Smack Omemo devices locked in a state unable to send or receive omemo message

During the testing of omemo messages on my two android devices i.e. swordfish@atalk.org:811776503 (Note-8) and leopard@atalk.org:1288786947 (Note-3); I encountered problem that both devices locked up in a state that neither of them is able to send or receive omemo messages from each other. There is no exception being thrown by the omemo manager, so the messages appear to have been sent, however none of the sent/received messages are being displayed in the chat message windows on either of the devices. Short of performing a Omemo Identity Regeneration on the device, restarting aTalk app on both devices does not resolve the problems.

I have double checked and confirmed that both the omemo device id’s are correct and reflected in each other omemo active device list. They are also correctly embedded in the omemo messages sid and rid attributes.

hawk@atalk.org is an account installed on Conversation (Note-3). There is no problem in send/receive omemo messages between leopard and hawk. But the same problem happen when send/receive message is between swordfish and hawk. So look like the problem is on Note-8, some omemo data corruption on swordfish account.

Need some advice on the following:

1. What can be the possible events that have led to devices locked up in this state?
2. Why Omemo manager is unable to auto recover from this locked problem?
3. What is the correct way to unlock and recover devices from this situation?

Note: After I performed an Omemo Identity Regeneration on Note-8, omemo message between swordfish and leopard return is now working. However my concern is user may not know the exact problem, as there is no UI error messages being shown when problem happen.

========================= locked state test result ===============================
When a omemo message is sent from swordfish, leopard has the following log messages:
========= leopard log ==============

08-12 13:28:39.257 23999-24144/org.atalk.android D/SMACK: RECV (0): <message xml:lang='en' to='leopard@atalk.org/atalk' from='swordfish@atalk.org/atalk' id='15340517182005717916'><encrypted xmlns='eu.siacs.conversations.axolotl'><header sid='811776503'><key prekey='true' rid='1288786947'>MwgGEiEF+xVRaNM2+IGNnG51hwWtYG35PLO0kzlKtTbpbtqxkgcaIQUh6wIw2lKKXgbt527LkbCo1lKAQATiEMKO09gixaHZRiJiMwohBeaYIBWa4y1FrB3u0xSMZYlfzYhckcBVgz7qiT2p0udsEAEYACIwVMZqWwJFh8Ya2Kwg+dC1qanGZwgFURVdHSrvQg8n6a4urwJo9I9pONOrjehFP3P6Nixy3HAzZzAoADAK</key><iv>CTo/7MQqsGhgMPf8kSERCQ==</iv></header><payload>TqsXehghRQ==</payload></encrypted><store xmlns='urn:xmpp:hints'/><encryption xmlns='urn:xmpp:eme:0' namespace='eu.siacs.conversations.axolotl' name='OMEMO'/><body>I sent you an OMEMO encrypted message but your client doesn&apos;t seem to support that. Find more information on https://conversations.im/omemo</body></message>
08-12 13:28:39.287 23999-24898/org.atalk.android W/aTalk: [28] org.jivesoftware.smackx.omemo.OmemoRatchet.retrieveMessageKeyAndAuthTag() Received message from swordfish@atalk.org:811776503 contained unknown identityKey. Ignore message.
    Untrusted OMEMO Identity encountered:
    Fingerprint of trusted key:
    a2de9077 2e567407 ca55807b 84f05b70 ca6b0dae f1bf6bae b657bbc7 52d70428
    Fingerprint of untrusted key:
    21eb0230 da528a5e 06ede76e cb91b0a8 d6528040 04e210c2 8ed3d822 c5a1d946
        at org.jivesoftware.smackx.omemo.signal.SignalOmemoRatchet.doubleRatchetDecrypt(SignalOmemoRatchet.java:97)
        at org.jivesoftware.smackx.omemo.OmemoRatchet.retrieveMessageKeyAndAuthTag(OmemoRatchet.java:103)
        at org.jivesoftware.smackx.omemo.OmemoService.decryptMessage(OmemoService.java:456)
        at org.jivesoftware.smackx.omemo.OmemoService.onOmemoMessageStanzaReceived(OmemoService.java:1236)
        at org.jivesoftware.smackx.omemo.OmemoManager$3$1.run(OmemoManager.java:990)
        at java.lang.Thread.run(Thread.java:818)
08-12 13:28:39.297 23999-24898/org.atalk.android W/aTalk: [28] org.jivesoftware.smackx.omemo.OmemoService.onOmemoMessageStanzaReceived() Could not decrypt incoming message: 
    org.jivesoftware.smackx.omemo.exceptions.CryptoFailedException: Transported key could not be decrypted, since no suitable message key was provided. Provides keys: [1288786947]
        at org.jivesoftware.smackx.omemo.OmemoRatchet.retrieveMessageKeyAndAuthTag(OmemoRatchet.java:123)
        at org.jivesoftware.smackx.omemo.OmemoService.decryptMessage(OmemoService.java:456)
        at org.jivesoftware.smackx.omemo.OmemoService.onOmemoMessageStanzaReceived(OmemoService.java:1236)
        at org.jivesoftware.smackx.omemo.OmemoManager$3$1.run(OmemoManager.java:990)
        at java.lang.Thread.run(Thread.java:818)

When the omemo is sent from leopard to swordfish, the log messages are shown below:
================ swordfish log on receive the omemo message from leopard ===============

