aboutsummaryrefslogtreecommitdiff
path: root/plugins/omemo/src
diff options
context:
space:
mode:
Diffstat (limited to 'plugins/omemo/src')
-rw-r--r--plugins/omemo/src/account_settings_dialog.vala54
-rw-r--r--plugins/omemo/src/account_settings_widget.vala2
-rw-r--r--plugins/omemo/src/contact_details_dialog.vala237
-rw-r--r--plugins/omemo/src/contact_details_provider.vala27
-rw-r--r--plugins/omemo/src/database.vala109
-rw-r--r--plugins/omemo/src/device_notification_populator.vala94
-rw-r--r--plugins/omemo/src/encrypt_state.vala6
-rw-r--r--plugins/omemo/src/manage_key_dialog.vala166
-rw-r--r--plugins/omemo/src/manager.vala235
-rw-r--r--plugins/omemo/src/own_notifications.vala42
-rw-r--r--plugins/omemo/src/plugin.vala21
-rw-r--r--plugins/omemo/src/stream_module.vala274
-rw-r--r--plugins/omemo/src/trust_manager.vala253
13 files changed, 1150 insertions, 370 deletions
diff --git a/plugins/omemo/src/account_settings_dialog.vala b/plugins/omemo/src/account_settings_dialog.vala
deleted file mode 100644
index f0262c31..00000000
--- a/plugins/omemo/src/account_settings_dialog.vala
+++ /dev/null
@@ -1,54 +0,0 @@
-using Gtk;
-using Qlite;
-using Dino.Entities;
-
-namespace Dino.Plugins.Omemo {
-
-[GtkTemplate (ui = "/im/dino/Dino/omemo/account_settings_dialog.ui")]
-public class AccountSettingsDialog : Gtk.Dialog {
-
- private Plugin plugin;
- private Account account;
- private string fingerprint;
-
- [GtkChild] private Label own_fingerprint;
- [GtkChild] private ListBox other_list;
-
- public AccountSettingsDialog(Plugin plugin, Account account) {
- Object(use_header_bar : 1);
- this.plugin = plugin;
- this.account = account;
-
- string own_b64 = plugin.db.identity.row_with(plugin.db.identity.account_id, account.id)[plugin.db.identity.identity_key_public_base64];
- fingerprint = fingerprint_from_base64(own_b64);
- own_fingerprint.set_markup(fingerprint_markup(fingerprint));
-
- int own_id = plugin.db.identity.row_with(plugin.db.identity.account_id, account.id)[plugin.db.identity.device_id];
-
- int i = 0;
- foreach (Row row in plugin.db.identity_meta.with_address(account.bare_jid.to_string())) {
- if (row[plugin.db.identity_meta.device_id] == own_id) continue;
- if (i == 0) {
- other_list.foreach((widget) => { widget.destroy(); });
- }
- string? other_b64 = row[plugin.db.identity_meta.identity_key_public_base64];
- Label lbl = new Label(other_b64 != null ? fingerprint_markup(fingerprint_from_base64(other_b64)) : _("Unknown device (0x%.8x)").printf(row[plugin.db.identity_meta.device_id])) { use_markup = true, visible = true, margin = 8, selectable=true };
- if (row[plugin.db.identity_meta.now_active] && other_b64 != null) {
- other_list.insert(lbl, 0);
- } else {
- lbl.sensitive = false;
- other_list.insert(lbl, i);
- }
- i++;
- }
- }
-
- [GtkCallback]
- public void copy_button_clicked() {
- Clipboard.get_default(get_display()).set_text(fingerprint, fingerprint.length);
- }
-
-
-}
-
-}
diff --git a/plugins/omemo/src/account_settings_widget.vala b/plugins/omemo/src/account_settings_widget.vala
index 6db193fc..6148da56 100644
--- a/plugins/omemo/src/account_settings_widget.vala
+++ b/plugins/omemo/src/account_settings_widget.vala
@@ -27,7 +27,7 @@ public class AccountSettingWidget : Plugins.AccountSettingsWidget, Box {
btn.valign = Align.CENTER;
btn.clicked.connect(() => {
activated();
- AccountSettingsDialog dialog = new AccountSettingsDialog(plugin, account);
+ ContactDetailsDialog dialog = new ContactDetailsDialog(plugin, account, account.bare_jid);
dialog.set_transient_for((Window) get_toplevel());
dialog.present();
});
diff --git a/plugins/omemo/src/contact_details_dialog.vala b/plugins/omemo/src/contact_details_dialog.vala
new file mode 100644
index 00000000..037cd6e9
--- /dev/null
+++ b/plugins/omemo/src/contact_details_dialog.vala
@@ -0,0 +1,237 @@
+using Gtk;
+using Xmpp;
+using Gee;
+using Qlite;
+using Dino.Entities;
+using Qrencode;
+using Gdk;
+
+namespace Dino.Plugins.Omemo {
+
+[GtkTemplate (ui = "/im/dino/Dino/omemo/contact_details_dialog.ui")]
+public class ContactDetailsDialog : Gtk.Dialog {
+
+ private Plugin plugin;
+ private Account account;
+ private Jid jid;
+ private bool own = false;
+ private int own_id = 0;
+
+ [GtkChild] private Box own_fingerprint_container;
+ [GtkChild] private Label own_fingerprint_label;
+ [GtkChild] private Box new_keys_container;
+ [GtkChild] private ListBox new_keys_listbox;
+ [GtkChild] private Box keys_container;
+ [GtkChild] private ListBox keys_listbox;
+ [GtkChild] private Switch auto_accept_switch;
+ [GtkChild] private Button copy_button;
+ [GtkChild] private Button show_qrcode_button;
+ [GtkChild] private Image qrcode_image;
+ [GtkChild] private Popover qrcode_popover;
+
+ public ContactDetailsDialog(Plugin plugin, Account account, Jid jid) {
+ Object(use_header_bar : 1);
+ this.plugin = plugin;
+ this.account = account;
+ this.jid = jid;
+
+ (get_header_bar() as HeaderBar).set_subtitle(jid.bare_jid.to_string());
+
+ int identity_id = plugin.db.identity.get_id(account.id);
+ if (identity_id < 0) return;
+
+ // Dialog opened from the account settings menu
+ // Show the fingerprint for this device separately with buttons for a qrcode and to copy
+ if(jid.equals(account.bare_jid)) {
+ own = true;
+ own_id = plugin.db.identity.row_with(plugin.db.identity.account_id, account.id)[plugin.db.identity.device_id];
+
+ own_fingerprint_container.visible = true;
+
+ string own_b64 = plugin.db.identity.row_with(plugin.db.identity.account_id, account.id)[plugin.db.identity.identity_key_public_base64];
+ string fingerprint = fingerprint_from_base64(own_b64);
+ own_fingerprint_label.set_markup(fingerprint_markup(fingerprint));
+
+ copy_button.clicked.connect(() => {Clipboard.get_default(get_display()).set_text(fingerprint, fingerprint.length);});
+
+ int sid = plugin.db.identity.row_with(plugin.db.identity.account_id, account.id)[plugin.db.identity.device_id];
+ Pixbuf pixbuf = new QRcode(@"xmpp:$(account.bare_jid)?omemo-sid-$(sid)=$(fingerprint)", 2).to_pixbuf();
+ pixbuf = pixbuf.scale_simple(150, 150, InterpType.NEAREST);
+ qrcode_image.set_from_pixbuf(pixbuf);
+ show_qrcode_button.clicked.connect(qrcode_popover.popup);
+ }
+
+ new_keys_listbox.set_header_func(header_function);
+
+ keys_listbox.set_header_func(header_function);
+
+ //Show any new devices for which the user must decide whether to accept or reject
+ foreach (Row device in plugin.db.identity_meta.get_new_devices(identity_id, jid.to_string())) {
+ add_new_fingerprint(device);
+ }
+
+ //Show the normal devicelist
+ foreach (Row device in plugin.db.identity_meta.get_known_devices(identity_id, jid.to_string())) {
+ if(own && device[plugin.db.identity_meta.device_id] == own_id) {
+ continue;
+ }
+ add_fingerprint(device, (Database.IdentityMetaTable.TrustLevel) device[plugin.db.identity_meta.trust_level]);
+ }
+
+ auto_accept_switch.set_active(plugin.db.trust.get_blind_trust(identity_id, jid.bare_jid.to_string()));
+
+ auto_accept_switch.state_set.connect((active) => {
+ plugin.trust_manager.set_blind_trust(account, jid, active);
+
+ if (active) {
+ new_keys_container.visible = false;
+
+ foreach (Row device in plugin.db.identity_meta.get_new_devices(identity_id, jid.to_string())) {
+ plugin.trust_manager.set_device_trust(account, jid, device[plugin.db.identity_meta.device_id], Database.IdentityMetaTable.TrustLevel.TRUSTED);
+ add_fingerprint(device, Database.IdentityMetaTable.TrustLevel.TRUSTED);
+ }
+ }
+
+ return false;
+ });
+
+ }
+
+ private void header_function(ListBoxRow row, ListBoxRow? before) {
+ if (row.get_header() == null && before != null) {
+ row.set_header(new Separator(Orientation.HORIZONTAL));
+ }
+ }
+
+ private void set_row(int trust, bool now_active, Image img, Label status_lbl, Label lbl, ListBoxRow lbr){
+ switch(trust) {
+ case Database.IdentityMetaTable.TrustLevel.TRUSTED:
+ img.icon_name = "emblem-ok-symbolic";
+ status_lbl.set_markup("<span color='#1A63D9'>%s</span>".printf(_("Accepted")));
+ lbl.get_style_context().remove_class("dim-label");
+ break;
+ case Database.IdentityMetaTable.TrustLevel.UNTRUSTED:
+ img.icon_name = "action-unavailable-symbolic";
+ status_lbl.set_markup("<span color='#D91900'>%s</span>".printf(_("Rejected")));
+ lbl.get_style_context().add_class("dim-label");
+ break;
+ case Database.IdentityMetaTable.TrustLevel.VERIFIED:
+ img.icon_name = "security-high-symbolic";
+ status_lbl.set_markup("<span color='#1A63D9'>%s</span>".printf(_("Verified")));
+ lbl.get_style_context().remove_class("dim-label");
+ break;
+ }
+
+ if (!now_active) {
+ img.icon_name= "appointment-missed-symbolic";
+ status_lbl.set_markup("<span color='#8b8e8f'>%s</span>".printf(_("Unused")));
+ lbr.activatable = false;
+ }
+ }
+
+ private void add_fingerprint(Row device, Database.IdentityMetaTable.TrustLevel trust) {
+ keys_container.visible = true;
+
+ ListBoxRow lbr = new ListBoxRow() { visible = true, activatable = true, hexpand = true };
+ Box box = new Box(Gtk.Orientation.HORIZONTAL, 40) { visible = true, margin_start = 20, margin_end = 20, margin_top = 14, margin_bottom = 14, hexpand = true };
+
+ Box status_box = new Box(Gtk.Orientation.HORIZONTAL, 5) { visible = true, hexpand = true };
+ Label status_lbl = new Label(null) { visible = true, hexpand = true, xalign = 0 };
+
+ Image img = new Image() { visible = true, halign = Align.END, icon_size = IconSize.BUTTON };
+
+ string res = fingerprint_markup(fingerprint_from_base64(device[plugin.db.identity_meta.identity_key_public_base64]));
+ Label lbl = new Label(res)
+ { use_markup=true, justify=Justification.RIGHT, visible=true, halign = Align.START, valign = Align.CENTER, hexpand = false };
+
+ set_row(trust, device[plugin.db.identity_meta.now_active], img, status_lbl, lbl, lbr);
+
+ box.add(lbl);
+ box.add(status_box);
+
+ status_box.add(status_lbl);
+ status_box.add(img);
+
+ lbr.add(box);
+ keys_listbox.add(lbr);
+
+ //Row clicked - pull the most up to date device info from the database and show the manage window
+ keys_listbox.row_activated.connect((row) => {
+ if(row == lbr) {
+ Row updated_device = plugin.db.identity_meta.get_device(device[plugin.db.identity_meta.identity_id], device[plugin.db.identity_meta.address_name], device[plugin.db.identity_meta.device_id]);
+ ManageKeyDialog manage_dialog = new ManageKeyDialog(updated_device, plugin.db);
