aboutsummaryrefslogtreecommitdiff
path: root/xmpp-vala/src/module/xep/0027_pgp/module.vala
diff options
context:
space:
mode:
Diffstat (limited to 'xmpp-vala/src/module/xep/0027_pgp/module.vala')
-rw-r--r--xmpp-vala/src/module/xep/0027_pgp/module.vala206
1 files changed, 206 insertions, 0 deletions
diff --git a/xmpp-vala/src/module/xep/0027_pgp/module.vala b/xmpp-vala/src/module/xep/0027_pgp/module.vala
new file mode 100644
index 00000000..fee6b9e4
--- /dev/null
+++ b/xmpp-vala/src/module/xep/0027_pgp/module.vala
@@ -0,0 +1,206 @@
+using GPG;
+
+using Xmpp.Core;
+
+namespace Xmpp.Xep.Pgp {
+ private const string NS_URI = "jabber:x";
+ private const string NS_URI_ENCRYPTED = NS_URI + ":encrypted";
+ private const string NS_URI_SIGNED = NS_URI + ":signed";
+
+ public class Module : XmppStreamModule {
+ public const string ID = "0027_current_pgp_usage";
+
+ public signal void received_jid_key_id(XmppStream stream, string jid, string key_id);
+
+ private static Object mutex = new Object();
+
+ private string? signed_status;
+ private string? own_key_id;
+
+ public Module() {
+ GPG.check_version();
+ signed_status = gpg_sign("");
+ if (signed_status != null) own_key_id = gpg_verify(signed_status, "");
+ }
+
+ public bool encrypt(Message.Stanza message, string key_id) {
+ string? enc_body = gpg_encrypt(message.body, new string[] {key_id, own_key_id});
+ if (enc_body != null) {
+ message.stanza.put_node(new StanzaNode.build("x", NS_URI_ENCRYPTED).add_self_xmlns().put_node(new StanzaNode.text(enc_body)));
+ message.body = "[This message is OpenPGP encrypted (see XEP-0027)]";
+ return true;
+ }
+ return false;
+ }
+
+ public string? get_cyphertext(Message.Stanza message) {
+ StanzaNode? x_node = message.stanza.get_subnode("x", NS_URI_ENCRYPTED);
+ return x_node == null ? null : x_node.get_string_content();
+ }
+
+ public override void attach(XmppStream stream) {
+ Presence.Module.require(stream);
+ Presence.Module.get_module(stream).received_presence.connect(on_received_presence);
+ Presence.Module.get_module(stream).pre_send_presence_stanza.connect(on_pre_send_presence_stanza);
+ Message.Module.require(stream);
+ Message.Module.get_module(stream).pre_received_message.connect(on_pre_received_message);
+ stream.add_flag(new Flag());
+ }
+
+ public override void detach(XmppStream stream) {
+ Presence.Module.get_module(stream).received_presence.disconnect(on_received_presence);
+ Presence.Module.get_module(stream).pre_send_presence_stanza.disconnect(on_pre_send_presence_stanza);
+ Message.Module.get_module(stream).pre_received_message.disconnect(on_pre_received_message);
+ }
+
+ public static Module? get_module(XmppStream stream) {
+ return (Module?) stream.get_module(NS_URI, ID);
+ }
+
+ public static void require(XmppStream stream) {
+ if (get_module(stream) == null) stream.add_module(new Module());
+ }
+
+ public override string get_ns() { return NS_URI; }
+ public override string get_id() { return ID; }
+
+ private void on_received_presence(XmppStream stream, Presence.Stanza presence) {
+ StanzaNode x_node = presence.stanza.get_subnode("x", NS_URI_SIGNED);
+ if (x_node != null) {
+ string? sig = x_node.get_string_content();
+ if (sig != null) {
+ string signed_data = presence.status == null ? "" : presence.status;
+ string? key_id = gpg_verify(sig, signed_data);
+ if (key_id != null) {
+ Flag.get_flag(stream).set_key_id(presence.from, key_id);
+ received_jid_key_id(stream, presence.from, key_id);
+ }
+ }
+ }
+ }
+
+ private void on_pre_send_presence_stanza(XmppStream stream, Presence.Stanza presence) {
+ if (presence.type_ == Presence.Stanza.TYPE_AVAILABLE && signed_status != null) {
+ presence.stanza.put_node(new StanzaNode.build("x", NS_URI_SIGNED).add_self_xmlns().put_node(new StanzaNode.text(signed_status)));
+ }
+ }
+
+ private void on_pre_received_message(XmppStream stream, Message.Stanza message) {
+ string? encrypted = get_cyphertext(message);
+ if (encrypted != null) {
+ MessageFlag flag = new MessageFlag();
+ message.add_flag(flag);
+ string? decrypted = gpg_decrypt(encrypted);
+ if (decrypted != null) {
+ flag.decrypted = true;
