From 7e156b3a7510eaad212dfe0c72dc8aba8bda0e57 Mon Sep 17 00:00:00 2001 From: Samuel Hand Date: Wed, 25 Jul 2018 21:27:26 +0100 Subject: Code cleanup: create new trust management class --- plugins/omemo/src/trust_manager.vala | 128 +++++++++++++++++++++++++++++++++++ 1 file changed, 128 insertions(+) create mode 100644 plugins/omemo/src/trust_manager.vala (limited to 'plugins/omemo/src/trust_manager.vala') diff --git a/plugins/omemo/src/trust_manager.vala b/plugins/omemo/src/trust_manager.vala new file mode 100644 index 00000000..408faed8 --- /dev/null +++ b/plugins/omemo/src/trust_manager.vala @@ -0,0 +1,128 @@ +using Dino.Entities; +using Gee; +using Xmpp; +using Signal; +using Qlite; + +namespace Dino.Plugins.Omemo { + +public class TrustManager { + + private StreamInteractor stream_interactor; + private Database db; + + public TrustManager(StreamInteractor stream_interactor, Database db) { + this.stream_interactor = stream_interactor; + this.db = db; + } + + private StanzaNode create_encrypted_key(uint8[] key, Address address, Store store) throws GLib.Error { + SessionCipher cipher = store.create_session_cipher(address); + CiphertextMessage device_key = cipher.encrypt(key); + StanzaNode key_node = new StanzaNode.build("key", NS_URI) + .put_attribute("rid", address.device_id.to_string()) + .put_node(new StanzaNode.text(Base64.encode(device_key.serialized))); + if (device_key.type == CiphertextType.PREKEY) key_node.put_attribute("prekey", "true"); + return key_node; + } + + public EncryptState encrypt(MessageStanza message, Jid self_jid, Gee.List recipients, XmppStream stream, Account account) { + EncryptState status = new EncryptState(); + if (!Plugin.ensure_context()) return status; + if (message.to == null) return status; + + StreamModule module = stream.get_module(StreamModule.IDENTITY); + + try { + if (!is_known_address(account, self_jid)) return status; + status.own_list = true; + status.own_devices = get_trusted_devices(account, self_jid).size; + status.other_waiting_lists = 0; + status.other_devices = 0; + foreach (Jid recipient in recipients) { + if (!is_known_address(account, recipient)) { + status.other_waiting_lists++; + return status; + } + status.other_devices += get_trusted_devices(account, recipient).size; + } + if (status.own_devices == 0 || status.other_devices == 0) return status; + + uint8[] key = new uint8[16]; + Plugin.get_context().randomize(key); + uint8[] iv = new uint8[16]; + Plugin.get_context().randomize(iv); + + uint8[] ciphertext = aes_encrypt(Cipher.AES_GCM_NOPADDING, key, iv, message.body.data); + + StanzaNode header; + StanzaNode encrypted = new StanzaNode.build("encrypted", NS_URI).add_self_xmlns() + .put_node(header = new StanzaNode.build("header", NS_URI) + .put_attribute("sid", module.store.local_registration_id.to_string()) + .put_node(new StanzaNode.build("iv", NS_URI) + .put_node(new StanzaNode.text(Base64.encode(iv))))) + .put_node(new StanzaNode.build("payload", NS_URI) + .put_node(new StanzaNode.text(Base64.encode(ciphertext)))); + + Address address = new Address(message.to.bare_jid.to_string(), 0); + foreach (Jid recipient in recipients) { + foreach(int32 device_id in get_trusted_devices(account, recipient)) { + if (module.is_ignored_device(recipient, device_id)) { + status.other_lost++; + continue; + } + try { + address.name = recipient.bare_jid.to_string(); + address.device_id = (int) device_id; + StanzaNode key_node = create_encrypted_key(key, address, module.store); + header.put_node(key_node); + status.other_success++; + } catch (Error e) { + if (e.code == ErrorCode.UNKNOWN) status.other_unknown++; + else status.other_failure++; + } + } + } + address.name = self_jid.bare_jid.to_string(); + foreach(int32 device_id in get_trusted_devices(account, self_jid)) { + if (module.is_ignored_device(self_jid, device_id)) { + status.own_lost++; + continue; + } + if (device_id != module.store.local_registration_id) { + address.device_id = (int) device_id; + try { + StanzaNode key_node = create_encrypted_key(key, address, module.store); + header.put_node(key_node); + status.own_success++; + } catch (Error e) { + if (e.code == ErrorCode.UNKNOWN) status.own_unknown++; + else status.own_failure++; + } + } + } + + message.stanza.put_node(encrypted); + Xep.ExplicitEncryption.add_encryption_tag_to_message(message, NS_URI, "OMEMO"); + message.body = "[This message is OMEMO encrypted]"; + status.encrypted = true; + } catch (Error e) { + if (Plugin.DEBUG) print(@"OMEMO: Signal error while encrypting message: $(e.message)\n"); + } + return status; + } + + public bool is_known_address(Account account, Jid jid) { + return db.identity_meta.with_address(account.id, jid.to_string()).count() > 0; + } + + public Gee.List get_trusted_devices(Account account, Jid jid) { + Gee.List devices = new ArrayList(); + foreach (Row device in db.identity_meta.with_address(account.id, jid.to_string()).with(db.identity_meta.trust_level, "!=", Database.IdentityMetaTable.TrustLevel.UNKNOWN).with(db.identity_meta.trust_level, "!=", Database.IdentityMetaTable.TrustLevel.UNTRUSTED).without_null(db.identity_meta.identity_key_public_base64)) { + devices.add(device[db.identity_meta.device_id]); + } + return devices; + } +} + +} -- cgit v1.2.3-70-g09d2 From 5d32a0ec3d85295f2286fbbab650c852b13a437c Mon Sep 17 00:00:00 2001 From: Samuel Hand Date: Sat, 28 Jul 2018 19:03:52 +0100 Subject: Fix omemo not being available on first startup --- plugins/omemo/src/manager.vala | 11 ++++++++--- plugins/omemo/src/stream_module.vala | 4 ++-- plugins/omemo/src/trust_manager.vala | 5 +++-- 3 files changed, 13 insertions(+), 7 deletions(-) (limited to 'plugins/omemo/src/trust_manager.vala') diff --git a/plugins/omemo/src/manager.vala b/plugins/omemo/src/manager.vala index 5bd1e00e..8654a4f5 100644 --- a/plugins/omemo/src/manager.vala +++ b/plugins/omemo/src/manager.vala @@ -340,15 +340,20 @@ public class Manager : StreamInteractionModule, Object { if (flag == null) return false; if (flag.has_room_feature(conversation.counterpart, Xep.Muc.Feature.NON_ANONYMOUS) && flag.has_room_feature(conversation.counterpart, Xep.Muc.Feature.MEMBERS_ONLY)) { foreach(Jid jid in stream_interactor.get_module(MucManager.IDENTITY).get_offline_members(conversation.counterpart, conversation.account)) { - if (!trust_manager.is_known_address(conversation.account, jid.bare_jid)) return false; + if (!trust_manager.is_known_address(conversation.account, jid.bare_jid)) { + module.request_user_devicelist(stream, jid.bare_jid); + return false; + } } return true; } else { return false; } - } else { - return trust_manager.is_known_address(conversation.account, conversation.counterpart.bare_jid); + } else if (!trust_manager.is_known_address(conversation.account, conversation.counterpart.bare_jid)) { + module.request_user_devicelist(stream, conversation.counterpart.bare_jid); + return false; } + return true; } public static void start(StreamInteractor stream_interactor, Database db) { diff --git a/plugins/omemo/src/stream_module.vala b/plugins/omemo/src/stream_module.vala index d298db2b..25e3685f 100644 --- a/plugins/omemo/src/stream_module.vala +++ b/plugins/omemo/src/stream_module.vala @@ -33,6 +33,7 @@ public class StreamModule : XmppStreamModule { store_created(store); received_pipeline_listener = new ReceivedPipelineListener(store); stream.get_module(MessageModule.IDENTITY).received_pipeline.connect(received_pipeline_listener); + print("Adding filtered notification\n"); stream.get_module(Pubsub.Module.IDENTITY).add_filtered_notification(stream, NODE_DEVICELIST, (stream, jid, id, node) => on_devicelist(stream, jid, id, node)); } @@ -63,9 +64,8 @@ public class StreamModule : XmppStreamModule { if (Plugin.DEBUG) print(@"OMEMO: Not on device list, adding id\n"); node.put_node(new StanzaNode.build("device", NS_URI).put_attribute("id", store.local_registration_id.to_string())); stream.get_module(Pubsub.Module.IDENTITY).publish(stream, jid, NODE_DEVICELIST, NODE_DEVICELIST, id, node); - } else { - publish_bundles_if_needed(stream, jid); } + publish_bundles_if_needed(stream, jid); } ArrayList device_list = new ArrayList(); diff --git a/plugins/omemo/src/trust_manager.vala b/plugins/omemo/src/trust_manager.vala index 408faed8..7e17e5ea 100644 --- a/plugins/omemo/src/trust_manager.vala +++ b/plugins/omemo/src/trust_manager.vala @@ -118,8 +118,9 @@ public class TrustManager { public Gee.List get_trusted_devices(Account account, Jid jid) { Gee.List devices = new ArrayList(); - foreach (Row device in db.identity_meta.with_address(account.id, jid.to_string()).with(db.identity_meta.trust_level, "!=", Database.IdentityMetaTable.TrustLevel.UNKNOWN).with(db.identity_meta.trust_level, "!=", Database.IdentityMetaTable.TrustLevel.UNTRUSTED).without_null(db.identity_meta.identity_key_public_base64)) { - devices.add(device[db.identity_meta.device_id]); + foreach (Row device in db.identity_meta.with_address(account.id, jid.to_string()).with(db.identity_meta.trust_level, "!=", Database.IdentityMetaTable.TrustLevel.UNTRUSTED)) { + if(device[db.identity_meta.trust_level] != Database.IdentityMetaTable.TrustLevel.UNKNOWN || device[db.identity_meta.identity_key_public_base64] == null) + devices.add(device[db.identity_meta.device_id]); } return devices; } -- cgit v1.2.3-70-g09d2 From e6069fa183aa4b8aa6c1e8afdff151f8d74c3fc5 Mon Sep 17 00:00:00 2001 From: Samuel Hand Date: Sun, 29 Jul 2018 13:31:57 +0100 Subject: Mark messages from rejected and unknown devices --- plugins/omemo/src/stream_module.vala | 1 - plugins/omemo/src/trust_manager.vala | 39 ++++++++++++++++++++++++++++++++++++ 2 files changed, 39 insertions(+), 1 deletion(-) (limited to 'plugins/omemo/src/trust_manager.vala') diff --git a/plugins/omemo/src/stream_module.vala b/plugins/omemo/src/stream_module.vala index 25e3685f..f086bd4c 100644 --- a/plugins/omemo/src/stream_module.vala +++ b/plugins/omemo/src/stream_module.vala @@ -33,7 +33,6 @@ public class StreamModule : XmppStreamModule { store_created(store); received_pipeline_listener = new ReceivedPipelineListener(store); stream.get_module(MessageModule.IDENTITY).received_pipeline.connect(received_pipeline_listener); - print("Adding filtered notification\n"); stream.get_module(Pubsub.Module.IDENTITY).add_filtered_notification(stream, NODE_DEVICELIST, (stream, jid, id, node) => on_devicelist(stream, jid, id, node)); } diff --git a/plugins/omemo/src/trust_manager.vala b/plugins/omemo/src/trust_manager.vala index 7e17e5ea..ca505c3f 100644 --- a/plugins/omemo/src/trust_manager.vala +++ b/plugins/omemo/src/trust_manager.vala @@ -10,10 +10,14 @@ public class TrustManager { private StreamInteractor stream_interactor; private Database db; + private ReceivedMessageListener received_message_listener; public TrustManager(StreamInteractor stream_interactor, Database db) { this.stream_interactor = stream_interactor; this.db = db; + + received_message_listener = new