+ manage_dialog.set_transient_for((Gtk.Window) get_toplevel());
+ manage_dialog.present();
+ manage_dialog.response.connect((response) => {
+ set_row(response, device[plugin.db.identity_meta.now_active], img, status_lbl, lbl, lbr);
+ update_device(response, device);
+ });
+ }
+ });
+ }
+
+ private void update_device(int response, Row device){
+ switch (response) {
+ case Database.IdentityMetaTable.TrustLevel.TRUSTED:
+ plugin.trust_manager.set_device_trust(account, jid, device[plugin.db.identity_meta.device_id], Database.IdentityMetaTable.TrustLevel.TRUSTED);
+ break;
+ case Database.IdentityMetaTable.TrustLevel.UNTRUSTED:
+ plugin.trust_manager.set_device_trust(account, jid, device[plugin.db.identity_meta.device_id], Database.IdentityMetaTable.TrustLevel.UNTRUSTED);
+ break;
+ case Database.IdentityMetaTable.TrustLevel.VERIFIED:
+ plugin.trust_manager.set_device_trust(account, jid, device[plugin.db.identity_meta.device_id], Database.IdentityMetaTable.TrustLevel.VERIFIED);
+ plugin.trust_manager.set_blind_trust(account, jid, false);
+ auto_accept_switch.set_active(false);
+ break;
+ }
+ }
+
+ private void add_new_fingerprint(Row device){
+ new_keys_container.visible = true;
+
+ ListBoxRow lbr = new ListBoxRow() { visible = true, activatable = false, hexpand = true };
+ Box box = new Box(Gtk.Orientation.HORIZONTAL, 40) { visible = true, margin_start = 20, margin_end = 20, margin_top = 14, margin_bottom = 14, hexpand = true };
+
+ Box control_box = new Box(Gtk.Orientation.HORIZONTAL, 0) { visible = true, hexpand = true };
+
+ Button yes_button = new Button() { visible = true, valign = Align.CENTER, hexpand = true };
+ yes_button.image = new Image.from_icon_name("emblem-ok-symbolic", IconSize.BUTTON);
+ yes_button.get_style_context().add_class("suggested-action");
+
+ Button no_button = new Button() { visible = true, valign = Align.CENTER, hexpand = true };
+ no_button.image = new Image.from_icon_name("action-unavailable-symbolic", IconSize.BUTTON);
+ no_button.get_style_context().add_class("destructive-action");
+
+ yes_button.clicked.connect(() => {
+ plugin.trust_manager.set_device_trust(account, jid, device[plugin.db.identity_meta.device_id], Database.IdentityMetaTable.TrustLevel.TRUSTED);
+ add_fingerprint(device, Database.IdentityMetaTable.TrustLevel.TRUSTED);
+ new_keys_listbox.remove(lbr);
+ if (new_keys_listbox.get_children().length() < 1) new_keys_container.visible = false;
+ });
+
+ no_button.clicked.connect(() => {
+ plugin.trust_manager.set_device_trust(account, jid, device[plugin.db.identity_meta.device_id], Database.IdentityMetaTable.TrustLevel.UNTRUSTED);
+ add_fingerprint(device, Database.IdentityMetaTable.TrustLevel.UNTRUSTED);
+ new_keys_listbox.remove(lbr);
+ if (new_keys_listbox.get_children().length() < 1) new_keys_container.visible = false;
+ });
+
+ string res = fingerprint_markup(fingerprint_from_base64(device[plugin.db.identity_meta.identity_key_public_base64]));
+ Label lbl = new Label(res)
+ { use_markup=true, justify=Justification.RIGHT, visible=true, halign = Align.START, valign = Align.CENTER, hexpand = false };
+
+
+ box.add(lbl);
+
+ control_box.add(yes_button);
+ control_box.add(no_button);
+ control_box.get_style_context().add_class("linked");
+
+ box.add(control_box);
+
+ lbr.add(box);
+ new_keys_listbox.add(lbr);
+ }
+}
+
+}
diff --git a/plugins/omemo/src/contact_details_provider.vala b/plugins/omemo/src/contact_details_provider.vala
index 05b85d9f..7250d135 100644
--- a/plugins/omemo/src/contact_details_provider.vala
+++ b/plugins/omemo/src/contact_details_provider.vala
@@ -1,4 +1,5 @@
using Gtk;
+using Gee;
using Qlite;
using Dino.Entities;
@@ -15,20 +16,30 @@ public class ContactDetailsProvider : Plugins.ContactDetailsProvider, Object {
public void populate(Conversation conversation, Plugins.ContactDetails contact_details, WidgetType type) {
if (conversation.type_ == Conversation.Type.CHAT && type == WidgetType.GTK) {
- string res = "";
+
+ int identity_id = plugin.db.identity.get_id(conversation.account.id);
+ if (identity_id < 0) return;
+
int i = 0;
- foreach (Row row in plugin.db.identity_meta.with_address(conversation.counterpart.to_string())) {
+ foreach (Row row in plugin.db.identity_meta.with_address(identity_id, conversation.counterpart.to_string())) {
if (row[plugin.db.identity_meta.identity_key_public_base64] != null) {
- if (i != 0) {
- res += "\n\n";
- }
- res += fingerprint_markup(fingerprint_from_base64(row[plugin.db.identity_meta.identity_key_public_base64]));
i++;
}
}
+
if (i > 0) {
- Label label = new Label(res) { use_markup=true, justify=Justification.RIGHT, selectable=true, visible=true };
- contact_details.add(_("Encryption"), "OMEMO", n("%d OMEMO device", "%d OMEMO devices", i).printf(i), label);
+ Button btn = new Button.from_icon_name("view-list-symbolic") { visible = true, valign = Align.CENTER, relief = ReliefStyle.NONE };
+ btn.clicked.connect(() => {
+ btn.activate();
+ ContactDetailsDialog dialog = new ContactDetailsDialog(plugin, conversation.account, conversation.counterpart);
+ dialog.set_transient_for((Window) btn.get_toplevel());
+ dialog.response.connect((response_type) => {
+ plugin.device_notification_populator.should_hide();
+ });
+ dialog.present();
+ });
+
+ contact_details.add(_("Encryption"), "OMEMO", n("%d OMEMO device", "%d OMEMO devices", i).printf(i), btn);
}
}
}
diff --git a/plugins/omemo/src/database.vala b/plugins/omemo/src/database.vala
index 5c7309f3..247c00f6 100644
--- a/plugins/omemo/src/database.vala
+++ b/plugins/omemo/src/database.vala
@@ -6,31 +6,47 @@ using Dino.Entities;
namespace Dino.Plugins.Omemo {
public class Database : Qlite.Database {
- private const int VERSION = 1;
+ private const int VERSION = 2;
public class IdentityMetaTable : Table {
+ public enum TrustLevel {
+ VERIFIED,
+ TRUSTED,
+ UNTRUSTED,
+ UNKNOWN;
+
+ public string to_string() {
+ int val = this;
+ return val.to_string();
+ }
+ }
+
+ //Default to provide backwards compatability
+ public Column<int> identity_id = new Column.Integer("identity_id") { not_null = true, min_version = 2, default = "-1" };
public Column<string> address_name = new Column.Text("address_name") { not_null = true };
public Column<int> device_id = new Column.Integer("device_id") { not_null = true };
public Column<string?> identity_key_public_base64 = new Column.Text("identity_key_public_base64");
- public Column<bool> trusted_identity = new Column.BoolInt("trusted_identity") { default = "0" };
+ public Column<bool> trusted_identity = new Column.BoolInt("trusted_identity") { default = "0", max_version = 1 };
+ public Column<int> trust_level = new Column.Integer("trust_level") { default = TrustLevel.UNKNOWN.to_string(), min_version = 2 };
public Column<bool> now_active = new Column.BoolInt("now_active") { default = "1" };
public Column<long> last_active = new Column.Long("last_active");
internal IdentityMetaTable(Database db) {
base(db, "identity_meta");
- init({address_name, device_id, identity_key_public_base64, trusted_identity, now_active, last_active});
- index("identity_meta_idx", {address_name, device_id}, true);
- index("identity_meta_list_idx", {address_name});
+ init({identity_id, address_name, device_id, identity_key_public_base64, trusted_identity, trust_level, now_active, last_active});
+ index("identity_meta_idx", {identity_id, address_name, device_id}, true);
+ index("identity_meta_list_idx", {identity_id, address_name});
}
- public QueryBuilder with_address(string address_name) {
- return select().with(this.address_name, "=", address_name);
+ public QueryBuilder with_address(int identity_id, string address_name) {
+ return select().with(this.identity_id, "=", identity_id).with(this.address_name, "=", address_name);
}
- public void insert_device_list(string address_name, ArrayList<int32> devices) {
- update().with(this.address_name, "=", address_name).set(now_active, false).perform();
+ public void insert_device_list(int32 identity_id, string address_name, ArrayList<int32> devices) {
+ update().with(this.identity_id, "=", identity_id).with(this.address_name, "=", address_name).set(now_active, false).perform();
foreach (int32 device_id in devices) {
upsert()
+ .value(this.identity_id, identity_id, true)
.value(this.address_name, address_name, true)
.value(this.device_id, device_id, true)
.value(this.now_active, true)
@@ -39,13 +55,61 @@ public class Database : Qlite.Database {
}
}
- public int64 insert_device_bundle(string address_name, int device_id, Bundle bundle) {
+ public int64 insert_device_bundle(int32 identity_id, string address_name, int device_id, Bundle bundle, TrustLevel trust) {
if (bundle == null || bundle.identity_key == null) return -1;
return upsert()
+ .value(this.identity_id, identity_id, true)
.value(this.address_name, address_name, true)
.value(this.device_id, device_id, true)
.value(this.identity_key_public_base64, Base64.encode(bundle.identity_key.serialize()))
- .perform();
+ .value(this.trust_level, trust).perform();
+ }
+
+ public QueryBuilder get_trusted_devices(int identity_id, string address_name) {
+ return this.with_address(identity_id, address_name)
+ .with(this.trust_level, "!=", TrustLevel.UNTRUSTED)
+ .with(this.now_active, "=", true);
+ }
+
+ public QueryBuilder get_known_devices(int identity_id, string address_name) {
+ return this.with_address(identity_id, address_name)
+ .with(this.trust_level, "!=", TrustLevel.UNKNOWN)
+ .without_null(this.identity_key_public_base64);
+ }
+
+ public QueryBuilder get_unknown_devices(int identity_id, string address_name) {
+ return this.with_address(identity_id, address_name)
+ .with_null(this.identity_key_public_base64);
+ }
+
+ public QueryBuilder get_new_devices(int identity_id, string address_name) {
+ return this.with_address(identity_id, address_name)
+ .with(this.trust_level, "=", TrustLevel.UNKNOWN)
+ .without_null(this.identity_key_public_base64);
+ }
+
+ public Row? get_device(int identity_id, string address_name, int device_id) {
+ return this.with_address(identity_id, address_name)
+ .with(this.device_id, "=", device_id).single().row().inner;
+ }
+ }
+
+
+ public class TrustTable : Table {
+ public Column<int> identity_id = new Column.Integer("identity_id") { not_null = true };
+ public Column<string> address_name = new Column.Text("address_name");
