What is the proper way for app to handle when there is CorruptedOmemoKeyException in user own omemo device identityKeyPair.
In aTalk implementation of the override smack omemo method i.e.
public IdentityKeyPair loadOmemoIdentityKeyPair(OmemoDevice userDevice)
It throws CorruptedOmemoKeyException back to the caller when the user Omemo IdentityKeyPair is corrupted. I found that the problem persists even when aTalk is relaunched.
Does smack omemo attempts to correct this problem e.g. regenerate a new omemo device automatically? and how to enable this if provided.
Or the app has to alert user to perform the “Regenerate OMEMO identities” manually.
01-20 16:30:39.381 13892-17239/org.atalk.android W/(SQLiteOmemoStore.java:353)#loadOmemoIdentityKeyPair: Corrupted Omemo IdentityKeyPair: Invalid IdentityKeyPairs for omemoDevice: kingfisher@atalk.sytes.net:404190446.
Exception: com.google.protobuf.InvalidProtocolBufferException: Protocol message contained an invalid tag (zero)..
java.lang.Exception
at org.atalk.crypto.omemo.SQLiteOmemoStore.loadOmemoIdentityKeyPair(SQLiteOmemoStore.java:353)
at org.atalk.crypto.omemo.SQLiteOmemoStore.loadOmemoIdentityKeyPair(SQLiteOmemoStore.java:62)
at org.jivesoftware.smackx.omemo.signal.SignalOmemoStoreConnector.getIdentityKeyPair(SignalOmemoStoreConnector.java:82)
at org.whispersystems.libsignal.SessionBuilder.processV3(SessionBuilder.java:129)
at org.whispersystems.libsignal.SessionBuilder.process(SessionBuilder.java:107)
at org.whispersystems.libsignal.SessionCipher.decrypt(SessionCipher.java:180)
at org.whispersystems.libsignal.SessionCipher.decrypt(SessionCipher.java:150)
at org.jivesoftware.smackx.omemo.signal.SignalOmemoRatchet.doubleRatchetDecrypt(SignalOmemoRatchet.java:101)
at org.jivesoftware.smackx.omemo.OmemoRatchet.retrieveMessageKeyAndAuthTag(OmemoRatchet.java:107)
at org.jivesoftware.smackx.omemo.OmemoService.decryptMessage(OmemoService.java:457)
at org.jivesoftware.smackx.omemo.OmemoService.onOmemoMessageStanzaReceived(OmemoService.java:1192)
at org.jivesoftware.smackx.omemo.OmemoManager$3.run(OmemoManager.java:959)
at java.lang.Thread.run(Thread.java:818)
01-20 16:30:39.381 13892-13948/org.atalk.android D/SMACK: SENT (0):
<message to='swordfish@atalk.sytes.net/atalk' type='chat'>
<received xmlns='urn:xmpp:receipts' id='1611131438496192301317'/>
<origin-id xmlns='urn:xmpp:sid:0' id='1XVC-NLZD-KPT9-1'/>
</message>
01-20 16:30:39.391 13892-13948/org.atalk.android D/SMACK: SENT (0):
<r xmlns='urn:xmpp:sm:3'/>
01-20 16:30:39.401 13892-17239/org.atalk.android E/aTalk: [5] org.jivesoftware.smackx.omemo.signal.SignalOmemoStoreConnector.getIdentityKeyPair() IdentityKeyPair seems to be invalid.
org.jivesoftware.smackx.omemo.exceptions.CorruptedOmemoKeyException: Invalid IdentityKeyPairs for omemoDevice: kingfisher@atalk.sytes.net:404190446.
Exception: com.google.protobuf.InvalidProtocolBufferException: Protocol message contained an invalid tag (zero)..
