Code cleanup: create new trust management class

This commit is contained in:
Samuel Hand 2018-07-25 21:27:26 +01:00
parent f2283778f6
commit 7e156b3a75
5 changed files with 197 additions and 230 deletions

View file

@ -45,6 +45,7 @@ SOURCES
src/session_store.vala src/session_store.vala
src/signed_pre_key_store.vala src/signed_pre_key_store.vala
src/stream_module.vala src/stream_module.vala
src/trust_manager.vala
src/util.vala src/util.vala
CUSTOM_VAPIS CUSTOM_VAPIS
${CMAKE_BINARY_DIR}/exports/signal-protocol.vapi ${CMAKE_BINARY_DIR}/exports/signal-protocol.vapi

View file

@ -37,14 +37,6 @@ public class ContactDetailsDialog : Gtk.Dialog {
.with(plugin.db.identity_meta.address_name, "=", device[plugin.db.identity_meta.address_name]) .with(plugin.db.identity_meta.address_name, "=", device[plugin.db.identity_meta.address_name])
.with(plugin.db.identity_meta.device_id, "=", device[plugin.db.identity_meta.device_id]) .with(plugin.db.identity_meta.device_id, "=", device[plugin.db.identity_meta.device_id])
.set(plugin.db.identity_meta.trust_level, trust_level).perform(); .set(plugin.db.identity_meta.trust_level, trust_level).perform();
if (!own) {
if(!trust) {
plugin.app.stream_interactor.module_manager.get_module(account, StreamModule.IDENTITY).untrust_device(jid, device[plugin.db.identity_meta.device_id]);
} else {
plugin.app.stream_interactor.module_manager.get_module(account, StreamModule.IDENTITY).trust_device(jid, device[plugin.db.identity_meta.device_id]);
}
}
} }
private void add_fingerprint(Row device, int row, Database.IdentityMetaTable.TrustLevel trust) { private void add_fingerprint(Row device, int row, Database.IdentityMetaTable.TrustLevel trust) {