+ public Column<bool> blind_trust = new Column.BoolInt("blind_trust") { default = "1" } ;
+
+ internal TrustTable(Database db) {
+ base(db, "trust");
+ init({identity_id, address_name, blind_trust});
+ index("trust_idx", {identity_id, address_name}, true);
+ }
+
+ public bool get_blind_trust(int32 identity_id, string address_name) {
+ return this.select().with(this.identity_id, "=", identity_id)
+ .with(this.address_name, "=", address_name)
+ .with(this.blind_trust, "=", true).count() > 0;
}
}
@@ -60,6 +124,13 @@ public class Database : Qlite.Database {
base(db, "identity");
init({id, account_id, device_id, identity_key_private_base64, identity_key_public_base64});
}
+
+ public int get_id(int account_id) {
+ int id = -1;
+ Row? row = this.row_with(this.account_id, account_id).inner;
+ if (row != null) id = ((!)row)[this.id];
+ return id;
+ }
}
public class SignedPreKeyTable : Table {
@@ -103,6 +174,7 @@ public class Database : Qlite.Database {
}
public IdentityMetaTable identity_meta { get; private set; }
+ public TrustTable trust { get; private set; }
public IdentityTable identity { get; private set; }
public SignedPreKeyTable signed_pre_key { get; private set; }
public PreKeyTable pre_key { get; private set; }
@@ -111,18 +183,29 @@ public class Database : Qlite.Database {
public Database(string fileName) {
base(fileName, VERSION);
identity_meta = new IdentityMetaTable(this);
+ trust = new TrustTable(this);
identity = new IdentityTable(this);
signed_pre_key = new SignedPreKeyTable(this);
pre_key = new PreKeyTable(this);
session = new SessionTable(this);
- init({identity_meta, identity, signed_pre_key, pre_key, session});
+ init({identity_meta, trust, identity, signed_pre_key, pre_key, session});
try {
exec("PRAGMA synchronous=0");
} catch (Error e) { }
}
public override void migrate(long oldVersion) {
- // new table columns are added, outdated columns are still present
+ if(oldVersion == 1) {
+ try {
+ exec("DROP INDEX identity_meta_idx");
+ exec("DROP INDEX identity_meta_list_idx");
+ exec("CREATE UNIQUE INDEX identity_meta_idx ON identity_meta (identity_id, address_name, device_id)");
+ exec("CREATE INDEX identity_meta_list_idx ON identity_meta (identity_id, address_name)");
+ } catch (Error e) {
+ stderr.printf("Failed to migrate OMEMO database\n");
+ Process.exit(-1);
+ }
+ }
}
}
diff --git a/plugins/omemo/src/device_notification_populator.vala b/plugins/omemo/src/device_notification_populator.vala
new file mode 100644
index 00000000..900cac96
--- /dev/null
+++ b/plugins/omemo/src/device_notification_populator.vala
@@ -0,0 +1,94 @@
+using Dino.Entities;
+using Xmpp;
+using Gtk;
+
+namespace Dino.Plugins.Omemo {
+
+public class DeviceNotificationPopulator : NotificationPopulator, Object {
+
+ public string id { get { return "device_notification"; } }
+
+ private StreamInteractor? stream_interactor;
+ private Plugin plugin;
+ private Conversation? current_conversation;
+ private NotificationCollection? notification_collection;
+ private ConversationNotification notification;
+
+ public DeviceNotificationPopulator(Plugin plugin, StreamInteractor stream_interactor) {
+ this.stream_interactor = stream_interactor;
+ this.plugin = plugin;
+ }
+
+ public bool has_new_devices(Jid jid) {
+ int identity_id = plugin.db.identity.get_id(current_conversation.account.id);
+ if (identity_id < 0) return false;
+ return plugin.db.identity_meta.get_new_devices(identity_id, jid.bare_jid.to_string()).count() > 0;
+ }
+
+ public void init(Conversation conversation, NotificationCollection notification_collection, Plugins.WidgetType type) {
+ current_conversation = conversation;
+ this.notification_collection = notification_collection;
+ stream_interactor.module_manager.get_module(conversation.account, StreamModule.IDENTITY).bundle_fetched.connect_after((jid, device_id, bundle) => {
+ if (jid.equals(conversation.counterpart) && has_new_devices(conversation.counterpart) && conversation.type_ == Conversation.Type.CHAT) {
+ display_notification();
+ }
+ });
+ if (has_new_devices(conversation.counterpart) && conversation.type_ == Conversation.Type.CHAT) {
+ display_notification();
+ }
+ }
+
+ public void close(Conversation conversation) {
+ notification = null;
+ }
+
+ private void display_notification() {
+ if(notification == null) {
+ notification = new ConversationNotification(plugin, current_conversation.account, current_conversation.counterpart);
+ notification.should_hide.connect(should_hide);
+ notification_collection.add_meta_notification(notification);
+ }
+ }
+
+ public void should_hide() {
+ if (!has_new_devices(current_conversation.counterpart) && notification != null){
+ notification_collection.remove_meta_notification(notification);
+ notification = null;
+ }
+ }
+}
+
+private class ConversationNotification : MetaConversationNotification {
+ private Widget widget;
+ private Plugin plugin;
+ private Jid jid;
+ private Account account;
+ public signal void should_hide();
+
+ public ConversationNotification(Plugin plugin, Account account, Jid jid) {
+ this.plugin = plugin;
+ this.jid = jid;
+ this.account = account;
+
+ Box box = new Box(Orientation.HORIZONTAL, 5) { visible=true };
+ Button manage_button = new Button() { label=_("Manage"), visible=true };
+ manage_button.clicked.connect(() => {
+ manage_button.activate();
+ ContactDetailsDialog dialog = new ContactDetailsDialog(plugin, account, jid);
+ dialog.set_transient_for((Window) manage_button.get_toplevel());
+ dialog.response.connect((response_type) => {
+ should_hide();
+ });
+ dialog.present();
+ });
+ box.add(new Label(_("This contact has new devices")) { margin_end=10, visible=true });
+ box.add(manage_button);
+ widget = box;
+ }
+
+ public override Object? get_widget(WidgetType type) {
+ return widget;
+ }
+}
+
+}
diff --git a/plugins/omemo/src/encrypt_state.vala b/plugins/omemo/src/encrypt_state.vala
index 80ae40d7..fd72faf4 100644
--- a/plugins/omemo/src/encrypt_state.vala
+++ b/plugins/omemo/src/encrypt_state.vala
@@ -7,7 +7,7 @@ public class EncryptState {
public int other_lost { get; internal set; }
public int other_unknown { get; internal set; }
public int other_failure { get; internal set; }
- public bool other_list { get; internal set; }
+ public int other_waiting_lists { get; internal set; }
public int own_devices { get; internal set; }
public int own_success { get; internal set; }
@@ -17,8 +17,8 @@ public class EncryptState {
public bool own_list { get; internal set; }
public string to_string() {
- return @"EncryptState (encrypted=$encrypted, other=(devices=$other_devices, success=$other_success, lost=$other_lost, unknown=$other_unknown, failure=$other_failure, list=$other_list), own=(devices=$own_devices, success=$own_success, lost=$own_lost, unknown=$own_unknown, failure=$own_failure, list=$own_list))";
+ return @"EncryptState (encrypted=$encrypted, other=(devices=$other_devices, success=$other_success, lost=$other_lost, unknown=$other_unknown, failure=$other_failure, waiting_lists=$other_waiting_lists, own=(devices=$own_devices, success=$own_success, lost=$own_lost, unknown=$own_unknown, failure=$own_failure, list=$own_list))";
}
}
-} \ No newline at end of file
+}
diff --git a/plugins/omemo/src/manage_key_dialog.vala b/plugins/omemo/src/manage_key_dialog.vala
new file mode 100644
index 00000000..d1d8fefd
--- /dev/null
+++ b/plugins/omemo/src/manage_key_dialog.vala
@@ -0,0 +1,166 @@
+using Gtk;
+using Qlite;
+
+namespace Dino.Plugins.Omemo {
+
+[GtkTemplate (ui = "/im/dino/Dino/omemo/manage_key_dialog.ui")]
+public class ManageKeyDialog : Gtk.Dialog {
+
+ [GtkChild] private Stack manage_stack;
+
+ [GtkChild] private Button cancel_button;
+ [GtkChild] private Button ok_button;
+
+ [GtkChild] private Label main_desc_label;
+ [GtkChild] private ListBox main_action_list;
+
+ [GtkChild] private Image confirm_image;
+ [GtkChild] private Label confirm_title_label;
+ [GtkChild] private Label confirm_desc_label;
+
+ [GtkChild] private Label verify_label;
+ [GtkChild] private Button verify_yes_button;
+ [GtkChild] private Button verify_no_button;
+
+ private Row device;
+ private Database db;
+
+ private bool return_to_main;
+ private int current_response;
+
+ public ManageKeyDialog(Row device, Database db) {
+ Object(use_header_bar : 1);
+
+ this.device = device;
+ this.db = db;
+
+ setup_main_screen();
+ setup_verify_screen();
+
+ cancel_button.clicked.connect(handle_cancel);
+ ok_button.clicked.connect(() => {
+ response(current_response);
+ close();
+ });
+
+ verify_yes_button.clicked.connect(() => {
+ confirm_image.set_from_icon_name("security-high-symbolic", IconSize.DIALOG);
+ confirm_title_label.label = _("Verify key");
+ confirm_desc_label.set_markup(_("Once confirmed, any future messages sent by %s using this key will be highlighted accordingly in the chat window.").printf(@"<b>$(device[db.identity_meta.address_name])</b>"));
+ manage_stack.set_visible_child_name("confirm");
+ ok_button.sensitive = true;
+ return_to_main = false;
+ current_response = Database.IdentityMetaTable.TrustLevel.VERIFIED;
+ });
+
+ verify_no_button.clicked.connect(() => {
+ return_to_main = false;
+ confirm_image.set_from_icon_name("dialog-warning-symbolic", IconSize.DIALOG);
+ confirm_title_label.label = _("Fingerprints do not match");
+ confirm_desc_label.set_markup(_("Please verify that you are comparing the correct fingerprint. If fingerprints do not match %s's account may be compromised and you should consider rejecting this key.").printf(@"<b>$(device[db.identity_meta.address_name])</b>"));
+ manage_stack.set_visible_child_name("confirm");
+ });
+ }
+
+ private void handle_cancel() {
+ if (manage_stack.get_visible_child_name() == "main") close();
+
+ if (manage_stack.get_visible_child_name() == "verify") {
+ manage_stack.set_visible_child_name("main");
+ cancel_button.label = _("Cancel");
+ }
+
+ if (manage_stack.get_visible_child_name() == "confirm") {
+ if (return_to_main) {
+ manage_stack.set_visible_child_name("main");
+ cancel_button.label = _("Cancel");
+ } else {
+ manage_stack.set_visible_child_name("verify");
+ }
+ }
+
+ ok_button.sensitive = false;
+ }
+
+ private Box make_action_box(string title, string desc){
+ Box box = new Box(Orientation.VERTICAL, 0) { visible = true, margin_start = 20, margin_end = 20, margin_top = 14, margin_bottom = 14 };
+ Label lbl_title = new Label(title) { visible = true, halign = Align.START };