08-12 13:29:32.855 15734-15837/org.atalk.android D/SMACK: RECV (0): <message xml:lang='en' to='swordfish@atalk.org/atalk' from='leopard@atalk.org/atalk' id='1534051773607957554845'><encrypted xmlns='eu.siacs.conversations.axolotl'><header sid='1288786947'><key rid='811776503'>MwohBWC/SgUDVUHQdHqgG8elCRnHO7rlq4BpG7gyriZgOgd6EBIYAyIwJrovTDoWnDuA7B/P3NdVYVV7EtUES8ssLrQ7ZzRLKiR3okamOCUIN5Aaf50TxBARbDOCqvoh9aI=</key><iv>2oQUrVPJ38VSok2pL83k8A==</iv></header><payload>jShNnqF75fwccQ==</payload></encrypted><store xmlns='urn:xmpp:hints'/><encryption xmlns='urn:xmpp:eme:0' namespace='eu.siacs.conversations.axolotl' name='OMEMO'/><body>I sent you an OMEMO encrypted message but your client doesn&apos;t seem to support that. Find more information on https://conversations.im/omemo</body></message>
08-12 13:29:33.411 15734-17108/org.atalk.android W/aTalk: [12249] org.jivesoftware.smackx.omemo.OmemoService.onOmemoMessageStanzaReceived() No raw session found for contact leopard@atalk.org:1288786947. 
    org.jivesoftware.smackx.omemo.exceptions.NoRawSessionException: org.whispersystems.libsignal.InvalidMessageException: No valid sessions.
        at org.jivesoftware.smackx.omemo.signal.SignalOmemoRatchet.doubleRatchetDecrypt(SignalOmemoRatchet.java:128)
        at org.jivesoftware.smackx.omemo.OmemoRatchet.retrieveMessageKeyAndAuthTag(OmemoRatchet.java:103)
        at org.jivesoftware.smackx.omemo.OmemoService.decryptMessage(OmemoService.java:456)
        at org.jivesoftware.smackx.omemo.OmemoService.onOmemoMessageStanzaReceived(OmemoService.java:1236)
        at org.jivesoftware.smackx.omemo.OmemoManager$3$1.run(OmemoManager.java:990)
        at java.lang.Thread.run(Thread.java:764)
     Caused by: org.whispersystems.libsignal.InvalidMessageException: No valid sessions.
        at org.whispersystems.libsignal.SessionCipher.decrypt(SessionCipher.java:290)
        at org.whispersystems.libsignal.SessionCipher.decrypt(SessionCipher.java:243)
        at org.whispersystems.libsignal.SessionCipher.decrypt(SessionCipher.java:211)
        at org.jivesoftware.smackx.omemo.signal.SignalOmemoRatchet.doubleRatchetDecrypt(SignalOmemoRatchet.java:122)
        at org.jivesoftware.smackx.omemo.OmemoRatchet.retrieveMessageKeyAndAuthTag(OmemoRatchet.java:103) 
        at org.jivesoftware.smackx.omemo.OmemoService.decryptMessage(OmemoService.java:456) 
        at org.jivesoftware.smackx.omemo.OmemoService.onOmemoMessageStanzaReceived(OmemoService.java:1236) 
        at org.jivesoftware.smackx.omemo.OmemoManager$3$1.run(OmemoManager.java:990) 
        at java.lang.Thread.run(Thread.java:764) 
     Caused by: org.whispersystems.libsignal.InvalidMessageException: Bad Mac!
        at org.whispersystems.libsignal.protocol.SignalMessage.verifyMac(SignalMessage.java:119)
        at org.whispersystems.libsignal.SessionCipher.decrypt(SessionCipher.java:313)
        at org.whispersystems.libsignal.SessionCipher.decrypt(SessionCipher.java:268)
        at org.whispersystems.libsignal.SessionCipher.decrypt(SessionCipher.java:243) 
        at org.whispersystems.libsignal.SessionCipher.decrypt(SessionCipher.java:211) 
        at org.jivesoftware.smackx.omemo.signal.SignalOmemoRatchet.doubleRatchetDecrypt(SignalOmemoRatchet.java:122) 
        at org.jivesoftware.smackx.omemo.OmemoRatchet.retrieveMessageKeyAndAuthTag(OmemoRatchet.java:103) 
        at org.jivesoftware.smackx.omemo.OmemoService.decryptMessage(OmemoService.java:456) 
        at org.jivesoftware.smackx.omemo.OmemoService.onOmemoMessageStanzaReceived(OmemoService.java:1236) 
        at org.jivesoftware.smackx.omemo.OmemoManager$3$1.run(OmemoManager.java:990) 
        at java.lang.Thread.run(Thread.java:764) 
    [12249] org.jivesoftware.smackx.omemo.OmemoService.repairBrokenSessionWithPreKeyMessage() Attempt to repair the session by sending a fresh preKey message to leopard@atalk.org:1288786947
08-12 13:29:33.413 15734-15836/org.atalk.android D/SMACK: SENT (0): <iq to='leopard@atalk.org' id='zC0kv-144' type='get'><pubsub xmlns='http://jabber.org/protocol/pubsub'><items node='eu.siacs.conversations.axolotl.bundles:1288786947'/></pubsub></iq>
08-12 13:29:33.444 15734-15837/org.atalk.android D/SMACK: RECV (0): <iq xml:lang='en' to='swordfish@atalk.org/atalk' from='leopard@atalk.org' type='result' id='zC0kv-144'><pubsub xmlns='http://jabber.org/protocol/pubsub'><items node='eu.siacs.conversations.axolotl.bundles:1288786947'><item id='5FEC7A6A2143'><bundle xmlns='eu.siacs.conversations.axolotl'><signedPreKeyPublic signedPreKeyId='10'>BTM9uzIbwA5dLiKQQXkgy+5Y5slZF4u3+ZLICzcyrY5w</signedPreKeyPublic><signedPreKeySignature>Marzy7ChmMmlEUPTOoNrwZvdRELsDeI/O9WyDZwvpSJ+AB8QAAuteI9PuDwAO1W0ldO8DLroeCuSDPadiT42ig==</signedPreKeySignature><identityKey>BaeJVdbYWk0VEMjsRcSIAjx+P2SUQ7uZFgBOeSxbXUIQ</identityKey><prekeys><preKeyPublic preKeyId='37'>BQ8Cw5qNEgrWiYIGsIDdVzsN66XO262X//YQ3RvcXT1M</preKeyPublic><preKeyPublic preKeyId='71'>BSQL7iWqKvbfAABRSApB0aPeLNomEbz65564y+lzixlG</preKeyPublic>
...
preKeyId='100'>BTVbXW1tbiPOElifycVVrAoRaLVLatf5xr3SdQ7b640c</preKeyPublic><preKeyPublic preKeyId='74'>BeQQnrK7Yln+CbdVdx/0s2296rpAsC1cxEGccbT7Ns5b</preKeyPublic><preKeyPublic preKeyId='10'>BUR43oQiDT13ZJF8XNunL+LJZ0L6kXQJUuGVY37OJ/5b</preKeyPublic></prekeys></bundle></item></items></pubsub></iq>
08-12 13:29:33.452 15734-15837/org.atalk.android D/SMACK: RECV (0): <r xmlns='urn:xmpp:sm:3'/>
08-12 13:29:33.453 15734-15836/org.atalk.android D/SMACK: SENT (0): <a xmlns='urn:xmpp:sm:3' h='47'/>
08-12 13:29:33.609 15734-17108/org.atalk.android I/aTalk: [12249] org.atalk.crypto.omemo.SQLiteOmemoStore.storeOmemoIdentityKey().472 Update identityKey for: leopard@atalk.org:1288786947
08-12 13:29:33.651 15734-17108/org.atalk.android I/aTalk: [12249] org.atalk.crypto.omemo.SQLiteOmemoStore.storeOmemoIdentityKey().472 Update identityKey for: leopard@atalk.org:1288786947
08-12 13:29:33.682 15734-15836/org.atalk.android D/SMACK: SENT (0): <message to='leopard@atalk.org' id='zC0kv-146'><encrypted xmlns='eu.siacs.conversations.axolotl'><header sid='811776503'><key prekey='true' rid='1288786947'>MwgtEiEFfbdjJ6DDbo7M3b1BiEdtSITp+skDEbfdrzyI3dSkKSQaIQUh6wIw2lKKXgbt527LkbCo1lKAQATiEMKO09gixaHZRiJSMwohBfrucJO2pR1CJY38MugifM6q4edkKRah/ZfCQmX3TxkAEAAYACIg2LQ8LJXSCjTD7lvW1tMInr8a0uprZuX/6ql+U4vsIs9HbCKB5pL6bSgAMAo=</key><iv>tozLoi8ACIU/v+42BJouCw==</iv></header></encrypted></message><r xmlns='urn:xmpp:sm:3'/>

============= leopard log after omemo message is sent ================

08-12 13:29:34.657 23999-24144/org.atalk.android D/SMACK: RECV (0): <message xml:lang='en' to='leopard@atalk.org/atalk' from='swordfish@atalk.org/atalk' id='zC0kv-146'><encrypted xmlns='eu.siacs.conversations.axolotl'><header sid='811776503'><key prekey='true' rid='1288786947'>MwgtEiEFfbdjJ6DDbo7M3b1BiEdtSITp+skDEbfdrzyI3dSkKSQaIQUh6wIw2lKKXgbt527LkbCo1lKAQATiEMKO09gixaHZRiJSMwohBfrucJO2pR1CJY38MugifM6q4edkKRah/ZfCQmX3TxkAEAAYACIg2LQ8LJXSCjTD7lvW1tMInr8a0uprZuX/6ql+U4vsIs9HbCKB5pL6bSgAMAo=</key><iv>tozLoi8ACIU/v+42BJouCw==</iv></header></encrypted></message>
08-12 13:29:34.687 23999-25049/org.atalk.android W/aTalk: [29] org.jivesoftware.smackx.omemo.OmemoRatchet.retrieveMessageKeyAndAuthTag() Received message from swordfish@atalk.org:811776503 contained unknown identityKey. Ignore message.
    Untrusted OMEMO Identity encountered:
    Fingerprint of trusted key:
    a2de9077 2e567407 ca55807b 84f05b70 ca6b0dae f1bf6bae b657bbc7 52d70428
    Fingerprint of untrusted key:
    21eb0230 da528a5e 06ede76e cb91b0a8 d6528040 04e210c2 8ed3d822 c5a1d946
        at org.jivesoftware.smackx.omemo.signal.SignalOmemoRatchet.doubleRatchetDecrypt(SignalOmemoRatchet.java:97)
        at org.jivesoftware.smackx.omemo.OmemoRatchet.retrieveMessageKeyAndAuthTag(OmemoRatchet.java:103)
        at org.jivesoftware.smackx.omemo.OmemoService.decryptMessage(OmemoService.java:456)
        at org.jivesoftware.smackx.omemo.OmemoService.onOmemoMessageStanzaReceived(OmemoService.java:1236)
        at org.jivesoftware.smackx.omemo.OmemoManager$3$1.run(OmemoManager.java:990)
        at java.lang.Thread.run(Thread.java:818)
    [29] org.jivesoftware.smackx.omemo.OmemoService.onOmemoMessageStanzaReceived() Could not decrypt incoming message: 
    org.jivesoftware.smackx.omemo.exceptions.CryptoFailedException: Transported key could not be decrypted, since no suitable message key was provided. Provides keys: [1288786947]
        at org.jivesoftware.smackx.omemo.OmemoRatchet.retrieveMessageKeyAndAuthTag(OmemoRatchet.java:123)
        at org.jivesoftware.smackx.omemo.OmemoService.decryptMessage(OmemoService.java:456)
        at org.jivesoftware.smackx.omemo.OmemoService.onOmemoMessageStanzaReceived(OmemoService.java:1236)
        at org.jivesoftware.smackx.omemo.OmemoManager$3$1.run(OmemoManager.java:990)
        at java.lang.Thread.run(Thread.java:818)

