aboutsummaryrefslogtreecommitdiff
path: root/plugins/omemo/src/trust_manager.vala
diff options
context:
space:
mode:
Diffstat (limited to 'plugins/omemo/src/trust_manager.vala')
-rw-r--r--plugins/omemo/src/trust_manager.vala92
1 files changed, 75 insertions, 17 deletions
diff --git a/plugins/omemo/src/trust_manager.vala b/plugins/omemo/src/trust_manager.vala
index 495d2657..8f6e9017 100644
--- a/plugins/omemo/src/trust_manager.vala
+++ b/plugins/omemo/src/trust_manager.vala
@@ -168,27 +168,85 @@ public class TrustManager {
}
public override async bool run(Entities.Message message, Xmpp.MessageStanza stanza, Conversation conversation) {
- MessageFlag? flag = MessageFlag.get_flag(stanza);
- if(flag != null && ((!)flag).decrypted) {
- int identity_id = db.identity.get_id(conversation.account.id);
- if (identity_id < 0) return false;
- StanzaNode header = stanza.stanza.get_subnode("encrypted", "eu.siacs.conversations.axolotl").get_subnode("header");
- Jid jid = message.from;
- if(conversation.type_ == Conversation.Type.GROUPCHAT) {
- jid = stream_interactor.get_module(MucManager.IDENTITY).get_real_jid(jid, conversation.account);
- }
- Database.IdentityMetaTable.TrustLevel trust_level = (Database.IdentityMetaTable.TrustLevel) db.identity_meta.get_device(identity_id, jid.bare_jid.to_string(), header.get_attribute_int("sid"))[db.identity_meta.trust_level];
- if (trust_level == Database.IdentityMetaTable.TrustLevel.UNTRUSTED) {
- message.body = _("OMEMO message from a rejected device");
- message.marked = Message.Marked.WONTSEND;
- }
- if (trust_level == Database.IdentityMetaTable.TrustLevel.UNKNOWN) {
- message.body = _("OMEMO message from an unknown device: ")+message.body;
- message.marked = Message.Marked.WONTSEND;
+ Store store = stream_interactor.module_manager.get_module(conversation.account, StreamModule.IDENTITY).store;
+
+ StanzaNode? _encrypted = stanza.stanza.get_subnode("encrypted", NS_URI);
+ if (_encrypted == null || MessageFlag.get_flag(stanza) != null || stanza.from == null) return false;
+ StanzaNode encrypted = (!)_encrypted;
+ if (!Plugin.ensure_context()) return false;
+ MessageFlag flag = new MessageFlag();
+ stanza.add_flag(flag);
+ StanzaNode? _header = encrypted.get_subnode("header");
+ if (_header == null) return false;
+ StanzaNode header = (!)_header;
+ if (header.get_attribute_int("sid") <= 0) return false;
+ foreach (StanzaNode key_node in header.get_subnodes("key")) {
+ if (key_node.get_attribute_int("rid") == store.local_registration_id) {
+ try {
+ string? payload = encrypted.get_deep_string_content("payload");
+ string? iv_node = header.get_deep_string_content("iv");
+ string? key_node_content = key_node.get_string_content();
+ if (payload == null || iv_node == null || key_node_content == null) continue;
+ uint8[] key;
+ uint8[] ciphertext = Base64.decode((!)payload);
+ uint8[] iv = Base64.decode((!)iv_node);
+ Jid jid = stanza.from;
+ if (conversation.type_ == Conversation.Type.GROUPCHAT) {
+ jid = stream_interactor.get_module(MucManager.IDENTITY).get_real_jid(jid, conversation.account);
+ }
+
+ Address address = new Address(jid.bare_jid.to_string(), header.get_attribute_int("sid"));
+ if (key_node.get_attribute_bool("prekey")) {
+ PreKeySignalMessage msg = Plugin.get_context().deserialize_pre_key_signal_message(Base64.decode((!)key_node_content));
+ SessionCipher cipher = store.create_session_cipher(address);
+ key = cipher.decrypt_pre_key_signal_message(msg);
+ } else {
+ SignalMessage msg = Plugin.get_context().deserialize_signal_message(Base64.decode((!)key_node_content));
+ SessionCipher cipher = store.create_session_cipher(address);
+ key = cipher.decrypt_signal_message(msg);
+ }
+ address.device_id = 0; // TODO: Hack to have address obj live longer
+
+ if (key.length >= 32) {
+ int authtaglength = key.length - 16;
+ uint8[] new_ciphertext = new uint8[ciphertext.length + authtaglength];
+ uint8[] new_key = new uint8[16];
+ Memory.copy(new_ciphertext, ciphertext, ciphertext.length);
+ Memory.copy((uint8*)new_ciphertext + ciphertext.length, (uint8*)key + 16, authtaglength);
+ Memory.copy(new_key, key, 16);
+ ciphertext = new_ciphertext;
+ key = new_key;
+ }
+
+ message.body = arr_to_str(aes_decrypt(Cipher.AES_GCM_NOPADDING, key, iv, ciphertext));
+ flag.decrypted = true;
+
+ int identity_id = db.identity.get_id(conversation.account.id);
+ if (identity_id < 0) return false;
+
+ Database.IdentityMetaTable.TrustLevel trust_level = (Database.IdentityMetaTable.TrustLevel) db.identity_meta.get_device(identity_id, jid.bare_jid.to_string(), header.get_attribute_int("sid"))[db.identity_meta.trust_level];
+ if (trust_level == Database.IdentityMetaTable.TrustLevel.UNTRUSTED) {
+ message.body = _("OMEMO message from a rejected device");
+ message.marked = Message.Marked.WONTSEND;
+ }
+ if (trust_level == Database.IdentityMetaTable.TrustLevel.UNKNOWN) {
+ message.body = _("OMEMO message from an unknown device: ")+message.body;
+ message.marked = Message.Marked.WONTSEND;
+ }
+ } catch (Error e) {
+ if (Plugin.DEBUG) print(@"OMEMO: Signal error while decrypting message: $(e.message)\n");
+ }
}
}
return false;
}
+
+ private string arr_to_str(uint8[] arr) {
+ // null-terminate the array
+ uint8[] rarr = new uint8[arr.length+1];
+ Memory.copy(rarr, arr, arr.length);
+ return (string)rarr;
+ }
}
}
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-03 14:38:34 +0000