+ Label lbl_desc = new Label(desc) { visible = true, xalign = 0, wrap = true, max_width_chars = 40 };
+
+ Pango.AttrList title_attrs = new Pango.AttrList();
+ title_attrs.insert(Pango.attr_scale_new(1.1));
+ lbl_title.attributes = title_attrs;
+ Pango.AttrList desc_attrs = new Pango.AttrList();
+ desc_attrs.insert(Pango.attr_scale_new(0.8));
+ lbl_desc.attributes = desc_attrs;
+ lbl_desc.get_style_context().add_class("dim-label");
+
+ box.add(lbl_title);
+ box.add(lbl_desc);
+
+ return box;
+ }
+
+ private void setup_main_screen() {
+ main_action_list.set_header_func((row, before_row) => {
+ if (row.get_header() == null && before_row != null) {
+ row.set_header(new Separator(Orientation.HORIZONTAL));
+ }
+ });
+
+ ListBoxRow verify_row = new ListBoxRow() { visible = true };
+ verify_row.add(make_action_box(_("Verify Key Fingerprint"), _("Compare this key's fingerprint with the fingerprint displayed on the contact's device.")));
+ ListBoxRow reject_row = new ListBoxRow() { visible = true };
+ reject_row.add(make_action_box(_("Reject Key"), _("Stop accepting this key during communication with its associated contact.")));
+ ListBoxRow accept_row = new ListBoxRow() {visible = true };
+ accept_row.add(make_action_box(_("Accept Key"), _("Start accepting this key during communication with its assoicated contact")));
+
+ switch((Database.IdentityMetaTable.TrustLevel) device[db.identity_meta.trust_level]) {
+ case Database.IdentityMetaTable.TrustLevel.TRUSTED:
+ main_desc_label.set_markup(_("This key is currently %s.").printf("<span color='#1A63D9'>"+_("accepted")+"</span>")+" "+_("This means it can be used by %s to receive and send messages.").printf(@"<b>$(device[db.identity_meta.address_name])</b>"));
+ main_action_list.add(verify_row);
+ main_action_list.add(reject_row);
+ break;
+ case Database.IdentityMetaTable.TrustLevel.VERIFIED:
+ main_desc_label.set_markup(_("This key is currently %s.").printf("<span color='#1A63D9'>"+_("verified")+"</span>")+" "+_("This means it can be used by %s to receive and send messages. Additionally it has been verified to match the key on the contact's device.").printf(@"<b>$(device[db.identity_meta.address_name])</b>"));
+ main_action_list.add(reject_row);
+ break;
+ case Database.IdentityMetaTable.TrustLevel.UNTRUSTED:
+ main_desc_label.set_markup(_("This key is currently %s.").printf("<span color='#D91900'>"+_("rejected")+"</span>")+" "+_("This means it cannot be used by %s to receive messages, and any messages sent by it will be ignored").printf(@"<b>$(device[db.identity_meta.address_name])</b>"));
+ main_action_list.add(accept_row);
+ break;
+ }
+
+ //Row clicked - go to appropriate screen
+ main_action_list.row_activated.connect((row) => {
+ if(row == verify_row) {
+ manage_stack.set_visible_child_name("verify");
+ } else if (row == reject_row) {
+ confirm_image.set_from_icon_name("action-unavailable-symbolic", IconSize.DIALOG);
+ confirm_title_label.label = _("Reject key");
+ confirm_desc_label.set_markup(_("Once confirmed, any future messages sent by %s using this key will be ignored and none of your messages will be readable using this key.").printf(@"<b>$(device[db.identity_meta.address_name])</b>"));
+ manage_stack.set_visible_child_name("confirm");
+ ok_button.sensitive = true;
+ return_to_main = true;
+ current_response = Database.IdentityMetaTable.TrustLevel.UNTRUSTED;
+ } else if (row == accept_row) {
+ confirm_image.set_from_icon_name("emblem-ok-symbolic", IconSize.DIALOG);
+ confirm_title_label.label = _("Accept key");
+ confirm_desc_label.set_markup(_("Once confirmed this key will be usable by %s to receive and send messages.").printf(@"<b>$(device[db.identity_meta.address_name])</b>"));
+ manage_stack.set_visible_child_name("confirm");
+ ok_button.sensitive = true;
+ return_to_main = true;
+ current_response = Database.IdentityMetaTable.TrustLevel.TRUSTED;
+ }
+ cancel_button.label = _("Back");
+ });
+
+ manage_stack.set_visible_child_name("main");
+ }
+
+ private void setup_verify_screen() {
+ verify_label.set_markup(fingerprint_markup(fingerprint_from_base64(device[db.identity_meta.identity_key_public_base64])));
+ }
+}
+
+}
diff --git a/plugins/omemo/src/manager.vala b/plugins/omemo/src/manager.vala
index eb0c6378..95b15d60 100644
--- a/plugins/omemo/src/manager.vala
+++ b/plugins/omemo/src/manager.vala
@@ -12,6 +12,7 @@ public class Manager : StreamInteractionModule, Object {
private StreamInteractor stream_interactor;
private Database db;
+ private TrustManager trust_manager;
private Map<Entities.Message, MessageState> message_states = new HashMap<Entities.Message, MessageState>(Entities.Message.hash_func, Entities.Message.equals_func);
private ReceivedMessageListener received_message_listener = new ReceivedMessageListener();
@@ -21,7 +22,7 @@ public class Manager : StreamInteractionModule, Object {
public int waiting_other_sessions { get; set; }
public int waiting_own_sessions { get; set; }
public bool waiting_own_devicelist { get; set; }
- public bool waiting_other_devicelist { get; set; }
+ public int waiting_other_devicelists { get; set; }
public bool force_next_attempt { get; set; }
public bool will_send_now { get; private set; }
public bool active_send_attempt { get; set; }
@@ -37,12 +38,12 @@ public class Manager : StreamInteractionModule, Object {
this.waiting_other_sessions = new_try.other_unknown;
this.waiting_own_sessions = new_try.own_unknown;
this.waiting_own_devicelist = !new_try.own_list;
- this.waiting_other_devicelist = !new_try.other_list;
+ this.waiting_other_devicelists = new_try.other_waiting_lists;
this.active_send_attempt = false;
will_send_now = false;
if (new_try.other_failure > 0 || (new_try.other_lost == new_try.other_devices && new_try.other_devices > 0)) {
msg.marked = Entities.Message.Marked.WONTSEND;
- } else if (new_try.other_unknown > 0 || new_try.own_unknown > 0 || !new_try.other_list || !new_try.own_list || new_try.own_devices == 0) {
+ } else if (new_try.other_unknown > 0 || new_try.own_unknown > 0 || new_try.other_waiting_lists > 0 || !new_try.own_list || new_try.own_devices == 0) {
msg.marked = Entities.Message.Marked.UNSENT;
} else if (!new_try.encrypted) {
msg.marked = Entities.Message.Marked.WONTSEND;
@@ -52,22 +53,24 @@ public class Manager : StreamInteractionModule, Object {
}
public bool should_retry_now() {
- return !waiting_own_devicelist && !waiting_other_devicelist && waiting_other_sessions <= 0 && waiting_own_sessions <= 0 && !active_send_attempt;
+ return !waiting_own_devicelist && waiting_other_devicelists <= 0 && waiting_other_sessions <= 0 && waiting_own_sessions <= 0 && !active_send_attempt;
}
public string to_string() {
- return @"MessageState (waiting=(others=$waiting_other_sessions, own=$waiting_own_sessions, other_list=$waiting_other_devicelist, own_list=$waiting_own_devicelist))";
+ return @"MessageState (waiting=(others=$waiting_other_sessions, own=$waiting_own_sessions, other_lists=$waiting_other_devicelists, own_list=$waiting_own_devicelist))";
}
}
- private Manager(StreamInteractor stream_interactor, Database db) {
+ private Manager(StreamInteractor stream_interactor, Database db, TrustManager trust_manager) {
this.stream_interactor = stream_interactor;
this.db = db;
+ this.trust_manager = trust_manager;
stream_interactor.stream_negotiated.connect(on_stream_negotiated);
stream_interactor.account_added.connect(on_account_added);
stream_interactor.get_module(MessageProcessor.IDENTITY).received_pipeline.connect(received_message_listener);
stream_interactor.get_module(MessageProcessor.IDENTITY).pre_message_send.connect(on_pre_message_send);
+ stream_interactor.get_module(RosterManager.IDENTITY).mutual_subscription.connect(on_mutual_subscription);
}
private class ReceivedMessageListener : MessageListener {
@@ -85,6 +88,23 @@ public class Manager : StreamInteractionModule, Object {
}
}
+ private Gee.List<Jid> get_occupants(Jid jid, Account account){
+ Gee.List<Jid> occupants = new ArrayList<Jid>(Jid.equals_bare_func);
+ if(!stream_interactor.get_module(MucManager.IDENTITY).is_groupchat(jid, account)){
+ occupants.add(jid);
+ }
+ Gee.List<Jid>? occupant_jids = stream_interactor.get_module(MucManager.IDENTITY).get_offline_members(jid, account);
+ if(occupant_jids == null) {
+ return occupants;
+ }
+ foreach (Jid occupant in occupant_jids) {
+ if(!occupant.equals(account.bare_jid)){
+ occupants.add(occupant.bare_jid);
+ }
+ }
+ return occupants;
+ }
+
private void on_pre_message_send(Entities.Message message, Xmpp.MessageStanza message_stanza, Conversation conversation) {
if (message.encryption == Encryption.OMEMO) {
XmppStream? stream = stream_interactor.get_stream(conversation.account);
@@ -98,7 +118,22 @@ public class Manager : StreamInteractionModule, Object {
return;
}
StreamModule module = (!)module_;
- EncryptState enc_state = module.encrypt(message_stanza, conversation.account.bare_jid);
+
+ //Get a list of everyone for whom the message should be encrypted
+ Gee.List<Jid> recipients;
+ if (message_stanza.type_ == MessageStanza.TYPE_GROUPCHAT) {
+ recipients = get_occupants((!)message.to.bare_jid, conversation.account);
+ if (recipients.size == 0) {
+ message.marked = Entities.Message.Marked.WONTSEND;
+ return;
+ }
+ } else {
+ recipients = new ArrayList<Jid>(Jid.equals_bare_func);
+ recipients.add(message_stanza.to);
+ }
+
+ //Attempt to encrypt the message
+ EncryptState enc_state = trust_manager.encrypt(message_stanza, conversation.account.bare_jid, recipients, stream, conversation.account);
MessageState state;
lock (message_states) {
if (message_states.has_key(message)) {
@@ -113,49 +148,93 @@ public class Manager : StreamInteractionModule, Object {
}
}
+ //Encryption failed - need to fetch more information
if (!state.will_send_now) {
if (message.marked == Entities.Message.Marked.WONTSEND) {
if (Plugin.DEBUG) print(@"OMEMO: message was not sent: $state\n");
+ message_states.unset(message);
} else {
if (Plugin.DEBUG) print(@"OMEMO: message will be delayed: $state\n");
if (state.waiting_own_sessions > 0) {
- module.start_sessions_with((!)stream, conversation.account.bare_jid);
+ module.fetch_bundles((!)stream, conversation.account.bare_jid, trust_manager.get_trusted_devices(conversation.account, conversation.account.bare_jid));
}
if (state.waiting_other_sessions > 0 && message.counterpart != null) {