Hm, I never encountered a message which had a broken MAC. Looks like the message got somehow modified?

This can only happen, if the user trusts a key XYZ with deviceID 0123 and later receives a message from a device with deviceID 0123, but with key ABC.

By any chance, did you maybe generate a new identity key without changing the device ID? Rule of thumb: If you change the key, you HAVE to change the deviceID.

Thanks for the insight to the problem. Attached below is the actual methods aTalk uses for identity regeneration. A moment ago, I have just modified the method to include the setTrustCallback() after the new omemDevice is registered with OmemoManager; otherwise aTalk crashes when attempt to send omemo message after the regeneration as trustCallback is null. This is based on field feedback.

While testing the new fix, I again cause aTalk to lock into the same state. Followings described my observation.
See below for the log messages for each step

1. After the identity regeneration for swordfish, I sent an omemo message from swordfish to hawk, and hawk was able to receive the omemo message without problem.

2, Then I sent a omemo message from hawk, but swordfish did not receive the message, and throws the following error messages.

org.jivesoftware.smackx.omemo.OmemoService.onOmemoMessageStanzaReceived() Could not decrypt incoming message:
org.jivesoftware.smackx.omemo.exceptions.CryptoFailedException: Transported key could not be decrypted, since no suitable message key was provided. Provides keys: [1712211626]

3. Further sending of omemo message between hawk and swordfish is not possible; the two devices have locked into the same unrecoverable state

What have I missed out or perform incorrectly in the regeneration process that has led to the locked up problem?

4. I proceed to perform a second time identity regeneration for swordfish, then the locked is gone.

5. I tried a further two times identity regeneration for swordfish, the problem does not return???
   Do you have any ideas what can go wrong in the first identity regeneration?

During the test I also found that the step of purgeOwnDeviceKeys(userDevice) i.e. delete old omemoDevice info from database is of little use. Many of the deleted data get refilled from the server data, as the old omemo device is not purge from server. Is there a method that I can call to purge the old omemDevice from server?

By the way, should I purge old omemoDevices data; can purging of old data e.g. session causing the locked up problem?

=========================================

    /**
     * Generate fresh user identityKeyPairs and bundle and publish it to the server.
     */
    public void regenerate(AccountID accountId)
    {
        ProtocolProviderService pps = accountId.getProtocolProvider();
        if (pps != null) {
            XMPPTCPConnection connection = pps.getConnection();
            if ((connection != null) && connection.isAuthenticated()) {

                BareJid userJid = accountId.getBareJid();
                SortedSet<Integer> deviceIds = localDeviceIdsOf(userJid);
                for (int deviceId : deviceIds) {
                    OmemoDevice userDevice = new OmemoDevice(userJid, deviceId);
                    purgeOwnDeviceKeys(userDevice);

                    int defaultDeviceId = OmemoManager.randomDeviceId();
                    setDefaultDeviceId(userJid, defaultDeviceId);
                    OmemoManager omemoManager = OmemoManager.getInstanceFor(connection, defaultDeviceId);
                    try {
                        OmemoStore mOmemoStore = OmemoService.getInstance().getOmemoStoreBackend();
                        omemoManager.setTrustCallback(((SQLiteOmemoStore) mOmemoStore).getTrustCallBack());
                    } catch (Exception e) {
                        logger.warn("SetTrustCallBack Exception: " + e.getMessage());
                    }
                }
            }
        }
    }

    /**
     * Delete this device's IdentityKey, PreKeys, SignedPreKeys and Sessions.
     *
     * @param userDevice our OmemoDevice.
     */
    @Override
    public void purgeOwnDeviceKeys(OmemoDevice userDevice)
    {
        mDB.purgeOmemoDb(userDevice);
        trustCache.evictAll();
    }

    // ========= Purge OMEMO dataBase =========
    public void purgeOmemoDb(OmemoDevice device)
    {
        logger.debug(">>> Wiping OMEMO database for account : " + device.getJid());
        SQLiteDatabase db = this.getWritableDatabase();
        String[] deleteArgs = {device.getJid().toString(), Integer.toString(device.getDeviceId())};

        db.delete(SQLiteOmemoStore.OMEMO_DEVICES_TABLE_NAME,
                SQLiteOmemoStore.OMEMO_JID + "=? AND " + SQLiteOmemoStore.OMEMO_REG_ID + "=?",
                deleteArgs);
        db.delete(SQLiteOmemoStore.PREKEY_TABLE_NAME,
                SQLiteOmemoStore.BARE_JID + "=? AND " + SQLiteOmemoStore.DEVICE_ID + "=?",
                deleteArgs);
        db.delete(SQLiteOmemoStore.SIGNED_PREKEY_TABLE_NAME,
                SQLiteOmemoStore.BARE_JID + "=? AND " + SQLiteOmemoStore.DEVICE_ID + "=?",
                deleteArgs);
        db.delete(SQLiteOmemoStore.IDENTITIES_TABLE_NAME,
                SQLiteOmemoStore.BARE_JID + "=? AND " + SQLiteOmemoStore.DEVICE_ID + "=?",
                deleteArgs);
        db.delete(SQLiteOmemoStore.SESSION_TABLE_NAME,
                SQLiteOmemoStore.BARE_JID + "=? AND " + SQLiteOmemoStore.DEVICE_ID + "=?",
                deleteArgs);
    }

========= Step #1 =========

08-14 06:40:05.672 24339-26443/org.atalk.android D/SMACK: SENT (0): <message to='hawk@atalk.org' id='153420000549158881677'><body>I sent you an OMEMO encrypted message but your client doesn&apos;t seem to support that. Find more information on https://conversations.im/omemo</body><encrypted xmlns='eu.siacs.conversations.axolotl'><header sid='1712211626'><key prekey='true' rid='604079208'>MwhOEiEFikDvnJLOn9kVZSA3mXZWPzlJfk5LrTKJwQTbsBKWqXYaIQXM4VjtHJL90Q1QBDCJYR6RVy27QoZ88dEsxgoekVYjNCJiMwohBdSQ4yzqQuIi8Ig4s8tBe6lmnJ+07b7lWFUr9pCpQvh6EAYYACIwMe/9kUiMzw34HQx75foUxoswTOSj1j09sscVtMzv8kww7zgFCL4RQtMAzQt4z+cFVLk7W0cTkN8oADAB</key><key prekey='true' rid='811776503'>MwhJEiEFazEyNjSaRFnpSdNRxCQPMWwTN1lOlBO9ZiT4vsj+aFYaIQXM4VjtHJL90Q1QBDCJYR6RVy27QoZ88dEsxgoekVYjNCJiMwohBfDl0sDQ8P9QDCGP/5Qnpo6Bm8BbFsTcLMCDifYr4I1UEAYYACIwYeK9LQh58SgrHNhzadBiKvE/bIWCgaLH81/vjft9TBhWK0gejqs+8cZPPOfqegsua9gFoiJeD6IoADAG</key<key prekey='true' rid='1796289951'>MwhvEiEFWm5EuLU+ZWhnUvc1valPYiQ3PBmLIhxxu7zUfrE/ikYaIQUh6wIw2lKKXgbt527LkbCo1lKAQATiEMKO09gixaHZRiJiMwohBfyBKkWCjjjmqTNp0wk6609wW0ph1XxM/SKc5papHAFlEAUYACIwhOquO9/LvC9ms47icFTkbnd+QvrpyodWGEjMkOMx+qP+XuMqvBdxl2djdtJeugcuPpyf46levTAoADAC</key><iv>VLiNqgEuBOfOqwkUSvU9qA==</iv></header><payload>wijaa0I=</payload></encrypted><store xmlns='urn:xmpp:hints'/><encryption xmlns='urn:xmpp:eme:0' namespace='eu.siacs.conversations.axolotl' name='OMEMO'/></message><r xmlns='urn:xmpp:sm:3'/`>