ReceivedMessageListener(stream_interactor, db); + stream_interactor.get_module(MessageProcessor.IDENTITY).received_pipeline.connect(received_message_listener); } private StanzaNode create_encrypted_key(uint8[] key, Address address, Store store) throws GLib.Error { @@ -124,6 +128,41 @@ public class TrustManager { } return devices; } + + private class ReceivedMessageListener : MessageListener { + public string[] after_actions_const = new string[]{ }; + public override string action_group { get { return "DECRYPT"; } } + public override string[] after_actions { get { return after_actions_const; } } + + private StreamInteractor stream_interactor; + private Database db; + + public ReceivedMessageListener(StreamInteractor stream_interactor, Database db) { + this.stream_interactor = stream_interactor; + this.db = db; + } + + public override async bool run(Entities.Message message, Xmpp.MessageStanza stanza, Conversation conversation) { + MessageFlag? flag = MessageFlag.get_flag(stanza); + if(flag != null && ((!)flag).decrypted) { + StanzaNode header = stanza.stanza.get_subnode("encrypted", "eu.siacs.conversations.axolotl").get_subnode("header"); + Jid jid = message.from; + if(conversation.type_ == Conversation.Type.GROUPCHAT) { + jid = stream_interactor.get_module(MucManager.IDENTITY).get_real_jid(jid, conversation.account); + } + Database.IdentityMetaTable.TrustLevel trust_level = (Database.IdentityMetaTable.TrustLevel) db.identity_meta.with_address(conversation.account.id, jid.bare_jid.to_string()).with(db.identity_meta.device_id, "=", header.get_attribute_int("sid")).single()[db.identity_meta.trust_level]; + if (trust_level == Database.IdentityMetaTable.TrustLevel.UNTRUSTED) { + message.body = "OMEMO message from a rejected device"; + message.marked = Message.Marked.WONTSEND; + } + if (trust_level == Database.IdentityMetaTable.TrustLevel.UNKNOWN) { + message.body = "OMEMO message from an unknown device: "+message.body; + message.marked = Message.Marked.WONTSEND; + } + } + return false; + } + } } } -- cgit v1.2.3-70-g09d2 From cdaa29d7f08fcee1099c53184ba8b36bb93a1bc1 Mon Sep 17 00:00:00 2001 From: Samuel Hand Date: Wed, 8 Aug 2018 14:45:09 +0100 Subject: Only send messages to active devices --- plugins/omemo/src/trust_manager.vala | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins/omemo/src/trust_manager.vala') diff --git a/plugins/omemo/src/trust_manager.vala b/plugins/omemo/src/trust_manager.vala index ca505c3f..d25f7b00 100644 --- a/plugins/omemo/src/trust_manager.vala +++ b/plugins/omemo/src/trust_manager.vala @@ -122,7 +122,7 @@ public class TrustManager { public Gee.List get_trusted_devices(Account account, Jid jid) { Gee.List devices = new ArrayList(); - foreach (Row device in db.identity_meta.with_address(account.id, jid.to_string()).with(db.identity_meta.trust_level, "!=", Database.IdentityMetaTable.TrustLevel.UNTRUSTED)) { + foreach (Row device in db.identity_meta.with_address(account.id, jid.to_string()).with(db.identity_meta.trust_level, "!=", Database.IdentityMetaTable.TrustLevel.UNTRUSTED).with(db.identity_meta.now_active, "=", true)) { if(device[db.identity_meta.trust_level] != Database.IdentityMetaTable.TrustLevel.UNKNOWN || device[db.identity_meta.identity_key_public_base64] == null) devices.add(device[db.identity_meta.device_id]); } -- cgit v1.2.3-70-g09d2 From 36cc8b039338442512f0e86d9487d951b5f2c6e3 Mon Sep 17 00:00:00 2001 From: Samuel Hand Date: Fri, 10 Aug 2018 00:45:22 +0100 Subject: Code cleanup - move long database queries to their own functions and improve variable names --- plugins/omemo/data/contact_details_dialog.ui | 16 +-- plugins/omemo/data/manage_key_dialog.ui | 16 +-- plugins/omemo/src/contact_details_dialog.vala | 133 ++++++++++----------- plugins/omemo/src/contact_details_provider.vala | 6 +- plugins/omemo/src/database.vala | 38 +++++- .../omemo/src/device_notification_populator.vala | 2 +- plugins/omemo/src/manage_key_dialog.vala | 63 +++++----- plugins/omemo/src/manager.vala | 30 +++-- plugins/omemo/src/own_notifications.vala | 2 +- plugins/omemo/src/plugin.vala | 7 +- plugins/omemo/src/trust_manager.vala | 24 +++- 11 files changed, 194 insertions(+), 143 deletions(-) (limited to 'plugins/omemo/src/trust_manager.vala') diff --git a/plugins/omemo/data/contact_details_dialog.ui b/plugins/omemo/data/contact_details_dialog.ui index a5e8511b..eef82f7f 100644 --- a/plugins/omemo/data/contact_details_dialog.ui +++ b/plugins/omemo/data/contact_details_dialog.ui @@ -63,7 +63,7 @@ - + True end center @@ -115,7 +115,7 @@ horizontal True - + True start right @@ -129,7 +129,7 @@ True 5 - + True start True @@ -144,7 +144,7 @@ - + True end True @@ -188,7 +188,7 @@ True - + True none @@ -216,7 +216,7 @@ True - + True none @@ -230,7 +230,7 @@ False - show_qrcode + show_qrcode_button left True @@ -238,7 +238,7 @@ True 10 - + True diff --git a/plugins/omemo/data/manage_key_dialog.ui b/plugins/omemo/data/manage_key_dialog.ui index 1c07d971..df0b81b5 100644 --- a/plugins/omemo/data/manage_key_dialog.ui +++ b/plugins/omemo/data/manage_key_dialog.ui @@ -50,7 +50,7 @@ vertical center - + True True 0 @@ -83,7 +83,7 @@ True - Compare the fingerprint, character by character, with the one shown on your contacts device. + Compare the fingerprint, character by character, with the one shown on your contacts device. True 0 45 @@ -107,17 +107,17 @@ - + True True - Not Matching + Not Matching - + True True - Matching + Matching @@ -140,7 +140,7 @@ - + True @@ -148,7 +148,7 @@ - + True center True diff --git a/plugins/omemo/src/contact_details_dialog.vala b/plugins/omemo/src/contact_details_dialog.vala index 91e2eaee..3a39bda5 100644 --- a/plugins/omemo/src/contact_details_dialog.vala +++ b/plugins/omemo/src/contact_details_dialog.vala @@ -18,15 +18,15 @@ public class ContactDetailsDialog : Gtk.Dialog { private int own_id = 0; [GtkChild] private Box own_fingerprint_container; - [GtkChild] private Label own_fingerprint; + [GtkChild] private Label own_fingerprint_label; [GtkChild] private Box new_keys_container; - [GtkChild] private ListBox new_keys; + [GtkChild] private ListBox new_keys_listbox; [GtkChild] private Box keys_container; - [GtkChild] private ListBox keys; - [GtkChild] private Switch auto_accept; - [GtkChild] private Button copy; - [GtkChild] private Button show_qrcode; - [GtkChild] private Image qrcode; + [GtkChild] private ListBox keys_listbox; + [GtkChild] private Switch auto_accept_switch; + [GtkChild] private Button copy_button; + [GtkChild] private Button show_qrcode_button; + [GtkChild] private Image qrcode_image; [GtkChild] private Popover qrcode_popover; public ContactDetailsDialog(Plugin plugin, Account account, Jid jid) { @@ -38,6 +38,8 @@ public class ContactDetailsDialog : Gtk.Dialog { (get_header_bar() as HeaderBar).set_subtitle(jid.bare_jid.to_string()); + // Dialog opened from the account settings menu + // Show the fingerprint for this device separately with buttons for a qrcode and to copy if(jid.equals(account.bare_jid)) { own = true; own_id = plugin.db.identity.row_with(plugin.db.identity.account_id, account.id)[plugin.db.identity.device_id]; @@ -46,51 +48,44 @@ public class ContactDetailsDialog : Gtk.Dialog { string own_b64 = plugin.db.identity.row_with(plugin.db.identity.account_id, account.id)[plugin.db.identity.identity_key_public_base64]; string fingerprint = fingerprint_from_base64(own_b64); - own_fingerprint.set_markup(fingerprint_markup(fingerprint)); + own_fingerprint_label.set_markup(fingerprint_markup(fingerprint)); - copy.clicked.connect(() => {Clipboard.get_default(get_display()).set_text(fingerprint, fingerprint.length);}); + copy_button.clicked.connect(() => {Clipboard.get_default(get_display()).set_text(fingerprint, fingerprint.length);}); int sid = plugin.db.identity.row_with(plugin.db.identity.account_id, account.id)[plugin.db.identity.device_id]; Pixbuf pixbuf = new QRcode(@"xmpp:$(account.bare_jid)?omemo-sid-$(sid)=$(fingerprint)", 2).to_pixbuf(); pixbuf = pixbuf.scale_simple(150, 150, InterpType.NEAREST); - qrcode.set_from_pixbuf(pixbuf); - show_qrcode.clicked.connect(qrcode_popover.popup); + qrcode_image.set_from_pixbuf(pixbuf); + show_qrcode_button.clicked.connect(qrcode_popover.popup); } - new_keys.set_header_func((row, before_row) => { - if (row.get_header() == null && before_row != null) { - row.set_header(new Separator(Orientation.HORIZONTAL)); - } - }); + new_keys_listbox.set_header_func(header_function); - keys.set_header_func((row, before_row) => { - if (row.get_header() == null && before_row != null) { - row.set_header(new Separator(Orientation.HORIZONTAL)); - } - }); + keys_listbox.set_header_func(header_function); - foreach (Row device in plugin.db.identity_meta.with_address(account.id, jid.to_string()).with(plugin.db.identity_meta.trust_level, "=", Database.IdentityMetaTable.TrustLevel.UNKNOWN).without_null(plugin.db.identity_meta.identity_key_public_base64)) { + //Show any new devices for which the user must decide whether to accept or reject + foreach (Row device in plugin.db.identity_meta.get_new_devices(account.id, jid.to_string())) { add_new_fingerprint(device); } - foreach (Row device in plugin.db.identity_meta.with_address(account.id, jid.to_string()).with(plugin.db.identity_meta.trust_level, "!=", Database.IdentityMetaTable.TrustLevel.UNKNOWN).without_null(plugin.db.identity_meta.identity_key_public_base64)) { + //Show the normal devicelist + foreach (Row device in plugin.db.identity_meta.get_known_devices(account.id, jid.to_string())) { if(own && device[plugin.db.identity_meta.device_id] == own_id) { continue; } add_fingerprint(device, (Database.IdentityMetaTable.TrustLevel) device[plugin.db.identity_meta.trust_level]); - } - auto_accept.set_active(plugin.db.trust.get_blind_trust(account.id, jid.bare_jid.to_string())); + auto_accept_switch.set_active(plugin.db.trust.get_blind_trust(account.id, jid.bare_jid.to_string())); - auto_accept.state_set.connect((active) => { - plugin.db.trust.update().with(plugin.db.trust.identity_id, "=", account.id).with(plugin.db.trust.address_name, "=", jid.bare_jid.to_string()).set(plugin.db.trust.blind_trust, active).perform(); + auto_accept_switch.state_set.connect((active) => { + plugin.trust_manager.set_blind_trust(account, jid, active); if (active) { new_keys_container.visible = false; - foreach (Row device in plugin.db.identity_meta.with_address(account.id, jid.to_string()).with(plugin.db.identity_meta.trust_level, "=", Database.IdentityMetaTable.TrustLevel.UNKNOWN).without_null(plugin.db.identity_meta.identity_key_public_base64)) { - set_device_trust(device, true); + foreach (Row device in plugin.db.identity_meta.get_new_devices(account.id, jid.to_string())) { + plugin.trust_manager.set_device_trust(account, jid, device[plugin.db.identity_meta.device_id], Database.IdentityMetaTable.TrustLevel.TRUSTED); add_fingerprint(device, Database.IdentityMetaTable.TrustLevel.TRUSTED); } } @@ -100,13 +95,10 @@ public class ContactDetailsDialog : Gtk.Dialog { } - private void set_device_trust(Row device, bool trust) { - Database.IdentityMetaTable.TrustLevel