- module.start_sessions_with((!)stream, ((!)message.counterpart).bare_jid);
+ foreach(Jid jid in get_occupants(((!)message.counterpart).bare_jid, conversation.account)) {
+ module.fetch_bundles((!)stream, jid, trust_manager.get_trusted_devices(conversation.account, jid));
+ }
}
- if (state.waiting_other_devicelist && message.counterpart != null) {
- module.request_user_devicelist((!)stream, ((!)message.counterpart).bare_jid);
+ if (state.waiting_other_devicelists > 0 && message.counterpart != null) {
+ foreach(Jid jid in get_occupants(((!)message.counterpart).bare_jid, conversation.account)) {
+ module.request_user_devicelist((!)stream, jid);
+ }
}
}
}
}
}
+ private void on_mutual_subscription(Account account, Jid jid) {
+ XmppStream? stream = stream_interactor.get_stream(account);
+ if(stream == null) return;
+
+ stream_interactor.module_manager.get_module(account, StreamModule.IDENTITY).request_user_devicelist((!)stream, jid);
+ }
+
private void on_account_added(Account account) {
stream_interactor.module_manager.get_module(account, StreamModule.IDENTITY).store_created.connect((store) => on_store_created(account, store));
- stream_interactor.module_manager.get_module(account, StreamModule.IDENTITY).device_list_loaded.connect((jid) => on_device_list_loaded(account, jid));
+ stream_interactor.module_manager.get_module(account, StreamModule.IDENTITY).device_list_loaded.connect((jid, devices) => on_device_list_loaded(account, jid, devices));
stream_interactor.module_manager.get_module(account, StreamModule.IDENTITY).bundle_fetched.connect((jid, device_id, bundle) => on_bundle_fetched(account, jid, device_id, bundle));
- stream_interactor.module_manager.get_module(account, StreamModule.IDENTITY).session_started.connect((jid, device_id) => on_session_started(account, jid, false));
- stream_interactor.module_manager.get_module(account, StreamModule.IDENTITY).session_start_failed.connect((jid, device_id) => on_session_started(account, jid, true));
}
private void on_stream_negotiated(Account account, XmppStream stream) {
stream_interactor.module_manager.get_module(account, StreamModule.IDENTITY).request_user_devicelist(stream, account.bare_jid);
}
- private void on_session_started(Account account, Jid jid, bool failed) {
- if (Plugin.DEBUG) print(@"OMEMO: session start between $(account.bare_jid) and $jid $(failed ? "failed" : "successful")\n");
+ private void on_device_list_loaded(Account account, Jid jid, ArrayList<int32> device_list) {
+ if (Plugin.DEBUG) print(@"OMEMO: received device list for $(account.bare_jid) from $jid\n");
+
+ XmppStream? stream = stream_interactor.get_stream(account);
+ if (stream == null) {
+ return;
+ }
+ StreamModule? module = ((!)stream).get_module(StreamModule.IDENTITY);
+ if (module == null) {
+ return;
+ }
+
+ int identity_id = db.identity.get_id(account.id);
+ if (identity_id < 0) return;
+
+ //Update meta database
+ db.identity_meta.insert_device_list(identity_id, jid.bare_jid.to_string(), device_list);
+
+ //Fetch the bundle for each new device
+ int inc = 0;
+ foreach (Row row in db.identity_meta.get_unknown_devices(identity_id, jid.bare_jid.to_string())) {
+ module.fetch_bundle(stream, Jid.parse(row[db.identity_meta.address_name]), row[db.identity_meta.device_id]);
+ inc++;
+ }
+ if (inc > 0) {
+ if (Plugin.DEBUG) print(@"OMEMO: new bundles $inc/$(device_list.size) for $jid\n");
+ }
+
+ //Create an entry for the jid in the account table if one does not exist already
+ if (db.trust.select().with(db.trust.identity_id, "=", identity_id).with(db.trust.address_name, "=", jid.bare_jid.to_string()).count() == 0) {
+ db.trust.insert().value(db.trust.identity_id, identity_id).value(db.trust.address_name, jid.bare_jid.to_string()).value(db.trust.blind_trust, true).perform();
+ }
+
+ //Get all messages that needed the devicelist and determine if we can now send them
HashSet<Entities.Message> send_now = new HashSet<Entities.Message>();
lock (message_states) {
foreach (Entities.Message msg in message_states.keys) {
if (!msg.account.equals(account)) continue;
+ Gee.List<Jid> occupants = get_occupants(msg.counterpart.bare_jid, account);
MessageState state = message_states[msg];
if (account.bare_jid.equals(jid)) {
- state.waiting_own_sessions--;
- } else if (msg.counterpart != null && msg.counterpart.equals_bare(jid)) {
- state.waiting_other_sessions--;
+ state.waiting_own_devicelist = false;
+ } else if (msg.counterpart != null && occupants.contains(jid)) {
+ state.waiting_other_devicelists--;
}
if (state.should_retry_now()) {
send_now.add(msg);
@@ -165,25 +244,68 @@ public class Manager : StreamInteractionModule, Object {
}
foreach (Entities.Message msg in send_now) {
if (msg.counterpart == null) continue;
- Entities.Conversation? conv = stream_interactor.get_module(ConversationManager.IDENTITY).get_conversation((!)msg.counterpart, account);
+ Entities.Conversation? conv = stream_interactor.get_module(ConversationManager.IDENTITY).get_conversation(((!)msg.counterpart), account);
if (conv == null) continue;
stream_interactor.get_module(MessageProcessor.IDENTITY).send_xmpp_message(msg, (!)conv, true);
}
+
}
- private void on_device_list_loaded(Account account, Jid jid) {
- if (Plugin.DEBUG) print(@"OMEMO: received device list for $(account.bare_jid) from $jid\n");
+ public void on_bundle_fetched(Account account, Jid jid, int32 device_id, Bundle bundle) {
+ int identity_id = db.identity.get_id(account.id);
+ if (identity_id < 0) return;
+
+ bool blind_trust = db.trust.get_blind_trust(identity_id, jid.bare_jid.to_string());
+
+ //If we don't blindly trust new devices and we haven't seen this key before then don't trust it
+ bool untrust = !(blind_trust || db.identity_meta.with_address(identity_id, jid.bare_jid.to_string())
+ .with(db.identity_meta.device_id, "=", device_id)
+ .with(db.identity_meta.identity_key_public_base64, "=", Base64.encode(bundle.identity_key.serialize()))
+ .single().row().is_present());
+
+ //Get trust information from the database if the device id is known
+ Row device = db.identity_meta.get_device(identity_id, jid.bare_jid.to_string(), device_id);
+ Database.IdentityMetaTable.TrustLevel trusted = Database.IdentityMetaTable.TrustLevel.UNKNOWN;
+ if (device != null) {
+ trusted = (Database.IdentityMetaTable.TrustLevel) device[db.identity_meta.trust_level];
+ }
+
+ if(untrust) {
+ trusted = Database.IdentityMetaTable.TrustLevel.UNKNOWN;
+ } else if (blind_trust && trusted == Database.IdentityMetaTable.TrustLevel.UNKNOWN) {
+ trusted = Database.IdentityMetaTable.TrustLevel.TRUSTED;
+ }
+
+ //Update the database with the appropriate trust information
+ db.identity_meta.insert_device_bundle(identity_id, jid.bare_jid.to_string(), device_id, bundle, trusted);
+
+ XmppStream? stream = stream_interactor.get_stream(account);
+ if(stream == null) return;
+ StreamModule? module = ((!)stream).get_module(StreamModule.IDENTITY);
+ if(module == null) return;
+
+ //Get all messages waiting on the bundle and determine if they can now be sent
HashSet<Entities.Message> send_now = new HashSet<Entities.Message>();
lock (message_states) {
foreach (Entities.Message msg in message_states.keys) {
+
+ bool session_created = true;
if (!msg.account.equals(account)) continue;
+ Gee.List<Jid> occupants = get_occupants(msg.counterpart.bare_jid, account);
+
MessageState state = message_states[msg];
- if (account.bare_jid.equals(jid)) {
- state.waiting_own_devicelist = false;
- } else if (msg.counterpart != null && msg.counterpart.equals_bare(jid)) {
- state.waiting_other_devicelist = false;
+
+ if (trusted == Database.IdentityMetaTable.TrustLevel.TRUSTED || trusted == Database.IdentityMetaTable.TrustLevel.VERIFIED) {
+ if(account.bare_jid.equals(jid) || (msg.counterpart != null && (msg.counterpart.equals_bare(jid) || occupants.contains(jid)))) {
+ session_created = module.start_session(stream, jid, device_id, bundle);
+ }
}
- if (state.should_retry_now()) {
+ if (account.bare_jid.equals(jid) && session_created) {
+ state.waiting_own_sessions--;
+ } else if (msg.counterpart != null && (msg.counterpart.equals_bare(jid) || occupants.contains(jid)) && session_created) {
+ state.waiting_other_sessions--;
+ }
+ if (state.should_retry_now()){
send_now.add(msg);
state.active_send_attempt = true;
}
@@ -191,42 +313,20 @@ public class Manager : StreamInteractionModule, Object {
}
foreach (Entities.Message msg in send_now) {
if (msg.counterpart == null) continue;
- Entities.Conversation? conv = stream_interactor.get_module(ConversationManager.IDENTITY).get_conversation(((!)msg.counterpart), account);
+ Entities.Conversation? conv = stream_interactor.get_module(ConversationManager.IDENTITY).get_conversation((!)msg.counterpart, account);
if (conv == null) continue;
stream_interactor.get_module(MessageProcessor.IDENTITY).send_xmpp_message(msg, (!)conv, true);
}
-
- // Update meta database
- XmppStream? stream = stream_interactor.get_stream(account);
- if (stream == null) {
- return;
- }
- StreamModule? module = ((!)stream).get_module(StreamModule.IDENTITY);
- if (module == null) {
- return;
- }
- ArrayList<int32> device_list = module.get_device_list(jid);
- db.identity_meta.insert_device_list(jid.bare_jid.to_string(), device_list);
- int inc = 0;
- foreach (Row row in db.identity_meta.with_address(jid.bare_jid.to_string()).with_null(db.identity_meta.identity_key_public_base64)) {
- module.fetch_bundle(stream, Jid.parse(row[db.identity_meta.address_name]), row[db.identity_meta.device_id]);
- inc++;
- }
- if (inc > 0) {
- if (Plugin.DEBUG) print(@"OMEMO: new bundles $inc/$(device_list.size) for $jid\n");
- }
- }
-
- public void on_bundle_fetched(Account account, Jid jid, int32 device_id, Bundle bundle) {
- db.identity_meta.insert_device_bundle(jid.bare_jid.to_string(), device_id, bundle);
}
private void on_store_created(Account account, Store store) {
Qlite.Row? row = db.identity.row_with(db.identity.account_id, account.id).inner;
int identity_id = -1;
+ bool publish_identity = false;
if (row == null) {
// OMEMO not yet initialized, starting with empty base
+ publish_identity = true;
try {
store.identity_key_store.local_registration_id = Random.int_range(1, int32.MAX);
@@ -257,19 +357,40 @@ public class Manager : StreamInteractionModule, Object {
} else {
print(@"OMEMO: store for $(account.bare_jid) is not persisted!");
