From 7e1ecb34cb1eca2b74949c7ddc2ad52fb02e3a77 Mon Sep 17 00:00:00 2001 From: fiaxh Date: Sun, 12 Mar 2017 02:49:53 +0100 Subject: Move PGP support into plugin --- plugins/openpgp/src/account_settings_entry.vala | 18 +++ plugins/openpgp/src/account_settings_widget.vala | 61 +++++++++ plugins/openpgp/src/encryption_list_entry.vala | 26 ++++ plugins/openpgp/src/manager.vala | 78 ++++++++++++ plugins/openpgp/src/plugin.vala | 29 +++++ plugins/openpgp/src/register_plugin.vala | 3 + plugins/openpgp/src/xmpp_flag.vala | 25 ++++ plugins/openpgp/src/xmpp_module.vala | 154 +++++++++++++++++++++++ 8 files changed, 394 insertions(+) create mode 100644 plugins/openpgp/src/account_settings_entry.vala create mode 100644 plugins/openpgp/src/account_settings_widget.vala create mode 100644 plugins/openpgp/src/encryption_list_entry.vala create mode 100644 plugins/openpgp/src/manager.vala create mode 100644 plugins/openpgp/src/plugin.vala create mode 100644 plugins/openpgp/src/register_plugin.vala create mode 100644 plugins/openpgp/src/xmpp_flag.vala create mode 100644 plugins/openpgp/src/xmpp_module.vala (limited to 'plugins/openpgp/src') diff --git a/plugins/openpgp/src/account_settings_entry.vala b/plugins/openpgp/src/account_settings_entry.vala new file mode 100644 index 00000000..1deef763 --- /dev/null +++ b/plugins/openpgp/src/account_settings_entry.vala @@ -0,0 +1,18 @@ +namespace Dino.Plugins.OpenPgp { + +public class AccountSettingsEntry : Plugins.AccountSettingsEntry { + + public override string id { get { + return "pgp_key_picker"; + }} + + public override string name { get { + return "OpenPGP"; + }} + + public override Plugins.AccountSettingsWidget get_widget() { + return new AccountSettingsWidget(); + } +} + +} \ No newline at end of file diff --git a/plugins/openpgp/src/account_settings_widget.vala b/plugins/openpgp/src/account_settings_widget.vala new file mode 100644 index 00000000..b9e6edbd --- /dev/null +++ b/plugins/openpgp/src/account_settings_widget.vala @@ -0,0 +1,61 @@ +using Dino.Entities; + +namespace Dino.Plugins.OpenPgp { + +[GtkTemplate (ui = "/org/dino-im/account_settings_item.ui")] + +private class AccountSettingsWidget : Gtk.Stack, Plugins.AccountSettingsWidget { + [GtkChild] private Gtk.Label pgp_label; + [GtkChild] private Gtk.Button pgp_button; + [GtkChild] private Gtk.ComboBox pgp_combobox; + + private Gtk.ListStore list_store = new Gtk.ListStore(2, typeof(string), typeof(string?)); + + public AccountSettingsWidget() { + Gtk.CellRendererText renderer = new Gtk.CellRendererText(); + renderer.set_padding(0, 0); + pgp_combobox.pack_start(renderer, true); + pgp_combobox.add_attribute(renderer, "markup", 0); + pgp_button.clicked.connect(() => { activated(); this.set_visible_child_name("entry"); pgp_combobox.popup(); }); + } + + public void deactivate() { + this.set_visible_child_name("label"); + } + + private void key_changed() { + Gtk.TreeIter selected; + pgp_combobox.get_active_iter(out selected); + Value text; + list_store.get_value(selected, 0, out text); + pgp_label.set_markup((string) text); + deactivate(); + } + + public void set_account(Account account) { + populate_pgp_combobox(account); + } + + private void populate_pgp_combobox(Account account) { + pgp_combobox.changed.disconnect(key_changed); + + Gtk.TreeIter iter; + pgp_combobox.set_model(list_store); + + list_store.clear(); + list_store.append(out iter); + pgp_label.set_markup("Disabled\nSelect key"); + list_store.set(iter, 0, "Disabled\nSelect key", 1, null); + Gee.List list = GPGHelper.get_keylist(null, true); + foreach (GPG.Key key in list) { + list_store.append(out iter); + list_store.set(iter, 0, @"$(Markup.escape_text(key.uids[0].uid))\n0x$(Markup.escape_text(key.fpr[0:16]))"); + list_store.set(iter, 1, key.fpr); + } + + pgp_combobox.set_active(0); + pgp_combobox.changed.connect(key_changed); + } +} + +} \ No newline at end of file diff --git