========= Step #2=========

08-14 06:40:06.277 24339-26444/org.atalk.android D/SMACK: RECV (0): <message xml:lang='en' to='swordfish@atalk.org/atalk' from='hawk@atalk.org/phone' type='chat'><encrypted xmlns='eu.siacs.conversations.axolotl'><header sid='1796289951'><key rid='1712211626'>MwohBRu5heZQrLEAkVoWycJf98PLGIqpzqrOqZEImkgBFIIcEAAYACIggbvXVby85ftR/GueC+5JYurFXyy+5OpTby0+RqKqj7zgdEF1Sbi58A==</key><iv>wpKErvSgNutjFT+bt90fpA==</iv></header></encrypted><store xmlns='urn:xmpp:hints'/></message>
08-14 06:40:06.288 24339-26444/org.atalk.android D/SMACK: RECV (0): <r xmlns='urn:xmpp:sm:3'/>
08-14 06:40:06.292 24339-26443/org.atalk.android D/SMACK: SENT (0): <a xmlns='urn:xmpp:sm:3' h='30'/>
08-14 06:40:06.307 24339-26717/org.atalk.android W/aTalk: [13864] org.jivesoftware.smackx.omemo.OmemoService.onOmemoMessageStanzaReceived() Could not decrypt incoming message: 
    org.jivesoftware.smackx.omemo.exceptions.CryptoFailedException: Transported key could not be decrypted, since no suitable message key was provided. Provides keys: [1712211626]
        at org.jivesoftware.smackx.omemo.OmemoRatchet.retrieveMessageKeyAndAuthTag(OmemoRatchet.java:123)
         at org.jivesoftware.smackx.omemo.OmemoService.decryptMessage(OmemoService.java:456)
        at org.jivesoftware.smackx.omemo.OmemoService.onOmemoMessageStanzaReceived(OmemoService.java:1236)
        at org.jivesoftware.smackx.omemo.OmemoManager$3$1.run(OmemoManager.java:990)
        at java.lang.Thread.run(Thread.java:764)
08-14 06:40:06.320 24339-26717/org.atalk.android W/aTalk: [13864] org.atalk.crypto.omemo.SQLiteOmemoStore.loadOmemoIdentityKeyPair().379 OMEMO IdentityKeyPairs is missing for: swordfish@atalk.org:2035726807
08-14 06:40:06.627 24339-26717/org.atalk.android I/aTalk: [13864] org.atalk.crypto.omemo.SQLiteOmemoStore.storeOmemoIdentityKeyPair().398 Store omemo identityKeyPair for :swordfish@atalk.org:2035726807
08-14 06:40:07.495 24339-26715/org.atalk.android I/aTalk: [13863] org.atalk.crypto.omemo.SQLiteOmemoStore.storeOmemoIdentityKey().472 Update identityKey for: hawk@atalk.org:1796289951
08-14 06:40:07.524 24339-26715/org.atalk.android W/aTalk: [13863] org.atalk.crypto.omemo.SQLiteOmemoStore.loadOmemoIdentityKeyPair().379 OMEMO IdentityKeyPairs is missing for: swordfish@atalk.org:1712211626
08-14 06:40:14.879 24339-26444/org.atalk.android D/SMACK: RECV (0): <presence xml:lang='en' to='swordfish@atalk.org/atalk' from='hawk@atalk.org/phone'><x xmlns='jabber:x:signed'>iQG4BAEBCgAiGxxjbWVuZyA8Y21lbmcuZ21AZ21haWwuY29tPgUCWMcG8AAKCRAnJWERuLqvl9O1C/wJqTV4Dnj5OAAF8LRF9x5PoXX3AXqexutZXY5GY7T1HDNwhzm2mDsRFjA30JyjFXIApDKh3ywgh3oBanwMXqPEt/5S78fABnz8fQdXg4xf51r512rGkM0tJJeVhBe1Ss904ZOg8C6U+i2wt3UJMaU7rlVo2ElvVxI7raQgtGORO9+RmE+4tDPR4QkBTFzcDyLBh5OTEvsk5RykjsPXX4fAkXdkmv1fjrmge3/1y7YDawmvJc1X8IWo/nME5Hp9SnfwtuAeYK8qZR+zeC5YxgSEibQz9FjoEXecLwlul8KKCu/DPRono8FpgBrT8I21Ll2a51OyGAW19vZZvluPEwdEB+JfprXoy3hTnz1yyTHkPKatxX8QjtRVUIKTdG780XglifH35fswZIMuIpzfvqL0vMYNGu0W8QDLY5Qs7YJYFnJPLV4WyaV4Ja903EcB/NrTZlhoccfyUYt3sUvCbeXfybaoqxDyYqyT+uYe9jQSl9XY3yMGcz5B3pLFBgZoZAE==MkF9</x><c xmlns='http://jabber.org/protocol/caps' node='http://conversations.im' hash='sha-1' ver='RA43lW+ZN1AFKhTXEN0L0973Tho='/><x xmlns='vcard-temp:x:update'><photo>7280e845763f6ea99e371a3bc8e0606575fcfe59</photo></x></presence>
08-14 06:40:14.893 24339-26720/org.atalk.android I/aTalk: [13866] impl.protocol.jabber.OperationSetPersistentPresenceJabberImpl.run().1234 Smack presence update for: hawk@atalk.org/phone - available
08-14 06:40:18.466 24339-26444/org.atalk.android D/SMACK: RECV (0): <message xml:lang='en' to='swordfish@atalk.org/atalk' from='hawk@atalk.org/phone' type='chat' id='49fcb2a3-16ca-4954-a669-d1fec0f02a1c'><encrypted xmlns='eu.siacs.conversations.axolotl'><header sid='1796289951'><key rid='604079208' prekey='true'>MwhQEiEFJB/3AXy0TfEOCyejgSdB0lP/YDtro6VpG0dH0FaO3VkaIQX8QouVTntcWS4pAzvBD598T2lhe3GEZTId9A8aJJSHXCJiMwohBW2ufNdtyJC6E8xq/SG2oWsc6+zegH7ISFr9TgFvRz4TEAAYACIwEk/93thWyj3DsTdF2reJNGZ/RNbaaBql5mL8ZzQ21fQMqbtwbMdEjqvqE96vAT6Qgp6VwBI9bx4on+vE2AYwAQ==</key><key rid='811776503'>MwohBRQCJIawlb3C7evgoTxJoayI3laKS98ZQ3mpRkLwO/ZIEAYYACIwrkcD5qSdfAa6CBMkAtpchVKLoA+zJgnfzw5Gxh6AYfy/BUG9JNCefIxW/nqXCsyT8IYTpwHBmRo=</key><key rid='1712211626'>MwohBRu5heZQrLEAkVoWycJf98PLGIqpzqrOqZEImkgBFIIcEAEYACIwWYJLuBA4dqvhx/KgL/t2ZievGT2bj0pliySpsNOzU+PxkQRghAf2nNJo9gkMVaqKoJWeptpoazo=</key><key rid='2035726807' prekey='true'>MwguEiEF9MWQpQO1sNI4Cb/zbWreAj1KDGX4T2JQ72Ohmarzp20aIQX8QouVTntcWS4pAzvBD598T2lhe3GEZTId9A8aJJSHXCJiMwohBfCmHXsDzxm6VN5ek7pdhw5kCt37LcsvTR4UIGMr9EwwEAAYACIw7AKXLY1UC4ytaNCpkG86xN7SWgCdUniVqmWqm6zzTImvM+k25mrNs1KYFlgzFCAJlP42+IQA8u8on+vE2AYwAQ==</key><iv>KVo1ht1Iz9cXd0cAoJmb4g==</iv></header><payload>ic7HWw==</payload></encrypted><markable xmlns='urn:xmpp:chat-markers:0'/><origin-id xmlns='urn:xmpp:sid:0' id='49fcb2a3-16ca-4954-a669-d1fec0f02a1c'/><store xmlns='urn:xmpp:hints'/><encryption xmlns='urn:xmpp:eme:0' namespace='eu.siacs.conversations.axolotl' name='OMEMO'/></message>
08-14 06:40:20.352 24339-26443/org.atalk.android D/SMACK: SENT (0): <iq to='swordfish@atalk.org' id='nOvEz-120' type='set'><pubsub xmlns='http://jabber.org/protocol/pubsub'><publish node='eu.siacs.conversations.axolotl.bundles:2035726807'><item><bundle xmlns='eu.siacs.conversations.axolotl'><signedPreKeyPublic signedPreKeyId='1'>BTksxbAzsKqWI29o8Rm9c12Cj/6vYlj5TrP8LCzINyQK</signedPreKeyPublic><signedPreKeySignature>bFdKU3mJO7SSFByX2LWnh1y8TxFGmFnH7ZcI4maM3MnY5OQBAMbz33LeazmhhIDl3RtImB/HV78lAr8+nKj3Dg==</signedPreKeySignature><identityKey>BaQ5iW7bmLObNFx1RMYzolnnymx0F62bQAmeCph9lDlD</identityKey><prekeys><preKeyPublic preKeyId='1'>BR9Q576qEodNfuOyTaUEdRR20SEBKqYP/Rpwgqw5Q9wJ</preKeyPublic><preKeyPublic preKeyId='2'>BTUE200D/Uh73xpN1jFl6/Qjo/zSXaeTw9HgeE/IHxIU</preKeyPublic>
<preKeyPublic preKeyId='23'>BbmuHaWCIp5w1ilUUjj4lxTS37/WCOZ7EHhUmPy25tAD</preKeyPublic><preKeyPublic preKeyId='25'>BdgQ1NEK4GskAEWzxrullNsCE80VRMV0jqbTmoUz+bYg</preKeyPublic>preKeyId='100'>BU88GgM3+nMd2Fjvhaq0WjKdr8KjBTDf+6DQJ/hPB/t7</preKeyPublic></prekeys></bundle></item></items></event><addresses xmlns='http://jabber.org/protocol/address'><address jid='swordfish@atalk.org/atalk' type='replyto'/></addresses></message>