}
+
+ // Generated new device ID, ensure this gets added to the devicelist
+ if (publish_identity) {
+ XmppStream? stream = stream_interactor.get_stream(account);
+ if (stream == null) return;
+ StreamModule? module = ((!)stream).get_module(StreamModule.IDENTITY);
+ if(module == null) return;
+ module.request_user_devicelist(stream, account.bare_jid);
+ }
}
public bool can_encrypt(Entities.Conversation conversation) {
XmppStream? stream = stream_interactor.get_stream(conversation.account);
if (stream == null) return false;
- StreamModule? module = ((!)stream).get_module(StreamModule.IDENTITY);
- if (module == null) return false;
- return ((!)module).is_known_address(conversation.counterpart.bare_jid);
+ if (stream_interactor.get_module(MucManager.IDENTITY).is_groupchat(conversation.counterpart, conversation.account)){
+ Xep.Muc.Flag? flag = stream.get_flag(Xep.Muc.Flag.IDENTITY);
+ if (flag == null) return false;
+ if (flag.has_room_feature(conversation.counterpart, Xep.Muc.Feature.NON_ANONYMOUS) && flag.has_room_feature(conversation.counterpart, Xep.Muc.Feature.MEMBERS_ONLY)) {
+ foreach(Jid jid in stream_interactor.get_module(MucManager.IDENTITY).get_offline_members(conversation.counterpart, conversation.account)) {
+ if (!trust_manager.is_known_address(conversation.account, jid.bare_jid)) {
+ return false;
+ }
+ }
+ return true;
+ } else {
+ return false;
+ }
+ }
+ return trust_manager.is_known_address(conversation.account, conversation.counterpart.bare_jid);
}
- public static void start(StreamInteractor stream_interactor, Database db) {
- Manager m = new Manager(stream_interactor, db);
+ public static void start(StreamInteractor stream_interactor, Database db, TrustManager trust_manager) {
+ Manager m = new Manager(stream_interactor, db, trust_manager);
stream_interactor.add_module(m);
}
}
diff --git a/plugins/omemo/src/own_notifications.vala b/plugins/omemo/src/own_notifications.vala
new file mode 100644
index 00000000..5c96f8d5
--- /dev/null
+++ b/plugins/omemo/src/own_notifications.vala
@@ -0,0 +1,42 @@
+using Dino.Entities;
+using Xmpp;
+using Gtk;
+
+namespace Dino.Plugins.Omemo {
+
+public class OwnNotifications {
+
+ private StreamInteractor stream_interactor;
+ private Plugin plugin;
+ private Account account;
+
+ public OwnNotifications (Plugin plugin, StreamInteractor stream_interactor, Account account) {
+ this.stream_interactor = (!)stream_interactor;
+ this.plugin = plugin;
+ this.account = account;
+ stream_interactor.module_manager.get_module(account, StreamModule.IDENTITY).bundle_fetched.connect_after((jid, device_id, bundle) => {
+ if (jid.equals(account.bare_jid) && has_new_devices(account.bare_jid)) {
+ display_notification();
+ }
+ });
+
+ if (has_new_devices(account.bare_jid)) {
+ display_notification();
+ }
+ }
+
+ public bool has_new_devices(Jid jid) {
+ int identity_id = plugin.db.identity.get_id(account.id);
+ if (identity_id < 0) return false;
+
+ return plugin.db.identity_meta.get_new_devices(identity_id, jid.bare_jid.to_string()).count() > 0;
+ }
+
+ private void display_notification() {
+ Notification notification = new Notification(_("OMEMO trust decision required"));
+ notification.set_default_action_and_target_value("app.own-keys", new Variant.int32(account.id));
+ notification.set_body(_("Did you add a new device for account %s").printf(@"$(account.bare_jid.to_string())"));
+ plugin.app.send_notification(account.id.to_string()+"-new-device", notification);
+ }
+}
+}
diff --git a/plugins/omemo/src/plugin.vala b/plugins/omemo/src/plugin.vala
index b9ce500d..ab22651f 100644
--- a/plugins/omemo/src/plugin.vala
+++ b/plugins/omemo/src/plugin.vala
@@ -28,6 +28,9 @@ public class Plugin : RootInterface, Object {
public EncryptionListEntry list_entry;
public AccountSettingsEntry settings_entry;
public ContactDetailsProvider contact_details_provider;
+ public DeviceNotificationPopulator device_notification_populator;
+ public OwnNotifications own_notifications;
+ public TrustManager trust_manager;
public void registered(Dino.Application app) {
ensure_context();
@@ -36,13 +39,29 @@ public class Plugin : RootInterface, Object {
this.list_entry = new EncryptionListEntry(this);
this.settings_entry = new AccountSettingsEntry(this);
this.contact_details_provider = new ContactDetailsProvider(this);
+ this.device_notification_populator = new DeviceNotificationPopulator(this, this.app.stream_interactor);
+ this.trust_manager = new TrustManager(this.app.stream_interactor, this.db);
this.app.plugin_registry.register_encryption_list_entry(list_entry);
this.app.plugin_registry.register_account_settings_entry(settings_entry);
this.app.plugin_registry.register_contact_details_entry(contact_details_provider);
+ this.app.plugin_registry.register_notification_populator(device_notification_populator);
this.app.stream_interactor.module_manager.initialize_account_modules.connect((account, list) => {
list.add(new StreamModule());
+ this.own_notifications = new OwnNotifications(this, this.app.stream_interactor, account);
});
- Manager.start(this.app.stream_interactor, db);
+ Manager.start(this.app.stream_interactor, db, trust_manager);
+
+ SimpleAction own_keys_action = new SimpleAction("own-keys", VariantType.INT32);
+ own_keys_action.activate.connect((variant) => {
+ foreach(Dino.Entities.Account account in this.app.stream_interactor.get_accounts()) {
+ if(account.id == variant.get_int32()) {
+ ContactDetailsDialog dialog = new ContactDetailsDialog(this, account, account.bare_jid);
+ dialog.set_transient_for((this.app as Gtk.Application).get_active_window());
+ dialog.present();
+ }
+ }
+ });
+ this.app.add_action(own_keys_action);
string locales_dir;
if (app.search_path_generator != null) {
diff --git a/plugins/omemo/src/stream_module.vala b/plugins/omemo/src/stream_module.vala
index 6e6772ca..6ee42771 100644
--- a/plugins/omemo/src/stream_module.vala
+++ b/plugins/omemo/src/stream_module.vala
@@ -16,115 +16,24 @@ private const int NUM_KEYS_TO_PUBLISH = 100;
public class StreamModule : XmppStreamModule {
public static Xmpp.ModuleIdentity<StreamModule> IDENTITY = new Xmpp.ModuleIdentity<StreamModule>(NS_URI, "omemo_module");
- private Store store;
+ public Store store { public get; private set; }
private ConcurrentSet<string> active_bundle_requests = new ConcurrentSet<string>();
private ConcurrentSet<Jid> active_devicelist_requests = new ConcurrentSet<Jid>();
- private Map<Jid, ArrayList<int32>> device_lists = new HashMap<Jid, ArrayList<int32>>(Jid.hash_bare_func, Jid.equals_bare_func);
private Map<Jid, ArrayList<int32>> ignored_devices = new HashMap<Jid, ArrayList<int32>>(Jid.hash_bare_func, Jid.equals_bare_func);
- private ReceivedPipelineListener received_pipeline_listener;
public signal void store_created(Store store);
- public signal void device_list_loaded(Jid jid);
+ public signal void device_list_loaded(Jid jid, ArrayList<int32> devices);
public signal void bundle_fetched(Jid jid, int device_id, Bundle bundle);
- public signal void session_started(Jid jid, int device_id);
- public signal void session_start_failed(Jid jid, int device_id);
-
- public EncryptState encrypt(MessageStanza message, Jid self_jid) {
- EncryptState status = new EncryptState();
- if (!Plugin.ensure_context()) return status;
- if (message.to == null) return status;
- try {
- if (!device_lists.has_key(self_jid)) return status;
- status.own_list = true;
- status.own_devices = device_lists.get(self_jid).size;
- if (!device_lists.has_key(message.to)) return status;
- status.other_list = true;
- status.other_devices = device_lists.get(message.to).size;
- if (status.own_devices == 0 || status.other_devices == 0) return status;
-
- uint8[] key = new uint8[16];
- Plugin.get_context().randomize(key);
- uint8[] iv = new uint8[16];
- Plugin.get_context().randomize(iv);
-
- uint8[] ciphertext = aes_encrypt(Cipher.AES_GCM_NOPADDING, key, iv, message.body.data);
-
- StanzaNode header;
- StanzaNode encrypted = new StanzaNode.build("encrypted", NS_URI).add_self_xmlns()
- .put_node(header = new StanzaNode.build("header", NS_URI)
- .put_attribute("sid", store.local_registration_id.to_string())
- .put_node(new StanzaNode.build("iv", NS_URI)
- .put_node(new StanzaNode.text(Base64.encode(iv)))))
- .put_node(new StanzaNode.build("payload", NS_URI)
- .put_node(new StanzaNode.text(Base64.encode(ciphertext))));
-
- Address address = new Address(message.to.bare_jid.to_string(), 0);
- foreach(int32 device_id in device_lists[message.to]) {
- if (is_ignored_device(message.to, device_id)) {
- status.other_lost++;
- continue;
- }
- try {
- address.device_id = (int) device_id;
- StanzaNode key_node = create_encrypted_key(key, address);
- header.put_node(key_node);
- status.other_success++;
- } catch (Error e) {
- if (e.code == ErrorCode.UNKNOWN) status.other_unknown++;
- else status.other_failure++;
- }
- }
- address.name = self_jid.bare_jid.to_string();
- foreach(int32 device_id in device_lists[self_jid]) {
- if (is_ignored_device(self_jid, device_id)) {
- status.own_lost++;
- continue;
- }
- if (device_id != store.local_registration_id) {
- address.device_id = (int) device_id;
- try {
- StanzaNode key_node = create_encrypted_key(key, address);
- header.put_node(key_node);
- status.own_success++;
- } catch (Error e) {
- if (e.code == ErrorCode.UNKNOWN) status.own_unknown++;
- else status.own_failure++;
- }
- }
- }
-
- message.stanza.put_node(encrypted);
- Xep.ExplicitEncryption.add_encryption_tag_to_message(message, NS_URI, "OMEMO");
- message.body = "[This message is OMEMO encrypted]";
- status.encrypted = true;
- } catch (Error e) {
- if (Plugin.DEBUG) print(@"OMEMO: Signal error while encrypting message: $(e.message)\n");
- }
- return status;
- }
-
- private StanzaNode create_encrypted_key(uint8[] key, Address address) throws GLib.Error {
- SessionCipher cipher = store.create_session_cipher(address);
- CiphertextMessage device_key = cipher.encrypt(key);
- StanzaNode key_node = new StanzaNode.build("key", NS_URI)
- .put_attribute("rid", address.device_id.to_string())
- .put_node(new StanzaNode.text(Base64.encode(device_key.serialized)));
- if (device_key.type == CiphertextType.PREKEY) key_node.put_attribute("prekey", "true");
- return key_node;
- }
public override void attach(XmppStream stream) {
if (!Plugin.ensure_context()) return;
