Java Code Examples for org.whispersystems.signalservice.api.crypto.InvalidCiphertextException

private TokenResponse putKbsData(byte[] kbsAccessKey, byte[] kbsData, String enclaveName, TokenResponse token)
    throws IOException, UnauthenticatedResponseException
{
  try {
    RemoteAttestation     remoteAttestation = getAndVerifyRemoteAttestation();
    KeyBackupRequest      request           = KeyBackupCipher.createKeyBackupRequest(kbsAccessKey, kbsData, token, remoteAttestation, Hex.fromStringCondensed(enclaveName), maxTries);
    KeyBackupResponse     response          = pushServiceSocket.putKbsData(authorization, request, remoteAttestation.getCookies(), enclaveName);
    BackupResponse        backupResponse    = KeyBackupCipher.getKeyBackupResponse(response, remoteAttestation);
    BackupResponse.Status status            = backupResponse.getStatus();

    switch (status) {
      case OK:
        return backupResponse.hasToken() ? new TokenResponse(token.getBackupId(), backupResponse.getToken().toByteArray(), maxTries) : token;
      case ALREADY_EXISTS:
        throw new UnauthenticatedResponseException("Already exists");
      case NOT_YET_VALID:
        throw new UnauthenticatedResponseException("Key is not valid yet, clock mismatch");
      default:
        throw new AssertionError("Unknown response status " + status);
    }
  } catch (InvalidCiphertextException e) {
    throw new UnauthenticatedResponseException(e);
  }
}
 

public static RemoteAttestation getAndVerifyRemoteAttestation(PushServiceSocket socket,
                                                              PushServiceSocket.ClientSet clientSet,
                                                              KeyStore iasKeyStore,
                                                              String enclaveName,
                                                              String mrenclave,
                                                              String authorization)
  throws IOException, Quote.InvalidQuoteFormatException, InvalidCiphertextException, UnauthenticatedQuoteException, SignatureException
{
  Curve25519                                    curve                   = Curve25519.getInstance(Curve25519.BEST);
  Curve25519KeyPair                             keyPair                 = curve.generateKeyPair();
  RemoteAttestationRequest                      attestationRequest      = new RemoteAttestationRequest(keyPair.getPublicKey());
  Pair<RemoteAttestationResponse, List<String>> attestationResponsePair = getRemoteAttestation(socket, clientSet, authorization, attestationRequest, enclaveName);
  RemoteAttestationResponse                     attestationResponse     = attestationResponsePair.first();
  List<String>                                  attestationCookies      = attestationResponsePair.second();

  RemoteAttestationKeys keys      = new RemoteAttestationKeys(keyPair, attestationResponse.getServerEphemeralPublic(), attestationResponse.getServerStaticPublic());
  Quote                 quote     = new Quote(attestationResponse.getQuote());
  byte[]                requestId = RemoteAttestationCipher.getRequestId(keys, attestationResponse);

  RemoteAttestationCipher.verifyServerQuote(quote, attestationResponse.getServerStaticPublic(), mrenclave);

  RemoteAttestationCipher.verifyIasSignature(iasKeyStore, attestationResponse.getCertificates(), attestationResponse.getSignatureBody(), attestationResponse.getSignature(), quote);

  return new RemoteAttestation(requestId, keys, attestationCookies);
}
 

private void setProfileName(Recipient recipient, String profileName) {
  try {
    ProfileKey profileKey = ProfileKeyUtil.profileKeyOrNull(recipient.getProfileKey());
    if (profileKey == null) return;

    String plaintextProfileName = ProfileUtil.decryptName(profileKey, profileName);

    if (!Util.equals(plaintextProfileName, recipient.getProfileName().serialize())) {
      Log.i(TAG, "Profile name updated. Writing new value.");
      DatabaseFactory.getRecipientDatabase(context).setProfileName(recipient.getId(), ProfileName.fromSerialized(plaintextProfileName));
    }

    if (TextUtils.isEmpty(plaintextProfileName)) {
      Log.i(TAG, "No profile name set.");
    }
  } catch (InvalidCiphertextException | IOException e) {
    Log.w(TAG, e);
  }
}
 

public List<String> getRegisteredUsers(KeyStore iasKeyStore, Set<String> e164numbers, String enclaveId)
    throws IOException, Quote.InvalidQuoteFormatException, UnauthenticatedQuoteException, SignatureException, UnauthenticatedResponseException
{
  try {
    String                 authorization     = pushServiceSocket.getContactDiscoveryAuthorization();
    RemoteAttestation      remoteAttestation = RemoteAttestationUtil.getAndVerifyRemoteAttestation(pushServiceSocket, PushServiceSocket.ClientSet.ContactDiscovery, iasKeyStore, enclaveId, enclaveId, authorization);
    List<String>           addressBook       = new LinkedList<>();

    for (String e164number : e164numbers) {
      addressBook.add(e164number.substring(1));
    }