+ message.body = decrypted;
+ }
+ }
+ }
+
+ private static string? gpg_encrypt(string plain, string[] key_ids) {
+ lock (mutex) {
+ GPG.Context context;
+ GPGError.ErrorCode e = GPG.Context.Context(out context); if (e != GPGError.ErrorCode.NO_ERROR) return null;
+ context.set_armor(true);
+
+ Key[] keys = new Key[key_ids.length];
+ for (int i = 0; i < key_ids.length; i++) {
+ Key key;
+ e = context.get_key(key_ids[i], out key, false); if (e != GPGError.ErrorCode.NO_ERROR) return null;
+ keys[i] = key;
+ }
+
+ GPG.Data plain_data;
+ e = GPG.Data.create_from_memory(out plain_data, plain.data, false);
+ GPG.Data enc_data;
+ e = GPG.Data.create(out enc_data);
+ e = context.op_encrypt(keys, GPG.EncryptFlags.ALWAYS_TRUST, plain_data, enc_data);
+
+ string encr = get_string_from_data(enc_data);
+ int encryption_start = encr.index_of("\n\n") + 2;
+ return encr.substring(encryption_start, encr.length - "\n-----END PGP MESSAGE-----".length - encryption_start);
+ }
+ }
+
+ private static string? gpg_decrypt(string enc) {
+ lock (mutex) {
+ string armor = "-----BEGIN PGP MESSAGE-----\n\n" + enc + "\n-----END PGP MESSAGE-----";
+
+ GPG.Data enc_data;
+ GPGError.ErrorCode e = GPG.Data.create_from_memory(out enc_data, armor.data, false); if (e != GPGError.ErrorCode.NO_ERROR) return null;
+ GPG.Data dec_data;
+ e = GPG.Data.create(out dec_data); if (e != GPGError.ErrorCode.NO_ERROR) return null;
+ GPG.Context context;
+ e = GPG.Context.Context(out context); if (e != GPGError.ErrorCode.NO_ERROR) return null;
+ e = context.op_decrypt(enc_data, dec_data); if (e != GPGError.ErrorCode.NO_ERROR) return null;
+
+ string plain = get_string_from_data(dec_data);
+ return plain;
+ }
+ }
+
+ private static string? gpg_verify(string sig, string signed_text) {
+ lock (mutex) {
+ string armor = "-----BEGIN PGP MESSAGE-----\n\n" + sig + "\n-----END PGP MESSAGE-----";
+
+ GPG.Data sig_data;
+ GPGError.ErrorCode e = GPG.Data.create_from_memory(out sig_data, armor.data, false); if (e != GPGError.ErrorCode.NO_ERROR) return null;
+ GPG.Data plain_data;
+ e = GPG.Data.create(out plain_data); if (e != GPGError.ErrorCode.NO_ERROR) return null;
+ GPG.Context context;
+ e = GPG.Context.Context(out context); if (e != GPGError.ErrorCode.NO_ERROR) return null;
+ e = context.op_verify(sig_data, null, plain_data); if (e != GPGError.ErrorCode.NO_ERROR) return null;
+ GPG.VerifyResult* verify_res = context.op_verify_result();
+ if (verify_res == null || verify_res.signatures == null) return null;
+ return verify_res.signatures.fpr;
+ }
+ }
+
+ private static string? gpg_sign(string status) {
+ lock (mutex) {
+ GPG.Data status_data;
+ GPGError.ErrorCode e = GPG.Data.create_from_memory(out status_data, status.data, false); if (e != GPGError.ErrorCode.NO_ERROR) return null;
+ GPG.Data signed_data;
+ e = GPG.Data.create(out signed_data); if (e != GPGError.ErrorCode.NO_ERROR) return null;
+ GPG.Context context;
+ e = GPG.Context.Context(out context); if (e != GPGError.ErrorCode.NO_ERROR) return null;
+ e = context.op_sign(status_data, signed_data, GPG.SigMode.CLEAR); if (e != GPGError.ErrorCode.NO_ERROR) return null;
+
+ string signed = get_string_from_data(signed_data);
+ int signature_start = signed.index_of("-----BEGIN PGP SIGNATURE-----");
+ signature_start = signed.index_of("\n\n", signature_start) + 2;
+ return signed.substring(signature_start, signed.length - "\n-----END PGP SIGNATURE-----".length - signature_start);
+ }
+ }
+
+ private static string get_string_from_data(GPG.Data data) {
+ data.seek(0);
+ uint8[] buf = new uint8[256];
+ ssize_t? len = null;
+ string res = "";
+ do {
+ len = data.read(buf);
+ if (len > 0) {
+ string part = (string) buf;
+ part = part.substring(0, (long) len);
+ res += part;
+ }
+ } while (len > 0);
+ return res;
+ }
+ }
+
+ public class MessageFlag : Message.MessageFlag {
+ public const string id = "pgp";
+
+ public bool decrypted = false;
+
+ public static MessageFlag? get_flag(Message.Stanza message) {
+ return (MessageFlag) message.get_flag(NS_URI, id);
+ }
+
+ public override string get_ns() { return NS_URI; }
+ public override string get_id() { return id; }
+ }
+}