this.store = Plugin.get_context().create_store();
store_created(store);
- received_pipeline_listener = new ReceivedPipelineListener(store);
- stream.get_module(MessageModule.IDENTITY).received_pipeline.connect(received_pipeline_listener);
stream.get_module(Pubsub.Module.IDENTITY).add_filtered_notification(stream, NODE_DEVICELIST, (stream, jid, id, node) => on_devicelist(stream, jid, id, node));
}
public override void detach(XmppStream stream) {
- stream.get_module(MessageModule.IDENTITY).received_pipeline.disconnect(received_pipeline_listener);
}
public void request_user_devicelist(XmppStream stream, Jid jid) {
@@ -150,31 +59,26 @@ public class StreamModule : XmppStreamModule {
if (Plugin.DEBUG) print(@"OMEMO: Not on device list, adding id\n");
node.put_node(new StanzaNode.build("device", NS_URI).put_attribute("id", store.local_registration_id.to_string()));
stream.get_module(Pubsub.Module.IDENTITY).publish(stream, jid, NODE_DEVICELIST, NODE_DEVICELIST, id, node);
- } else {
- publish_bundles_if_needed(stream, jid);
}
+ publish_bundles_if_needed(stream, jid);
}
- lock(device_lists) {
- device_lists[jid] = new ArrayList<int32>();
- foreach (StanzaNode device_node in node.get_subnodes("device")) {
- device_lists[jid].add(device_node.get_attribute_int("id"));
- }
+
+ ArrayList<int32> device_list = new ArrayList<int32>();
+ foreach (StanzaNode device_node in node.get_subnodes("device")) {
+ device_list.add(device_node.get_attribute_int("id"));
}
active_devicelist_requests.remove(jid);
- device_list_loaded(jid);
+ device_list_loaded(jid, device_list);
}
- public void start_sessions_with(XmppStream stream, Jid jid) {
- if (!device_lists.has_key(jid)) {
- return;
- }
+ public void fetch_bundles(XmppStream stream, Jid jid, Gee.List<int32> devices) {
Address address = new Address(jid.bare_jid.to_string(), 0);
- foreach(int32 device_id in device_lists[jid]) {
+ foreach(int32 device_id in devices) {
if (!is_ignored_device(jid, device_id)) {
address.device_id = device_id;
try {
if (!store.contains_session(address)) {
- start_session_with(stream, jid, device_id);
+ fetch_bundle(stream, jid, device_id);
}
} catch (Error e) {
// Ignore
@@ -184,37 +88,15 @@ public class StreamModule : XmppStreamModule {
address.device_id = 0;
}
- public void start_session_with(XmppStream stream, Jid jid, int device_id) {
- if (active_bundle_requests.add(jid.bare_jid.to_string() + @":$device_id")) {
- if (Plugin.DEBUG) print(@"OMEMO: Asking for bundle from $(jid.bare_jid.to_string()):$device_id\n");
- stream.get_module(Pubsub.Module.IDENTITY).request(stream, jid.bare_jid, @"$NODE_BUNDLES:$device_id", (stream, jid, id, node) => {
- on_other_bundle_result(stream, jid, device_id, id, node);
- });
- }
- }
-
public void fetch_bundle(XmppStream stream, Jid jid, int device_id) {
if (active_bundle_requests.add(jid.bare_jid.to_string() + @":$device_id")) {
if (Plugin.DEBUG) print(@"OMEMO: Asking for bundle from $(jid.bare_jid.to_string()):$device_id\n");
stream.get_module(Pubsub.Module.IDENTITY).request(stream, jid.bare_jid, @"$NODE_BUNDLES:$device_id", (stream, jid, id, node) => {
- stream.get_module(IDENTITY).active_bundle_requests.remove(jid.bare_jid.to_string() + @":$device_id");
- bundle_fetched(jid, device_id, new Bundle(node));
+ on_other_bundle_result(stream, jid, device_id, id, node);
});
}
}
- public ArrayList<int32> get_device_list(Jid jid) {
- if (is_known_address(jid)) {
- return device_lists[jid];
- } else {
- return new ArrayList<int32>();
- }
- }
-
- public bool is_known_address(Jid jid) {
- return device_lists.has_key(jid);
- }
-
public void ignore_device(Jid jid, int32 device_id) {
if (device_id <= 0) return;
lock (ignored_devices) {
@@ -223,7 +105,6 @@ public class StreamModule : XmppStreamModule {
}
ignored_devices[jid].add(device_id);
}
- session_start_failed(jid, device_id);
}
public bool is_ignored_device(Jid jid, int32 device_id) {
@@ -234,47 +115,50 @@ public class StreamModule : XmppStreamModule {
}
private void on_other_bundle_result(XmppStream stream, Jid jid, int device_id, string? id, StanzaNode? node) {
- bool fail = false;
if (node == null) {
// Device not registered, shouldn't exist
- fail = true;
+ stream.get_module(IDENTITY).ignore_device(jid, device_id);
} else {
Bundle bundle = new Bundle(node);
bundle_fetched(jid, device_id, bundle);
- int32 signed_pre_key_id = bundle.signed_pre_key_id;
- ECPublicKey? signed_pre_key = bundle.signed_pre_key;
- uint8[] signed_pre_key_signature = bundle.signed_pre_key_signature;
- ECPublicKey? identity_key = bundle.identity_key;
+ }
+ stream.get_module(IDENTITY).active_bundle_requests.remove(jid.bare_jid.to_string() + @":$device_id");
+ }
+
+ public bool start_session(XmppStream stream, Jid jid, int32 device_id, Bundle bundle) {
+ bool fail = false;
+ int32 signed_pre_key_id = bundle.signed_pre_key_id;
+ ECPublicKey? signed_pre_key = bundle.signed_pre_key;
+ uint8[] signed_pre_key_signature = bundle.signed_pre_key_signature;
+ ECPublicKey? identity_key = bundle.identity_key;
- ArrayList<Bundle.PreKey> pre_keys = bundle.pre_keys;
- if (signed_pre_key_id < 0 || signed_pre_key == null || identity_key == null || pre_keys.size == 0) {
+ ArrayList<Bundle.PreKey> pre_keys = bundle.pre_keys;
+ if (signed_pre_key_id < 0 || signed_pre_key == null || identity_key == null || pre_keys.size == 0) {
+ fail = true;
+ } else {
+ int pre_key_idx = Random.int_range(0, pre_keys.size);
+ int32 pre_key_id = pre_keys[pre_key_idx].key_id;
+ ECPublicKey? pre_key = pre_keys[pre_key_idx].key;
+ if (pre_key_id < 0 || pre_key == null) {
fail = true;
} else {
- int pre_key_idx = Random.int_range(0, pre_keys.size);
- int32 pre_key_id = pre_keys[pre_key_idx].key_id;
- ECPublicKey? pre_key = pre_keys[pre_key_idx].key;
- if (pre_key_id < 0 || pre_key == null) {
- fail = true;
- } else {
- Address address = new Address(jid.bare_jid.to_string(), device_id);
- try {
- if (store.contains_session(address)) {
- return;
- }
- SessionBuilder builder = store.create_session_builder(address);
- builder.process_pre_key_bundle(create_pre_key_bundle(device_id, device_id, pre_key_id, pre_key, signed_pre_key_id, signed_pre_key, signed_pre_key_signature, identity_key));
- stream.get_module(IDENTITY).session_started(jid, device_id);
- } catch (Error e) {
- fail = true;
+ Address address = new Address(jid.bare_jid.to_string(), device_id);
+ try {
+ if (store.contains_session(address)) {
+ return false;
}
- address.device_id = 0; // TODO: Hack to have address obj live longer
+ SessionBuilder builder = store.create_session_builder(address);
+ builder.process_pre_key_bundle(create_pre_key_bundle(device_id, device_id, pre_key_id, pre_key, signed_pre_key_id, signed_pre_key, signed_pre_key_signature, identity_key));
+ } catch (Error e) {
+ fail = true;
}
+ address.device_id = 0; // TODO: Hack to have address obj live longer
}
}
if (fail) {
stream.get_module(IDENTITY).ignore_device(jid, device_id);
}
- stream.get_module(IDENTITY).active_bundle_requests.remove(jid.bare_jid.to_string() + @":$device_id");
+ return true;
}
public void publish_bundles_if_needed(XmppStream stream, Jid jid) {
@@ -385,80 +269,4 @@ public class StreamModule : XmppStreamModule {
}
}
-
-public class ReceivedPipelineListener : StanzaListener<MessageStanza> {
-
- private const string[] after_actions_const = {"EXTRACT_MESSAGE_2"};
-
- public override string action_group { get { return "ENCRYPT_BODY"; } }
- public override string[] after_actions { get { return after_actions_const; } }
-
- private Store store;
-
- public ReceivedPipelineListener(Store store) {
- this.store = store;
- }
-
- public override async bool run(XmppStream stream, MessageStanza message) {
- StanzaNode? _encrypted = message.stanza.get_subnode("encrypted", NS_URI);
- if (_encrypted == null || MessageFlag.get_flag(message) != null || message.from == null) return false;
- StanzaNode encrypted = (!)_encrypted;
- if (!Plugin.ensure_context()) return false;
- MessageFlag flag = new MessageFlag();
- message.add_flag(flag);
- StanzaNode? _header = encrypted.get_subnode("header");
- if (_header == null) return false;
- StanzaNode header = (!)_header;
- if (header.get_attribute_int("sid") <= 0) return false;
- foreach (StanzaNode key_node in header.get_subnodes("key")) {
- if (key_node.get_attribute_int("rid") == store.local_registration_id) {
- try {
- string? payload = encrypted.get_deep_string_content("payload");
- string? iv_node = header.get_deep_string_content("iv");
- string? key_node_content = key_node.get_string_content();
- if (payload == null || iv_node == null || key_node_content == null) continue;
- uint8[] key;
- uint8[] ciphertext = Base64.decode((!)payload);
- uint8[] iv = Base64.decode((!)iv_node);
- Address address = new Address(message.from.bare_jid.to_string(), header.get_attribute_int("sid"));
- if (key_node.get_attribute_bool("prekey")) {
- PreKeySignalMessage msg = Plugin.get_context().deserialize_pre_key_signal_message(Base64.decode((!)key_node_content));
- SessionCipher cipher = store.create_session_cipher(address);
- key = cipher.decrypt_pre_key_signal_message(msg);
- } else {
- SignalMessage msg = Plugin.get_context().deserialize_signal_message(Base64.decode((!)key_node_content));
- SessionCipher cipher = store.create_session_cipher(address);
- key = cipher.decrypt_signal_message(msg);
- }
- address.device_id = 0; // TODO: Hack to have address obj live longer
-
- if (key.length >= 32) {
- int authtaglength = key.length - 16;
- uint8[] new_ciphertext = new uint8[ciphertext.length + authtaglength];
- uint8[] new_key = new uint8[16];
- Memory.copy(new_ciphertext, ciphertext, ciphertext.length);
- Memory.copy((uint8*)new_ciphertext + ciphertext.length, (uint8*)key + 16, authtaglength);
- Memory.copy(new_key, key, 16);
- ciphertext = new_ciphertext;
- key = new_key;
- }
-
- message.body = arr_to_str(aes_decrypt(Cipher.AES_GCM_NOPADDING, key, iv, ciphertext));
- flag.decrypted = true;
- } catch (Error e) {
- if (Plugin.DEBUG) print(@"OMEMO: Signal error while decrypting message: $(e.message)\n");
- }
- }
- }
- return false;
- }
-
- private string arr_to_str(uint8[] arr) {
- // null-terminate the array
- uint8[] rarr = new uint8[arr.length+1];
- Memory.copy(rarr, arr, arr.length);
- return (string)rarr;
- }
-}
-
}
diff --git a/plugins/omemo/src/trust_manager.vala b/plugins/omemo/src/trust_manager.vala
new file mode 100644
