Smack 4.4.0 What is the proper way for app to handle when there is Corrupted OmemoKey Exception in user own omemo device

cmeng · January 20, 2021, 8:33am

What is the proper way for app to handle when there is CorruptedOmemoKeyException in user own omemo device identityKeyPair.

In aTalk implementation of the override smack omemo method i.e.

public IdentityKeyPair loadOmemoIdentityKeyPair(OmemoDevice userDevice)

It throws CorruptedOmemoKeyException back to the caller when the user Omemo IdentityKeyPair is corrupted. I found that the problem persists even when aTalk is relaunched.

Does smack omemo attempts to correct this problem e.g. regenerate a new omemo device automatically? and how to enable this if provided.
Or the app has to alert user to perform the “Regenerate OMEMO identities” manually.

01-20 16:30:39.381 13892-17239/org.atalk.android W/(SQLiteOmemoStore.java:353)#loadOmemoIdentityKeyPair: Corrupted Omemo IdentityKeyPair: Invalid IdentityKeyPairs for omemoDevice: kingfisher@atalk.sytes.net:404190446.
    Exception: com.google.protobuf.InvalidProtocolBufferException: Protocol message contained an invalid tag (zero)..
    java.lang.Exception
        at org.atalk.crypto.omemo.SQLiteOmemoStore.loadOmemoIdentityKeyPair(SQLiteOmemoStore.java:353)
        at org.atalk.crypto.omemo.SQLiteOmemoStore.loadOmemoIdentityKeyPair(SQLiteOmemoStore.java:62)
        at org.jivesoftware.smackx.omemo.signal.SignalOmemoStoreConnector.getIdentityKeyPair(SignalOmemoStoreConnector.java:82)
        at org.whispersystems.libsignal.SessionBuilder.processV3(SessionBuilder.java:129)
        at org.whispersystems.libsignal.SessionBuilder.process(SessionBuilder.java:107)
        at org.whispersystems.libsignal.SessionCipher.decrypt(SessionCipher.java:180)
        at org.whispersystems.libsignal.SessionCipher.decrypt(SessionCipher.java:150)
        at org.jivesoftware.smackx.omemo.signal.SignalOmemoRatchet.doubleRatchetDecrypt(SignalOmemoRatchet.java:101)
        at org.jivesoftware.smackx.omemo.OmemoRatchet.retrieveMessageKeyAndAuthTag(OmemoRatchet.java:107)
        at org.jivesoftware.smackx.omemo.OmemoService.decryptMessage(OmemoService.java:457)
        at org.jivesoftware.smackx.omemo.OmemoService.onOmemoMessageStanzaReceived(OmemoService.java:1192)
        at org.jivesoftware.smackx.omemo.OmemoManager$3.run(OmemoManager.java:959)
        at java.lang.Thread.run(Thread.java:818)
01-20 16:30:39.381 13892-13948/org.atalk.android D/SMACK: SENT (0): 
    <message to='swordfish@atalk.sytes.net/atalk' type='chat'>
      <received xmlns='urn:xmpp:receipts' id='1611131438496192301317'/>
      <origin-id xmlns='urn:xmpp:sid:0' id='1XVC-NLZD-KPT9-1'/>
    </message>
01-20 16:30:39.391 13892-13948/org.atalk.android D/SMACK: SENT (0): 
    <r xmlns='urn:xmpp:sm:3'/>
01-20 16:30:39.401 13892-17239/org.atalk.android E/aTalk: [5] org.jivesoftware.smackx.omemo.signal.SignalOmemoStoreConnector.getIdentityKeyPair() IdentityKeyPair seems to be invalid.
    org.jivesoftware.smackx.omemo.exceptions.CorruptedOmemoKeyException: Invalid IdentityKeyPairs for omemoDevice: kingfisher@atalk.sytes.net:404190446.
    Exception: com.google.protobuf.InvalidProtocolBufferException: Protocol message contained an invalid tag (zero)..
        at org.atalk.crypto.omemo.SQLiteOmemoStore.loadOmemoIdentityKeyPair(SQLiteOmemoStore.java:354)
        at org.atalk.crypto.omemo.SQLiteOmemoStore.loadOmemoIdentityKeyPair(SQLiteOmemoStore.java:62)
        at org.jivesoftware.smackx.omemo.signal.SignalOmemoStoreConnector.getIdentityKeyPair(SignalOmemoStoreConnector.java:82)
        at org.whispersystems.libsignal.SessionBuilder.processV3(SessionBuilder.java:129)
        at org.whispersystems.libsignal.SessionBuilder.process(SessionBuilder.java:107)
        at org.whispersystems.libsignal.SessionCipher.decrypt(SessionCipher.java:180)
        at org.whispersystems.libsignal.SessionCipher.decrypt(SessionCipher.java:150)
        at org.jivesoftware.smackx.omemo.signal.SignalOmemoRatchet.doubleRatchetDecrypt(SignalOmemoRatchet.java:101)
        at org.jivesoftware.smackx.omemo.OmemoRatchet.retrieveMessageKeyAndAuthTag(OmemoRatchet.java:107)
        at org.jivesoftware.smackx.omemo.OmemoService.decryptMessage(OmemoService.java:457)
        at org.jivesoftware.smackx.omemo.OmemoService.onOmemoMessageStanzaReceived(OmemoService.java:1192)
        at org.jivesoftware.smackx.omemo.OmemoManager$3.run(OmemoManager.java:959)
        at java.lang.Thread.run(Thread.java:818)
01-20 16:30:39.401 13892-17239/org.atalk.android E/(UtilActivator.java:90)#uncaughtException: An uncaught exception occurred in thread = Thread[Thread-1647,5,main] and message was: Null value!
    java.lang.IllegalArgumentException: Null value!
        at org.whispersystems.libsignal.ratchet.BobSignalProtocolParameters.<init>(BobSignalProtocolParameters.java:38)
        at org.whispersystems.libsignal.ratchet.BobSignalProtocolParameters$Builder.create(BobSignalProtocolParameters.java:110)
        at org.whispersystems.libsignal.SessionBuilder.processV3(SessionBuilder.java:141)
        at org.whispersystems.libsignal.SessionBuilder.process(SessionBuilder.java:107)
        at org.whispersystems.libsignal.SessionCipher.decrypt(SessionCipher.java:180)
        at org.whispersystems.libsignal.SessionCipher.decrypt(SessionCipher.java:150)
        at org.jivesoftware.smackx.omemo.signal.SignalOmemoRatchet.doubleRatchetDecrypt(SignalOmemoRatchet.java:101)
        at org.jivesoftware.smackx.omemo.OmemoRatchet.retrieveMessageKeyAndAuthTag(OmemoRatchet.java:107)
        at org.jivesoftware.smackx.omemo.OmemoService.decryptMessage(OmemoService.java:457)
        at org.jivesoftware.smackx.omemo.OmemoService.onOmemoMessageStanzaReceived(OmemoService.java:1192)
        at org.jivesoftware.smackx.omemo.OmemoManager$3.run(OmemoManager.java:959)
        at java.lang.Thread.run(Thread.java:818)

