support for OMEMO encryption

[georgehazan]

Reported by plahh on 10 Feb 2016 15:41 UTC
as requested in this thread
here is the ticket :)

http://conversations.im/omemo/
https://en.wikipedia.org/wiki/OMEMO_%28encryption%29

gajim already got a plugin. code here

[georgehazan]

Comment by sss_sss on 8 Sep 2016 20:17 UTC
i am on it

[georgehazan]

Comment by sss_sss on 24 Sep 2016 06:08 UTC
нужно больше золота....

[LittleVulpix]

@sss123next , tagging you with this ticket since you said you are now working on it. :)

[dreamflasher]

@georgehazan @sss123next Is there any status update for us? :)

[georgehazan]

doesn't it work? in the dev version, of course

[sergeevabc]

Do you believe current implementation with the following todo is cooked enough to be used in production?

TODO:

1. fix AES-128 GCM in 4.5 implementation
2. handle prekeys properly (cleanup after first use, create new keys)
3. reimplement session initialization without loosing first message (incomming + outgoing)
4. fingerprints/keys management ui
5. per-contact encryption settings (enable/disable for one contact)

[georgehazan]

you better ask @sss123next about it

[dreamflasher]

@georgehazan No it doesn't. I found this thread where he apparently writes updates: http://forum.miranda-ng.org/index.php?topic=4506.30 -- but how exactly am I supposed to retrieve the plugin with his commits? It is said somewhere that it's supposed to be in "dev" Miranda, but there is apparently currently none: http://www.miranda-im.org/development/
I have the latest Miranda, with the latest jabber plugin and I don't see any possibility to use Omemo.

[LittleVulpix]

@dreamflasher That's MirandaIM which is pretty dead. This is miranda NG where the changes are taking place. Get the latest dev version from here: http://www.miranda-ng.org/en/downloads/ , if you want to migrate from IM to NG, there is a nice article on our wiki. Make sure to backup everything beforehand.

[dreamflasher]

@LittleVulpix Ah bummer! I first tried with Miranda NG, but it didn't work there, so then I tried Miranda. I have switched to Miranda NG a while ago, but when I now checked
http://www.miranda-ng.org/en/downloads/ "17.6.2016 New stable build released, 0.95.5"
http://www.miranda-im.org/ "Miranda IM v0.10.70 Released June 06, 2017"
So I thought Miranda would be more current than Miranda NG again.
But yeah, same with me for Miranda NG: I have the development version from the place you wrote, and Omemo doesn't work. I have a chat with Omemo on conversations/gajim, and I don't get the messages on Miranda, also Miranda doesn't announce itself as Omemo capable. How do I activate it? Is there any manual anywhere?

[LittleVulpix]

@dreamflasher

Yes, there is a way to toggle it on. As long as you are on the dev version of miranda, go to main miranda options menu, type network into the search box, find the name of the network you want to modify (the internal name you gave it, probably jabber if you haven't changed anything), go into advanced and scroll at the very bottom - there is an option to enable Omemo.

And yeah, there hasn't been a stable release in a while - but the dev branch is safe for the most part.

See screencap from my miranda:

[dreamflasher]

@LittleVulpix Thank you very much! I was able to active it (although activating crashed Miranda NG).
Then I tried do start a conversation with an Omemo contact, it asks to create a new session, but the messages aren't received by the other end. Also new messages aren't received by Miranda NG.

[LittleVulpix]

@dreamflasher Ahh, I don't use Omemo myself, so I never tested it. I guess this is a question for @sss123next since he is developing the omemo plugin. Sorry it didn't work! :(

[dreamflasher]

@LittleVulpix You were very helpful in setting things up, so thank you very much for that!
Maybe @sss123next can take over with the bugs? :)

[sss123next]

hmm.
i have tested it with success.
one thing which is not done properly yet - is aes128gcm tagging (verification always fail in my case), but actual encryption/decryption work fine.
other TODO entries is convenience mostly, not XEP implementation related.
i will recheck it.
crashes are completely unexpected behavior.
i will investigate it.

[sss123next]

i have done quick tests. all looks normal screenshot . so i need more info. check miranda console, it may have useful readable debug messages, also check xml console, i am also need crashlogs, backtraces e.t.c. in case of crash.

[wiktor-k]

I'm getting Delivery failure: No valid OMEMO session exists when sending a message to OMEMO-enabled contact. Are there any other options/actions besides Network/Advanced/Use OMEMO?

I'm using stock Miranda NG 0.95.6 64bit.

