Java Code Examples for org.whispersystems.signalservice.api.crypto.InvalidCiphertextException

The following examples show how to use org.whispersystems.signalservice.api.crypto.InvalidCiphertextException. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
private TokenResponse putKbsData(byte[] kbsAccessKey, byte[] kbsData, String enclaveName, TokenResponse token)
    throws IOException, UnauthenticatedResponseException
{
  try {
    RemoteAttestation     remoteAttestation = getAndVerifyRemoteAttestation();
    KeyBackupRequest      request           = KeyBackupCipher.createKeyBackupRequest(kbsAccessKey, kbsData, token, remoteAttestation, Hex.fromStringCondensed(enclaveName), maxTries);
    KeyBackupResponse     response          = pushServiceSocket.putKbsData(authorization, request, remoteAttestation.getCookies(), enclaveName);
    BackupResponse        backupResponse    = KeyBackupCipher.getKeyBackupResponse(response, remoteAttestation);
    BackupResponse.Status status            = backupResponse.getStatus();

    switch (status) {
      case OK:
        return backupResponse.hasToken() ? new TokenResponse(token.getBackupId(), backupResponse.getToken().toByteArray(), maxTries) : token;
      case ALREADY_EXISTS:
        throw new UnauthenticatedResponseException("Already exists");
      case NOT_YET_VALID:
        throw new UnauthenticatedResponseException("Key is not valid yet, clock mismatch");
      default:
        throw new AssertionError("Unknown response status " + status);
    }
  } catch (InvalidCiphertextException e) {
    throw new UnauthenticatedResponseException(e);
  }
}
 
Example 2
public static RemoteAttestation getAndVerifyRemoteAttestation(PushServiceSocket socket,
                                                              PushServiceSocket.ClientSet clientSet,
                                                              KeyStore iasKeyStore,
                                                              String enclaveName,
                                                              String mrenclave,
                                                              String authorization)
  throws IOException, Quote.InvalidQuoteFormatException, InvalidCiphertextException, UnauthenticatedQuoteException, SignatureException
{
  Curve25519                                    curve                   = Curve25519.getInstance(Curve25519.BEST);
  Curve25519KeyPair                             keyPair                 = curve.generateKeyPair();
  RemoteAttestationRequest                      attestationRequest      = new RemoteAttestationRequest(keyPair.getPublicKey());
  Pair<RemoteAttestationResponse, List<String>> attestationResponsePair = getRemoteAttestation(socket, clientSet, authorization, attestationRequest, enclaveName);
  RemoteAttestationResponse                     attestationResponse     = attestationResponsePair.first();
  List<String>                                  attestationCookies      = attestationResponsePair.second();

  RemoteAttestationKeys keys      = new RemoteAttestationKeys(keyPair, attestationResponse.getServerEphemeralPublic(), attestationResponse.getServerStaticPublic());
  Quote                 quote     = new Quote(attestationResponse.getQuote());
  byte[]                requestId = RemoteAttestationCipher.getRequestId(keys, attestationResponse);

  RemoteAttestationCipher.verifyServerQuote(quote, attestationResponse.getServerStaticPublic(), mrenclave);

  RemoteAttestationCipher.verifyIasSignature(iasKeyStore, attestationResponse.getCertificates(), attestationResponse.getSignatureBody(), attestationResponse.getSignature(), quote);

  return new RemoteAttestation(requestId, keys, attestationCookies);
}
 
Example 3
private void setProfileName(Recipient recipient, String profileName) {
  try {
    ProfileKey profileKey = ProfileKeyUtil.profileKeyOrNull(recipient.getProfileKey());
    if (profileKey == null) return;

    String plaintextProfileName = ProfileUtil.decryptName(profileKey, profileName);

    if (!Util.equals(plaintextProfileName, recipient.getProfileName().serialize())) {
      Log.i(TAG, "Profile name updated. Writing new value.");
      DatabaseFactory.getRecipientDatabase(context).setProfileName(recipient.getId(), ProfileName.fromSerialized(plaintextProfileName));
    }

    if (TextUtils.isEmpty(plaintextProfileName)) {
      Log.i(TAG, "No profile name set.");
    }
  } catch (InvalidCiphertextException | IOException e) {
    Log.w(TAG, e);
  }
}
 