    DiscoveryRequest  request  = ContactDiscoveryCipher.createDiscoveryRequest(addressBook, remoteAttestation);
    DiscoveryResponse response = pushServiceSocket.getContactDiscoveryRegisteredUsers(authorization, request, remoteAttestation.getCookies(), enclaveId);
    byte[]            data     = ContactDiscoveryCipher.getDiscoveryResponseData(response, remoteAttestation);

    Iterator<String> addressBookIterator = addressBook.iterator();
    List<String>     results             = new LinkedList<>();

    for (byte aData : data) {
      String candidate = addressBookIterator.next();

      if (aData != 0) results.add('+' + candidate);
    }

    return results;
  } catch (InvalidCiphertextException e) {
    throw new UnauthenticatedResponseException(e);
  }
}
 

private RemoteAttestation getAndVerifyRemoteAttestation() throws UnauthenticatedResponseException, IOException {
  try {
    return RemoteAttestationUtil.getAndVerifyRemoteAttestation(pushServiceSocket, PushServiceSocket.ClientSet.KeyBackup, iasKeyStore, enclaveName, mrenclave, authorization);
  } catch (Quote.InvalidQuoteFormatException | UnauthenticatedQuoteException | InvalidCiphertextException | SignatureException e) {
    throw new UnauthenticatedResponseException(e);
  }
}
 

public static BackupResponse getKeyBackupResponse(KeyBackupResponse response, RemoteAttestation remoteAttestation)
  throws InvalidCiphertextException, InvalidProtocolBufferException
{
  byte[] data = decryptData(response, remoteAttestation);

  Response backupResponse = Response.parseFrom(data);

  return backupResponse.getBackup();
}
 

public static RestoreResponse getKeyRestoreResponse(KeyBackupResponse response, RemoteAttestation remoteAttestation)
  throws InvalidCiphertextException, InvalidProtocolBufferException
{
  byte[] data = decryptData(response, remoteAttestation);

  return Response.parseFrom(data).getRestore();
}
 

public static DeleteResponse getKeyDeleteResponseStatus(KeyBackupResponse response, RemoteAttestation remoteAttestation)
  throws InvalidCiphertextException, InvalidProtocolBufferException
{
  byte[] data = decryptData(response, remoteAttestation);

  return DeleteResponse.parseFrom(data);
}
 

public static @Nullable String decryptName(@NonNull ProfileKey profileKey, @Nullable String encryptedName)
    throws InvalidCiphertextException, IOException
{
  if (encryptedName == null) {
    return null;
  }

  ProfileCipher profileCipher = new ProfileCipher(profileKey);
  return new String(profileCipher.decryptName(Base64.decode(encryptedName)));
}
 

private void setProfileName(@Nullable String encryptedName) {
  try {
    ProfileKey  profileKey    = ProfileKeyUtil.getSelfProfileKey();
    String      plaintextName = ProfileUtil.decryptName(profileKey, encryptedName);
    ProfileName profileName   = ProfileName.fromSerialized(plaintextName);

    DatabaseFactory.getRecipientDatabase(context).setProfileName(Recipient.self().getId(), profileName);
  } catch (InvalidCiphertextException | IOException e) {
    Log.w(TAG, e);
  }
}
 

@Test
public void vectors_decryptKbsDataIVCipherText() throws IOException, InvalidCiphertextException {
  for (KbsTestVector vector : getKbsTestVectorList()) {
    HashedPin hashedPin = HashedPin.fromArgon2Hash(vector.getArgon2Hash());

    KbsData kbsData = hashedPin.decryptKbsDataIVCipherText(vector.getIvAndCipher());

    assertArrayEquals(vector.getMasterKey(), kbsData.getMasterKey().serialize());
    assertArrayEquals(vector.getIvAndCipher(), kbsData.getCipherText());
    assertArrayEquals(vector.getKbsAccessKey(), kbsData.getKbsAccessKey());
    assertEquals(vector.getRegistrationLock(), kbsData.getMasterKey().deriveRegistrationLock());
  }
}
 

