Move session construction and KeyExchangeMessage into libaxolotl.

1) Add plain two-way key exchange support libaxolotl by moving
   all the KeyExchangeMessage code there.

2) Move the bulk of KeyExchangeProcessor code to libaxolotl
   for setting up sessions based on retrieved prekeys, received
   prekeybundles, or exchanged key exchange messages.

library/src/org/whispersystems/textsecure/storage/InvalidKeyIdException.java → libaxolotl/src/main/java/org/whispersystems/libaxolotl/InvalidKeyIdException.java

@@ -1,5 +1,5 @@
 /** 
- * Copyright (C) 2011 Whisper Systems
+ * Copyright (C) 2014 Open Whisper Systems
  * 
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -14,23 +14,14 @@
  * You should have received a copy of the GNU General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
-package org.whispersystems.textsecure.storage;
+package org.whispersystems.libaxolotl;
 
 public class InvalidKeyIdException extends Exception {
-
-  public InvalidKeyIdException() {
-  }
-
   public InvalidKeyIdException(String detailMessage) {
     super(detailMessage);
   }
 
   public InvalidKeyIdException(Throwable throwable) {
     super(throwable);
   }
-
-  public InvalidKeyIdException(String detailMessage, Throwable throwable) {
-    super(detailMessage, throwable);
-  }
-
 }