Example 4
public List<String> getRegisteredUsers(KeyStore iasKeyStore, Set<String> e164numbers, String enclaveId)
    throws IOException, Quote.InvalidQuoteFormatException, UnauthenticatedQuoteException, SignatureException, UnauthenticatedResponseException
{
  try {
    String                 authorization     = pushServiceSocket.getContactDiscoveryAuthorization();
    RemoteAttestation      remoteAttestation = RemoteAttestationUtil.getAndVerifyRemoteAttestation(pushServiceSocket, PushServiceSocket.ClientSet.ContactDiscovery, iasKeyStore, enclaveId, enclaveId, authorization);
    List<String>           addressBook       = new LinkedList<>();

    for (String e164number : e164numbers) {
      addressBook.add(e164number.substring(1));
    }

    DiscoveryRequest  request  = ContactDiscoveryCipher.createDiscoveryRequest(addressBook, remoteAttestation);
    DiscoveryResponse response = pushServiceSocket.getContactDiscoveryRegisteredUsers(authorization, request, remoteAttestation.getCookies(), enclaveId);
    byte[]            data     = ContactDiscoveryCipher.getDiscoveryResponseData(response, remoteAttestation);

    Iterator<String> addressBookIterator = addressBook.iterator();
    List<String>     results             = new LinkedList<>();

    for (byte aData : data) {
      String candidate = addressBookIterator.next();

      if (aData != 0) results.add('+' + candidate);
    }

    return results;
  } catch (InvalidCiphertextException e) {
    throw new UnauthenticatedResponseException(e);
  }
}
 
Example 5
private RemoteAttestation getAndVerifyRemoteAttestation() throws UnauthenticatedResponseException, IOException {
  try {
    return RemoteAttestationUtil.getAndVerifyRemoteAttestation(pushServiceSocket, PushServiceSocket.ClientSet.KeyBackup, iasKeyStore, enclaveName, mrenclave, authorization);
  } catch (Quote.InvalidQuoteFormatException | UnauthenticatedQuoteException | InvalidCiphertextException | SignatureException e) {
    throw new UnauthenticatedResponseException(e);
  }
}
 
Example 6
public static BackupResponse getKeyBackupResponse(KeyBackupResponse response, RemoteAttestation remoteAttestation)
  throws InvalidCiphertextException, InvalidProtocolBufferException
{
  byte[] data = decryptData(response, remoteAttestation);

  Response backupResponse = Response.parseFrom(data);

  return backupResponse.getBackup();
}
 
Example 7
public static RestoreResponse getKeyRestoreResponse(KeyBackupResponse response, RemoteAttestation remoteAttestation)
  throws InvalidCiphertextException, InvalidProtocolBufferException
{
  byte[] data = decryptData(response, remoteAttestation);

  return Response.parseFrom(data).getRestore();
}
 
Example 8
public static DeleteResponse getKeyDeleteResponseStatus(KeyBackupResponse response, RemoteAttestation remoteAttestation)
  throws InvalidCiphertextException, InvalidProtocolBufferException
{
  byte[] data = decryptData(response, remoteAttestation);

  return DeleteResponse.parseFrom(data);
}
 
Example 9
Source Project: mollyim-android   Source File: ProfileUtil.java    License: GNU General Public License v3.0 5 votes vote down vote up
public static @Nullable String decryptName(@NonNull ProfileKey profileKey, @Nullable String encryptedName)
    throws InvalidCiphertextException, IOException
{
  if (encryptedName == null) {
    return null;
  }

  ProfileCipher profileCipher = new ProfileCipher(profileKey);
  return new String(profileCipher.decryptName(Base64.decode(encryptedName)));
}
 
Example 10
private void setProfileName(@Nullable String encryptedName) {
  try {
    ProfileKey  profileKey    = ProfileKeyUtil.getSelfProfileKey();
    String      plaintextName = ProfileUtil.decryptName(profileKey, encryptedName);
    ProfileName profileName   = ProfileName.fromSerialized(plaintextName);

    DatabaseFactory.getRecipientDatabase(context).setProfileName(Recipient.self().getId(), profileName);
  } catch (InvalidCiphertextException | IOException e) {
    Log.w(TAG, e);
  }
}
 
Example 11
@Test
public void vectors_decryptKbsDataIVCipherText() throws IOException, InvalidCiphertextException {
  for (KbsTestVector vector : getKbsTestVectorList()) {
    HashedPin hashedPin = HashedPin.fromArgon2Hash(vector.getArgon2Hash());

    KbsData kbsData = hashedPin.decryptKbsDataIVCipherText(vector.getIvAndCipher());

    assertArrayEquals(vector.getMasterKey(), kbsData.getMasterKey().serialize());
    assertArrayEquals(vector.getIvAndCipher(), kbsData.getCipherText());
    assertArrayEquals(vector.getKbsAccessKey(), kbsData.getKbsAccessKey());
    assertEquals(vector.getRegistrationLock(), kbsData.getMasterKey().deriveRegistrationLock());
  }
}
 