========= Step #3=========

08-14 06:40:24.204 24339-26444/org.atalk.android D/SMACK: RECV (0): <iq xml:lang='en' to='swordfish@atalk.org/atalk' from='swordfish@atalk.org' type='result' id='nOvEz-121'><pubsub xmlns='http://jabber.org/protocol/pubsub'><publish node='eu.siacs.conversations.axolotl.bundles:1712211626'><item id='5FE30D59399E0'/></publish></pubsub></iq>
08-14 06:40:26.063 24339-26726/org.atalk.android W/aTalk: [13867] org.jivesoftware.smackx.omemo.OmemoService.onOmemoMessageStanzaReceived() No raw session found for contact hawk@atalk.org:1796289951. 
    org.jivesoftware.smackx.omemo.exceptions.NoRawSessionException: org.whispersystems.libsignal.InvalidMessageException: Incomplete message.
        at org.jivesoftware.smackx.omemo.signal.SignalOmemoRatchet.doubleRatchetDecrypt(SignalOmemoRatchet.java:128)
        at org.jivesoftware.smackx.omemo.OmemoRatchet.retrieveMessageKeyAndAuthTag(OmemoRatchet.java:103)
        at org.jivesoftware.smackx.omemo.OmemoService.decryptMessage(OmemoService.java:456)
        at org.jivesoftware.smackx.omemo.OmemoService.onOmemoMessageStanzaReceived(OmemoService.java:1236)
        at org.jivesoftware.smackx.omemo.OmemoManager$3$1.run(OmemoManager.java:990)
        at java.lang.Thread.run(Thread.java:764)
     Caused by: org.whispersystems.libsignal.InvalidMessageException: Incomplete message.
        at org.whispersystems.libsignal.protocol.SignalMessage.<init>(SignalMessage.java:58)
        at org.jivesoftware.smackx.omemo.signal.SignalOmemoRatchet.doubleRatchetDecrypt(SignalOmemoRatchet.java:121)
        at org.jivesoftware.smackx.omemo.OmemoRatchet.retrieveMessageKeyAndAuthTag(OmemoRatchet.java:103) 
        at org.jivesoftware.smackx.omemo.OmemoService.decryptMessage(OmemoService.java:456) 
        at org.jivesoftware.smackx.omemo.OmemoService.onOmemoMessageStanzaReceived(OmemoService.java:1236) 
        at org.jivesoftware.smackx.omemo.OmemoManager$3$1.run(OmemoManager.java:990) 
        at java.lang.Thread.run(Thread.java:764) 
08-14 06:40:26.064 24339-26726/org.atalk.android W/aTalk: [13867] org.jivesoftware.smackx.omemo.OmemoService.repairBrokenSessionWithPreKeyMessage() Attempt to repair the session by sending a fresh preKey message to hawk@atalk.org:1796289951

Can you confirm, that after regenerating the identity of one device, other devices are getting updated via PubSub? Especially the following exception makes me think that probably some PubSub device updates are lost:

This indicates, that the sending devices did for some reason not encrypt the message for the receiving device. That might be due to lack of trust, inactivity, or simply because the sending device doesn’t know that the receiving device exists.

Testing between swordfish and leopard. Observation;

1. Regenerate identity on swordfish, follow by sending first omemo message to leopard.
2. Upon received the omemo message, leopard proceeds to repair the prekeys
   i.e. Attempt to repair the session by sending a fresh preKey message to swordfish@atalk.org:843821226
3. Once the prekey has successfully repaired, swordfish and leopard are able to send/receive omemo message

What I observed is that the prekey repair on leopard, may not necessary be successful on the very first omemo message received. Actually the prekeys only get repair on the 3rd attempts in the test.
All messages use to trigger the repair are lost.

On a new test, after identity regen on swordfish, I manually logoff and login again; this will trigger the server to publish the new device list and receive by leopard. However leopard did nothing, I believe this was the subject we have discussed before i.e. leopard would not act until first omemo session.

08-14 18:11:47.838 5597-17069/org.atalk.android D/SMACK: RECV (1): <message to='leopard@atalk.org/atalk' from='swordfish@atalk.org' type='headline'><event xmlns='http://jabber.org/protocol/pubsub#event'><items node='eu.siacs.conversations.axolotl.devicelist'><item id='5FE3AF6384AE9'><list xmlns='eu.siacs.conversations.axolotl'><device id='1958116006'/><device id='843821226'/><device id='913503194'/><device id='1100769104'/><device id='778939968'/><device id='1973570556'/></list></item></items></event><addresses xmlns='http://jabber.org/protocol/address'><address jid='swordfish@atalk.org/atalk' type='replyto'/></addresses></message>
08-14 18:11:47.858 5597-17069/org.atalk.android D/SMACK: RECV (1): <r xmlns='urn:xmpp:sm:3'/>

Actually I am facing another major problem when doing identity regen test, I found at time the new omemo table is not properly generated with missing identity keyPair and missing key? Not sure if I did it too many times and too fast. I really need to take a look what is causing this. Just wonder if the lock up is due to broken omemo table.