Paul_Schaub · January 21, 2021, 2:24pm

No, Smack does no attempt to resolve this issue automatically.
Normally this issue does not happen, so I have no experience with this error.

You could catch the exception and generate a new Identity+bundle etc. but I’d rather suggest you to investigate the cause of this issue instead, as it would not be desirable for the user to suddenly have another identity key + fingerprint.

cmeng · January 22, 2021, 3:44am

The problem is the CorruptedOmemoKeyException just happen randomly even under normal use. In fact the discussion raised in the issue, is my Note-3 starts to experience this problem for no apparent reason.

The omemoDevice IdentityKeyPair is stored in the “identityKey” table together with all other contacts’ IdentityKeys, including the active state. I found that smack omemo makes very frequent and duplicated access to this table in “storeCachedDeviceList”; to update the active state during aTalk startup and during normal use (whenever a contact chat session is opened). Actually I was a bit worry why smack omemo makes such a frequent update to the table; as this may lead to data corruption. I am not sure what can be done on aTalk side to reduce this number of access to update the database.

Also I really hope smack omemo can provide a public function for app to call to perform
“Regenerate OMEMO identities”. aTalk has been struggled to implement this method, but still cannot find a proper way to do this. Interact with smack omemo to create this function like playing cat and mouse games e.g. aTalk has deleted all the obsoleted omemo key, but smack keeps adding them back.
328590658 & 1493281785 are both obsoleted and deleted by aTalk; it has been replaced with new generated key 917987258. But at the end of the “regenerate” process, they get reinserted into the identities table by the two storeCachedDeviceList below.