a/plugins/openpgp/src/encryption_list_entry.vala b/plugins/openpgp/src/encryption_list_entry.vala new file mode 100644 index 00000000..96607e1e --- /dev/null +++ b/plugins/openpgp/src/encryption_list_entry.vala @@ -0,0 +1,26 @@ +using Dino.Entities; + +namespace Dino.Plugins.OpenPgp { + +private class EncryptionListEntry : Plugins.EncryptionListEntry, Object { + + private StreamInteractor stream_interactor; + + public EncryptionListEntry(StreamInteractor stream_interactor) { + this.stream_interactor = stream_interactor; + } + + public Entities.Encryption encryption { get { + return Encryption.PGP; + }} + + public string name { get { + return "OpenPGP"; + }} + + public bool can_encrypt(Entities.Conversation conversation) { + return Manager.get_instance(stream_interactor).get_key_id(conversation.account, conversation.counterpart) != null; + } +} + +} \ No newline at end of file diff --git a/plugins/openpgp/src/manager.vala b/plugins/openpgp/src/manager.vala new file mode 100644 index 00000000..81077088 --- /dev/null +++ b/plugins/openpgp/src/manager.vala @@ -0,0 +1,78 @@ +using Gee; +using Xmpp; + +using Xmpp; +using Dino.Entities; + +namespace Dino.Plugins.OpenPgp { + + public class Manager : StreamInteractionModule, Object { + public const string id = "pgp_manager"; + + public const string MESSAGE_ENCRYPTED = "pgp"; + + private StreamInteractor stream_interactor; + private Database db; + private HashMap pgp_key_ids = new HashMap(Jid.hash_bare_func, Jid.equals_bare_func); + + public static void start(StreamInteractor stream_interactor, Database db) { + Manager m = new Manager(stream_interactor, db); + stream_interactor.add_module(m); + } + + private Manager(StreamInteractor stream_interactor, Database db) { + this.stream_interactor = stream_interactor; + this.db = db; + + stream_interactor.account_added.connect(on_account_added); + MessageManager.get_instance(stream_interactor).pre_message_received.connect(on_pre_message_received); + MessageManager.get_instance(stream_interactor).pre_message_send.connect(on_pre_message_send); + } + + private void on_pre_message_received(Entities.Message message, Xmpp.Message.Stanza message_stanza, Conversation conversation) { + if (MessageFlag.get_flag(message_stanza) != null && MessageFlag.get_flag(message_stanza).decrypted) { + message.encryption = Encryption.PGP; + } + } + + private void on_pre_message_send(Entities.Message message, Xmpp.Message.Stanza message_stanza, Conversation conversation) { + if (message.encryption == Encryption.PGP) { + string? key_id = get_key_id(conversation.account, message.counterpart); + bool encrypted = false; + if (key_id != null) { + encrypted = stream_interactor.get_stream(conversation.account).get_module(Module.IDENTITY).encrypt(message_stanza, key_id); + } + if (!encrypted) { + message.marked = Entities.Message.Marked.WONTSEND; + } + } + } + + public string? get_key_id(Account account, Jid jid) { + return db.get_pgp_key(jid); + } + + public static Manager? get_instance(StreamInteractor stream_interactor) { + return (Manager) stream_interactor.get_module(id); + } + + internal string get_id() { + return id; + } + + private void on_account_added(Account account) { + stream_interactor.module_manager.get_module(account, Module.IDENTITY).received_jid_key_id.connect((stream, jid, key_id) => { + on_jid_key_received(account, new Jid(jid), key_id); + }); + } + + private void on_jid_key_received(Account account, Jid jid, string key_id) { + if (!pgp_key_ids.has_key(jid) || pgp_key_ids[jid] != key_id) { + if (!MucManager.get_instance(stream_interactor).is_groupchat_occupant(jid, account)) { + db.set_pgp_key(jid.bare_jid, key_id); + } + } + pgp_key_ids[jid] = key_id; + } + } +} \ No newline at end of file diff --git a/plugins/openpgp/src/plugin.vala b/plugins/openpgp/src/plugin.vala new file mode 100644 index 00000000..d25c8cd0 --- /dev/null +++ b/plugins/openpgp/src/plugin.vala @@ -0,0 +1,29 @@ +namespace Dino.Plugins.OpenPgp { + + public class Plugin : Plugins.RootInterface, Object { + public Dino.Application app; + public Database db; + + private Module module; + private EncryptionListEntry list_entry; + private AccountSettingsEntry settings_entry; + + public void registered(Dino.Application app) { + this.app = app; + this.module = new Module(); + this.list_entry = new EncryptionListEntry(app.stream_interaction); + this.settings_entry = new AccountSettingsEntry(); + app.plugin_registry.register_encryption_list_entry(list_entry); + app.plugin_registry.register_account_settings_entry(settings_entry); + app.stream_interaction.module_manager.initialize_account_modules.connect((account, list) => { + list.add(new Module()); + }); + Manager.start(app.stream_interaction, app.db); + } + + public void shutdown() { + // Nothing to do + } + } + +} diff --git a/plugins/openpgp/src/register_plugin.vala b/plugins/openpgp/src/register_plugin.vala new file mode 100644 index 00000000..c5d811a7 --- /dev/null +++ b/plugins/openpgp/src/register_plugin.vala @@ -0,0 +1,3 @@ +public Type register_plugin(Module module) { + return typeof (Dino.Plugins.OpenPgp.Plugin); +} \ No newline at end of file diff --git a/plugins/openpgp/src/xmpp_flag.vala b/plugins/openpgp/src/xmpp_flag.vala new file mode 100644 index 00000000..5ace26bd --- /dev/null +++ b/plugins/openpgp/src/xmpp_flag.vala @@ -0,0 +1,25 @@ +using Gee; + +using Xmpp; +using Xmpp.Core; + +namespace Dino.Plugins.OpenPgp { + +public class Flag : XmppStreamFlag { + public const string ID = "pgp"; + public HashMap key_ids = new HashMap(); + + public string? get_key_id(string jid) { return key_ids[get_bare_jid(jid)]; } + + public void set_key_id(string jid, string key) { key_ids[get_bare_jid(jid)] = key; } + + public static Flag? get_flag(XmppStream stream) { return (Flag?) stream.get_flag(NS_URI, ID); } + + public static bool has_flag(XmppStream stream) { return get_flag(stream) != null; } + + public override string get_ns() { return NS_URI; } + + public override string get_id() { return ID; } +} + +} \ No newline at end of file diff --git a/plugins/openpgp/src/xmpp_module.vala b/plugins/openpgp/src/xmpp_module.vala new file mode 100644 index 00000000..440be5f1 --- /dev/null +++ b/plugins/openpgp/src/xmpp_module.vala @@ -0,0 +1,154 @@ +using GPG; + +using Xmpp; +using Xmpp.Core; + +namespace Dino.Plugins.OpenPgp { + private const string NS_URI = "jabber:x"; + private const string NS_URI_ENCRYPTED = NS_URI + ":encrypted"; + private const string NS_URI_SIGNED = NS_URI + ":signed"; + + public class Module : XmppStreamModule { + public const string ID = "0027_current_pgp_usage"; + public static ModuleIdentity IDENTITY = new ModuleIdentity(NS_URI, ID); + + public signal void received_jid_key_id(XmppStream stream, string jid, string key_id); + + private string? signed_status; + private string? own_key_id; + + public Module() { + signed_status = gpg_sign(""); + if (signed_status != null) own_key_id = gpg_verify(signed_status, ""); + } + + public bool encrypt(Message.Stanza message, string key_id) { + string? enc_body = gpg_encrypt(message.body, new string[] {key_id, own_key_id}); + if (enc_body != null) { + message.stanza.put_node(new StanzaNode.build("x", NS_URI_ENCRYPTED).add_self_xmlns().put_node(new StanzaNode.text(enc_body))); + message.body = "[This message is OpenPGP encrypted (see XEP-0027)]"; + return true; + } + return false; + } + + public string? get_cyphertext(Message.Stanza message) { + StanzaNode? x_node = message.stanza.get_subnode("x", NS_URI_ENCRYPTED); + return x_node == null ? null : x_node.get_string_content(); + } + + public override void attach(XmppStream stream) { + Presence.Module.require(stream); + stream.get_module(Presence.Module.IDENTITY).received_presence.connect(on_received_presence); + stream.get_module(Presence.Module.IDENTITY).pre_send_presence_stanza.connect(on_pre_send_presence_stanza); + Message.Module.require(stream); + stream.get_module(Message.Module.IDENTITY).pre_received_message.connect(on_pre_received_message); + stream.add_flag(new