diff options
author | Moxie Marlinspike <moxie@thoughtcrime.org> | 2015-01-08 13:48:49 -0800 |
---|---|---|
committer | Moxie Marlinspike <moxie@thoughtcrime.org> | 2015-01-08 14:09:01 -0800 |
commit | 6445ea5f13850f42c3952bd06a2369317683ed88 (patch) | |
tree | f2bb37c8cf4710ff6a6a37a3e7e702c5a21ca504 /tests/src/main/java | |
parent | a4d8f7f6a4c4e9e89db35f299e558dceee2362a1 (diff) |
Break project up into Java and Android build/test.
Diffstat (limited to 'tests/src/main/java')
15 files changed, 2428 insertions, 0 deletions
diff --git a/tests/src/main/java/org/whispersystems/libaxolotl/InMemoryAxolotlStore.java b/tests/src/main/java/org/whispersystems/libaxolotl/InMemoryAxolotlStore.java new file mode 100644 index 00000000..e375c574 --- /dev/null +++ b/tests/src/main/java/org/whispersystems/libaxolotl/InMemoryAxolotlStore.java @@ -0,0 +1,112 @@ +package org.whispersystems.libaxolotl; + +import org.whispersystems.libaxolotl.state.AxolotlStore; +import org.whispersystems.libaxolotl.state.PreKeyRecord; +import org.whispersystems.libaxolotl.state.SessionRecord; +import org.whispersystems.libaxolotl.state.SignedPreKeyRecord; + +import java.util.List; + +public class InMemoryAxolotlStore implements AxolotlStore { + + private final InMemoryIdentityKeyStore identityKeyStore = new InMemoryIdentityKeyStore(); + private final InMemoryPreKeyStore preKeyStore = new InMemoryPreKeyStore(); + private final InMemorySessionStore sessionStore = new InMemorySessionStore(); + private final InMemorySignedPreKeyStore signedPreKeyStore = new InMemorySignedPreKeyStore(); + + + @Override + public IdentityKeyPair getIdentityKeyPair() { + return identityKeyStore.getIdentityKeyPair(); + } + + @Override + public int getLocalRegistrationId() { + return identityKeyStore.getLocalRegistrationId(); + } + + @Override + public void saveIdentity(long recipientId, IdentityKey identityKey) { + identityKeyStore.saveIdentity(recipientId, identityKey); + } + + @Override + public boolean isTrustedIdentity(long recipientId, IdentityKey identityKey) { + return identityKeyStore.isTrustedIdentity(recipientId, identityKey); + } + + @Override + public PreKeyRecord loadPreKey(int preKeyId) throws InvalidKeyIdException { + return preKeyStore.loadPreKey(preKeyId); + } + + @Override + public void storePreKey(int preKeyId, PreKeyRecord record) { + preKeyStore.storePreKey(preKeyId, record); + } + + @Override + public boolean containsPreKey(int preKeyId) { + return preKeyStore.containsPreKey(preKeyId); + } + + @Override + public void removePreKey(int preKeyId) { + preKeyStore.removePreKey(preKeyId); + } + + @Override + public SessionRecord loadSession(long recipientId, int deviceId) { + return sessionStore.loadSession(recipientId, deviceId); + } + + @Override + public List<Integer> getSubDeviceSessions(long recipientId) { + return sessionStore.getSubDeviceSessions(recipientId); + } + + @Override + public void storeSession(long recipientId, int deviceId, SessionRecord record) { + sessionStore.storeSession(recipientId, deviceId, record); + } + + @Override + public boolean containsSession(long recipientId, int deviceId) { + return sessionStore.containsSession(recipientId, deviceId); + } + + @Override + public void deleteSession(long recipientId, int deviceId) { + sessionStore.deleteSession(recipientId, deviceId); + } + + @Override + public void deleteAllSessions(long recipientId) { + sessionStore.deleteAllSessions(recipientId); + } + + @Override + public SignedPreKeyRecord loadSignedPreKey(int signedPreKeyId) throws InvalidKeyIdException { + return signedPreKeyStore.loadSignedPreKey(signedPreKeyId); + } + + @Override + public List<SignedPreKeyRecord> loadSignedPreKeys() { + return signedPreKeyStore.loadSignedPreKeys(); + } + + @Override + public void storeSignedPreKey(int signedPreKeyId, SignedPreKeyRecord record) { + signedPreKeyStore.storeSignedPreKey(signedPreKeyId, record); + } + + @Override + public boolean containsSignedPreKey(int signedPreKeyId) { + return signedPreKeyStore.containsSignedPreKey(signedPreKeyId); + } + + @Override + public void removeSignedPreKey(int signedPreKeyId) { + signedPreKeyStore.removeSignedPreKey(signedPreKeyId); + } +} diff --git a/tests/src/main/java/org/whispersystems/libaxolotl/InMemoryIdentityKeyStore.java b/tests/src/main/java/org/whispersystems/libaxolotl/InMemoryIdentityKeyStore.java new file mode 100644 index 00000000..acb6110a --- /dev/null +++ b/tests/src/main/java/org/whispersystems/libaxolotl/InMemoryIdentityKeyStore.java @@ -0,0 +1,51 @@ +package org.whispersystems.libaxolotl; + +import org.whispersystems.libaxolotl.ecc.Curve; +import org.whispersystems.libaxolotl.ecc.ECKeyPair; +import org.whispersystems.libaxolotl.state.IdentityKeyStore; + +import java.security.NoSuchAlgorithmException; +import java.security.SecureRandom; +import java.util.HashMap; +import java.util.Map; + +public class InMemoryIdentityKeyStore implements IdentityKeyStore { + + private final Map<Long, IdentityKey> trustedKeys = new HashMap<>(); + + private final IdentityKeyPair identityKeyPair; + private final int localRegistrationId; + + public InMemoryIdentityKeyStore() { + try { + ECKeyPair identityKeyPairKeys = Curve.generateKeyPair(); + + this.identityKeyPair = new IdentityKeyPair(new IdentityKey(identityKeyPairKeys.getPublicKey()), + identityKeyPairKeys.getPrivateKey()); + this.localRegistrationId = SecureRandom.getInstance("SHA1PRNG").nextInt(16380) + 1; + } catch (NoSuchAlgorithmException e) { + throw new AssertionError(e); + } + } + + @Override + public IdentityKeyPair getIdentityKeyPair() { + return identityKeyPair; + } + + @Override + public int getLocalRegistrationId() { + return localRegistrationId; + } + + @Override + public void saveIdentity(long recipientId, IdentityKey identityKey) { + trustedKeys.put(recipientId, identityKey); + } + + @Override + public boolean isTrustedIdentity(long recipientId, IdentityKey identityKey) { + IdentityKey trusted = trustedKeys.get(recipientId); + return (trusted == null || trusted.equals(identityKey)); + } +} diff --git a/tests/src/main/java/org/whispersystems/libaxolotl/InMemoryPreKeyStore.java b/tests/src/main/java/org/whispersystems/libaxolotl/InMemoryPreKeyStore.java new file mode 100644 index 00000000..a2ea6811 --- /dev/null +++ b/tests/src/main/java/org/whispersystems/libaxolotl/InMemoryPreKeyStore.java @@ -0,0 +1,41 @@ +package org.whispersystems.libaxolotl; + +import org.whispersystems.libaxolotl.state.PreKeyRecord; +import org.whispersystems.libaxolotl.state.PreKeyStore; + +import java.io.IOException; +import java.util.HashMap; +import java.util.Map; + +public class InMemoryPreKeyStore implements PreKeyStore { + + private final Map<Integer, byte[]> store = new HashMap<>(); + + @Override + public PreKeyRecord loadPreKey(int preKeyId) throws InvalidKeyIdException { + try { + if (!store.containsKey(preKeyId)) { + throw new InvalidKeyIdException("No such prekeyrecord!"); + } + + return new PreKeyRecord(store.get(preKeyId)); + } catch (IOException e) { + throw new AssertionError(e); + } + } + + @Override + public void storePreKey(int preKeyId, PreKeyRecord record) { + store.put(preKeyId, record.serialize()); + } + + @Override + public boolean containsPreKey(int preKeyId) { + return store.containsKey(preKeyId); + } + + @Override + public void removePreKey(int preKeyId) { + store.remove(preKeyId); + } +} diff --git a/tests/src/main/java/org/whispersystems/libaxolotl/InMemorySessionStore.java b/tests/src/main/java/org/whispersystems/libaxolotl/InMemorySessionStore.java new file mode 100644 index 00000000..2d03d437 --- /dev/null +++ b/tests/src/main/java/org/whispersystems/libaxolotl/InMemorySessionStore.java @@ -0,0 +1,68 @@ +package org.whispersystems.libaxolotl; + +import org.whispersystems.libaxolotl.state.SessionRecord; +import org.whispersystems.libaxolotl.state.SessionStore; +import org.whispersystems.libaxolotl.util.Pair; + +import java.io.IOException; +import java.util.HashMap; +import java.util.LinkedList; +import java.util.List; +import java.util.Map; + +public class InMemorySessionStore implements SessionStore { + + private Map<Pair<Long, Integer>, byte[]> sessions = new HashMap<>(); + + public InMemorySessionStore() {} + + @Override + public synchronized SessionRecord loadSession(long recipientId, int deviceId) { + try { + if (containsSession(recipientId, deviceId)) { + return new SessionRecord(sessions.get(new Pair<>(recipientId, deviceId))); + } else { + return new SessionRecord(); + } + } catch (IOException e) { + throw new AssertionError(e); + } + } + + @Override + public synchronized List<Integer> getSubDeviceSessions(long recipientId) { + List<Integer> deviceIds = new LinkedList<>(); + + for (Pair<Long, Integer> key : sessions.keySet()) { + if (key.first() == recipientId) { + deviceIds.add(key.second()); + } + } + + return deviceIds; + } + + @Override + public synchronized void storeSession(long recipientId, int deviceId, SessionRecord record) { + sessions.put(new Pair<>(recipientId, deviceId), record.serialize()); + } + + @Override + public synchronized boolean containsSession(long recipientId, int deviceId) { + return sessions.containsKey(new Pair<>(recipientId, deviceId)); + } + + @Override + public synchronized void deleteSession(long recipientId, int deviceId) { + sessions.remove(new Pair<>(recipientId, deviceId)); + } + + @Override + public synchronized void deleteAllSessions(long recipientId) { + for (Pair<Long, Integer> key : sessions.keySet()) { + if (key.first() == recipientId) { + sessions.remove(key); + } + } + } +} diff --git a/tests/src/main/java/org/whispersystems/libaxolotl/InMemorySignedPreKeyStore.java b/tests/src/main/java/org/whispersystems/libaxolotl/InMemorySignedPreKeyStore.java new file mode 100644 index 00000000..9f452d6d --- /dev/null +++ b/tests/src/main/java/org/whispersystems/libaxolotl/InMemorySignedPreKeyStore.java @@ -0,0 +1,58 @@ +package org.whispersystems.libaxolotl; + +import org.whispersystems.libaxolotl.state.SignedPreKeyRecord; +import org.whispersystems.libaxolotl.state.SignedPreKeyStore; + +import java.io.IOException; +import java.util.HashMap; +import java.util.LinkedList; +import java.util.List; +import java.util.Map; + +public class InMemorySignedPreKeyStore implements SignedPreKeyStore { + + private final Map<Integer, byte[]> store = new HashMap<>(); + + @Override + public SignedPreKeyRecord loadSignedPreKey(int signedPreKeyId) throws InvalidKeyIdException { + try { + if (!store.containsKey(signedPreKeyId)) { + throw new InvalidKeyIdException("No such signedprekeyrecord! " + signedPreKeyId); + } + + return new SignedPreKeyRecord(store.get(signedPreKeyId)); + } catch (IOException e) { + throw new AssertionError(e); + } + } + + @Override + public List<SignedPreKeyRecord> loadSignedPreKeys() { + try { + List<SignedPreKeyRecord> results = new LinkedList<>(); + + for (byte[] serialized : store.values()) { + results.add(new SignedPreKeyRecord(serialized)); + } + + return results; + } catch (IOException e) { + throw new AssertionError(e); + } + } + + @Override + public void storeSignedPreKey(int signedPreKeyId, SignedPreKeyRecord record) { + store.put(signedPreKeyId, record.serialize()); + } + + @Override + public boolean containsSignedPreKey(int signedPreKeyId) { + return store.containsKey(signedPreKeyId); + } + + @Override + public void removeSignedPreKey(int signedPreKeyId) { + store.remove(signedPreKeyId); + } +} diff --git a/tests/src/main/java/org/whispersystems/libaxolotl/SessionBuilderTest.java b/tests/src/main/java/org/whispersystems/libaxolotl/SessionBuilderTest.java new file mode 100644 index 00000000..0912493e --- /dev/null +++ b/tests/src/main/java/org/whispersystems/libaxolotl/SessionBuilderTest.java @@ -0,0 +1,590 @@ +package org.whispersystems.libaxolotl; + +import junit.framework.TestCase; + +import org.whispersystems.libaxolotl.ecc.Curve; +import org.whispersystems.libaxolotl.ecc.ECKeyPair; +import org.whispersystems.libaxolotl.protocol.CiphertextMessage; +import org.whispersystems.libaxolotl.protocol.KeyExchangeMessage; +import org.whispersystems.libaxolotl.protocol.PreKeyWhisperMessage; +import org.whispersystems.libaxolotl.protocol.WhisperMessage; +import org.whispersystems.libaxolotl.state.AxolotlStore; +import org.whispersystems.libaxolotl.state.IdentityKeyStore; +import org.whispersystems.libaxolotl.state.PreKeyBundle; +import org.whispersystems.libaxolotl.state.PreKeyRecord; +import org.whispersystems.libaxolotl.state.SignedPreKeyRecord; +import org.whispersystems.libaxolotl.util.Pair; + +import java.util.HashSet; +import java.util.Set; + +public class SessionBuilderTest extends TestCase { + + private static final long ALICE_RECIPIENT_ID = 5L; + private static final long BOB_RECIPIENT_ID = 2L; + + public void testBasicPreKeyV2() + throws InvalidKeyException, InvalidVersionException, InvalidMessageException, InvalidKeyIdException, DuplicateMessageException, LegacyMessageException, UntrustedIdentityException, NoSessionException { + AxolotlStore aliceStore = new InMemoryAxolotlStore(); + SessionBuilder aliceSessionBuilder = new SessionBuilder(aliceStore, BOB_RECIPIENT_ID, 1); + + AxolotlStore bobStore = new InMemoryAxolotlStore(); + ECKeyPair bobPreKeyPair = Curve.generateKeyPair(); + PreKeyBundle bobPreKey = new PreKeyBundle(bobStore.getLocalRegistrationId(), 1, + 31337, bobPreKeyPair.getPublicKey(), + 0, null, null, + bobStore.getIdentityKeyPair().getPublicKey()); + + aliceSessionBuilder.process(bobPreKey); + + assertTrue(aliceStore.containsSession(BOB_RECIPIENT_ID, 1)); + assertTrue(aliceStore.loadSession(BOB_RECIPIENT_ID, 1).getSessionState().getSessionVersion() == 2); + + String originalMessage = "L'homme est condamné à être libre"; + SessionCipher aliceSessionCipher = new SessionCipher(aliceStore, BOB_RECIPIENT_ID, 1); + CiphertextMessage outgoingMessage = aliceSessionCipher.encrypt(originalMessage.getBytes()); + + assertTrue(outgoingMessage.getType() == CiphertextMessage.PREKEY_TYPE); + + PreKeyWhisperMessage incomingMessage = new PreKeyWhisperMessage(outgoingMessage.serialize()); + bobStore.storePreKey(31337, new PreKeyRecord(bobPreKey.getPreKeyId(), bobPreKeyPair)); + + SessionCipher bobSessionCipher = new SessionCipher(bobStore, ALICE_RECIPIENT_ID, 1); + byte[] plaintext = bobSessionCipher.decrypt(incomingMessage); + + assertTrue(bobStore.containsSession(ALICE_RECIPIENT_ID, 1)); + assertTrue(bobStore.loadSession(ALICE_RECIPIENT_ID, 1).getSessionState().getSessionVersion() == 2); + assertTrue(originalMessage.equals(new String(plaintext))); + + CiphertextMessage bobOutgoingMessage = bobSessionCipher.encrypt(originalMessage.getBytes()); + assertTrue(bobOutgoingMessage.getType() == CiphertextMessage.WHISPER_TYPE); + + byte[] alicePlaintext = aliceSessionCipher.decrypt((WhisperMessage)bobOutgoingMessage); + assertTrue(new String(alicePlaintext).equals(originalMessage)); + + runInteraction(aliceStore, bobStore); + + aliceStore = new InMemoryAxolotlStore(); + aliceSessionBuilder = new SessionBuilder(aliceStore, BOB_RECIPIENT_ID, 1); + aliceSessionCipher = new SessionCipher(aliceStore, BOB_RECIPIENT_ID, 1); + + bobPreKeyPair = Curve.generateKeyPair(); + bobPreKey = new PreKeyBundle(bobStore.getLocalRegistrationId(), + 1, 31338, bobPreKeyPair.getPublicKey(), + 0, null, null, bobStore.getIdentityKeyPair().getPublicKey()); + + bobStore.storePreKey(31338, new PreKeyRecord(bobPreKey.getPreKeyId(), bobPreKeyPair)); + aliceSessionBuilder.process(bobPreKey); + + outgoingMessage = aliceSessionCipher.encrypt(originalMessage.getBytes()); + + try { + bobSessionCipher.decrypt(new PreKeyWhisperMessage(outgoingMessage.serialize())); + throw new AssertionError("shouldn't be trusted!"); + } catch (UntrustedIdentityException uie) { + bobStore.saveIdentity(ALICE_RECIPIENT_ID, new PreKeyWhisperMessage(outgoingMessage.serialize()).getIdentityKey()); + } + + plaintext = bobSessionCipher.decrypt(new PreKeyWhisperMessage(outgoingMessage.serialize())); + + assertTrue(new String(plaintext).equals(originalMessage)); + + bobPreKey = new PreKeyBundle(bobStore.getLocalRegistrationId(), 1, + 31337, Curve.generateKeyPair().getPublicKey(), + 0, null, null, + aliceStore.getIdentityKeyPair().getPublicKey()); + + try { + aliceSessionBuilder.process(bobPreKey); + throw new AssertionError("shoulnd't be trusted!"); + } catch (UntrustedIdentityException uie) { + // good + } + } + + public void testBasicPreKeyV3() + throws InvalidKeyException, InvalidVersionException, InvalidMessageException, InvalidKeyIdException, DuplicateMessageException, LegacyMessageException, UntrustedIdentityException, NoSessionException { + AxolotlStore aliceStore = new InMemoryAxolotlStore(); + SessionBuilder aliceSessionBuilder = new SessionBuilder(aliceStore, BOB_RECIPIENT_ID, 1); + + final AxolotlStore bobStore = new InMemoryAxolotlStore(); + ECKeyPair bobPreKeyPair = Curve.generateKeyPair(); + ECKeyPair bobSignedPreKeyPair = Curve.generateKeyPair(); + byte[] bobSignedPreKeySignature = Curve.calculateSignature(bobStore.getIdentityKeyPair().getPrivateKey(), + bobSignedPreKeyPair.getPublicKey().serialize()); + + PreKeyBundle bobPreKey = new PreKeyBundle(bobStore.getLocalRegistrationId(), 1, + 31337, bobPreKeyPair.getPublicKey(), + 22, bobSignedPreKeyPair.getPublicKey(), + bobSignedPreKeySignature, + bobStore.getIdentityKeyPair().getPublicKey()); + + aliceSessionBuilder.process(bobPreKey); + + assertTrue(aliceStore.containsSession(BOB_RECIPIENT_ID, 1)); + assertTrue(aliceStore.loadSession(BOB_RECIPIENT_ID, 1).getSessionState().getSessionVersion() == 3); + + final String originalMessage = "L'homme est condamné à être libre"; + SessionCipher aliceSessionCipher = new SessionCipher(aliceStore, BOB_RECIPIENT_ID, 1); + CiphertextMessage outgoingMessage = aliceSessionCipher.encrypt(originalMessage.getBytes()); + + assertTrue(outgoingMessage.getType() == CiphertextMessage.PREKEY_TYPE); + + PreKeyWhisperMessage incomingMessage = new PreKeyWhisperMessage(outgoingMessage.serialize()); + bobStore.storePreKey(31337, new PreKeyRecord(bobPreKey.getPreKeyId(), bobPreKeyPair)); + bobStore.storeSignedPreKey(22, new SignedPreKeyRecord(22, System.currentTimeMillis(), bobSignedPreKeyPair, bobSignedPreKeySignature)); + + SessionCipher bobSessionCipher = new SessionCipher(bobStore, ALICE_RECIPIENT_ID, 1); + byte[] plaintext = bobSessionCipher.decrypt(incomingMessage, new SessionCipher.DecryptionCallback() { + @Override + public void handlePlaintext(byte[] plaintext) { + assertTrue(originalMessage.equals(new String(plaintext))); + assertFalse(bobStore.containsSession(ALICE_RECIPIENT_ID, 1)); + } + }); + + assertTrue(bobStore.containsSession(ALICE_RECIPIENT_ID, 1)); + assertTrue(bobStore.loadSession(ALICE_RECIPIENT_ID, 1).getSessionState().getSessionVersion() == 3); + assertTrue(bobStore.loadSession(ALICE_RECIPIENT_ID, 1).getSessionState().getAliceBaseKey() != null); + assertTrue(originalMessage.equals(new String(plaintext))); + + CiphertextMessage bobOutgoingMessage = bobSessionCipher.encrypt(originalMessage.getBytes()); + assertTrue(bobOutgoingMessage.getType() == CiphertextMessage.WHISPER_TYPE); + + byte[] alicePlaintext = aliceSessionCipher.decrypt(new WhisperMessage(bobOutgoingMessage.serialize())); + assertTrue(new String(alicePlaintext).equals(originalMessage)); + + runInteraction(aliceStore, bobStore); + + aliceStore = new InMemoryAxolotlStore(); + aliceSessionBuilder = new SessionBuilder(aliceStore, BOB_RECIPIENT_ID, 1); + aliceSessionCipher = new SessionCipher(aliceStore, BOB_RECIPIENT_ID, 1); + + bobPreKeyPair = Curve.generateKeyPair(); + bobSignedPreKeyPair = Curve.generateKeyPair(); + bobSignedPreKeySignature = Curve.calculateSignature(bobStore.getIdentityKeyPair().getPrivateKey(), bobSignedPreKeyPair.getPublicKey().serialize()); + bobPreKey = new PreKeyBundle(bobStore.getLocalRegistrationId(), + 1, 31338, bobPreKeyPair.getPublicKey(), + 23, bobSignedPreKeyPair.getPublicKey(), bobSignedPreKeySignature, + bobStore.getIdentityKeyPair().getPublicKey()); + + bobStore.storePreKey(31338, new PreKeyRecord(bobPreKey.getPreKeyId(), bobPreKeyPair)); + bobStore.storeSignedPreKey(23, new SignedPreKeyRecord(23, System.currentTimeMillis(), bobSignedPreKeyPair, bobSignedPreKeySignature)); + aliceSessionBuilder.process(bobPreKey); + + outgoingMessage = aliceSessionCipher.encrypt(originalMessage.getBytes()); + + try { + plaintext = bobSessionCipher.decrypt(new PreKeyWhisperMessage(outgoingMessage.serialize())); + throw new AssertionError("shouldn't be trusted!"); + } catch (UntrustedIdentityException uie) { + bobStore.saveIdentity(ALICE_RECIPIENT_ID, new PreKeyWhisperMessage(outgoingMessage.serialize()).getIdentityKey()); + } + + plaintext = bobSessionCipher.decrypt(new PreKeyWhisperMessage(outgoingMessage.serialize())); + assertTrue(new String(plaintext).equals(originalMessage)); + + bobPreKey = new PreKeyBundle(bobStore.getLocalRegistrationId(), 1, + 31337, Curve.generateKeyPair().getPublicKey(), + 23, bobSignedPreKeyPair.getPublicKey(), bobSignedPreKeySignature, + aliceStore.getIdentityKeyPair().getPublicKey()); + + try { + aliceSessionBuilder.process(bobPreKey); + throw new AssertionError("shoulnd't be trusted!"); + } catch (UntrustedIdentityException uie) { + // good + } + } + + public void testBadSignedPreKeySignature() throws InvalidKeyException, UntrustedIdentityException { + AxolotlStore aliceStore = new InMemoryAxolotlStore(); + SessionBuilder aliceSessionBuilder = new SessionBuilder(aliceStore, BOB_RECIPIENT_ID, 1); + + IdentityKeyStore bobIdentityKeyStore = new InMemoryIdentityKeyStore(); + + ECKeyPair bobPreKeyPair = Curve.generateKeyPair(); + ECKeyPair bobSignedPreKeyPair = Curve.generateKeyPair(); + byte[] bobSignedPreKeySignature = Curve.calculateSignature(bobIdentityKeyStore.getIdentityKeyPair().getPrivateKey(), + bobSignedPreKeyPair.getPublicKey().serialize()); + + + for (int i=0;i<bobSignedPreKeySignature.length * 8;i++) { + byte[] modifiedSignature = new byte[bobSignedPreKeySignature.length]; + System.arraycopy(bobSignedPreKeySignature, 0, modifiedSignature, 0, modifiedSignature.length); + + modifiedSignature[i/8] ^= (0x01 << (i % 8)); + + PreKeyBundle bobPreKey = new PreKeyBundle(bobIdentityKeyStore.getLocalRegistrationId(), 1, + 31337, bobPreKeyPair.getPublicKey(), + 22, bobSignedPreKeyPair.getPublicKey(), modifiedSignature, + bobIdentityKeyStore.getIdentityKeyPair().getPublicKey()); + + try { + aliceSessionBuilder.process(bobPreKey); + throw new AssertionError("Accepted modified device key signature!"); + } catch (InvalidKeyException ike) { + // good + } + } + + PreKeyBundle bobPreKey = new PreKeyBundle(bobIdentityKeyStore.getLocalRegistrationId(), 1, + 31337, bobPreKeyPair.getPublicKey(), + 22, bobSignedPreKeyPair.getPublicKey(), bobSignedPreKeySignature, + bobIdentityKeyStore.getIdentityKeyPair().getPublicKey()); + + aliceSessionBuilder.process(bobPreKey); + } + + public void testRepeatBundleMessageV2() throws InvalidKeyException, UntrustedIdentityException, InvalidVersionException, InvalidMessageException, InvalidKeyIdException, DuplicateMessageException, LegacyMessageException, NoSessionException { + AxolotlStore aliceStore = new InMemoryAxolotlStore(); + SessionBuilder aliceSessionBuilder = new SessionBuilder(aliceStore, BOB_RECIPIENT_ID, 1); + + AxolotlStore bobStore = new InMemoryAxolotlStore(); + + ECKeyPair bobPreKeyPair = Curve.generateKeyPair(); + ECKeyPair bobSignedPreKeyPair = Curve.generateKeyPair(); + byte[] bobSignedPreKeySignature = Curve.calculateSignature(bobStore.getIdentityKeyPair().getPrivateKey(), + bobSignedPreKeyPair.getPublicKey().serialize()); + + PreKeyBundle bobPreKey = new PreKeyBundle(bobStore.getLocalRegistrationId(), 1, + 31337, bobPreKeyPair.getPublicKey(), + 0, null, null, + bobStore.getIdentityKeyPair().getPublicKey()); + + bobStore.storePreKey(31337, new PreKeyRecord(bobPreKey.getPreKeyId(), bobPreKeyPair)); + bobStore.storeSignedPreKey(22, new SignedPreKeyRecord(22, System.currentTimeMillis(), bobSignedPreKeyPair, bobSignedPreKeySignature)); + + aliceSessionBuilder.process(bobPreKey); + + String originalMessage = "L'homme est condamné à être libre"; + SessionCipher aliceSessionCipher = new SessionCipher(aliceStore, BOB_RECIPIENT_ID, 1); + CiphertextMessage outgoingMessageOne = aliceSessionCipher.encrypt(originalMessage.getBytes()); + CiphertextMessage outgoingMessageTwo = aliceSessionCipher.encrypt(originalMessage.getBytes()); + + assertTrue(outgoingMessageOne.getType() == CiphertextMessage.PREKEY_TYPE); + + PreKeyWhisperMessage incomingMessage = new PreKeyWhisperMessage(outgoingMessageOne.serialize()); + + SessionCipher bobSessionCipher = new SessionCipher(bobStore, ALICE_RECIPIENT_ID, 1); + + byte[] plaintext = bobSessionCipher.decrypt(incomingMessage); + assertTrue(originalMessage.equals(new String(plaintext))); + + CiphertextMessage bobOutgoingMessage = bobSessionCipher.encrypt(originalMessage.getBytes()); + + byte[] alicePlaintext = aliceSessionCipher.decrypt(new WhisperMessage(bobOutgoingMessage.serialize())); + assertTrue(originalMessage.equals(new String(alicePlaintext))); + + // The test + + PreKeyWhisperMessage incomingMessageTwo = new PreKeyWhisperMessage(outgoingMessageTwo.serialize()); + + plaintext = bobSessionCipher.decrypt(incomingMessageTwo); + assertTrue(originalMessage.equals(new String(plaintext))); + + bobOutgoingMessage = bobSessionCipher.encrypt(originalMessage.getBytes()); + alicePlaintext = aliceSessionCipher.decrypt(new WhisperMessage(bobOutgoingMessage.serialize())); + assertTrue(originalMessage.equals(new String(alicePlaintext))); + + } + + public void testRepeatBundleMessageV3() throws InvalidKeyException, UntrustedIdentityException, InvalidVersionException, InvalidMessageException, InvalidKeyIdException, DuplicateMessageException, LegacyMessageException, NoSessionException { + AxolotlStore aliceStore = new InMemoryAxolotlStore(); + SessionBuilder aliceSessionBuilder = new SessionBuilder(aliceStore, BOB_RECIPIENT_ID, 1); + + AxolotlStore bobStore = new InMemoryAxolotlStore(); + + ECKeyPair bobPreKeyPair = Curve.generateKeyPair(); + ECKeyPair bobSignedPreKeyPair = Curve.generateKeyPair(); + byte[] bobSignedPreKeySignature = Curve.calculateSignature(bobStore.getIdentityKeyPair().getPrivateKey(), + bobSignedPreKeyPair.getPublicKey().serialize()); + + PreKeyBundle bobPreKey = new PreKeyBundle(bobStore.getLocalRegistrationId(), 1, + 31337, bobPreKeyPair.getPublicKey(), + 22, bobSignedPreKeyPair.getPublicKey(), bobSignedPreKeySignature, + bobStore.getIdentityKeyPair().getPublicKey()); + + bobStore.storePreKey(31337, new PreKeyRecord(bobPreKey.getPreKeyId(), bobPreKeyPair)); + bobStore.storeSignedPreKey(22, new SignedPreKeyRecord(22, System.currentTimeMillis(), bobSignedPreKeyPair, bobSignedPreKeySignature)); + + aliceSessionBuilder.process(bobPreKey); + + String originalMessage = "L'homme est condamné à être libre"; + SessionCipher aliceSessionCipher = new SessionCipher(aliceStore, BOB_RECIPIENT_ID, 1); + CiphertextMessage outgoingMessageOne = aliceSessionCipher.encrypt(originalMessage.getBytes()); + CiphertextMessage outgoingMessageTwo = aliceSessionCipher.encrypt(originalMessage.getBytes()); + + assertTrue(outgoingMessageOne.getType() == CiphertextMessage.PREKEY_TYPE); + assertTrue(outgoingMessageTwo.getType() == CiphertextMessage.PREKEY_TYPE); + + PreKeyWhisperMessage incomingMessage = new PreKeyWhisperMessage(outgoingMessageOne.serialize()); + + SessionCipher bobSessionCipher = new SessionCipher(bobStore, ALICE_RECIPIENT_ID, 1); + + byte[] plaintext = bobSessionCipher.decrypt(incomingMessage); + assertTrue(originalMessage.equals(new String(plaintext))); + + CiphertextMessage bobOutgoingMessage = bobSessionCipher.encrypt(originalMessage.getBytes()); + + byte[] alicePlaintext = aliceSessionCipher.decrypt(new WhisperMessage(bobOutgoingMessage.serialize())); + assertTrue(originalMessage.equals(new String(alicePlaintext))); + + // The test + + PreKeyWhisperMessage incomingMessageTwo = new PreKeyWhisperMessage(outgoingMessageTwo.serialize()); + + plaintext = bobSessionCipher.decrypt(new PreKeyWhisperMessage(incomingMessageTwo.serialize())); + assertTrue(originalMessage.equals(new String(plaintext))); + + bobOutgoingMessage = bobSessionCipher.encrypt(originalMessage.getBytes()); + alicePlaintext = aliceSessionCipher.decrypt(new WhisperMessage(bobOutgoingMessage.serialize())); + assertTrue(originalMessage.equals(new String(alicePlaintext))); + + } + + public void testBadMessageBundle() throws InvalidKeyException, UntrustedIdentityException, InvalidVersionException, InvalidMessageException, DuplicateMessageException, LegacyMessageException, InvalidKeyIdException { + AxolotlStore aliceStore = new InMemoryAxolotlStore(); + SessionBuilder aliceSessionBuilder = new SessionBuilder(aliceStore, BOB_RECIPIENT_ID, 1); + + AxolotlStore bobStore = new InMemoryAxolotlStore(); + + ECKeyPair bobPreKeyPair = Curve.generateKeyPair(); + ECKeyPair bobSignedPreKeyPair = Curve.generateKeyPair(); + byte[] bobSignedPreKeySignature = Curve.calculateSignature(bobStore.getIdentityKeyPair().getPrivateKey(), + bobSignedPreKeyPair.getPublicKey().serialize()); + + PreKeyBundle bobPreKey = new PreKeyBundle(bobStore.getLocalRegistrationId(), 1, + 31337, bobPreKeyPair.getPublicKey(), + 22, bobSignedPreKeyPair.getPublicKey(), bobSignedPreKeySignature, + bobStore.getIdentityKeyPair().getPublicKey()); + + bobStore.storePreKey(31337, new PreKeyRecord(bobPreKey.getPreKeyId(), bobPreKeyPair)); + bobStore.storeSignedPreKey(22, new SignedPreKeyRecord(22, System.currentTimeMillis(), bobSignedPreKeyPair, bobSignedPreKeySignature)); + + aliceSessionBuilder.process(bobPreKey); + + String originalMessage = "L'homme est condamné à être libre"; + SessionCipher aliceSessionCipher = new SessionCipher(aliceStore, BOB_RECIPIENT_ID, 1); + CiphertextMessage outgoingMessageOne = aliceSessionCipher.encrypt(originalMessage.getBytes()); + + assertTrue(outgoingMessageOne.getType() == CiphertextMessage.PREKEY_TYPE); + + byte[] goodMessage = outgoingMessageOne.serialize(); + byte[] badMessage = new byte[goodMessage.length]; + System.arraycopy(goodMessage, 0, badMessage, 0, badMessage.length); + + badMessage[badMessage.length-10] ^= 0x01; + + PreKeyWhisperMessage incomingMessage = new PreKeyWhisperMessage(badMessage); + SessionCipher bobSessionCipher = new SessionCipher(bobStore, ALICE_RECIPIENT_ID, 1); + + byte[] plaintext = new byte[0]; + + try { + plaintext = bobSessionCipher.decrypt(incomingMessage); + throw new AssertionError("Decrypt should have failed!"); + } catch (InvalidMessageException e) { + // good. + } + + assertTrue(bobStore.containsPreKey(31337)); + + plaintext = bobSessionCipher.decrypt(new PreKeyWhisperMessage(goodMessage)); + + assertTrue(originalMessage.equals(new String(plaintext))); + assertTrue(!bobStore.containsPreKey(31337)); + } + + public void testBasicKeyExchange() throws InvalidKeyException, LegacyMessageException, InvalidMessageException, DuplicateMessageException, UntrustedIdentityException, StaleKeyExchangeException, InvalidVersionException, NoSessionException { + AxolotlStore aliceStore = new InMemoryAxolotlStore(); + SessionBuilder aliceSessionBuilder = new SessionBuilder(aliceStore, BOB_RECIPIENT_ID, 1); + + AxolotlStore bobStore = new InMemoryAxolotlStore(); + SessionBuilder bobSessionBuilder = new SessionBuilder(bobStore, ALICE_RECIPIENT_ID, 1); + + KeyExchangeMessage aliceKeyExchangeMessage = aliceSessionBuilder.process(); + assertTrue(aliceKeyExchangeMessage != null); + + byte[] aliceKeyExchangeMessageBytes = aliceKeyExchangeMessage.serialize(); + KeyExchangeMessage bobKeyExchangeMessage = bobSessionBuilder.process(new KeyExchangeMessage(aliceKeyExchangeMessageBytes)); + + assertTrue(bobKeyExchangeMessage != null); + + byte[] bobKeyExchangeMessageBytes = bobKeyExchangeMessage.serialize(); + KeyExchangeMessage response = aliceSessionBuilder.process(new KeyExchangeMessage(bobKeyExchangeMessageBytes)); + + assertTrue(response == null); + assertTrue(aliceStore.containsSession(BOB_RECIPIENT_ID, 1)); + assertTrue(bobStore.containsSession(ALICE_RECIPIENT_ID, 1)); + + runInteraction(aliceStore, bobStore); + + aliceStore = new InMemoryAxolotlStore(); + aliceSessionBuilder = new SessionBuilder(aliceStore, BOB_RECIPIENT_ID, 1); + aliceKeyExchangeMessage = aliceSessionBuilder.process(); + + try { + bobKeyExchangeMessage = bobSessionBuilder.process(aliceKeyExchangeMessage); + throw new AssertionError("This identity shouldn't be trusted!"); + } catch (UntrustedIdentityException uie) { + bobStore.saveIdentity(ALICE_RECIPIENT_ID, aliceKeyExchangeMessage.getIdentityKey()); + bobKeyExchangeMessage = bobSessionBuilder.process(aliceKeyExchangeMessage); + } + + assertTrue(aliceSessionBuilder.process(bobKeyExchangeMessage) == null); + + runInteraction(aliceStore, bobStore); + } + + public void testSimultaneousKeyExchange() + throws InvalidKeyException, DuplicateMessageException, LegacyMessageException, InvalidMessageException, UntrustedIdentityException, StaleKeyExchangeException, NoSessionException { + AxolotlStore aliceStore = new InMemoryAxolotlStore(); + SessionBuilder aliceSessionBuilder = new SessionBuilder(aliceStore, BOB_RECIPIENT_ID, 1); + + AxolotlStore bobStore = new InMemoryAxolotlStore(); + SessionBuilder bobSessionBuilder = new SessionBuilder(bobStore, ALICE_RECIPIENT_ID, 1); + + KeyExchangeMessage aliceKeyExchange = aliceSessionBuilder.process(); + KeyExchangeMessage bobKeyExchange = bobSessionBuilder.process(); + + assertTrue(aliceKeyExchange != null); + assertTrue(bobKeyExchange != null); + + KeyExchangeMessage aliceResponse = aliceSessionBuilder.process(bobKeyExchange); + KeyExchangeMessage bobResponse = bobSessionBuilder.process(aliceKeyExchange); + + assertTrue(aliceResponse != null); + assertTrue(bobResponse != null); + + KeyExchangeMessage aliceAck = aliceSessionBuilder.process(bobResponse); + KeyExchangeMessage bobAck = bobSessionBuilder.process(aliceResponse); + + assertTrue(aliceAck == null); + assertTrue(bobAck == null); + + runInteraction(aliceStore, bobStore); + } + + public void testOptionalOneTimePreKey() throws Exception { + AxolotlStore aliceStore = new InMemoryAxolotlStore(); + SessionBuilder aliceSessionBuilder = new SessionBuilder(aliceStore, BOB_RECIPIENT_ID, 1); + + AxolotlStore bobStore = new InMemoryAxolotlStore(); + + ECKeyPair bobPreKeyPair = Curve.generateKeyPair(); + ECKeyPair bobSignedPreKeyPair = Curve.generateKeyPair(); + byte[] bobSignedPreKeySignature = Curve.calculateSignature(bobStore.getIdentityKeyPair().getPrivateKey(), + bobSignedPreKeyPair.getPublicKey().serialize()); + + PreKeyBundle bobPreKey = new PreKeyBundle(bobStore.getLocalRegistrationId(), 1, + 0, null, + 22, bobSignedPreKeyPair.getPublicKey(), + bobSignedPreKeySignature, + bobStore.getIdentityKeyPair().getPublicKey()); + + aliceSessionBuilder.process(bobPreKey); + + assertTrue(aliceStore.containsSession(BOB_RECIPIENT_ID, 1)); + assertTrue(aliceStore.loadSession(BOB_RECIPIENT_ID, 1).getSessionState().getSessionVersion() == 3); + + String originalMessage = "L'homme est condamné à être libre"; + SessionCipher aliceSessionCipher = new SessionCipher(aliceStore, BOB_RECIPIENT_ID, 1); + CiphertextMessage outgoingMessage = aliceSessionCipher.encrypt(originalMessage.getBytes()); + + assertTrue(outgoingMessage.getType() == CiphertextMessage.PREKEY_TYPE); + + PreKeyWhisperMessage incomingMessage = new PreKeyWhisperMessage(outgoingMessage.serialize()); + assertTrue(!incomingMessage.getPreKeyId().isPresent()); + + bobStore.storePreKey(31337, new PreKeyRecord(bobPreKey.getPreKeyId(), bobPreKeyPair)); + bobStore.storeSignedPreKey(22, new SignedPreKeyRecord(22, System.currentTimeMillis(), bobSignedPreKeyPair, bobSignedPreKeySignature)); + + SessionCipher bobSessionCipher = new SessionCipher(bobStore, ALICE_RECIPIENT_ID, 1); + byte[] plaintext = bobSessionCipher.decrypt(incomingMessage); + + assertTrue(bobStore.containsSession(ALICE_RECIPIENT_ID, 1)); + assertTrue(bobStore.loadSession(ALICE_RECIPIENT_ID, 1).getSessionState().getSessionVersion() == 3); + assertTrue(bobStore.loadSession(ALICE_RECIPIENT_ID, 1).getSessionState().getAliceBaseKey() != null); + assertTrue(originalMessage.equals(new String(plaintext))); + } + + + private void runInteraction(AxolotlStore aliceStore, AxolotlStore bobStore) + throws DuplicateMessageException, LegacyMessageException, InvalidMessageException, NoSessionException + { + SessionCipher aliceSessionCipher = new SessionCipher(aliceStore, BOB_RECIPIENT_ID, 1); + SessionCipher bobSessionCipher = new SessionCipher(bobStore, ALICE_RECIPIENT_ID, 1); + + String originalMessage = "smert ze smert"; + CiphertextMessage aliceMessage = aliceSessionCipher.encrypt(originalMessage.getBytes()); + + assertTrue(aliceMessage.getType() == CiphertextMessage.WHISPER_TYPE); + + byte[] plaintext = bobSessionCipher.decrypt(new WhisperMessage(aliceMessage.serialize())); + assertTrue(new String(plaintext).equals(originalMessage)); + + CiphertextMessage bobMessage = bobSessionCipher.encrypt(originalMessage.getBytes()); + + assertTrue(bobMessage.getType() == CiphertextMessage.WHISPER_TYPE); + + plaintext = aliceSessionCipher.decrypt(new WhisperMessage(bobMessage.serialize())); + assertTrue(new String(plaintext).equals(originalMessage)); + + for (int i=0;i<10;i++) { + String loopingMessage = ("What do we mean by saying that existence precedes essence? " + + "We mean that man first of all exists, encounters himself, " + + "surges up in the world--and defines himself aftward. " + i); + CiphertextMessage aliceLoopingMessage = aliceSessionCipher.encrypt(loopingMessage.getBytes()); + + byte[] loopingPlaintext = bobSessionCipher.decrypt(new WhisperMessage(aliceLoopingMessage.serialize())); + assertTrue(new String(loopingPlaintext).equals(loopingMessage)); + } + + for (int i=0;i<10;i++) { + String loopingMessage = ("What do we mean by saying that existence precedes essence? " + + "We mean that man first of all exists, encounters himself, " + + "surges up in the world--and defines himself aftward. " + i); + CiphertextMessage bobLoopingMessage = bobSessionCipher.encrypt(loopingMessage.getBytes()); + + byte[] loopingPlaintext = aliceSessionCipher.decrypt(new WhisperMessage(bobLoopingMessage.serialize())); + assertTrue(new String(loopingPlaintext).equals(loopingMessage)); + } + + Set<Pair<String, CiphertextMessage>> aliceOutOfOrderMessages = new HashSet<>(); + + for (int i=0;i<10;i++) { + String loopingMessage = ("What do we mean by saying that existence precedes essence? " + + "We mean that man first of all exists, encounters himself, " + + "surges up in the world--and defines himself aftward. " + i); + CiphertextMessage aliceLoopingMessage = aliceSessionCipher.encrypt(loopingMessage.getBytes()); + + aliceOutOfOrderMessages.add(new Pair<>(loopingMessage, aliceLoopingMessage)); + } + + for (int i=0;i<10;i++) { + String loopingMessage = ("What do we mean by saying that existence precedes essence? " + + "We mean that man first of all exists, encounters himself, " + + "surges up in the world--and defines himself aftward. " + i); + CiphertextMessage aliceLoopingMessage = aliceSessionCipher.encrypt(loopingMessage.getBytes()); + + byte[] loopingPlaintext = bobSessionCipher.decrypt(new WhisperMessage(aliceLoopingMessage.serialize())); + assertTrue(new String(loopingPlaintext).equals(loopingMessage)); + } + + for (int i=0;i<10;i++) { + String loopingMessage = ("You can only desire based on what you know: " + i); + CiphertextMessage bobLoopingMessage = bobSessionCipher.encrypt(loopingMessage.getBytes()); + + byte[] loopingPlaintext = aliceSessionCipher.decrypt(new WhisperMessage(bobLoopingMessage.serialize())); + assertTrue(new String(loopingPlaintext).equals(loopingMessage)); + } + + for (Pair<String, CiphertextMessage> aliceOutOfOrderMessage : aliceOutOfOrderMessages) { + byte[] outOfOrderPlaintext = bobSessionCipher.decrypt(new WhisperMessage(aliceOutOfOrderMessage.second().serialize())); + assertTrue(new String(outOfOrderPlaintext).equals(aliceOutOfOrderMessage.first())); + } + } + + +} diff --git a/tests/src/main/java/org/whispersystems/libaxolotl/SessionCipherTest.java b/tests/src/main/java/org/whispersystems/libaxolotl/SessionCipherTest.java new file mode 100644 index 00000000..e956ed77 --- /dev/null +++ b/tests/src/main/java/org/whispersystems/libaxolotl/SessionCipherTest.java @@ -0,0 +1,198 @@ +package org.whispersystems.libaxolotl; + +import junit.framework.TestCase; + +import org.whispersystems.libaxolotl.ecc.Curve; +import org.whispersystems.libaxolotl.ecc.ECKeyPair; +import org.whispersystems.libaxolotl.ecc.ECPublicKey; +import org.whispersystems.libaxolotl.protocol.CiphertextMessage; +import org.whispersystems.libaxolotl.protocol.WhisperMessage; +import org.whispersystems.libaxolotl.ratchet.AliceAxolotlParameters; +import org.whispersystems.libaxolotl.ratchet.BobAxolotlParameters; +import org.whispersystems.libaxolotl.ratchet.RatchetingSession; +import org.whispersystems.libaxolotl.state.AxolotlStore; +import org.whispersystems.libaxolotl.state.SessionRecord; +import org.whispersystems.libaxolotl.state.SessionState; +import org.whispersystems.libaxolotl.util.guava.Optional; + +import java.security.NoSuchAlgorithmException; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collections; +import java.util.List; +import java.util.Random; + + +public class SessionCipherTest extends TestCase { + + public void testBasicSessionV2() + throws InvalidKeyException, DuplicateMessageException, + LegacyMessageException, InvalidMessageException, NoSuchAlgorithmException, NoSessionException + { + SessionRecord aliceSessionRecord = new SessionRecord(); + SessionRecord bobSessionRecord = new SessionRecord(); + + initializeSessionsV2(aliceSessionRecord.getSessionState(), bobSessionRecord.getSessionState()); + runInteraction(aliceSessionRecord, bobSessionRecord); + } + + public void testBasicSessionV3() + throws InvalidKeyException, DuplicateMessageException, + LegacyMessageException, InvalidMessageException, NoSuchAlgorithmException, NoSessionException + { + SessionRecord aliceSessionRecord = new SessionRecord(); + SessionRecord bobSessionRecord = new SessionRecord(); + + initializeSessionsV3(aliceSessionRecord.getSessionState(), bobSessionRecord.getSessionState()); + runInteraction(aliceSessionRecord, bobSessionRecord); + } + + private void runInteraction(SessionRecord aliceSessionRecord, SessionRecord bobSessionRecord) + throws DuplicateMessageException, LegacyMessageException, InvalidMessageException, NoSuchAlgorithmException, NoSessionException { + AxolotlStore aliceStore = new InMemoryAxolotlStore(); + AxolotlStore bobStore = new InMemoryAxolotlStore(); + + aliceStore.storeSession(2L, 1, aliceSessionRecord); + bobStore.storeSession(3L, 1, bobSessionRecord); + + SessionCipher aliceCipher = new SessionCipher(aliceStore, 2L, 1); + SessionCipher bobCipher = new SessionCipher(bobStore, 3L, 1); + + byte[] alicePlaintext = "This is a plaintext message.".getBytes(); + CiphertextMessage message = aliceCipher.encrypt(alicePlaintext); + byte[] bobPlaintext = bobCipher.decrypt(new WhisperMessage(message.serialize())); + + assertTrue(Arrays.equals(alicePlaintext, bobPlaintext)); + + byte[] bobReply = "This is a message from Bob.".getBytes(); + CiphertextMessage reply = bobCipher.encrypt(bobReply); + byte[] receivedReply = aliceCipher.decrypt(new WhisperMessage(reply.serialize())); + + assertTrue(Arrays.equals(bobReply, receivedReply)); + + List<CiphertextMessage> aliceCiphertextMessages = new ArrayList<>(); + List<byte[]> alicePlaintextMessages = new ArrayList<>(); + + for (int i=0;i<50;i++) { + alicePlaintextMessages.add(("смерть за смерть " + i).getBytes()); + aliceCiphertextMessages.add(aliceCipher.encrypt(("смерть за смерть " + i).getBytes())); + } + + long seed = System.currentTimeMillis(); + + Collections.shuffle(aliceCiphertextMessages, new Random(seed)); + Collections.shuffle(alicePlaintextMessages, new Random(seed)); + + for (int i=0;i<aliceCiphertextMessages.size() / 2;i++) { + byte[] receivedPlaintext = bobCipher.decrypt(new WhisperMessage(aliceCiphertextMessages.get(i).serialize())); + assertTrue(Arrays.equals(receivedPlaintext, alicePlaintextMessages.get(i))); + } + + List<CiphertextMessage> bobCiphertextMessages = new ArrayList<>(); + List<byte[]> bobPlaintextMessages = new ArrayList<>(); + + for (int i=0;i<20;i++) { + bobPlaintextMessages.add(("смерть за смерть " + i).getBytes()); + bobCiphertextMessages.add(bobCipher.encrypt(("смерть за смерть " + i).getBytes())); + } + + seed = System.currentTimeMillis(); + + Collections.shuffle(bobCiphertextMessages, new Random(seed)); + Collections.shuffle(bobPlaintextMessages, new Random(seed)); + + for (int i=0;i<bobCiphertextMessages.size() / 2;i++) { + byte[] receivedPlaintext = aliceCipher.decrypt(new WhisperMessage(bobCiphertextMessages.get(i).serialize())); + assertTrue(Arrays.equals(receivedPlaintext, bobPlaintextMessages.get(i))); + } + + for (int i=aliceCiphertextMessages.size()/2;i<aliceCiphertextMessages.size();i++) { + byte[] receivedPlaintext = bobCipher.decrypt(new WhisperMessage(aliceCiphertextMessages.get(i).serialize())); + assertTrue(Arrays.equals(receivedPlaintext, alicePlaintextMessages.get(i))); + } + + for (int i=bobCiphertextMessages.size() / 2;i<bobCiphertextMessages.size();i++) { + byte[] receivedPlaintext = aliceCipher.decrypt(new WhisperMessage(bobCiphertextMessages.get(i).serialize())); + assertTrue(Arrays.equals(receivedPlaintext, bobPlaintextMessages.get(i))); + } + } + + + private void initializeSessionsV2(SessionState aliceSessionState, SessionState bobSessionState) + throws InvalidKeyException + { + ECKeyPair aliceIdentityKeyPair = Curve.generateKeyPair(); + IdentityKeyPair aliceIdentityKey = new IdentityKeyPair(new IdentityKey(aliceIdentityKeyPair.getPublicKey()), + aliceIdentityKeyPair.getPrivateKey()); + ECKeyPair aliceBaseKey = Curve.generateKeyPair(); + ECKeyPair aliceEphemeralKey = Curve.generateKeyPair(); + + ECKeyPair bobIdentityKeyPair = Curve.generateKeyPair(); + IdentityKeyPair bobIdentityKey = new IdentityKeyPair(new IdentityKey(bobIdentityKeyPair.getPublicKey()), + bobIdentityKeyPair.getPrivateKey()); + ECKeyPair bobBaseKey = Curve.generateKeyPair(); + ECKeyPair bobEphemeralKey = bobBaseKey; + + AliceAxolotlParameters aliceParameters = AliceAxolotlParameters.newBuilder() + .setOurIdentityKey(aliceIdentityKey) + .setOurBaseKey(aliceBaseKey) + .setTheirIdentityKey(bobIdentityKey.getPublicKey()) + .setTheirSignedPreKey(bobEphemeralKey.getPublicKey()) + .setTheirRatchetKey(bobEphemeralKey.getPublicKey()) + .setTheirOneTimePreKey(Optional.<ECPublicKey>absent()) + .create(); + + BobAxolotlParameters bobParameters = BobAxolotlParameters.newBuilder() + .setOurIdentityKey(bobIdentityKey) + .setOurOneTimePreKey(Optional.<ECKeyPair>absent()) + .setOurRatchetKey(bobEphemeralKey) + .setOurSignedPreKey(bobBaseKey) + .setTheirBaseKey(aliceBaseKey.getPublicKey()) + .setTheirIdentityKey(aliceIdentityKey.getPublicKey()) + .create(); + + RatchetingSession.initializeSession(aliceSessionState, 2, aliceParameters); + RatchetingSession.initializeSession(bobSessionState, 2, bobParameters); + } + + private void initializeSessionsV3(SessionState aliceSessionState, SessionState bobSessionState) + throws InvalidKeyException + { + ECKeyPair aliceIdentityKeyPair = Curve.generateKeyPair(); + IdentityKeyPair aliceIdentityKey = new IdentityKeyPair(new IdentityKey(aliceIdentityKeyPair.getPublicKey()), + aliceIdentityKeyPair.getPrivateKey()); + ECKeyPair aliceBaseKey = Curve.generateKeyPair(); + ECKeyPair aliceEphemeralKey = Curve.generateKeyPair(); + + ECKeyPair alicePreKey = aliceBaseKey; + + ECKeyPair bobIdentityKeyPair = Curve.generateKeyPair(); + IdentityKeyPair bobIdentityKey = new IdentityKeyPair(new IdentityKey(bobIdentityKeyPair.getPublicKey()), + bobIdentityKeyPair.getPrivateKey()); + ECKeyPair bobBaseKey = Curve.generateKeyPair(); + ECKeyPair bobEphemeralKey = bobBaseKey; + + ECKeyPair bobPreKey = Curve.generateKeyPair(); + + AliceAxolotlParameters aliceParameters = AliceAxolotlParameters.newBuilder() + .setOurBaseKey(aliceBaseKey) + .setOurIdentityKey(aliceIdentityKey) + .setTheirOneTimePreKey(Optional.<ECPublicKey>absent()) + .setTheirRatchetKey(bobEphemeralKey.getPublicKey()) + .setTheirSignedPreKey(bobBaseKey.getPublicKey()) + .setTheirIdentityKey(bobIdentityKey.getPublicKey()) + .create(); + + BobAxolotlParameters bobParameters = BobAxolotlParameters.newBuilder() + .setOurRatchetKey(bobEphemeralKey) + .setOurSignedPreKey(bobBaseKey) + .setOurOneTimePreKey(Optional.<ECKeyPair>absent()) + .setOurIdentityKey(bobIdentityKey) + .setTheirIdentityKey(aliceIdentityKey.getPublicKey()) + .setTheirBaseKey(aliceBaseKey.getPublicKey()) + .create(); + + RatchetingSession.initializeSession(aliceSessionState, 3, aliceParameters); + RatchetingSession.initializeSession(bobSessionState, 3, bobParameters); + } +} diff --git a/tests/src/main/java/org/whispersystems/libaxolotl/SimultaneousInitiateTests.java b/tests/src/main/java/org/whispersystems/libaxolotl/SimultaneousInitiateTests.java new file mode 100644 index 00000000..f09fedf8 --- /dev/null +++ b/tests/src/main/java/org/whispersystems/libaxolotl/SimultaneousInitiateTests.java @@ -0,0 +1,487 @@ +package org.whispersystems.libaxolotl; + +import junit.framework.TestCase; + +import org.whispersystems.libaxolotl.ecc.Curve; +import org.whispersystems.libaxolotl.ecc.ECKeyPair; +import org.whispersystems.libaxolotl.protocol.CiphertextMessage; +import org.whispersystems.libaxolotl.protocol.PreKeyWhisperMessage; +import org.whispersystems.libaxolotl.protocol.WhisperMessage; +import org.whispersystems.libaxolotl.state.AxolotlStore; +import org.whispersystems.libaxolotl.state.PreKeyBundle; +import org.whispersystems.libaxolotl.state.PreKeyRecord; +import org.whispersystems.libaxolotl.state.SignedPreKeyRecord; +import org.whispersystems.libaxolotl.util.Medium; + +import java.util.Arrays; +import java.util.Random; + +public class SimultaneousInitiateTests extends TestCase { + + private static final long BOB_RECIPENT_ID = 12345; + private static final long ALICE_RECIPIENT_ID = 6789; + + private static final ECKeyPair aliceSignedPreKey = Curve.generateKeyPair(); + private static final ECKeyPair bobSignedPreKey = Curve.generateKeyPair(); + + private static final int aliceSignedPreKeyId = new Random().nextInt(Medium.MAX_VALUE); + private static final int bobSignedPreKeyId = new Random().nextInt(Medium.MAX_VALUE); + + public void testBasicSimultaneousInitiate() + throws InvalidKeyException, UntrustedIdentityException, InvalidVersionException, + InvalidMessageException, DuplicateMessageException, LegacyMessageException, + InvalidKeyIdException, NoSessionException + { + AxolotlStore aliceStore = new InMemoryAxolotlStore(); + AxolotlStore bobStore = new InMemoryAxolotlStore(); + + PreKeyBundle alicePreKeyBundle = createAlicePreKeyBundle(aliceStore); + PreKeyBundle bobPreKeyBundle = createBobPreKeyBundle(bobStore); + + SessionBuilder aliceSessionBuilder = new SessionBuilder(aliceStore, BOB_RECIPENT_ID, 1); + SessionBuilder bobSessionBuilder = new SessionBuilder(bobStore, ALICE_RECIPIENT_ID, 1); + + SessionCipher aliceSessionCipher = new SessionCipher(aliceStore, BOB_RECIPENT_ID, 1); + SessionCipher bobSessionCipher = new SessionCipher(bobStore, ALICE_RECIPIENT_ID, 1); + + aliceSessionBuilder.process(bobPreKeyBundle); + bobSessionBuilder.process(alicePreKeyBundle); + + CiphertextMessage messageForBob = aliceSessionCipher.encrypt("hey there".getBytes()); + CiphertextMessage messageForAlice = bobSessionCipher.encrypt("sample message".getBytes()); + + assertTrue(messageForBob.getType() == CiphertextMessage.PREKEY_TYPE); + assertTrue(messageForAlice.getType() == CiphertextMessage.PREKEY_TYPE); + + assertFalse(isSessionIdEqual(aliceStore, bobStore)); + + byte[] alicePlaintext = aliceSessionCipher.decrypt(new PreKeyWhisperMessage(messageForAlice.serialize())); + byte[] bobPlaintext = bobSessionCipher.decrypt(new PreKeyWhisperMessage(messageForBob.serialize())); + + assertTrue(new String(alicePlaintext).equals("sample message")); + assertTrue(new String(bobPlaintext).equals("hey there")); + + assertTrue(aliceStore.loadSession(BOB_RECIPENT_ID, 1).getSessionState().getSessionVersion() == 3); + assertTrue(bobStore.loadSession(ALICE_RECIPIENT_ID, 1).getSessionState().getSessionVersion() == 3); + + assertFalse(isSessionIdEqual(aliceStore, bobStore)); + + CiphertextMessage aliceResponse = aliceSessionCipher.encrypt("second message".getBytes()); + + assertTrue(aliceResponse.getType() == CiphertextMessage.WHISPER_TYPE); + + byte[] responsePlaintext = bobSessionCipher.decrypt(new WhisperMessage(aliceResponse.serialize())); + + assertTrue(new String(responsePlaintext).equals("second message")); + assertTrue(isSessionIdEqual(aliceStore, bobStore)); + + CiphertextMessage finalMessage = bobSessionCipher.encrypt("third message".getBytes()); + + assertTrue(finalMessage.getType() == CiphertextMessage.WHISPER_TYPE); + + byte[] finalPlaintext = aliceSessionCipher.decrypt(new WhisperMessage(finalMessage.serialize())); + + assertTrue(new String(finalPlaintext).equals("third message")); + assertTrue(isSessionIdEqual(aliceStore, bobStore)); + } + + public void testLostSimultaneousInitiate() throws InvalidKeyException, UntrustedIdentityException, InvalidVersionException, InvalidMessageException, DuplicateMessageException, LegacyMessageException, InvalidKeyIdException, NoSessionException { + AxolotlStore aliceStore = new InMemoryAxolotlStore(); + AxolotlStore bobStore = new InMemoryAxolotlStore(); + + PreKeyBundle alicePreKeyBundle = createAlicePreKeyBundle(aliceStore); + PreKeyBundle bobPreKeyBundle = createBobPreKeyBundle(bobStore); + + SessionBuilder aliceSessionBuilder = new SessionBuilder(aliceStore, BOB_RECIPENT_ID, 1); + SessionBuilder bobSessionBuilder = new SessionBuilder(bobStore, ALICE_RECIPIENT_ID, 1); + + SessionCipher aliceSessionCipher = new SessionCipher(aliceStore, BOB_RECIPENT_ID, 1); + SessionCipher bobSessionCipher = new SessionCipher(bobStore, ALICE_RECIPIENT_ID, 1); + + aliceSessionBuilder.process(bobPreKeyBundle); + bobSessionBuilder.process(alicePreKeyBundle); + + CiphertextMessage messageForBob = aliceSessionCipher.encrypt("hey there".getBytes()); + CiphertextMessage messageForAlice = bobSessionCipher.encrypt("sample message".getBytes()); + + assertTrue(messageForBob.getType() == CiphertextMessage.PREKEY_TYPE); + assertTrue(messageForAlice.getType() == CiphertextMessage.PREKEY_TYPE); + + assertFalse(isSessionIdEqual(aliceStore, bobStore)); + + byte[] bobPlaintext = bobSessionCipher.decrypt(new PreKeyWhisperMessage(messageForBob.serialize())); + + assertTrue(new String(bobPlaintext).equals("hey there")); + assertTrue(bobStore.loadSession(ALICE_RECIPIENT_ID, 1).getSessionState().getSessionVersion() == 3); + + CiphertextMessage aliceResponse = aliceSessionCipher.encrypt("second message".getBytes()); + + assertTrue(aliceResponse.getType() == CiphertextMessage.PREKEY_TYPE); + + byte[] responsePlaintext = bobSessionCipher.decrypt(new PreKeyWhisperMessage(aliceResponse.serialize())); + + assertTrue(new String(responsePlaintext).equals("second message")); + assertTrue(isSessionIdEqual(aliceStore, bobStore)); + + CiphertextMessage finalMessage = bobSessionCipher.encrypt("third message".getBytes()); + + assertTrue(finalMessage.getType() == CiphertextMessage.WHISPER_TYPE); + + byte[] finalPlaintext = aliceSessionCipher.decrypt(new WhisperMessage(finalMessage.serialize())); + + assertTrue(new String(finalPlaintext).equals("third message")); + assertTrue(isSessionIdEqual(aliceStore, bobStore)); + } + + public void testSimultaneousInitiateLostMessage() + throws InvalidKeyException, UntrustedIdentityException, InvalidVersionException, + InvalidMessageException, DuplicateMessageException, LegacyMessageException, + InvalidKeyIdException, NoSessionException + { + AxolotlStore aliceStore = new InMemoryAxolotlStore(); + AxolotlStore bobStore = new InMemoryAxolotlStore(); + + PreKeyBundle alicePreKeyBundle = createAlicePreKeyBundle(aliceStore); + PreKeyBundle bobPreKeyBundle = createBobPreKeyBundle(bobStore); + + SessionBuilder aliceSessionBuilder = new SessionBuilder(aliceStore, BOB_RECIPENT_ID, 1); + SessionBuilder bobSessionBuilder = new SessionBuilder(bobStore, ALICE_RECIPIENT_ID, 1); + + SessionCipher aliceSessionCipher = new SessionCipher(aliceStore, BOB_RECIPENT_ID, 1); + SessionCipher bobSessionCipher = new SessionCipher(bobStore, ALICE_RECIPIENT_ID, 1); + + aliceSessionBuilder.process(bobPreKeyBundle); + bobSessionBuilder.process(alicePreKeyBundle); + + CiphertextMessage messageForBob = aliceSessionCipher.encrypt("hey there".getBytes()); + CiphertextMessage messageForAlice = bobSessionCipher.encrypt("sample message".getBytes()); + + assertTrue(messageForBob.getType() == CiphertextMessage.PREKEY_TYPE); + assertTrue(messageForAlice.getType() == CiphertextMessage.PREKEY_TYPE); + + assertFalse(isSessionIdEqual(aliceStore, bobStore)); + + byte[] alicePlaintext = aliceSessionCipher.decrypt(new PreKeyWhisperMessage(messageForAlice.serialize())); + byte[] bobPlaintext = bobSessionCipher.decrypt(new