aboutsummaryrefslogtreecommitdiff
path: root/plugins/omemo/src/logic/trust_manager.vala
diff options
context:
space:
mode:
Diffstat (limited to 'plugins/omemo/src/logic/trust_manager.vala')
-rw-r--r--plugins/omemo/src/logic/trust_manager.vala302
1 files changed, 1 insertions, 301 deletions
diff --git a/plugins/omemo/src/logic/trust_manager.vala b/plugins/omemo/src/logic/trust_manager.vala
index 1e61b201..20076a43 100644
--- a/plugins/omemo/src/logic/trust_manager.vala
+++ b/plugins/omemo/src/logic/trust_manager.vala
@@ -12,18 +12,15 @@ public class TrustManager {
private StreamInteractor stream_interactor;
private Database db;
- private DecryptMessageListener decrypt_message_listener;
private TagMessageListener tag_message_listener;
- private HashMap<Message, int> message_device_id_map = new HashMap<Message, int>(Message.hash_func, Message.equals_func);
+ public HashMap<Message, int> message_device_id_map = new HashMap<Message, int>(Message.hash_func, Message.equals_func);
public TrustManager(StreamInteractor stream_interactor, Database db) {
this.stream_interactor = stream_interactor;
this.db = db;
- decrypt_message_listener = new DecryptMessageListener(stream_interactor, this, db, message_device_id_map);
tag_message_listener = new TagMessageListener(stream_interactor, this, db, message_device_id_map);
- stream_interactor.get_module(MessageProcessor.IDENTITY).received_pipeline.connect(decrypt_message_listener);
stream_interactor.get_module(MessageProcessor.IDENTITY).received_pipeline.connect(tag_message_listener);
}
@@ -69,127 +66,6 @@ public class TrustManager {
}
}
- private StanzaNode create_encrypted_key_node(uint8[] key, Address address, Store store) throws GLib.Error {
- SessionCipher cipher = store.create_session_cipher(address);
- CiphertextMessage device_key = cipher.encrypt(key);
- debug("Created encrypted key for %s/%d", address.name, address.device_id);
- StanzaNode key_node = new StanzaNode.build("key", NS_URI)
- .put_attribute("rid", address.device_id.to_string())
- .put_node(new StanzaNode.text(Base64.encode(device_key.serialized)));
- if (device_key.type == CiphertextType.PREKEY) key_node.put_attribute("prekey", "true");
- return key_node;
- }
-
- internal EncryptState encrypt_key(StanzaNode header_node, uint8[] keytag, Jid self_jid, Gee.List<Jid> recipients, XmppStream stream, Account account) throws Error {
- EncryptState status = new EncryptState();
- StreamModule module = stream.get_module(StreamModule.IDENTITY);
-
- //Check we have the bundles and device lists needed to send the message
- if (!is_known_address(account, self_jid)) return status;
- status.own_list = true;
- status.own_devices = get_trusted_devices(account, self_jid).size;
- status.other_waiting_lists = 0;
- status.other_devices = 0;
- foreach (Jid recipient in recipients) {
- if (!is_known_address(account, recipient)) {
- status.other_waiting_lists++;
- }
- if (status.other_waiting_lists > 0) return status;
- status.other_devices += get_trusted_devices(account, recipient).size;
- }
- if (status.own_devices == 0 || status.other_devices == 0) return status;
-
-
- //Encrypt the key for each recipient's device individually
- Address address = new Address("", 0);
- foreach (Jid recipient in recipients) {
- foreach(int32 device_id in get_trusted_devices(account, recipient)) {
- if (module.is_ignored_device(recipient, device_id)) {
- status.other_lost++;
- continue;
- }
- try {
- address.name = recipient.bare_jid.to_string();
- address.device_id = (int) device_id;
- StanzaNode key_node = create_encrypted_key_node(keytag, address, module.store);
