about summary refs log tree commit diff stats
path: root/src
diff options
context:
space:
mode:
authorPaul Fariello <paul@fariello.eu>2019-02-26 20:33:06 +0140
committerPaul Fariello <paul@fariello.eu>2019-04-10 16:03:50 +0200
commit0fb27dc4961608eb9b088ca659eb087dd2c1cae7 (patch)
treecaf8fd8ac5d330e98376b98f471115303b8cc523 /src
parentb1ae220aa47ff503fe368e4802061be159dfb42b (diff)
downloadprofani-tty-0fb27dc4961608eb9b088ca659eb087dd2c1cae7.tar.gz
Add OMEMO message encryption and decryption
Diffstat (limited to 'src')
-rw-r--r--src/command/cmd_funcs.c1
-rw-r--r--src/config/preferences.c28
-rw-r--r--src/config/preferences.h3
-rw-r--r--src/event/client_events.c19
-rw-r--r--src/log.c34
-rw-r--r--src/log.h2
-rw-r--r--src/omemo/crypto.c194
-rw-r--r--src/omemo/crypto.h14
-rw-r--r--src/omemo/omemo.c172
-rw-r--r--src/omemo/omemo.h12
-rw-r--r--src/omemo/store.c12
-rw-r--r--src/ui/chatwin.c2
-rw-r--r--src/ui/ui.h3
-rw-r--r--src/ui/window.c2
-rw-r--r--src/xmpp/message.c203
-rw-r--r--src/xmpp/omemo.c4
-rw-r--r--src/xmpp/xmpp.h1
17 files changed, 672 insertions, 34 deletions
diff --git a/src/command/cmd_funcs.c b/src/command/cmd_funcs.c
index 66715d20..de3372cd 100644
--- a/src/command/cmd_funcs.c
+++ b/src/command/cmd_funcs.c
@@ -7949,6 +7949,7 @@ cmd_omemo_start(ProfWin *window, const char *const command, gchar **args)
         }
 
         omemo_start_session(barejid);
+        chatwin->is_omemo = TRUE;
     }
 
     return TRUE;
diff --git a/src/config/preferences.c b/src/config/preferences.c
index 265e11db..7d0c91fc 100644
--- a/src/config/preferences.c
+++ b/src/config/preferences.c
@@ -58,6 +58,7 @@
 #define PREF_GROUP_ALIAS "alias"
 #define PREF_GROUP_OTR "otr"
 #define PREF_GROUP_PGP "pgp"
+#define PREF_GROUP_OMEMO "omemo"
 #define PREF_GROUP_MUC "muc"
 #define PREF_GROUP_PLUGINS "plugins"
 
@@ -823,6 +824,33 @@ prefs_set_pgp_char(char ch)
 }
 
 char
+prefs_get_omemo_char(void)
+{
+    char result = '~';
+
+    char *resultstr = g_key_file_get_string(prefs, PREF_GROUP_OMEMO, "omemo.char", NULL);
+    if (!resultstr) {
+        result =  '~';
+    } else {
+        result = resultstr[0];
+    }
+    free(resultstr);
+
+    return result;
+}
+
+void
+prefs_set_omemo_char(char ch)
+{
+    char str[2];
+    str[0] = ch;
+    str[1] = '\0';
+
+    g_key_file_set_string(prefs, PREF_GROUP_OMEMO, "omemo.char", str);
+    _save_prefs();
+}
+
+char
 prefs_get_roster_header_char(void)
 {
     char result = 0;
diff --git a/src/config/preferences.h b/src/config/preferences.h
index 65dee327..a4d82967 100644
--- a/src/config/preferences.h
+++ b/src/config/preferences.h
@@ -148,6 +148,7 @@ typedef enum {
     PREF_STATUSBAR_SELF,
     PREF_STATUSBAR_CHAT,
     PREF_STATUSBAR_ROOM,
+    PREF_OMEMO_LOG,
 } preference_t;
 
 typedef struct prof_alias_t {
@@ -216,6 +217,8 @@ char prefs_get_otr_char(void);
 void prefs_set_otr_char(char ch);
 char prefs_get_pgp_char(void);
 void prefs_set_pgp_char(char ch);
+char prefs_get_omemo_char(void);
+void prefs_set_omemo_char(char ch);
 
 char prefs_get_roster_header_char(void);
 void prefs_set_roster_header_char(char ch);
diff --git a/src/event/client_events.c b/src/event/client_events.c
index 3b6218ea..76a38b15 100644
--- a/src/event/client_events.c
+++ b/src/event/client_events.c
@@ -54,6 +54,10 @@
 #include "pgp/gpg.h"
 #endif
 
+#ifdef HAVE_OMEMO
+#include "omemo/omemo.h"
+#endif
+
 jabber_conn_status_t
 cl_ev_connect_jid(const char *const jid, const char *const passwd, const char *const altdomain, const int port, const char *const tls_policy)
 {
@@ -203,6 +207,21 @@ cl_ev_send_msg(ProfChatWin *chatwin, const char *const msg, const char *const oo
 #endif
 #endif
 
+#ifdef HAVE_OMEMO
+    if (chatwin->is_omemo) {
+        omemo_on_message_send(chatwin, plugin_msg, request_receipt);
+    } else {
+        char *id = message_send_chat(chatwin->barejid, plugin_msg, oob_url, request_receipt);
+        chat_log_msg_out(chatwin->barejid, plugin_msg);
+        chatwin_outgoing_msg(chatwin, plugin_msg, id, PROF_MSG_PLAIN, request_receipt);
+        free(id);
+    }
+
+    plugins_post_chat_message_send(chatwin->barejid, plugin_msg);
+    free(plugin_msg);
+    return;
+#endif
+
 // OTR unsupported, PGP unsupported
 #ifndef HAVE_LIBOTR
 #ifndef HAVE_LIBGPGME
diff --git a/src/log.c b/src/log.c
index 0133a6cf..090fd2f8 100644
--- a/src/log.c
+++ b/src/log.c
@@ -305,6 +305,23 @@ chat_log_pgp_msg_out(const char *const barejid, const char *const msg)
 }
 
