status-im
/
status-go
mirror of https://github.com/status-im/status-go.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
status-go/services/shhext/chat/encryption_test.go

971 lines
31 KiB
Go
Raw Normal View History

Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
package chat
import (
"crypto/ecdsa"
"errors"
"fmt"
Add versioning & tests, migrate db files (#1293) We are preparing for the release of this to general public, so a few things have been added: 1) Add versioning for bundles, and make refresh interval configurable 2) Move files to installationID so no metadata is leaked 3) Re-key using user password db
2018-11-28 11:34:39 +00:00
"io/ioutil"
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
"math/rand"
"os"
"reflect"
"sync"
"testing"
"time"
"github.com/ethereum/go-ethereum/crypto"
"github.com/stretchr/testify/suite"
)
var cleartext = []byte("hello")
var aliceInstallationID = "1"
var bobInstallationID = "2"
Add confirm messages processed by ID (#1375) Currently PFS messages are decrypted and therefore modified before being passed to the client. This make IDs computation difficult, as we pass the whole object to the client and expect the object be passed back once confirmed. This changes the behavior allowing confirmation by ID, which is passed to the client instead of the raw object. This is a breaking change, but status-react is already forward compatible.
2019-02-19 12:58:42 +00:00
var defaultMessageID = []byte("default")
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
func TestEncryptionServiceTestSuite(t *testing.T) {
suite.Run(t, new(EncryptionServiceTestSuite))
}
type EncryptionServiceTestSuite struct {
suite.Suite
Add versioning & tests, migrate db files (#1293) We are preparing for the release of this to general public, so a few things have been added: 1) Add versioning for bundles, and make refresh interval configurable 2) Move files to installationID so no metadata is leaked 3) Re-key using user password db
2018-11-28 11:34:39 +00:00
alice *EncryptionService
bob *EncryptionService
aliceDBPath string
bobDBPath string
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
}
Add versioning & tests, migrate db files (#1293) We are preparing for the release of this to general public, so a few things have been added: 1) Add versioning for bundles, and make refresh interval configurable 2) Move files to installationID so no metadata is leaked 3) Re-key using user password db
2018-11-28 11:34:39 +00:00
func (s *EncryptionServiceTestSuite) initDatabases(baseConfig *EncryptionServiceConfig) {
aliceDBFile, err := ioutil.TempFile(os.TempDir(), "alice")
s.Require().NoError(err)
aliceDBPath := aliceDBFile.Name()
bobDBFile, err := ioutil.TempFile(os.TempDir(), "bob")
s.Require().NoError(err)
bobDBPath := bobDBFile.Name()
s.aliceDBPath = aliceDBPath
s.bobDBPath = bobDBPath
if baseConfig == nil {
config := DefaultEncryptionServiceConfig(aliceInstallationID)
baseConfig = &config
}
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
const (
Add versioning & tests, migrate db files (#1293) We are preparing for the release of this to general public, so a few things have been added: 1) Add versioning for bundles, and make refresh interval configurable 2) Move files to installationID so no metadata is leaked 3) Re-key using user password db
2018-11-28 11:34:39 +00:00
aliceDBKey = "alice"
bobDBKey = "bob"
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
)
alicePersistence, err := NewSQLLitePersistence(aliceDBPath, aliceDBKey)
if err != nil {
panic(err)
}
bobPersistence, err := NewSQLLitePersistence(bobDBPath, bobDBKey)
if err != nil {
panic(err)
}
Add versioning & tests, migrate db files (#1293) We are preparing for the release of this to general public, so a few things have been added: 1) Add versioning for bundles, and make refresh interval configurable 2) Move files to installationID so no metadata is leaked 3) Re-key using user password db
2018-11-28 11:34:39 +00:00
baseConfig.InstallationID = aliceInstallationID
s.alice = NewEncryptionService(alicePersistence, *baseConfig)
baseConfig.InstallationID = bobInstallationID
s.bob = NewEncryptionService(bobPersistence, *baseConfig)
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
}
func (s *EncryptionServiceTestSuite) SetupTest() {
Add versioning & tests, migrate db files (#1293) We are preparing for the release of this to general public, so a few things have been added: 1) Add versioning for bundles, and make refresh interval configurable 2) Move files to installationID so no metadata is leaked 3) Re-key using user password db
2018-11-28 11:34:39 +00:00
s.initDatabases(nil)
}
func (s *EncryptionServiceTestSuite) TearDownTest() {
os.Remove(s.aliceDBPath)
os.Remove(s.bobDBPath)
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
}
func (s *EncryptionServiceTestSuite) TestCreateBundle() {
aliceKey, err := crypto.GenerateKey()
s.Require().NoError(err)
aliceBundle1, err := s.alice.CreateBundle(aliceKey)
s.Require().NoError(err)
s.NotNil(aliceBundle1, "It creates a bundle")
aliceBundle2, err := s.alice.CreateBundle(aliceKey)
s.Require().NoError(err)
s.Equal(aliceBundle1, aliceBundle2, "It returns the same bundle")
}
// Alice sends Bob an encrypted message with DH using an ephemeral key
// and Bob's identity key.
// Bob is able to decrypt it.
// Alice does not re-use the symmetric key
func (s *EncryptionServiceTestSuite) TestEncryptPayloadNoBundle() {
bobKey, err := crypto.GenerateKey()
s.Require().NoError(err)
aliceKey, err := crypto.GenerateKey()
s.Require().NoError(err)
encryptionResponse1, err := s.alice.EncryptPayload(&bobKey.PublicKey, aliceKey, cleartext)
s.Require().NoError(err)
installationResponse1 := encryptionResponse1["none"]
// That's for any device
s.Require().NotNil(installationResponse1)
cyphertext1 := installationResponse1.Payload
ephemeralKey1 := installationResponse1.GetDHHeader().GetKey()
s.NotNil(ephemeralKey1, "It generates an ephemeral key for DH exchange")
s.NotNil(cyphertext1, "It generates an encrypted payload")
s.NotEqual(cyphertext1, cleartext, "It encrypts the payload correctly")
// On the receiver side, we should be able to decrypt using our private key and the ephemeral just sent
Add confirm messages processed by ID (#1375) Currently PFS messages are decrypted and therefore modified before being passed to the client. This make IDs computation difficult, as we pass the whole object to the client and expect the object be passed back once confirmed. This changes the behavior allowing confirmation by ID, which is passed to the client instead of the raw object. This is a breaking change, but status-react is already forward compatible.
2019-02-19 12:58:42 +00:00
decryptedPayload1, err := s.bob.DecryptPayload(bobKey, &aliceKey.PublicKey, aliceInstallationID, encryptionResponse1, defaultMessageID)
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
s.Require().NoError(err)
s.Equal(cleartext, decryptedPayload1, "It correctly decrypts the payload using DH")
// The next message will not be re-using the same key
encryptionResponse2, err := s.alice.EncryptPayload(&bobKey.PublicKey, aliceKey, cleartext)
s.Require().NoError(err)
installationResponse2 := encryptionResponse2[aliceInstallationID]
cyphertext2 := installationResponse2.GetPayload()
ephemeralKey2 := installationResponse2.GetDHHeader().GetKey()
s.NotEqual(cyphertext1, cyphertext2, "It does not re-use the symmetric key")
s.NotEqual(ephemeralKey1, ephemeralKey2, "It does not re-use the ephemeral key")
Add confirm messages processed by ID (#1375) Currently PFS messages are decrypted and therefore modified before being passed to the client. This make IDs computation difficult, as we pass the whole object to the client and expect the object be passed back once confirmed. This changes the behavior allowing confirmation by ID, which is passed to the client instead of the raw object. This is a breaking change, but status-react is already forward compatible.
2019-02-19 12:58:42 +00:00
decryptedPayload2, err := s.bob.DecryptPayload(bobKey, &aliceKey.PublicKey, aliceInstallationID, encryptionResponse2, defaultMessageID)
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
s.Require().NoError(err)
s.Equal(cleartext, decryptedPayload2, "It correctly decrypts the payload using DH")
}
// Alice has Bob's bundle
// Alice sends Bob an encrypted message with X3DH and DR using an ephemeral key
// and Bob's bundle.
func (s *EncryptionServiceTestSuite) TestEncryptPayloadBundle() {
bobKey, err := crypto.GenerateKey()
s.Require().NoError(err)
aliceKey, err := crypto.GenerateKey()
s.Require().NoError(err)
// Create a bundle
bobBundle, err := s.bob.CreateBundle(bobKey)
s.Require().NoError(err)
// We add bob bundle
Add bundles.added signal & pairing endpoint (#1237)
2018-10-16 10:31:05 +00:00
_, err = s.alice.ProcessPublicBundle(aliceKey, bobBundle)
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
s.Require().NoError(err)
// We send a message using the bundle
encryptionResponse1, err := s.alice.EncryptPayload(&bobKey.PublicKey, aliceKey, cleartext)
s.Require().NoError(err)
installationResponse1 := encryptionResponse1[bobInstallationID]
s.Require().NotNil(installationResponse1)
cyphertext1 := installationResponse1.GetPayload()
x3dhHeader := installationResponse1.GetX3DHHeader()
drHeader := installationResponse1.GetDRHeader()
s.NotNil(cyphertext1, "It generates an encrypted payload")
s.NotEqual(cyphertext1, cleartext, "It encrypts the payload correctly")
// Check X3DH Header
bundleID := bobBundle.GetSignedPreKeys()[bobInstallationID].GetSignedPreKey()
s.NotNil(x3dhHeader, "It adds an x3dh header")
s.NotNil(x3dhHeader.GetKey(), "It adds an ephemeral key")
s.Equal(x3dhHeader.GetId(), bundleID, "It sets the bundle id")
// Check DR Header
s.NotNil(drHeader, "It adds a DR header")
s.NotNil(drHeader.GetKey(), "It adds a key to the DR header")
s.Equal(bundleID, drHeader.GetId(), "It adds the bundle id")
s.Equal(uint32(0), drHeader.GetN(), "It adds the correct message number")
s.Equal(uint32(0), drHeader.GetPn(), "It adds the correct length of the message chain")
// Bob is able to decrypt it using the bundle
Add confirm messages processed by ID (#1375) Currently PFS messages are decrypted and therefore modified before being passed to the client. This make IDs computation difficult, as we pass the whole object to the client and expect the object be passed back once confirmed. This changes the behavior allowing confirmation by ID, which is passed to the client instead of the raw object. This is a breaking change, but status-react is already forward compatible.