JsonProfile(SignalServiceProfile p, byte[] profileKey) throws IOException, InvalidCiphertextException {
    ProfileCipher profileCipher = new ProfileCipher(profileKey);
    name = new String(profileCipher.decryptName(Base64.decode(p.getName())));
    identity_key = p.getIdentityKey();
    avatar = p.getAvatar();
    unidentified_access = p.getUnidentifiedAccess();
    if (p.isUnrestrictedUnidentifiedAccess()) {
        unrestricted_unidentified_access = true;
    }

}
 

private void getProfile(JsonRequest request) throws IOException, InvalidCiphertextException, NoSuchAccountException {
    Manager m = Manager.get(request.username);
    ContactInfo contact = m.getContact(request.recipientNumber);
    if(contact == null || contact.profileKey == null) {
        this.reply("profile_not_available", null, request.id);
        return;
    }
    this.reply("profile", new JsonProfile(m.getProfile(request.recipientNumber), Base64.decode(contact.profileKey)), request.id);
}
 

private static SignalProfile decryptProfile(SignalServiceProfile encryptedProfile, ProfileKey profileKey) throws IOException {
    ProfileCipher profileCipher = new ProfileCipher(profileKey);
    try {
        return new SignalProfile(
                encryptedProfile.getIdentityKey(),
                encryptedProfile.getName() == null ? null : new String(profileCipher.decryptName(Base64.decode(encryptedProfile.getName()))),
                encryptedProfile.getAvatar(),
                encryptedProfile.getUnidentifiedAccess() == null || !profileCipher.verifyUnidentifiedAccess(Base64.decode(encryptedProfile.getUnidentifiedAccess())) ? null : encryptedProfile.getUnidentifiedAccess(),
                encryptedProfile.isUnrestrictedUnidentifiedAccess()
        );
    } catch (InvalidCiphertextException e) {
        return null;
    }
}
 

/**
 * Takes 48 byte IVC from KBS and returns full {@link KbsData}.
 */
public KbsData decryptKbsDataIVCipherText(byte[] IVC) throws InvalidCiphertextException {
  byte[] masterKey = HmacSIV.decrypt(K, IVC);
  return new KbsData(new MasterKey(masterKey), kbsAccessKey, IVC);
}
 

private KbsPinData restorePin(HashedPin hashedPin, TokenResponse token)
  throws UnauthenticatedResponseException, IOException, TokenException, KeyBackupSystemNoDataException
{
  try {
    final int               remainingTries    = token.getTries();
    final RemoteAttestation remoteAttestation = getAndVerifyRemoteAttestation();
    final KeyBackupRequest  request           = KeyBackupCipher.createKeyRestoreRequest(hashedPin.getKbsAccessKey(), token, remoteAttestation, Hex.fromStringCondensed(enclaveName));
    final KeyBackupResponse response          = pushServiceSocket.putKbsData(authorization, request, remoteAttestation.getCookies(), enclaveName);
    final RestoreResponse   status            = KeyBackupCipher.getKeyRestoreResponse(response, remoteAttestation);

    TokenResponse nextToken = status.hasToken()
                              ? new TokenResponse(token.getBackupId(), status.getToken().toByteArray(), status.getTries())
                              : token;

    Log.i(TAG, "Restore " + status.getStatus());
    switch (status.getStatus()) {
      case OK:
        KbsData kbsData = hashedPin.decryptKbsDataIVCipherText(status.getData().toByteArray());
        MasterKey masterKey = kbsData.getMasterKey();
        return new KbsPinData(masterKey, nextToken);
      case PIN_MISMATCH:
        Log.i(TAG, "Restore PIN_MISMATCH");
        throw new KeyBackupServicePinException(nextToken);
      case TOKEN_MISMATCH:
        Log.i(TAG, "Restore TOKEN_MISMATCH");
        // if the number of tries has not fallen, the pin is correct we're just using an out of date token
        boolean canRetry = remainingTries == status.getTries();
        Log.i(TAG, String.format(Locale.US, "Token MISMATCH %d %d", remainingTries, status.getTries()));
        throw new TokenException(nextToken, canRetry);
      case MISSING:
        Log.i(TAG, "Restore OK! No data though");
        throw new KeyBackupSystemNoDataException();
      case NOT_YET_VALID:
        throw new UnauthenticatedResponseException("Key is not valid yet, clock mismatch");
      default:
        throw new AssertionError("Unexpected case");
    }
  } catch (InvalidCiphertextException e) {
    throw new UnauthenticatedResponseException(e);
  }
}
 

