WIP: clean up signal protocol
parent
8cc78e8f4c
commit
b34809f4d5
@ -1,50 +0,0 @@
|
||||
/**
|
||||
* Copyright (C) 2014-2016 Open Whisper Systems
|
||||
*
|
||||
* Licensed according to the LICENSE file in this repository.
|
||||
*/
|
||||
|
||||
package org.session.libsignal.libsignal.kdf;
|
||||
|
||||
import org.session.libsignal.libsignal.util.ByteUtil;
|
||||
|
||||
import java.text.ParseException;
|
||||
|
||||
import javax.crypto.spec.IvParameterSpec;
|
||||
import javax.crypto.spec.SecretKeySpec;
|
||||
|
||||
public class DerivedMessageSecrets {
|
||||
|
||||
public static final int SIZE = 80;
|
||||
private static final int CIPHER_KEY_LENGTH = 32;
|
||||
private static final int MAC_KEY_LENGTH = 32;
|
||||
private static final int IV_LENGTH = 16;
|
||||
|
||||
private final SecretKeySpec cipherKey;
|
||||
private final SecretKeySpec macKey;
|
||||
private final IvParameterSpec iv;
|
||||
|
||||
public DerivedMessageSecrets(byte[] okm) {
|
||||
try {
|
||||
byte[][] keys = ByteUtil.split(okm, CIPHER_KEY_LENGTH, MAC_KEY_LENGTH, IV_LENGTH);
|
||||
|
||||
this.cipherKey = new SecretKeySpec(keys[0], "AES");
|
||||
this.macKey = new SecretKeySpec(keys[1], "HmacSHA256");
|
||||
this.iv = new IvParameterSpec(keys[2]);
|
||||
} catch (ParseException e) {
|
||||
throw new AssertionError(e);
|
||||
}
|
||||
}
|
||||
|
||||
public SecretKeySpec getCipherKey() {
|
||||
return cipherKey;
|
||||
}
|
||||
|
||||
public SecretKeySpec getMacKey() {
|
||||
return macKey;
|
||||
}
|
||||
|
||||
public IvParameterSpec getIv() {
|
||||
return iv;
|
||||
}
|
||||
}
|
@ -1,31 +0,0 @@
|
||||
/**
|
||||
* Copyright (C) 2014-2016 Open Whisper Systems
|
||||
*
|
||||
* Licensed according to the LICENSE file in this repository.
|
||||
*/
|
||||
package org.session.libsignal.libsignal.kdf;
|
||||
|
||||
import org.session.libsignal.libsignal.util.ByteUtil;
|
||||
|
||||
public class DerivedRootSecrets {
|
||||
|
||||
public static final int SIZE = 64;
|
||||
|
||||
private final byte[] rootKey;
|
||||
private final byte[] chainKey;
|
||||
|
||||
public DerivedRootSecrets(byte[] okm) {
|
||||
byte[][] keys = ByteUtil.split(okm, 32, 32);
|
||||
this.rootKey = keys[0];
|
||||
this.chainKey = keys[1];
|
||||
}
|
||||
|
||||
public byte[] getRootKey() {
|
||||
return rootKey;
|
||||
}
|
||||
|
||||
public byte[] getChainKey() {
|
||||
return chainKey;
|
||||
}
|
||||
|
||||
}
|
@ -1,13 +0,0 @@
|
||||
/**
|
||||
* Copyright (C) 2014-2016 Open Whisper Systems
|
||||
*
|
||||
* Licensed according to the LICENSE file in this repository.
|
||||
*/
|
||||
package org.session.libsignal.libsignal.kdf;
|
||||
|
||||
public class HKDFv2 extends HKDF {
|
||||
@Override
|
||||
protected int getIterationStartOffset() {
|
||||
return 0;
|
||||
}
|
||||
}
|
@ -1,24 +0,0 @@
|
||||
package org.session.libsignal.metadata.certificate;
|
||||
|
||||
|
||||
import java.util.HashSet;
|
||||
import java.util.Set;
|
||||
|
||||
public class CertificateValidator {
|
||||
|
||||
@SuppressWarnings("MismatchedQueryAndUpdateOfCollection")
|
||||
private static final Set<Integer> REVOKED = new HashSet<Integer>() {{
|
||||
|
||||
}};
|
||||
|
||||
public void validate(SenderCertificate certificate, long validationTime) throws InvalidCertificateException {
|
||||
if (certificate.getSender() == null || certificate.getSenderDeviceId() <= 0) {
|
||||
throw new InvalidCertificateException("Sender or sender device id is invalid");
|
||||
}
|
||||
}
|
||||
|
||||
// VisibleForTesting
|
||||
void validate(ServerCertificate certificate) throws InvalidCertificateException {
|
||||
}
|
||||
}
|
||||
|
@ -1,12 +0,0 @@
|
||||
package org.session.libsignal.metadata.certificate;
|
||||
|
||||
|
||||
public class InvalidCertificateException extends Exception {
|
||||
public InvalidCertificateException(String s) {
|
||||
super(s);
|
||||
}
|
||||
|
||||
public InvalidCertificateException(Exception e) {
|
||||
super(e);
|
||||
}
|
||||
}
|
@ -1,51 +0,0 @@
|
||||
package org.session.libsignal.metadata.certificate;
|
||||
|
||||
|
||||
import com.google.protobuf.InvalidProtocolBufferException;
|
||||
|
||||
import org.session.libsignal.metadata.SignalProtos;
|
||||
|
||||
|
||||
public class SenderCertificate {
|
||||
|
||||
private final int senderDeviceId;
|
||||
private final String sender;
|