2019-02-19 12:58:42 +00:00
decryptedPayload1, err := s.bob.DecryptPayload(bobKey, &aliceKey.PublicKey, aliceInstallationID, encryptionResponse1, defaultMessageID)
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
s.Require().NoError(err)
s.Equal(cleartext, decryptedPayload1, "It correctly decrypts the payload using X3DH")
}
// Alice has Bob's bundle
// Alice sends Bob 2 encrypted messages with X3DH and DR using an ephemeral key
// and Bob's bundle.
// Alice sends another message. This message should be using a DR
// and should include the initial x3dh message
// Bob receives only the last one, he should be able to decrypt it
// nolint: megacheck
func (s *EncryptionServiceTestSuite) TestConsequentMessagesBundle() {
cleartext1 := []byte("message 1")
cleartext2 := []byte("message 2")
bobKey, err := crypto.GenerateKey()
s.Require().NoError(err)
aliceKey, err := crypto.GenerateKey()
s.Require().NoError(err)
// Create a bundle
bobBundle, err := s.bob.CreateBundle(bobKey)
s.Require().NoError(err)
// We add bob bundle
Add bundles.added signal & pairing endpoint (#1237)
2018-10-16 10:31:05 +00:00
_, err = s.alice.ProcessPublicBundle(aliceKey, bobBundle)
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
s.Require().NoError(err)
// We send a message using the bundle
_, err = s.alice.EncryptPayload(&bobKey.PublicKey, aliceKey, cleartext1)
s.Require().NoError(err)
// We send another message using the bundle
encryptionResponse, err := s.alice.EncryptPayload(&bobKey.PublicKey, aliceKey, cleartext2)
s.Require().NoError(err)
installationResponse := encryptionResponse[bobInstallationID]
s.Require().NotNil(installationResponse)
cyphertext1 := installationResponse.GetPayload()
x3dhHeader := installationResponse.GetX3DHHeader()
drHeader := installationResponse.GetDRHeader()
s.NotNil(cyphertext1, "It generates an encrypted payload")
s.NotEqual(cyphertext1, cleartext2, "It encrypts the payload correctly")
// Check X3DH Header
bundleID := bobBundle.GetSignedPreKeys()[bobInstallationID].GetSignedPreKey()
s.NotNil(x3dhHeader, "It adds an x3dh header")
s.NotNil(x3dhHeader.GetKey(), "It adds an ephemeral key")
s.Equal(x3dhHeader.GetId(), bundleID, "It sets the bundle id")
// Check DR Header
s.NotNil(drHeader, "It adds a DR header")
s.NotNil(drHeader.GetKey(), "It adds a key to the DR header")
s.Equal(bundleID, drHeader.GetId(), "It adds the bundle id")
s.Equal(uint32(1), drHeader.GetN(), "It adds the correct message number")
s.Equal(uint32(0), drHeader.GetPn(), "It adds the correct length of the message chain")
// Bob is able to decrypt it using the bundle
Add confirm messages processed by ID (#1375) Currently PFS messages are decrypted and therefore modified before being passed to the client. This make IDs computation difficult, as we pass the whole object to the client and expect the object be passed back once confirmed. This changes the behavior allowing confirmation by ID, which is passed to the client instead of the raw object. This is a breaking change, but status-react is already forward compatible.
2019-02-19 12:58:42 +00:00
decryptedPayload1, err := s.bob.DecryptPayload(bobKey, &aliceKey.PublicKey, aliceInstallationID, encryptionResponse, defaultMessageID)
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
s.Require().NoError(err)
s.Equal(cleartext2, decryptedPayload1, "It correctly decrypts the payload using X3DH")
}
// Alice has Bob's bundle
// Alice sends Bob an encrypted message with X3DH using an ephemeral key
// and Bob's bundle.
// Bob's receives the message
// Bob replies to the message
// Alice replies to the message
func (s *EncryptionServiceTestSuite) TestConversation() {
cleartext1 := []byte("message 1")
cleartext2 := []byte("message 2")
bobKey, err := crypto.GenerateKey()
s.Require().NoError(err)
aliceKey, err := crypto.GenerateKey()
s.Require().NoError(err)
// Create a bundle
bobBundle, err := s.bob.CreateBundle(bobKey)
s.Require().NoError(err)
// Create a bundle
aliceBundle, err := s.alice.CreateBundle(aliceKey)
s.Require().NoError(err)
// We add bob bundle
Add bundles.added signal & pairing endpoint (#1237)
2018-10-16 10:31:05 +00:00
_, err = s.alice.ProcessPublicBundle(aliceKey, bobBundle)
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
s.Require().NoError(err)
// We add alice bundle
Add bundles.added signal & pairing endpoint (#1237)
2018-10-16 10:31:05 +00:00
_, err = s.bob.ProcessPublicBundle(bobKey, aliceBundle)
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
s.Require().NoError(err)
// Alice sends a message
encryptionResponse, err := s.alice.EncryptPayload(&bobKey.PublicKey, aliceKey, cleartext1)
s.Require().NoError(err)
// Bob receives the message
Add confirm messages processed by ID (#1375) Currently PFS messages are decrypted and therefore modified before being passed to the client. This make IDs computation difficult, as we pass the whole object to the client and expect the object be passed back once confirmed. This changes the behavior allowing confirmation by ID, which is passed to the client instead of the raw object. This is a breaking change, but status-react is already forward compatible.
2019-02-19 12:58:42 +00:00
_, err = s.bob.DecryptPayload(bobKey, &aliceKey.PublicKey, aliceInstallationID, encryptionResponse, defaultMessageID)
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
s.Require().NoError(err)
// Bob replies to the message
encryptionResponse, err = s.bob.EncryptPayload(&aliceKey.PublicKey, bobKey, cleartext1)
s.Require().NoError(err)
// Alice receives the message
Add confirm messages processed by ID (#1375) Currently PFS messages are decrypted and therefore modified before being passed to the client. This make IDs computation difficult, as we pass the whole object to the client and expect the object be passed back once confirmed. This changes the behavior allowing confirmation by ID, which is passed to the client instead of the raw object. This is a breaking change, but status-react is already forward compatible.
2019-02-19 12:58:42 +00:00
_, err = s.alice.DecryptPayload(aliceKey, &bobKey.PublicKey, bobInstallationID, encryptionResponse, defaultMessageID)
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
s.Require().NoError(err)
// We send another message using the bundle
encryptionResponse, err = s.alice.EncryptPayload(&bobKey.PublicKey, aliceKey, cleartext2)
s.Require().NoError(err)
installationResponse := encryptionResponse[bobInstallationID]
s.Require().NotNil(installationResponse)
cyphertext1 := installationResponse.GetPayload()
x3dhHeader := installationResponse.GetX3DHHeader()
drHeader := installationResponse.GetDRHeader()
s.NotNil(cyphertext1, "It generates an encrypted payload")
s.NotEqual(cyphertext1, cleartext2, "It encrypts the payload correctly")
// It does not send the x3dh bundle
s.Nil(x3dhHeader, "It does not add an x3dh header")
// Check DR Header
bundleID := bobBundle.GetSignedPreKeys()[bobInstallationID].GetSignedPreKey()
s.NotNil(drHeader, "It adds a DR header")
s.NotNil(drHeader.GetKey(), "It adds a key to the DR header")
s.Equal(bundleID, drHeader.GetId(), "It adds the bundle id")
s.Equal(uint32(0), drHeader.GetN(), "It adds the correct message number")
s.Equal(uint32(1), drHeader.GetPn(), "It adds the correct length of the message chain")
// Bob is able to decrypt it using the bundle
Add confirm messages processed by ID (#1375) Currently PFS messages are decrypted and therefore modified before being passed to the client. This make IDs computation difficult, as we pass the whole object to the client and expect the object be passed back once confirmed. This changes the behavior allowing confirmation by ID, which is passed to the client instead of the raw object. This is a breaking change, but status-react is already forward compatible.