PreKeyWhisperMessage(messageForBob.serialize())); + + assertTrue(new String(alicePlaintext).equals("sample message")); + assertTrue(new String(bobPlaintext).equals("hey there")); + + assertTrue(aliceStore.loadSession(BOB_RECIPENT_ID, 1).getSessionState().getSessionVersion() == 3); + assertTrue(bobStore.loadSession(ALICE_RECIPIENT_ID, 1).getSessionState().getSessionVersion() == 3); + + assertFalse(isSessionIdEqual(aliceStore, bobStore)); + + CiphertextMessage aliceResponse = aliceSessionCipher.encrypt("second message".getBytes()); + + assertTrue(aliceResponse.getType() == CiphertextMessage.WHISPER_TYPE); + +// byte[] responsePlaintext = bobSessionCipher.decrypt(new WhisperMessage(aliceResponse.serialize())); +// +// assertTrue(new String(responsePlaintext).equals("second message")); +// assertTrue(isSessionIdEqual(aliceStore, bobStore)); + assertFalse(isSessionIdEqual(aliceStore, bobStore)); + + CiphertextMessage finalMessage = bobSessionCipher.encrypt("third message".getBytes()); + + assertTrue(finalMessage.getType() == CiphertextMessage.WHISPER_TYPE); + + byte[] finalPlaintext = aliceSessionCipher.decrypt(new WhisperMessage(finalMessage.serialize())); + + assertTrue(new String(finalPlaintext).equals("third message")); + assertTrue(isSessionIdEqual(aliceStore, bobStore)); + } + + public void testSimultaneousInitiateRepeatedMessages() + throws InvalidKeyException, UntrustedIdentityException, InvalidVersionException, + InvalidMessageException, DuplicateMessageException, LegacyMessageException, + InvalidKeyIdException, NoSessionException + { + AxolotlStore aliceStore = new InMemoryAxolotlStore(); + AxolotlStore bobStore = new InMemoryAxolotlStore(); + + PreKeyBundle alicePreKeyBundle = createAlicePreKeyBundle(aliceStore); + PreKeyBundle bobPreKeyBundle = createBobPreKeyBundle(bobStore); + + SessionBuilder aliceSessionBuilder = new SessionBuilder(aliceStore, BOB_RECIPENT_ID, 1); + SessionBuilder bobSessionBuilder = new SessionBuilder(bobStore, ALICE_RECIPIENT_ID, 1); + + SessionCipher aliceSessionCipher = new SessionCipher(aliceStore, BOB_RECIPENT_ID, 1); + SessionCipher bobSessionCipher = new SessionCipher(bobStore, ALICE_RECIPIENT_ID, 1); + + aliceSessionBuilder.process(bobPreKeyBundle); + bobSessionBuilder.process(alicePreKeyBundle); + + CiphertextMessage messageForBob = aliceSessionCipher.encrypt("hey there".getBytes()); + CiphertextMessage messageForAlice = bobSessionCipher.encrypt("sample message".getBytes()); + + assertTrue(messageForBob.getType() == CiphertextMessage.PREKEY_TYPE); + assertTrue(messageForAlice.getType() == CiphertextMessage.PREKEY_TYPE); + + assertFalse(isSessionIdEqual(aliceStore, bobStore)); + + byte[] alicePlaintext = aliceSessionCipher.decrypt(new PreKeyWhisperMessage(messageForAlice.serialize())); + byte[] bobPlaintext = bobSessionCipher.decrypt(new PreKeyWhisperMessage(messageForBob.serialize())); + + assertTrue(new String(alicePlaintext).equals("sample message")); + assertTrue(new String(bobPlaintext).equals("hey there")); + + assertTrue(aliceStore.loadSession(BOB_RECIPENT_ID, 1).getSessionState().getSessionVersion() == 3); + assertTrue(bobStore.loadSession(ALICE_RECIPIENT_ID, 1).getSessionState().getSessionVersion() == 3); + + assertFalse(isSessionIdEqual(aliceStore, bobStore)); + + for (int i=0;i<50;i++) { + CiphertextMessage messageForBobRepeat = aliceSessionCipher.encrypt("hey there".getBytes()); + CiphertextMessage messageForAliceRepeat = bobSessionCipher.encrypt("sample message".getBytes()); + + assertTrue(messageForBobRepeat.getType() == CiphertextMessage.WHISPER_TYPE); + assertTrue(messageForAliceRepeat.getType() == CiphertextMessage.WHISPER_TYPE); + + assertFalse(isSessionIdEqual(aliceStore, bobStore)); + + byte[] alicePlaintextRepeat = aliceSessionCipher.decrypt(new WhisperMessage(messageForAliceRepeat.serialize())); + byte[] bobPlaintextRepeat = bobSessionCipher.decrypt(new WhisperMessage(messageForBobRepeat.serialize())); + + assertTrue(new String(alicePlaintextRepeat).equals("sample message")); + assertTrue(new String(bobPlaintextRepeat).equals("hey there")); + + assertFalse(isSessionIdEqual(aliceStore, bobStore)); + } + + CiphertextMessage aliceResponse = aliceSessionCipher.encrypt("second message".getBytes()); + + assertTrue(aliceResponse.getType() == CiphertextMessage.WHISPER_TYPE); + + byte[] responsePlaintext = bobSessionCipher.decrypt(new WhisperMessage(aliceResponse.serialize())); + + assertTrue(new String(responsePlaintext).equals("second message")); + assertTrue(isSessionIdEqual(aliceStore, bobStore)); + + CiphertextMessage finalMessage = bobSessionCipher.encrypt("third message".getBytes()); + + assertTrue(finalMessage.getType() == CiphertextMessage.WHISPER_TYPE); + + byte[] finalPlaintext = aliceSessionCipher.decrypt(new WhisperMessage(finalMessage.serialize())); + + assertTrue(new String(finalPlaintext).equals("third message")); + assertTrue(isSessionIdEqual(aliceStore, bobStore)); + } + + public void testRepeatedSimultaneousInitiateRepeatedMessages() + throws InvalidKeyException, UntrustedIdentityException, InvalidVersionException, + InvalidMessageException, DuplicateMessageException, LegacyMessageException, + InvalidKeyIdException, NoSessionException + { + AxolotlStore aliceStore = new InMemoryAxolotlStore(); + AxolotlStore bobStore = new InMemoryAxolotlStore(); + + + SessionBuilder aliceSessionBuilder = new SessionBuilder(aliceStore, BOB_RECIPENT_ID, 1); + SessionBuilder bobSessionBuilder = new SessionBuilder(bobStore, ALICE_RECIPIENT_ID, 1); + + SessionCipher aliceSessionCipher = new SessionCipher(aliceStore, BOB_RECIPENT_ID, 1); + SessionCipher bobSessionCipher = new SessionCipher(bobStore, ALICE_RECIPIENT_ID, 1); + + for (int i=0;i<15;i++) { + PreKeyBundle alicePreKeyBundle = createAlicePreKeyBundle(aliceStore); + PreKeyBundle bobPreKeyBundle = createBobPreKeyBundle(bobStore); + + aliceSessionBuilder.process(bobPreKeyBundle); + bobSessionBuilder.process(alicePreKeyBundle); + + CiphertextMessage messageForBob = aliceSessionCipher.encrypt("hey there".getBytes()); + CiphertextMessage messageForAlice = bobSessionCipher.encrypt("sample message".getBytes()); + + assertTrue(messageForBob.getType() == CiphertextMessage.PREKEY_TYPE); + assertTrue(messageForAlice.getType() == CiphertextMessage.PREKEY_TYPE); + + assertFalse(isSessionIdEqual(aliceStore, bobStore)); + + byte[] alicePlaintext = aliceSessionCipher.decrypt(new PreKeyWhisperMessage(messageForAlice.serialize())); + byte[] bobPlaintext = bobSessionCipher.decrypt(new PreKeyWhisperMessage(messageForBob.serialize())); + + assertTrue(new String(alicePlaintext).equals("sample message")); + assertTrue(new String(bobPlaintext).equals("hey there")); + + assertTrue(aliceStore.loadSession(BOB_RECIPENT_ID, 1).getSessionState().getSessionVersion() == 3); + assertTrue(bobStore.loadSession(ALICE_RECIPIENT_ID, 1).getSessionState().getSessionVersion() == 3); + + assertFalse(isSessionIdEqual(aliceStore, bobStore)); + } + + for (int i=0;i<50;i++) { + CiphertextMessage messageForBobRepeat = aliceSessionCipher.encrypt("hey there".getBytes()); + CiphertextMessage messageForAliceRepeat = bobSessionCipher.encrypt("sample message".getBytes()); + + assertTrue(messageForBobRepeat.getType() == CiphertextMessage.WHISPER_TYPE); + assertTrue(messageForAliceRepeat.getType() == CiphertextMessage.WHISPER_TYPE); + + assertFalse(isSessionIdEqual(aliceStore, bobStore)); + + byte[] alicePlaintextRepeat = aliceSessionCipher.decrypt(new WhisperMessage(messageForAliceRepeat.serialize())); + byte[] bobPlaintextRepeat = bobSessionCipher.decrypt(new WhisperMessage(messageForBobRepeat.serialize())); + + assertTrue(new String(alicePlaintextRepeat).equals("sample message")); + assertTrue(new String(bobPlaintextRepeat).equals("hey there")); + + assertFalse(isSessionIdEqual(aliceStore, bobStore)); + } + + CiphertextMessage aliceResponse = aliceSessionCipher.encrypt("second message".getBytes()); + + assertTrue(aliceResponse.getType() == CiphertextMessage.WHISPER_TYPE); + + byte[] responsePlaintext = bobSessionCipher.decrypt(new WhisperMessage(aliceResponse.serialize())); + + assertTrue(new String(responsePlaintext).equals("second message")); + assertTrue(isSessionIdEqual(aliceStore, bobStore)); + + CiphertextMessage finalMessage = bobSessionCipher.encrypt("third message".getBytes()); + + assertTrue(finalMessage.getType() == CiphertextMessage.WHISPER_TYPE); + + byte[] finalPlaintext = aliceSessionCipher.decrypt(new WhisperMessage(finalMessage.serialize())); + + assertTrue(new String(finalPlaintext).equals("third message")); + assertTrue(isSessionIdEqual(aliceStore, bobStore)); + } + + public void testRepeatedSimultaneousInitiateLostMessageRepeatedMessages() + throws InvalidKeyException, UntrustedIdentityException, InvalidVersionException, + InvalidMessageException, DuplicateMessageException, LegacyMessageException, + InvalidKeyIdException, NoSessionException + { + AxolotlStore aliceStore = new InMemoryAxolotlStore(); + AxolotlStore bobStore = new InMemoryAxolotlStore(); + + + SessionBuilder aliceSessionBuilder = new SessionBuilder(aliceStore, BOB_RECIPENT_ID, 1); + SessionBuilder bobSessionBuilder = new SessionBuilder(bobStore, ALICE_RECIPIENT_ID, 1); + + SessionCipher aliceSessionCipher = new SessionCipher(aliceStore, BOB_RECIPENT_ID, 1); + SessionCipher bobSessionCipher = new SessionCipher(bobStore, ALICE_RECIPIENT_ID, 1); + +// PreKeyBundle aliceLostPreKeyBundle = createAlicePreKeyBundle(aliceStore); + PreKeyBundle bobLostPreKeyBundle = createBobPreKeyBundle(bobStore); + + aliceSessionBuilder.process(bobLostPreKeyBundle); +// bobSessionBuilder.process(aliceLostPreKeyBundle); + + CiphertextMessage lostMessageForBob = aliceSessionCipher.encrypt("hey there".getBytes()); +// CiphertextMessage lostMessageForAlice = bobSessionCipher.encrypt("sample message".getBytes()); + + for (int i=0;i<15;i++) { + PreKeyBundle alicePreKeyBundle = createAlicePreKeyBundle(aliceStore); + PreKeyBundle bobPreKeyBundle = createBobPreKeyBundle(bobStore); + + aliceSessionBuilder.process(bobPreKeyBundle); + bobSessionBuilder.process(alicePreKeyBundle); + + CiphertextMessage messageForBob = aliceSessionCipher.encrypt("hey there".getBytes()); + CiphertextMessage messageForAlice = bobSessionCipher.encrypt("sample message".getBytes()); + + assertTrue(messageForBob.getType() == CiphertextMessage.PREKEY_TYPE); + assertTrue(messageForAlice.getType() == CiphertextMessage.PREKEY_TYPE); + + assertFalse(isSessionIdEqual(aliceStore, bobStore)); + + byte[] alicePlaintext = aliceSessionCipher.decrypt(new PreKeyWhisperMessage(messageForAlice.serialize())); + byte[] bobPlaintext = bobSessionCipher.decrypt(new PreKeyWhisperMessage(messageForBob.serialize())); + + assertTrue(new String(alicePlaintext).equals("sample message")); + assertTrue(new String(bobPlaintext).equals("hey there")); + + assertTrue(aliceStore.loadSession(BOB_RECIPENT_ID, 1).getSessionState().getSessionVersion() == 3); + assertTrue(bobStore.loadSession(ALICE_RECIPIENT_ID, 1).getSessionState().getSessionVersion() == 3); + + assertFalse(isSessionIdEqual(aliceStore, bobStore)); + } + + for (int i=0;i<50;i++) { + CiphertextMessage messageForBobRepeat = aliceSessionCipher.encrypt("hey there".getBytes()); + CiphertextMessage messageForAliceRepeat = bobSessionCipher.encrypt("sample message".getBytes()); + + assertTrue(messageForBobRepeat.getType() == CiphertextMessage.WHISPER_TYPE); + assertTrue(messageForAliceRepeat.getType() == CiphertextMessage.WHISPER_TYPE); + + assertFalse(isSessionIdEqual(aliceStore, bobStore)); + + byte[] alicePlaintextRepeat = aliceSessionCipher.decrypt(new WhisperMessage(messageForAliceRepeat.serialize())); + byte[] bobPlaintextRepeat = bobSessionCipher.decrypt(new WhisperMessage(messageForBobRepeat.serialize())); + + assertTrue(new String(alicePlaintextRepeat).equals("sample message")); + assertTrue(new String(bobPlaintextRepeat).equals("hey there")); + + assertFalse(isSessionIdEqual(aliceStore, bobStore)); + } + + CiphertextMessage aliceResponse = aliceSessionCipher.encrypt("second message".getBytes()); + + assertTrue(aliceResponse.getType() == CiphertextMessage.WHISPER_TYPE); + + byte[] responsePlaintext = bobSessionCipher.decrypt(new WhisperMessage(aliceResponse.serialize())); + + assertTrue(new String(responsePlaintext).equals("second message")); + assertTrue(isSessionIdEqual(aliceStore, bobStore)); + + CiphertextMessage finalMessage = bobSessionCipher.encrypt("third message".getBytes()); + + assertTrue(finalMessage.getType() == CiphertextMessage.WHISPER_TYPE); + + byte[] finalPlaintext = aliceSessionCipher.decrypt(new WhisperMessage(finalMessage.serialize())); + + assertTrue(new String(finalPlaintext).equals("third message")); + assertTrue(isSessionIdEqual(aliceStore, bobStore)); + + byte[] lostMessagePlaintext = bobSessionCipher.decrypt(new PreKeyWhisperMessage(lostMessageForBob.serialize())); + assertTrue(new String(lostMessagePlaintext).equals("hey there")); + + assertFalse(isSessionIdEqual(aliceStore, bobStore)); + + CiphertextMessage blastFromThePast = bobSessionCipher.encrypt("unexpected!".getBytes()); + byte[] blastFromThePastPlaintext = aliceSessionCipher.decrypt(new WhisperMessage(blastFromThePast.serialize())); + + assertTrue(new String(blastFromThePastPlaintext).equals("unexpected!")); + assertTrue(isSessionIdEqual(aliceStore, bobStore)); + } + + private boolean isSessionIdEqual(AxolotlStore aliceStore, AxolotlStore bobStore) { + return Arrays.equals(aliceStore.loadSession(BOB_RECIPENT_ID, 1).getSessionState().getAliceBaseKey(), + bobStore.loadSession(ALICE_RECIPIENT_ID, 1).getSessionState().getAliceBaseKey()); + } + + private PreKeyBundle createAlicePreKeyBundle(AxolotlStore aliceStore) throws InvalidKeyException { + ECKeyPair aliceUnsignedPreKey = Curve.generateKeyPair(); + int aliceUnsignedPreKeyId = new Random().nextInt(Medium.MAX_VALUE); + byte[] aliceSignature = Curve.calculateSignature(aliceStore.getIdentityKeyPair().getPrivateKey(), + aliceSignedPreKey.getPublicKey().serialize()); + + PreKeyBundle alicePreKeyBundle = new PreKeyBundle(1, 1, + aliceUnsignedPreKeyId, aliceUnsignedPreKey.getPublicKey(), + aliceSignedPreKeyId, aliceSignedPreKey.getPublicKey(), + aliceSignature, aliceStore.getIdentityKeyPair().getPublicKey()); + + aliceStore.storeSignedPreKey(aliceSignedPreKeyId, new