=========== Regeneration ============
2021-01-22 11:18:49.798 16094-17257/org.atalk.android D/(DatabaseBackend.java:1012)#storeCachedDeviceList: Identities table - updating for activeDevice: peacock@atalk.sytes.net:[328590658]
2021-01-22 11:18:49.803 16094-17257/org.atalk.android I/(DatabaseBackend.java:1041)#storeCachedDeviceList: Identities table updated for inactiveDevice: peacock@atalk.sytes.net:[1493281785]
2021-01-22 11:18:49.819 16094-16094/org.atalk.android D/InputTransport: Input channel destroyed: fd=140
2021-01-22 11:18:49.820 16094-16226/org.atalk.android D/SMACK: SENT (0): 
    <iq id='AF3GV-42' type='set'>
      <pubsub xmlns='http://jabber.org/protocol/pubsub'>
        <publish node='eu.siacs.conversations.axolotl.devicelist'>
          <item>
            <list xmlns='eu.siacs.conversations.axolotl'>
              <device id='328590658'/>
            </list>
          </item>
        </publish>
      </pubsub>
    </iq>

2021-01-22 11:18:50.390 16094-17257/org.atalk.android I/(DatabaseBackend.java:499)#storeOmemoRegId: ### Omemo device added for: peacock@atalk.sytes.net; 917987258

============== whenever aTalk start up ===============
2021-01-22 08:16:07.823 14251-32164/org.atalk.android D/(DatabaseBackend.java:1012)#storeCachedDeviceList: Identities table - updating for activeDevice: swordfish@atalk.sytes.net:[82553717]
2021-01-22 08:16:07.826 14251-32164/org.atalk.android I/(DatabaseBackend.java:1041)#storeCachedDeviceList: Identities table updated for inactiveDevice: swordfish@atalk.sytes.net:[1245216054]
2021-01-22 08:16:07.830 14251-32164/org.atalk.android D/(DatabaseBackend.java:1012)#storeCachedDeviceList: Identities table - updating for activeDevice: swordfish@atalk.sytes.net:[82553717]
2021-01-22 08:16:07.832 14251-32164/org.atalk.android I/(DatabaseBackend.java:1041)#storeCachedDeviceList: Identities table updated for inactiveDevice: swordfish@atalk.sytes.net:[1245216054]
2021-01-22 08:16:07.835 14251-32225/org.atalk.android D/(DatabaseBackend.java:1012)#storeCachedDeviceList: Identities table - updating for activeDevice: peacock@atalk.sytes.net:[1701516316, 328590658]
2021-01-22 08:16:07.836 14251-32154/org.atalk.android D/(DatabaseBackend.java:1012)#storeCachedDeviceList: Identities table - updating for activeDevice: swordfish@atalk.sytes.net:[82553717]
2021-01-22 08:16:07.836 14251-32164/org.atalk.android D/(AndroidOmemoService.java:113)#initializationFinished: Initialize OmemoManager successful for swordfish@atalk.sytes.net/atalk
2021-01-22 08:16:07.839 14251-32154/org.atalk.android I/(DatabaseBackend.java:1041)#storeCachedDeviceList: Identities table updated for inactiveDevice: swordfish@atalk.sytes.net:[1245216054]
2021-01-22 08:16:07.839 14251-32225/org.atalk.android I/(DatabaseBackend.java:1041)#storeCachedDeviceList: Identities table updated for inactiveDevice: peacock@atalk.sytes.net:[421888194]
2021-01-22 08:16:07.841 14251-32226/org.atalk.android D/(DatabaseBackend.java:1012)#storeCachedDeviceList: Identities table - updating for activeDevice: xyz123@atalk.sytes.net:[1362032407]
2021-01-22 08:16:07.847 14251-32218/org.atalk.android D/(DatabaseBackend.java:1012)#storeCachedDeviceList: Identities table - updating for activeDevice: hawk@atalk.sytes.net:[43395281]
2021-01-22 08:16:07.847 14251-32099/org.atalk.android D/(DatabaseBackend.java:1012)#storeCachedDeviceList: Identities table - updating for activeDevice: parrot@atalk.sytes.net:[116536437, 1566361092, 1741875658, 1203482097, 889121650, 522622186]
2021-01-22 08:16:07.848 14251-32226/org.atalk.android I/(DatabaseBackend.java:1041)#storeCachedDeviceList: Identities table updated for inactiveDevice: xyz123@atalk.sytes.net:[]
2021-01-22 08:16:07.851 14251-32218/org.atalk.android I/(DatabaseBackend.java:1041)#storeCachedDeviceList: Identities table updated for inactiveDevice: hawk@atalk.sytes.net:[]
2021-01-22 08:16:07.854 14251-32225/org.atalk.android D/(DatabaseBackend.java:1012)#storeCachedDeviceList: Identities table - updating for activeDevice: peacock@atalk.sytes.net:[1701516316, 328590658]
2021-01-22 08:16:07.856 14251-32226/org.atalk.android D/(DatabaseBackend.java:1012)#storeCachedDeviceList: Identities table - updating for activeDevice: xyz123@atalk.sytes.net:[1362032407]
2021-01-22 08:16:07.858 14251-32218/org.atalk.android D/(DatabaseBackend.java:1012)#storeCachedDeviceList: Identities table - updating for activeDevice: hawk@atalk.sytes.net:[43395281]
2021-01-22 08:16:07.860 14251-32226/org.atalk.android I/(DatabaseBackend.java:1041)#storeCachedDeviceList: Identities table updated for inactiveDevice: xyz123@atalk.sytes.net:[]
2021-01-22 08:16:07.861 14251-32225/org.atalk.android I/(DatabaseBackend.java:1041)#storeCachedDeviceList: Identities table updated for inactiveDevice: peacock@atalk.sytes.net:[421888194]
2021-01-22 08:16:07.862 14251-32218/org.atalk.android I/(DatabaseBackend.java:1041)#storeCachedDeviceList: Identities table updated for inactiveDevice: hawk@atalk.sytes.net:[]
2021-01-22 08:16:07.862 14251-32154/org.atalk.android D/(DatabaseBackend.java:1012)#storeCachedDeviceList: Identities table - updating for activeDevice: swordfish@atalk.sytes.net:[82553717]
2021-01-22 08:16:07.864 14251-32154/org.atalk.android I/(DatabaseBackend.java:1041)#storeCachedDeviceList: Identities table updated for inactiveDevice: swordfish@atalk.sytes.net:[1245216054]
2021-01-22 08:16:07.865 14251-32099/org.atalk.android I/(DatabaseBackend.java:1041)#storeCachedDeviceList: Identities table updated for inactiveDevice: parrot@atalk.sytes.net:[1156361481]
2021-01-22 08:16:07.868 14251-32154/org.atalk.android D/(DatabaseBackend.java:1012)#storeCachedDeviceList: Identities table - updating for activeDevice: swordfish@atalk.sytes.net:[82553717]
2021-01-22 08:16:07.868 14251-32099/org.atalk.android D/(DatabaseBackend.java:1012)#storeCachedDeviceList: Identities table - updating for activeDevice: parrot@atalk.sytes.net:[116536437, 1566361092, 1741875658, 1203482097, 889121650, 522622186]
2021-01-22 08:16:07.869 14251-32154/org.atalk.android I/(DatabaseBackend.java:1041)#storeCachedDeviceList: Identities table updated for inactiveDevice: swordfish@atalk.sytes.net:[1245216054]
2021-01-22 08:16:07.873 14251-32099/org.atalk.android I/(DatabaseBackend.java:1041)#storeCachedDeviceList: Identities table updated for inactiveDevice: parrot@atalk.sytes.net:[1156361481]
2021-01-22 08:16:07.875 14251-32154/org.atalk.android D/(DatabaseBackend.java:1012)#storeCachedDeviceList: Identities table - updating for activeDevice: swordfish@atalk.sytes.net:[82553717]
2021-01-22 08:16:07.876 14251-32154/org.atalk.android I/(DatabaseBackend.java:1041)#storeCachedDeviceList: Identities table updated for inactiveDevice: sword
fish@atalk.sytes.net:[1245216054]