Example 12
Source Project: signald   Source File: JsonProfile.java    License: GNU General Public License v3.0 5 votes vote down vote up
JsonProfile(SignalServiceProfile p, byte[] profileKey) throws IOException, InvalidCiphertextException {
    ProfileCipher profileCipher = new ProfileCipher(profileKey);
    name = new String(profileCipher.decryptName(Base64.decode(p.getName())));
    identity_key = p.getIdentityKey();
    avatar = p.getAvatar();
    unidentified_access = p.getUnidentifiedAccess();
    if (p.isUnrestrictedUnidentifiedAccess()) {
        unrestricted_unidentified_access = true;
    }

}
 
Example 13
Source Project: signald   Source File: SocketHandler.java    License: GNU General Public License v3.0 5 votes vote down vote up
private void getProfile(JsonRequest request) throws IOException, InvalidCiphertextException, NoSuchAccountException {
    Manager m = Manager.get(request.username);
    ContactInfo contact = m.getContact(request.recipientNumber);
    if(contact == null || contact.profileKey == null) {
        this.reply("profile_not_available", null, request.id);
        return;
    }
    this.reply("profile", new JsonProfile(m.getProfile(request.recipientNumber), Base64.decode(contact.profileKey)), request.id);
}
 
Example 14
Source Project: signal-cli   Source File: Manager.java    License: GNU General Public License v3.0 5 votes vote down vote up
private static SignalProfile decryptProfile(SignalServiceProfile encryptedProfile, ProfileKey profileKey) throws IOException {
    ProfileCipher profileCipher = new ProfileCipher(profileKey);
    try {
        return new SignalProfile(
                encryptedProfile.getIdentityKey(),
                encryptedProfile.getName() == null ? null : new String(profileCipher.decryptName(Base64.decode(encryptedProfile.getName()))),
                encryptedProfile.getAvatar(),
                encryptedProfile.getUnidentifiedAccess() == null || !profileCipher.verifyUnidentifiedAccess(Base64.decode(encryptedProfile.getUnidentifiedAccess())) ? null : encryptedProfile.getUnidentifiedAccess(),
                encryptedProfile.isUnrestrictedUnidentifiedAccess()
        );
    } catch (InvalidCiphertextException e) {
        return null;
    }
}
 
Example 15
Source Project: mollyim-android   Source File: HashedPin.java    License: GNU General Public License v3.0 4 votes vote down vote up
/**
 * Takes 48 byte IVC from KBS and returns full {@link KbsData}.
 */
public KbsData decryptKbsDataIVCipherText(byte[] IVC) throws InvalidCiphertextException {
  byte[] masterKey = HmacSIV.decrypt(K, IVC);
  return new KbsData(new MasterKey(masterKey), kbsAccessKey, IVC);
}
 
Example 16
private KbsPinData restorePin(HashedPin hashedPin, TokenResponse token)
  throws UnauthenticatedResponseException, IOException, TokenException, KeyBackupSystemNoDataException
{
  try {
    final int               remainingTries    = token.getTries();
    final RemoteAttestation remoteAttestation = getAndVerifyRemoteAttestation();
    final KeyBackupRequest  request           = KeyBackupCipher.createKeyRestoreRequest(hashedPin.getKbsAccessKey(), token, remoteAttestation, Hex.fromStringCondensed(enclaveName));
    final KeyBackupResponse response          = pushServiceSocket.putKbsData(authorization, request, remoteAttestation.getCookies(), enclaveName);
    final RestoreResponse   status            = KeyBackupCipher.getKeyRestoreResponse(response, remoteAttestation);

    TokenResponse nextToken = status.hasToken()
                              ? new TokenResponse(token.getBackupId(), status.getToken().toByteArray(), status.getTries())
                              : token;

    Log.i(TAG, "Restore " + status.getStatus());
    switch (status.getStatus()) {
      case OK:
        KbsData kbsData = hashedPin.decryptKbsDataIVCipherText(status.getData().toByteArray());
        MasterKey masterKey = kbsData.getMasterKey();
        return new KbsPinData(masterKey, nextToken);
      case PIN_MISMATCH:
        Log.i(TAG, "Restore PIN_MISMATCH");
        throw new KeyBackupServicePinException(nextToken);
      case TOKEN_MISMATCH:
        Log.i(TAG, "Restore TOKEN_MISMATCH");
        // if the number of tries has not fallen, the pin is correct we're just using an out of date token
        boolean canRetry = remainingTries == status.getTries();
        Log.i(TAG, String.format(Locale.US, "Token MISMATCH %d %d", remainingTries, status.getTries()));
        throw new TokenException(nextToken, canRetry);
      case MISSING:
        Log.i(TAG, "Restore OK! No data though");
        throw new KeyBackupSystemNoDataException();
      case NOT_YET_VALID:
        throw new UnauthenticatedResponseException("Key is not valid yet, clock mismatch");
      default:
        throw new AssertionError("Unexpected case");
    }
  } catch (InvalidCiphertextException e) {
    throw new UnauthenticatedResponseException(e);
  }
}
 