SignedPreKeyRecord(aliceSignedPreKeyId, System.currentTimeMillis(), aliceSignedPreKey, aliceSignature)); + aliceStore.storePreKey(aliceUnsignedPreKeyId, new PreKeyRecord(aliceUnsignedPreKeyId, aliceUnsignedPreKey)); + + return alicePreKeyBundle; + } + + private PreKeyBundle createBobPreKeyBundle(AxolotlStore bobStore) throws InvalidKeyException { + ECKeyPair bobUnsignedPreKey = Curve.generateKeyPair(); + int bobUnsignedPreKeyId = new Random().nextInt(Medium.MAX_VALUE); + byte[] bobSignature = Curve.calculateSignature(bobStore.getIdentityKeyPair().getPrivateKey(), + bobSignedPreKey.getPublicKey().serialize()); + + PreKeyBundle bobPreKeyBundle = new PreKeyBundle(1, 1, + bobUnsignedPreKeyId, bobUnsignedPreKey.getPublicKey(), + bobSignedPreKeyId, bobSignedPreKey.getPublicKey(), + bobSignature, bobStore.getIdentityKeyPair().getPublicKey()); + + bobStore.storeSignedPreKey(bobSignedPreKeyId, new SignedPreKeyRecord(bobSignedPreKeyId, System.currentTimeMillis(), bobSignedPreKey, bobSignature)); + bobStore.storePreKey(bobUnsignedPreKeyId, new PreKeyRecord(bobUnsignedPreKeyId, bobUnsignedPreKey)); + + return bobPreKeyBundle; + } +} diff --git a/tests/src/main/java/org/whispersystems/libaxolotl/ecc/Curve25519Test.java b/tests/src/main/java/org/whispersystems/libaxolotl/ecc/Curve25519Test.java new file mode 100644 index 00000000..b10085bb --- /dev/null +++ b/tests/src/main/java/org/whispersystems/libaxolotl/ecc/Curve25519Test.java @@ -0,0 +1,136 @@ +package org.whispersystems.libaxolotl.ecc; + +import junit.framework.TestCase; + +import org.whispersystems.libaxolotl.InvalidKeyException; + +import java.util.Arrays; + + +public class Curve25519Test extends TestCase { + + public void testAgreement() throws InvalidKeyException { + byte[] alicePublic = {(byte) 0x05, (byte) 0x1b, (byte) 0xb7, (byte) 0x59, (byte) 0x66, + (byte) 0xf2, (byte) 0xe9, (byte) 0x3a, (byte) 0x36, (byte) 0x91, + (byte) 0xdf, (byte) 0xff, (byte) 0x94, (byte) 0x2b, (byte) 0xb2, + (byte) 0xa4, (byte) 0x66, (byte) 0xa1, (byte) 0xc0, (byte) 0x8b, + (byte) 0x8d, (byte) 0x78, (byte) 0xca, (byte) 0x3f, (byte) 0x4d, + (byte) 0x6d, (byte) 0xf8, (byte) 0xb8, (byte) 0xbf, (byte) 0xa2, + (byte) 0xe4, (byte) 0xee, (byte) 0x28}; + + byte[] alicePrivate = {(byte) 0xc8, (byte) 0x06, (byte) 0x43, (byte) 0x9d, (byte) 0xc9, + (byte) 0xd2, (byte) 0xc4, (byte) 0x76, (byte) 0xff, (byte) 0xed, + (byte) 0x8f, (byte) 0x25, (byte) 0x80, (byte) 0xc0, (byte) 0x88, + (byte) 0x8d, (byte) 0x58, (byte) 0xab, (byte) 0x40, (byte) 0x6b, + (byte) 0xf7, (byte) 0xae, (byte) 0x36, (byte) 0x98, (byte) 0x87, + (byte) 0x90, (byte) 0x21, (byte) 0xb9, (byte) 0x6b, (byte) 0xb4, + (byte) 0xbf, (byte) 0x59}; + + byte[] bobPublic = {(byte) 0x05, (byte) 0x65, (byte) 0x36, (byte) 0x14, (byte) 0x99, + (byte) 0x3d, (byte) 0x2b, (byte) 0x15, (byte) 0xee, (byte) 0x9e, + (byte) 0x5f, (byte) 0xd3, (byte) 0xd8, (byte) 0x6c, (byte) 0xe7, + (byte) 0x19, (byte) 0xef, (byte) 0x4e, (byte) 0xc1, (byte) 0xda, + (byte) 0xae, (byte) 0x18, (byte) 0x86, (byte) 0xa8, (byte) 0x7b, + (byte) 0x3f, (byte) 0x5f, (byte) 0xa9, (byte) 0x56, (byte) 0x5a, + (byte) 0x27, (byte) 0xa2, (byte) 0x2f}; + + byte[] bobPrivate = {(byte) 0xb0, (byte) 0x3b, (byte) 0x34, (byte) 0xc3, (byte) 0x3a, + (byte) 0x1c, (byte) 0x44, (byte) 0xf2, (byte) 0x25, (byte) 0xb6, + (byte) 0x62, (byte) 0xd2, (byte) 0xbf, (byte) 0x48, (byte) 0x59, + (byte) 0xb8, (byte) 0x13, (byte) 0x54, (byte) 0x11, (byte) 0xfa, + (byte) 0x7b, (byte) 0x03, (byte) 0x86, (byte) 0xd4, (byte) 0x5f, + (byte) 0xb7, (byte) 0x5d, (byte) 0xc5, (byte) 0xb9, (byte) 0x1b, + (byte) 0x44, (byte) 0x66}; + + byte[] shared = {(byte) 0x32, (byte) 0x5f, (byte) 0x23, (byte) 0x93, (byte) 0x28, + (byte) 0x94, (byte) 0x1c, (byte) 0xed, (byte) 0x6e, (byte) 0x67, + (byte) 0x3b, (byte) 0x86, (byte) 0xba, (byte) 0x41, (byte) 0x01, + (byte) 0x74, (byte) 0x48, (byte) 0xe9, (byte) 0x9b, (byte) 0x64, + (byte) 0x9a, (byte) 0x9c, (byte) 0x38, (byte) 0x06, (byte) 0xc1, + (byte) 0xdd, (byte) 0x7c, (byte) 0xa4, (byte) 0xc4, (byte) 0x77, + (byte) 0xe6, (byte) 0x29}; + + ECPublicKey alicePublicKey = Curve.decodePoint(alicePublic, 0); + ECPrivateKey alicePrivateKey = Curve.decodePrivatePoint(alicePrivate); + + ECPublicKey bobPublicKey = Curve.decodePoint(bobPublic, 0); + ECPrivateKey bobPrivateKey = Curve.decodePrivatePoint(bobPrivate); + + byte[] sharedOne = Curve.calculateAgreement(alicePublicKey, bobPrivateKey); + byte[] sharedTwo = Curve.calculateAgreement(bobPublicKey, alicePrivateKey); + + assertTrue(Arrays.equals(sharedOne, shared)); + assertTrue(Arrays.equals(sharedTwo, shared)); + } + + public void testRandomAgreements() throws InvalidKeyException { + for (int i=0;i<50;i++) { + ECKeyPair alice = Curve.generateKeyPair(); + ECKeyPair bob = Curve.generateKeyPair(); + + byte[] sharedAlice = Curve.calculateAgreement(bob.getPublicKey(), alice.getPrivateKey()); + byte[] sharedBob = Curve.calculateAgreement(alice.getPublicKey(), bob.getPrivateKey()); + + assertTrue(Arrays.equals(sharedAlice, sharedBob)); + } + } + + public void testSignature() throws InvalidKeyException { + byte[] aliceIdentityPrivate = {(byte)0xc0, (byte)0x97, (byte)0x24, (byte)0x84, (byte)0x12, + (byte)0xe5, (byte)0x8b, (byte)0xf0, (byte)0x5d, (byte)0xf4, + (byte)0x87, (byte)0x96, (byte)0x82, (byte)0x05, (byte)0x13, + (byte)0x27, (byte)0x94, (byte)0x17, (byte)0x8e, (byte)0x36, + (byte)0x76, (byte)0x37, (byte)0xf5, (byte)0x81, (byte)0x8f, + (byte)0x81, (byte)0xe0, (byte)0xe6, (byte)0xce, (byte)0x73, + (byte)0xe8, (byte)0x65}; + + byte[] aliceIdentityPublic = {(byte)0x05, (byte)0xab, (byte)0x7e, (byte)0x71, (byte)0x7d, + (byte)0x4a, (byte)0x16, (byte)0x3b, (byte)0x7d, (byte)0x9a, + (byte)0x1d, (byte)0x80, (byte)0x71, (byte)0xdf, (byte)0xe9, + (byte)0xdc, (byte)0xf8, (byte)0xcd, (byte)0xcd, (byte)0x1c, + (byte)0xea, (byte)0x33, (byte)0x39, (byte)0xb6, (byte)0x35, + (byte)0x6b, (byte)0xe8, (byte)0x4d, (byte)0x88, (byte)0x7e, + (byte)0x32, (byte)0x2c, (byte)0x64}; + + byte[] aliceEphemeralPublic = {(byte)0x05, (byte)0xed, (byte)0xce, (byte)0x9d, (byte)0x9c, + (byte)0x41, (byte)0x5c, (byte)0xa7, (byte)0x8c, (byte)0xb7, + (byte)0x25, (byte)0x2e, (byte)0x72, (byte)0xc2, (byte)0xc4, + (byte)0xa5, (byte)0x54, (byte)0xd3, (byte)0xeb, (byte)0x29, + (byte)0x48, (byte)0x5a, (byte)0x0e, (byte)0x1d, (byte)0x50, + (byte)0x31, (byte)0x18, (byte)0xd1, (byte)0xa8, (byte)0x2d, + (byte)0x99, (byte)0xfb, (byte)0x4a}; + + byte[] aliceSignature = {(byte)0x5d, (byte)0xe8, (byte)0x8c, (byte)0xa9, (byte)0xa8, + (byte)0x9b, (byte)0x4a, (byte)0x11, (byte)0x5d, (byte)0xa7, + (byte)0x91, (byte)0x09, (byte)0xc6, (byte)0x7c, (byte)0x9c, + (byte)0x74, (byte)0x64, (byte)0xa3, (byte)0xe4, (byte)0x18, + (byte)0x02, (byte)0x74, (byte)0xf1, (byte)0xcb, (byte)0x8c, + (byte)0x63, (byte)0xc2, (byte)0x98, (byte)0x4e, (byte)0x28, + (byte)0x6d, (byte)0xfb, (byte)0xed, (byte)0xe8, (byte)0x2d, + (byte)0xeb, (byte)0x9d, (byte)0xcd, (byte)0x9f, (byte)0xae, + (byte)0x0b, (byte)0xfb, (byte)0xb8, (byte)0x21, (byte)0x56, + (byte)0x9b, (byte)0x3d, (byte)0x90, (byte)0x01, (byte)0xbd, + (byte)0x81, (byte)0x30, (byte)0xcd, (byte)0x11, (byte)0xd4, + (byte)0x86, (byte)0xce, (byte)0xf0, (byte)0x47, (byte)0xbd, + (byte)0x60, (byte)0xb8, (byte)0x6e, (byte)0x88}; + + ECPrivateKey alicePrivateKey = Curve.decodePrivatePoint(aliceIdentityPrivate); + ECPublicKey alicePublicKey = Curve.decodePoint(aliceIdentityPublic, 0); + ECPublicKey aliceEphemeral = Curve.decodePoint(aliceEphemeralPublic, 0); + + if (!Curve.verifySignature(alicePublicKey, aliceEphemeral.serialize(), aliceSignature)) { + throw new AssertionError("Sig verification failed!"); + } + + for (int i=0;i<aliceSignature.length;i++) { + byte[] modifiedSignature = new byte[aliceSignature.length]; + System.arraycopy(aliceSignature, 0, modifiedSignature, 0, modifiedSignature.length); + + modifiedSignature[i] ^= 0x01; + + if (Curve.verifySignature(alicePublicKey, aliceEphemeral.serialize(), modifiedSignature)) { + throw new AssertionError("Sig verification succeeded!"); + } + } + } +} diff --git a/tests/src/main/java/org/whispersystems/libaxolotl/groups/GroupCipherTest.java b/tests/src/main/java/org/whispersystems/libaxolotl/groups/GroupCipherTest.java new file mode 100644 index 00000000..7c9892b0 --- /dev/null +++ b/tests/src/main/java/org/whispersystems/libaxolotl/groups/GroupCipherTest.java @@ -0,0 +1,146 @@ +package org.whispersystems.libaxolotl.groups; + +import junit.framework.TestCase; + +import org.whispersystems.libaxolotl.DuplicateMessageException; +import org.whispersystems.libaxolotl.InvalidMessageException; +import org.whispersystems.libaxolotl.LegacyMessageException; +import org.whispersystems.libaxolotl.NoSessionException; +import org.whispersystems.libaxolotl.ecc.ECKeyPair; +import org.whispersystems.libaxolotl.protocol.SenderKeyDistributionMessage; +import org.whispersystems.libaxolotl.util.KeyHelper; + +import java.security.NoSuchAlgorithmException; +import java.security.SecureRandom; +import java.util.ArrayList; + +public class GroupCipherTest extends TestCase { + + public void testBasicEncryptDecrypt() + throws LegacyMessageException, DuplicateMessageException, InvalidMessageException, NoSessionException + { + InMemorySenderKeyStore aliceStore = new InMemorySenderKeyStore(); + InMemorySenderKeyStore bobStore = new InMemorySenderKeyStore(); + + GroupSessionBuilder aliceSessionBuilder = new GroupSessionBuilder(aliceStore); + GroupSessionBuilder bobSessionBuilder = new GroupSessionBuilder(bobStore); + + GroupCipher aliceGroupCipher = new GroupCipher(aliceStore, "groupWithBobInIt"); + GroupCipher bobGroupCipher = new GroupCipher(bobStore, "groupWithBobInIt::aliceUserName"); + + byte[] aliceSenderKey = KeyHelper.generateSenderKey(); + ECKeyPair aliceSenderSigningKey = KeyHelper.generateSenderSigningKey(); + int aliceSenderKeyId = KeyHelper.generateSenderKeyId(); + + SenderKeyDistributionMessage aliceDistributionMessage = + aliceSessionBuilder.process("groupWithBobInIt", aliceSenderKeyId, 0, + aliceSenderKey, aliceSenderSigningKey); + + bobSessionBuilder.process("groupWithBobInIt::aliceUserName", aliceDistributionMessage); + + byte[] ciphertextFromAlice = aliceGroupCipher.encrypt("smert ze smert".getBytes()); + byte[] plaintextFromAlice = bobGroupCipher.decrypt(ciphertextFromAlice); + + assertTrue(new String(plaintextFromAlice).equals("smert ze smert")); + } + + public void testBasicRatchet() + throws LegacyMessageException, DuplicateMessageException, InvalidMessageException, NoSessionException + { + InMemorySenderKeyStore aliceStore = new InMemorySenderKeyStore(); + InMemorySenderKeyStore bobStore = new InMemorySenderKeyStore(); + + GroupSessionBuilder aliceSessionBuilder = new GroupSessionBuilder(aliceStore); + GroupSessionBuilder bobSessionBuilder = new GroupSessionBuilder(bobStore); + + GroupCipher aliceGroupCipher = new GroupCipher(aliceStore, "groupWithBobInIt"); + GroupCipher bobGroupCipher = new GroupCipher(bobStore, "groupWithBobInIt::aliceUserName"); + + byte[] aliceSenderKey = KeyHelper.generateSenderKey(); + ECKeyPair aliceSenderSigningKey = KeyHelper.generateSenderSigningKey(); + int aliceSenderKeyId = KeyHelper.generateSenderKeyId(); + + SenderKeyDistributionMessage aliceDistributionMessage = + aliceSessionBuilder.process("groupWithBobInIt", aliceSenderKeyId, 0, + aliceSenderKey, aliceSenderSigningKey); + + bobSessionBuilder.process("groupWithBobInIt::aliceUserName", aliceDistributionMessage); + + byte[] ciphertextFromAlice = aliceGroupCipher.encrypt("smert ze smert".getBytes()); + byte[] ciphertextFromAlice2 = aliceGroupCipher.encrypt("smert ze smert2".getBytes()); + byte[] ciphertextFromAlice3 = aliceGroupCipher.encrypt("smert ze smert3".getBytes()); + + byte[] plaintextFromAlice = bobGroupCipher.decrypt(ciphertextFromAlice); + + try { + bobGroupCipher.decrypt(ciphertextFromAlice); + throw new AssertionError("Should have ratcheted forward!"); + } catch (DuplicateMessageException dme) { + // good + } + + byte[] plaintextFromAlice2 = bobGroupCipher.decrypt(ciphertextFromAlice2); + byte[] plaintextFromAlice3 = bobGroupCipher.decrypt(ciphertextFromAlice3); + + assertTrue(new String(plaintextFromAlice).equals("smert ze smert")); + assertTrue(new String(plaintextFromAlice2).equals("smert ze smert2")); + assertTrue(new String(plaintextFromAlice3).equals("smert ze smert3")); + } + + public void testOutOfOrder() + throws LegacyMessageException, DuplicateMessageException, InvalidMessageException, NoSessionException + { + InMemorySenderKeyStore aliceStore = new InMemorySenderKeyStore(); + InMemorySenderKeyStore bobStore = new InMemorySenderKeyStore(); + + GroupSessionBuilder aliceSessionBuilder = new GroupSessionBuilder(aliceStore); + GroupSessionBuilder bobSessionBuilder = new GroupSessionBuilder(bobStore); + + GroupCipher aliceGroupCipher = new GroupCipher(aliceStore, "groupWithBobInIt"); + GroupCipher bobGroupCipher = new GroupCipher(bobStore, "groupWithBobInIt::aliceUserName"); + + byte[] aliceSenderKey = KeyHelper.generateSenderKey(); + ECKeyPair aliceSenderSigningKey = KeyHelper.generateSenderSigningKey(); + int aliceSenderKeyId = KeyHelper.generateSenderKeyId(); + + SenderKeyDistributionMessage aliceDistributionMessage = + aliceSessionBuilder.process("groupWithBobInIt", aliceSenderKeyId, 0, + aliceSenderKey, aliceSenderSigningKey); + + bobSessionBuilder.process("groupWithBobInIt::aliceUserName", aliceDistributionMessage); + + + ArrayList<byte[]> ciphertexts = new ArrayList<>(100); + + for (int i=0;i<100;i++) { + ciphertexts.add(aliceGroupCipher.encrypt("up the punks".getBytes())); + } + + while (ciphertexts.size() > 0) { + int index = randomInt() % ciphertexts.size(); + byte[] ciphertext = ciphertexts.remove(index); + byte[] plaintext = bobGroupCipher.decrypt(ciphertext); + + assertTrue(new String(plaintext).equals("up the punks")); + } + } + + public void testEncryptNoSession() { + InMemorySenderKeyStore aliceStore = new InMemorySenderKeyStore(); + GroupCipher aliceGroupCipher = new GroupCipher(aliceStore, "groupWithBobInIt"); + try { + aliceGroupCipher.encrypt("up the punks".getBytes()); + throw new AssertionError("Should have failed!"); + } catch (NoSessionException nse) { + // good + } + } + + private int randomInt() { + try { + return SecureRandom.getInstance("SHA1PRNG").nextInt(Integer.MAX_VALUE); + } catch (NoSuchAlgorithmException e) { + throw new AssertionError(e); + } + } +} diff --git a/tests/src/main/java/org/whispersystems/libaxolotl/groups/InMemorySenderKeyStore.java b/tests/src/main/java/org/whispersystems/libaxolotl/groups/InMemorySenderKeyStore.java new file mode 100644 index 00000000..c012566a --- /dev/null +++ b/tests/src/main/java/org/whispersystems/libaxolotl/groups/InMemorySenderKeyStore.java @@ -0,0 +1,33 @@ +package org.whispersystems.libaxolotl.groups; + +import org.whispersystems.libaxolotl.groups.state.SenderKeyRecord; +import org.whispersystems.libaxolotl.groups.state.SenderKeyStore; + +import java.io.IOException; +import java.util.HashMap; +import java.util.Map; + +public class InMemorySenderKeyStore implements SenderKeyStore { + + private final Map<String, SenderKeyRecord> store = new HashMap<>(); + + @Override + public void storeSenderKey(String senderKeyId, SenderKeyRecord record) { + store.put(senderKeyId, record); + } + + @Override + public SenderKeyRecord loadSenderKey(String senderKeyId) { + try { + SenderKeyRecord record = store.get(senderKeyId); + + if (record == null) { + return new SenderKeyRecord(); + } else { + return new SenderKeyRecord(record.serialize()); + } + } catch (IOException e) { + throw new AssertionError(e); + } + } +} diff --git a/tests/src/main/java/org/whispersystems/libaxolotl/kdf/HKDFTest.java b/tests/src/main/java/org/whispersystems/libaxolotl/kdf/HKDFTest.java new file mode 100644 index 00000000..4cf7166a --- /dev/null +++ b/tests/src/main/java/org/whispersystems/libaxolotl/kdf/HKDFTest.java @@ -0,0 +1,137 @@ +package org.whispersystems.libaxolotl.kdf; + +import junit.framework.TestCase; + +import java.util.Arrays; + +public class HKDFTest extends TestCase { + + public void testVectorV3() { + byte[] ikm = {0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b}; + + byte[] salt = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, + 0x0a, 0x0b, 0x0c}; + + byte[] info = {(byte) 0xf0, (byte) 0xf1, (byte) 0xf2, (byte) 0xf3, (byte) 0xf4, + (byte) 0xf5, (byte) 0xf6, (byte) 0xf7, (byte) 0xf8, (byte) 0xf9}; + + byte[] okm = {(byte) 0x3c, (byte) 0xb2, (byte) 0x5f, (byte) 0x25, (byte) 0xfa, + (byte) 0xac, (byte) 0xd5, (byte) 0x7a, (byte) 0x90, (byte) 0x43, + (byte) 0x4f, (byte) 0x64, (byte) 0xd0, (byte) 0x36, (byte) 0x2f, + (byte) 0x2a, (byte) 0x2d, (byte) 0x2d, (byte) 0x0a, (byte) 0x90, + (byte) 0xcf, (byte) 0x1a, (byte) 0x5a, (byte) 0x4c, (byte) 0x5d, + (byte) 0xb0, (byte) 0x2d, (byte) 0x56, (byte) 0xec, (byte) 0xc4, + (byte) 0xc5, (byte) 0xbf, (byte) 0x34, (byte) 0x00, (byte) 0x72, + (byte) 0x08, (byte) 0xd5, (byte) 0xb8, (byte) 0x87, (byte) 0x18, + (byte) 0x58, (byte) 0x65}; + + byte[] actualOutput = HKDF.createFor(3).deriveSecrets(ikm, salt, info, 42); + + assertTrue(Arrays.equals(okm, actualOutput)); + } + + public void testVectorLongV3() { + byte[] ikm = {(byte) 0x00, (byte) 0x01, (byte) 0x02, (byte) 0x03, (byte) 0x04, + (byte) 0x05, (byte) 0x06, (byte) 0x07, (byte) 0x08, (byte) 0x09, + (byte) 0x0a, (byte) 0x0b, (byte) 0x0c, (byte) 0x0d, (byte) 0x0e, + (byte) 0x0f, (byte) 0x10, (byte) 0x11, (byte) 0x12, (byte) 0x13, + (byte) 0x14, (byte) 0x15, (byte) 0x16, (byte) 0x17, (byte) 0x18, + (byte) 0x19, (byte) 0x1a, (byte) 0x1b, (byte) 0x1c, (byte) 0x1d, + (byte) 0x1e, (byte) 0x1f, (byte) 0x20, (byte) 0x21, (byte) 0x22, + (byte) 0x23, (byte) 0x24, (byte) 0x25, (byte) 0x26, (byte) 0x27, + (byte) 0x28, (byte) 0x29, (byte) 0x2a, (byte) 0x2b, (byte) 0x2c, + (byte) 0x2d, (byte) 0x2e, (byte) 0x2f, (byte) 0x30, (byte) 0x31, + (byte) 0x32, (byte) 0x33, (byte) 0x34, (byte) 0x35, (byte) 0x36, + (byte) 0x37, (byte) 0x38, (byte) 0x39, (byte) 0x3a, (byte) 0x3b, + (byte) 0x3c, (byte) 0x3d, (byte) 0x3e, (byte) 0x3f, (byte) 0x40, + (byte) 0x41, (byte) 0x42, (byte) 0x43, (byte) 0x44, (byte) 0x45, + (byte) 0x46, (byte) 0x47, (byte) 0x48, (byte) 0x49, (byte) 0x4a, + (byte) 0x4b, (byte) 0x4c, (byte) 0x4d, (byte) 0x4e, (byte) 0x4f}; + + byte[] salt = {(byte) 0x60, (byte) 0x61, (byte) 0x62, (byte) 0x63, (byte) 0x64, + (byte) 0x65, (byte) 0x66, (byte) 0x67, (byte) 0x68, (byte) 0x69, + (byte) 0x6a, (byte) 0x6b, (byte) 0x6c, (byte) 0x6d, (byte) 0x6e, + (byte) 0x6f, (byte) 0x70, (byte) 0x71, (byte) 0x72, (byte) 0x73, + (byte) 0x74, (byte) 0x75, (byte) 0x76, (byte) 0x77, (byte) 0x78, + (byte) 0x79, (byte) 0x7a, (byte) 0x7b, (byte) 0x7c, (byte) 0x7d, + (byte) 0x7e, (byte) 0x7f, (byte) 0x80, (byte) 0x81, (byte) 0x82, + (byte) 0x83, (byte) 0x84, (byte) 0x85, (byte) 0x86, (byte) 0x87, + (byte) 0x88, (byte) 0x89, (byte) 0x8a, (byte) 0x8b, (byte) 0x8c, + (byte) 0x8d, (byte) 0x8e, (byte) 0x8f, (byte) 0x90, (byte) 0x91, + (byte) 0x92, (byte) 0x93, (byte) 0x94, (byte) 0x95, (byte) 0x96, + (byte) 0x97, (byte) 0x98, (byte) 0x99, (byte) 0x9a, (byte) 0x9b, + (byte) 0x9c, (byte) 0x9d, (byte) 0x9e, (byte) 0x9f, (byte) 0xa0, + (byte) 0xa1, (byte) 0xa2, (byte) 0xa3, (byte) 0xa4, (byte) 0xa5, + (byte) 0xa6, (byte) 0xa7, (byte) 0xa8, (byte) 0xa9, (byte) 0xaa, + (byte) 0xab, (byte) 0xac, (byte) 0xad, (byte) 0xae, (byte) 0xaf}; + + byte[] info = {(byte) 0xb0, (byte) 0xb1, (byte) 0xb2, (byte) 0xb3, (byte) 0xb4, + (byte) 0xb5, (byte) 0xb6, (byte) 0xb7, (byte) 0xb8, (byte) 0xb9, + (byte) 0xba, (byte) 0xbb, (byte) 0xbc, (byte) 0xbd, (byte) 0xbe, + (byte) 0xbf, (byte) 0xc0, (byte) 0xc1, (byte) 0xc2, (byte) 0xc3, + (byte) 0xc4, (byte) 0xc5, (byte) 0xc6, (byte) 0xc7, (byte) 0xc8, + (byte) 0xc9, (byte) 0xca, (byte) 0xcb, (byte) 0xcc, (byte) 0xcd, + (byte) 0xce, (byte) 0xcf, (byte) 0xd0, (byte) 0xd1, (byte) 0xd2, + (byte) 0xd3, (byte) 0xd4, (byte) 0xd5, (byte) 0xd6, (byte) 0xd7, + (byte) 0xd8, (byte) 0xd9, (byte) 0xda, (byte) 0xdb, (byte) 0xdc, + (byte) 0xdd, (byte) 0xde, (byte) 0xdf, (byte) 0xe0, (byte) 0xe1, + (byte) 0xe2, (byte) 0xe3, (byte) 0xe4, (byte) 0xe5, (byte) 0xe6, + (byte) 0xe7, (byte) 0xe8, (byte) 0xe9, (byte) 0xea, (byte) 0xeb, + (byte) 0xec, (byte) 0xed, (byte) 0xee, (byte) 0xef, (byte) 0xf0, + (byte) 0xf1, (byte) 0xf2, (byte) 0xf3, (byte) 0xf4, (byte) 0xf5, + (byte) 0xf6, (byte) 0xf7, (byte) 0xf8, (byte) 0xf9, (byte) 0xfa, + (byte) 0xfb, (byte) 0xfc, (byte) 0xfd, (byte) 0xfe, (byte) 0xff}; + + byte[] okm = {(byte) 0xb1, (byte) 0x1e, (byte) 0x39, (byte) 0x8d, (byte) 0xc8, + (byte) 0x03, (byte) 0x27, (byte) 0xa1, (byte) 0xc8, (byte) 0xe7, + (byte) 0xf7, (byte) 0x8c, (byte) 0x59, (byte) 0x6a, (byte) 0x49, + (byte) 0x34, (byte) 0x4f, (byte) 0x01, (byte) 0x2e, (byte) 0xda, + (byte) 0x2d, (byte) 0x4e, (byte) 0xfa, (byte) 0xd8, (byte) 0xa0, + (byte) 0x50, (byte) 0xcc, (byte) 0x4c, (byte) 0x19, (byte) 0xaf, + (byte) 0xa9, (byte) 0x7c, (byte) 0x59, (byte) 0x04, (byte) 0x5a, + (byte) 0x99, (byte) 0xca, (byte) 0xc7, (byte) 0x82, (byte) 0x72, + (byte) 0x71, (byte) 0xcb, (byte) 0x41, (byte) 0xc6, (byte) 0x5e, + (byte) 0x59, (byte) 0x0e, (byte) 0x09, (byte) 0xda, (byte) 0x32, + (byte) 0x75, (byte) 0x60, (byte) 0x0c, (byte) 0x2f, (byte) 0x09, + (byte) 0xb8, (byte) 0x36, (byte) 0x77, (byte) 0x93, (byte) 0xa9, + (byte) 0xac, (byte) 0xa3, (byte) 0xdb, (byte) 0x71, (byte) 0xcc, + (byte) 0x30, (byte) 0xc5, (byte) 0x81, (byte) 0x79, (byte) 0xec, + (byte) 0x3e, (byte) 0x87, (byte) 0xc1, (byte) 0x4c, (byte) 0x01, + (byte) 0xd5, (byte) 0xc1, (byte) 0xf3, (byte) 0x43, (byte) 0x4f, + (byte) 0x1d, (byte) 0x87}; + + byte[] actualOutput = HKDF.createFor(3).deriveSecrets(ikm, salt, info, 82); + assertTrue(Arrays.equals(okm, actualOutput)); + } + + public void testVectorV2() { + byte[] ikm = {0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b}; + + byte[] salt = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, + 0x0a, 0x0b, 0x0c}; + + byte[] info = {(byte)0xf0, (byte)0xf1, (byte)0xf2, (byte)0xf3, (byte)0xf4, + (byte)0xf5, (byte)0xf6, (byte)0xf7, (byte)0xf8, (byte)0xf9}; + + byte[] okm = {(byte)0x6e, (byte)0xc2, (byte)0x55, (byte)0x6d, (byte)0x5d, + (byte)0x7b, (byte)0x1d, (byte)0x81, (byte)0xde, (byte)0xe4, + (byte)0x22, (byte)0x2a, (byte)0xd7, (byte)0x48, (byte)0x36, + (byte)0x95, (byte)0xdd, (byte)0xc9, (byte)0x8f, (byte)0x4f, + (byte)0x5f, (byte)0xab, (byte)0xc0, (byte)0xe0, (byte)0x20, + (byte)0x5d, (byte)0xc2, (byte)0xef, (byte)0x87, (byte)0x52, + (byte)0xd4, (byte)0x1e, (byte)0x04, (byte)0xe2, (byte)0xe2, + (byte)0x11, (byte)0x01, (byte)0xc6, (byte)0x8f, (byte)0xf0, + (byte)0x93, (byte)0x94, (byte)0xb8, (byte)0xad, (byte)0x0b, + (byte)0xdc, (byte)0xb9, (byte)0x60, (byte)0x9c, (byte)0xd4, + (byte)0xee, (byte)0x82, (byte)0xac, (byte)0x13, (byte)0x19, + (byte)0x9b, (byte)0x4a, (byte)0xa9, (byte)0xfd, (byte)0xa8, + (byte)0x99, (byte)0xda, (byte)0xeb, (byte)0xec}; + + byte[] actualOutput = HKDF.createFor(2).deriveSecrets(ikm, salt, info, 64); + assertTrue(Arrays.equals(okm, actualOutput)); + } +} diff --git a/tests/src/main/java/org/whispersystems/libaxolotl/ratchet/ChainKeyTest.java b/tests/src/main/java/org/whispersystems/libaxolotl/ratchet/ChainKeyTest.java new file mode 100644 index 00000000..ad17ebb9 --- /dev/null +++ b/tests/src/main/java/org/whispersystems/libaxolotl/ratchet/ChainKeyTest.java @@ -0,0 +1,58 @@ +package org.whispersystems.libaxolotl.ratchet; + +import junit.framework.TestCase; + +import org.whispersystems.libaxolotl.kdf.HKDF; + +import java.security.NoSuchAlgorithmException; +import java.util.Arrays; + +public class ChainKeyTest extends TestCase { + + public void testChainKeyDerivationV2() throws NoSuchAlgorithmException { + + byte[] seed = {(byte) 0x8a, (byte) 0xb7, (byte) 0x2d, (byte) 0x6f, (byte) 0x4c, + (byte) 0xc5, (byte) 0xac, (byte) 0x0d, (byte) 0x38, (byte) 0x7e, + (byte) 0xaf, (byte) 0x46, (byte) 0x33, (byte) 0x78, (byte) 0xdd, + (byte) 0xb2, (byte) 0x8e, (byte) 0xdd, (byte) 0x07, (byte) 0x38, + (byte) 0x5b, (byte) 0x1c, (byte) 0xb0, (byte) 0x12, (byte) 0x50, + (byte) 0xc7, (byte) 0x15, (byte) 0x98, (byte) 0x2e, (byte) 0x7a, + (byte) 0xd4, (byte) 0x8f}; + + byte[] messageKey = {(byte) 0x02, (byte) 0xa9, (byte) 0xaa, (byte) 0x6c, (byte) 0x7d, + (byte) 0xbd, (byte) 0x64, (byte) 0xf9, (byte) 0xd3, (byte) 0xaa, + (byte) 0x92, (byte) 0xf9, (byte) 0x2a, (byte) 0x27, (byte) 0x7b, + (byte) 0xf5, (byte) 0x46, (byte) 0x09, (byte) 0xda, (byte) 0xdf, + (byte) 0x0b, (byte) 0x00, (byte) 0x82, (byte) 0x8a, (byte) 0xcf, + (byte) 0xc6, (byte) 0x1e, (byte) 0x3c, (byte) 0x72, (byte) 0x4b, + (byte) 0x84, (byte) 0xa7}; + + byte[] macKey = {(byte) 0xbf, (byte) 0xbe, (byte) 0x5e, (byte) 0xfb, (byte) 0x60, + (byte) 0x30, (byte) 0x30, (byte) 0x52, (byte) 0x67, (byte) 0x42, + (byte) 0xe3, (byte) 0xee, (byte) 0x89, (byte) 0xc7, (byte) 0x02, + (byte) 0x4e, (byte) 0x88, (byte) 0x4e, (byte) 0x44, (byte) 0x0f, + (byte) 0x1f, (byte) 0xf3, (byte) 0x76, (byte) 0xbb, (byte) 0x23, + (byte) 0x17, (byte) 0xb2, (byte) 0xd6, (byte) 0x4d, (byte) 0xeb, + (byte) 0x7c, (byte) 0x83}; + + byte[] nextChainKey = {(byte) 0x28, (byte) 0xe8, (byte) 0xf8, (byte) 0xfe, (byte) 0xe5, + (byte) 0x4b, (byte) 0x80, (byte) 0x1e, (byte) 0xef, (byte) 0x7c, + (byte) 0x5c, (byte) 0xfb, (byte) 0x2f, (byte) 0x17, (byte) 0xf3, + (byte) 0x2c, (byte) 0x7b, (byte) 0x33, (byte) 0x44, (byte) 0x85, + (byte) 0xbb, (byte) 0xb7, (byte) 0x0f, (byte) 0xac, (byte) 0x6e, + (byte) 0xc1, (byte) 0x03, (byte) 0x42, (byte) 0xa2, (byte) 0x46, + (byte) 0xd1, (byte) 0x5d}; + + ChainKey chainKey = new ChainKey(HKDF.createFor(2), seed, 0); + + assertTrue(Arrays.equals(chainKey.getKey(), seed)); + assertTrue(Arrays.equals(chainKey.getMessageKeys().getCipherKey().getEncoded(), messageKey)); + assertTrue(Arrays.equals(chainKey.getMessageKeys().getMacKey().getEncoded(), macKey)); + assertTrue(Arrays.equals(chainKey.getNextChainKey().getKey(), nextChainKey)); + assertTrue(chainKey.getIndex() == 0); + assertTrue(chainKey.getMessageKeys().getCounter() == 0); + assertTrue(chainKey.getNextChainKey().getIndex() == 1); + assertTrue(chainKey.getNextChainKey().getMessageKeys().getCounter() == 1); + } + +} diff --git a/tests/src/main/java/org/whispersystems/libaxolotl/ratchet/RatchetingSessionTest.java b/tests/src/main/java/org/whispersystems/libaxolotl/ratchet/RatchetingSessionTest.java new file mode 100644 index 00000000..93929455 --- /dev/null +++ b/tests/src/main/java/org/whispersystems/libaxolotl/ratchet/RatchetingSessionTest.java @@ -0,0 +1,231 @@ +package org.whispersystems.libaxolotl.ratchet; + +import junit.framework.TestCase; + +import org.whispersystems.libaxolotl.IdentityKey; +import org.whispersystems.libaxolotl.IdentityKeyPair; +import org.whispersystems.libaxolotl.InvalidKeyException; +import org.whispersystems.libaxolotl.ecc.Curve; +import org.whispersystems.libaxolotl.ecc.ECKeyPair; +import org.whispersystems.libaxolotl.ecc.ECPrivateKey; +import org.whispersystems.libaxolotl.ecc.ECPublicKey; +import org.whispersystems.libaxolotl.state.SessionState; +import org.whispersystems.libaxolotl.util.guava.Optional; + +import java.util.Arrays; + +public class RatchetingSessionTest extends TestCase { + + public void testRatchetingSessionAsBob() throws InvalidKeyException { + byte[] bobPublic = {(byte) 0x05, (byte) 0x2c, (byte) 0xb4, (byte) 0x97, + (byte) 0x76, (byte) 0xb8, (byte) 0x77, (byte) 0x02, + (byte) 0x05, (byte) 0x74, (byte) 0x5a, (byte) 0x3a, + (byte) 0x6e, (byte) 0x24, (byte) 0xf5, (byte) 0x79, + (byte) 0xcd, (byte) 0xb4, (byte) 0xba, (byte) 0x7a, + (byte) 0x89, (byte) 0x04, (byte) 0x10, (byte) 0x05, + (byte) 0x92, (byte) 0x8e, (byte) 0xbb, (byte) 0xad, + (byte) 0xc9, (byte) 0xc0, (byte) 0x5a, (byte) 0xd4, + (byte) 0x58}; + + byte[] bobPrivate = {(byte) 0xa1, (byte) 0xca, (byte) 0xb4, (byte) 0x8f, + (byte) 0x7c, (byte) 0x89, (byte) 0x3f, (byte) 0xaf, + (byte) 0xa9, (byte) 0x88, (byte) 0x0a, (byte) 0x28, + (byte) 0xc3, (byte) 0xb4, (byte) 0x99, (byte) 0x9d, + (byte) 0x28, (byte) 0xd6, (byte) 0x32, (byte) 0x95, + (byte) 0x62, (byte) 0xd2, (byte) 0x7a, (byte) 0x4e, + (byte) 0xa4, (byte) 0xe2, (byte) 0x2e, (byte) 0x9f, + (byte) 0xf1, (byte) 0xbd, (byte) 0xd6, (byte) 0x5a}; + + byte[] bobIdentityPublic = {(byte) 0x05, (byte) 0xf1, (byte) 0xf4, (byte) 0x38, + (byte) 0x74, (byte) 0xf6, (byte) 0x96, (byte) 0x69, + (byte) 0x56, (byte) 0xc2, (byte) 0xdd, (byte) 0x47, + (byte) 0x3f, (byte) 0x8f, (byte) 0xa1, (byte) 0x5a, + (byte) 0xde, (byte) 0xb7, (byte) 0x1d, (byte) 0x1c, + (byte) 0xb9, (byte) 0x91, (byte) 0xb2, (byte) 0x34, + (byte) 0x16, (byte) 0x92, (byte) 0x32, (byte) 0x4c, + (byte) 0xef, (byte) 0xb1, (byte) 0xc5, (byte) 0xe6, + (byte) 0x26}; + + byte[] bobIdentityPrivate = {(byte) 0x48, (byte) 0x75, (byte) 0xcc, (byte) 0x69, + (byte) 0xdd, (byte) 0xf8, (byte) 0xea, (byte) 0x07, + (byte) 0x19, (byte) 0xec, (byte) 0x94, (byte) 0x7d, + (byte) 0x61, (byte) 0x08, (byte) 0x11, (byte) 0x35, + (byte) 0x86, (byte) 0x8d, (byte) 0x5f, (byte) 0xd8, + (byte) 0x01, (byte) 0xf0, (byte) 0x2c, (byte) 0x02, + (byte) 0x25, (byte) 0xe5, (byte) 0x16, (byte) 0xdf, + (byte) 0x21, (byte) 0x56, (byte) 0x60, (byte) 0x5e}; + + byte[] aliceBasePublic = {(byte) 0x05, (byte) 0x47, (byte) 0x2d, (byte) 0x1f, + (byte) 0xb1, (byte) 0xa9, (byte) 0x86, (byte) 0x2c, + (byte) 0x3a, (byte) 0xf6, (byte) 0xbe, (byte) 0xac, + (byte) 0xa8, (byte) 0x92, (byte) 0x02, (byte) 0x77, + (byte) 0xe2, (byte) 0xb2, (byte) 0x6f, (byte) 0x4a, + (byte) 0x79, (byte) 0x21, (byte) 0x3e, (byte) 0xc7, + (byte) 0xc9, (byte) 0x06, (byte) 0xae, (byte) 0xb3, + (byte) 0x5e, (byte) 0x03, (byte) 0xcf, (byte) 0x89, + (byte) 0x50}; + + byte[] aliceEphemeralPublic = {(byte) 0x05, (byte) 0x6c, (byte) 0x3e, (byte) 0x0d, + (byte) 0x1f, (byte) 0x52, (byte) 0x02, (byte) 0x83, + (byte) 0xef, (byte) 0xcc, (byte) 0x55, (byte) 0xfc, + (byte) 0xa5, (byte) 0xe6, (byte) 0x70, (byte) 0x75, + (byte) 0xb9, (byte) 0x04, (byte) 0x00, (byte) 0x7f, + (byte) 0x18, (byte) 0x81, (byte) 0xd1, (byte) 0x51, + (byte) 0xaf, (byte) 0x76, (byte) 0xdf, (byte) 0x18, + (byte) 0xc5, (byte) 0x1d, (byte) 0x29, (byte) 0xd3, + (byte) 0x4b}; + + byte[] aliceIdentityPublic = {(byte) 0x05, (byte) 0xb4, (byte) 0xa8, (byte) 0x45, + (byte) 0x56, (byte) 0x60, (byte) 0xad, (byte) 0xa6, + (byte) 0x5b, (byte) 0x40, (byte) 0x10, (byte) 0x07, + (byte) 0xf6, (byte) 0x15, (byte) 0xe6, (byte) 0x54, + (byte) 0x04, (byte) 0x17, (byte) 0x46, (byte) 0x43, + (byte) 0x2e, (byte) 0x33, (byte) 0x39, (byte) 0xc6, + (byte) 0x87, (byte) 0x51, (byte) 0x49, (byte) 0xbc, + (byte) 0xee, (byte) 0xfc, (byte) 0xb4, (byte) 0x2b, + (byte) 0x4a}; + + byte[] senderChain = {(byte)0xd2, (byte)0x2f, (byte)0xd5, (byte)0x6d, (byte)0x3f, + (byte)0xec, (byte)0x81, (byte)0x9c, (byte)0xf4, (byte)0xc3, + (byte)0xd5, (byte)0x0c, (byte)0x56, (byte)0xed, (byte)0xfb, + (byte)0x1c, (byte)0x28, (byte)0x0a, (byte)0x1b, (byte)0x31, + (byte)0x96, (byte)0x45, (byte)0x37, (byte)0xf1, (byte)0xd1, + (byte)0x61, (byte)0xe1, (byte)0xc9, (byte)0x31, (byte)0x48, + (byte)0xe3, (byte)0x6b}; + + IdentityKey bobIdentityKeyPublic = new IdentityKey(bobIdentityPublic, 0); + ECPrivateKey bobIdentityKeyPrivate = Curve.decodePrivatePoint(bobIdentityPrivate); + IdentityKeyPair bobIdentityKey = new IdentityKeyPair(bobIdentityKeyPublic, bobIdentityKeyPrivate); + ECPublicKey bobEphemeralPublicKey = Curve.decodePoint(bobPublic, 0); + ECPrivateKey bobEphemeralPrivateKey = Curve.decodePrivatePoint(bobPrivate); + ECKeyPair bobEphemeralKey = new ECKeyPair(bobEphemeralPublicKey, bobEphemeralPrivateKey); + ECKeyPair bobBaseKey = bobEphemeralKey; + + ECPublicKey aliceBasePublicKey = Curve.decodePoint(aliceBasePublic, 0); + ECPublicKey aliceEphemeralPublicKey = Curve.decodePoint(aliceEphemeralPublic, 0); + IdentityKey aliceIdentityPublicKey = new IdentityKey(aliceIdentityPublic, 0); + + BobAxolotlParameters parameters = BobAxolotlParameters.newBuilder() + .setOurIdentityKey(bobIdentityKey) + .setOurSignedPreKey(bobBaseKey) + .setOurRatchetKey(bobEphemeralKey) + .setOurOneTimePreKey(Optional.<ECKeyPair>absent()) + .setTheirIdentityKey(aliceIdentityPublicKey) + .setTheirBaseKey(aliceBasePublicKey) + .create(); + + SessionState session = new SessionState(); + + RatchetingSession.initializeSession(session, 2, parameters); + + assertTrue(session.getLocalIdentityKey().equals(bobIdentityKey.getPublicKey())); + assertTrue(session.getRemoteIdentityKey().equals(aliceIdentityPublicKey)); + assertTrue(Arrays.equals(session.getSenderChainKey().getKey(), senderChain)); + } + + public void testRatchetingSessionAsAlice() throws InvalidKeyException { + byte[] bobPublic = {(byte) 0x05, (byte) 0x2c, (byte) 0xb4, (byte) 0x97, (byte) 0x76, + (byte) 0xb8, (byte) 0x77, (byte) 0x02, (byte) 0x05, (byte) 0x74, + (byte) 0x5a, (byte) 0x3a, (byte) 0x6e, (byte) 0x24, (byte) 0xf5, + (byte) 0x79, (byte) 0xcd, (byte) 0xb4, (byte) 0xba, (byte) 0x7a, + (byte) 0x89, (byte) 0x04, (byte) 0x10, (byte) 0x05, (byte) 0x92, + (byte) 0x8e, (byte) 0xbb, (byte) 0xad, (byte) 0xc9, (byte) 0xc0, + (byte) 0x5a, (byte) 0xd4, (byte) 0x58}; + + byte[] bobIdentityPublic = {(byte) 0x05, (byte) 0xf1, (byte) 0xf4, (byte) 0x38, (byte) 0x74, + (byte) 0xf6, (byte) 0x96, (byte) 0x69, (byte) 0x56, (byte) 0xc2, + (byte) 0xdd, (byte) 0x47, (byte) 0x3f, (byte) 0x8f, (byte) 0xa1, + (byte) 0x5a, (byte) 0xde, (byte) 0xb7, (byte) 0x1d, (byte) 0x1c, + (byte) 0xb9, (byte) 0x91, (byte) 0xb2, (byte) 0x34, (byte) 0x16, + (byte) 0x92, (byte) 0x32, (byte) 0x4c, (byte) 0xef, (byte) 0xb1, + (byte) 0xc5, (byte) 0xe6, (byte) 0x26}; + + byte[] aliceBasePublic = {(byte) 0x05, (byte) 0x47, (byte) 0x2d, (byte) 0x1f, (byte) 0xb1, + (byte) 0xa9, (byte) 0x86, (byte) 0x2c, (byte) 0x3a, (byte) 0xf6, + (byte) 0xbe, (byte) 0xac, (byte) 0xa8, (byte) 0x92, (byte) 0x02, + (byte) 0x77, (byte) 0xe2, (byte) 0xb2, (byte) 0x6f, (byte) 0x4a, + (byte) 0x79, (byte) 0x21, (byte) 0x3e, (byte) 0xc7, (byte) 0xc9, + (byte) 0x06, (byte) 0xae, (byte) 0xb3, (byte) 0x5e, (byte) 0x03, + (byte) 0xcf, (byte) 0x89, (byte) 0x50}; + + byte[] aliceBasePrivate = {(byte) 0x11, (byte) 0xae, (byte) 0x7c, (byte) 0x64, (byte) 0xd1, + (byte) 0xe6, (byte) 0x1c, (byte) 0xd5, (byte) 0x96, (byte) 0xb7, + (byte) 0x6a, (byte) 0x0d, (byte) 0xb5, (byte) 0x01, (byte) 0x26, + (byte) 0x73, (byte) 0x39, (byte) 0x1c, (byte) 0xae, (byte) 0x66, + (byte) 0xed, (byte) 0xbf, (byte) 0xcf, (byte) 0x07, (byte) 0x3b, + (byte) 0x4d, (byte) 0xa8, (byte) 0x05, (byte) 0x16, (byte) 0xa4, + (byte) 0x74, (byte) 0x49}; + + byte[] aliceEphemeralPublic = {(byte) 0x05, (byte) 0x6c, (byte) 0x3e, (byte) 0x0d, (byte) 0x1f, + (byte) 0x52, (byte) 0x02, (byte) 0x83, (byte) 0xef, (byte) 0xcc, + (byte) 0x55, (byte) 0xfc, (byte) 0xa5, (byte) 0xe6, (byte) 0x70, + (byte) 0x75, (byte) 0xb9, (byte) 0x04, (byte) 0x00, (byte) 0x7f, + (byte) 0x18, (byte) 0x81, (byte) 0xd1, (byte) 0x51, (byte) 0xaf, + (byte) 0x76, (byte) 0xdf, (byte) 0x18, (byte) 0xc5, (byte) 0x1d, + (byte) 0x29, (byte) 0xd3, (byte) 0x4b}; + + byte[] aliceEphemeralPrivate = {(byte) 0xd1, (byte) 0xba, (byte) 0x38, (byte) 0xce, (byte) 0xa9, + (byte) 0x17, (byte) 0x43, (byte) 0xd3, (byte) 0x39, (byte) 0x39, + (byte) 0xc3, (byte) 0x3c, (byte) 0x84, (byte) 0x98, (byte) 0x65, + (byte) 0x09, (byte) 0x28, (byte) 0x01, (byte) 0x61, (byte) 0xb8, + (byte) 0xb6, (byte) 0x0f, (byte) 0xc7, (byte) 0x87, (byte) 0x0c, + (byte) 0x59, (byte) 0x9c, (byte) 0x1d, (byte) 0x46, (byte) 0x20, + (byte) 0x12, (byte) 0x48}; + + byte[] aliceIdentityPublic = {(byte) 0x05, (byte) 0xb4, (byte) 0xa8, (byte) 0x45, (byte) 0x56, + (byte) 0x60, (byte) 0xad, (byte) 0xa6, (byte) 0x5b, (byte) 0x40, + (byte) 0x10, (byte) 0x07, (byte) 0xf6, (byte) 0x15, (byte) 0xe6, + (byte) 0x54, (byte) 0x04, (byte) 0x17, (byte) 0x46, (byte) 0x43, + (byte) 0x2e, (byte) 0x33, (byte) 0x39, (byte) 0xc6, (byte) 0x87, + (byte) 0x51, (byte) 0x49, (byte) 0xbc, (byte) 0xee, (byte) 0xfc, + (byte) 0xb4, (byte) 0x2b, (byte) 0x4a}; + + byte[] aliceIdentityPrivate = {(byte) 0x90, (byte) 0x40, (byte) 0xf0, (byte) 0xd4, (byte) 0xe0, + (byte) 0x9c, (byte) 0xf3, (byte) 0x8f, (byte) 0x6d, (byte) 0xc7, + (byte) 0xc1, (byte) 0x37, (byte) 0x79, (byte) 0xc9, (byte) 0x08, + (byte) 0xc0, (byte) 0x15, (byte) 0xa1, (byte) 0xda, (byte) 0x4f, + (byte) 0xa7, (byte) 0x87, (byte) 0x37, (byte) 0xa0, (byte) 0x80, + (byte) 0xeb, (byte) 0x0a, (byte) 0x6f, (byte) 0x4f, (byte) 0x5f, + (byte) 0x8f, (byte) 0x58}; + + byte[] receiverChain = {(byte) 0xd2, (byte) 0x2f, (byte) 0xd5, (byte) 0x6d, (byte) 0x3f, + (byte) 0xec, (byte) 0x81, (byte) 0x9c, (byte) 0xf4, (byte) 0xc3, + (byte) 0xd5, (byte) 0x0c, (byte) 0x56, (byte) 0xed, (byte) 0xfb, + (byte) 0x1c, (byte) 0x28, (byte) 0x0a, (byte) 0x1b, (byte) 0x31, + (byte) 0x96, (byte) 0x45, (byte) 0x37, (byte) 0xf1, (byte) 0xd1, + (byte) 0x61, (byte) 0xe1, (byte) 0xc9, (byte) 0x31, (byte) 0x48, + (byte) 0xe3, (byte) 0x6b}; + + IdentityKey bobIdentityKey = new IdentityKey(bobIdentityPublic, 0); + ECPublicKey bobEphemeralPublicKey = Curve.decodePoint(bobPublic, 0); + ECPublicKey bobBasePublicKey = bobEphemeralPublicKey; + ECPublicKey aliceBasePublicKey = Curve.decodePoint(aliceBasePublic, 0); + ECPrivateKey aliceBasePrivateKey = Curve.decodePrivatePoint(aliceBasePrivate); + ECKeyPair aliceBaseKey = new ECKeyPair(aliceBasePublicKey, aliceBasePrivateKey); + ECPublicKey aliceEphemeralPublicKey = Curve.decodePoint(aliceEphemeralPublic, 0); + ECPrivateKey aliceEphemeralPrivateKey = Curve.decodePrivatePoint(aliceEphemeralPrivate); + ECKeyPair aliceEphemeralKey = new ECKeyPair(aliceEphemeralPublicKey, aliceEphemeralPrivateKey); + IdentityKey aliceIdentityPublicKey = new IdentityKey(aliceIdentityPublic, 0); + ECPrivateKey aliceIdentityPrivateKey = Curve.decodePrivatePoint(aliceIdentityPrivate); + IdentityKeyPair aliceIdentityKey = new IdentityKeyPair(aliceIdentityPublicKey, aliceIdentityPrivateKey); + + SessionState session = new SessionState(); + + AliceAxolotlParameters parameters = AliceAxolotlParameters.newBuilder() + .setOurBaseKey(aliceBaseKey) + .setOurIdentityKey(aliceIdentityKey) + .setTheirIdentityKey(bobIdentityKey) + .setTheirSignedPreKey(bobBasePublicKey) + .setTheirRatchetKey(bobEphemeralPublicKey) + .setTheirOneTimePreKey(Optional.<ECPublicKey>absent()) + .create(); + + RatchetingSession.initializeSession(session, 2, parameters); + + assertTrue(session.getLocalIdentityKey().equals(aliceIdentityKey.getPublicKey())); + assertTrue(session.getRemoteIdentityKey().equals(bobIdentityKey)); + assertTrue(Arrays.equals(session.getReceiverChainKey(bobEphemeralPublicKey).getKey(), + receiverChain)); + + } +} diff --git a/tests/src/main/java/org/whispersystems/libaxolotl/ratchet/RootKeyTest.java b/tests/src/main/java/org/whispersystems/libaxolotl/ratchet/RootKeyTest.java new file mode 100644 index 00000000..008c7b40 --- /dev/null +++ b/tests/src/main/java/org/whispersystems/libaxolotl/ratchet/RootKeyTest.java @@ -0,0 +1,82 @@ +package org.whispersystems.libaxolotl.ratchet; + +import junit.framework.TestCase; + +import org.whispersystems.libaxolotl.InvalidKeyException; +import org.whispersystems.libaxolotl.ecc.Curve; +import org.whispersystems.libaxolotl.ecc.ECKeyPair; +import org.whispersystems.libaxolotl.ecc.ECPrivateKey; +import org.whispersystems.libaxolotl.ecc.ECPublicKey; +import org.whispersystems.libaxolotl.kdf.HKDF; +import org.whispersystems.libaxolotl.util.Pair; + +import java.security.NoSuchAlgorithmException; +import java.util.Arrays; + +public class RootKeyTest extends TestCase { + + public void testRootKeyDerivationV2() throws NoSuchAlgorithmException, InvalidKeyException { + byte[] rootKeySeed = {(byte) 0x7b, (byte) 0xa6, (byte) 0xde, (byte) 0xbc, (byte) 0x2b, + (byte) 0xc1, (byte) 0xbb, (byte) 0xf9, (byte) 0x1a, (byte) 0xbb, + (byte) 0xc1, (byte) 0x36, (byte) 0x74, (byte) 0x04, (byte) 0x17, + (byte) 0x6c, (byte) 0xa6, (byte) 0x23, (byte) 0x09, (byte) 0x5b, + (byte) 0x7e, (byte) 0xc6, (byte) 0x6b, (byte) 0x45, (byte) 0xf6, + (byte) 0x02, (byte) 0xd9, (byte) 0x35, (byte) 0x38, (byte) 0x94, + (byte) 0x2d, (byte) 0xcc}; + + byte[] alicePublic = {(byte) 0x05, (byte) 0xee, (byte) 0x4f, (byte) 0xa6, (byte) 0xcd, + (byte) 0xc0, (byte) 0x30, (byte) 0xdf, (byte) 0x49, (byte) 0xec, + (byte) 0xd0, (byte) 0xba, (byte) 0x6c, (byte) 0xfc, (byte) 0xff, + (byte) 0xb2, (byte) 0x33, (byte) 0xd3, (byte) 0x65, (byte) 0xa2, + (byte) 0x7f, (byte) 0xad, (byte) 0xbe, (byte) 0xff, (byte) 0x77, + (byte) 0xe9, (byte) 0x63, (byte) 0xfc, (byte) 0xb1, (byte) 0x62, + (byte) 0x22, (byte) 0xe1, (byte) 0x3a}; + + byte[] alicePrivate = {(byte) 0x21, (byte) 0x68, (byte) 0x22, (byte) 0xec, (byte) 0x67, + (byte) 0xeb, (byte) 0x38, (byte) 0x04, (byte) 0x9e, (byte) 0xba, + (byte) 0xe7, (byte) 0xb9, (byte) 0x39, (byte) 0xba, (byte) 0xea, + (byte) 0xeb, (byte) 0xb1, (byte) 0x51, (byte) 0xbb, (byte) 0xb3, + (byte) 0x2d, (byte) 0xb8, (byte) 0x0f, (byte) 0xd3, (byte) 0x89, + (byte) 0x24, (byte) 0x5a, (byte) 0xc3, (byte) 0x7a, (byte) 0x94, + (byte) 0x8e, (byte) 0x50}; + + byte[] bobPublic = {(byte) 0x05, (byte) 0xab, (byte) 0xb8, (byte) 0xeb, (byte) 0x29, + (byte) 0xcc, (byte) 0x80, (byte) 0xb4, (byte) 0x71, (byte) 0x09, + (byte) 0xa2, (byte) 0x26, (byte) 0x5a, (byte) 0xbe, (byte) 0x97, + (byte) 0x98, (byte) 0x48, (byte) 0x54, (byte) 0x06, (byte) 0xe3, + (byte) 0x2d, (byte) 0xa2, (byte) 0x68, (byte) 0x93, (byte) 0x4a, + (byte) 0x95, (byte) 0x55, (byte) 0xe8, (byte) 0x47, (byte) 0x57, + (byte) 0x70, (byte) 0x8a, (byte) 0x30}; + + byte[] nextRoot = {(byte) 0xb1, (byte) 0x14, (byte) 0xf5, (byte) 0xde, (byte) 0x28, + (byte) 0x01, (byte) 0x19, (byte) 0x85, (byte) 0xe6, (byte) 0xeb, + (byte) 0xa2, (byte) 0x5d, (byte) 0x50, (byte) 0xe7, (byte) 0xec, + (byte) 0x41, (byte) 0xa9, (byte) 0xb0, (byte) 0x2f, (byte) 0x56, + (byte) 0x93, (byte) 0xc5, (byte) 0xc7, (byte) 0x88, (byte) 0xa6, + (byte) 0x3a, (byte) 0x06, (byte) 0xd2, (byte) 0x12, (byte) 0xa2, + (byte) 0xf7, (byte) 0x31}; + + byte[] nextChain = {(byte) 0x9d, (byte) 0x7d, (byte) 0x24, (byte) 0x69, (byte) 0xbc, + (byte) 0x9a, (byte) 0xe5, (byte) 0x3e, (byte) 0xe9, (byte) 0x80, + (byte) 0x5a, (byte) 0xa3, (byte) 0x26, (byte) 0x4d, (byte) 0x24, + (byte) 0x99, (byte) 0xa3, (byte) 0xac, (byte) 0xe8, (byte) 0x0f, + (byte) 0x4c, (byte) 0xca, (byte) 0xe2, (byte) 0xda, (byte) 0x13, + (byte) 0x43, (byte) 0x0c, (byte) 0x5c, (byte) 0x55, (byte) 0xb5, + (byte) 0xca, (byte) 0x5f}; + + ECPublicKey alicePublicKey = Curve.decodePoint(alicePublic, 0); + ECPrivateKey alicePrivateKey = Curve.decodePrivatePoint(alicePrivate); + ECKeyPair aliceKeyPair = new ECKeyPair(alicePublicKey, alicePrivateKey); + + ECPublicKey bobPublicKey = Curve.decodePoint(bobPublic, 0); + RootKey rootKey = new RootKey(HKDF.createFor(2), rootKeySeed); + + Pair<RootKey, ChainKey> rootKeyChainKeyPair = rootKey.createChain(bobPublicKey, aliceKeyPair); + RootKey nextRootKey = rootKeyChainKeyPair.first(); + ChainKey nextChainKey = rootKeyChainKeyPair.second(); + + assertTrue(Arrays.equals(rootKey.getKeyBytes(), rootKeySeed)); + assertTrue(Arrays.equals(nextRootKey.getKeyBytes(), nextRoot)); + assertTrue(Arrays.equals(nextChainKey.getKey(), nextChain)); + } +} |