 0xb1,
+ (byte) 0xa9, (byte) 0x86, (byte) 0x2c, (byte) 0x3a, (byte) 0xf6,
+ (byte) 0xbe, (byte) 0xac, (byte) 0xa8, (byte) 0x92, (byte) 0x02,
+ (byte) 0x77, (byte) 0xe2, (byte) 0xb2, (byte) 0x6f, (byte) 0x4a,
+ (byte) 0x79, (byte) 0x21, (byte) 0x3e, (byte) 0xc7, (byte) 0xc9,
+ (byte) 0x06, (byte) 0xae, (byte) 0xb3, (byte) 0x5e, (byte) 0x03,
+ (byte) 0xcf, (byte) 0x89, (byte) 0x50};
+
+ byte[] aliceBasePrivate = {(byte) 0x11, (byte) 0xae, (byte) 0x7c, (byte) 0x64, (byte) 0xd1,
+ (byte) 0xe6, (byte) 0x1c, (byte) 0xd5, (byte) 0x96, (byte) 0xb7,
+ (byte) 0x6a, (byte) 0x0d, (byte) 0xb5, (byte) 0x01, (byte) 0x26,
+ (byte) 0x73, (byte) 0x39, (byte) 0x1c, (byte) 0xae, (byte) 0x66,
+ (byte) 0xed, (byte) 0xbf, (byte) 0xcf, (byte) 0x07, (byte) 0x3b,
+ (byte) 0x4d, (byte) 0xa8, (byte) 0x05, (byte) 0x16, (byte) 0xa4,
+ (byte) 0x74, (byte) 0x49};
+
+ byte[] aliceEphemeralPublic = {(byte) 0x05, (byte) 0x6c, (byte) 0x3e, (byte) 0x0d, (byte) 0x1f,
+ (byte) 0x52, (byte) 0x02, (byte) 0x83, (byte) 0xef, (byte) 0xcc,
+ (byte) 0x55, (byte) 0xfc, (byte) 0xa5, (byte) 0xe6, (byte) 0x70,
+ (byte) 0x75, (byte) 0xb9, (byte) 0x04, (byte) 0x00, (byte) 0x7f,
+ (byte) 0x18, (byte) 0x81, (byte) 0xd1, (byte) 0x51, (byte) 0xaf,
+ (byte) 0x76, (byte) 0xdf, (byte) 0x18, (byte) 0xc5, (byte) 0x1d,
+ (byte) 0x29, (byte) 0xd3, (byte) 0x4b};
+
+ byte[] aliceEphemeralPrivate = {(byte) 0xd1, (byte) 0xba, (byte) 0x38, (byte) 0xce, (byte) 0xa9,
+ (byte) 0x17, (byte) 0x43, (byte) 0xd3, (byte) 0x39, (byte) 0x39,
+ (byte) 0xc3, (byte) 0x3c, (byte) 0x84, (byte) 0x98, (byte) 0x65,
+ (byte) 0x09, (byte) 0x28, (byte) 0x01, (byte) 0x61, (byte) 0xb8,
+ (byte) 0xb6, (byte) 0x0f, (byte) 0xc7, (byte) 0x87, (byte) 0x0c,
+ (byte) 0x59, (byte) 0x9c, (byte) 0x1d, (byte) 0x46, (byte) 0x20,
+ (byte) 0x12, (byte) 0x48};
+
+ byte[] aliceIdentityPublic = {(byte) 0x05, (byte) 0xb4, (byte) 0xa8, (byte) 0x45, (byte) 0x56,
+ (byte) 0x60, (byte) 0xad, (byte) 0xa6, (byte) 0x5b, (byte) 0x40,
+ (byte) 0x10, (byte) 0x07, (byte) 0xf6, (byte) 0x15, (byte) 0xe6,
+ (byte) 0x54, (byte) 0x04, (byte) 0x17, (byte) 0x46, (byte) 0x43,
+ (byte) 0x2e, (byte) 0x33, (byte) 0x39, (byte) 0xc6, (byte) 0x87,
+ (byte) 0x51, (byte) 0x49, (byte) 0xbc, (byte) 0xee, (byte) 0xfc,
+ (byte) 0xb4, (byte) 0x2b, (byte) 0x4a};
+
+ byte[] aliceIdentityPrivate = {(byte) 0x90, (byte) 0x40, (byte) 0xf0, (byte) 0xd4, (byte) 0xe0,