 void
+chat_log_omemo_msg_out(const char *const barejid, const char *const msg)
+{
+    if (prefs_get_boolean(PREF_CHLOG)) {
+        const char *jid = connection_get_fulljid();
+        Jid *jidp = jid_create(jid);
+        char *pref_omemo_log = prefs_get_string(PREF_OMEMO_LOG);
+        if (strcmp(pref_omemo_log, "on") == 0) {
+            _chat_log_chat(jidp->barejid, barejid, msg, PROF_OUT_LOG, NULL);
+        } else if (strcmp(pref_omemo_log, "redact") == 0) {
+            _chat_log_chat(jidp->barejid, barejid, "[redacted]", PROF_OUT_LOG, NULL);
+        }
+        prefs_free_string(pref_omemo_log);
+        jid_destroy(jidp);
+    }
+}
+
+void
 chat_log_otr_msg_in(const char *const barejid, const char *const msg, gboolean was_decrypted, GDateTime *timestamp)
 {
     if (prefs_get_boolean(PREF_CHLOG)) {
@@ -339,6 +356,23 @@ chat_log_pgp_msg_in(const char *const barejid, const char *const msg, GDateTime
 }
 
 void
+chat_log_omemo_msg_in(const char *const barejid, const char *const msg, GDateTime *timestamp)
+{
+    if (prefs_get_boolean(PREF_CHLOG)) {
+        const char *jid = connection_get_fulljid();
+        Jid *jidp = jid_create(jid);
+        char *pref_omemo_log = prefs_get_string(PREF_OMEMO_LOG);
+        if (strcmp(pref_omemo_log, "on") == 0) {
+            _chat_log_chat(jidp->barejid, barejid, msg, PROF_IN_LOG, timestamp);
+        } else if (strcmp(pref_omemo_log, "redact") == 0) {
+            _chat_log_chat(jidp->barejid, barejid, "[redacted]", PROF_IN_LOG, timestamp);
+        }
+        prefs_free_string(pref_omemo_log);
+        jid_destroy(jidp);
+    }
+}
+
+void
 chat_log_msg_in(const char *const barejid, const char *const msg, GDateTime *timestamp)
 {
     if (prefs_get_boolean(PREF_CHLOG)) {
diff --git a/src/log.h b/src/log.h
index 43a34ca1..b14231b7 100644
--- a/src/log.h
+++ b/src/log.h
@@ -71,10 +71,12 @@ void chat_log_init(void);
 void chat_log_msg_out(const char *const barejid, const char *const msg);
 void chat_log_otr_msg_out(const char *const barejid, const char *const msg);
 void chat_log_pgp_msg_out(const char *const barejid, const char *const msg);
+void chat_log_omemo_msg_out(const char *const barejid, const char *const msg);
 
 void chat_log_msg_in(const char *const barejid, const char *const msg, GDateTime *timestamp);
 void chat_log_otr_msg_in(const char *const barejid, const char *const msg, gboolean was_decrypted, GDateTime *timestamp);
 void chat_log_pgp_msg_in(const char *const barejid, const char *const msg, GDateTime *timestamp);
+void chat_log_omemo_msg_in(const char *const barejid, const char *const msg, GDateTime *timestamp);
 
 void chat_log_close(void);
 GSList* chat_log_get_previous(const gchar *const login, const gchar *const recipient);
diff --git a/src/omemo/crypto.c b/src/omemo/crypto.c
index a986c729..73b2ba0d 100644
--- a/src/omemo/crypto.c
+++ b/src/omemo/crypto.c
@@ -2,7 +2,9 @@
 #include <signal/signal_protocol.h>
 #include <signal/signal_protocol_types.h>
 #include <sodium.h>
+#include <gcrypt.h>
 
+#include "omemo/omemo.h"
 #include "omemo/crypto.h"
 
 int
@@ -12,10 +14,12 @@ omemo_crypto_init(void)
         return -1;
     }
 
-    if (crypto_aead_aes256gcm_is_available() == 0) {
+    if (!gcry_check_version(GCRYPT_VERSION)) {
         return -1;
     }
 
+    gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
+
     return 0;
 }
 
@@ -96,41 +100,195 @@ int
 omemo_encrypt_func(signal_buffer **output, int cipher, const uint8_t *key, size_t key_len, const uint8_t *iv, size_t iv_len,
     const uint8_t *plaintext, size_t plaintext_len, void *user_data)
 {
+    gcry_cipher_hd_t hd;
+    unsigned char *padded_plaintext;
     unsigned char *ciphertext;
-    unsigned long long ciphertext_len;
+    size_t ciphertext_len;
+    int mode;
+    int algo;
+    uint8_t padding = 0;
+
+    switch (key_len) {
+        case 32:
+            algo = GCRY_CIPHER_AES256;
+            break;
+        default:
+            return OMEMO_ERR_UNSUPPORTED_CRYPTO;
+    }
 
-    assert(cipher != SG_CIPHER_AES_GCM_NOPADDING);
-    assert(key_len == crypto_aead_aes256gcm_KEYBYTES);
-    assert(iv_len == crypto_aead_aes256gcm_NPUBBYTES);
+    switch (cipher) {
+        case SG_CIPHER_AES_CBC_PKCS5:
+            mode = GCRY_CIPHER_MODE_CBC;
+            break;
+        default:
+            return OMEMO_ERR_UNSUPPORTED_CRYPTO;
+    }
 
-    ciphertext = malloc(plaintext_len + crypto_aead_aes256gcm_ABYTES);
-    crypto_aead_aes256gcm_encrypt(ciphertext, &ciphertext_len, plaintext, plaintext_len, NULL, 0, NULL, iv, key);
+    gcry_cipher_open(&hd, algo, mode, GCRY_CIPHER_SECURE);
+
+    gcry_cipher_setkey(hd, key, key_len);
+
+    switch (cipher) {
+        case SG_CIPHER_AES_CBC_PKCS5:
+            gcry_cipher_setiv(hd, iv, iv_len);
+            padding = 16 - (plaintext_len % 16);
+            break;
+        default:
+            assert(FALSE);
+    }
+
+    padded_plaintext = malloc(plaintext_len + padding);
+    memcpy(padded_plaintext, plaintext, plaintext_len);
+    memset(padded_plaintext + plaintext_len, padding, padding);
+
+    ciphertext_len = plaintext_len + padding;
+    ciphertext = malloc(ciphertext_len);
+    gcry_cipher_encrypt(hd, ciphertext, ciphertext_len, padded_plaintext, plaintext_len + padding);
 