2019-02-19 12:58:42 +00:00
decryptedPayload1, err := s.bob.DecryptPayload(bobKey, &aliceKey.PublicKey, aliceInstallationID, encryptionResponse, defaultMessageID)
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
s.Require().NoError(err)
s.Equal(cleartext2, decryptedPayload1, "It correctly decrypts the payload using X3DH")
}
Change handling of skipped/deleted keys & add version (#1261) - Skipped keys The purpose of limiting the number of skipped keys generated is to avoid a dos attack whereby an attacker would send a large N, forcing the device to compute all the keys between currentN..N . Previously the logic for handling skipped keys was: - If in the current receiving chain there are more than maxSkip keys, throw an error This is problematic as in long-lived session dropped/unreceived messages starts piling up, eventually reaching the threshold (1000 dropped/unreceived messages). This logic has been changed to be more inline with signals spec, and now it is: - If N is > currentN + maxSkip, throw an error The purpose of limiting the number of skipped keys stored is to avoid a dos attack whereby an attacker would force us to store a large number of keys, filling up our storage. Previously the logic for handling old keys was: - Once you have maxKeep ratchet steps, delete any key from currentRatchet - maxKeep. This, in combination with the maxSkip implementation, capped the number of stored keys to maxSkip * maxKeep. The logic has been changed to: - Keep a maximum of MaxMessageKeysPerSession and additionally we delete any key that has a sequence number < currentSeqNum - maxKeep - Version We check now the version of the bundle so that when we get a bundle from the same installationID with a higher version, we mark the previous bundle as expired and use the new bundle the next time a message is sent
2018-11-05 19:00:04 +00:00
// Previous implementation allowed max maxSkip keys in the same receiving chain
// leading to a problem whereby dropped messages would accumulate and eventually
// we would not be able to decrypt any new message anymore.
// Here we are testing that maxSkip only applies to *consecutive* messages, not
// overall.
func (s *EncryptionServiceTestSuite) TestMaxSkipKeys() {
bobText := []byte("text")
bobKey, err := crypto.GenerateKey()
s.Require().NoError(err)
aliceKey, err := crypto.GenerateKey()
s.Require().NoError(err)
// Create a bundle
bobBundle, err := s.bob.CreateBundle(bobKey)
s.Require().NoError(err)
// We add bob bundle
_, err = s.alice.ProcessPublicBundle(aliceKey, bobBundle)
s.Require().NoError(err)
// Create a bundle
aliceBundle, err := s.alice.CreateBundle(aliceKey)
s.Require().NoError(err)
// We add alice bundle
_, err = s.bob.ProcessPublicBundle(bobKey, aliceBundle)
s.Require().NoError(err)
// Bob sends a message
Add tests for multi-device and refactor encryption service config (#1277)
2018-11-27 08:54:20 +00:00
for i := 0; i < s.alice.config.MaxSkip; i++ {
Change handling of skipped/deleted keys & add version (#1261) - Skipped keys The purpose of limiting the number of skipped keys generated is to avoid a dos attack whereby an attacker would send a large N, forcing the device to compute all the keys between currentN..N . Previously the logic for handling skipped keys was: - If in the current receiving chain there are more than maxSkip keys, throw an error This is problematic as in long-lived session dropped/unreceived messages starts piling up, eventually reaching the threshold (1000 dropped/unreceived messages). This logic has been changed to be more inline with signals spec, and now it is: - If N is > currentN + maxSkip, throw an error The purpose of limiting the number of skipped keys stored is to avoid a dos attack whereby an attacker would force us to store a large number of keys, filling up our storage. Previously the logic for handling old keys was: - Once you have maxKeep ratchet steps, delete any key from currentRatchet - maxKeep. This, in combination with the maxSkip implementation, capped the number of stored keys to maxSkip * maxKeep. The logic has been changed to: - Keep a maximum of MaxMessageKeysPerSession and additionally we delete any key that has a sequence number < currentSeqNum - maxKeep - Version We check now the version of the bundle so that when we get a bundle from the same installationID with a higher version, we mark the previous bundle as expired and use the new bundle the next time a message is sent
2018-11-05 19:00:04 +00:00
_, err = s.bob.EncryptPayload(&aliceKey.PublicKey, bobKey, bobText)
s.Require().NoError(err)
}
// Bob sends a message
bobMessage1, err := s.bob.EncryptPayload(&aliceKey.PublicKey, bobKey, bobText)
s.Require().NoError(err)
// Alice receives the message
Add confirm messages processed by ID (#1375) Currently PFS messages are decrypted and therefore modified before being passed to the client. This make IDs computation difficult, as we pass the whole object to the client and expect the object be passed back once confirmed. This changes the behavior allowing confirmation by ID, which is passed to the client instead of the raw object. This is a breaking change, but status-react is already forward compatible.
2019-02-19 12:58:42 +00:00
_, err = s.alice.DecryptPayload(aliceKey, &bobKey.PublicKey, bobInstallationID, bobMessage1, defaultMessageID)
Change handling of skipped/deleted keys & add version (#1261) - Skipped keys The purpose of limiting the number of skipped keys generated is to avoid a dos attack whereby an attacker would send a large N, forcing the device to compute all the keys between currentN..N . Previously the logic for handling skipped keys was: - If in the current receiving chain there are more than maxSkip keys, throw an error This is problematic as in long-lived session dropped/unreceived messages starts piling up, eventually reaching the threshold (1000 dropped/unreceived messages). This logic has been changed to be more inline with signals spec, and now it is: - If N is > currentN + maxSkip, throw an error The purpose of limiting the number of skipped keys stored is to avoid a dos attack whereby an attacker would force us to store a large number of keys, filling up our storage. Previously the logic for handling old keys was: - Once you have maxKeep ratchet steps, delete any key from currentRatchet - maxKeep. This, in combination with the maxSkip implementation, capped the number of stored keys to maxSkip * maxKeep. The logic has been changed to: - Keep a maximum of MaxMessageKeysPerSession and additionally we delete any key that has a sequence number < currentSeqNum - maxKeep - Version We check now the version of the bundle so that when we get a bundle from the same installationID with a higher version, we mark the previous bundle as expired and use the new bundle the next time a message is sent
2018-11-05 19:00:04 +00:00
s.Require().NoError(err)
// Bob sends a message
_, err = s.bob.EncryptPayload(&aliceKey.PublicKey, bobKey, bobText)
s.Require().NoError(err)
// Bob sends a message
bobMessage2, err := s.bob.EncryptPayload(&aliceKey.PublicKey, bobKey, bobText)
s.Require().NoError(err)
// Alice receives the message, we should have maxSkip + 1 keys in the db, but
// we should not throw an error
Add confirm messages processed by ID (#1375) Currently PFS messages are decrypted and therefore modified before being passed to the client. This make IDs computation difficult, as we pass the whole object to the client and expect the object be passed back once confirmed. This changes the behavior allowing confirmation by ID, which is passed to the client instead of the raw object. This is a breaking change, but status-react is already forward compatible.
2019-02-19 12:58:42 +00:00
_, err = s.alice.DecryptPayload(aliceKey, &bobKey.PublicKey, bobInstallationID, bobMessage2, defaultMessageID)
Change handling of skipped/deleted keys & add version (#1261) - Skipped keys The purpose of limiting the number of skipped keys generated is to avoid a dos attack whereby an attacker would send a large N, forcing the device to compute all the keys between currentN..N . Previously the logic for handling skipped keys was: - If in the current receiving chain there are more than maxSkip keys, throw an error This is problematic as in long-lived session dropped/unreceived messages starts piling up, eventually reaching the threshold (1000 dropped/unreceived messages). This logic has been changed to be more inline with signals spec, and now it is: - If N is > currentN + maxSkip, throw an error The purpose of limiting the number of skipped keys stored is to avoid a dos attack whereby an attacker would force us to store a large number of keys, filling up our storage. Previously the logic for handling old keys was: - Once you have maxKeep ratchet steps, delete any key from currentRatchet - maxKeep. This, in combination with the maxSkip implementation, capped the number of stored keys to maxSkip * maxKeep. The logic has been changed to: - Keep a maximum of MaxMessageKeysPerSession and additionally we delete any key that has a sequence number < currentSeqNum - maxKeep - Version We check now the version of the bundle so that when we get a bundle from the same installationID with a higher version, we mark the previous bundle as expired and use the new bundle the next time a message is sent
2018-11-05 19:00:04 +00:00
s.Require().NoError(err)
}
// Test that an error is thrown if max skip is reached
func (s *EncryptionServiceTestSuite) TestMaxSkipKeysError() {
bobText := []byte("text")
bobKey, err := crypto.GenerateKey()
s.Require().NoError(err)
aliceKey, err := crypto.GenerateKey()
s.Require().NoError(err)
// Create a bundle
bobBundle, err := s.bob.CreateBundle(bobKey)
s.Require().NoError(err)
// We add bob bundle
_, err = s.alice.ProcessPublicBundle(aliceKey, bobBundle)
s.Require().NoError(err)
// Create a bundle
aliceBundle, err := s.alice.CreateBundle(aliceKey)
s.Require().NoError(err)
// We add alice bundle
_, err = s.bob.ProcessPublicBundle(bobKey, aliceBundle)
s.Require().NoError(err)
// Bob sends a message
Add tests for multi-device and refactor encryption service config (#1277)
2018-11-27 08:54:20 +00:00
for i := 0; i < s.alice.config.MaxSkip+1; i++ {
Change handling of skipped/deleted keys & add version (#1261) - Skipped keys The purpose of limiting the number of skipped keys generated is to avoid a dos attack whereby an attacker would send a large N, forcing the device to compute all the keys between currentN..N . Previously the logic for handling skipped keys was: - If in the current receiving chain there are more than maxSkip keys, throw an error This is problematic as in long-lived session dropped/unreceived messages starts piling up, eventually reaching the threshold (1000 dropped/unreceived messages). This logic has been changed to be more inline with signals spec, and now it is: - If N is > currentN + maxSkip, throw an error The purpose of limiting the number of skipped keys stored is to avoid a dos attack whereby an attacker would force us to store a large number of keys, filling up our storage. Previously the logic for handling old keys was: - Once you have maxKeep ratchet steps, delete any key from currentRatchet - maxKeep. This, in combination with the maxSkip implementation, capped the number of stored keys to maxSkip * maxKeep. The logic has been changed to: - Keep a maximum of MaxMessageKeysPerSession and additionally we delete any key that has a sequence number < currentSeqNum - maxKeep - Version We check now the version of the bundle so that when we get a bundle from the same installationID with a higher version, we mark the previous bundle as expired and use the new bundle the next time a message is sent
2018-11-05 19:00:04 +00:00
_, err = s.bob.EncryptPayload(&aliceKey.PublicKey, bobKey, bobText)
s.Require().NoError(err)
}
// Bob sends a message
bobMessage1, err := s.bob.EncryptPayload(&aliceKey.PublicKey, bobKey, bobText)
s.Require().NoError(err)
// Alice receives the message
Add confirm messages processed by ID (#1375) Currently PFS messages are decrypted and therefore modified before being passed to the client. This make IDs computation difficult, as we pass the whole object to the client and expect the object be passed back once confirmed. This changes the behavior allowing confirmation by ID, which is passed to the client instead of the raw object. This is a breaking change, but status-react is already forward compatible.