============== whenever the contact chat session is opened ===============
2021-01-22 08:22:45.867 14251-2408/org.atalk.android D/(DatabaseBackend.java:1012)#storeCachedDeviceList: Identities table - updating for activeDevice: peacock@atalk.sytes.net:[1701516316, 328590658]
2021-01-22 08:22:45.870 14251-2408/org.atalk.android I/(DatabaseBackend.java:1041)#storeCachedDeviceList: Identities table updated for inactiveDevice: peacock@atalk.sytes.net:[421888194]


2021-01-22 08:27:03.884 14251-2815/org.atalk.android D/(DatabaseBackend.java:1012)#storeCachedDeviceList: Identities table - updating for activeDevice: peacock@atalk.sytes.net:[1701516316, 328590658]
2021-01-22 08:27:03.885 14251-2815/org.atalk.android I/(DatabaseBackend.java:1041)#storeCachedDeviceList: Identities table updated for inactiveDevice: peacock@atalk.sytes.net:[421888194]

Paul_Schaub · January 23, 2021, 2:56pm

I believe this is the source of your issues.
Own keys and contacts keys should be stored in different tables.
KeyPairs != Keys.

cmeng · January 23, 2021, 3:47pm

I believe this is the source of your issues.
Own keys and contacts keys should be stored in different tables.
KeyPairs != Keys.

aTalk identities table implementation follows conversation, where both the own omemo device IdentityKeyPairs is stored in the same table with the contacts’ identities; with the understanding that own omemo device should not contains both IdentityKeyPair and IdentityKey.

Please refer to Smack 4.4.0 - aTalk Regenerate OMEMO identities implementation and problem faced

system · May 3, 2021, 3:47pm

This topic was automatically closed 100 days after the last reply. New replies are no longer allowed.