     *output = signal_buffer_create(ciphertext, ciphertext_len);
+    free(padded_plaintext);
     free(ciphertext);
 
-    return 0;
+    gcry_cipher_close(hd);
+
+    return SG_SUCCESS;
 }
 
 int
 omemo_decrypt_func(signal_buffer **output, int cipher, const uint8_t *key, size_t key_len, const uint8_t *iv, size_t iv_len,
     const uint8_t *ciphertext, size_t ciphertext_len, void *user_data)
 {
+    int ret = SG_SUCCESS;
+    gcry_cipher_hd_t hd;
     unsigned char *plaintext;
-    unsigned long long plaintext_len;
+    size_t plaintext_len;
+    int mode;
+    int algo;
+    uint8_t padding = 0;
 
-    assert(cipher != SG_CIPHER_AES_GCM_NOPADDING);
-    assert(key_len == crypto_aead_aes256gcm_KEYBYTES);
-    assert(iv_len == crypto_aead_aes256gcm_NPUBBYTES);
+    switch (key_len) {
+        case 32:
+            algo = GCRY_CIPHER_AES256;
+            break;
+        default:
+            return OMEMO_ERR_UNSUPPORTED_CRYPTO;
+    }
 
-    plaintext = malloc(ciphertext_len - crypto_aead_aes256gcm_ABYTES);
-    if (crypto_aead_aes256gcm_decrypt(plaintext, &plaintext_len, NULL, ciphertext, ciphertext_len, NULL, 0, iv, key) < 0) {
-        free(plaintext);
-        return -1;
+    switch (cipher) {
+        case SG_CIPHER_AES_CBC_PKCS5:
+            mode = GCRY_CIPHER_MODE_CBC;
+            break;
+        default:
+            return OMEMO_ERR_UNSUPPORTED_CRYPTO;
     }
 
-    *output = signal_buffer_create(plaintext, plaintext_len);
+    gcry_cipher_open(&hd, algo, mode, GCRY_CIPHER_SECURE);
+
+    gcry_cipher_setkey(hd, key, key_len);
+
+    switch (cipher) {
+        case SG_CIPHER_AES_CBC_PKCS5:
+            gcry_cipher_setiv(hd, iv, iv_len);
+            break;
+        default:
+            assert(FALSE);
+    }
+
+    plaintext_len = ciphertext_len;
+    plaintext = malloc(plaintext_len);
+    gcry_cipher_decrypt(hd, plaintext, plaintext_len, ciphertext, ciphertext_len);
+
+    switch (cipher) {
+        case SG_CIPHER_AES_CBC_PKCS5:
+            padding = plaintext[plaintext_len - 1];
+            break;
+        default:
+            assert(FALSE);
+    }
+
+    int i;
+    for (i = 0; i < padding; i++) {
+        if (plaintext[plaintext_len - 1 - i] != padding) {
+            ret = SG_ERR_UNKNOWN;
+            goto out;
+        }
+    }
+
+    *output = signal_buffer_create(plaintext, plaintext_len - padding);
+
+out:
     free(plaintext);
 
-    return 0;
+    gcry_cipher_close(hd);
+
+    return ret;
+}
+
+int
+aes128gcm_encrypt(unsigned char *ciphertext, size_t *ciphertext_len, const unsigned char *const plaintext, size_t plaintext_len, const unsigned char *const iv, const unsigned char *const key)
+{
+    gcry_error_t res;
+    gcry_cipher_hd_t hd;
+
+    res = gcry_cipher_open(&hd, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_GCM, GCRY_CIPHER_SECURE);
+    if (res != GPG_ERR_NO_ERROR) {
+        goto out;
+    }
+    res = gcry_cipher_setkey(hd, key, AES128_GCM_KEY_LENGTH);
+    if (res != GPG_ERR_NO_ERROR) {
+        goto out;
+    }
+    res = gcry_cipher_setiv(hd, iv, AES128_GCM_IV_LENGTH);
+    if (res != GPG_ERR_NO_ERROR) {
+        goto out;
+    }
+
+    res = gcry_cipher_encrypt(hd, ciphertext, *ciphertext_len, plaintext, plaintext_len);
+    if (res != GPG_ERR_NO_ERROR) {
+        goto out;
+    }
+
+    res = gcry_cipher_gettag(hd, ciphertext + plaintext_len, AES128_GCM_TAG_LENGTH);
+    if (res != GPG_ERR_NO_ERROR) {
+        goto out;
+    }
+
+out:
+    gcry_cipher_close(hd);
+    return res;
+}
+
+int
+aes128gcm_decrypt(unsigned char *plaintext, size_t *plaintext_len, const unsigned char *const ciphertext, size_t ciphertext_len, const unsigned char *const iv, const unsigned char *const key)
+{
+    gcry_error_t res;
+    gcry_cipher_hd_t hd;
+
+    res = gcry_cipher_open(&hd, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_GCM, GCRY_CIPHER_SECURE);
+    if (res != GPG_ERR_NO_ERROR) {
+        goto out;
+    }
+
+    res = gcry_cipher_setkey(hd, key, AES128_GCM_KEY_LENGTH);
+    if (res != GPG_ERR_NO_ERROR) {
+        goto out;
+    }
+
+    res = gcry_cipher_setiv(hd, iv, AES128_GCM_IV_LENGTH);
+    if (res != GPG_ERR_NO_ERROR) {
+        goto out;
+    }
+
+    res = gcry_cipher_decrypt(hd, plaintext, *plaintext_len, ciphertext, ciphertext_len);
+    if (res != GPG_ERR_NO_ERROR) {
+        goto out;
+    }
+    //res = gcry_cipher_checktag(hd, ciphertext + ciphertext_len - AES128_GCM_TAG_LENGTH, AES128_GCM_TAG_LENGTH);
+    //if (res != GPG_ERR_NO_ERROR) {
+    //    goto out;
+    //}
+
+out:
+    gcry_cipher_close(hd);
+    return res;
 }
diff --git a/src/omemo/crypto.h b/src/omemo/crypto.h
index 759cef69..35c5d72a 100644
--- a/src/omemo/crypto.h
+++ b/src/omemo/crypto.h
@@ -1,6 +1,8 @@
 #include <signal/signal_protocol_types.h>
 