One of the new problem I faced right now is that neither of swordfish and leopard can launch omemo session. I have traced the problem and found it is due to corrupted session record in both the leopard and swordfish, with corruption session on swordfish but different deviceID. This causes SessionCipher#encrypt() when execute sessionState.getSenderChainKey(), which contains zero key. I have tried to regen on swordfish and leapord, exist and relaunch aTalk on both devices. But none seems to help.

Any suggestion to get the devices out of this lockup problem, beside completely wipe out all the aTalk data?
update: on swordfish, I am able to unlock the state by “purge unused identities” which purges the deviceID and all its associated data. However this cannot apply to leopard as the corrupted session is with swordfish and not leopard.

while checking through the database, there are a total of 5 other swordfish active ghost devices for omemo message encryption. In actual fact we need only to encrypt for one. Any proposal that I can clear all these ghost devices from the server.

======================

08-14 17:43:16.328 5597-6024/org.atalk.android D/SMACK: RECV (0): <message xml:lang='en' to='leopard@atalk.org/atalk' from='swordfish@atalk.org/atalk' id='153423979489153966201'><encrypted xmlns='eu.siacs.conversations.axolotl'><header sid='843821226'><key rid='1288786947'>MwohBefIKWLSTUrQrEySZjsfWTJhCOk3lTCj37/T8g+iKu5HEAAYACIwoaNo79OufGQMLwgNwuf7UP6xr1apRmNE8BKLpR057fENrySfq/NnEqQ1F+609qty/qMMWrA4SIQ=</key><key prekey='true' rid='1958116006'>MwgjEiEFnEKRmWR6OFm8ZSQ5m8Hl+oO1roYrgEjdi3ylQ0nRDwAaIQXnBRRnExo2fXFwm8dhd6HuH9nK2NgSqZr40DPMeZZvTyJiMwohBeXdPeR7n2hkUZCX51FKON28HD1RvYOK3KQgs49L2EESEAQYACIwnYZQS+6kI0Tq5HP7EN1H4Lc/uijkrPQ3hX5dtYqyWAqtaJzcHUdt/AMXOCoJ2+9B5i6fm//I4dsoADAB</key><iv>V++ikUWmBxbfmMGzJnoszQ==</iv></header><payload>nys9</payload></encrypted><store xmlns='urn:xmpp:hints'/><encryption xmlns='urn:xmpp:eme:0' namespace='eu.siacs.conversations.axolotl' name='OMEMO'/><body>I sent you an OMEMO encrypted message but your client doesn&apos;t seem to support that. Find more information on https://conversations.im/omemo</body></message>
08-14 17:43:16.338 5597-6024/org.atalk.android D/SMACK: RECV (0): <r xmlns='urn:xmpp:sm:3'/>
08-14 17:43:16.348 5597-6023/org.atalk.android D/SMACK: SENT (0): <a xmlns='urn:xmpp:sm:3' h='235'/>
08-14 17:43:16.368 5597-15949/org.atalk.android W/aTalk: [69] org.jivesoftware.smackx.omemo.OmemoService.onOmemoMessageStanzaReceived() No raw session found for contact swordfish@atalk.org:843821226. 
    org.jivesoftware.smackx.omemo.exceptions.NoRawSessionException: org.whispersystems.libsignal.NoSessionException: No session for: swordfish@atalk.org:843821226
        at org.jivesoftware.smackx.omemo.signal.SignalOmemoRatchet.doubleRatchetDecrypt(SignalOmemoRatchet.java:128)
        at org.jivesoftware.smackx.omemo.OmemoRatchet.retrieveMessageKeyAndAuthTag(OmemoRatchet.java:103)
        at org.jivesoftware.smackx.omemo.OmemoService.decryptMessage(OmemoService.java:456)
        at org.jivesoftware.smackx.omemo.OmemoService.onOmemoMessageStanzaReceived(OmemoService.java:1236)
        at org.jivesoftware.smackx.omemo.OmemoManager$3$1.run(OmemoManager.java:990)
        at java.lang.Thread.run(Thread.java:818)
     Caused by: org.whispersystems.libsignal.NoSessionException: No session for: swordfish@atalk.org:843821226
        at org.whispersystems.libsignal.SessionCipher.decrypt(SessionCipher.java:239)
        at org.whispersystems.libsignal.SessionCipher.decrypt(SessionCipher.java:211)
        at org.jivesoftware.smackx.omemo.signal.SignalOmemoRatchet.doubleRatchetDecrypt(SignalOmemoRatchet.java:122)
        at org.jivesoftware.smackx.omemo.OmemoRatchet.retrieveMessageKeyAndAuthTag(OmemoRatchet.java:103) 
        at org.jivesoftware.smackx.omemo.OmemoService.decryptMessage(OmemoService.java:456) 
        at org.jivesoftware.smackx.omemo.OmemoService.onOmemoMessageStanzaReceived(OmemoService.java:1236) 
        at org.jivesoftware.smackx.omemo.OmemoManager$3$1.run(OmemoManager.java:990) 
        at java.lang.Thread.run(Thread.java:818) 
08-14 17:43:16.378 5597-15949/org.atalk.android W/aTalk: [69] org.jivesoftware.smackx.omemo.OmemoService.repairBrokenSessionWithPreKeyMessage() Attempt to repair the session by sending a fresh preKey message to swordfish@atalk.org:843821226
08-14 17:43:16.378 5597-6023/org.atalk.android D/SMACK: SENT (0): <iq to='swordfish@atalk.org' id='A0BvP-489' type='get'><query xmlns='http://jabber.org/protocol/disco#info' node='eu.siacs.conversations.axolotl.bundles:843821226'></query></iq>
08-14 17:43:16.398 5597-6024/org.atalk.android D/SMACK: RECV (0): <iq xml:lang='en' to='leopard@atalk.org/atalk' from='swordfish@atalk.org' type='result' id='A0BvP-489'><query node='eu.siacs.conversations.axolotl.bundles:843821226' xmlns='http://jabber.org/protocol/disco#info'><identity type='registered' category='account'/></query></iq>
08-14 17:43:16.408 5597-6024/org.atalk.android D/SMACK: RECV (0): <r xmlns='urn:xmpp:sm:3'/>
08-14 17:43:16.408 5597-6023/org.atalk.android D/SMACK: SENT (0): <a xmlns='urn:xmpp:sm:3' h='236'/>
08-14 17:43:16.428 5597-15949/org.atalk.android W/aTalk: [69] org.jivesoftware.smackx.omemo.OmemoService.repairBrokenSessionWithPreKeyMessage() Unable to repair session with swordfish@atalk.org:843821226
    org.jivesoftware.smackx.omemo.exceptions.CannotEstablishOmemoSessionException
        at org.jivesoftware.smackx.omemo.OmemoService.buildFreshSessionWithDevice(OmemoService.java:787)
        at org.jivesoftware.smackx.omemo.OmemoService.repairBrokenSessionWithPreKeyMessage(OmemoService.java:1371)
        at org.jivesoftware.smackx.omemo.OmemoService.onOmemoMessageStanzaReceived(OmemoService.java:1257)
        at org.jivesoftware.smackx.omemo.OmemoManager$3$1.run(OmemoManager.java:990)
        at java.lang.Thread.run(Thread.java:818)