2019-02-19 12:58:42 +00:00
_, err = s.alice.DecryptPayload(aliceKey, &bobKey.PublicKey, bobInstallationID, bobMessage1, defaultMessageID)
Change handling of skipped/deleted keys & add version (#1261) - Skipped keys The purpose of limiting the number of skipped keys generated is to avoid a dos attack whereby an attacker would send a large N, forcing the device to compute all the keys between currentN..N . Previously the logic for handling skipped keys was: - If in the current receiving chain there are more than maxSkip keys, throw an error This is problematic as in long-lived session dropped/unreceived messages starts piling up, eventually reaching the threshold (1000 dropped/unreceived messages). This logic has been changed to be more inline with signals spec, and now it is: - If N is > currentN + maxSkip, throw an error The purpose of limiting the number of skipped keys stored is to avoid a dos attack whereby an attacker would force us to store a large number of keys, filling up our storage. Previously the logic for handling old keys was: - Once you have maxKeep ratchet steps, delete any key from currentRatchet - maxKeep. This, in combination with the maxSkip implementation, capped the number of stored keys to maxSkip * maxKeep. The logic has been changed to: - Keep a maximum of MaxMessageKeysPerSession and additionally we delete any key that has a sequence number < currentSeqNum - maxKeep - Version We check now the version of the bundle so that when we get a bundle from the same installationID with a higher version, we mark the previous bundle as expired and use the new bundle the next time a message is sent
2018-11-05 19:00:04 +00:00
s.Require().Equal(errors.New("can't skip current chain message keys: too many messages"), err)
}
func (s *EncryptionServiceTestSuite) TestMaxMessageKeysPerSession() {
Add confirm messages processed by ID (#1375) Currently PFS messages are decrypted and therefore modified before being passed to the client. This make IDs computation difficult, as we pass the whole object to the client and expect the object be passed back once confirmed. This changes the behavior allowing confirmation by ID, which is passed to the client instead of the raw object. This is a breaking change, but status-react is already forward compatible.
2019-02-19 12:58:42 +00:00
config := DefaultEncryptionServiceConfig("none")
// Set MaxKeep and MaxSkip to an high value so it does not interfere
config.MaxKeep = 100000
config.MaxSkip = 100000
s.initDatabases(&config)
Change handling of skipped/deleted keys & add version (#1261) - Skipped keys The purpose of limiting the number of skipped keys generated is to avoid a dos attack whereby an attacker would send a large N, forcing the device to compute all the keys between currentN..N . Previously the logic for handling skipped keys was: - If in the current receiving chain there are more than maxSkip keys, throw an error This is problematic as in long-lived session dropped/unreceived messages starts piling up, eventually reaching the threshold (1000 dropped/unreceived messages). This logic has been changed to be more inline with signals spec, and now it is: - If N is > currentN + maxSkip, throw an error The purpose of limiting the number of skipped keys stored is to avoid a dos attack whereby an attacker would force us to store a large number of keys, filling up our storage. Previously the logic for handling old keys was: - Once you have maxKeep ratchet steps, delete any key from currentRatchet - maxKeep. This, in combination with the maxSkip implementation, capped the number of stored keys to maxSkip * maxKeep. The logic has been changed to: - Keep a maximum of MaxMessageKeysPerSession and additionally we delete any key that has a sequence number < currentSeqNum - maxKeep - Version We check now the version of the bundle so that when we get a bundle from the same installationID with a higher version, we mark the previous bundle as expired and use the new bundle the next time a message is sent
2018-11-05 19:00:04 +00:00
bobText := []byte("text")
bobKey, err := crypto.GenerateKey()
s.Require().NoError(err)
aliceKey, err := crypto.GenerateKey()
s.Require().NoError(err)
// Create a bundle
bobBundle, err := s.bob.CreateBundle(bobKey)
s.Require().NoError(err)
// We add bob bundle
_, err = s.alice.ProcessPublicBundle(aliceKey, bobBundle)
s.Require().NoError(err)
// Create a bundle
aliceBundle, err := s.alice.CreateBundle(aliceKey)
s.Require().NoError(err)
// We add alice bundle
_, err = s.bob.ProcessPublicBundle(bobKey, aliceBundle)
s.Require().NoError(err)
// We create just enough messages so that the first key should be deleted
Add confirm messages processed by ID (#1375) Currently PFS messages are decrypted and therefore modified before being passed to the client. This make IDs computation difficult, as we pass the whole object to the client and expect the object be passed back once confirmed. This changes the behavior allowing confirmation by ID, which is passed to the client instead of the raw object. This is a breaking change, but status-react is already forward compatible.
2019-02-19 12:58:42 +00:00
nMessages := s.alice.config.MaxMessageKeysPerSession
Change handling of skipped/deleted keys & add version (#1261) - Skipped keys The purpose of limiting the number of skipped keys generated is to avoid a dos attack whereby an attacker would send a large N, forcing the device to compute all the keys between currentN..N . Previously the logic for handling skipped keys was: - If in the current receiving chain there are more than maxSkip keys, throw an error This is problematic as in long-lived session dropped/unreceived messages starts piling up, eventually reaching the threshold (1000 dropped/unreceived messages). This logic has been changed to be more inline with signals spec, and now it is: - If N is > currentN + maxSkip, throw an error The purpose of limiting the number of skipped keys stored is to avoid a dos attack whereby an attacker would force us to store a large number of keys, filling up our storage. Previously the logic for handling old keys was: - Once you have maxKeep ratchet steps, delete any key from currentRatchet - maxKeep. This, in combination with the maxSkip implementation, capped the number of stored keys to maxSkip * maxKeep. The logic has been changed to: - Keep a maximum of MaxMessageKeysPerSession and additionally we delete any key that has a sequence number < currentSeqNum - maxKeep - Version We check now the version of the bundle so that when we get a bundle from the same installationID with a higher version, we mark the previous bundle as expired and use the new bundle the next time a message is sent
2018-11-05 19:00:04 +00:00
messages := make([]map[string]*DirectMessageProtocol, nMessages)
for i := 0; i < nMessages; i++ {
m, err := s.bob.EncryptPayload(&aliceKey.PublicKey, bobKey, bobText)
s.Require().NoError(err)
messages[i] = m
}
// Another message to trigger the deletion
m, err := s.bob.EncryptPayload(&aliceKey.PublicKey, bobKey, bobText)
s.Require().NoError(err)
Add confirm messages processed by ID (#1375) Currently PFS messages are decrypted and therefore modified before being passed to the client. This make IDs computation difficult, as we pass the whole object to the client and expect the object be passed back once confirmed. This changes the behavior allowing confirmation by ID, which is passed to the client instead of the raw object. This is a breaking change, but status-react is already forward compatible.
2019-02-19 12:58:42 +00:00
_, err = s.alice.DecryptPayload(aliceKey, &bobKey.PublicKey, bobInstallationID, m, defaultMessageID)
Change handling of skipped/deleted keys & add version (#1261) - Skipped keys The purpose of limiting the number of skipped keys generated is to avoid a dos attack whereby an attacker would send a large N, forcing the device to compute all the keys between currentN..N . Previously the logic for handling skipped keys was: - If in the current receiving chain there are more than maxSkip keys, throw an error This is problematic as in long-lived session dropped/unreceived messages starts piling up, eventually reaching the threshold (1000 dropped/unreceived messages). This logic has been changed to be more inline with signals spec, and now it is: - If N is > currentN + maxSkip, throw an error The purpose of limiting the number of skipped keys stored is to avoid a dos attack whereby an attacker would force us to store a large number of keys, filling up our storage. Previously the logic for handling old keys was: - Once you have maxKeep ratchet steps, delete any key from currentRatchet - maxKeep. This, in combination with the maxSkip implementation, capped the number of stored keys to maxSkip * maxKeep. The logic has been changed to: - Keep a maximum of MaxMessageKeysPerSession and additionally we delete any key that has a sequence number < currentSeqNum - maxKeep - Version We check now the version of the bundle so that when we get a bundle from the same installationID with a higher version, we mark the previous bundle as expired and use the new bundle the next time a message is sent
2018-11-05 19:00:04 +00:00
s.Require().NoError(err)
// We decrypt the first message, and it should fail
Add confirm messages processed by ID (#1375) Currently PFS messages are decrypted and therefore modified before being passed to the client. This make IDs computation difficult, as we pass the whole object to the client and expect the object be passed back once confirmed. This changes the behavior allowing confirmation by ID, which is passed to the client instead of the raw object. This is a breaking change, but status-react is already forward compatible.