-#define SG_CIPHER_AES_GCM_NOPADDING 1000
+#define AES128_GCM_KEY_LENGTH 16
+#define AES128_GCM_IV_LENGTH 16
+#define AES128_GCM_TAG_LENGTH 16
 
 int omemo_crypto_init(void);
 /**
@@ -134,3 +136,13 @@ int omemo_decrypt_func(signal_buffer **output,
     const uint8_t *iv, size_t iv_len,
     const uint8_t *ciphertext, size_t ciphertext_len,
     void *user_data);
+
+int aes128gcm_encrypt(unsigned char *ciphertext,
+    size_t *ciphertext_len, const unsigned char *const cleartext,
+    size_t cleatext_len, const unsigned char *const iv,
+    const unsigned char *const key);
+
+int aes128gcm_decrypt(unsigned char *plaintext,
+    size_t *plaintext_len, const unsigned char *const ciphertext,
+    size_t ciphertext_len, const unsigned char *const iv,
+    const unsigned char *const key);
diff --git a/src/omemo/omemo.c b/src/omemo/omemo.c
index 95de1aa2..a9860851 100644
--- a/src/omemo/omemo.c
+++ b/src/omemo/omemo.c
@@ -3,8 +3,10 @@
 #include <glib.h>
 #include <pthread.h>
 #include <signal/key_helper.h>
+#include <signal/protocol.h>
 #include <signal/signal_protocol.h>
 #include <signal/session_builder.h>
+#include <signal/session_cipher.h>
 #include <sodium.h>
 
 #include "config/account.h"
@@ -21,6 +23,7 @@ static gboolean loaded;
 
 static void lock(void *user_data);
 static void unlock(void *user_data);
+static void omemo_log(int level, const char *message, size_t len, void *user_data);
 
 struct omemo_context_t {
     pthread_mutexattr_t attr;
@@ -37,6 +40,7 @@ struct omemo_context_t {
     GHashTable *pre_key_store;
     GHashTable *signed_pre_key_store;
     identity_key_store_t identity_key_store;
+    GHashTable *device_ids;
 };
 
 static omemo_context omemo_ctx;
@@ -73,6 +77,10 @@ omemo_init(void)
         return;
     }
 
+    if (signal_context_set_log_function(omemo_ctx.signal, omemo_log) != 0) {
+        cons_show("Error initializing OMEMO log");
+    }
+
     if (signal_context_set_crypto_provider(omemo_ctx.signal, &crypto_provider) != 0) {
         cons_show("Error initializing OMEMO crypto");
         return;
@@ -123,6 +131,8 @@ omemo_init(void)
         .get_local_registration_id = get_local_registration_id,
         .save_identity = save_identity,
         .is_trusted_identity = is_trusted_identity,
+        .destroy_func = NULL,
+        .user_data = &omemo_ctx.identity_key_store
     };
     signal_protocol_store_context_set_identity_key_store(omemo_ctx.store, &identity_key_store);
 
@@ -148,6 +158,9 @@ omemo_generate_crypto_materials(ProfAccount *account)
     unsigned long long timestamp = (unsigned long long)(tv.tv_sec) * 1000 + (unsigned long long)(tv.tv_usec) / 1000;
     signal_protocol_key_helper_generate_signed_pre_key(&omemo_ctx.signed_pre_key, omemo_ctx.identity_key_pair, 5, timestamp, omemo_ctx.signal);
 
+    ec_public_key_serialize(&omemo_ctx.identity_key_store.public, ratchet_identity_key_pair_get_public(omemo_ctx.identity_key_pair));
+    ec_private_key_serialize(&omemo_ctx.identity_key_store.private, ratchet_identity_key_pair_get_private(omemo_ctx.identity_key_pair));
+
     loaded = TRUE;
 
     /* Ensure we get our current device list, and it gets updated with our
@@ -191,7 +204,7 @@ omemo_identity_key(unsigned char **output, size_t *length)
     ec_public_key_serialize(&buffer, ratchet_identity_key_pair_get_public(omemo_ctx.identity_key_pair));
     *length = signal_buffer_len(buffer);
     *output = malloc(*length);
-    memcpy(*output, signal_buffer_const_data(buffer), *length);
+    memcpy(*output, signal_buffer_data(buffer), *length);
     signal_buffer_free(buffer);
 }
 
@@ -202,7 +215,7 @@ omemo_signed_prekey(unsigned char **output, size_t *length)
     ec_public_key_serialize(&buffer, ec_key_pair_get_public(session_signed_pre_key_get_key_pair(omemo_ctx.signed_pre_key)));
     *length = signal_buffer_len(buffer);
     *output = malloc(*length);
-    memcpy(*output, signal_buffer_const_data(buffer), *length);
+    memcpy(*output, signal_buffer_data(buffer), *length);
     signal_buffer_free(buffer);
 }
 