08-14 17:44:06.808 5597-6024/org.atalk.android D/SMACK: RECV (0): <message xml:lang='en' to='leopard@atalk.org/atalk' from='swordfish@atalk.org/atalk' id='1534239845314211167452'><encrypted xmlns='eu.siacs.conversations.axolotl'><header sid='843821226'><key rid='1288786947'>MwohBefIKWLSTUrQrEySZjsfWTJhCOk3lTCj37/T8g+iKu5HEAIYACIwxxU4BAU8pwUXkVqJDYltNCMbA9UWpvyBAKUSjsPc5bA8TJqyuOf95mjhw5hyollss286OT6ksIU=</key><key prekey='true' rid='1958116006'>MwgjEiEFnEKRmWR6OFm8ZSQ5m8Hl+oO1roYrgEjdi3ylQ0nRDwAaIQXnBRRnExo2fXFwm8dhd6HuH9nK2NgSqZr40DPMeZZvTyJiMwohBeXdPeR7n2hkUZCX51FKON28HD1RvYOK3KQgs49L2EESEAYYACIw9Zb3t+8awTOurxpb5UAuSI3+VwkWI2w4Kgx9rAnmPwSNHr0jNrKv7OAQ//Rnp8BQz8Xp/AeYj3IoADAB</key><key prekey='true' rid='913503194'>MwgzEiEF43bUvNa+4yfrfVI8EjNkncAqvo/b/wrWFnqgLsdOijMaIQUQSLHRWj3v3p0mbT1TVMU0OYvD3XTzlKBx76DFU2G7OCJiMwohBXKNl+xsnehvoMMgj4jlKiEG+9UJI5H25JMF6GjhdM9pEAAYACIwBFmSHlCEOws3oCs/ibH5BHewl0CiaT9HUb3u1SrVEfHMezCgchizQ2dx1PZ3UoRWHNpZ78ektaQoADAB</key><iv>SaX+OJnItExrbc6Tbi4AYg==</iv></header><payload>RGIa7g==</payload></encrypted><store xmlns='urn:xmpp:hints'/><encryption xmlns='urn:xmpp:eme:0' namespace='eu.siacs.conversations.axolotl' name='OMEMO'/><body>I sent you an OMEMO encrypted message but your client doesn&apos;t seem to support that. Find more information on https://conversations.im/omemo</body></message>
08-14 17:44:06.828 5597-6024/org.atalk.android D/SMACK: RECV (0): <r xmlns='urn:xmpp:sm:3'/>
08-14 17:44:06.838 5597-6023/org.atalk.android D/SMACK: SENT (0): <a xmlns='urn:xmpp:sm:3' h='242'/>
08-14 17:44:06.858 5597-16026/org.atalk.android W/aTalk: [71] org.jivesoftware.smackx.omemo.OmemoService.onOmemoMessageStanzaReceived() No raw session found for contact swordfish@atalk.org:843821226. 
    org.jivesoftware.smackx.omemo.exceptions.NoRawSessionException: org.whispersystems.libsignal.NoSessionException: No session for: swordfish@atalk.org:843821226
        at org.jivesoftware.smackx.omemo.signal.SignalOmemoRatchet.doubleRatchetDecrypt(SignalOmemoRatchet.java:128)
        at org.jivesoftware.smackx.omemo.OmemoRatchet.retrieveMessageKeyAndAuthTag(OmemoRatchet.java:103)
        at org.jivesoftware.smackx.omemo.OmemoService.decryptMessage(OmemoService.java:456)
        at org.jivesoftware.smackx.omemo.OmemoService.onOmemoMessageStanzaReceived(OmemoService.java:1236)
        at org.jivesoftware.smackx.omemo.OmemoManager$3$1.run(OmemoManager.java:990)
        at java.lang.Thread.run(Thread.java:818)
     Caused by: org.whispersystems.libsignal.NoSessionException: No session for: swordfish@atalk.org:843821226
        at org.whispersystems.libsignal.SessionCipher.decrypt(SessionCipher.java:239)
        at org.whispersystems.libsignal.SessionCipher.decrypt(SessionCipher.java:211)
        at org.jivesoftware.smackx.omemo.signal.SignalOmemoRatchet.doubleRatchetDecrypt(SignalOmemoRatchet.java:122)
        at org.jivesoftware.smackx.omemo.OmemoRatchet.retrieveMessageKeyAndAuthTag(OmemoRatchet.java:103) 
        at org.jivesoftware.smackx.omemo.OmemoService.decryptMessage(OmemoService.java:456) 
        at org.jivesoftware.smackx.omemo.OmemoService.onOmemoMessageStanzaReceived(OmemoService.java:1236) 
        at org.jivesoftware.smackx.omemo.OmemoManager$3$1.run(OmemoManager.java:990) 
        at java.lang.Thread.run(Thread.java:818) 
    [71] org.jivesoftware.smackx.omemo.OmemoService.repairBrokenSessionWithPreKeyMessage() Attempt to repair the session by sending a fresh preKey message to swordfish@atalk.org:843821226
08-14 17:44:06.858 5597-6023/org.atalk.android D/SMACK: SENT (0): <iq to='swordfish@atalk.org' id='A0BvP-501' type='get'><query xmlns='http://jabber.org/protocol/disco#info' node='eu.siacs.conversations.axolotl.bundles:843821226'></query></iq>
08-14 17:44:06.908 5597-6024/org.atalk.android D/SMACK: RECV (0): <iq xml:lang='en' to='leopard@atalk.org/atalk' from='swordfish@atalk.org' type='result' id='A0BvP-501'><query node='eu.siacs.conversations.axolotl.bundles:843821226' xmlns='http://jabber.org/protocol/disco#info'><identity type='pep' category='pubsub'/><identity type='leaf' category='pubsub'/><identity type='registered' category='account'/><feature var='http://jabber.org/protocol/pubsub'/><feature var='http://jabber.org/protocol/rsm'/><feature var='http://jabber.org/protocol/pubsub#create-nodes'/><feature var='http://jabber.org/protocol/pubsub#auto-create'/><feature var='http://jabber.org/protocol/pubsub#auto-subscribe'/><feature var='http://jabber.org/protocol/pubsub#delete-nodes'/><feature var='http://jabber.org/protocol/pubsub#delete-items'/><feature var='http://jabber.org/protocol/pubsub#filtered-notifications'/><feature var='http://jabber.org/protocol/pubsub#modify-affiliations'/><feature var='http://jabber.org/protocol/pubsub#outcast-affiliation'/><feature var='http://jabber.org/protocol/pubsub#persistent-items'/><feature var='http://jabber.org/protocol/pubsub#publish'/><feature var='http://jabber.org/protocol/pubsub#publish-options'/><feature var='http://jabber.org/protocol/pubsub#purge-nodes'/><feature var='http://jabber.org/protocol/pubsub#retract-items'/><feature var='http://jabber.org/protocol/pubsub#retrieve-affiliations'/><feature var='http://jabber.org/protocol/pubsub#retrieve-items'/><feature var='http://jabber.org/protocol/pubsub#retrieve-subscriptions'/><feature var='http://jabber.org/protocol/pubsub#subscribe'/></query></iq>
08-14 17:44:06.918 5597-6024/org.atalk.android D/SMACK: RECV (0): <r xmlns='urn:xmpp:sm:3'/>
08-14 17:44:06.918 5597-6023/org.atalk.android D/SMACK: SENT (0): <iq to='swordfish@atalk.org' id='A0BvP-503' type='get'><pubsub xmlns='http://jabber.org/protocol/pubsub'><items node='eu.siacs.conversations.axolotl.bundles:843821226'/></pubsub></iq>
08-14 17:44:06.928 5597-6023/org.atalk.android D/SMACK: SENT (0): <a xmlns='urn:xmpp:sm:3' h='243'/>
08-14 17:44:06.978 5597-6024/org.atalk.android D/SMACK: RECV (0): <iq xml:lang='en' to='leopard@atalk.org/atalk' from='swordfish@atalk.org' type='result' id='A0BvP-503'><pubsub xmlns='http://jabber.org/protocol/pubsub'><items node='eu.siacs.conversations.axolotl.bundles:843821226'><item id='5FE3A8D77CDE8'><bundle xmlns='eu.siacs.conversations.axolotl'><signedPreKeyPublic signedPreKeyId='1'>BchzG7SogaFzm+GbuCPAzd02GxA79vY4sClxsdur0aIx</signedPreKeyPublic><signedPreKeySignature>f5Y+rybDHcLQU4f0o4D8sahtVg3az9cDej8VncN7hrsBOJftZRE8gtlZnPPciAPuqzf6KA1Vh8COkVrTLY4Jjg==</signedPreKeySignature><identityKey>BRBIsdFaPe/enSZtPVNUxTQ5i8PddPOUoHHvoMVTYbs4</identityKey><prekeys><preKeyPublic preKeyId='1'>BR7eYEHpMcj+PjUQWGUTwHmiIeNLEJtHseXBOa0MLPZL</preKeyPublic><preKeyPublic preKeyId='2'>BUbf0wHATexcGOknOq0PWVGGYNnTlHOCGKwO4St7W4Vg</preKeyPublic><preKeyPublic preKeyId='3'>BW696Xw+6QpFRiGcHRte7ps7we3wx4v3voXqm/1JrHsw</preKeyPublic><preKeyPublic

I am facing same problem. suddenly one user cannot receive message from a specific user.