2019-02-19 12:58:42 +00:00
_, err = s.alice.DecryptPayload(aliceKey, &bobKey.PublicKey, bobInstallationID, messages[0], defaultMessageID)
Change handling of skipped/deleted keys & add version (#1261) - Skipped keys The purpose of limiting the number of skipped keys generated is to avoid a dos attack whereby an attacker would send a large N, forcing the device to compute all the keys between currentN..N . Previously the logic for handling skipped keys was: - If in the current receiving chain there are more than maxSkip keys, throw an error This is problematic as in long-lived session dropped/unreceived messages starts piling up, eventually reaching the threshold (1000 dropped/unreceived messages). This logic has been changed to be more inline with signals spec, and now it is: - If N is > currentN + maxSkip, throw an error The purpose of limiting the number of skipped keys stored is to avoid a dos attack whereby an attacker would force us to store a large number of keys, filling up our storage. Previously the logic for handling old keys was: - Once you have maxKeep ratchet steps, delete any key from currentRatchet - maxKeep. This, in combination with the maxSkip implementation, capped the number of stored keys to maxSkip * maxKeep. The logic has been changed to: - Keep a maximum of MaxMessageKeysPerSession and additionally we delete any key that has a sequence number < currentSeqNum - maxKeep - Version We check now the version of the bundle so that when we get a bundle from the same installationID with a higher version, we mark the previous bundle as expired and use the new bundle the next time a message is sent
2018-11-05 19:00:04 +00:00
s.Require().Equal(errors.New("can't skip current chain message keys: bad until: probably an out-of-order message that was deleted"), err)
// We decrypt the second message, and it should be decrypted
Add confirm messages processed by ID (#1375) Currently PFS messages are decrypted and therefore modified before being passed to the client. This make IDs computation difficult, as we pass the whole object to the client and expect the object be passed back once confirmed. This changes the behavior allowing confirmation by ID, which is passed to the client instead of the raw object. This is a breaking change, but status-react is already forward compatible.
2019-02-19 12:58:42 +00:00
_, err = s.alice.DecryptPayload(aliceKey, &bobKey.PublicKey, bobInstallationID, messages[1], defaultMessageID)
Change handling of skipped/deleted keys & add version (#1261) - Skipped keys The purpose of limiting the number of skipped keys generated is to avoid a dos attack whereby an attacker would send a large N, forcing the device to compute all the keys between currentN..N . Previously the logic for handling skipped keys was: - If in the current receiving chain there are more than maxSkip keys, throw an error This is problematic as in long-lived session dropped/unreceived messages starts piling up, eventually reaching the threshold (1000 dropped/unreceived messages). This logic has been changed to be more inline with signals spec, and now it is: - If N is > currentN + maxSkip, throw an error The purpose of limiting the number of skipped keys stored is to avoid a dos attack whereby an attacker would force us to store a large number of keys, filling up our storage. Previously the logic for handling old keys was: - Once you have maxKeep ratchet steps, delete any key from currentRatchet - maxKeep. This, in combination with the maxSkip implementation, capped the number of stored keys to maxSkip * maxKeep. The logic has been changed to: - Keep a maximum of MaxMessageKeysPerSession and additionally we delete any key that has a sequence number < currentSeqNum - maxKeep - Version We check now the version of the bundle so that when we get a bundle from the same installationID with a higher version, we mark the previous bundle as expired and use the new bundle the next time a message is sent
2018-11-05 19:00:04 +00:00
s.Require().NoError(err)
}
func (s *EncryptionServiceTestSuite) TestMaxKeep() {
Add confirm messages processed by ID (#1375) Currently PFS messages are decrypted and therefore modified before being passed to the client. This make IDs computation difficult, as we pass the whole object to the client and expect the object be passed back once confirmed. This changes the behavior allowing confirmation by ID, which is passed to the client instead of the raw object. This is a breaking change, but status-react is already forward compatible.
2019-02-19 12:58:42 +00:00
config := DefaultEncryptionServiceConfig("none")
// Set MaxMessageKeysPerSession to an high value so it does not interfere
config.MaxMessageKeysPerSession = 100000
s.initDatabases(&config)
Change handling of skipped/deleted keys & add version (#1261) - Skipped keys The purpose of limiting the number of skipped keys generated is to avoid a dos attack whereby an attacker would send a large N, forcing the device to compute all the keys between currentN..N . Previously the logic for handling skipped keys was: - If in the current receiving chain there are more than maxSkip keys, throw an error This is problematic as in long-lived session dropped/unreceived messages starts piling up, eventually reaching the threshold (1000 dropped/unreceived messages). This logic has been changed to be more inline with signals spec, and now it is: - If N is > currentN + maxSkip, throw an error The purpose of limiting the number of skipped keys stored is to avoid a dos attack whereby an attacker would force us to store a large number of keys, filling up our storage. Previously the logic for handling old keys was: - Once you have maxKeep ratchet steps, delete any key from currentRatchet - maxKeep. This, in combination with the maxSkip implementation, capped the number of stored keys to maxSkip * maxKeep. The logic has been changed to: - Keep a maximum of MaxMessageKeysPerSession and additionally we delete any key that has a sequence number < currentSeqNum - maxKeep - Version We check now the version of the bundle so that when we get a bundle from the same installationID with a higher version, we mark the previous bundle as expired and use the new bundle the next time a message is sent
2018-11-05 19:00:04 +00:00
bobText := []byte("text")
bobKey, err := crypto.GenerateKey()
s.Require().NoError(err)
aliceKey, err := crypto.GenerateKey()
s.Require().NoError(err)
// Create a bundle
bobBundle, err := s.bob.CreateBundle(bobKey)
s.Require().NoError(err)
// We add bob bundle
_, err = s.alice.ProcessPublicBundle(aliceKey, bobBundle)
s.Require().NoError(err)
// Create a bundle
aliceBundle, err := s.alice.CreateBundle(aliceKey)
s.Require().NoError(err)
// We add alice bundle
_, err = s.bob.ProcessPublicBundle(bobKey, aliceBundle)
s.Require().NoError(err)
// We decrypt all messages but 1 & 2
Add tests for multi-device and refactor encryption service config (#1277)
2018-11-27 08:54:20 +00:00
messages := make([]map[string]*DirectMessageProtocol, s.alice.config.MaxKeep)
for i := 0; i < s.alice.config.MaxKeep; i++ {
Change handling of skipped/deleted keys & add version (#1261) - Skipped keys The purpose of limiting the number of skipped keys generated is to avoid a dos attack whereby an attacker would send a large N, forcing the device to compute all the keys between currentN..N . Previously the logic for handling skipped keys was: - If in the current receiving chain there are more than maxSkip keys, throw an error This is problematic as in long-lived session dropped/unreceived messages starts piling up, eventually reaching the threshold (1000 dropped/unreceived messages). This logic has been changed to be more inline with signals spec, and now it is: - If N is > currentN + maxSkip, throw an error The purpose of limiting the number of skipped keys stored is to avoid a dos attack whereby an attacker would force us to store a large number of keys, filling up our storage. Previously the logic for handling old keys was: - Once you have maxKeep ratchet steps, delete any key from currentRatchet - maxKeep. This, in combination with the maxSkip implementation, capped the number of stored keys to maxSkip * maxKeep. The logic has been changed to: - Keep a maximum of MaxMessageKeysPerSession and additionally we delete any key that has a sequence number < currentSeqNum - maxKeep - Version We check now the version of the bundle so that when we get a bundle from the same installationID with a higher version, we mark the previous bundle as expired and use the new bundle the next time a message is sent
2018-11-05 19:00:04 +00:00
m, err := s.bob.EncryptPayload(&aliceKey.PublicKey, bobKey, bobText)
messages[i] = m
s.Require().NoError(err)
if i != 0 && i != 1 {
Add confirm messages processed by ID (#1375) Currently PFS messages are decrypted and therefore modified before being passed to the client. This make IDs computation difficult, as we pass the whole object to the client and expect the object be passed back once confirmed. This changes the behavior allowing confirmation by ID, which is passed to the client instead of the raw object. This is a breaking change, but status-react is already forward compatible.