@@ -224,7 +237,7 @@ omemo_prekeys(GList **prekeys, GList **ids, GList **lengths)
         ec_public_key_serialize(&buffer, ec_key_pair_get_public(session_pre_key_get_key_pair(prekey)));
         size_t length = signal_buffer_len(buffer);
         unsigned char *prekey_value = malloc(length);
-        memcpy(prekey_value, signal_buffer_const_data(buffer), length);
+        memcpy(prekey_value, signal_buffer_data(buffer), length);
         signal_buffer_free(buffer);
         *prekeys = g_list_append(*prekeys, prekey_value);
         *ids = g_list_append(*ids, GINT_TO_POINTER(session_pre_key_get_id(prekey)));
@@ -257,12 +270,15 @@ omemo_start_device_session(const char *const jid, uint32_t device_id,
     size_t identity_key_len)
 {
     session_pre_key_bundle *bundle;
-    signal_protocol_address address = {
-        jid, strlen(jid), device_id
-    };
+    signal_protocol_address *address;
+
+    address = malloc(sizeof(signal_protocol_address));
+    address->name = strdup(jid);
+    address->name_len = strlen(jid);
+    address->device_id = device_id;
 
     session_builder *builder;
-    session_builder_create(&builder, omemo_ctx.store, &address, omemo_ctx.signal);
+    session_builder_create(&builder, omemo_ctx.store, address, omemo_ctx.signal);
 
     ec_public_key *prekey;
     curve_decode_point(&prekey, prekey_raw, prekey_len, omemo_ctx.signal);
@@ -275,6 +291,142 @@ omemo_start_device_session(const char *const jid, uint32_t device_id,
     session_builder_process_pre_key_bundle(builder, bundle);
 }
 
+gboolean
+omemo_on_message_send(ProfChatWin *chatwin, const char *const message, gboolean request_receipt)
+{
+    int res;
+    xmpp_ctx_t * const ctx = connection_get_ctx();
+    char *barejid = xmpp_jid_bare(ctx, session_get_account_name());
+    GList *device_ids = NULL;
+
+    GList *recipient_device_id = g_hash_table_lookup(omemo_ctx.device_list, chatwin->barejid);
+    if (!recipient_device_id) {
+        return FALSE;
+    }
+    device_ids = g_list_copy(recipient_device_id);
+
+    GList *sender_device_id = g_hash_table_lookup(omemo_ctx.device_list, barejid);
+    device_ids = g_list_concat(device_ids, g_list_copy(sender_device_id));
+
+    /* TODO generate fresh AES-GCM materials */
+    /* TODO encrypt message */
+    unsigned char *key;
+    unsigned char *iv;
+    unsigned char *ciphertext;
+    size_t ciphertext_len;
+
+    key = sodium_malloc(AES128_GCM_KEY_LENGTH);
+    iv = sodium_malloc(AES128_GCM_IV_LENGTH);
+    ciphertext_len = strlen(message) + AES128_GCM_TAG_LENGTH;
+    ciphertext = malloc(ciphertext_len);
+
+    randombytes_buf(key, 16);
+    randombytes_buf(iv, 16);
+
+    res = aes128gcm_encrypt(ciphertext, &ciphertext_len, (const unsigned char * const)message, strlen(message), iv, key);
+    if (res != 0) {
+        return FALSE;
+    }
+
+    GList *keys = NULL;
+    GList *device_ids_iter;
+    for (device_ids_iter = device_ids; device_ids_iter != NULL; device_ids_iter = device_ids_iter->next) {
+        int res;
+        ciphertext_message *ciphertext;
+        session_cipher *cipher;
+        signal_protocol_address address = {
+            chatwin->barejid, strlen(chatwin->barejid), GPOINTER_TO_INT(device_ids_iter->data)
+        };
+
+        res = session_cipher_create(&cipher, omemo_ctx.store, &address, omemo_ctx.signal);
+        if (res != 0) {
+            continue;
+        }
+
+        res = session_cipher_encrypt(cipher, key, AES128_GCM_KEY_LENGTH, &ciphertext);
+        if (res != 0) {
+            continue;
+        }
+        signal_buffer *buffer = ciphertext_message_get_serialized(ciphertext);
+        omemo_key_t *key = malloc(sizeof(omemo_key_t));
+        key->data = signal_buffer_data(buffer);
+        key->length = signal_buffer_len(buffer);
+        key->device_id = GPOINTER_TO_INT(device_ids_iter->data);
+        key->prekey = TRUE;
+        keys = g_list_append(keys, key);
+    }
+
+    char *id = message_send_chat_omemo(chatwin->barejid, omemo_ctx.device_id, keys, iv, AES128_GCM_IV_LENGTH, ciphertext, ciphertext_len, request_receipt);
+    chat_log_omemo_msg_out(chatwin->barejid, message);
+    chatwin_outgoing_msg(chatwin, message, id, PROF_MSG_OMEMO, request_receipt);
+
+    free(id);
+    g_list_free_full(keys, free);
+    free(ciphertext);
+    sodium_free(key);
+    sodium_free(iv);
+    g_list_free(device_ids);
+
+    return TRUE;
+}
+
+char *
+omemo_on_message_recv(const char *const from, uint32_t sid,
+    const unsigned char *const iv, size_t iv_len, GList *keys,
+    const unsigned char *const payload, size_t payload_len)
+{
+    int res;
+    GList *key_iter;
+    omemo_key_t *key = NULL;
+    for (key_iter = keys; key_iter != NULL; key_iter = key_iter->next) {
+        if (((omemo_key_t *)key_iter->data)->device_id == omemo_ctx.device_id) {
+            key = key_iter->data;
+            break;
+        }
+    }
+
+    if (!key) {
+        return NULL;
+    }
+
+    session_cipher *cipher;
+    signal_buffer *plaintext_key;
+    signal_protocol_address address = {
+        from, strlen(from), sid
+    };
+
+    res = session_cipher_create(&cipher, omemo_ctx.store, &address, omemo_ctx.signal);
+    if (res != 0) {
+        return NULL;
+    }
+
+    if (key->prekey) {
+        pre_key_signal_message *message;
+        pre_key_signal_message_deserialize(&message, key->data, key->length, omemo_ctx.signal);
+        res = session_cipher_decrypt_pre_key_signal_message(cipher, message, NULL, &plaintext_key);
+    } else {
+        signal_message *message;
+        signal_message_deserialize(&message, key->data, key->length, omemo_ctx.signal);
+        res = session_cipher_decrypt_signal_message(cipher, message, NULL, &plaintext_key);
+    }
+    if (res != 0) {
+        return NULL;
+    }
+
+    size_t plaintext_len = payload_len;
+    unsigned char *plaintext = malloc(plaintext_len + 1);
+    res = aes128gcm_decrypt(plaintext, &plaintext_len, payload, payload_len, iv, signal_buffer_data(plaintext_key));
+    if (res != 0) {
+        free(plaintext);
+        return NULL;
+    }
+
+    plaintext[plaintext_len] = '\0';
+
+    return (char *)plaintext;
+
+}
+
 static void
 lock(void *user_data)
 {
@@ -288,3 +440,9 @@ unlock(void *user_data)
     omemo_context *ctx = (omemo_context *)user_data;
     pthread_mutex_unlock(&ctx->lock);
 }
+
+static void
+omemo_log(int level, const char *message, size_t len, void *user_data)
+{
+        cons_show(message);
+}
diff --git a/src/omemo/omemo.h b/src/omemo/omemo.h
index bf42b3e3..eb9569a3 100644
--- a/src/omemo/omemo.h
+++ b/src/omemo/omemo.h
@@ -1,9 +1,19 @@
 #include <glib.h>
 
