From 141db9e40a3a81cfa3ad3587dc47f69c541d0fde Mon Sep 17 00:00:00 2001 From: fiaxh Date: Tue, 27 Nov 2018 14:57:52 +0100 Subject: [PATCH] Implement aesgcm encrypted file upload --- libdino/src/service/file_manager.vala | 2 +- plugins/http-files/src/file_provider.vala | 5 - plugins/http-files/src/manager.vala | 6 +- plugins/omemo/CMakeLists.txt | 1 + plugins/omemo/src/file_provider.vala | 5 +- plugins/omemo/src/file_sender.vala | 108 ++++++++++++++++++++++ plugins/omemo/src/plugin.vala | 1 + 7 files changed, 116 insertions(+), 12 deletions(-) create mode 100644 plugins/omemo/src/file_sender.vala diff --git a/libdino/src/service/file_manager.vala b/libdino/src/service/file_manager.vala index b35a4e09..8e76af30 100644 --- a/libdino/src/service/file_manager.vala +++ b/libdino/src/service/file_manager.vala @@ -42,7 +42,7 @@ public class FileManager : StreamInteractionModule, Object { file_transfer.direction = FileTransfer.DIRECTION_SENT; file_transfer.time = new DateTime.now_utc(); file_transfer.local_time = new DateTime.now_utc(); - file_transfer.encryption = Encryption.NONE; + file_transfer.encryption = conversation.encryption; try { File file = File.new_for_path(uri); FileInfo file_info = file.query_info("*", FileQueryInfoFlags.NONE); diff --git a/plugins/http-files/src/file_provider.vala b/plugins/http-files/src/file_provider.vala index a0fe1218..19d34bb0 100644 --- a/plugins/http-files/src/file_provider.vala +++ b/plugins/http-files/src/file_provider.vala @@ -13,17 +13,12 @@ public class FileProvider : Dino.FileProvider, Object { private Dino.Database dino_db; private Regex url_regex; - private Gee.List ignore_once = new ArrayList(); - public FileProvider(StreamInteractor stream_interactor, Dino.Database dino_db) { this.stream_interactor = stream_interactor; this.dino_db = dino_db; this.url_regex = new Regex("""^(?i)\b((?:[a-z][\w-]+:(?:\/{1,3}|[a-z0-9%])|www\d{0,3}[.]|[a-z0-9.\-]+[.][a-z]{2,4}\/)(?:[^\s()<>]+|\(([^\s()<>]+|(\([^\s()<>]+\)))*\))+(?:\(([^\s()<>]+|(\([^\s()<>]+\)))*\)|[^\s`!()\[\]{};:'".,<>?«»“”‘’]))$"""); stream_interactor.get_module(MessageProcessor.IDENTITY).received_pipeline.connect(new ReceivedMessageListener(this)); - stream_interactor.get_module(Manager.IDENTITY).uploaded.connect((file_transfer, url) => { - ignore_once.add(url); - }); } private class ReceivedMessageListener : MessageListener { diff --git a/plugins/http-files/src/manager.vala b/plugins/http-files/src/manager.vala index b5aa0d26..96490bb1 100644 --- a/plugins/http-files/src/manager.vala +++ b/plugins/http-files/src/manager.vala @@ -71,7 +71,7 @@ public class Manager : StreamInteractionModule, FileSender, Object { upload(stream, file_transfer, (stream, url_down) => { uploaded(file_transfer, url_down); - file_transfer.info = url_down; + file_transfer.info = url_down; // store the message content temporarily so the message gets filtered out Entities.Message message = stream_interactor.get_module(MessageProcessor.IDENTITY).create_out_message(url_down, conversation); message.encryption = Encryption.NONE; stream_interactor.get_module(MessageProcessor.IDENTITY).send_message(message, conversation); @@ -91,7 +91,7 @@ public class Manager : StreamInteractionModule, FileSender, Object { } public bool can_send(Conversation conversation, FileTransfer file_transfer) { - return true; + return file_transfer.encryption != Encryption.OMEMO; } public bool is_upload_available(Conversation conversation) { @@ -116,7 +116,7 @@ public class Manager : StreamInteractionModule, FileSender, Object { } private void check_add_oob(Entities.Message message, Xmpp.MessageStanza message_stanza, Conversation conversation) { - if (message_is_file(db, message)) { + if (message_is_file(db, message) && message.body.has_prefix("http")) { Xep.OutOfBandData.add_url_to_message(message_stanza, message_stanza.body); } } diff --git a/plugins/omemo/CMakeLists.txt b/plugins/omemo/CMakeLists.txt index 5ffb9c39..b2145be7 100644 --- a/plugins/omemo/CMakeLists.txt +++ b/plugins/omemo/CMakeLists.txt @@ -40,6 +40,7 @@ SOURCES src/encrypt_state.vala src/encryption_list_entry.vala src/file_provider.vala + src/file_sender.vala src/manage_key_dialog.vala src/manager.vala src/message_flag.vala diff --git a/plugins/omemo/src/file_provider.vala b/plugins/omemo/src/file_provider.vala index fb1c1d1e..810da084 100644 --- a/plugins/omemo/src/file_provider.vala +++ b/plugins/omemo/src/file_provider.vala @@ -14,8 +14,6 @@ public class FileProvider : Dino.FileProvider, Object { private Dino.Database dino_db; private Regex url_regex; - private Gee.List ignore_once = new ArrayList(); - public FileProvider(StreamInteractor stream_interactor, Dino.Database dino_db) { this.stream_interactor = stream_interactor; this.dino_db = dino_db; @@ -139,7 +137,8 @@ public class FileProvider : Dino.FileProvider, Object { } while(len > 0); // Decrypt - return new MemoryInputStream.from_data(aes_decrypt(Cipher.AES_GCM_NOPADDING, key, iv, data.data)); + uint8[] cleartext = Signal.aes_decrypt(Cipher.AES_GCM_NOPADDING, key, iv, data.data); + return