+ (byte) 0x9c, (byte) 0xf3, (byte) 0x8f, (byte) 0x6d, (byte) 0xc7,
+ (byte) 0xc1, (byte) 0x37, (byte) 0x79, (byte) 0xc9, (byte) 0x08,
+ (byte) 0xc0, (byte) 0x15, (byte) 0xa1, (byte) 0xda, (byte) 0x4f,
+ (byte) 0xa7, (byte) 0x87, (byte) 0x37, (byte) 0xa0, (byte) 0x80,
+ (byte) 0xeb, (byte) 0x0a, (byte) 0x6f, (byte) 0x4f, (byte) 0x5f,
+ (byte) 0x8f, (byte) 0x58};
+
+ byte[] receiverChain = {(byte) 0xd2, (byte) 0x2f, (byte) 0xd5, (byte) 0x6d, (byte) 0x3f,
+ (byte) 0xec, (byte) 0x81, (byte) 0x9c, (byte) 0xf4, (byte) 0xc3,
+ (byte) 0xd5, (byte) 0x0c, (byte) 0x56, (byte) 0xed, (byte) 0xfb,
+ (byte) 0x1c, (byte) 0x28, (byte) 0x0a, (byte) 0x1b, (byte) 0x31,
+ (byte) 0x96, (byte) 0x45, (byte) 0x37, (byte) 0xf1, (byte) 0xd1,
+ (byte) 0x61, (byte) 0xe1, (byte) 0xc9, (byte) 0x31, (byte) 0x48,
+ (byte) 0xe3, (byte) 0x6b};
+
+ IdentityKey bobIdentityKey = new IdentityKey(bobIdentityPublic, 0);
+ ECPublicKey bobEphemeralPublicKey = Curve.decodePoint(bobPublic, 0);
+ ECPublicKey bobBasePublicKey = bobEphemeralPublicKey;
+ ECPublicKey aliceBasePublicKey = Curve.decodePoint(aliceBasePublic, 0);
+ ECPrivateKey aliceBasePrivateKey = Curve.decodePrivatePoint(aliceBasePrivate);
+ ECKeyPair aliceBaseKey = new ECKeyPair(aliceBasePublicKey, aliceBasePrivateKey);
+ ECPublicKey aliceEphemeralPublicKey = Curve.decodePoint(aliceEphemeralPublic, 0);
+ ECPrivateKey aliceEphemeralPrivateKey = Curve.decodePrivatePoint(aliceEphemeralPrivate);
+ ECKeyPair aliceEphemeralKey = new ECKeyPair(aliceEphemeralPublicKey, aliceEphemeralPrivateKey);
+ IdentityKey aliceIdentityPublicKey = new IdentityKey(aliceIdentityPublic, 0);
+ ECPrivateKey aliceIdentityPrivateKey = Curve.decodePrivatePoint(aliceIdentityPrivate);
+ IdentityKeyPair aliceIdentityKey = new IdentityKeyPair(aliceIdentityPublicKey, aliceIdentityPrivateKey);
+
+ SessionState session = new SessionState();
+
+ AliceAxolotlParameters parameters = AliceAxolotlParameters.newBuilder()
+ .setOurBaseKey(aliceBaseKey)
+ .setOurIdentityKey(aliceIdentityKey)
+ .setTheirIdentityKey(bobIdentityKey)
+ .setTheirSignedPreKey(bobBasePublicKey)
+ .setTheirRatchetKey(bobEphemeralPublicKey)
+ .setTheirOneTimePreKey(Optional.<ECPublicKey>absent())
+ .create();
+
+ RatchetingSession.initializeSession(session, 2, parameters);
+
+ assertTrue(session.getLocalIdentityKey().equals(aliceIdentityKey.getPublicKey()));