[wiktor-k]

@sss123next I downloaded the version from https://www.miranda-ng.org/distr/miranda-ng-alpha-latest_x64.7z

Unfortunately the error still exists (Delivery failure: No valid OMEMO session exists). Plugins page shows jabber.dll version 0.11.0.5. Is it possible that this is related to contact using Prosody that does not persist PubSub items (so that keys could be removed after restart)?

Do I need to create new profile from scratch or should the update (overwrite all files) take care of everything?

[dryo]

I too have Problems: I'm sending messages but the other party does not receive/see them. When the other party sends me a message I get this:

I sent you an OMEMO encrypted message but your client doesn’t seem to support that. Find more information on https://conversations.im/omemo

The receiving end uses conversations and I had an OMEMO encrypted session also with conversations with the receiver earlier. The receiver probably did not close the app in the meantime. Maybe this is relevant.

Network log says this when receiving:

[14:57:59 1F90] [***@***] Inflate: Z_OK
[14:57:59 1F90] [***@***] (ZLIB) Data received
<message to='***@***/***' from='***@***/mobile' type='chat' id='757eb832-6ec9-4490-9871-c423c84b27ae'><encrypted xmlns='eu.siacs.conversations.axolotl'><header sid='1511459254'><key prekey='true' rid='214083405'>MwhhEiEF3lJUNCjrDBXi3Ghv0goXqOMtET9gISTo6zv9QujIMgUaIQXd3hQ3L/wRegQTlMS3Sj3nPpz+S/8VjYtn7scY33AeXCJiMwohBT5RTQ+yJojmHKzvZPCykiGDZ7hzuoydd6YwYQwL/KVPEAEYACIwVtj2AxqtDdMMD4oY/ehMBqXs7E+vqD0POVkIaD0U89N9Gpz7gFLRWAGhUgHWs4MWWnMNihctiYAotpPc0AUwAQ==</key><iv>DF6SuD6N2G8uJnAC9CmA6w==</iv></header><payload>Zvg8vGSHLo5vUz/XmZudUsoR3WjJHg8f+hbJnmx6twmGf4QguyDHdimJWbt4YQ==</payload></encrypted><markable xmlns='urn:xmpp:chat-markers:0'/><origin-id xmlns='urn:xmpp:sid:0' id='757eb832-6ec9-4490-9871-c423c84b27ae'/><store xmlns='urn:xmpp:hints'/><encryption xmlns='urn:xmpp:eme:0' namespace='eu.siacs.conversations.axolotl' name='OMEMO'/><body>I sent you an OMEMO encrypted message but your client doesn’t seem to support that. Find more information on https://conversations.**/omemo</body></message>
===IN: 1022(223) bytes
[14:57:59 1F90] [***@***] recvResult = 1022
[14:57:59 1F90] [***@***] bytesParsed = 1022
[14:58:00 1F90] [***@***] Jabber OMEMO: error: session_cipher_decrypt_pre_key_signal_message failed SG_ERR_INVALID_MESSAGE
[14:58:00 1F90] [***@***] Jabber OMEMO: error: signal_message_deserialize failed with unknown error
[14:58:00 1F90] [***@***] Jabber OMEMO: error: failed to decrypt incomming message
[14:58:00 1F90] [***@***] JabberUpdateMirVer: for jid ***@***
[14:58:00 1F90] [***@***] JabberUpdateMirVer: for rc mobile: http://conversations.im#+wL56uyy89dgaGVTbnJJpkXpkIE=

Network log says this when sending:

[14:58:24 2030] [***@***] Deflate: Z_OK
[14:58:24 2030] [***@***] (ZLIB) Data sent
<message to="***@***/mobile" id="mir_28"><encrypted xmlns="eu.siacs.conversations.axolotl"><payload>kOapO3NhnifBOhSY</payload><header sid="214083405"><key rid="1511459254">MwjXHRIhBS2BelDPQ2hlaDe0pF2NYtkoE7H17DoGRXpSJxtFYVE7GiEFQqbmCQumd156Dnr7dHYsuqOPJfN8oFlkbmOSmK6gfkEiUjMKIQUWt0mm7Zrsxhj+zvockZZ5GHImMA9Fzrd7axiysD/DAhABGAAiIM3Wd/o69zoLalxhdN3Jj3A6QppAtkoQQm6t7SEhW8VIIvOUDyzr5mgozc6KZjAm</key><iv>9O0GUHl+PRYnnXir</iv></header></encrypted><store xmlns="urn:xmpp:hints"/><active xmlns="http://jabber.org/protocol/chatstates"/></message>
===OUT: 544(115) bytes
[14:58:24 11B4] [***@***] Broadcast ACK
[14:58:24 11B4] [***@***] Returning from thread

[dryo]

Addition: Also when enabling or disabling OMEMO in settings while being connected miranda crashes. Care for crash reports?