trust_level = trust ? Database.IdentityMetaTable.TrustLevel.TRUSTED : Database.IdentityMetaTable.TrustLevel.UNTRUSTED; - plugin.db.identity_meta.update() - .with(plugin.db.identity_meta.identity_id, "=", account.id) - .with(plugin.db.identity_meta.address_name, "=", device[plugin.db.identity_meta.address_name]) - .with(plugin.db.identity_meta.device_id, "=", device[plugin.db.identity_meta.device_id]) - .set(plugin.db.identity_meta.trust_level, trust_level).perform(); + private void header_function(ListBoxRow row, ListBoxRow? before) { + if (row.get_header() == null && before != null) { + row.set_header(new Separator(Orientation.HORIZONTAL)); + } } private void set_row(int trust, bool now_active, Image img, Label status_lbl, Label lbl, ListBoxRow lbr){ @@ -139,7 +131,7 @@ public class ContactDetailsDialog : Gtk.Dialog { ListBoxRow lbr = new ListBoxRow() { visible = true, activatable = true, hexpand = true }; Box box = new Box(Gtk.Orientation.HORIZONTAL, 40) { visible = true, margin_start = 20, margin_end = 20, margin_top = 14, margin_bottom = 14, hexpand = true }; - Box status = new Box(Gtk.Orientation.HORIZONTAL, 5) { visible = true, hexpand = true }; + Box status_box = new Box(Gtk.Orientation.HORIZONTAL, 5) { visible = true, hexpand = true }; Label status_lbl = new Label(null) { visible = true, hexpand = true, xalign = 0 }; Image img = new Image() { visible = true, halign = Align.END, icon_size = IconSize.BUTTON }; @@ -151,17 +143,18 @@ public class ContactDetailsDialog : Gtk.Dialog { set_row(trust, device[plugin.db.identity_meta.now_active], img, status_lbl, lbl, lbr); box.add(lbl); - box.add(status); + box.add(status_box); - status.add(status_lbl); - status.add(img); + status_box.add(status_lbl); + status_box.add(img); lbr.add(box); - keys.add(lbr); + keys_listbox.add(lbr); - keys.row_activated.connect((row) => { + //Row clicked - pull the most up to date device info from the database and show the manage window + keys_listbox.row_activated.connect((row) => { if(row == lbr) { - Row updated_device = plugin.db.identity_meta.with_address(device[plugin.db.identity_meta.identity_id], device[plugin.db.identity_meta.address_name]).with(plugin.db.identity_meta.device_id, "=", device[plugin.db.identity_meta.device_id]).single().row().inner; + Row updated_device = plugin.db.identity_meta.get_device(device[plugin.db.identity_meta.identity_id], device[plugin.db.identity_meta.address_name], device[plugin.db.identity_meta.device_id]); ManageKeyDialog manage_dialog = new ManageKeyDialog(updated_device, plugin.db); manage_dialog.set_transient_for((Gtk.Window) get_toplevel()); manage_dialog.present(); @@ -176,19 +169,15 @@ public class ContactDetailsDialog : Gtk.Dialog { private void update_device(int response, Row device){ switch (response) { case Database.IdentityMetaTable.TrustLevel.TRUSTED: - set_device_trust(device, true); + plugin.trust_manager.set_device_trust(account, jid, device[plugin.db.identity_meta.device_id], Database.IdentityMetaTable.TrustLevel.TRUSTED); break; case Database.IdentityMetaTable.TrustLevel.UNTRUSTED: - set_device_trust(device, false); + plugin.trust_manager.set_device_trust(account, jid, device[plugin.db.identity_meta.device_id], Database.IdentityMetaTable.TrustLevel.UNTRUSTED); break; case Database.IdentityMetaTable.TrustLevel.VERIFIED: - plugin.db.identity_meta.update() - .with(plugin.db.identity_meta.identity_id, "=", account.id) - .with(plugin.db.identity_meta.address_name, "=", device[plugin.db.identity_meta.address_name]) - .with(plugin.db.identity_meta.device_id, "=", device[plugin.db.identity_meta.device_id]) - .set(plugin.db.identity_meta.trust_level, Database.IdentityMetaTable.TrustLevel.VERIFIED).perform(); - plugin.db.trust.update().with(plugin.db.trust.identity_id, "=", account.id).with(plugin.db.trust.address_name, "=", jid.bare_jid.to_string()).set(plugin.db.trust.blind_trust, false).perform(); - auto_accept.set_active(false); + plugin.trust_manager.set_device_trust(account, jid, device[plugin.db.identity_meta.device_id], Database.IdentityMetaTable.TrustLevel.VERIFIED); + plugin.trust_manager.set_blind_trust(account, jid, false); + auto_accept_switch.set_active(false); break; } } @@ -199,28 +188,28 @@ public class ContactDetailsDialog : Gtk.Dialog { ListBoxRow lbr = new ListBoxRow() { visible = true, activatable = false, hexpand = true }; Box box = new Box(Gtk.Orientation.HORIZONTAL, 40) { visible = true, margin_start = 20, margin_end = 20, margin_top = 14, margin_bottom = 14, hexpand = true }; - Box control = new Box(Gtk.Orientation.HORIZONTAL, 0) { visible = true, hexpand = true }; + Box control_box = new Box(Gtk.Orientation.HORIZONTAL, 0) { visible = true, hexpand = true }; - Button yes = new Button() { visible = true, valign = Align.CENTER, hexpand = true }; - yes.image = new Image.from_icon_name("emblem-ok-symbolic", IconSize.BUTTON); - yes.get_style_context().add_class("suggested-action"); + Button yes_button = new Button() { visible = true, valign = Align.CENTER, hexpand = true }; + yes_button.image = new Image.from_icon_name("emblem-ok-symbolic", IconSize.BUTTON); + yes_button.get_style_context().add_class("suggested-action"); - Button no = new Button() { visible = true, valign = Align.CENTER, hexpand = true }; - no.image = new Image.from_icon_name("action-unavailable-symbolic", IconSize.BUTTON); - no.get_style_context().add_class("destructive-action"); + Button no_button = new Button() { visible = true, valign = Align.CENTER, hexpand = true }; + no_button.image = new Image.from_icon_name("action-unavailable-symbolic", IconSize.BUTTON); + no_button.get_style_context().add_class("destructive-action"); - yes.clicked.connect(() => { - set_device_trust(device, true); + yes_button.clicked.connect(() => { + plugin.trust_manager.set_device_trust(account, jid, device[plugin.db.identity_meta.device_id], Database.IdentityMetaTable.TrustLevel.TRUSTED); add_fingerprint(device, Database.IdentityMetaTable.TrustLevel.TRUSTED); - new_keys.remove(lbr); - if (new_keys.get_children().length() < 1) new_keys_container.visible = false; + new_keys_listbox.remove(lbr); + if (new_keys_listbox.get_children().length() < 1) new_keys_container.visible = false; }); - no.clicked.connect(() => { - set_device_trust(device, false); + no_button.clicked.connect(() => { + plugin.trust_manager.set_device_trust(account, jid, device[plugin.db.identity_meta.device_id], Database.IdentityMetaTable.TrustLevel.UNTRUSTED); add_fingerprint(device, Database.IdentityMetaTable.TrustLevel.UNTRUSTED); - new_keys.remove(lbr); - if (new_keys.get_children().length() < 1) new_keys_container.visible = false; + new_keys_listbox.remove(lbr); + if (new_keys_listbox.get_children().length() < 1) new_keys_container.visible = false; }); string res = fingerprint_markup(fingerprint_from_base64(device[plugin.db.identity_meta.identity_key_public_base64])); @@ -230,14 +219,14 @@ public class ContactDetailsDialog : Gtk.Dialog { box.add(lbl); - control.add(yes); - control.add(no); - control.get_style_context().add_class("linked"); + control_box.add(yes_button); + control_box.add(no_button); + control_box.get_style_context().add_class("linked"); - box.add(control); + box.add(control_box); lbr.add(box); - new_keys.add(lbr); + new_keys_listbox.add(lbr); } } diff --git a/plugins/omemo/src/contact_details_provider.vala b/plugins/omemo/src/contact_details_provider.vala index 1cf635c2..4b919009 100644 --- a/plugins/omemo/src/contact_details_provider.vala +++ b/plugins/omemo/src/contact_details_provider.vala @@ -25,11 +25,7 @@ public class ContactDetailsProvider : Plugins.ContactDetailsProvider, Object { } if (i > 0) { - Button btn = new Button(); - btn.image = new Image.from_icon_name("view-list-symbolic", IconSize.BUTTON); - btn.relief = ReliefStyle.NONE; - btn.visible = true; - btn.valign = Align.CENTER; + Button btn = new Button.from_icon_name("view-list-symbolic") { visible = true, valign = Align.CENTER, relief = ReliefStyle.NONE }; btn.clicked.connect(() => { btn.activate(); ContactDetailsDialog dialog = new ContactDetailsDialog(plugin, conversation.account, conversation.counterpart); diff --git a/plugins/omemo/src/database.vala b/plugins/omemo/src/database.vala index 05864e38..8f8cb44a 100644 --- a/plugins/omemo/src/database.vala +++ b/plugins/omemo/src/database.vala @@ -64,6 +64,34 @@ public class Database : Qlite.Database { .value(this.identity_key_public_base64, Base64.encode(bundle.identity_key.serialize())) .value(this.trust_level, trust).perform(); } + + public QueryBuilder get_trusted_devices(int identity_id, string address_name) { + return this.with_address(identity_id, address_name) + .with(this.trust_level, "!=", TrustLevel.UNTRUSTED) + .with(this.now_active, "=", true); + } + + public QueryBuilder get_known_devices(int identity_id, string address_name) { + return this.with_address(identity_id, address_name) + .with(this.trust_level, "!=", TrustLevel.UNKNOWN) + .without_null(this.identity_key_public_base64); + } + + public QueryBuilder get_unknown_devices(int identity_id, string address_name) { + return this.with_address(identity_id, address_name) + .with_null(this.identity_key_public_base64); + } + + public QueryBuilder get_new_devices(int identity_id, string address_name) { + return this.with_address(identity_id, address_name) + .with(this.trust_level, "=", TrustLevel.UNKNOWN) + .without_null(this.identity_key_public_base64); + } + + public Row? get_device(int identity_id, string address_name, int device_id) { + return this.with_address(identity_id, address_name) + .with(this.device_id, "=", device_id).single().row().inner; + } } @@ -160,10 +188,12 @@ public class Database : Qlite.Database { } public override void migrate(long oldVersion) { - exec("DROP INDEX identity_meta_idx"); - exec("DROP INDEX identity_meta_list_idx"); - exec("CREATE UNIQUE INDEX identity_meta_idx ON identity_meta (identity_id, address_name, device_id)"); - exec("CREATE INDEX identity_meta_list_idx ON identity_meta (identity_id, address_name)"); + if(oldVersion == 1) { + exec("DROP INDEX identity_meta_idx"); + exec("DROP INDEX identity_meta_list_idx"); + exec("CREATE UNIQUE INDEX identity_meta_idx ON identity_meta (identity_id, address_name, device_id)"); + exec("CREATE INDEX identity_meta_list_idx ON identity_meta (identity_id, address_name)"); + } } } diff --git a/plugins/omemo/src/device_notification_populator.vala b/plugins/omemo/src/device_notification_populator.vala index 6940c723..aee45472 100644 --- a/plugins/omemo/src/device_notification_populator.vala +++ b/plugins/omemo/src/device_notification_populator.vala @@ -20,7 +20,7 @@ public class DeviceNotificationPopulator : NotificationPopulator, Object { } public bool has_new_devices(Jid jid) { - return plugin.db.identity_meta.with_address(current_conversation.account.id, jid.bare_jid.to_string()).with(plugin.db.identity_meta.trust_level, "=", Database.IdentityMetaTable.TrustLevel.UNKNOWN).without_null(plugin.db.identity_meta.identity_key_public_base64).count() > 