at org.atalk.crypto.omemo.SQLiteOmemoStore.loadOmemoIdentityKeyPair(SQLiteOmemoStore.java:354)
at org.atalk.crypto.omemo.SQLiteOmemoStore.loadOmemoIdentityKeyPair(SQLiteOmemoStore.java:62)
at org.jivesoftware.smackx.omemo.signal.SignalOmemoStoreConnector.getIdentityKeyPair(SignalOmemoStoreConnector.java:82)
at org.whispersystems.libsignal.SessionBuilder.processV3(SessionBuilder.java:129)
at org.whispersystems.libsignal.SessionBuilder.process(SessionBuilder.java:107)
at org.whispersystems.libsignal.SessionCipher.decrypt(SessionCipher.java:180)
at org.whispersystems.libsignal.SessionCipher.decrypt(SessionCipher.java:150)
at org.jivesoftware.smackx.omemo.signal.SignalOmemoRatchet.doubleRatchetDecrypt(SignalOmemoRatchet.java:101)
at org.jivesoftware.smackx.omemo.OmemoRatchet.retrieveMessageKeyAndAuthTag(OmemoRatchet.java:107)
at org.jivesoftware.smackx.omemo.OmemoService.decryptMessage(OmemoService.java:457)
at org.jivesoftware.smackx.omemo.OmemoService.onOmemoMessageStanzaReceived(OmemoService.java:1192)
at org.jivesoftware.smackx.omemo.OmemoManager$3.run(OmemoManager.java:959)
at java.lang.Thread.run(Thread.java:818)
01-20 16:30:39.401 13892-17239/org.atalk.android E/(UtilActivator.java:90)#uncaughtException: An uncaught exception occurred in thread = Thread[Thread-1647,5,main] and message was: Null value!
java.lang.IllegalArgumentException: Null value!
at org.whispersystems.libsignal.ratchet.BobSignalProtocolParameters.<init>(BobSignalProtocolParameters.java:38)
at org.whispersystems.libsignal.ratchet.BobSignalProtocolParameters$Builder.create(BobSignalProtocolParameters.java:110)
at org.whispersystems.libsignal.SessionBuilder.processV3(SessionBuilder.java:141)
at org.whispersystems.libsignal.SessionBuilder.process(SessionBuilder.java:107)
at org.whispersystems.libsignal.SessionCipher.decrypt(SessionCipher.java:180)
at org.whispersystems.libsignal.SessionCipher.decrypt(SessionCipher.java:150)
at org.jivesoftware.smackx.omemo.signal.SignalOmemoRatchet.doubleRatchetDecrypt(SignalOmemoRatchet.java:101)
at org.jivesoftware.smackx.omemo.OmemoRatchet.retrieveMessageKeyAndAuthTag(OmemoRatchet.java:107)
at org.jivesoftware.smackx.omemo.OmemoService.decryptMessage(OmemoService.java:457)
at org.jivesoftware.smackx.omemo.OmemoService.onOmemoMessageStanzaReceived(OmemoService.java:1192)
at org.jivesoftware.smackx.omemo.OmemoManager$3.run(OmemoManager.java:959)
at java.lang.Thread.run(Thread.java:818)
No, Smack does no attempt to resolve this issue automatically.
Normally this issue does not happen, so I have no experience with this error.
You could catch the exception and generate a new Identity+bundle etc. but I’d rather suggest you to investigate the cause of this issue instead, as it would not be desirable for the user to suddenly have another identity key + fingerprint.
The problem is the CorruptedOmemoKeyException just happen randomly even under normal use. In fact the discussion raised in the issue, is my Note-3 starts to experience this problem for no apparent reason.
The omemoDevice IdentityKeyPair is stored in the “identityKey” table together with all other contacts’ IdentityKeys, including the active state. I found that smack omemo makes very frequent and duplicated access to this table in “storeCachedDeviceList”; to update the active state during aTalk startup and during normal use (whenever a contact chat session is opened). Actually I was a bit worry why smack omemo makes such a frequent update to the table; as this may lead to data corruption. I am not sure what can be done on aTalk side to reduce this number of access to update the database.
Also I really hope smack omemo can provide a public function for app to call to perform
“Regenerate OMEMO identities”. aTalk has been struggled to implement this method, but still cannot find a proper way to do this. Interact with smack omemo to create this function like playing cat and mouse games e.g. aTalk has deleted all the obsoleted omemo key, but smack keeps adding them back.
328590658 & 1493281785 are both obsoleted and deleted by aTalk; it has been replaced with new generated key 917987258. But at the end of the “regenerate” process, they get reinserted into the identities table by the two storeCachedDeviceList below.
I believe this is the source of your issues.
Own keys and contacts keys should be stored in different tables.
KeyPairs != Keys.
aTalk identities table implementation follows conversation, where both the own omemo device IdentityKeyPairs is stored in the same table with the contacts’ identities; with the understanding that own omemo device should not contains both IdentityKeyPair and IdentityKey.