index 00000000..8f6e9017
--- /dev/null
+++ b/plugins/omemo/src/trust_manager.vala
@@ -0,0 +1,253 @@
+using Dino.Entities;
+using Gee;
+using Xmpp;
+using Signal;
+using Qlite;
+
+namespace Dino.Plugins.Omemo {
+
+public class TrustManager {
+
+ private StreamInteractor stream_interactor;
+ private Database db;
+ private ReceivedMessageListener received_message_listener;
+
+ public TrustManager(StreamInteractor stream_interactor, Database db) {
+ this.stream_interactor = stream_interactor;
+ this.db = db;
+
+ received_message_listener = new ReceivedMessageListener(stream_interactor, db);
+ stream_interactor.get_module(MessageProcessor.IDENTITY).received_pipeline.connect(received_message_listener);
+ }
+
+ public void set_blind_trust(Account account, Jid jid, bool blind_trust) {
+ int identity_id = db.identity.get_id(account.id);
+ if (identity_id < 0) return;
+ db.trust.update()
+ .with(db.trust.identity_id, "=", identity_id)
+ .with(db.trust.address_name, "=", jid.bare_jid.to_string())
+ .set(db.trust.blind_trust, blind_trust).perform();
+ }
+
+ public void set_device_trust(Account account, Jid jid, int device_id, Database.IdentityMetaTable.TrustLevel trust_level) {
+ int identity_id = db.identity.get_id(account.id);
+ db.identity_meta.update()
+ .with(db.identity_meta.identity_id, "=", identity_id)
+ .with(db.identity_meta.address_name, "=", jid.bare_jid.to_string())
+ .with(db.identity_meta.device_id, "=", device_id)
+ .set(db.identity_meta.trust_level, trust_level).perform();
+ }
+
+ private StanzaNode create_encrypted_key(uint8[] key, Address address, Store store) throws GLib.Error {
+ SessionCipher cipher = store.create_session_cipher(address);
+ CiphertextMessage device_key = cipher.encrypt(key);
+ StanzaNode key_node = new StanzaNode.build("key", NS_URI)
+ .put_attribute("rid", address.device_id.to_string())
+ .put_node(new StanzaNode.text(Base64.encode(device_key.serialized)));
+ if (device_key.type == CiphertextType.PREKEY) key_node.put_attribute("prekey", "true");
+ return key_node;
+ }
+
+ public EncryptState encrypt(MessageStanza message, Jid self_jid, Gee.List<Jid> recipients, XmppStream stream, Account account) {
+ EncryptState status = new EncryptState();
+ if (!Plugin.ensure_context()) return status;
+ if (message.to == null) return status;
+
+ StreamModule module = stream.get_module(StreamModule.IDENTITY);
+
+ try {
+ //Check we have the bundles and device lists needed to send the message
+ if (!is_known_address(account, self_jid)) return status;
+ status.own_list = true;
+ status.own_devices = get_trusted_devices(account, self_jid).size;
+ status.other_waiting_lists = 0;
+ status.other_devices = 0;
+ foreach (Jid recipient in recipients) {
+ if (!is_known_address(account, recipient)) {
+ status.other_waiting_lists++;
+ }
+ if (status.other_waiting_lists > 0) return status;
+ status.other_devices += get_trusted_devices(account, recipient).size;
+ }
+ if (status.own_devices == 0 || status.other_devices == 0) return status;
+
+ //Create a key and use it to encrypt the message
+ uint8[] key = new uint8[16];
+ Plugin.get_context().randomize(key);
+ uint8[] iv = new uint8[16];
+ Plugin.get_context().randomize(iv);
+
+ uint8[] ciphertext = aes_encrypt(Cipher.AES_GCM_NOPADDING, key, iv, message.body.data);
+
+ StanzaNode header;
+ StanzaNode encrypted = new StanzaNode.build("encrypted", NS_URI).add_self_xmlns()
+ .put_node(header = new StanzaNode.build("header", NS_URI)
+ .put_attribute("sid", module.store.local_registration_id.to_string())
+ .put_node(new StanzaNode.build("iv", NS_URI)
+ .put_node(new StanzaNode.text(Base64.encode(iv)))))
+ .put_node(new StanzaNode.build("payload", NS_URI)
+ .put_node(new StanzaNode.text(Base64.encode(ciphertext))));
+
+ //Encrypt the key for each recipient's device individually
+ Address address = new Address(message.to.bare_jid.to_string(), 0);
+ foreach (Jid recipient in recipients) {
+ foreach(int32 device_id in get_trusted_devices(account, recipient)) {
+ if (module.is_ignored_device(recipient, device_id)) {
+ status.other_lost++;
+ continue;
+ }
+ try {
+ address.name = recipient.bare_jid.to_string();
+ address.device_id = (int) device_id;
+ StanzaNode key_node = create_encrypted_key(key, address, module.store);
+ header.put_node(key_node);
+ status.other_success++;
+ } catch (Error e) {
+ if (e.code == ErrorCode.UNKNOWN) status.other_unknown++;
+ else status.other_failure++;
+ }
+ }
+ }
+ address.name = self_jid.bare_jid.to_string();
+ foreach(int32 device_id in get_trusted_devices(account, self_jid)) {
+ if (module.is_ignored_device(self_jid, device_id)) {
+ status.own_lost++;
+ continue;
+ }
+ if (device_id != module.store.local_registration_id) {
+ address.device_id = (int) device_id;
+ try {
+ StanzaNode key_node = create_encrypted_key(key, address, module.store);
+ header.put_node(key_node);
+ status.own_success++;
+ } catch (Error e) {
+ if (e.code == ErrorCode.UNKNOWN) status.own_unknown++;
+ else status.own_failure++;
+ }
+ }
+ }
+
+ message.stanza.put_node(encrypted);
+ Xep.ExplicitEncryption.add_encryption_tag_to_message(message, NS_URI, "OMEMO");
+ message.body = "[This message is OMEMO encrypted]";
+ status.encrypted = true;
+ } catch (Error e) {
+ if (Plugin.DEBUG) print(@"OMEMO: Signal error while encrypting message: $(e.message)\n");
+ }
+ return status;
+ }
+
+ public bool is_known_address(Account account, Jid jid) {
+ int identity_id = db.identity.get_id(account.id);
+ if (identity_id < 0) return false;
+ return db.identity_meta.with_address(identity_id, jid.to_string()).count() > 0;
+ }
+
+ public Gee.List<int32> get_trusted_devices(Account account, Jid jid) {
+ Gee.List<int32> devices = new ArrayList<int32>();
+ int identity_id = db.identity.get_id(account.id);
+ if (identity_id < 0) return devices;
+ foreach (Row device in db.identity_meta.get_trusted_devices(identity_id, jid.bare_jid.to_string())) {
+ if(device[db.identity_meta.trust_level] != Database.IdentityMetaTable.TrustLevel.UNKNOWN || device[db.identity_meta.identity_key_public_base64] == null)
+ devices.add(device[db.identity_meta.device_id]);
+ }
+ return devices;
+ }
+
+ private class ReceivedMessageListener : MessageListener {
+ public string[] after_actions_const = new string[]{ };
+ public override string action_group { get { return "DECRYPT"; } }
+ public override string[] after_actions { get { return after_actions_const; } }
+
+ private StreamInteractor stream_interactor;
+ private Database db;
+
+ public ReceivedMessageListener(StreamInteractor stream_interactor, Database db) {
+ this.stream_interactor = stream_interactor;
+ this.db = db;
+ }
+
+ public override async bool run(Entities.Message message, Xmpp.MessageStanza stanza, Conversation conversation) {
+ Store store = stream_interactor.module_manager.get_module(conversation.account, StreamModule.IDENTITY).store;
+
+ StanzaNode? _encrypted = stanza.stanza.get_subnode("encrypted", NS_URI);
+ if (_encrypted == null || MessageFlag.get_flag(stanza) != null || stanza.from == null) return false;
+ StanzaNode encrypted = (!)_encrypted;
+ if (!Plugin.ensure_context()) return false;
+ MessageFlag flag = new MessageFlag();
+ stanza.add_flag(flag);
+ StanzaNode? _header = encrypted.get_subnode("header");
+ if (_header == null) return false;
+ StanzaNode header = (!)_header;
+ if (header.get_attribute_int("sid") <= 0) return false;
+ foreach (StanzaNode key_node in header.get_subnodes("key")) {
+ if (key_node.get_attribute_int("rid") == store.local_registration_id) {
+ try {
+ string? payload = encrypted.get_deep_string_content("payload");
+ string? iv_node = header.get_deep_string_content("iv");
+ string? key_node_content = key_node.get_string_content();
+ if (payload == null || iv_node == null || key_node_content == null) continue;
+ uint8[] key;
+ uint8[] ciphertext = Base64.decode((!)payload);
+ uint8[] iv = Base64.decode((!)iv_node);
+ Jid jid = stanza.from;
+ if (conversation.type_ == Conversation.Type.GROUPCHAT) {
+ jid = stream_interactor.get_module(MucManager.IDENTITY).get_real_jid(jid, conversation.account);
+ }
+
+ Address address = new Address(jid.bare_jid.to_string(), header.get_attribute_int("sid"));
+ if (key_node.get_attribute_bool("prekey")) {
+ PreKeySignalMessage msg = Plugin.get_context().deserialize_pre_key_signal_message(Base64.decode((!)key_node_content));
+ SessionCipher cipher = store.create_session_cipher(address);
+ key = cipher.decrypt_pre_key_signal_message(msg);
+ } else {
+ SignalMessage msg = Plugin.get_context().deserialize_signal_message(Base64.decode((!)key_node_content));
+ SessionCipher cipher = store.create_session_cipher(address);
+ key = cipher.decrypt_signal_message(msg);
+ }
+ address.device_id = 0; // TODO: Hack to have address obj live longer
+
+ if (key.length >= 32) {
+ int authtaglength = key.length - 16;
+ uint8[] new_ciphertext = new uint8[ciphertext.length + authtaglength];
+ uint8[] new_key = new uint8[16];
+ Memory.copy(new_ciphertext, ciphertext, ciphertext.length);
+ Memory.copy((uint8*)new_ciphertext + ciphertext.length, (uint8*)key + 16, authtaglength);
+ Memory.copy(new_key, key, 16);
+ ciphertext = new_ciphertext;
+ key = new_key;
+ }
+
+ message.body = arr_to_str(aes_decrypt(Cipher.AES_GCM_NOPADDING, key, iv, ciphertext));
+ flag.decrypted = true;
+
+ int identity_id = db.identity.get_id(conversation.account.id);
+ if (identity_id < 0) return false;
+
+ Database.IdentityMetaTable.TrustLevel trust_level = (Database.IdentityMetaTable.TrustLevel) db.identity_meta.get_device(identity_id, jid.bare_jid.to_string(), header.get_attribute_int("sid"))[db.identity_meta.trust_level];
+ if (trust_level == Database.IdentityMetaTable.TrustLevel.UNTRUSTED) {
+ message.body = _("OMEMO message from a rejected device");
+ message.marked = Message.Marked.WONTSEND;
+ }
+ if (trust_level == Database.IdentityMetaTable.TrustLevel.UNKNOWN) {
+ message.body = _("OMEMO message from an unknown device: ")+message.body;
+ message.marked = Message.Marked.WONTSEND;
+ }
+ } catch (Error e) {
+ if (Plugin.DEBUG) print(@"OMEMO: Signal error while decrypting message: $(e.message)\n");
+ }
+ }
+ }
+ return false;
+ }
+
+ private string arr_to_str(uint8[] arr) {
+ // null-terminate the array
+ uint8[] rarr = new uint8[arr.length+1];
+ Memory.copy(rarr, arr, arr.length);
+ return (string)rarr;
+ }
+ }
+}
+
+}