libaxolotl/src/main/java/org/whispersystems/libaxolotl/SessionBuilder.java

@@ -0,0 +1,180 @@
+package org.whispersystems.libaxolotl;
+
+import android.util.Log;
+
+import org.whispersystems.libaxolotl.ecc.Curve;
+import org.whispersystems.libaxolotl.ecc.ECKeyPair;
+import org.whispersystems.libaxolotl.ecc.ECPublicKey;
+import org.whispersystems.libaxolotl.protocol.KeyExchangeMessage;
+import org.whispersystems.libaxolotl.protocol.PreKeyWhisperMessage;
+import org.whispersystems.libaxolotl.ratchet.RatchetingSession;
+import org.whispersystems.libaxolotl.state.IdentityKeyStore;
+import org.whispersystems.libaxolotl.state.PreKey;
+import org.whispersystems.libaxolotl.state.PreKeyRecord;
+import org.whispersystems.libaxolotl.state.PreKeyStore;
+import org.whispersystems.libaxolotl.state.SessionRecord;
+import org.whispersystems.libaxolotl.state.SessionStore;
+import org.whispersystems.libaxolotl.util.Medium;
+
+public class SessionBuilder {
+
+  private static final String TAG = SessionBuilder.class.getSimpleName();
+
+  private final SessionStore     sessionStore;
+  private final PreKeyStore      preKeyStore;
+  private final IdentityKeyStore identityKeyStore;
+  private final long             recipientId;
+  private final int              deviceId;
+
+  public SessionBuilder(SessionStore sessionStore,
+                        PreKeyStore preKeyStore,
+                        IdentityKeyStore identityKeyStore,
+                        long recipientId, int deviceId)
+  {
+    this.sessionStore     = sessionStore;
+    this.preKeyStore      = preKeyStore;
+    this.identityKeyStore = identityKeyStore;
+    this.recipientId      = recipientId;
+    this.deviceId         = deviceId;
+  }
+
+  public void process(PreKeyWhisperMessage message)
+      throws InvalidKeyIdException, InvalidKeyException
+  {
+    int         preKeyId          = message.getPreKeyId();
+    ECPublicKey theirBaseKey      = message.getBaseKey();
+    ECPublicKey theirEphemeralKey = message.getWhisperMessage().getSenderEphemeral();
+    IdentityKey theirIdentityKey  = message.getIdentityKey();
+
+    Log.w(TAG, "Received pre-key with local key ID: " + preKeyId);
+
+    if (!preKeyStore.contains(preKeyId) &&
+        sessionStore.contains(recipientId, deviceId))
+    {
+      Log.w(TAG, "We've already processed the prekey part, letting bundled message fall through...");
+      return;
+    }
+
+    if (!preKeyStore.contains(preKeyId))
+      throw new InvalidKeyIdException("No such prekey: " + preKeyId);
+
+    SessionRecord   sessionRecord        = sessionStore.get(recipientId, deviceId);
+    PreKeyRecord    preKeyRecord         = preKeyStore.load(preKeyId);
+    ECKeyPair       ourBaseKey           = preKeyRecord.getKeyPair();
+    ECKeyPair       ourEphemeralKey      = ourBaseKey;
+    IdentityKeyPair ourIdentityKey       = identityKeyStore.getIdentityKeyPair();
+    boolean         simultaneousInitiate = sessionRecord.getSessionState().hasPendingPreKey();
+
+    if (!simultaneousInitiate) sessionRecord.reset();
+    else                       sessionRecord.archiveCurrentState();
+
+    RatchetingSession.initializeSession(sessionRecord.getSessionState(),
+                                        ourBaseKey, theirBaseKey,
+                                        ourEphemeralKey, theirEphemeralKey,
+                                        ourIdentityKey, theirIdentityKey);
+
+    sessionRecord.getSessionState().setLocalRegistrationId(identityKeyStore.getLocalRegistrationId());
+    sessionRecord.getSessionState().setRemoteRegistrationId(message.getRegistrationId());
+
+    if (simultaneousInitiate) sessionRecord.getSessionState().setNeedsRefresh(true);
+
+    sessionStore.put(recipientId, deviceId, sessionRecord);
+
+    if (preKeyId != Medium.MAX_VALUE) {
+      preKeyStore.remove(preKeyId);
+    }
+
+    identityKeyStore.saveIdentity(recipientId, theirIdentityKey);
+  }
+
+  public void process(PreKey preKey) throws InvalidKeyException {
+    SessionRecord   sessionRecord     = sessionStore.get(recipientId, deviceId);
+    ECKeyPair       ourBaseKey        = Curve.generateKeyPair(true);
+    ECKeyPair       ourEphemeralKey   = Curve.generateKeyPair(true);
+    ECPublicKey     theirBaseKey      = preKey.getPublicKey();
+    ECPublicKey     theirEphemeralKey = theirBaseKey;
+    IdentityKey     theirIdentityKey  = preKey.getIdentityKey();
+    IdentityKeyPair ourIdentityKey    = identityKeyStore.getIdentityKeyPair();
+
+    if (sessionRecord.getSessionState().getNeedsRefresh()) sessionRecord.archiveCurrentState();
+    else                                                   sessionRecord.reset();
+
+    RatchetingSession.initializeSession(sessionRecord.getSessionState(),
+                                        ourBaseKey, theirBaseKey, ourEphemeralKey,
+                                        theirEphemeralKey, ourIdentityKey, theirIdentityKey);
+
+    sessionRecord.getSessionState().setPendingPreKey(preKey.getKeyId(), ourBaseKey.getPublicKey());
+    sessionRecord.getSessionState().setLocalRegistrationId(identityKeyStore.getLocalRegistrationId());
+    sessionRecord.getSessionState().setRemoteRegistrationId(preKey.getRegistrationId());
+
+    sessionStore.put(recipientId, deviceId, sessionRecord);
+
+    identityKeyStore.saveIdentity(recipientId, preKey.getIdentityKey());
+  }
+
+  public KeyExchangeMessage process(KeyExchangeMessage message) throws InvalidKeyException {
+    KeyExchangeMessage responseMessage = null;
+    SessionRecord      sessionRecord   = sessionStore.get(recipientId, deviceId);
+
+    Log.w(TAG, "Received key exchange with sequence: " + message.getSequence());
+
+    if (message.isInitiate()) {
+      ECKeyPair       ourBaseKey, ourEphemeralKey;
+      IdentityKeyPair ourIdentityKey;
+
+      int flags = KeyExchangeMessage.RESPONSE_FLAG;
+
+      Log.w(TAG, "KeyExchange is an initiate.");
+
+      if (!sessionRecord.getSessionState().hasPendingKeyExchange()) {
+        Log.w(TAG, "We don't have a pending initiate...");
+        ourBaseKey      = Curve.generateKeyPair(true);
+        ourEphemeralKey = Curve.generateKeyPair(true);
+        ourIdentityKey  = identityKeyStore.getIdentityKeyPair();
+
+        sessionRecord.getSessionState().setPendingKeyExchange(message.getSequence(), ourBaseKey,
+                                                              ourEphemeralKey, ourIdentityKey);
+      } else {
+        Log.w(TAG, "We already have a pending initiate, responding as simultaneous initiate...");
+        ourBaseKey      = sessionRecord.getSessionState().getPendingKeyExchangeBaseKey();
+        ourEphemeralKey = sessionRecord.getSessionState().getPendingKeyExchangeEphemeralKey();
+        ourIdentityKey  = sessionRecord.getSessionState().getPendingKeyExchangeIdentityKey();
+        flags          |= KeyExchangeMessage.SIMULTAENOUS_INITIATE_FLAG;
+
+        sessionRecord.getSessionState().setPendingKeyExchange(message.getSequence(), ourBaseKey,
+                                                              ourEphemeralKey, ourIdentityKey);
+      }
+
+      responseMessage = new KeyExchangeMessage(message.getSequence(),
+                                               flags, ourBaseKey.getPublicKey(),
+                                               ourEphemeralKey.getPublicKey(),
+                                               ourIdentityKey.getPublicKey());
+    }
+
+    if (message.getSequence() != sessionRecord.getSessionState().getPendingKeyExchangeSequence()) {
+      Log.w("KeyExchangeProcessor", "No matching sequence for response. " +
+          "Is simultaneous initiate response: " + message.isResponseForSimultaneousInitiate());
+      return responseMessage;
+    }
+
+    ECKeyPair       ourBaseKey      = sessionRecord.getSessionState().getPendingKeyExchangeBaseKey();
+    ECKeyPair       ourEphemeralKey = sessionRecord.getSessionState().getPendingKeyExchangeEphemeralKey();
+    IdentityKeyPair ourIdentityKey  = sessionRecord.getSessionState().getPendingKeyExchangeIdentityKey();
+
+    sessionRecord.reset();
+
+    RatchetingSession.initializeSession(sessionRecord.getSessionState(),
+                                        ourBaseKey, message.getBaseKey(),
+                                        ourEphemeralKey, message.getEphemeralKey(),
+                                        ourIdentityKey, message.getIdentityKey());
+
+    sessionRecord.getSessionState().setSessionVersion(message.getVersion());
+    sessionStore.put(recipientId, deviceId, sessionRecord);
+
+    identityKeyStore.saveIdentity(recipientId, message.getIdentityKey());
+
+    return responseMessage;
+  }
+
+
+}