+#include "ui/ui.h"
 #include "config/account.h"
 
+#define OMEMO_ERR_UNSUPPORTED_CRYPTO -10000
+
 typedef struct omemo_context_t omemo_context;
 
+typedef struct omemo_key {
+    const unsigned char *data;
+    size_t length;
+    gboolean prekey;
+    uint32_t device_id;
+} omemo_key_t;
+
 void omemo_init(void);
 void omemo_generate_crypto_materials(ProfAccount *account);
 
@@ -18,3 +28,5 @@ void omemo_start_session(const char *const barejid);
 void omemo_start_device_session(const char *const jid, uint32_t device_id, uint32_t prekey_id, const unsigned char *const prekey, size_t prekey_len, uint32_t signed_prekey_id, const unsigned char *const signed_prekey, size_t signed_prekey_len, const unsigned char *const signature, size_t signature_len, const unsigned char *const identity_key, size_t identity_key_len);
 
 gboolean omemo_loaded(void);
+gboolean omemo_on_message_send(ProfChatWin *chatwin, const char *const message, gboolean request_receipt);
+char * omemo_on_message_recv(const char *const from, uint32_t sid, const unsigned char *const iv, size_t iv_len, GList *keys, const unsigned char *const payload, size_t payload_len);
diff --git a/src/omemo/store.c b/src/omemo/store.c
index 384eb9ce..ab8cd81b 100644
--- a/src/omemo/store.c
+++ b/src/omemo/store.c
@@ -39,12 +39,16 @@ load_session(signal_buffer **record, const signal_protocol_address *address,
     device_store = g_hash_table_lookup(session_store, address->name);
     if (!device_store) {
         *record = NULL;
-        return SG_SUCCESS;
+        return 0;
     }
 
     signal_buffer *original = g_hash_table_lookup(device_store, GINT_TO_POINTER(address->device_id));
+    if (!original) {
+        *record = NULL;
+        return 0;
+    }
     *record = signal_buffer_copy(original);
-    return SG_SUCCESS;
+    return 1;
 }
 
 int
@@ -208,8 +212,8 @@ get_identity_key_pair(signal_buffer **public_data, signal_buffer **private_data,
 {
     identity_key_store_t *identity_key_store = (identity_key_store_t *)user_data;
 
-    *public_data = identity_key_store->public;
-    *private_data = identity_key_store->private;
+    *public_data = signal_buffer_copy(identity_key_store->public);
+    *private_data = signal_buffer_copy(identity_key_store->private);
 
     return SG_SUCCESS;
 }
diff --git a/src/ui/chatwin.c b/src/ui/chatwin.c
index 98431a60..c7acce52 100644
--- a/src/ui/chatwin.c
+++ b/src/ui/chatwin.c
@@ -305,6 +305,8 @@ chatwin_outgoing_msg(ProfChatWin *chatwin, const char *const message, char *id,
         enc_char = prefs_get_otr_char();
     } else if (enc_mode == PROF_MSG_PGP) {
         enc_char = prefs_get_pgp_char();
+    } else if (enc_mode == PROF_MSG_OMEMO) {
+        enc_char = prefs_get_omemo_char();
     }
 
     if (request_receipt && id) {
diff --git a/src/ui/ui.h b/src/ui/ui.h
index ad5a1216..95d291b4 100644
--- a/src/ui/ui.h
+++ b/src/ui/ui.h
@@ -56,7 +56,8 @@
 typedef enum {
     PROF_MSG_PLAIN,
     PROF_MSG_OTR,
-    PROF_MSG_PGP
+    PROF_MSG_PGP,
+    PROF_MSG_OMEMO
 } prof_enc_t;
 
 // core UI
diff --git a/src/ui/window.c b/src/ui/window.c
index 5693e35f..ef0f93d2 100644
--- a/src/ui/window.c
+++ b/src/ui/window.c
@@ -1058,6 +1058,8 @@ win_print_incoming(ProfWin *window, GDateTime *timestamp,
                 enc_char = prefs_get_otr_char();
             } else if (enc_mode == PROF_MSG_PGP) {
                 enc_char = prefs_get_pgp_char();
+            } else if (enc_mode == PROF_MSG_OMEMO) {
+                enc_char = prefs_get_omemo_char();
             }
             _win_printf(window, enc_char, 0, timestamp, NO_ME, THEME_TEXT_THEM, from, "%s", message);
             break;
diff --git a/src/xmpp/message.c b/src/xmpp/message.c
index fba62bc8..bf4e6a2f 100644
--- a/src/xmpp/message.c
+++ b/src/xmpp/message.c
@@ -52,6 +52,7 @@
 #include "pgp/gpg.h"
 #include "plugins/plugins.h"
 #include "ui/ui.h"
+#include "ui/window_list.h"
 #include "xmpp/chat_session.h"
 #include "xmpp/muc.h"
 #include "xmpp/session.h"
@@ -62,6 +63,10 @@
 #include "xmpp/connection.h"
 #include "xmpp/xmpp.h"
 
+#ifdef HAVE_OMEMO
+#include "omemo/omemo.h"
+#endif
+
 typedef struct p_message_handle_t {
     ProfMessageCallback func;
     ProfMessageFreeCallback free_func;
@@ -77,6 +82,7 @@ static void _handle_conference(xmpp_stanza_t *const stanza);
 static void _handle_captcha(xmpp_stanza_t *const stanza);
 static void _handle_receipt_received(xmpp_stanza_t *const stanza);
 static void _handle_chat(xmpp_stanza_t *const stanza);
+static void _handle_omemo(xmpp_stanza_t *const stanza);
 
 static void _send_message_stanza(xmpp_stanza_t *const stanza);
 
@@ -144,6 +150,13 @@ _message_handler(xmpp_conn_t *const conn, xmpp_stanza_t *const stanza, void *con
         }
     }
 
+#ifdef HAVE_OMEMO
+    xmpp_stanza_t *omemo = xmpp_stanza_get_child_by_ns(stanza, STANZA_NS_OMEMO);
+    if (omemo) {
+        _handle_omemo(stanza);
+    }
+#endif
+
     _handle_chat(stanza);
 
     return 1;
@@ -307,6 +320,99 @@ message_send_chat_otr(const char *const barejid, const char *const msg, gboolean
     return id;
 }
 
+#ifdef HAVE_OMEMO
+char*
+message_send_chat_omemo(const char *const jid, uint32_t sid, GList *keys,
+    const unsigned char *const iv, size_t iv_len,
+    const unsigned char *const ciphertext, size_t ciphertext_len,
+    gboolean request_receipt)
+{
+    xmpp_ctx_t * const ctx = connection_get_ctx();
+    char *id = connection_create_stanza_id("msg");
+
+    xmpp_stanza_t *message = xmpp_message_new(ctx, STANZA_TYPE_CHAT, jid, id);
+
+    xmpp_stanza_t *encrypted = xmpp_stanza_new(ctx);
+    xmpp_stanza_set_name(encrypted, "encrypted");
+    xmpp_stanza_set_ns(encrypted, STANZA_NS_OMEMO);
+
+    xmpp_stanza_t *header = xmpp_stanza_new(ctx);
+    xmpp_stanza_set_name(header, "header");
+    char *sid_text = g_strdup_printf("%d", sid);
+    xmpp_stanza_set_attribute(header, "sid", sid_text);
+    g_free(sid_text);
+
+    GList *key_iter;
+    for (key_iter = keys; key_iter != NULL; key_iter = key_iter->next) {
+        omemo_key_t *key = (omemo_key_t *)key_iter->data;
+
+        xmpp_stanza_t *key_stanza = xmpp_stanza_new(ctx);
+        xmpp_stanza_set_name(key_stanza, "key");
+        char *rid = g_strdup_printf("%d", key->device_id);
+        xmpp_stanza_set_attribute(key_stanza, "rid", rid);
+        g_free(rid);
+        if (key->prekey) {
+            xmpp_stanza_set_attribute(key_stanza, "prekey", "true");
+        }
+
+        gchar *key_raw = g_base64_encode(key->data, key->length);
+        xmpp_stanza_t *key_text = xmpp_stanza_new(ctx);
+        xmpp_stanza_set_text(key_text, key_raw);
+        g_free(key_raw);
+
+        xmpp_stanza_add_child(key_stanza, key_text);
+        xmpp_stanza_add_child(header, key_stanza);
+        xmpp_stanza_release(key_text);
+        xmpp_stanza_release(key_stanza);
+    }
+
+    xmpp_stanza_t *iv_stanza = xmpp_stanza_new(ctx);
+    xmpp_stanza_set_name(iv_stanza, "iv");
+
+    gchar *iv_raw = g_base64_encode(iv, iv_len);
+    xmpp_stanza_t *iv_text = xmpp_stanza_new(ctx);
+    xmpp_stanza_set_text(iv_text, iv_raw);
+    g_free(iv_raw);
+
+    xmpp_stanza_add_child(iv_stanza, iv_text);
+    xmpp_stanza_add_child(header, iv_stanza);
+    xmpp_stanza_release(iv_text);
+    xmpp_stanza_release(iv_stanza);
+
+    xmpp_stanza_add_child(encrypted, header);
+    xmpp_stanza_release(header);
+
+    xmpp_stanza_t *payload = xmpp_stanza_new(ctx);
+    xmpp_stanza_set_name(payload, "payload");
+
+    gchar *ciphertext_raw = g_base64_encode(ciphertext, ciphertext_len);
+    xmpp_stanza_t *payload_text = xmpp_stanza_new(ctx);
+    xmpp_stanza_set_text(payload_text, ciphertext_raw);
+    g_free(ciphertext_raw);
+
+    xmpp_stanza_add_child(payload, payload_text);
+    xmpp_stanza_add_child(encrypted, payload);
+    xmpp_stanza_release(payload_text);
+    xmpp_stanza_release(payload);
+
+    xmpp_stanza_add_child(message, encrypted);
+    xmpp_stanza_release(encrypted);
+
+    stanza_attach_carbons_private(ctx, message);
+    stanza_attach_hints_no_copy(ctx, message);
+    stanza_attach_hints_no_store(ctx, message);
+
+    if (request_receipt) {
+        stanza_attach_receipt_request(ctx, message);
+    }
+
+    _send_message_stanza(message);
+    xmpp_stanza_release(message);
+
+    return id;
+}
+#endif
+
 void
 message_send_private(const char *const fulljid, const char *const msg, const char *const oob_url)
 {
@@ -828,7 +934,8 @@ _handle_chat(xmpp_stanza_t *const stanza)
     // ignore handled namespaces
     xmpp_stanza_t *conf = xmpp_stanza_get_child_by_ns(stanza, STANZA_NS_CONFERENCE);
     xmpp_stanza_t *captcha = xmpp_stanza_get_child_by_ns(stanza, STANZA_NS_CAPTCHA);
-    if (conf || captcha) {
+    xmpp_stanza_t *omemo = xmpp_stanza_get_child_by_ns(stanza, STANZA_NS_OMEMO);
+    if (conf || captcha || omemo) {
         return;
     }
 
@@ -897,6 +1004,100 @@ _handle_chat(xmpp_stanza_t *const stanza)
 }
 
 static void
+_handle_omemo(xmpp_stanza_t *const stanza)
+{
+    xmpp_stanza_t *encrypted = xmpp_stanza_get_child_by_ns(stanza, STANZA_NS_OMEMO);
+    if (!encrypted) {
+        return;
+    }
+
+    xmpp_stanza_t *header = xmpp_stanza_get_child_by_name(encrypted, "header");
+    if (!header) {
+        return;
+    }
+
+    const char *sid_text = xmpp_stanza_get_attribute(header, "sid");
+    if (!sid_text) {
+        return;
+    }
+    uint32_t sid = strtoul(sid_text, NULL, 10);
+
+    xmpp_stanza_t *iv = xmpp_stanza_get_child_by_name(header, "iv");
+    if (!iv) {
+        return;
+    }
+    const char *iv_text = xmpp_stanza_get_text(iv);
+    if (!iv_text) {
+        return;
+    }
+    size_t iv_len;
+    const unsigned char *iv_raw = g_base64_decode(iv_text, &iv_len);
+
+    xmpp_stanza_t *payload = xmpp_stanza_get_child_by_name(encrypted, "payload");
+    if (!payload) {
+        return;
+    }
+    const char *payload_text = xmpp_stanza_get_text(payload);
+    if (!payload_text) {
+        return;
+    }
+    size_t payload_len;
+    const unsigned char *payload_raw = g_base64_decode(payload_text, &payload_len);
+
+    GList *keys = NULL;
+    xmpp_stanza_t *key_stanza;
+    for (key_stanza = xmpp_stanza_get_children(header); key_stanza != NULL; key_stanza = xmpp_stanza_get_next(key_stanza)) {
+        if (g_strcmp0(xmpp_stanza_get_name(key_stanza), "key") != 0) {
+            continue;
+        }
+
+        omemo_key_t *key = malloc(sizeof(omemo_key_t));
+        const char *key_text = xmpp_stanza_get_text(key_stanza);
+        if (!key_text) {
+            goto skip;
+        }
+
+
+        const char *rid_text = xmpp_stanza_get_attribute(key_stanza, "rid");
+        key->device_id = strtoul(rid_text, NULL, 10);
+        if (!key->device_id) {
+            goto skip;
+        }
+        key->data = g_base64_decode(key_text, &key->length);
+        key->prekey = g_strcmp0(xmpp_stanza_get_attribute(key_stanza, "prekey"), "true") == 0;
+        keys = g_list_append(keys, key);
+        continue;
+
+skip:
+        free(key);
+    }
+
+    const char *from = xmpp_stanza_get_from(stanza);
+    Jid *jid = jid_create(from);
+    GDateTime *timestamp = stanza_get_delay(stanza);
+
+    char *plaintext = omemo_on_message_recv(jid->barejid, sid, iv_raw, iv_len, keys, payload_raw, payload_len);
+    if (!plaintext) {
+        goto out;
+    }
+
+    gboolean new_win = FALSE;
+    ProfChatWin *chatwin = wins_get_chat(jid->barejid);
+    if (!chatwin) {
+        ProfWin *window = wins_new_chat(jid->barejid);
+        chatwin = (ProfChatWin*)window;
+        new_win = TRUE;
+    }
+
+    chat_log_omemo_msg_in(jid->barejid, plaintext, timestamp);
+    chatwin_incoming_msg(chatwin, jid->resourcepart, plaintext, timestamp, new_win, PROF_MSG_OMEMO);
+
+out:
+    jid_destroy(jid);
+    if (timestamp) g_date_time_unref(timestamp);
+}
+
+static void
 _send_message_stanza(xmpp_stanza_t *const stanza)
 {
     char *text;
diff --git a/src/xmpp/omemo.c b/src/xmpp/omemo.c
index 709b6ad8..048126fa 100644
--- a/src/xmpp/omemo.c
+++ b/src/xmpp/omemo.c
@@ -93,7 +93,7 @@ omemo_start_device_session_handle_bundle(xmpp_stanza_t *const stanza, void *cons
         return 1;
     }
 
-    if (!g_strcmp0(from, userdata)) {
+    if (g_strcmp0(from, userdata) != 0) {
         return 1;
     }
 
@@ -112,7 +112,7 @@ omemo_start_device_session_handle_bundle(xmpp_stanza_t *const stanza, void *cons
         return 1;
     }
 
-    uint32_t device_id = strtoul(device_id_str, NULL, 10);
+    uint32_t device_id = strtoul(++device_id_str, NULL, 10);
 
     xmpp_stanza_t *item = xmpp_stanza_get_child_by_name(items, "item");
     if (!item) {
diff --git a/src/xmpp/xmpp.h b/src/xmpp/xmpp.h
index 5c0dae76..f2eec6c7 100644
--- a/src/xmpp/xmpp.h
+++ b/src/xmpp/xmpp.h
@@ -140,6 +140,7 @@ char* message_send_chat(const char *const barejid, const char *const msg, const
     gboolean request_receipt);
 char* message_send_chat_otr(const char *const barejid, const char *const msg, gboolean request_receipt);
 char* message_send_chat_pgp(const char *const barejid, const char *const msg, gboolean request_receipt);
+char* message_send_chat_omemo(const char *const jid, uint32_t sid, GList *keys, const unsigned char *const iv, size_t iv_len, const unsigned char *const ciphertext, size_t ciphertext_len, gboolean request_receipt);
 void message_send_private(const char *const fulljid, const char *const msg, const char *const oob_url);
 void message_send_groupchat(const char *const roomjid, const char *const msg, const char *const oob_url);
 void message_send_groupchat_subject(const char *const roomjid, const char *const subject);