- header_node.put_node(key_node);
- status.other_success++;
- } catch (Error e) {
- if (e.code == ErrorCode.UNKNOWN) status.other_unknown++;
- else status.other_failure++;
- }
- }
- }
-
- // Encrypt the key for each own device
- address.name = self_jid.bare_jid.to_string();
- foreach(int32 device_id in get_trusted_devices(account, self_jid)) {
- if (module.is_ignored_device(self_jid, device_id)) {
- status.own_lost++;
- continue;
- }
- if (device_id != module.store.local_registration_id) {
- address.device_id = (int) device_id;
- try {
- StanzaNode key_node = create_encrypted_key_node(keytag, address, module.store);
- header_node.put_node(key_node);
- status.own_success++;
- } catch (Error e) {
- if (e.code == ErrorCode.UNKNOWN) status.own_unknown++;
- else status.own_failure++;
- }
- }
- }
-
- return status;
- }
-
- public EncryptState encrypt(MessageStanza message, Jid self_jid, Gee.List<Jid> recipients, XmppStream stream, Account account) {
- const uint KEY_SIZE = 16;
- const uint IV_SIZE = 12;
- EncryptState status = new EncryptState();
- if (!Plugin.ensure_context()) return status;
- if (message.to == null) return status;
-
- StreamModule module = stream.get_module(StreamModule.IDENTITY);
-
- try {
- //Create a key and use it to encrypt the message
- uint8[] key = new uint8[KEY_SIZE];
- Plugin.get_context().randomize(key);
- uint8[] iv = new uint8[IV_SIZE];
- Plugin.get_context().randomize(iv);
-
- uint8[] aes_encrypt_result = aes_encrypt(Cipher.AES_GCM_NOPADDING, key, iv, message.body.data);
- uint8[] ciphertext = aes_encrypt_result[0:aes_encrypt_result.length-16];
- uint8[] tag = aes_encrypt_result[aes_encrypt_result.length-16:aes_encrypt_result.length];
- uint8[] keytag = new uint8[key.length + tag.length];
- Memory.copy(keytag, key, key.length);
- Memory.copy((uint8*)keytag + key.length, tag, tag.length);
-
- StanzaNode header_node;
- StanzaNode encrypted_node = new StanzaNode.build("encrypted", NS_URI).add_self_xmlns()
- .put_node(header_node = new StanzaNode.build("header", NS_URI)
- .put_attribute("sid", module.store.local_registration_id.to_string())
- .put_node(new StanzaNode.build("iv", NS_URI)
- .put_node(new StanzaNode.text(Base64.encode(iv)))))
- .put_node(new StanzaNode.build("payload", NS_URI)
- .put_node(new StanzaNode.text(Base64.encode(ciphertext))));
-
- status = encrypt_key(header_node, keytag, self_jid, recipients, stream, account);
-
- message.stanza.put_node(encrypted_node);
- Xep.ExplicitEncryption.add_encryption_tag_to_message(message, NS_URI, "OMEMO");
- message.body = "[This message is OMEMO encrypted]";
- status.encrypted = true;
- } catch (Error e) {
- warning(@"Signal error while encrypting message: $(e.message)\n");
- message.body = "[OMEMO encryption failed]";
- status.encrypted = false;
- }
- return status;
- }
-
public bool is_known_address(Account account, Jid jid) {
int identity_id = db.identity.get_id(account.id);
if (identity_id < 0) return false;
@@ -260,182 +136,6 @@ public class TrustManager {
return false;
}
}
-
- private class DecryptMessageListener : MessageListener {
- public string[] after_actions_const = new string[]{ };
- public override string action_group { get { return "DECRYPT"; } }
- public override string[] after_actions { get { return after_actions_const; } }
-
- private StreamInteractor stream_interactor;
- private TrustManager trust_manager;
- private Database db;
- private HashMap<Message, int> message_device_id_map;
-
- public DecryptMessageListener(StreamInteractor stream_interactor, TrustManager trust_manager, Database db, HashMap<Message, int> message_device_id_map) {