2019-02-19 12:58:42 +00:00
messageID := []byte(fmt.Sprintf("%d", i))
_, err = s.alice.DecryptPayload(aliceKey, &bobKey.PublicKey, bobInstallationID, m, messageID)
s.Require().NoError(err)
err = s.alice.ConfirmMessagesProcessed([][]byte{messageID})
Change handling of skipped/deleted keys & add version (#1261) - Skipped keys The purpose of limiting the number of skipped keys generated is to avoid a dos attack whereby an attacker would send a large N, forcing the device to compute all the keys between currentN..N . Previously the logic for handling skipped keys was: - If in the current receiving chain there are more than maxSkip keys, throw an error This is problematic as in long-lived session dropped/unreceived messages starts piling up, eventually reaching the threshold (1000 dropped/unreceived messages). This logic has been changed to be more inline with signals spec, and now it is: - If N is > currentN + maxSkip, throw an error The purpose of limiting the number of skipped keys stored is to avoid a dos attack whereby an attacker would force us to store a large number of keys, filling up our storage. Previously the logic for handling old keys was: - Once you have maxKeep ratchet steps, delete any key from currentRatchet - maxKeep. This, in combination with the maxSkip implementation, capped the number of stored keys to maxSkip * maxKeep. The logic has been changed to: - Keep a maximum of MaxMessageKeysPerSession and additionally we delete any key that has a sequence number < currentSeqNum - maxKeep - Version We check now the version of the bundle so that when we get a bundle from the same installationID with a higher version, we mark the previous bundle as expired and use the new bundle the next time a message is sent
2018-11-05 19:00:04 +00:00
s.Require().NoError(err)
}
}
// We decrypt the first message, and it should fail, as it should have been removed
Add confirm messages processed by ID (#1375) Currently PFS messages are decrypted and therefore modified before being passed to the client. This make IDs computation difficult, as we pass the whole object to the client and expect the object be passed back once confirmed. This changes the behavior allowing confirmation by ID, which is passed to the client instead of the raw object. This is a breaking change, but status-react is already forward compatible.
2019-02-19 12:58:42 +00:00
_, err = s.alice.DecryptPayload(aliceKey, &bobKey.PublicKey, bobInstallationID, messages[0], defaultMessageID)
Change handling of skipped/deleted keys & add version (#1261) - Skipped keys The purpose of limiting the number of skipped keys generated is to avoid a dos attack whereby an attacker would send a large N, forcing the device to compute all the keys between currentN..N . Previously the logic for handling skipped keys was: - If in the current receiving chain there are more than maxSkip keys, throw an error This is problematic as in long-lived session dropped/unreceived messages starts piling up, eventually reaching the threshold (1000 dropped/unreceived messages). This logic has been changed to be more inline with signals spec, and now it is: - If N is > currentN + maxSkip, throw an error The purpose of limiting the number of skipped keys stored is to avoid a dos attack whereby an attacker would force us to store a large number of keys, filling up our storage. Previously the logic for handling old keys was: - Once you have maxKeep ratchet steps, delete any key from currentRatchet - maxKeep. This, in combination with the maxSkip implementation, capped the number of stored keys to maxSkip * maxKeep. The logic has been changed to: - Keep a maximum of MaxMessageKeysPerSession and additionally we delete any key that has a sequence number < currentSeqNum - maxKeep - Version We check now the version of the bundle so that when we get a bundle from the same installationID with a higher version, we mark the previous bundle as expired and use the new bundle the next time a message is sent
2018-11-05 19:00:04 +00:00
s.Require().Equal(errors.New("can't skip current chain message keys: bad until: probably an out-of-order message that was deleted"), err)
// We decrypt the second message, and it should be decrypted
Add confirm messages processed by ID (#1375) Currently PFS messages are decrypted and therefore modified before being passed to the client. This make IDs computation difficult, as we pass the whole object to the client and expect the object be passed back once confirmed. This changes the behavior allowing confirmation by ID, which is passed to the client instead of the raw object. This is a breaking change, but status-react is already forward compatible.
2019-02-19 12:58:42 +00:00
_, err = s.alice.DecryptPayload(aliceKey, &bobKey.PublicKey, bobInstallationID, messages[1], defaultMessageID)
Change handling of skipped/deleted keys & add version (#1261) - Skipped keys The purpose of limiting the number of skipped keys generated is to avoid a dos attack whereby an attacker would send a large N, forcing the device to compute all the keys between currentN..N . Previously the logic for handling skipped keys was: - If in the current receiving chain there are more than maxSkip keys, throw an error This is problematic as in long-lived session dropped/unreceived messages starts piling up, eventually reaching the threshold (1000 dropped/unreceived messages). This logic has been changed to be more inline with signals spec, and now it is: - If N is > currentN + maxSkip, throw an error The purpose of limiting the number of skipped keys stored is to avoid a dos attack whereby an attacker would force us to store a large number of keys, filling up our storage. Previously the logic for handling old keys was: - Once you have maxKeep ratchet steps, delete any key from currentRatchet - maxKeep. This, in combination with the maxSkip implementation, capped the number of stored keys to maxSkip * maxKeep. The logic has been changed to: - Keep a maximum of MaxMessageKeysPerSession and additionally we delete any key that has a sequence number < currentSeqNum - maxKeep - Version We check now the version of the bundle so that when we get a bundle from the same installationID with a higher version, we mark the previous bundle as expired and use the new bundle the next time a message is sent
2018-11-05 19:00:04 +00:00
s.Require().NoError(err)
}
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
// Alice has Bob's bundle
// Bob has Alice's bundle
// Bob sends a message to alice
// Alice sends a message to Bob
// Bob receives alice message
// Alice receives Bob message
// Bob sends another message to alice and viceversa
func (s *EncryptionServiceTestSuite) TestConcurrentBundles() {
bobText1 := []byte("bob text 1")
bobText2 := []byte("bob text 2")
aliceText1 := []byte("alice text 1")
aliceText2 := []byte("alice text 2")
bobKey, err := crypto.GenerateKey()
s.Require().NoError(err)
aliceKey, err := crypto.GenerateKey()
s.Require().NoError(err)
// Create a bundle
bobBundle, err := s.bob.CreateBundle(bobKey)
s.Require().NoError(err)
// We add bob bundle
Add bundles.added signal & pairing endpoint (#1237)
2018-10-16 10:31:05 +00:00
_, err = s.alice.ProcessPublicBundle(aliceKey, bobBundle)
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
s.Require().NoError(err)
// Create a bundle
aliceBundle, err := s.alice.CreateBundle(aliceKey)
s.Require().NoError(err)
// We add alice bundle
Add bundles.added signal & pairing endpoint (#1237)
2018-10-16 10:31:05 +00:00
_, err = s.bob.ProcessPublicBundle(bobKey, aliceBundle)
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
s.Require().NoError(err)
// Alice sends a message
aliceMessage1, err := s.alice.EncryptPayload(&bobKey.PublicKey, aliceKey, aliceText1)
s.Require().NoError(err)
// Bob sends a message
bobMessage1, err := s.bob.EncryptPayload(&aliceKey.PublicKey, bobKey, bobText1)
s.Require().NoError(err)
// Bob receives the message
Add confirm messages processed by ID (#1375) Currently PFS messages are decrypted and therefore modified before being passed to the client. This make IDs computation difficult, as we pass the whole object to the client and expect the object be passed back once confirmed. This changes the behavior allowing confirmation by ID, which is passed to the client instead of the raw object. This is a breaking change, but status-react is already forward compatible.
2019-02-19 12:58:42 +00:00
_, err = s.bob.DecryptPayload(bobKey, &aliceKey.PublicKey, aliceInstallationID, aliceMessage1, defaultMessageID)
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
s.Require().NoError(err)
// Alice receives the message
Add confirm messages processed by ID (#1375) Currently PFS messages are decrypted and therefore modified before being passed to the client. This make IDs computation difficult, as we pass the whole object to the client and expect the object be passed back once confirmed. This changes the behavior allowing confirmation by ID, which is passed to the client instead of the raw object. This is a breaking change, but status-react is already forward compatible.
2019-02-19 12:58:42 +00:00
_, err = s.alice.DecryptPayload(aliceKey, &bobKey.PublicKey, bobInstallationID, bobMessage1, defaultMessageID)
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
s.Require().NoError(err)
// Bob replies to the message
bobMessage2, err := s.bob.EncryptPayload(&aliceKey.PublicKey, bobKey, bobText2)
s.Require().NoError(err)
// Alice sends a message
aliceMessage2, err := s.alice.EncryptPayload(&bobKey.PublicKey, aliceKey, aliceText2)
s.Require().NoError(err)
// Alice receives the message
Add confirm messages processed by ID (#1375) Currently PFS messages are decrypted and therefore modified before being passed to the client. This make IDs computation difficult, as we pass the whole object to the client and expect the object be passed back once confirmed. This changes the behavior allowing confirmation by ID, which is passed to the client instead of the raw object. This is a breaking change, but status-react is already forward compatible.
2019-02-19 12:58:42 +00:00
_, err = s.alice.DecryptPayload(aliceKey, &bobKey.PublicKey, bobInstallationID, bobMessage2, defaultMessageID)
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
s.Require().NoError(err)
// Bob receives the message
Add confirm messages processed by ID (#1375) Currently PFS messages are decrypted and therefore modified before being passed to the client. This make IDs computation difficult, as we pass the whole object to the client and expect the object be passed back once confirmed. This changes the behavior allowing confirmation by ID, which is passed to the client instead of the raw object. This is a breaking change, but status-react is already forward compatible.