View file

@ -12,6 +12,7 @@ public class Manager : StreamInteractionModule, Object {
private StreamInteractor stream_interactor; private StreamInteractor stream_interactor;
private Database db; private Database db;
private TrustManager trust_manager;
private Map<Entities.Message, MessageState> message_states = new HashMap<Entities.Message, MessageState>(Entities.Message.hash_func, Entities.Message.equals_func); private Map<Entities.Message, MessageState> message_states = new HashMap<Entities.Message, MessageState>(Entities.Message.hash_func, Entities.Message.equals_func);
private ReceivedMessageListener received_message_listener = new ReceivedMessageListener(); private ReceivedMessageListener received_message_listener = new ReceivedMessageListener();
@ -64,6 +65,8 @@ public class Manager : StreamInteractionModule, Object {
this.stream_interactor = stream_interactor; this.stream_interactor = stream_interactor;
this.db = db; this.db = db;
this.trust_manager = new TrustManager(stream_interactor, db);
stream_interactor.stream_negotiated.connect(on_stream_negotiated); stream_interactor.stream_negotiated.connect(on_stream_negotiated);
stream_interactor.account_added.connect(on_account_added); stream_interactor.account_added.connect(on_account_added);
stream_interactor.get_module(MessageProcessor.IDENTITY).received_pipeline.connect(received_message_listener); stream_interactor.get_module(MessageProcessor.IDENTITY).received_pipeline.connect(received_message_listener);
@ -85,9 +88,12 @@ public class Manager : StreamInteractionModule, Object {
} }
} }
private Gee.List<Jid> get_occupants(Jid muc, Account account){ private Gee.List<Jid> get_occupants(Jid jid, Account account){
Gee.List<Jid> occupants = new ArrayList<Jid>(Jid.equals_bare_func); Gee.List<Jid> occupants = new ArrayList<Jid>(Jid.equals_bare_func);
Gee.List<Jid>? occupant_jids = stream_interactor.get_module(MucManager.IDENTITY).get_offline_members(muc, account); if(!stream_interactor.get_module(MucManager.IDENTITY).is_groupchat(jid, account)){
occupants.add(jid);
}
Gee.List<Jid>? occupant_jids = stream_interactor.get_module(MucManager.IDENTITY).get_offline_members(jid, account);
if(occupant_jids == null) { if(occupant_jids == null) {
return occupants; return occupants;
} }
@ -113,14 +119,6 @@ public class Manager : StreamInteractionModule, Object {
} }
StreamModule module = (!)module_; StreamModule module = (!)module_;
foreach (Row row in db.identity_meta.with_address(conversation.account.id, conversation.account.bare_jid.to_string())){
if(row[db.identity_meta.trust_level] == Database.IdentityMetaTable.TrustLevel.TRUSTED || row[db.identity_meta.trust_level] == Database.IdentityMetaTable.TrustLevel.VERIFIED){
module.trust_device(conversation.account.bare_jid, row[db.identity_meta.device_id]);
} else {
module.untrust_device(conversation.account.bare_jid, row[db.identity_meta.device_id]);
}
}
Gee.List<Jid> recipients; Gee.List<Jid> recipients;
if (message_stanza.type_ == MessageStanza.TYPE_GROUPCHAT) { if (message_stanza.type_ == MessageStanza.TYPE_GROUPCHAT) {
recipients = get_occupants((!)message.to.bare_jid, conversation.account); recipients = get_occupants((!)message.to.bare_jid, conversation.account);
@ -133,7 +131,7 @@ public class Manager : StreamInteractionModule, Object {
recipients.add(message_stanza.to); recipients.add(message_stanza.to);
} }
EncryptState enc_state = module.encrypt(message_stanza, conversation.account.bare_jid, recipients); EncryptState enc_state = trust_manager.encrypt(message_stanza, conversation.account.bare_jid, recipients, stream, conversation.account);
MessageState state; MessageState state;
lock (message_states) { lock (message_states) {
if (message_states.has_key(message)) { if (message_states.has_key(message)) {
@ -156,13 +154,17 @@ public class Manager : StreamInteractionModule, Object {
if (Plugin.DEBUG) print(@"OMEMO: message will be delayed: $state\n"); if (Plugin.DEBUG) print(@"OMEMO: message will be delayed: $state\n");
if (state.waiting_own_sessions > 0) { if (state.waiting_own_sessions > 0) {
module.fetch_bundles((!)stream, conversation.account.bare_jid); module.fetch_bundles((!)stream, conversation.account.bare_jid, trust_manager.get_trusted_devices(conversation.account, conversation.account.bare_jid));
} }
if (state.waiting_other_sessions > 0 && message.counterpart != null) { if (state.waiting_other_sessions > 0 && message.counterpart != null) {
module.fetch_bundles((!)stream, ((!)message.counterpart).bare_jid); foreach(Jid jid in get_occupants(((!)message.counterpart).bare_jid, conversation.account)) {