- this.stream_interactor = stream_interactor;
- this.trust_manager = trust_manager;
- this.db = db;
- this.message_device_id_map = message_device_id_map;
- }
-
- public override async bool run(Entities.Message message, Xmpp.MessageStanza stanza, Conversation conversation) {
- StreamModule module = stream_interactor.module_manager.get_module(conversation.account, StreamModule.IDENTITY);
- Store store = module.store;
-
- StanzaNode? _encrypted = stanza.stanza.get_subnode("encrypted", NS_URI);
- if (_encrypted == null || MessageFlag.get_flag(stanza) != null || stanza.from == null) return false;
- StanzaNode encrypted = (!)_encrypted;
- if (message.body == null && Xep.ExplicitEncryption.get_encryption_tag(stanza) == NS_URI) {
- message.body = "[This message is OMEMO encrypted]"; // TODO temporary
- };
- if (!Plugin.ensure_context()) return false;
- int identity_id = db.identity.get_id(conversation.account.id);
- MessageFlag flag = new MessageFlag();
- stanza.add_flag(flag);
- StanzaNode? _header = encrypted.get_subnode("header");
- if (_header == null) return false;
- StanzaNode header = (!)_header;
- int sid = header.get_attribute_int("sid");
- if (sid <= 0) return false;
-
- var our_nodes = new ArrayList<StanzaNode>();
- foreach (StanzaNode key_node in header.get_subnodes("key")) {
- debug("Is ours? %d =? %u", key_node.get_attribute_int("rid"), store.local_registration_id);
- if (key_node.get_attribute_int("rid") == store.local_registration_id) {
- our_nodes.add(key_node);
- }
- }
-
- string? payload = encrypted.get_deep_string_content("payload");
- string? iv_node = header.get_deep_string_content("iv");
-
- foreach (StanzaNode key_node in our_nodes) {
- string? key_node_content = key_node.get_string_content();
- if (payload == null || iv_node == null || key_node_content == null) continue;
- uint8[] key;
- uint8[] ciphertext = Base64.decode((!)payload);
- uint8[] iv = Base64.decode((!)iv_node);
- Gee.List<Jid> possible_jids = new ArrayList<Jid>();
- if (conversation.type_ == Conversation.Type.CHAT) {
- possible_jids.add(stanza.from.bare_jid);
- } else {
- Jid? real_jid = message.real_jid;
- if (real_jid != null) {
- possible_jids.add(real_jid.bare_jid);
- } else if (key_node.get_attribute_bool("prekey")) {
- // pre key messages do store the identity key, so we can use that to find the real jid
- PreKeySignalMessage msg = Plugin.get_context().deserialize_pre_key_signal_message(Base64.decode((!)key_node_content));
- string identity_key = Base64.encode(msg.identity_key.serialize());
- foreach (Row row in db.identity_meta.get_with_device_id(identity_id, sid).with(db.identity_meta.identity_key_public_base64, "=", identity_key)) {
- try {
- possible_jids.add(new Jid(row[db.identity_meta.address_name]));
- } catch (InvalidJidError e) {
- warning("Ignoring invalid jid from database: %s", e.message);
- }
- }
- if (possible_jids.size != 1) {
- continue;
- }
- } else {
- // If we don't know the device name (MUC history w/o MAM), test decryption with all keys with fitting device id
- foreach (Row row in db.identity_meta.get_with_device_id(identity_id, sid)) {
- try {
- possible_jids.add(new Jid(row[db.identity_meta.address_name]));
- } catch (InvalidJidError e) {
- warning("Ignoring invalid jid from database: %s", e.message);
- }
- }
- }
- }
-
- if (possible_jids.size == 0) {
- debug("Received message from unknown entity with device id %d", sid);
- }
-
- foreach (Jid possible_jid in possible_jids) {
- try {
- Address address = new Address(possible_jid.to_string(), sid);