0; + return plugin.db.identity_meta.get_new_devices(current_conversation.account.id, jid.bare_jid.to_string()).count() > 0; } public void init(Conversation conversation, NotificationCollection notification_collection, Plugins.WidgetType type) { diff --git a/plugins/omemo/src/manage_key_dialog.vala b/plugins/omemo/src/manage_key_dialog.vala index e13b9279..1ff7bd27 100644 --- a/plugins/omemo/src/manage_key_dialog.vala +++ b/plugins/omemo/src/manage_key_dialog.vala @@ -12,18 +12,18 @@ public class ManageKeyDialog : Gtk.Dialog { [GtkChild] private Button ok_button; [GtkChild] private Box main_screen; - [GtkChild] private Label main_desc; + [GtkChild] private Label main_desc_label; [GtkChild] private ListBox main_action_list; [GtkChild] private Box confirm_screen; [GtkChild] private Image confirm_image; - [GtkChild] private Label confirm_title; - [GtkChild] private Label confirm_desc; + [GtkChild] private Label confirm_title_label; + [GtkChild] private Label confirm_desc_label; [GtkChild] private Box verify_screen; [GtkChild] private Label verify_label; - [GtkChild] private Button verify_yes; - [GtkChild] private Button verify_no; + [GtkChild] private Button verify_yes_button; + [GtkChild] private Button verify_no_button; private Row device; private Database db; @@ -46,21 +46,21 @@ public class ManageKeyDialog : Gtk.Dialog { close(); }); - verify_yes.clicked.connect(() => { + verify_yes_button.clicked.connect(() => { confirm_image.set_from_icon_name("security-high-symbolic", IconSize.DIALOG); - confirm_title.label = "Verify key"; - confirm_desc.set_markup(@"Once confirmed, any future messages sent by $(device[db.identity_meta.address_name]) using this key will be highlighted accordingly in the chat window."); + confirm_title_label.label = "Verify key"; + confirm_desc_label.set_markup(@"Once confirmed, any future messages sent by $(device[db.identity_meta.address_name]) using this key will be highlighted accordingly in the chat window."); manage_stack.set_visible_child_name("confirm"); ok_button.sensitive = true; return_to_main = false; current_response = Database.IdentityMetaTable.TrustLevel.VERIFIED; }); - verify_no.clicked.connect(() => { + verify_no_button.clicked.connect(() => { return_to_main = false; confirm_image.set_from_icon_name("dialog-warning-symbolic", IconSize.DIALOG); - confirm_title.label = "Fingerprints do not match"; - confirm_desc.set_markup(@"Please verify that you are comparing the correct fingerprint. If fingerprints do not match $(device[db.identity_meta.address_name])'s account may be compromised and you should consider rejecting this key."); + confirm_title_label.label = "Fingerprints do not match"; + confirm_desc_label.set_markup(@"Please verify that you are comparing the correct fingerprint. If fingerprints do not match $(device[db.identity_meta.address_name])'s account may be compromised and you should consider rejecting this key."); manage_stack.set_visible_child_name("confirm"); }); } @@ -132,44 +132,45 @@ public class ManageKeyDialog : Gtk.Dialog { } }); - ListBoxRow verify = new ListBoxRow() { visible = true }; - verify.add(make_action_box("Verify Key Fingerprint", "Compare this key's fingerprint with the fingerprint displayed on the contact's device.")); - ListBoxRow reject = new ListBoxRow() { visible = true }; - reject.add(make_action_box("Reject Key", "Stop accepting this key during communication with its associated contact.")); - ListBoxRow accept = new ListBoxRow() {visible = true }; - accept.add(make_action_box("Accept Key", "Start accepting this key during communication with its assoicated contact")); + ListBoxRow verify_row = new ListBoxRow() { visible = true }; + verify_row.add(make_action_box("Verify Key Fingerprint", "Compare this key's fingerprint with the fingerprint displayed on the contact's device.")); + ListBoxRow reject_row = new ListBoxRow() { visible = true }; + reject_row.add(make_action_box("Reject Key", "Stop accepting this key during communication with its associated contact.")); + ListBoxRow accept_row = new ListBoxRow() {visible = true }; + accept_row.add(make_action_box("Accept Key", "Start accepting this key during communication with its assoicated contact")); switch((Database.IdentityMetaTable.TrustLevel) device[db.identity_meta.trust_level]) { case Database.IdentityMetaTable.TrustLevel.TRUSTED: - main_desc.set_markup(@"This key is currently accepted. This means it can be used by $(device[db.identity_meta.address_name]) to receive and send messages."); - main_action_list.add(verify); - main_action_list.add(reject); + main_desc_label.set_markup(@"This key is currently accepted. This means it can be used by $(device[db.identity_meta.address_name]) to receive and send messages."); + main_action_list.add(verify_row); + main_action_list.add(reject_row); break; case Database.IdentityMetaTable.TrustLevel.VERIFIED: - main_desc.set_markup(@"This key is currently verified. This means it can be used by $(device[db.identity_meta.address_name]) to receive and send messages. Additionaly it has been verified out-of-band to match the key on the contact's device."); - main_action_list.add(reject); + main_desc_label.set_markup(@"This key is currently verified. This means it can be used by $(device[db.identity_meta.address_name]) to receive and send messages. Additionaly it has been verified out-of-band to match the key on the contact's device."); + main_action_list.add(reject_row); break; case Database.IdentityMetaTable.TrustLevel.UNTRUSTED: - main_desc.set_markup(@"This key is currently rejected. This means it cannot be used by $(device[db.identity_meta.address_name]) to receive messages, and any messages sent by it will be ignored"); - main_action_list.add(accept); + main_desc_label.set_markup(@"This key is currently rejected. This means it cannot be used by $(device[db.identity_meta.address_name]) to receive messages, and any messages sent by it will be ignored"); + main_action_list.add(accept_row); break; } + //Row clicked - go to appropriate screen main_action_list.row_activated.connect((row) => { - if(row == verify) { + if(row == verify_row) { manage_stack.set_visible_child_name("verify"); - } else if (row == reject) { + } else if (row == reject_row) { confirm_image.set_from_icon_name("action-unavailable-symbolic", IconSize.DIALOG); - confirm_title.label = "Reject key"; - confirm_desc.set_markup(@"Once confirmed, any future messages sent by $(device[db.identity_meta.address_name]) using this key will be ignored and none of your messages will be readable using this key."); + confirm_title_label.label = "Reject key"; + confirm_desc_label.set_markup(@"Once confirmed, any future messages sent by $(device[db.identity_meta.address_name]) using this key will be ignored and none of your messages will be readable using this key."); manage_stack.set_visible_child_name("confirm"); ok_button.sensitive = true; return_to_main = true; current_response = Database.IdentityMetaTable.TrustLevel.UNTRUSTED; - } else if (row == accept) { + } else if (row == accept_row) { confirm_image.set_from_icon_name("emblem-ok-symbolic", IconSize.DIALOG); - confirm_title.label = "Accept key"; - confirm_desc.set_markup(@"Once confirmed this key will be usable by $(device[db.identity_meta.address_name]) to receive and send messages."); + confirm_title_label.label = "Accept key"; + confirm_desc_label.set_markup(@"Once confirmed this key will be usable by $(device[db.identity_meta.address_name]) to receive and send messages."); manage_stack.set_visible_child_name("confirm"); ok_button.sensitive = true; return_to_main = true; diff --git a/plugins/omemo/src/manager.vala b/plugins/omemo/src/manager.vala index 7c8d8976..bb8063b2 100644 --- a/plugins/omemo/src/manager.vala +++ b/plugins/omemo/src/manager.vala @@ -61,11 +61,10 @@ public class Manager : StreamInteractionModule, Object { } } - private Manager(StreamInteractor stream_interactor, Database db) { + private Manager(StreamInteractor stream_interactor, Database db, TrustManager trust_manager) { this.stream_interactor = stream_interactor; this.db = db; - - this.trust_manager = new TrustManager(stream_interactor, db); + this.trust_manager = trust_manager; stream_interactor.stream_negotiated.connect(on_stream_negotiated); stream_interactor.account_added.connect(on_account_added); @@ -120,6 +119,7 @@ public class Manager : StreamInteractionModule, Object { } StreamModule module = (!)module_; + //Get a list of everyone for whom the message should be encrypted Gee.List recipients; if (message_stanza.type_ == MessageStanza.TYPE_GROUPCHAT) { recipients = get_occupants((!)message.to.bare_jid, conversation.account); @@ -132,6 +132,7 @@ public class Manager : StreamInteractionModule, Object { recipients.add(message_stanza.to); } + //Attempt to encrypt the message EncryptState enc_state = trust_manager.encrypt(message_stanza, conversation.account.bare_jid, recipients, stream, conversation.account); MessageState state; lock (message_states) { @@ -147,6 +148,7 @@ public class Manager : StreamInteractionModule, Object { } } + //Encryption failed - need to fetch more information if (!state.will_send_now) { if (message.marked == Entities.Message.Marked.WONTSEND) { if (Plugin.DEBUG) print(@"OMEMO: message was not sent: $state\n"); @@ -192,7 +194,6 @@ public class Manager : StreamInteractionModule, Object { private void on_device_list_loaded(Account account, Jid jid, ArrayList device_list) { if (Plugin.DEBUG) print(@"OMEMO: received device list for $(account.bare_jid) from $jid\n"); - // Update meta database XmppStream? stream = stream_interactor.get_stream(account); if (stream == null) { return; @@ -202,9 +203,12 @@ public class Manager : StreamInteractionModule, Object { return; } + //Update meta database db.identity_meta.insert_device_list(account.id, jid.bare_jid.to_string(), device_list); + + //Fetch the bundle for each new device int inc = 0; - foreach (Row row in db.identity_meta.with_address(account.id, jid.bare_jid.to_string()).with_null(db.identity_meta.identity_key_public_base64)) { + foreach (Row row in db.identity_meta.get_unknown_devices(account.id, jid.bare_jid.to_string())) { module.fetch_bundle(stream, Jid.parse(row[db.identity_meta.address_name]), row[db.identity_meta.device_id]); inc++; } @@ -212,10 +216,12 @@ public class Manager : StreamInteractionModule, Object { if (Plugin.DEBUG) print(@"OMEMO: new bundles $inc/$(device_list.size) for $jid\n"); } + //Create an entry for the jid in the account table if one does not exist already if (db.trust.select().with(db.trust.identity_id, "=", account.id).with(db.trust.address_name, "=", jid.bare_jid.to_string()).count() == 0) { db.trust.insert().value(db.trust.identity_id, account.id).value(db.trust.address_name, jid.bare_jid.to_string()).value(db.trust.blind_trust, true).perform(); } + //Get all messages that needed the devicelist and determine if we can now send them HashSet send_now = new HashSet(); lock (message_states) { foreach (Entities.Message msg in message_states.keys) { @@ -245,12 +251,18 @@ public class Manager : StreamInteractionModule, Object { public void on_bundle_fetched(Account account, Jid jid, int32 device_id, Bundle bundle) { bool blind_trust = db.trust.get_blind_trust(account.id, jid.bare_jid.to_string()); + //If we don't blindly trust new devices and we haven't seen this key before then don't trust it bool untrust = !