From 141db9e40a3a81cfa3ad3587dc47f69c541d0fde Mon Sep 17 00:00:00 2001 From: fiaxh Date: Tue, 27 Nov 2018 14:57:52 +0100 Subject: Implement aesgcm encrypted file upload --- plugins/omemo/src/file_provider.vala | 5 +- plugins/omemo/src/file_sender.vala | 108 +++++++++++++++++++++++++++++++++++ plugins/omemo/src/plugin.vala | 1 + 3 files changed, 111 insertions(+), 3 deletions(-) create mode 100644 plugins/omemo/src/file_sender.vala (limited to 'plugins/omemo/src') diff --git a/plugins/omemo/src/file_provider.vala b/plugins/omemo/src/file_provider.vala index fb1c1d1e..810da084 100644 --- a/plugins/omemo/src/file_provider.vala +++ b/plugins/omemo/src/file_provider.vala @@ -14,8 +14,6 @@ public class FileProvider : Dino.FileProvider, Object { private Dino.Database dino_db; private Regex url_regex; - private Gee.List ignore_once = new ArrayList(); - public FileProvider(StreamInteractor stream_interactor, Dino.Database dino_db) { this.stream_interactor = stream_interactor; this.dino_db = dino_db; @@ -139,7 +137,8 @@ public class FileProvider : Dino.FileProvider, Object { } while(len > 0); // Decrypt - return new MemoryInputStream.from_data(aes_decrypt(Cipher.AES_GCM_NOPADDING, key, iv, data.data)); + uint8[] cleartext = Signal.aes_decrypt(Cipher.AES_GCM_NOPADDING, key, iv, data.data); + return new MemoryInputStream.from_data(cleartext); } private uint8[] hex_to_bin(string hex) { diff --git a/plugins/omemo/src/file_sender.vala b/plugins/omemo/src/file_sender.vala new file mode 100644 index 00000000..a760bc7b --- /dev/null +++ b/plugins/omemo/src/file_sender.vala @@ -0,0 +1,108 @@ +using Dino.Entities; +using Gee; +using Signal; +using Xmpp; + +namespace Dino.Plugins.Omemo { + +public class AesGcmFileSender : StreamInteractionModule, FileSender, Object { + public static ModuleIdentity IDENTITY = new ModuleIdentity("http_files"); + public string id { get { return IDENTITY.id; } } + + + private StreamInteractor stream_interactor; + private HashMap max_file_sizes = new HashMap(Account.hash_func, Account.equals_func); + + public AesGcmFileSender(StreamInteractor stream_interactor) { + this.stream_interactor = stream_interactor; + + stream_interactor.stream_negotiated.connect(on_stream_negotiated); + } + + public void send_file(Conversation conversation, FileTransfer file_transfer) { + Xmpp.XmppStream? stream = stream_interactor.get_stream(file_transfer.account); + uint8[] buf = new uint8[256]; + Array data = new Array(false, true, 0); + size_t len = -1; + do { + try { + len = file_transfer.input_stream.read(buf); + } catch (IOError error) { + warning(@"HTTP upload: IOError reading stream: $(error.message)"); + file_transfer.state = FileTransfer.State.FAILED; + } + data.append_vals(buf, (uint) len); + } while(len > 0); + + //Create a key and use it to encrypt the file + uint8[] iv = new uint8[16]; + Plugin.get_context().randomize(iv); + uint8[] key = new uint8[32]; + Plugin.get_context().randomize(key); + uint8[] ciphertext = aes_encrypt(Cipher.AES_GCM_NOPADDING, key, iv, data.data); + + // Convert iv and key to hex + string iv_and_key = ""; + foreach (uint8 byte in iv) iv_and_key += byte.to_string("%02x"); + foreach (uint8 byte in key) iv_and_key += byte.to_string("%02x"); + + stream_interactor.module_manager.get_module(file_transfer.account, Xmpp.Xep.HttpFileUpload.Module.IDENTITY).request_slot(stream, file_transfer.server_file_name, (int) data.length, file_transfer.mime_type, + (stream, url_down, url_up) => { + Soup.Message message = new Soup.Message("PUT", url_up); + message.set_request(file_transfer.mime_type, Soup.MemoryUse.COPY, ciphertext); + Soup.Session session = new Soup.Session(); + session.send_async.begin(message, null, (obj, res) => { + try { + session.send_async.end(res); + if (message.status_code >= 200 && message.status_code < 300) { + string aesgcm_link = url_down + "#" + iv_and_key; + aesgcm_link = "aesgcm://" + aesgcm_link.substring(8); // replace https:// by aesgcm:// + + file_transfer.info = aesgcm_link; // store the message content temporarily so the message gets filtered out + Entities.Message xmpp_message = stream_interactor.get_module(MessageProcessor.IDENTITY).create_out_message(aesgcm_link, conversation); + xmpp_message.encryption = Encryption.OMEMO; + stream_interactor.get_module(MessageProcessor.IDENTITY).send_message(xmpp_message, conversation); + file_transfer.info = xmpp_message.id.to_string(); + + ContentItem? content_item = stream_interactor.get_module(ContentItemStore.IDENTITY).get_item(conversation, 1, xmpp_message.id); + if (content_item != null) { + stream_interactor.get_module(ContentItemStore.IDENTITY).set_item_hide(content_item, true); + } + } else { + warning("HTTP status code " + message.status_code.to_string()); + file_transfer.state = FileTransfer.State.FAILED; + } + } catch (Error e) { + warning("HTTP upload error: " + e.message); + file_transfer.state = FileTransfer.State.FAILED; + } + }); + }, + (stream, error) => { + warning("HTTP upload error: " + error); + file_transfer.state = FileTransfer.State.FAILED; + } + ); + } + + public bool can_send(Conversation conversation, FileTransfer file_transfer) { + return file_transfer.encryption == Encryption.OMEMO; + } + + public bool is_upload_available(Conversation conversation) { + lock (max_file_sizes) { + return max_file_sizes.has_key(conversation.account); + } + } + + private void on_stream_negotiated(Account account, XmppStream stream) { + stream_interactor.module_manager.get_module(account, Xmpp.Xep.HttpFileUpload.Module.IDENTITY).feature_available.connect((stream, max_file_size) => { + lock (max_file_sizes) { + max_file_sizes[account] = max_file_size; + } + upload_available(account); + }); + } +} + +} diff --git a/plugins/omemo/src/plugin.vala b/plugins/omemo/src/plugin.vala index be6229cc..2cb96e10 100644 --- a/plugins/omemo/src/plugin.vala +++ b/plugins/omemo/src/plugin.vala @@ -51,6 +51,7 @@ public class Plugin : RootInterface, Object { }); app.stream_interactor.get_module(FileManager.IDENTITY).add_provider(new FileProvider(app.stream_interactor, app.db)); + this.app.stream_interactor.get_module(FileManager.IDENTITY).add_sender(new AesGcmFileSender(app.stream_interactor)); Manager.start(this.app.stream_interactor, db, trust_manager); SimpleAction own_keys_action = new SimpleAction("own-keys", VariantType.INT32); -- cgit v1.2.3-70-g09d2