new MemoryInputStream.from_data(cleartext); } private uint8[] hex_to_bin(string hex) { diff --git a/plugins/omemo/src/file_sender.vala b/plugins/omemo/src/file_sender.vala new file mode 100644 index 00000000..a760bc7b --- /dev/null +++ b/plugins/omemo/src/file_sender.vala @@ -0,0 +1,108 @@ +using Dino.Entities; +using Gee; +using Signal; +using Xmpp; + +namespace Dino.Plugins.Omemo { + +public class AesGcmFileSender : StreamInteractionModule, FileSender, Object { + public static ModuleIdentity IDENTITY = new ModuleIdentity("http_files"); + public string id { get { return IDENTITY.id; } } + + + private StreamInteractor stream_interactor; + private HashMap max_file_sizes = new HashMap(Account.hash_func, Account.equals_func); + + public AesGcmFileSender(StreamInteractor stream_interactor) { + this.stream_interactor = stream_interactor; + + stream_interactor.stream_negotiated.connect(on_stream_negotiated); + } + + public void send_file(Conversation conversation, FileTransfer file_transfer) { + Xmpp.XmppStream? stream = stream_interactor.get_stream(file_transfer.account); + uint8[] buf = new uint8[256]; + Array data = new Array(false, true, 0); + size_t len = -1; + do { + try { + len = file_transfer.input_stream.read(buf); + } catch (IOError error) { + warning(@"HTTP upload: IOError reading stream: $(error.message)"); + file_transfer.state = FileTransfer.State.FAILED; + } + data.append_vals(buf, (uint) len); + } while(len > 0); + + //Create a key and use it to encrypt the file + uint8[] iv = new uint8[16]; + Plugin.get_context().randomize(iv); + uint8[] key = new uint8[32]; + Plugin.get_context().randomize(key); + uint8[] ciphertext = aes_encrypt(Cipher.AES_GCM_NOPADDING, key, iv, data.data); + + // Convert iv and key to hex + string iv_and_key = ""; + foreach (uint8 byte in iv) iv_and_key += byte.to_string("%02x"); + foreach (uint8 byte in key) iv_and_key += byte.to_string("%02x"); + + stream_interactor.module_manager.get_module(file_transfer.account, Xmpp.Xep.HttpFileUpload.Module.IDENTITY).request_slot(stream, file_transfer.server_file_name, (int) data.length, file_transfer.mime_type, + (stream, url_down, url_up) => { + Soup.Message message = new Soup.Message("PUT", url_up); + message.set_request(file_transfer.mime_type, Soup.MemoryUse.COPY, ciphertext); + Soup.Session session = new Soup.Session(); + session.send_async.begin(message, null, (obj, res) => { + try { + session.send_async.end(res); + if (message.status_code >= 200 && message.status_code < 300) { + string aesgcm_link = url_down + "#" + iv_and_key; + aesgcm_link = "aesgcm://" + aesgcm_link.substring(8); // replace https:// by aesgcm:// + + file_transfer.info = aesgcm_link; // store the message content temporarily so the message gets filtered out + Entities.Message xmpp_message = stream_interactor.get_module(MessageProcessor.IDENTITY).create_out_message(aesgcm_link, conversation); + xmpp_message.encryption = Encryption.OMEMO; + stream_interactor.get_module(MessageProcessor.IDENTITY).send_message(xmpp_message, conversation); + file_transfer.info = xmpp_message.id.to_string(); + + ContentItem? content_item = stream_interactor.get_module(ContentItemStore.IDENTITY).get_item(conversation, 1, xmpp_message.id); + if (content_item != null) { + stream_interactor.get_module(ContentItemStore.IDENTITY).set_item_hide(content_item, true); + } + } else { + warning("HTTP status code " + message.status_code.to_string()); + file_transfer.state = FileTransfer.State.FAILED; + } + } catch (Error e) { + warning("HTTP upload error: " + e.message); + file_transfer.state = FileTransfer.State.FAILED; + } + }); + }, + (stream, error) => { + warning("HTTP upload error: " + error); + file_transfer.state = FileTransfer.State.FAILED; + } + ); + } + + public bool can_send(Conversation conversation, FileTransfer file_transfer) { + return file_transfer.encryption == Encryption.OMEMO; + } + + public bool is_upload_available(Conversation conversation) { + lock (max_file_sizes) { + return max_file_sizes.has_key(conversation.account); + } + } + + private void on_stream_negotiated(Account account, XmppStream stream) { + stream_interactor.module_manager.get_module(account, Xmpp.Xep.HttpFileUpload.Module.IDENTITY).feature_available.connect((stream, max_file_size) => { + lock (max_file_sizes) { + max_file_sizes[account] = max_file_size; + } + upload_available(account); + }); + } +} + +} diff --git a/plugins/omemo/src/plugin.vala b/plugins/omemo/src/plugin.vala index be6229cc..2cb96e10 100644 --- a/plugins/omemo/src/plugin.vala +++ b/plugins/omemo/src/plugin.vala @@ -51,6 +51,7 @@ public class Plugin : RootInterface, Object { }); app.stream_interactor.get_module(FileManager.IDENTITY).add_provider(new FileProvider(app.stream_interactor, app.db)); + this.app.stream_interactor.get_module(FileManager.IDENTITY).add_sender(new AesGcmFileSender(app.stream_interactor)); Manager.start(this.app.stream_interactor, db, trust_manager); SimpleAction own_keys_action = new SimpleAction("own-keys", VariantType.INT32);