[sss123next]

sorry for delay

Unfortunately the error still exists (Delivery failure: No valid OMEMO session exists). Plugins page shows jabber.dll version 0.11.0.5. Is it possible that this is related to contact using Prosody that does not persist PubSub items (so that keys could be removed after restart)?

xml log from miranda will be helpful

Do I need to create new profile from scratch or should the update (overwrite all files) take care of everything?

all should be done automatically, but you can manually remove all omemo* in database in jabber section to be sure

The receiving end uses conversations and I had an OMEMO encrypted session also with conversations with the receiver earlier. The receiver probably did not close the app in the meantime. Maybe this is relevant.

Network log says this when receiving:

https://xmpp.org/extensions/xep-0384.html#namespaces - they broke it again...
i will rollback in next few days.

Addition: Also when enabling or disabling OMEMO in settings while being connected miranda crashes. Care for crash reports?

yes.

so, for now post crashlogs, and wait for namespace rollback, also i will reread xep again, maybe they have broke something more than this..

[sss123next]

51e27d7 - rollback to "updated" https://xmpp.org/extensions/xep-0384.html

this should resolve incompatibility with fresh implementations (also this will break compatibility with others once more)

[dartraiden]

#1215
after crash and start, OMEMO enabled in settings, but I receive

I sent you an OMEMO encrypted message but your client doesn’t seem to support that. Find more information on https://conversations.im/omemo

from contact

[sss123next]

i need xml logs.
better from both sides if possible.

[sss123next]

look on #1255 for further development

[sss123next]

current implementation is incompatible with conversation for some reason.
we constantly have SG_ERR_INVALID_MESSAGE on attempt to do session_cipher_decrypt_pre_key_signal_message on incoming prekey message from conversations

and no info on conversations side ( looks like conversations does not have any debugging at all.... )

i have redone tests with miranda<>miranda, it works.
i have done all tests with latest libsignal-protocol-c.

[Neustradamus]

OMEMO 100% works with Miranda NG?

[OmlineEditor]

Not 100% implemented OMEMO :-(
interface not yet finalized.
Is there a graphical menu where you can see and verify the keys?
I do not see the interface for normal operation.

[RIS2000]

Still no success Miranda <-> Conversations. But Gajim works pretty well, so i suppose that Miranda have some faulty implementation ((

[tigexplorer]

I've no success with Miranda <-> Conversations and Miranda <-> Dino

[Neustradamus]

@LittleVulpix, @sergeevabc, @dreamflasher, @wiktor-k, @dryo, @dartraiden, @Duke690, @OmlineEditor, @RIS2000, @tigexplorer, @gjf: Can you test the last upstream code?

@sss123next has done some changes yesterday.

The goal is to have a perfect XEP-0384 0.3.0 version:

• XEP-0384: OMEMO Encryption 0.3.0 #2719

[gjf]

@Neustradamus OMEMO still does not work with Conversations.
Psi+ does.

[ageis]

Will be eagerly tracking this.

[a11cf0]

Still doesn't seem to work with Conversations.

[dreamflasher]

I switched to beeper, which wowed me from a user experience perspective.

[Neustradamus]

@georgehazan, @sss123next: Can you look this problem please?
Thanks in advance.

[sss123next]

i will check in few days.

[OmlineEditor]

OMEMO encryption works well between:
Maranda v0.96.4 #26381 and Conversations on Android v2.12.6 (old version)
Maranda v0.96.4 #26381 and Conversations on Android v2.13.0 (new version)
Maranda v0.96.4 #26381 and Blabber.im v3.1.4 (analogue Conversations)

I do not know exactly what encryption algorithms are used there, but everything seems to work.

perhaps the problem is changing the keys in the MEMO and Miranda does not understand well that the keys need to be used by others. I had a similar problem when there were several encryption keys and some of them were not used. for Miranda, you need to hand over the ability to delete and revoke your old keys from the server.

[Neustradamus]

@OmlineEditor: For information, there is a problem in Metronome IM but it is not the problem with Miranda NG:

• Missing PEP/PubSub feature announcement maranda/metronome#549

Please, can you edit your last message?
Maranda -> Miranda NG
MEMO -> OMEMO

Note there is OMEMO 0.3.0 and the new OMEMO...

[sss123next]