(blind_trust || db.identity_meta.with_address(account.id, jid.bare_jid.to_string()) .with(db.identity_meta.device_id, "=", device_id) .with(db.identity_meta.identity_key_public_base64, "=", Base64.encode(bundle.identity_key.serialize())) .single().row().is_present()); - Database.IdentityMetaTable.TrustLevel trusted = (Database.IdentityMetaTable.TrustLevel) db.identity_meta.with_address(account.id, jid.bare_jid.to_string()).with(db.identity_meta.device_id, "=", device_id).single()[db.identity_meta.trust_level, Database.IdentityMetaTable.TrustLevel.UNKNOWN]; + //Get trust information from the database if the device id is known + Row device = db.identity_meta.get_device(account.id, jid.bare_jid.to_string(), device_id); + Database.IdentityMetaTable.TrustLevel trusted = Database.IdentityMetaTable.TrustLevel.UNKNOWN; + if (device != null) { + trusted = (Database.IdentityMetaTable.TrustLevel) device[db.identity_meta.trust_level]; + } if(untrust) { trusted = Database.IdentityMetaTable.TrustLevel.UNKNOWN; @@ -258,6 +270,7 @@ public class Manager : StreamInteractionModule, Object { trusted = Database.IdentityMetaTable.TrustLevel.TRUSTED; } + //Update the database with the appropriate trust information db.identity_meta.insert_device_bundle(account.id, jid.bare_jid.to_string(), device_id, bundle, trusted); XmppStream? stream = stream_interactor.get_stream(account); @@ -265,6 +278,7 @@ public class Manager : StreamInteractionModule, Object { StreamModule? module = ((!)stream).get_module(StreamModule.IDENTITY); if(module == null) return; + //Get all messages waiting on the bundle and determine if they can now be sent HashSet send_now = new HashSet(); lock (message_states) { foreach (Entities.Message msg in message_states.keys) { @@ -360,8 +374,8 @@ public class Manager : StreamInteractionModule, Object { return trust_manager.is_known_address(conversation.account, conversation.counterpart.bare_jid); } - public static void start(StreamInteractor stream_interactor, Database db) { - Manager m = new Manager(stream_interactor, db); + public static void start(StreamInteractor stream_interactor, Database db, TrustManager trust_manager) { + Manager m = new Manager(stream_interactor, db, trust_manager); stream_interactor.add_module(m); } } diff --git a/plugins/omemo/src/own_notifications.vala b/plugins/omemo/src/own_notifications.vala index e1095c68..fbdb7e84 100644 --- a/plugins/omemo/src/own_notifications.vala +++ b/plugins/omemo/src/own_notifications.vala @@ -26,7 +26,7 @@ public class OwnNotifications { } public bool has_new_devices(Jid jid) { - return plugin.db.identity_meta.with_address(account.id, jid.bare_jid.to_string()).with(plugin.db.identity_meta.trust_level, "=", Database.IdentityMetaTable.TrustLevel.UNKNOWN).without_null(plugin.db.identity_meta.identity_key_public_base64).count() > 0; + return plugin.db.identity_meta.get_new_devices(account.id, jid.bare_jid.to_string()).count() > 0; } private void display_notification() { diff --git a/plugins/omemo/src/plugin.vala b/plugins/omemo/src/plugin.vala index b63ed3f2..81cf5c7f 100644 --- a/plugins/omemo/src/plugin.vala +++ b/plugins/omemo/src/plugin.vala @@ -29,6 +29,8 @@ public class Plugin : RootInterface, Object { public AccountSettingsEntry settings_entry; public ContactDetailsProvider contact_details_provider; public DeviceNotificationPopulator device_notification_populator; + public OwnNotifications own_notifications; + public TrustManager trust_manager; public void registered(Dino.Application app) { ensure_context(); @@ -38,15 +40,16 @@ public class Plugin : RootInterface, Object { this.settings_entry = new AccountSettingsEntry(this); this.contact_details_provider = new ContactDetailsProvider(this); this.device_notification_populator = new DeviceNotificationPopulator(this, this.app.stream_interactor); + this.trust_manager = new TrustManager(this.app.stream_interactor, this.db); this.app.plugin_registry.register_encryption_list_entry(list_entry); this.app.plugin_registry.register_account_settings_entry(settings_entry); this.app.plugin_registry.register_contact_details_entry(contact_details_provider); this.app.plugin_registry.register_notification_populator(device_notification_populator); this.app.stream_interactor.module_manager.initialize_account_modules.connect((account, list) => { list.add(new StreamModule()); - new OwnNotifications(this, this.app.stream_interactor, account); + this.own_notifications = new OwnNotifications(this, this.app.stream_interactor, account); }); - Manager.start(this.app.stream_interactor, db); + Manager.start(this.app.stream_interactor, db, trust_manager); string locales_dir; if (app.search_path_generator != null) { diff --git a/plugins/omemo/src/trust_manager.vala b/plugins/omemo/src/trust_manager.vala index d25f7b00..3890d4da 100644 --- a/plugins/omemo/src/trust_manager.vala +++ b/plugins/omemo/src/trust_manager.vala @@ -20,6 +20,21 @@ public class TrustManager { stream_interactor.get_module(MessageProcessor.IDENTITY).received_pipeline.connect(received_message_listener); } + public void set_blind_trust(Account account, Jid jid, bool blind_trust) { + db.trust.update() + .with(db.trust.identity_id, "=", account.id) + .with(db.trust.address_name, "=", jid.bare_jid.to_string()) + .set(db.trust.blind_trust, blind_trust); + } + + public void set_device_trust(Account account, Jid jid, int device_id, Database.IdentityMetaTable.TrustLevel trust_level) { + db.identity_meta.update() + .with(db.identity_meta.identity_id, "=", account.id) + .with(db.identity_meta.address_name, "=", jid.bare_jid.to_string()) + .with(db.identity_meta.device_id, "=", device_id) + .set(db.identity_meta.trust_level, trust_level).perform(); + } + private StanzaNode create_encrypted_key(uint8[] key, Address address, Store store) throws GLib.Error { SessionCipher cipher = store.create_session_cipher(address); CiphertextMessage device_key = cipher.encrypt(key); @@ -38,6 +53,7 @@ public class TrustManager { StreamModule module = stream.get_module(StreamModule.IDENTITY); try { + //Check we have the bundles and device lists needed to send the message if (!is_known_address(account, self_jid)) return status; status.own_list = true; status.own_devices = get_trusted_devices(account, self_jid).size; @@ -46,12 +62,13 @@ public class TrustManager { foreach (Jid recipient in recipients) { if (!is_known_address(account, recipient)) { status.other_waiting_lists++; - return status; } + if (status.other_waiting_lists > 0) return status; status.other_devices += get_trusted_devices(account, recipient).size; } if (status.own_devices == 0 || status.other_devices == 0) return status; + //Create a key and use it to encrypt the message uint8[] key = new uint8[16]; Plugin.get_context().randomize(key); uint8[] iv = new uint8[16]; @@ -68,6 +85,7 @@ public class TrustManager { .put_node(new StanzaNode.build("payload", NS_URI) .put_node(new StanzaNode.text(Base64.encode(ciphertext)))); + //Encrypt the key for each recipient's device individually Address address = new Address(message.to.bare_jid.to_string(), 0); foreach (Jid recipient in recipients) { foreach(int32 device_id in get_trusted_devices(account, recipient)) { @@ -122,7 +140,7 @@ public class TrustManager { public Gee.List get_trusted_devices(Account account, Jid jid) { Gee.List devices = new ArrayList(); - foreach (Row device in db.identity_meta.with_address(account.id, jid.to_string()).with(db.identity_meta.trust_level, "!=", Database.IdentityMetaTable.TrustLevel.UNTRUSTED).with(db.identity_meta.now_active, "=", true)) { + foreach (Row device in db.identity_meta.get_trusted_devices(account.id, jid.bare_jid.to_string())) { if(device[db.identity_meta.trust_level] != Database.IdentityMetaTable.TrustLevel.UNKNOWN || device[db.identity_meta.identity_key_public_base64] == null) devices.add(device[db.identity_meta.device_id]); } @@ -150,7 +168,7 @@ public class TrustManager { if(conversation.type_ == Conversation.Type.GROUPCHAT) { jid = stream_interactor.get_module(MucManager.IDENTITY).get_real_jid(jid, conversation.account); } - Database.IdentityMetaTable.TrustLevel trust_level = (Database.IdentityMetaTable.TrustLevel) db.identity_meta.with_address(conversation.account.id, jid.bare_jid.to_string()).with(db.identity_meta.device_id, "=", header.get_attribute_int("sid")).single()[db.identity_meta.trust_level]; + Database.IdentityMetaTable.TrustLevel trust_level = (Database.IdentityMetaTable.TrustLevel) db.identity_meta.get_device(conversation.account.id, jid.bare_jid.to_string(), header.get_attribute_int("sid"))[db.identity_meta.trust_level]; if (trust_level == Database.IdentityMetaTable.TrustLevel.UNTRUSTED) { message.body = "OMEMO message from a rejected device"; message.marked = Message.Marked.WONTSEND; -- cgit v1.2.3-70-g09d2 From d7b5db1d9fb37a310c16d8ffef885f1209a33187 Mon Sep 17 00:00:00 2001 From: Samuel Hand Date: Fri, 10 Aug 2018 12:47:56 +0100 Subject: Make strings translatable --- plugins/omemo/src/contact_details_dialog.vala | 8 +++---- plugins/omemo/src/manage_key_dialog.vala | 34 +++++++++++++-------------- plugins/omemo/src/own_notifications.vala | 4 ++-- plugins/omemo/src/trust_manager.vala | 4 ++-- 4 files changed, 25 insertions(+), 25 deletions(-) (limited to 'plugins/omemo/src/trust_manager.vala') diff --git a/plugins/omemo/src/contact_details_dialog.vala b/plugins/omemo/src/contact_details_dialog.vala index 3a39bda5..baefe564 100644 --- a/plugins/omemo/src/contact_details_dialog.vala +++ b/plugins/omemo/src/contact_details_dialog.vala @@ -105,22 +105,22 @@ public class ContactDetailsDialog : Gtk.Dialog { switch(trust) { case Database.IdentityMetaTable.TrustLevel.TRUSTED: img.icon_name = "emblem-ok-symbolic"; - status_lbl.set_markup("Accepted"); + status_lbl.set_markup("%s".printf(_("Accepted"))); break; case Database.IdentityMetaTable.TrustLevel.UNTRUSTED: img.icon_name = "action-unavailable-symbolic"; - status_lbl.set_markup("Rejected"); + status_lbl.set_markup("%s".printf(_("Rejected"))); lbl.get_style_context().add_class("dim-label"); break; case Database.IdentityMetaTable.TrustLevel.VERIFIED: img.icon_name = "security-high-symbolic"; - status_lbl.set_markup("Verified"); + status_lbl.set_markup("%s".printf(_("Verified"))); break; } if (!now_active) { img.icon_name= "appointment-missed-symbolic"; - status_lbl.set_markup("Unused"); + status_lbl.set_markup("%s".printf(_("Unused"))); lbr.activatable = false; } } diff --git a/plugins/omemo/src/manage_key_dialog.vala b/plugins/omemo/src/manage_key_dialog.vala index 1ff7bd27..602b2965 100644 --- a/plugins/omemo/src/manage_key_dialog.vala +++ b/plugins/omemo/src/manage_key_dialog.vala @@ -48,8 +48,8 @@ public class ManageKeyDialog : Gtk.Dialog { verify_yes_button.clicked.connect(() => { confirm_image.set_from_icon_name("security-high-symbolic", IconSize.DIALOG); - confirm_title_label.label = "Verify key"; - confirm_desc_label.set_markup(@"Once confirmed, any future messages sent by $(device[db.identity_meta.address_name]) using this key will be highlighted accordingly in the chat window."); + confirm_title_label.label = _("Verify key"); + confirm_desc_label.set_markup(_("Once confirmed, any future messages sent by %s using this key will be highlighted accordingly in the chat window.").printf(@"$(device[db.identity_meta.address_name])")); manage_stack.set_visible_child_name("confirm"); ok_button.sensitive = true; return_to_main = false; @@ -59,8 +59,8 @@ public class ManageKeyDialog : Gtk.Dialog { verify_no_button.clicked.connect(() => { return_to_main = false; confirm_image.set_from_icon_name("dialog-warning-symbolic", IconSize.DIALOG); - confirm_title_label.label = "Fingerprints do not match"; - confirm_desc_label.set_markup(@"Please verify that you are comparing the correct fingerprint. If fingerprints do not match $(device[db.identity_meta.address_name])'s account may be compromised and you should consider rejecting this key."); + confirm_title_label.label = _("Fingerprints do not match"); + confirm_desc_label.set_markup(_("Please verify that you are comparing the correct fingerprint. If fingerprints do not match %s's account may be compromised and you should consider rejecting this key.").printf(@"$(device[db.identity_meta.address_name])")); manage_stack.set_visible_child_name("confirm"); }); } @@ -70,13 +70,13 @@ public class ManageKeyDialog : Gtk.Dialog { if (manage_stack.get_visible_child_name() == "verify") { manage_stack.set_visible_child_name("main"); - cancel_button.label = "Cancel"; + cancel_button.label = _("Cancel"); } if (manage_stack.get_visible_child_name() == "confirm") { if (return_to_main) { manage_stack.set_visible_child_name("main"); - cancel_button.label = "Cancel"; + cancel_button.label = _("Cancel"); } else { manage_stack.set_visible_child_name("verify"); } @@ -133,24 +133,24 @@ public class ManageKeyDialog : Gtk.Dialog { }); ListBoxRow verify_row = new ListBoxRow() { visible = true }; - verify_row.add(make_action_box("Verify Key Fingerprint", "Compare this key's fingerprint with the fingerprint displayed on the contact's device.")); + verify_row.add(make_action_box(_("Verify Key Fingerprint"), _("Compare this key's fingerprint with the fingerprint displayed on the contact's device."))); ListBoxRow reject_row = new ListBoxRow() { visible = true }; - reject_row.add(make_action_box("Reject Key", "Stop accepting this key during communication with its associated contact.")); + reject_row.add(make_action_box(_("Reject Key"), _("Stop accepting this key during communication with its associated contact."))); ListBoxRow accept_row = new ListBoxRow() {visible = true }; - accept_row.add(make_action_box("Accept Key", "Start accepting this key during communication with its assoicated contact")); + accept_row.add(make_action_box(_("Accept Key"), _("Start accepting this key during communication with its assoicated contact"))); switch((Database.IdentityMetaTable.TrustLevel) device[db.identity_meta.trust_level]) { case Database.IdentityMetaTable.TrustLevel.TRUSTED: - main_desc_label.set_markup(@"This key is currently accepted. This means it can be used by $(device[db.identity_meta.address_name]) to receive and send messages."); + main_desc_label.set_markup(_("This key is currently %saccepted%s. This means it can be used by %s to receive and send messages.").printf("", "", @"$(device[db.identity_meta.address_name])")); main_action_list.add(verify_row); main_action_list.add(reject_row); break; case Database.IdentityMetaTable.TrustLevel.VERIFIED: - main_desc_label.set_markup(@"This key is currently verified. This means it can be used by $(device[db.identity_meta.address_name]) to receive and send messages. Additionaly it has been verified out-of-band to match the key on the contact's device."); + main_desc_label.set_markup(_("This key is currently %sverified%s. This means it can be used by %s to receive and send messages. Additionally it has been verified out-of-band to match the key on the contact's device.").printf("", "", @"$(device[db.identity_meta.address_name])")); main_action_list.add(reject_row); break; case Database.IdentityMetaTable.TrustLevel.UNTRUSTED: - main_desc_label.set_markup(@"This key is currently rejected. This means it cannot be used by $(device[db.identity_meta.address_name]) to receive messages, and any messages sent by it will be ignored"); + main_desc_label.set_markup(_("This key is currently %srejected%s. This means it cannot be used by %s to receive messages, and any messages sent by it will be ignored").printf("", "", @"$(device[db.identity_meta.address_name])")); main_action_list.add(accept_row); break; } @@ -161,22 +161,22 @@ public class ManageKeyDialog : Gtk.Dialog { manage_stack.set_visible_child_name("verify"); } else if (row == reject_row) { confirm_image.set_from_icon_name("action-unavailable-symbolic", IconSize.DIALOG); - confirm_title_label.label = "Reject key"; - confirm_desc_label.set_markup(@"Once confirmed, any future messages sent by $(device[db.identity_meta.address_name]) using this key will be ignored and none of your messages will be readable using this key."); + confirm_title_label.label = _("Reject key"); + confirm_desc_label.set_markup(_("Once confirmed, any future messages sent by %s using this key will be ignored and none of your messages will be readable using this key.").printf(@"$(device[db.identity_meta.address_name])")); manage_stack.set_visible_child_name("confirm"); ok_button.sensitive = true; return_to_main = true; current_response = Database.IdentityMetaTable.TrustLevel.UNTRUSTED; } else if (row == accept_row) { confirm_image.set_from_icon_name("emblem-ok-symbolic", IconSize.DIALOG); - confirm_title_label.label = "Accept key"; - confirm_desc_label.set_markup(@"Once confirmed this key will be usable by $(device[db.identity_meta.address_name]) to receive and send messages."); + confirm_title_label.label = _("Accept key"); + confirm_desc_label.set_markup(_("Once confirmed this key will be usable by %s to receive and send messages.").printf(@"$(device[db.identity_meta.address_name])")); manage_stack.set_visible_child_name("confirm"); ok_button.sensitive = true; return_to_main = true; current_response = Database.IdentityMetaTable.TrustLevel.TRUSTED; } - cancel_button.label = "Back"; + cancel_button.label = _("Back"); }); manage_stack.set_visible_child_name("main"); diff --git a/plugins/omemo/src/own_notifications.vala b/plugins/omemo/src/own_notifications.vala index fbdb7e84..296e00b6 100644 --- a/plugins/omemo/src/own_notifications.vala +++ b/plugins/omemo/src/own_notifications.vala @@ -30,8 +30,8 @@ public class OwnNotifications { } private void display_notification() { - Notification notification = new Notification("Trust decision required"); - notification.set_body(@"A new OMEMO device has been added for the account $(account.bare_jid)"); + Notification notification = new Notification(_("Trust decision required")); + notification.set_body(_("A new OMEMO device has been added for the account %s").printf("$(account.jid.bare_jid)")); plugin.app.send_notification(account.id.to_string()+"-new-device", notification); } } diff --git a/plugins/omemo/src/trust_manager.vala b/plugins/omemo/src/trust_manager.vala index 3890d4da..9f1ad047 100644 --- a/plugins/omemo/src/trust_manager.vala +++ b/plugins/omemo/src/trust_manager.vala @@ -170,11 +170,11 @@ public class TrustManager { } Database.IdentityMetaTable.TrustLevel trust_level = (Database.IdentityMetaTable.TrustLevel) db.identity_meta.get_device(conversation.account.id, jid.bare_jid.to_string(), header.get_attribute_int("sid"))[db.identity_meta.trust_level]; if (trust_level == Database.IdentityMetaTable.TrustLevel.UNTRUSTED) { - message.body = "OMEMO message from a rejected device"; + message.body = _("OMEMO message from a rejected device"); message.marked = Message.Marked.WONTSEND; } if (trust_level == Database.IdentityMetaTable.TrustLevel.UNKNOWN) { - message.body = "OMEMO message from an unknown device: "+message.body; + message.body = _("OMEMO message from an unknown device: ")+message.body; message.marked = Message.Marked.WONTSEND; } } -- cgit v1.2.3-70-g09d2 From b589275ab46d42584bfc99edfa2054e9c8841ccc Mon Sep 17 00:00:00 2001 From: Samuel Hand Date: Sat, 11 Aug 2018 15:56:30 +0100 Subject: Actually perform the database update when changing blind trust --- plugins/omemo/src/trust_manager.vala | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins/omemo/src/trust_manager.vala') diff --git a/plugins/omemo/src/trust_manager.vala b/plugins/omemo/src/trust_manager.vala index 9f1ad047..2631513b 100644 --- a/plugins/omemo/src/trust_manager.vala +++ b/plugins/omemo/src/trust_manager.vala @@ -24,7 +24,7 @@ public class TrustManager { db.trust.update() .with(db.trust.identity_id, "=", account.id) .with(db.trust.address_name, "=", jid.bare_jid.to_string()) - .set(db.trust.blind_trust, blind_trust); + .set(db.trust.blind_trust, blind_trust).perform(); } public void set_device_trust(Account account, Jid jid, int device_id, Database.IdentityMetaTable.TrustLevel trust_level) { -- cgit v1.2.3-70-g09d2 From e2932af18f31d8457c3d72ba9d3b80d912934c7f Mon Sep 17 00:00:00 2001 From: Samuel Hand Date: Sun, 12 Aug 2018 11:04:40 +0100 Subject: Index consistently with the identity id --- plugins/omemo/src/contact_details_dialog.vala | 10 ++++++---- plugins/omemo/src/contact_details_provider.vala | 5 ++++- plugins/omemo/src/database.vala | 9 ++++++++- .../omemo/src/device_notification_populator.vala | 4 +++- plugins/omemo/src/manager.vala | 22 ++++++++++++++-------- plugins/omemo/src/own_notifications.vala | 5 ++++- plugins/omemo/src/trust_manager.vala | 19 ++++++++++++++----- 7 files changed, 53 insertions(+), 21 deletions(-) (limited to 'plugins/omemo/src/trust_manager.vala') diff --git a/plugins/omemo/src/contact_details_dialog.vala b/plugins/omemo/src/contact_details_dialog.vala index 006e95f1..037cd6e9 100644 --- a/plugins/omemo/src/contact_details_dialog.vala +++ b/plugins/omemo/src/contact_details_dialog.vala @@ -37,6 +37,8 @@ public class ContactDetailsDialog : Gtk.Dialog { (get_header_bar() as HeaderBar).set_subtitle(jid.bare_jid.to_string()); + int identity_id = plugin.db.identity.get_id(account.id); + if (identity_id < 0) return; // Dialog opened from the account settings menu // Show the fingerprint for this device separately with buttons for a qrcode and to copy @@ -64,19 +66,19 @@ public class ContactDetailsDialog : Gtk.Dialog { keys_listbox.set_header_func(header_function); //Show any new devices for which the user must decide whether to accept or reject - foreach (Row device in plugin.db.identity_meta.get_new_devices(account.id, jid.to_string())) { + foreach (Row device in plugin.db.identity_meta.get_new_devices(identity_id, jid.to_string())) { add_new_fingerprint(device); } //Show the normal devicelist - foreach (Row device in plugin.db.identity_meta.get_known_devices(account.id, jid.to_string())) { + foreach (Row device in plugin.db.identity_meta.get_known_devices(identity_id, jid.to_string())) { if(own && device[plugin.db.identity_meta.device_id] == own_id) { continue; } add_fingerprint(device, (Database.IdentityMetaTable.TrustLevel) device[plugin.db.identity_meta.trust_level]); } - auto_accept_switch.set_active(plugin.db.trust.get_blind_trust(account.id, jid.bare_jid.to_string())); + auto_accept_switch.set_active(plugin.db.trust.get_blind_trust(identity_id, jid.bare_jid.to_string())); auto_accept_switch.state_set.connect((active) => { plugin.trust_manager.set_blind_trust(account, jid, active); @@ -84,7 +86,7 @@ public class ContactDetailsDialog : Gtk.Dialog { if (active) { new_keys_container.visible = false; - foreach (Row device in plugin.db.identity_meta.get_new_devices(account.id, jid.to_string())) { + foreach (Row device in plugin.db.identity_meta.get_new_devices(identity_id, jid.to_string())) { plugin.trust_manager.set_device_trust(account, jid, device[plugin.db.identity_meta.device_id], Database.IdentityMetaTable.TrustLevel.TRUSTED); add_fingerprint(device, Database.IdentityMetaTable.TrustLevel.TRUSTED); } diff --git a/plugins/omemo/src/contact_details_provider.vala b/plugins/omemo/src/contact_details_provider.vala index 4b919009..7250d135 100644 --- a/plugins/omemo/src/contact_details_provider.vala +++ b/plugins/omemo/src/contact_details_provider.vala @@ -17,8 +17,11 @@ public class ContactDetailsProvider : Plugins.ContactDetailsProvider, Object { public void populate(Conversation conversation, Plugins.ContactDetails contact_details, WidgetType type) { if (conversation.type_ == Conversation.Type.CHAT && type == WidgetType.GTK) { + int identity_id = plugin.db.identity.get_id(conversation.account.id); + if (identity_id < 0) return; + int i = 0; - foreach (Row row in plugin.db.identity_meta.with_address(conversation.account.id, conversation.counterpart.to_string())) { + foreach (Row row in plugin.db.identity_meta.with_address(identity_id, conversation.counterpart.to_string())) { if (row[plugin.db.identity_meta.identity_key_public_base64] != null) { i++; } diff --git a/plugins/omemo/src/database.vala b/plugins/omemo/src/database.vala index 8f8cb44a..0b15d198 100644 --- a/plugins/omemo/src/database.vala +++ b/plugins/omemo/src/database.vala @@ -43,7 +43,7 @@ public class Database : Qlite.Database { } public void insert_device_list(int32 identity_id, string address_name, ArrayList devices) { - update().with(this.address_name, "=", address_name).set(now_active, false).perform(); + update().with(this.identity_id, "=", identity_id).with(this.address_name, "=", address_name).set(now_active, false).perform(); foreach (int32 device_id in devices) { upsert() .value(this.identity_id, identity_id, true) @@ -124,6 +124,13 @@ public class Database : Qlite.Database { base(db, "identity"); init({id, account_id, device_id, identity_key_private_base64, identity_key_public_base64}); } + + public int get_id(int account_id) { + int id = -1; + Row? row = this.row_with(this.account_id, account_id).inner; + if (row != null) id = ((!)row)[this.id]; + return id; + } } public class SignedPreKeyTable : Table { diff --git a/plugins/omemo/src/device_notification_populator.vala b/plugins/omemo/src/device_notification_populator.vala index aee45472..900cac96 100644 --- a/plugins/omemo/src/device_notification_populator.vala +++ b/plugins/omemo/src/device_notification_populator.vala @@ -20,7 +20,9 @@ public class DeviceNotificationPopulator : NotificationPopulator, Object { } public bool has_new_devices(Jid jid) { - return plugin.db.identity_meta.get_new_devices(current_conversation.account.id, jid.bare_jid.to_string()).count() > 0; + int identity_id = plugin.db.identity.get_id(current_conversation.account.id); + if (identity_id < 0) return false; + return plugin.db.identity_meta.get_new_devices(identity_id, jid.bare_jid.to_string()).count() > 0; } public void init(Conversation conversation, NotificationCollection notification_collection, Plugins.WidgetType type) { diff --git a/plugins/omemo/src/manager.vala b/plugins/omemo/src/manager.vala index 51148681..95b15d60 100644 --- a/plugins/omemo/src/manager.vala +++ b/plugins/omemo/src/manager.vala @@ -203,12 +203,15 @@ public class Manager : StreamInteractionModule, Object { return; } + int identity_id = db.identity.get_id(account.id); + if (identity_id < 0) return; + //Update meta database - db.identity_meta.insert_device_list(account.id, jid.bare_jid.to_string(), device_list); + db.identity_meta.insert_device_list(identity_id, jid.bare_jid.to_string(), device_list); //Fetch the bundle for each new device int inc = 0; - foreach (Row row in db.identity_meta.get_unknown_devices(account.id, jid.bare_jid.to_string())) { + foreach (Row row in db.identity_meta.get_unknown_devices(identity_id, jid.bare_jid.to_string())) { module.fetch_bundle(stream, Jid.parse(row[db.identity_meta.address_name]), row[db.identity_meta.device_id]); inc++; } @@ -217,8 +220,8 @@ public class Manager : StreamInteractionModule, Object { } //Create an entry for the jid in the account table if one does not exist already - if (db.trust.select().with(db.trust.identity_id, "=", account.id).with(db.trust.address_name, "=", jid.bare_jid.to_string()).count() == 0) { - db.trust.insert().value(db.trust.identity_id, account.id).value(db.trust.address_name, jid.bare_jid.to_string()).value(db.trust.blind_trust, true).perform(); + if (db.trust.select().with(db.trust.identity_id, "=", identity_id).with(db.trust.address_name, "=", jid.bare_jid.to_string()).count() == 0) { + db.trust.insert().value(db.trust.identity_id, identity_id).value(db.trust.address_name, jid.bare_jid.to_string()).value(db.trust.blind_trust, true).perform(); } //Get all messages that needed the devicelist and determine if we can now send them @@ -249,16 +252,19 @@ public class Manager : StreamInteractionModule, Object { } public void on_bundle_fetched(Account account, Jid jid, int32 device_id, Bundle bundle) { - bool blind_trust = db.trust.get_blind_trust(account.id, jid.bare_jid.to_string()); + int identity_id = db.identity.get_id(account.id); + if (identity_id < 0) return; + + bool blind_trust = db.trust.get_blind_trust(identity_id, jid.bare_jid.to_string()); //If we don't blindly trust new devices and we haven't seen this key before then don't trust it - bool untrust = !(blind_trust || db.identity_meta.with_address(account.id, jid.bare_jid.to_string()) + bool untrust = !(blind_trust || db.identity_meta.with_address(identity_id, jid.bare_jid.to_string()) .with(db.identity_meta.device_id, "=", device_id) .with(db.identity_meta.identity_key_public_base64, "=", Base64.encode(bundle.identity_key.serialize())) .single().row().is_present()); //Get trust information from the database if the device id is known - Row device = db.identity_meta.get_device(account.id, jid.bare_jid.to_string(), device_id); + Row device = db.identity_meta.get_device(identity_id, jid.bare_jid.to_string(), device_id); Database.IdentityMetaTable.TrustLevel trusted = Database.IdentityMetaTable.TrustLevel.UNKNOWN; if (device != null) { trusted = (Database.IdentityMetaTable.TrustLevel) device[db.identity_meta.trust_level]; @@ -271,7 +277,7 @@ public class Manager : StreamInteractionModule, Object { } //Update the database with the appropriate trust information - db.identity_meta.insert_device_bundle(account.id, jid.bare_jid.to_string(), device_id, bundle, trusted); + db.identity_meta.insert_device_bundle(identity_id, jid.bare_jid.to_string(), device_id, bundle, trusted); XmppStream? stream = stream_interactor.get_stream(account); if(stream == null) return; diff --git a/plugins/omemo/src/own_notifications.vala b/plugins/omemo/src/own_notifications.vala index 296e00b6..862ff33a 100644 --- a/plugins/omemo/src/own_notifications.vala +++ b/plugins/omemo/src/own_notifications.vala @@ -26,7 +26,10 @@ public class OwnNotifications { } public bool has_new_devices(Jid jid) { - return plugin.db.identity_meta.get_new_devices(account.id, jid.bare_jid.to_string()).count() > 0; + int identity_id = plugin.db.identity.get_id(account.id); + if (identity_id < 0) return false; + + return plugin.db.identity_meta.get_new_devices(identity_id, jid.bare_jid.to_string()).count() > 0; } private void display_notification() { diff --git a/plugins/omemo/src/trust_manager.vala b/plugins/omemo/src/trust_manager.vala index 2631513b..495d2657 100644 --- a/plugins/omemo/src/trust_manager.vala +++ b/plugins/omemo/src/trust_manager.vala @@ -21,15 +21,18 @@ public class TrustManager { } public void set_blind_trust(Account account, Jid jid, bool blind_trust) { + int identity_id = db.identity.get_id(account.id); + if (identity_id < 0) return; db.trust.update() - .with(db.trust.identity_id, "=", account.id) + .with(db.trust.identity_id, "=", identity_id) .with(db.trust.address_name, "=", jid.bare_jid.to_string()) .set(db.trust.blind_trust, blind_trust).perform(); } public void set_device_trust(Account account, Jid jid, int device_id, Database.IdentityMetaTable.TrustLevel trust_level) { + int identity_id = db.identity.get_id(account.id); db.identity_meta.update() - .with(db.identity_meta.identity_id, "=", account.id) + .with(db.identity_meta.identity_id, "=", identity_id) .with(db.identity_meta.address_name, "=", jid.bare_jid.to_string()) .with(db.identity_meta.device_id, "=", device_id) .set(db.identity_meta.trust_level, trust_level).perform(); @@ -135,12 +138,16 @@ public class TrustManager { } public bool is_known_address(Account account, Jid jid) { - return db.identity_meta.with_address(account.id, jid.to_string()).count() > 0; + int identity_id = db.identity.get_id(account.id); + if (identity_id < 0) return false; + return db.identity_meta.with_address(identity_id, jid.to_string()).count() > 0; } public Gee.List get_trusted_devices(Account account, Jid jid) { Gee.List devices = new ArrayList(); - foreach (Row device in db.identity_meta.get_trusted_devices(account.id, jid.bare_jid.to_string())) { + int identity_id = db.identity.get_id(account.id); + if (identity_id < 0) return devices; + foreach (Row device in db.identity_meta.get_trusted_devices(identity_id, jid.bare_jid.to_string())) { if(device[db.identity_meta.trust_level] != Database.IdentityMetaTable.TrustLevel.UNKNOWN || device[db.identity_meta.identity_key_public_base64] == null) devices.add(device[db.identity_meta.device_id]); } @@ -163,12 +170,14 @@ public class TrustManager { public override async bool run(Entities.Message message, Xmpp.MessageStanza stanza, Conversation conversation) { MessageFlag? flag = MessageFlag.get_flag(stanza); if(flag != null && ((!)flag).decrypted) { + int identity_id = db.identity.get_id(conversation.account.id); + if (identity_id < 0) return false; StanzaNode header = stanza.stanza.get_subnode("encrypted", "eu.siacs.conversations.axolotl").get_subnode("header"); Jid jid = message.from; if(conversation.type_ == Conversation.Type.GROUPCHAT) { jid = stream_interactor.get_module(MucManager.IDENTITY).get_real_jid(jid, conversation.account); } - Database.IdentityMetaTable.TrustLevel trust_level = (Database.IdentityMetaTable.TrustLevel) db.identity_meta.get_device(conversation.account.id, jid.bare_jid.to_string(), header.get_attribute_int("sid"))[db.identity_meta.trust_level]; + Database.IdentityMetaTable.TrustLevel trust_level = (Database.IdentityMetaTable.TrustLevel) db.identity_meta.get_device(identity_id, jid.bare_jid.to_string(), header.get_attribute_int("sid"))[db.identity_meta.trust_level]; if (trust_level == Database.IdentityMetaTable.TrustLevel.UNTRUSTED) { message.body = _("OMEMO message from a rejected device"); message.marked = Message.Marked.WONTSEND; -- cgit v1.2.3-70-g09d2 From 3c819a19e194c0bbc06544813ff103ee0519f264 Mon Sep 17 00:00:00 2001 From: Samuel Hand Date: Tue, 14 Aug 2018 01:37:55 +0100 Subject: Properly decrypt messages from MUCs --- plugins/omemo/src/stream_module.vala | 80 ------------------------------- plugins/omemo/src/trust_manager.vala | 92 +++++++++++++++++++++++++++++------- 2 files changed, 75 insertions(+), 97 deletions(-) (limited to 'plugins/omemo/src/trust_manager.vala') diff --git a/plugins/omemo/src/stream_module.vala b/plugins/omemo/src/stream_module.vala index f086bd4c..6ee42771 100644 --- a/plugins/omemo/src/stream_module.vala +++ b/plugins/omemo/src/stream_module.vala @@ -20,7 +20,6 @@ public class StreamModule : XmppStreamModule { private ConcurrentSet active_bundle_requests = new ConcurrentSet(); private ConcurrentSet active_devicelist_requests = new ConcurrentSet(); private Map> ignored_devices = new HashMap>(Jid.hash_bare_func, Jid.equals_bare_func); - private ReceivedPipelineListener received_pipeline_listener; public signal void store_created(Store store); public signal void device_list_loaded(Jid jid, ArrayList devices); @@ -31,13 +30,10 @@ public class StreamModule : XmppStreamModule { this.store = Plugin.get_context().create_store(); store_created(store); - received_pipeline_listener = new ReceivedPipelineListener(store); - stream.get_module(MessageModule.IDENTITY).received_pipeline.connect(received_pipeline_listener); stream.get_module(Pubsub.Module.IDENTITY).add_filtered_notification(stream, NODE_DEVICELIST, (stream, jid, id, node) => on_devicelist(stream, jid, id, node)); } public override void detach(XmppStream stream) { - stream.get_module(MessageModule.IDENTITY).received_pipeline.disconnect(received_pipeline_listener); } public void request_user_devicelist(XmppStream stream, Jid jid) { @@ -273,80 +269,4 @@ public class StreamModule : XmppStreamModule { } } - -public class ReceivedPipelineListener : StanzaListener { - - private const string[] after_actions_const = {"EXTRACT_MESSAGE_2"}; - - public override string action_group { get { return "ENCRYPT_BODY"; } } - public override string[] after_actions { get { return after_actions_const; } } - - private Store store; - - public ReceivedPipelineListener(Store store) { - this.store = store; - } - - public override async bool run(XmppStream stream, MessageStanza message) { - StanzaNode? _encrypted = message.stanza.get_subnode("encrypted", NS_URI); - if (_encrypted == null || MessageFlag.get_flag(message) != null || message.from == null) return false; - StanzaNode encrypted = (!)_encrypted; - if (!Plugin.ensure_context()) return false; - MessageFlag flag = new MessageFlag(); - message.add_flag(flag); - StanzaNode? _header = encrypted.get_subnode("header"); - if (_header == null) return false; - StanzaNode header = (!)_header; - if (header.get_attribute_int("sid") <= 0) return false; - foreach (StanzaNode key_node in header.get_subnodes("key")) { - if (key_node.get_attribute_int("rid") == store.local_registration_id) { - try { - string? payload = encrypted.get_deep_string_content("payload"); - string? iv_node = header.get_deep_string_content("iv"); - string? key_node_content = key_node.get_string_content(); - if (payload == null || iv_node == null || key_node_content == null) continue; - uint8[] key; - uint8[] ciphertext = Base64.decode((!)payload); - uint8[] iv = Base64.decode((!)iv_node); - Address address = new Address(message.from.bare_jid.to_string(), header.get_attribute_int("sid")); - if (key_node.get_attribute_bool("prekey")) { - PreKeySignalMessage msg = Plugin.get_context().deserialize_pre_key_signal_message(Base64.decode((!)key_node_content)); - SessionCipher cipher = store.create_session_cipher(address); - key = cipher.decrypt_pre_key_signal_message(msg); - } else { - SignalMessage msg = Plugin.get_context().deserialize_signal_message(Base64.decode((!)key_node_content)); - SessionCipher cipher = store.create_session_cipher(address); - key = cipher.decrypt_signal_message(msg); - } - address.device_id = 0; // TODO: Hack to have address obj live longer - - if (key.length >= 32) { - int authtaglength = key.length - 16; - uint8[] new_ciphertext = new uint8[ciphertext.length + authtaglength]; - uint8[] new_key = new uint8[16]; - Memory.copy(new_ciphertext, ciphertext, ciphertext.length); - Memory.copy((uint8*)new_ciphertext + ciphertext.length, (uint8*)key + 16, authtaglength); - Memory.copy(new_key, key, 16); - ciphertext = new_ciphertext; - key = new_key; - } - - message.body = arr_to_str(aes_decrypt(Cipher.AES_GCM_NOPADDING, key, iv, ciphertext)); - flag.decrypted = true; - } catch (Error e) { - if (Plugin.DEBUG) print(@"OMEMO: Signal error while decrypting message: $(e.message)\n"); - } - } - } - return false; - } - - private string arr_to_str(uint8[] arr) { - // null-terminate the array - uint8[] rarr = new uint8[arr.length+1]; - Memory.copy(rarr, arr, arr.length); - return (string)rarr; - } -} - } diff --git a/plugins/omemo/src/trust_manager.vala b/plugins/omemo/src/trust_manager.vala index 495d2657..8f6e9017 100644 --- a/plugins/omemo/src/trust_manager.vala +++ b/plugins/omemo/src/trust_manager.vala @@ -168,27 +168,85 @@ public class TrustManager { } public override async bool run(Entities.Message message, Xmpp.MessageStanza stanza, Conversation conversation) { - MessageFlag? flag = MessageFlag.get_flag(stanza); - if(flag != null && ((!)flag).decrypted) { - int identity_id = db.identity.get_id(conversation.account.id); - if (identity_id < 0) return false; - StanzaNode header = stanza.stanza.get_subnode("encrypted", "eu.siacs.conversations.axolotl").get_subnode("header"); - Jid jid = message.from; - if(conversation.type_ == Conversation.Type.GROUPCHAT) { - jid = stream_interactor.get_module(MucManager.IDENTITY).get_real_jid(jid, conversation.account); - } - Database.IdentityMetaTable.TrustLevel trust_level = (Database.IdentityMetaTable.TrustLevel) db.identity_meta.get_device(identity_id, jid.bare_jid.to_string(), header.get_attribute_int("sid"))[db.identity_meta.trust_level]; - if (trust_level == Database.IdentityMetaTable.TrustLevel.UNTRUSTED) { - message.body = _("OMEMO message from a rejected device"); - message.marked = Message.Marked.WONTSEND; - } - if (trust_level == Database.IdentityMetaTable.TrustLevel.UNKNOWN) { - message.body = _("OMEMO message from an unknown device: ")+message.body; - message.marked = Message.Marked.WONTSEND; + Store store = stream_interactor.module_manager.get_module(conversation.account, StreamModule.IDENTITY).store; + + StanzaNode? _encrypted = stanza.stanza.get_subnode("encrypted", NS_URI); + if (_encrypted == null || MessageFlag.get_flag(stanza) != null || stanza.from == null) return false; + StanzaNode encrypted = (!)_encrypted; + if (!Plugin.ensure_context()) return false; + MessageFlag flag = new MessageFlag(); + stanza.add_flag(flag); + StanzaNode? _header = encrypted.get_subnode("header"); + if (_header == null) return false; + StanzaNode header = (!)_header; + if (header.get_attribute_int("sid") <= 0) return false; + foreach (StanzaNode key_node in header.get_subnodes("key")) { + if (key_node.get_attribute_int("rid") == store.local_registration_id) { + try { + string? payload = encrypted.get_deep_string_content("payload"); + string? iv_node = header.get_deep_string_content("iv"); + string? key_node_content = key_node.get_string_content(); + if (payload == null || iv_node == null || key_node_content == null) continue; + uint8[] key; + uint8[] ciphertext = Base64.decode((!)payload); + uint8[] iv = Base64.decode((!)iv_node); + Jid jid = stanza.from; + if (conversation.type_ == Conversation.Type.GROUPCHAT) { + jid = stream_interactor.get_module(MucManager.IDENTITY).get_real_jid(jid, conversation.account); + } + + Address address = new Address(jid.bare_jid.to_string(), header.get_attribute_int("sid")); + if (key_node.get_attribute_bool("prekey")) { + PreKeySignalMessage msg = Plugin.get_context().deserialize_pre_key_signal_message(Base64.decode((!)key_node_content)); + SessionCipher cipher = store.create_session_cipher(address); + key = cipher.decrypt_pre_key_signal_message(msg); + } else { + SignalMessage msg = Plugin.get_context().deserialize_signal_message(Base64.decode((!)key_node_content)); + SessionCipher cipher = store.create_session_cipher(address); + key = cipher.decrypt_signal_message(msg); + } + address.device_id = 0; // TODO: Hack to have address obj live longer + + if (key.length >= 32) { + int authtaglength = key.length - 16; + uint8[] new_ciphertext = new uint8[ciphertext.length + authtaglength]; + uint8[] new_key = new uint8[16]; + Memory.copy(new_ciphertext, ciphertext, ciphertext.length); + Memory.copy((uint8*)new_ciphertext + ciphertext.length, (uint8*)key + 16, authtaglength); + Memory.copy(new_key, key, 16); + ciphertext = new_ciphertext; + key = new_key; + } + + message.body = arr_to_str(aes_decrypt(Cipher.AES_GCM_NOPADDING, key, iv, ciphertext)); + flag.decrypted = true; + + int identity_id = db.identity.get_id(conversation.account.id); + if (identity_id < 0) return false; + + Database.IdentityMetaTable.TrustLevel trust_level = (Database.IdentityMetaTable.TrustLevel) db.identity_meta.get_device(identity_id, jid.bare_jid.to_string(), header.get_attribute_int("sid"))[db.identity_meta.trust_level]; + if (trust_level == Database.IdentityMetaTable.TrustLevel.UNTRUSTED) { + message.body = _("OMEMO message from a rejected device"); + message.marked = Message.Marked.WONTSEND; + } + if (trust_level == Database.IdentityMetaTable.TrustLevel.UNKNOWN) { + message.body = _("OMEMO message from an unknown device: ")+message.body; + message.marked = Message.Marked.WONTSEND; + } + } catch (Error e) { + if (Plugin.DEBUG) print(@"OMEMO: Signal error while decrypting message: $(e.message)\n"); + } } } return false; } + + private string arr_to_str(uint8[] arr) { + // null-terminate the array + uint8[] rarr = new uint8[arr.length+1]; + Memory.copy(rarr, arr, arr.length); + return (string)rarr; + } } } -- cgit v1.2.3-70-g09d2