||||
|
||||
private final byte[] serialized;
|
||||
private final byte[] certificate;
|
||||
|
||||
public SenderCertificate(byte[] serialized) throws InvalidCertificateException {
|
||||
try {
|
||||
SignalProtos.SenderCertificate certificate = SignalProtos.SenderCertificate.parseFrom(serialized);
|
||||
|
||||
if (!certificate.hasSenderDevice() || !certificate.hasSender()) {
|
||||
throw new InvalidCertificateException("Missing fields");
|
||||
}
|
||||
|
||||
this.sender = certificate.getSender();
|
||||
this.senderDeviceId = certificate.getSenderDevice();
|
||||
|
||||
this.serialized = serialized;
|
||||
this.certificate = certificate.toByteArray();
|
||||
} catch (InvalidProtocolBufferException e) {
|
||||
throw new InvalidCertificateException(e);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
public int getSenderDeviceId() {
|
||||
return senderDeviceId;
|
||||
}
|
||||
|
||||
public String getSender() {
|
||||
return sender;
|
||||
}
|
||||
|
||||
public byte[] getSerialized() {
|
||||
return serialized;
|
||||
}
|
||||
|
||||
public byte[] getCertificate() {
|
||||
return certificate;
|
||||
}
|
||||
}
|
@ -1,66 +0,0 @@
|
||||
package org.session.libsignal.metadata.certificate;
|
||||
|
||||
|
||||
import com.google.protobuf.InvalidProtocolBufferException;
|
||||
|
||||
import org.session.libsignal.metadata.SignalProtos;
|
||||
import org.session.libsignal.libsignal.InvalidKeyException;
|
||||
import org.session.libsignal.libsignal.ecc.Curve;
|
||||
import org.session.libsignal.libsignal.ecc.ECPublicKey;
|
||||
|
||||
public class ServerCertificate {
|
||||
|
||||
private final int keyId;
|
||||
private final ECPublicKey key;
|
||||
|
||||
private final byte[] serialized;
|
||||
private final byte[] certificate;
|
||||
private final byte[] signature;
|
||||
|
||||
public ServerCertificate(byte[] serialized) throws InvalidCertificateException {
|
||||
try {
|
||||
SignalProtos.ServerCertificate wrapper = SignalProtos.ServerCertificate.parseFrom(serialized);
|
||||
|
||||
if (!wrapper.hasCertificate() || !wrapper.hasSignature()) {
|
||||
throw new InvalidCertificateException("Missing fields");
|
||||
}
|
||||
|
||||
SignalProtos.ServerCertificate.Certificate certificate = SignalProtos.ServerCertificate.Certificate.parseFrom(wrapper.getCertificate());
|
||||
|
||||
if (!certificate.hasId() || !certificate.hasKey()) {
|
||||
throw new InvalidCertificateException("Missing fields");
|
||||
}
|
||||
|
||||
this.keyId = certificate.getId();
|
||||
this.key = Curve.decodePoint(certificate.getKey().toByteArray(), 0);
|
||||
this.serialized = serialized;
|
||||
this.certificate = wrapper.getCertificate().toByteArray();
|
||||
this.signature = wrapper.getSignature().toByteArray();
|
||||
|
||||
} catch (InvalidProtocolBufferException e) {
|
||||
throw new InvalidCertificateException(e);
|
||||
} catch (InvalidKeyException e) {
|
||||
throw new InvalidCertificateException(e);
|
||||
}
|
||||
}
|
||||
|
||||
public int getKeyId() {
|
||||
return keyId;
|
||||
}
|
||||
|
||||
public ECPublicKey getKey() {
|
||||
return key;
|
||||
}
|
||||
|
||||
public byte[] getSerialized() {
|
||||
return serialized;
|
||||
}
|
||||
|
||||
public byte[] getCertificate() {
|
||||
return certificate;
|
||||
}
|
||||
|
||||
public byte[] getSignature() {
|
||||
return signature;
|
||||
}
|
||||
}
|
@ -1,23 +0,0 @@
|
||||
package org.session.libsignal.service.api.crypto;
|
||||
|
||||
|
||||
import org.session.libsignal.libsignal.util.guava.Optional;
|
||||
|
||||
public class UnidentifiedAccessPair {
|
||||
|
||||
private final Optional<UnidentifiedAccess> targetUnidentifiedAccess;
|
||||
private final Optional<UnidentifiedAccess> selfUnidentifiedAccess;
|
||||
|
||||
public UnidentifiedAccessPair(UnidentifiedAccess targetUnidentifiedAccess, UnidentifiedAccess selfUnidentifiedAccess) {
|
||||
this.targetUnidentifiedAccess = Optional.of(targetUnidentifiedAccess);
|
||||
this.selfUnidentifiedAccess = Optional.of(selfUnidentifiedAccess);
|
||||
}
|
||||
|
||||
public Optional<UnidentifiedAccess> getTargetUnidentifiedAccess() {
|
||||
return targetUnidentifiedAccess;
|
||||
}
|
||||
|
||||
public Optional<UnidentifiedAccess> getSelfUnidentifiedAccess() {
|
||||
return selfUnidentifiedAccess;
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue