Cannot send messages with OMEMO

Question

Cannot send messages with OMEMO

diego-treitos opened this issue 2 years ago · comments

Describe the bug
I've configured an account in the conversejs Desktop application. Then I've configured a contact and trusted the fingerprints in both sides.
ConverseJS is able to receive encrypted messages using OMEMO, however it cannot send them.
After opening the debug window I see several errors:

ERROR: Could not fetch bundle for device <id> from <conversejs_account>
ERROR: <iq xmlns="jabber:client" type="error" id="71746618-292f-416d-89ab-8727d6ee9b20:sendIQ" to="<conversejs_account>/converse.js-101802182"><error type="cancel"><item-not-found xmlns="urn:ietf:params:xml:ns:xmpp-stanzas"/></error></iq>
ERROR: Could not build an OMEMO session for device <id> because we don't have its bundle
ERROR: Error: No record for <conversejs_account>.<id>
    at SessionCipher.<anonymous> (file:///tmp/.mount_converNGKhIe/resources/app.asar/3rdparty/libsignal-protocol.js:36052:21)
libsignal-protocol.js:36052 Uncaught (in promise) Error: No record for <conversejs_account>.<id>    at SessionCipher.<anonymous> (libsignal-protocol.js:36052:21)

To Reproduce
Steps to reproduce the behavior:

Open the ConverseJS desktop app
Try to send a message to a trusted contact

Expected behavior
Being able to send messages

Environment (please complete the following information):

Using ConverseJS desktop AppImage: converse_desktop-10.0.0_x86_64.AppImage

Additional context
Note that if I use a diferent client from converseJS, I am able to talk with the other contact, although this other client does not use BOSH.

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

Licaon_Kter · Answer 1 · Tue Dec 13 2022 20:33:31 GMT+0800 (China Standard Time)

In contact details do you see their keys?

Diego Blanco · Answer 2 · Tue Dec 13 2022 20:37:12 GMT+0800 (China Standard Time)

Hi @licaon-kter thank you for replying. I do see their keys and I have trusted them.

Also I can receive their encrypted messages and decrypt them.

Diego Blanco · Answer 3 · Tue Dec 13 2022 20:46:39 GMT+0800 (China Standard Time)

@licaon-kter I should also mention that I've configured the server and added BOSH support to it. I am not sure if there is any special configuration required to support OMEMO with BOSH. I certainly didn't see any reference to this in the prosody (xmpp server) documentation.

Also the other contact is not using BOSH, just plain XMPP.

Licaon_Kter · Answer 4 · Tue Dec 13 2022 20:50:05 GMT+0800 (China Standard Time)

Well bosh is old better use websockets :)

If you can receive it means they have your keys, at least.

Which server software and version?

Diego Blanco · Answer 5 · Tue Dec 13 2022 20:52:51 GMT+0800 (China Standard Time)

I am using prosody 0.12.1. I didn't try websockets... let me check that up :)

Diego Blanco · Answer 6 · Tue Dec 13 2022 20:58:21 GMT+0800 (China Standard Time)

@licaon-kter Unfortunately via websockets the error is the same :(

Licaon_Kter · Answer 7 · Tue Dec 13 2022 21:14:24 GMT+0800 (China Standard Time)

Can you try with another contact? Eg. Make a random account on conversations.im

Diego Blanco · Answer 8 · Tue Dec 13 2022 22:39:04 GMT+0800 (China Standard Time)

@licaon-kter I've just tested several things:

Created a new contact test3 (same server) and test it with a different client (dino) keeping the other contact test2 in conversejs. Same errors.
Switched accounts: test3 in conversejs and test2 in dino. Same errors
Created accounts in conversations.im. I think the free tier might not support OMEMO? Dino reported that the contact in conversejs did not have OMEMO support... Maybe the free tier does not have PEP enabled? (no fingerprint was shown in any client for any contact)

Do you think there could be anything wrong in my server regarding websockets+OMEMO or bosh+OMEMO?

Licaon_Kter · Answer 9 · Tue Dec 13 2022 23:43:19 GMT+0800 (China Standard Time)

conversations.im is free for a long time, there's no "tier"

Can you login with separate instances of Converse Desktop, into those 2 conversations.im accounts?