2019-02-19 12:58:42 +00:00
_, err = s.bob.DecryptPayload(bobKey, &aliceKey.PublicKey, aliceInstallationID, aliceMessage2, defaultMessageID)
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
s.Require().NoError(err)
}
func publisher(
e *EncryptionService,
privateKey *ecdsa.PrivateKey,
publicKey *ecdsa.PublicKey,
errChan chan error,
output chan map[string]*DirectMessageProtocol,
) {
var wg sync.WaitGroup
for i := 0; i < 200; i++ {
// Simulate 5% of the messages dropped
if rand.Intn(100) <= 95 {
wg.Add(1)
// Simulate out of order messages
go func() {
defer wg.Done()
time.Sleep(time.Duration(rand.Intn(50)) * time.Millisecond)
response, err := e.EncryptPayload(publicKey, privateKey, cleartext)
if err != nil {
errChan <- err
return
}
output <- response
}()
}
}
wg.Wait()
close(output)
close(errChan)
}
func receiver(
s *EncryptionService,
privateKey *ecdsa.PrivateKey,
publicKey *ecdsa.PublicKey,
Add bundles.added signal & pairing endpoint (#1237)
2018-10-16 10:31:05 +00:00
installationID string,
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
errChan chan error,
input chan map[string]*DirectMessageProtocol,
) {
i := 0
for payload := range input {
Add confirm messages processed by ID (#1375) Currently PFS messages are decrypted and therefore modified before being passed to the client. This make IDs computation difficult, as we pass the whole object to the client and expect the object be passed back once confirmed. This changes the behavior allowing confirmation by ID, which is passed to the client instead of the raw object. This is a breaking change, but status-react is already forward compatible.
2019-02-19 12:58:42 +00:00
actualCleartext, err := s.DecryptPayload(privateKey, publicKey, installationID, payload, defaultMessageID)
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
if err != nil {
errChan <- err
return
}
if !reflect.DeepEqual(actualCleartext, cleartext) {
errChan <- errors.New("Decrypted value does not match")
return
}
i++
}
close(errChan)
}
func (s *EncryptionServiceTestSuite) TestRandomised() {
seed := time.Now().UTC().UnixNano()
rand.Seed(seed)
// Print so that if it fails it can be replicated
fmt.Printf("Starting test with seed: %x\n", seed)
bobKey, err := crypto.GenerateKey()
s.Require().NoError(err)
aliceKey, err := crypto.GenerateKey()
s.Require().NoError(err)
// Create a bundle
bobBundle, err := s.bob.CreateBundle(bobKey)
s.Require().NoError(err)
// We add bob bundle
Add bundles.added signal & pairing endpoint (#1237)
2018-10-16 10:31:05 +00:00
_, err = s.alice.ProcessPublicBundle(aliceKey, bobBundle)
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
s.Require().NoError(err)
// Create a bundle
aliceBundle, err := s.alice.CreateBundle(aliceKey)
s.Require().NoError(err)
// We add alice bundle
Add bundles.added signal & pairing endpoint (#1237)
2018-10-16 10:31:05 +00:00
_, err = s.bob.ProcessPublicBundle(bobKey, aliceBundle)
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
s.Require().NoError(err)
aliceChan := make(chan map[string]*DirectMessageProtocol, 100)
bobChan := make(chan map[string]*DirectMessageProtocol, 100)
alicePublisherErrChan := make(chan error, 1)
bobPublisherErrChan := make(chan error, 1)
aliceReceiverErrChan := make(chan error, 1)
bobReceiverErrChan := make(chan error, 1)
// Set up alice publishe
go publisher(s.alice, aliceKey, &bobKey.PublicKey, alicePublisherErrChan, bobChan)
// Set up bob publisher
go publisher(s.bob, bobKey, &aliceKey.PublicKey, bobPublisherErrChan, aliceChan)
// Set up bob receiver
Add bundles.added signal & pairing endpoint (#1237)
2018-10-16 10:31:05 +00:00
go receiver(s.bob, bobKey, &aliceKey.PublicKey, aliceInstallationID, bobReceiverErrChan, bobChan)
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
// Set up alice receiver
Add bundles.added signal & pairing endpoint (#1237)
2018-10-16 10:31:05 +00:00
go receiver(s.alice, aliceKey, &bobKey.PublicKey, bobInstallationID, aliceReceiverErrChan, aliceChan)
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
aliceErr := <-alicePublisherErrChan
s.Require().NoError(aliceErr)
bobErr := <-bobPublisherErrChan
s.Require().NoError(bobErr)
aliceErr = <-aliceReceiverErrChan
s.Require().NoError(aliceErr)
bobErr = <-bobReceiverErrChan
s.Require().NoError(bobErr)
}
// Edge cases
// The bundle is lost
func (s *EncryptionServiceTestSuite) TestBundleNotExisting() {
aliceText := []byte("alice text")
bobKey, err := crypto.GenerateKey()
s.Require().NoError(err)
aliceKey, err := crypto.GenerateKey()
s.Require().NoError(err)
// Create a bundle without saving it
bobBundleContainer, err := NewBundleContainer(bobKey, bobInstallationID)
s.Require().NoError(err)
err = SignBundle(bobKey, bobBundleContainer)
s.Require().NoError(err)
bobBundle := bobBundleContainer.GetBundle()
// We add bob bundle
Add bundles.added signal & pairing endpoint (#1237)
2018-10-16 10:31:05 +00:00
_, err = s.alice.ProcessPublicBundle(aliceKey, bobBundle)
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
s.Require().NoError(err)
// Alice sends a message
aliceMessage, err := s.alice.EncryptPayload(&bobKey.PublicKey, aliceKey, aliceText)
s.Require().NoError(err)
// Bob receives the message, and returns a bundlenotfound error
Add confirm messages processed by ID (#1375) Currently PFS messages are decrypted and therefore modified before being passed to the client. This make IDs computation difficult, as we pass the whole object to the client and expect the object be passed back once confirmed. This changes the behavior allowing confirmation by ID, which is passed to the client instead of the raw object. This is a breaking change, but status-react is already forward compatible.
2019-02-19 12:58:42 +00:00
_, err = s.bob.DecryptPayload(bobKey, &aliceKey.PublicKey, aliceInstallationID, aliceMessage, defaultMessageID)
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
s.Require().Error(err)
s.Equal(ErrSessionNotFound, err)
}
Notify user when the device is missing (#1298) * Notify user when the device is missing * Update services/shhext/chat/encryption.go Co-Authored-By: cammellos <andrea.maria.piana@gmail.com>
2018-12-05 08:22:49 +00:00
// Device is not included in the bundle
func (s *EncryptionServiceTestSuite) TestDeviceNotIncluded() {
bobDevice2InstallationID := "bob2"
bobKey, err := crypto.GenerateKey()
s.Require().NoError(err)
aliceKey, err := crypto.GenerateKey()
s.Require().NoError(err)
// Create a bundle without saving it
bobBundleContainer, err := NewBundleContainer(bobKey, bobDevice2InstallationID)
s.Require().NoError(err)
err = SignBundle(bobKey, bobBundleContainer)
s.Require().NoError(err)
bobBundle := bobBundleContainer.GetBundle()
// We add bob bundle
_, err = s.alice.ProcessPublicBundle(aliceKey, bobBundle)
s.Require().NoError(err)
// Alice sends a message
aliceMessage, err := s.alice.EncryptPayload(&bobKey.PublicKey, aliceKey, []byte("does not matter"))
s.Require().NoError(err)
// Bob receives the message, and returns a bundlenotfound error
Add confirm messages processed by ID (#1375) Currently PFS messages are decrypted and therefore modified before being passed to the client. This make IDs computation difficult, as we pass the whole object to the client and expect the object be passed back once confirmed. This changes the behavior allowing confirmation by ID, which is passed to the client instead of the raw object. This is a breaking change, but status-react is already forward compatible.