Have anyone of you found the solution?

Did you do some debugging to figure out why your client cannot decrypt the message?

I have got different type of issues in different times. i am adding log here.

2019-11-14 10:42:48.571 12453-13470/? W/OmemoService: Could not decrypt incoming message: 
    org.jivesoftware.smackx.omemo.exceptions.MultipleCryptoFailedException: Multiple CryptoFailedExceptions: org.jivesoftware.smackx.omemo.exceptions.CryptoFailedException: org.jivesoftware.smackx.omemo.exceptions.NoRawSessionException: org.whispersystems.libsignal.InvalidMessageException: No valid sessions.
        at org.jivesoftware.smackx.omemo.OmemoRatchet.retrieveMessageKeyAndAuthTag(OmemoRatchet.java:72)
        at org.jivesoftware.smackx.omemo.OmemoService.decryptMessage(OmemoService.java:272)
        at org.jivesoftware.smackx.omemo.OmemoService.onOmemoMessageStanzaReceived(OmemoService.java:719)
        at org.jivesoftware.smackx.omemo.OmemoManager$1$1.run(OmemoManager.java:93)
        at java.lang.Thread.run(Thread.java:762)

2019-11-14 10:46:11.101 12170-12695/org.yaxim.mist W/OmemoService: Could not decrypt incoming message: 
    org.jivesoftware.smackx.omemo.exceptions.MultipleCryptoFailedException: Multiple CryptoFailedExceptions: org.jivesoftware.smackx.omemo.exceptions.CryptoFailedException: Untrusted OMEMO Identity encountered:
    Fingerprint of trusted key:
    98d6bf91 992f07fc c53998a3 4d760f97 91a5a6e8 8b8a91d6 e75a895e b45b9323
    Fingerprint of untrusted key:
    8c9ade22 4b9a4640 324276c5 69c5bb17 3d776a5e 301c6d3e 1a7839f4 f504144a
        at org.jivesoftware.smackx.omemo.OmemoRatchet.retrieveMessageKeyAndAuthTag(OmemoRatchet.java:72)
        at org.jivesoftware.smackx.omemo.OmemoService.decryptMessage(OmemoService.java:272)
        at org.jivesoftware.smackx.omemo.OmemoService.onOmemoMessageStanzaReceived(OmemoService.java:719)
        at org.jivesoftware.smackx.omemo.OmemoManager$1$1.run(OmemoManager.java:93)
        at java.lang.Thread.run(Thread.java:764)

2019-11-14 12:04:11.427 23652-24838/? W/OmemoService: Could not decrypt incoming message: 
    org.jivesoftware.smackx.omemo.exceptions.CryptoFailedException: MessageKey has wrong length: 32. Probably legacy auth tag format.
        at org.jivesoftware.smackx.omemo.OmemoRatchet.retrieveMessageKeyAndAuthTag(OmemoRatchet.java:66)
        at org.jivesoftware.smackx.omemo.OmemoService.decryptMessage(OmemoService.java:272)
        at org.jivesoftware.smackx.omemo.OmemoService.onOmemoMessageStanzaReceived(OmemoService.java:719)
        at org.jivesoftware.smackx.omemo.OmemoManager$1$1.run(OmemoManager.java:93)
        at java.lang.Thread.run(Thread.java:762)

The first error is probably caused by a missing session record.

The second error is caused by the sending device having an untrusted key while the trust store contains another (trusted) key with the same ID. This is unusual…

The third error is caused by the sending device using an older, insecure format for which smack-omemo dropped support a long time ago.

W OmemoService: Could not decrypt incoming message: 
12-04 17:25:30.330 13654 14348 W OmemoService: org.jivesoftware.smackx.omemo.exceptions.CryptoFailedException: Transported key could not be decrypted, since no suitable message key was provided. Provides keys: [1510507283, 1485862397, 1266407008, 1107296728, 899468940, 1714159202, 2079063897, 994957244, -1, -1, 1459842197, 713540609, 633320336, 1649317193, 362932914, 1845001114, 1005194528, 840947151, 1228679105, 1272474140, 1174642054, 2025118671, 406256714, 1858720810, 272147745, 1849543056, 386632700, 1354047660, 1888333421, 1633898323, 671125153, 1662549802, 1991581210, -1, 629440555, 1022727672, 877558508, 1474677501, 149249651, 1560798580, 2086219717, 1229919363, 194337662]
12-04 17:25:30.330 13654 14348 W OmemoService: 	at org.jivesoftware.smackx.omemo.OmemoRatchet.retrieveMessageKeyAndAuthTag(OmemoRatchet.java:71)
12-04 17:25:30.330 13654 14348 W OmemoService: 	at org.jivesoftware.smackx.omemo.OmemoService.decryptMessage(OmemoService.java:274)
12-04 17:25:30.330 13654 14348 W OmemoService: 	at org.jivesoftware.smackx.omemo.OmemoService.onOmemoMessageStanzaReceived(OmemoService.java:725)
12-04 17:25:30.330 13654 14348 W OmemoService: 	at org.jivesoftware.smackx.omemo.OmemoManager$1$1.run(OmemoManager.java:96)
12-04 17:25:30.330 13654 14348 W OmemoService: 	at java.lang.Thread.run(Thread.java:764)

12-04 17:25:30.425 13654 14359 W OmemoService: Could not decrypt incoming message: 
12-04 17:25:30.425 13654 14359 W OmemoService: org.jivesoftware.smackx.omemo.exceptions.MultipleCryptoFailedException: Multiple CryptoFailedExceptions: org.jivesoftware.smackx.omemo.exceptions.CryptoFailedException: org.jivesoftware.smackx.omemo.exceptions.NoRawSessionException: org.whispersystems.libsignal.NoSessionException: No session for: mist@conference.ckotha.com:406256714
12-04 17:25:30.425 13654 14359 W OmemoService: 	at org.jivesoftware.smackx.omemo.OmemoRatchet.retrieveMessageKeyAndAuthTag(OmemoRatchet.java:73)
12-04 17:25:30.425 13654 14359 W OmemoService: 	at org.jivesoftware.smackx.omemo.OmemoService.decryptMessage(OmemoService.java:274)
12-04 17:25:30.425 13654 14359 W OmemoService: 	at org.jivesoftware.smackx.omemo.OmemoService.onOmemoMessageStanzaReceived(OmemoService.java:725)
12-04 17:25:30.425 13654 14359 W OmemoService: 	at org.jivesoftware.smackx.omemo.OmemoManager$1$1.run(OmemoManager.java:96)
12-04 17:25:30.425 13654 14359 W OmemoService: 	at java.lang.Thread.run(Thread.java:764)

@Paul_Schaub, can give idea about trust? i check trust every time while sending message.

if(!omemoManager.isTrustedOmemoIdentity(d, fingerprints.get(d)))
{
     Log.e("Omemo","OmemoDevice trust");
    omemoManager.trustOmemoIdentity(d, fingerprints.get(d));
}
``
but actually it uses trust only once.

@Paul_Schaub, I have posted several logs.

Do you have any idea why those occur and what are solutions?

The first error is probably caused by a missing session record.

what should i do?

and other also?