Example 17
public static byte[] getDiscoveryResponseData(DiscoveryResponse response, RemoteAttestation remoteAttestation) throws InvalidCiphertextException {
  return AESCipher.decrypt(remoteAttestation.getKeys().getServerKey(), response.getIv(), response.getData(), response.getMac());
}
 
Example 18
public static byte[] getRequestId(RemoteAttestationKeys keys, RemoteAttestationResponse response) throws InvalidCiphertextException {
  return AESCipher.decrypt(keys.getServerKey(), response.getIv(), response.getCiphertext(), response.getTag());
}
 
Example 19
private static byte[] decryptData(KeyBackupResponse response, RemoteAttestation remoteAttestation) throws InvalidCiphertextException {
  return AESCipher.decrypt(remoteAttestation.getKeys().getServerKey(), response.getIv(), response.getData(), response.getMac());
}
 
Example 20
public List<String> getRegisteredUsers(KeyStore iasKeyStore, Set<String> e164numbers, String mrenclave)
    throws IOException, Quote.InvalidQuoteFormatException, UnauthenticatedQuoteException, SignatureException, UnauthenticatedResponseException
{
  try {
    String            authorization = this.pushServiceSocket.getContactDiscoveryAuthorization();
    Curve25519        curve         = Curve25519.getInstance(Curve25519.BEST);
    Curve25519KeyPair keyPair       = curve.generateKeyPair();

    ContactDiscoveryCipher                        cipher              = new ContactDiscoveryCipher();
    RemoteAttestationRequest                      attestationRequest  = new RemoteAttestationRequest(keyPair.getPublicKey());
    Pair<RemoteAttestationResponse, List<String>> attestationResponse = this.pushServiceSocket.getContactDiscoveryRemoteAttestation(authorization, attestationRequest, mrenclave);

    RemoteAttestationKeys keys      = new RemoteAttestationKeys(keyPair, attestationResponse.first().getServerEphemeralPublic(), attestationResponse.first().getServerStaticPublic());
    Quote                 quote     = new Quote(attestationResponse.first().getQuote());
    byte[]                requestId = cipher.getRequestId(keys, attestationResponse.first());

    cipher.verifyServerQuote(quote, attestationResponse.first().getServerStaticPublic(), mrenclave);
    cipher.verifyIasSignature(iasKeyStore, attestationResponse.first().getCertificates(), attestationResponse.first().getSignatureBody(), attestationResponse.first().getSignature(), quote);

    RemoteAttestation remoteAttestation = new RemoteAttestation(requestId, keys);
    List<String>      addressBook       = new LinkedList<>();

    for (String e164number : e164numbers) {
      addressBook.add(e164number.substring(1));
    }

    DiscoveryRequest  request  = cipher.createDiscoveryRequest(addressBook, remoteAttestation);
    DiscoveryResponse response = this.pushServiceSocket.getContactDiscoveryRegisteredUsers(authorization, request, attestationResponse.second(), mrenclave);
    byte[]            data     = cipher.getDiscoveryResponseData(response, remoteAttestation);

    Iterator<String> addressBookIterator = addressBook.iterator();
    List<String>     results             = new LinkedList<>();

    for (byte aData : data) {
      String candidate = addressBookIterator.next();

      if (aData != 0) results.add('+' + candidate);
    }

    return results;
  } catch (InvalidCiphertextException e) {
    throw new UnauthenticatedResponseException(e);
  }
}
 
Example 21
public byte[] getDiscoveryResponseData(DiscoveryResponse response, RemoteAttestation remoteAttestation) throws InvalidCiphertextException {
  return decrypt(remoteAttestation.getKeys().getServerKey(), response.getIv(), response.getData(), response.getMac());
}
 
Example 22
public byte[] getRequestId(RemoteAttestationKeys keys, RemoteAttestationResponse response) throws InvalidCiphertextException {
  return decrypt(keys.getServerKey(), response.getIv(), response.getCiphertext(), response.getTag());
}