src/org/thoughtcrime/securesms/crypto/protocol/KeyExchangeMessage.java → libaxolotl/src/main/java/org/whispersystems/libaxolotl/protocol/KeyExchangeMessage.java

@@ -1,7 +1,7 @@
-package org.thoughtcrime.securesms.crypto.protocol;
+package org.whispersystems.libaxolotl.protocol;
+
 
 import com.google.protobuf.ByteString;
-import com.google.protobuf.InvalidProtocolBufferException;
 
 import org.whispersystems.libaxolotl.IdentityKey;
 import org.whispersystems.libaxolotl.InvalidKeyException;
@@ -10,11 +10,7 @@
 import org.whispersystems.libaxolotl.LegacyMessageException;
 import org.whispersystems.libaxolotl.ecc.Curve;
 import org.whispersystems.libaxolotl.ecc.ECPublicKey;
-import org.whispersystems.libaxolotl.protocol.CiphertextMessage;
-import org.whispersystems.libaxolotl.protocol.WhisperProtos;
-import org.whispersystems.textsecure.util.Base64;
-import org.whispersystems.textsecure.util.Conversions;
-import org.whispersystems.textsecure.util.Util;
+import org.whispersystems.libaxolotl.util.ByteUtil;
 
 import java.io.IOException;
 
@@ -46,26 +42,24 @@ public KeyExchangeMessage(int sequence, int flags,
     this.ephemeralKey     = ephemeralKey;
     this.identityKey      = identityKey;
 
-    byte[] version = {Conversions.intsToByteHighAndLow(this.version, this.supportedVersion)};
+    byte[] version = {ByteUtil.intsToByteHighAndLow(this.version, this.supportedVersion)};
     byte[] message = WhisperProtos.KeyExchangeMessage.newBuilder()
-                                  .setId((sequence << 5) | flags)
-                                  .setBaseKey(ByteString.copyFrom(baseKey.serialize()))
-                                  .setEphemeralKey(ByteString.copyFrom(ephemeralKey.serialize()))
-                                  .setIdentityKey(ByteString.copyFrom(identityKey.serialize()))
-                                  .build().toByteArray();
+                                                     .setId((sequence << 5) | flags)
+                                                     .setBaseKey(ByteString.copyFrom(baseKey.serialize()))
+                                                     .setEphemeralKey(ByteString.copyFrom(ephemeralKey.serialize()))
+                                                     .setIdentityKey(ByteString.copyFrom(identityKey.serialize()))
+                                                     .build().toByteArray();
 