If the conversations.im accounts with Converse desktop behave the same maybe this is a Desktop issue and you need to move it there.

Licaon_Kter · Answer 10 · Tue Dec 13 2022 23:45:14 GMT+0800 (China Standard Time)

Did you test with https://github.com/conversejs/converse-tauri too?

Diego Blanco · Answer 11 · Wed Dec 14 2022 00:04:46 GMT+0800 (China Standard Time)

I am afraid I didn't but I actually needed the Converse-desktop client to work so it can be used by other people. I was actually testing it but so far I had no luck when using OMEMO (unencrypted chat works).

Also other clients work with OMEMO. I've just tested with Movim (via web interface) which I guess uses either BOSH or websockets and it worked fine too with OMEMO...

Licaon_Kter · Answer 12 · Wed Dec 14 2022 00:20:58 GMT+0800 (China Standard Time)

The Tauri client is like Desktop, do try it.

To eliminate any (of your own) server issue, try between Desktop and Tauri with the conversations.im accounts first.

Diego Blanco · Answer 13 · Wed Dec 14 2022 02:12:00 GMT+0800 (China Standard Time)

@licaon-kter THank you for the follow up.

I've tested with tauri. However when using the conversations.im accounts I get that OMEMO is not supported by the other client in both ends. I think this probably has to do with conversations.im.

Then I used my server and again I have the very same problem in both ends.

Also, if there was a problem in my server, why do other clients work? Even the movim client, via web (BOSH or websockets) worked just fine with OMEMO.

Licaon_Kter · Answer 14 · Wed Dec 14 2022 02:41:12 GMT+0800 (China Standard Time)

I think this probably has to do with conversations.im.

You keep saying that, but it's not true.

For now I can conclude it's a Desktop app issue.

Now, can you try (with both accounts on your server using the web version in a browser: (normal session NOT private)
https://conversejs.org/fullscreen.html

(Don't forget to have "This is a trusted device" checkbox checked!)

Diego Blanco · Answer 15 · Wed Dec 14 2022 18:42:52 GMT+0800 (China Standard Time)

I am afraid I am having the exact same error.

Using firefox, 2 different tabs with 2 different accounts in my server. The moment that I click in the lock icon to encrypt the chat, it stops sending the messages. Each time I click send, I see this on the debug console:

ERROR: Could not fetch bundle for device <device_id> from <account_id> log.js:64:19
 ERROR: <iq xmlns="jabber:client" type="error" from="<account_id>" id="910eee71-c62f-4085-b33d-37634b760b3b:sendIQ" to="<remote_account_id>/converse.js-31041250"><error type="cancel"><item-not-found xmlns="urn:ietf:params:xml:ns:xmpp-stanzas"/></error></iq> log.js:64:19
 ERROR: Could not build an OMEMO session for device <device_id> because we don't have its bundle log.js:64:19
 ERROR: encrypt/</<@https://cdn.conversejs.org/3rdparty/libsignal-protocol.min.js:1:881814
log.js:64:19
Uncaught (in promise) Error: No record for <account_id>.<device_id>
    encrypt https://cdn.conversejs.org/3rdparty/libsignal-protocol.min.js:1
libsignal-protocol.min.js:1:881814

This happens in both ends, the very same error.

Diego Blanco · Answer 16 · Fri Dec 16 2022 02:53:18 GMT+0800 (China Standard Time)

@licaon-kter Do you need me to share with you the server configuration for prosody? I really doubt it is a problem on the server side as every other client works, but just in case. Also if you can provide me with a known working configuration for prosody that would be awesome too.

Licaon_Kter · Answer 17 · Fri Dec 16 2022 05:23:34 GMT+0800 (China Standard Time)

Not really a Prosody person, but do attach a link with the gist of the config (cleaned).

Diego Blanco · Answer 18 · Fri Dec 16 2022 19:14:03 GMT+0800 (China Standard Time)

Here is the gist for the prosody.cfg.lua file: https://gist.github.com/diego-treitos/bb36611891b60de80c3e16fb613955e8