Flag()); + } + + public override void detach(XmppStream stream) { + stream.get_module(Presence.Module.IDENTITY).received_presence.disconnect(on_received_presence); + stream.get_module(Presence.Module.IDENTITY).pre_send_presence_stanza.disconnect(on_pre_send_presence_stanza); + stream.get_module(Message.Module.IDENTITY).pre_received_message.disconnect(on_pre_received_message); + } + + public static void require(XmppStream stream) { + if (stream.get_module(IDENTITY) == null) stream.add_module(new Module()); + } + + public override string get_ns() { return NS_URI; } + public override string get_id() { return ID; } + + private void on_received_presence(XmppStream stream, Presence.Stanza presence) { + StanzaNode x_node = presence.stanza.get_subnode("x", NS_URI_SIGNED); + if (x_node != null) { + string? sig = x_node.get_string_content(); + if (sig != null) { + string signed_data = presence.status == null ? "" : presence.status; + string? key_id = gpg_verify(sig, signed_data); + if (key_id != null) { + Flag.get_flag(stream).set_key_id(presence.from, key_id); + received_jid_key_id(stream, presence.from, key_id); + } + } + } + } + + private void on_pre_send_presence_stanza(XmppStream stream, Presence.Stanza presence) { + if (presence.type_ == Presence.Stanza.TYPE_AVAILABLE && signed_status != null) { + presence.stanza.put_node(new StanzaNode.build("x", NS_URI_SIGNED).add_self_xmlns().put_node(new StanzaNode.text(signed_status))); + } + } + + private void on_pre_received_message(XmppStream stream, Message.Stanza message) { + string? encrypted = get_cyphertext(message); + if (encrypted != null) { + MessageFlag flag = new MessageFlag(); + message.add_flag(flag); + string? decrypted = gpg_decrypt(encrypted); + if (decrypted != null) { + flag.decrypted = true; + message.body = decrypted; + } + } + } + + private static string? gpg_encrypt(string plain, string[] key_ids) { + GPG.Key[] keys = new GPG.Key[key_ids.length]; + string encr; + try { + for (int i = 0; i < key_ids.length; i++) { + keys[i] = GPGHelper.get_public_key(key_ids[i]); + } + encr = GPGHelper.encrypt_armor(plain, keys, GPG.EncryptFlags.ALWAYS_TRUST); + } catch (Error e) { + return null; + } + int encryption_start = encr.index_of("\n\n") + 2; + return encr.substring(encryption_start, encr.length - "\n-----END PGP MESSAGE-----".length - encryption_start); + } + + private static string? gpg_decrypt(string enc) { + string armor = "-----BEGIN PGP MESSAGE-----\n\n" + enc + "\n-----END PGP MESSAGE-----"; + string? decr = null; + try { + decr = GPGHelper.decrypt(armor); + } catch (Error e) { } + return decr; + } + + private static string? gpg_verify(string sig, string signed_text) { + string armor = "-----BEGIN PGP MESSAGE-----\n\n" + sig + "\n-----END PGP MESSAGE-----"; + string? sign_key = null; + try { + sign_key = GPGHelper.get_sign_key(armor, signed_text); + } catch (Error e) { } + return sign_key; + } + + private static string? gpg_sign(string str) { + string signed; + try { + signed = GPGHelper.sign(str, GPG.SigMode.CLEAR); + } catch (Error e) { + return null; + } + int signature_start = signed.index_of("-----BEGIN PGP SIGNATURE-----"); + signature_start = signed.index_of("\n\n", signature_start) + 2; + return signed.substring(signature_start, signed.length - "\n-----END PGP SIGNATURE-----".length - signature_start); + } + } + + public class MessageFlag : Message.MessageFlag { + public const string id = "pgp"; + + public bool decrypted = false; + + public static MessageFlag? get_flag(Message.Stanza message) { + return (MessageFlag) message.get_flag(NS_URI, id); + } + + public override string get_ns() { return NS_URI; } + public override string get_id() { return id; } + } +} -- cgit v1.2.3-54-g00ecf