-    this.serialized = Util.combine(version, message);
+    this.serialized = ByteUtil.combine(version, message);
   }
 
-  public KeyExchangeMessage(String serializedAndEncoded)
+  public KeyExchangeMessage(byte[] serialized)
       throws InvalidMessageException, InvalidVersionException, LegacyMessageException
   {
     try {
-      byte[]   serialized = Base64.decodeWithoutPadding(serializedAndEncoded);
-      byte[][] parts      = Util.split(serialized, 1, serialized.length - 1);
-
-      this.version          = Conversions.highBitsToInt(parts[0][0]);
-      this.supportedVersion = Conversions.lowBitsToInt(parts[0][0]);
+      byte[][] parts        = ByteUtil.split(serialized, 1, serialized.length - 1);
+      this.version          = ByteUtil.highBitsToInt(parts[0][0]);
+      this.supportedVersion = ByteUtil.lowBitsToInt(parts[0][0]);
 
       if (this.version <= CiphertextMessage.UNSUPPORTED_VERSION) {
         throw new LegacyMessageException("Unsupported legacy version: " + this.version);
@@ -138,7 +132,7 @@ public int getSequence() {
     return sequence;
   }
 
-  public String serialize() {
-    return Base64.encodeBytesWithoutPadding(serialized);
+  public byte[] serialize() {
+    return serialized;
   }
 }

libaxolotl/src/main/java/org/whispersystems/libaxolotl/state/IdentityKeyStore.java

@@ -0,0 +1,12 @@
+package org.whispersystems.libaxolotl.state;
+
+import org.whispersystems.libaxolotl.IdentityKey;
+import org.whispersystems.libaxolotl.IdentityKeyPair;
+
+public interface IdentityKeyStore {
+
+  public IdentityKeyPair getIdentityKeyPair();
+  public int             getLocalRegistrationId();
+  public void            saveIdentity(long recipientId, IdentityKey identityKey);
+
+}

libaxolotl/src/main/java/org/whispersystems/libaxolotl/state/PreKey.java

@@ -0,0 +1,12 @@
+package org.whispersystems.libaxolotl.state;
+
+import org.whispersystems.libaxolotl.IdentityKey;
+import org.whispersystems.libaxolotl.ecc.ECPublicKey;
+
+public interface PreKey {
+  public int         getDeviceId();
+  public int         getKeyId();
+  public ECPublicKey getPublicKey();
+  public IdentityKey getIdentityKey();
+  public int         getRegistrationId();
+}

libaxolotl/src/main/java/org/whispersystems/libaxolotl/state/PreKeyRecord.java

@@ -0,0 +1,9 @@
+package org.whispersystems.libaxolotl.state;
+
+import org.whispersystems.libaxolotl.ecc.ECKeyPair;
+
+public interface PreKeyRecord {
+  public int       getId();
+  public ECKeyPair getKeyPair();
+  public byte[]    serialize();
+}

libaxolotl/src/main/java/org/whispersystems/libaxolotl/state/PreKeyStore.java

@@ -0,0 +1,12 @@
+package org.whispersystems.libaxolotl.state;
+
+import org.whispersystems.libaxolotl.InvalidKeyIdException;
+
+public interface PreKeyStore {
+
+  public PreKeyRecord load(int preKeyId) throws InvalidKeyIdException;
+  public void         store(int preKeyId, PreKeyRecord record);
+  public boolean      contains(int preKeyId);
+  public void         remove(int preKeyId);
+
+}

library/src/org/whispersystems/textsecure/util/Medium.java → libaxolotl/src/main/java/org/whispersystems/libaxolotl/util/Medium.java

@@ -1,4 +1,4 @@
-package org.whispersystems.textsecure.util;
+package org.whispersystems.libaxolotl.util;
 
 public class Medium {
   public static int MAX_VALUE = 0xFFFFFF;