public static byte[] getDiscoveryResponseData(DiscoveryResponse response, RemoteAttestation remoteAttestation) throws InvalidCiphertextException {
  return AESCipher.decrypt(remoteAttestation.getKeys().getServerKey(), response.getIv(), response.getData(), response.getMac());
}
 

public static byte[] getRequestId(RemoteAttestationKeys keys, RemoteAttestationResponse response) throws InvalidCiphertextException {
  return AESCipher.decrypt(keys.getServerKey(), response.getIv(), response.getCiphertext(), response.getTag());
}
 

private static byte[] decryptData(KeyBackupResponse response, RemoteAttestation remoteAttestation) throws InvalidCiphertextException {
  return AESCipher.decrypt(remoteAttestation.getKeys().getServerKey(), response.getIv(), response.getData(), response.getMac());
}
 

public List<String> getRegisteredUsers(KeyStore iasKeyStore, Set<String> e164numbers, String mrenclave)
    throws IOException, Quote.InvalidQuoteFormatException, UnauthenticatedQuoteException, SignatureException, UnauthenticatedResponseException
{
  try {
    String            authorization = this.pushServiceSocket.getContactDiscoveryAuthorization();
    Curve25519        curve         = Curve25519.getInstance(Curve25519.BEST);
    Curve25519KeyPair keyPair       = curve.generateKeyPair();

    ContactDiscoveryCipher                        cipher              = new ContactDiscoveryCipher();
    RemoteAttestationRequest                      attestationRequest  = new RemoteAttestationRequest(keyPair.getPublicKey());
    Pair<RemoteAttestationResponse, List<String>> attestationResponse = this.pushServiceSocket.getContactDiscoveryRemoteAttestation(authorization, attestationRequest, mrenclave);

    RemoteAttestationKeys keys      = new RemoteAttestationKeys(keyPair, attestationResponse.first().getServerEphemeralPublic(), attestationResponse.first().getServerStaticPublic());
    Quote                 quote     = new Quote(attestationResponse.first().getQuote());
    byte[]                requestId = cipher.getRequestId(keys, attestationResponse.first());

    cipher.verifyServerQuote(quote, attestationResponse.first().getServerStaticPublic(), mrenclave);
    cipher.verifyIasSignature(iasKeyStore, attestationResponse.first().getCertificates(), attestationResponse.first().getSignatureBody(), attestationResponse.first().getSignature(), quote);

    RemoteAttestation remoteAttestation = new RemoteAttestation(requestId, keys);
    List<String>      addressBook       = new LinkedList<>();

    for (String e164number : e164numbers) {
      addressBook.add(e164number.substring(1));
    }

    DiscoveryRequest  request  = cipher.createDiscoveryRequest(addressBook, remoteAttestation);
    DiscoveryResponse response = this.pushServiceSocket.getContactDiscoveryRegisteredUsers(authorization, request, attestationResponse.second(), mrenclave);
    byte[]            data     = cipher.getDiscoveryResponseData(response, remoteAttestation);

    Iterator<String> addressBookIterator = addressBook.iterator();
    List<String>     results             = new LinkedList<>();

    for (byte aData : data) {
      String candidate = addressBookIterator.next();

      if (aData != 0) results.add('+' + candidate);
    }

    return results;
  } catch (InvalidCiphertextException e) {
    throw new UnauthenticatedResponseException(e);
  }
}
 

public byte[] getDiscoveryResponseData(DiscoveryResponse response, RemoteAttestation remoteAttestation) throws InvalidCiphertextException {
  return decrypt(remoteAttestation.getKeys().getServerKey(), response.getIv(), response.getData(), response.getMac());
}
 

public byte[] getRequestId(RemoteAttestationKeys keys, RemoteAttestationResponse response) throws InvalidCiphertextException {
  return decrypt(keys.getServerKey(), response.getIv(), response.getCiphertext(), response.getTag());
}