+ assertTrue(session.getRemoteIdentityKey().equals(bobIdentityKey));
+ assertTrue(Arrays.equals(session.getReceiverChainKey(bobEphemeralPublicKey).getKey(),
+ receiverChain));
+
+ }
+}
diff --git a/tests/src/main/java/org/whispersystems/libaxolotl/ratchet/RootKeyTest.java b/tests/src/main/java/org/whispersystems/libaxolotl/ratchet/RootKeyTest.java
new file mode 100644
index 00000000..008c7b40
--- /dev/null
+++ b/tests/src/main/java/org/whispersystems/libaxolotl/ratchet/RootKeyTest.java
@@ -0,0 +1,82 @@
+package org.whispersystems.libaxolotl.ratchet;
+
+import junit.framework.TestCase;
+
+import org.whispersystems.libaxolotl.InvalidKeyException;
+import org.whispersystems.libaxolotl.ecc.Curve;
+import org.whispersystems.libaxolotl.ecc.ECKeyPair;
+import org.whispersystems.libaxolotl.ecc.ECPrivateKey;
+import org.whispersystems.libaxolotl.ecc.ECPublicKey;
+import org.whispersystems.libaxolotl.kdf.HKDF;
+import org.whispersystems.libaxolotl.util.Pair;
+
+import java.security.NoSuchAlgorithmException;
+import java.util.Arrays;
+
+public class RootKeyTest extends TestCase {
+
+ public void testRootKeyDerivationV2() throws NoSuchAlgorithmException, InvalidKeyException {
+ byte[] rootKeySeed = {(byte) 0x7b, (byte) 0xa6, (byte) 0xde, (byte) 0xbc, (byte) 0x2b,
+ (byte) 0xc1, (byte) 0xbb, (byte) 0xf9, (byte) 0x1a, (byte) 0xbb,
+ (byte) 0xc1, (byte) 0x36, (byte) 0x74, (byte) 0x04, (byte) 0x17,
+ (byte) 0x6c, (byte) 0xa6, (byte) 0x23, (byte) 0x09, (byte) 0x5b,
+ (byte) 0x7e, (byte) 0xc6, (byte) 0x6b, (byte) 0x45, (byte) 0xf6,
+ (byte) 0x02, (byte) 0xd9, (byte) 0x35, (byte) 0x38, (byte) 0x94,
+ (byte) 0x2d, (byte) 0xcc};
+
+ byte[] alicePublic = {(byte) 0x05, (byte) 0xee, (byte) 0x4f, (byte) 0xa6, (byte) 0xcd,
+ (byte) 0xc0, (byte) 0x30, (byte) 0xdf, (byte) 0x49, (byte) 0xec,
+ (byte) 0xd0, (byte) 0xba, (byte) 0x6c, (byte) 0xfc, (byte) 0xff,
+ (byte) 0xb2, (byte) 0x33, (byte) 0xd3, (byte) 0x65, (byte) 0xa2,
+ (byte) 0x7f, (byte) 0xad, (byte) 0xbe, (byte) 0xff, (byte) 0x77,
+ (byte) 0xe9, (byte) 0x63, (byte) 0xfc, (byte) 0xb1, (byte) 0x62,
+ (byte) 0x22, (byte) 0xe1, (byte) 0x3a};
+
+ byte[] alicePrivate = {(byte) 0x21, (byte) 0x68, (byte) 0x22, (byte) 0xec, (byte) 0x67,
+ (byte) 0xeb, (byte) 0x38, (byte) 0x04, (byte) 0x9e, (byte) 0xba,
+ (byte) 0xe7, (byte) 0xb9, (byte) 0x39, (byte) 0xba, (byte) 0xea,
+ (byte) 0xeb, (byte) 0xb1, (byte) 0x51, (byte) 0xbb, (byte) 0xb3,
+ (byte) 0x2d, (byte) 0xb8, (byte) 0x0f, (byte) 0xd3, (byte) 0x89,
+ (byte) 0x24, (byte) 0x5a, (byte) 0xc3, (byte) 0x7a, (byte) 0x94,
+ (byte) 0x8e, (byte) 0x50};
+
+ byte[] bobPublic = {(byte) 0x05, (byte) 0xab, (byte) 0xb8, (byte) 0xeb, (byte) 0x29,
+ (byte) 0xcc, (byte) 0x80, (byte) 0xb4, (byte) 0x71, (byte) 0x09,
+ (byte) 0xa2, (byte) 0x26, (byte) 0x5a, (byte) 0xbe, (byte) 0x97,
+ (byte) 0x98, (byte) 0x48, (byte) 0x54, (byte) 0x06, (byte) 0xe3,
+ (byte) 0x2d, (byte) 0xa2, (byte) 0x68, (byte) 0x93, (byte) 0x4a,
+ (byte) 0x95, (byte) 0x55, (byte) 0xe8, (byte) 0x47, (byte) 0x57,
+ (byte) 0x70, (byte) 0x8a, (byte) 0x30};
+
+ byte[] nextRoot = {(byte) 0xb1, (byte) 0x14, (byte) 0xf5, (byte) 0xde, (byte) 0x28,
+ (byte) 0x01, (byte) 0x19, (byte) 0x85, (byte) 0xe6, (byte) 0xeb,
+ (byte) 0xa2, (byte) 0x5d, (byte) 0x50, (byte) 0xe7, (byte) 0xec,
+ (byte) 0x41, (byte) 0xa9, (byte) 0xb0, (byte) 0x2f, (byte) 0x56,
+ (byte) 0x93, (byte) 0xc5, (byte) 0xc7, (byte) 0x88, (byte) 0xa6,
+ (byte) 0x3a, (byte) 0x06, (byte) 0xd2, (byte) 0x12, (byte) 0xa2,
+ (byte) 0xf7, (byte) 0x31};
+
+ byte[] nextChain = {(byte) 0x9d, (byte) 0x7d, (byte) 0x24, (byte) 0x69, (byte) 0xbc,
+ (byte) 0x9a, (byte) 0xe5, (byte) 0x3e, (byte) 0xe9, (byte) 0x80,
+ (byte) 0x5a, (byte) 0xa3, (byte) 0x26, (byte) 0x4d, (byte) 0x24,
+ (byte) 0x99, (byte) 0xa3, (byte) 0xac, (byte) 0xe8, (byte) 0x0f,
+ (byte) 0x4c, (byte) 0xca, (byte) 0xe2, (byte) 0xda, (byte) 0x13,
+ (byte) 0x43, (byte) 0x0c, (byte) 0x5c, (byte) 0x55, (byte) 0xb5,
+ (byte) 0xca, (byte) 0x5f};
+
+ ECPublicKey alicePublicKey = Curve.decodePoint(alicePublic, 0);
+ ECPrivateKey alicePrivateKey = Curve.decodePrivatePoint(alicePrivate);
+ ECKeyPair aliceKeyPair = new ECKeyPair(alicePublicKey, alicePrivateKey);
+
+ ECPublicKey bobPublicKey = Curve.decodePoint(bobPublic, 0);
+ RootKey rootKey = new RootKey(HKDF.createFor(2), rootKeySeed);
+
+ Pair<RootKey, ChainKey> rootKeyChainKeyPair = rootKey.createChain(bobPublicKey, aliceKeyPair);
+ RootKey nextRootKey = rootKeyChainKeyPair.first();
+ ChainKey nextChainKey = rootKeyChainKeyPair.second();
+
+ assertTrue(Arrays.equals(rootKey.getKeyBytes(), rootKeySeed));
+ assertTrue(Arrays.equals(nextRootKey.getKeyBytes(), nextRoot));
+ assertTrue(Arrays.equals(nextChainKey.getKey(), nextChain));
+ }
+}