- if (key_node.get_attribute_bool("prekey")) {
- Row? device = db.identity_meta.get_device(identity_id, possible_jid.to_string(), sid);
- PreKeySignalMessage msg = Plugin.get_context().deserialize_pre_key_signal_message(Base64.decode((!)key_node_content));
- string identity_key = Base64.encode(msg.identity_key.serialize());
- if (device != null && device[db.identity_meta.identity_key_public_base64] != null) {
- if (device[db.identity_meta.identity_key_public_base64] != identity_key) {
- critical("Tried to use a different identity key for a known device id.");
- continue;
- }
- } else {
- debug("Learn new device from incoming message from %s/%d", possible_jid.to_string(), sid);
- bool blind_trust = db.trust.get_blind_trust(identity_id, possible_jid.to_string(), true);
- if (db.identity_meta.insert_device_session(identity_id, possible_jid.to_string(), sid, identity_key, blind_trust ? TrustLevel.TRUSTED : TrustLevel.UNKNOWN) < 0) {
- critical("Failed learning a device.");
- continue;
- }
- XmppStream? stream = stream_interactor.get_stream(conversation.account);
- if (device == null && stream != null) {
- module.request_user_devicelist.begin(stream, possible_jid);
- }
- }
- debug("Starting new session for decryption with device from %s/%d", possible_jid.to_string(), sid);
- SessionCipher cipher = store.create_session_cipher(address);
- key = cipher.decrypt_pre_key_signal_message(msg);
- // TODO: Finish session
- } else {
- debug("Continuing session for decryption with device from %s/%d", possible_jid.to_string(), sid);
- SignalMessage msg = Plugin.get_context().deserialize_signal_message(Base64.decode((!)key_node_content));
- SessionCipher cipher = store.create_session_cipher(address);
- key = cipher.decrypt_signal_message(msg);
- }
- //address.device_id = 0; // TODO: Hack to have address obj live longer
-
- if (key.length >= 32) {
- int authtaglength = key.length - 16;
- uint8[] new_ciphertext = new uint8[ciphertext.length + authtaglength];
- uint8[] new_key = new uint8[16];
- Memory.copy(new_ciphertext, ciphertext, ciphertext.length);
- Memory.copy((uint8*)new_ciphertext + ciphertext.length, (uint8*)key + 16, authtaglength);
- Memory.copy(new_key, key, 16);
- ciphertext = new_ciphertext;
- key = new_key;
- }
-
- message.body = arr_to_str(aes_decrypt(Cipher.AES_GCM_NOPADDING, key, iv, ciphertext));
- message_device_id_map[message] = address.device_id;
- message.encryption = Encryption.OMEMO;
- flag.decrypted = true;
- } catch (Error e) {
- debug("Decrypting message from %s/%d failed: %s", possible_jid.to_string(), sid, e.message);
- continue;
- }
-
- // If we figured out which real jid a message comes from due to decryption working, save it
- if (conversation.type_ == Conversation.Type.GROUPCHAT && message.real_jid == null) {
- message.real_jid = possible_jid;
- }
- return false;
- }
- }
-
- if (
- payload != null && // Ratchet forwarding doesn't contain payload and might not include us, which is ok
- our_nodes.size == 0 && // The message was not encrypted to us
- module.store.local_registration_id != sid // Message from this device. Never encrypted to itself.
- ) {
- db.identity_meta.update_last_message_undecryptable(identity_id, sid, message.time);
- trust_manager.bad_message_state_updated(conversation.account, message.from, sid);
- }
-
- debug("Received OMEMO encryped message that could not be decrypted.");
- return false;
- }
-
- private string arr_to_str(uint8[] arr) {
- // null-terminate the array
- uint8[] rarr = new uint8[arr.length+1];
- Memory.copy(rarr, arr, arr.length);
- return (string)rarr;
- }
- }
}
}