2019-02-19 12:58:42 +00:00
_, err = s.bob.DecryptPayload(bobKey, &aliceKey.PublicKey, aliceInstallationID, aliceMessage, defaultMessageID)
Notify user when the device is missing (#1298) * Notify user when the device is missing * Update services/shhext/chat/encryption.go Co-Authored-By: cammellos <andrea.maria.piana@gmail.com>
2018-12-05 08:22:49 +00:00
s.Require().Error(err)
s.Equal(ErrDeviceNotFound, err)
}
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
// A new bundle has been received
func (s *EncryptionServiceTestSuite) TestRefreshedBundle() {
Add versioning & tests, migrate db files (#1293) We are preparing for the release of this to general public, so a few things have been added: 1) Add versioning for bundles, and make refresh interval configurable 2) Move files to installationID so no metadata is leaked 3) Re-key using user password db
2018-11-28 11:34:39 +00:00
config := DefaultEncryptionServiceConfig("none")
// Set up refresh interval to "always"
config.BundleRefreshInterval = 1000
s.initDatabases(&config)
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
bobKey, err := crypto.GenerateKey()
s.Require().NoError(err)
aliceKey, err := crypto.GenerateKey()
s.Require().NoError(err)
// Create bundles
Add versioning & tests, migrate db files (#1293) We are preparing for the release of this to general public, so a few things have been added: 1) Add versioning for bundles, and make refresh interval configurable 2) Move files to installationID so no metadata is leaked 3) Re-key using user password db
2018-11-28 11:34:39 +00:00
bobBundle1, err := s.bob.CreateBundle(bobKey)
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
s.Require().NoError(err)
Add versioning & tests, migrate db files (#1293) We are preparing for the release of this to general public, so a few things have been added: 1) Add versioning for bundles, and make refresh interval configurable 2) Move files to installationID so no metadata is leaked 3) Re-key using user password db
2018-11-28 11:34:39 +00:00
s.Require().Equal(uint32(1), bobBundle1.GetSignedPreKeys()[bobInstallationID].GetVersion())
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
Add versioning & tests, migrate db files (#1293) We are preparing for the release of this to general public, so a few things have been added: 1) Add versioning for bundles, and make refresh interval configurable 2) Move files to installationID so no metadata is leaked 3) Re-key using user password db
2018-11-28 11:34:39 +00:00
// Sleep the required time so that bundle is refreshed
time.Sleep(time.Duration(config.BundleRefreshInterval) * time.Millisecond)
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
Add versioning & tests, migrate db files (#1293) We are preparing for the release of this to general public, so a few things have been added: 1) Add versioning for bundles, and make refresh interval configurable 2) Move files to installationID so no metadata is leaked 3) Re-key using user password db
2018-11-28 11:34:39 +00:00
// Create bundles
bobBundle2, err := s.bob.CreateBundle(bobKey)
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
s.Require().NoError(err)
Add versioning & tests, migrate db files (#1293) We are preparing for the release of this to general public, so a few things have been added: 1) Add versioning for bundles, and make refresh interval configurable 2) Move files to installationID so no metadata is leaked 3) Re-key using user password db
2018-11-28 11:34:39 +00:00
s.Require().Equal(uint32(2), bobBundle2.GetSignedPreKeys()[bobInstallationID].GetVersion())
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
// We add the first bob bundle
Add versioning & tests, migrate db files (#1293) We are preparing for the release of this to general public, so a few things have been added: 1) Add versioning for bundles, and make refresh interval configurable 2) Move files to installationID so no metadata is leaked 3) Re-key using user password db
2018-11-28 11:34:39 +00:00
_, err = s.alice.ProcessPublicBundle(aliceKey, bobBundle1)
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
s.Require().NoError(err)
// Alice sends a message
encryptionResponse1, err := s.alice.EncryptPayload(&bobKey.PublicKey, aliceKey, []byte("anything"))
s.Require().NoError(err)
installationResponse1 := encryptionResponse1[bobInstallationID]
s.Require().NotNil(installationResponse1)
// This message is using bobBundle1
x3dhHeader1 := installationResponse1.GetX3DHHeader()
s.NotNil(x3dhHeader1)
Add versioning & tests, migrate db files (#1293) We are preparing for the release of this to general public, so a few things have been added: 1) Add versioning for bundles, and make refresh interval configurable 2) Move files to installationID so no metadata is leaked 3) Re-key using user password db
2018-11-28 11:34:39 +00:00
s.Equal(bobBundle1.GetSignedPreKeys()[bobInstallationID].GetSignedPreKey(), x3dhHeader1.GetId())
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
Allow messages to be decrypted from previous bundles (#1400) Currently we only decrypt messages if received on the current bundle. This changes the behavior so that messages can be decrypted if sent to previous bundles as well, as otherwise is a bit restrictive
2019-02-28 12:09:43 +00:00
// Bob decrypts the message
_, err = s.bob.DecryptPayload(bobKey, &aliceKey.PublicKey, aliceInstallationID, encryptionResponse1, defaultMessageID)
s.Require().NoError(err)
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
// We add the second bob bundle
Add versioning & tests, migrate db files (#1293) We are preparing for the release of this to general public, so a few things have been added: 1) Add versioning for bundles, and make refresh interval configurable 2) Move files to installationID so no metadata is leaked 3) Re-key using user password db
2018-11-28 11:34:39 +00:00
_, err = s.alice.ProcessPublicBundle(aliceKey, bobBundle2)
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
s.Require().NoError(err)
// Alice sends a message
encryptionResponse2, err := s.alice.EncryptPayload(&bobKey.PublicKey, aliceKey, []byte("anything"))
s.Require().NoError(err)
installationResponse2 := encryptionResponse2[bobInstallationID]
s.Require().NotNil(installationResponse2)
// This message is using bobBundle2
x3dhHeader2 := installationResponse2.GetX3DHHeader()
s.NotNil(x3dhHeader2)
Add versioning & tests, migrate db files (#1293) We are preparing for the release of this to general public, so a few things have been added: 1) Add versioning for bundles, and make refresh interval configurable 2) Move files to installationID so no metadata is leaked 3) Re-key using user password db
2018-11-28 11:34:39 +00:00
s.Equal(bobBundle2.GetSignedPreKeys()[bobInstallationID].GetSignedPreKey(), x3dhHeader2.GetId())
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
Allow messages to be decrypted from previous bundles (#1400) Currently we only decrypt messages if received on the current bundle. This changes the behavior so that messages can be decrypted if sent to previous bundles as well, as otherwise is a bit restrictive
2019-02-28 12:09:43 +00:00
// Bob decrypts the message
_, err = s.bob.DecryptPayload(bobKey, &aliceKey.PublicKey, aliceInstallationID, encryptionResponse2, defaultMessageID)
s.Require().NoError(err)
Add x3dh key exchange (#1127) * Add x3dh key exchange * Encrypt using the double ratchet * Multi device with auto-pairing * Add pfs enabled flag
2018-09-24 18:07:34 +00:00
}
Add confirm messages processed by ID (#1375) Currently PFS messages are decrypted and therefore modified before being passed to the client. This make IDs computation difficult, as we pass the whole object to the client and expect the object be passed back once confirmed. This changes the behavior allowing confirmation by ID, which is passed to the client instead of the raw object. This is a breaking change, but status-react is already forward compatible.
2019-02-19 12:58:42 +00:00
func (s *EncryptionServiceTestSuite) TestMessageConfirmation() {
bobText1 := []byte("bob text 1")
bobKey, err := crypto.GenerateKey()
s.Require().NoError(err)
aliceKey, err := crypto.GenerateKey()
s.Require().NoError(err)
// Create a bundle
bobBundle, err := s.bob.CreateBundle(bobKey)
s.Require().NoError(err)
// We add bob bundle
_, err = s.alice.ProcessPublicBundle(aliceKey, bobBundle)
s.Require().NoError(err)
// Create a bundle
aliceBundle, err := s.alice.CreateBundle(aliceKey)
s.Require().NoError(err)
// We add alice bundle
_, err = s.bob.ProcessPublicBundle(bobKey, aliceBundle)
s.Require().NoError(err)
// Bob sends a message
bobMessage1, err := s.bob.EncryptPayload(&aliceKey.PublicKey, bobKey, bobText1)
s.Require().NoError(err)
bobMessage1ID := []byte("bob-message-1-id")
// Alice receives the message once
_, err = s.alice.DecryptPayload(aliceKey, &bobKey.PublicKey, bobInstallationID, bobMessage1, bobMessage1ID)
s.Require().NoError(err)
// Alice receives the message twice
_, err = s.alice.DecryptPayload(aliceKey, &bobKey.PublicKey, bobInstallationID, bobMessage1, bobMessage1ID)
s.Require().NoError(err)
// Alice confirms the message
err = s.alice.ConfirmMessagesProcessed([][]byte{bobMessage1ID})
s.Require().NoError(err)
// Alice decrypts it again, it should fail
_, err = s.alice.DecryptPayload(aliceKey, &bobKey.PublicKey, bobInstallationID, bobMessage1, bobMessage1ID)
s.Require().Equal(errors.New("can't skip current chain message keys: bad until: probably an out-of-order message that was deleted"), err)
// Bob sends a message
bobMessage2, err := s.bob.EncryptPayload(&aliceKey.PublicKey, bobKey, bobText1)
s.Require().NoError(err)
bobMessage2ID := []byte("bob-message-2-id")
// Bob sends a message
bobMessage3, err := s.bob.EncryptPayload(&aliceKey.PublicKey, bobKey, bobText1)
s.Require().NoError(err)
bobMessage3ID := []byte("bob-message-3-id")
// Alice receives message 3 once
_, err = s.alice.DecryptPayload(aliceKey, &bobKey.PublicKey, bobInstallationID, bobMessage3, bobMessage3ID)
s.Require().NoError(err)
// Alice receives message 3 twice
_, err = s.alice.DecryptPayload(aliceKey, &bobKey.PublicKey, bobInstallationID, bobMessage3, bobMessage3ID)
s.Require().NoError(err)
// Alice receives message 2 once
_, err = s.alice.DecryptPayload(aliceKey, &bobKey.PublicKey, bobInstallationID, bobMessage2, bobMessage2ID)
s.Require().NoError(err)
// Alice receives message 2 twice
_, err = s.alice.DecryptPayload(aliceKey, &bobKey.PublicKey, bobInstallationID, bobMessage2, bobMessage2ID)
s.Require().NoError(err)
// Alice confirms the messages
err = s.alice.ConfirmMessagesProcessed([][]byte{bobMessage2ID, bobMessage3ID})
s.Require().NoError(err)
// Alice decrypts it again, it should fail
_, err = s.alice.DecryptPayload(aliceKey, &bobKey.PublicKey, bobInstallationID, bobMessage3, bobMessage3ID)
s.Require().Equal(errors.New("can't skip current chain message keys: bad until: probably an out-of-order message that was deleted"), err)
// Alice decrypts it again, it should fail
_, err = s.alice.DecryptPayload(aliceKey, &bobKey.PublicKey, bobInstallationID, bobMessage2, bobMessage2ID)
s.Require().Equal(errors.New("can't skip current chain message keys: bad until: probably an out-of-order message that was deleted"), err)
}