module.fetch_bundles((!)stream, jid, trust_manager.get_trusted_devices(conversation.account, jid));
}
} }
if (state.waiting_other_devicelists > 0 && message.counterpart != null) { if (state.waiting_other_devicelists > 0 && message.counterpart != null) {
module.request_user_devicelist((!)stream, ((!)message.counterpart).bare_jid); foreach(Jid jid in get_occupants(((!)message.counterpart).bare_jid, conversation.account)) {
module.request_user_devicelist((!)stream, jid);
}
} }
} }
} }
@ -171,7 +173,7 @@ public class Manager : StreamInteractionModule, Object {
private void on_account_added(Account account) { private void on_account_added(Account account) {
stream_interactor.module_manager.get_module(account, StreamModule.IDENTITY).store_created.connect((store) => on_store_created(account, store)); stream_interactor.module_manager.get_module(account, StreamModule.IDENTITY).store_created.connect((store) => on_store_created(account, store));
stream_interactor.module_manager.get_module(account, StreamModule.IDENTITY).device_list_loaded.connect((jid) => on_device_list_loaded(account, jid)); stream_interactor.module_manager.get_module(account, StreamModule.IDENTITY).device_list_loaded.connect((jid, devices) => on_device_list_loaded(account, jid, devices));
stream_interactor.module_manager.get_module(account, StreamModule.IDENTITY).bundle_fetched.connect((jid, device_id, bundle) => on_bundle_fetched(account, jid, device_id, bundle)); stream_interactor.module_manager.get_module(account, StreamModule.IDENTITY).bundle_fetched.connect((jid, device_id, bundle) => on_bundle_fetched(account, jid, device_id, bundle));
} }
@ -179,8 +181,33 @@ public class Manager : StreamInteractionModule, Object {
stream_interactor.module_manager.get_module(account, StreamModule.IDENTITY).request_user_devicelist(stream, account.bare_jid); stream_interactor.module_manager.get_module(account, StreamModule.IDENTITY).request_user_devicelist(stream, account.bare_jid);
} }
private void on_device_list_loaded(Account account, Jid jid) { private void on_device_list_loaded(Account account, Jid jid, ArrayList<int32> device_list) {
if (Plugin.DEBUG) print(@"OMEMO: received device list for $(account.bare_jid) from $jid\n"); if (Plugin.DEBUG) print(@"OMEMO: received device list for $(account.bare_jid) from $jid\n");
// Update meta database
XmppStream? stream = stream_interactor.get_stream(account);
if (stream == null) {
return;
}
StreamModule? module = ((!)stream).get_module(StreamModule.IDENTITY);
if (module == null) {
return;
}
db.identity_meta.insert_device_list(account.id, jid.bare_jid.to_string(), device_list);
int inc = 0;
foreach (Row row in db.identity_meta.with_address(account.id, jid.bare_jid.to_string()).with_null(db.identity_meta.identity_key_public_base64)) {
module.fetch_bundle(stream, Jid.parse(row[db.identity_meta.address_name]), row[db.identity_meta.device_id]);
inc++;
}
if (inc > 0) {
if (Plugin.DEBUG) print(@"OMEMO: new bundles $inc/$(device_list.size) for $jid\n");
}
if (db.trust.select().with(db.trust.identity_id, "=", account.id).with(db.trust.address_name, "=", jid.bare_jid.to_string()).count() == 0) {
db.trust.insert().value(db.trust.identity_id, account.id).value(db.trust.address_name, jid.bare_jid.to_string()).value(db.trust.blind_trust, true).perform();
}
HashSet<Entities.Message> send_now = new HashSet<Entities.Message>(); HashSet<Entities.Message> send_now = new HashSet<Entities.Message>();
lock (message_states) { lock (message_states) {
foreach (Entities.Message msg in message_states.keys) { foreach (Entities.Message msg in message_states.keys) {
@ -189,7 +216,7 @@ public class Manager : StreamInteractionModule, Object {
MessageState state = message_states[msg]; MessageState state = message_states[msg];
if (account.bare_jid.equals(jid)) { if (account.bare_jid.equals(jid)) {
state.waiting_own_devicelist = false; state.waiting_own_devicelist = false;
} else if (msg.counterpart != null && (msg.counterpart.equals_bare(jid) || occupants.contains(jid))) { } else if (msg.counterpart != null && occupants.contains(jid)) {
state.waiting_other_devicelists--; state.waiting_other_devicelists--;
} }
if (state.should_retry_now()) { if (state.should_retry_now()) {
@ -205,30 +232,6 @@ public class Manager : StreamInteractionModule, Object {
stream_interactor.get_module(MessageProcessor.IDENTITY).send_xmpp_message(msg, (!)conv, true); stream_interactor.get_module(MessageProcessor.IDENTITY).send_xmpp_message(msg, (!)conv, true);
} }
// Update meta database
XmppStream? stream = stream_interactor.get_stream(account);
if (stream == null) {
return;
}
StreamModule? module = ((!)stream).get_module(StreamModule.IDENTITY);
if (module == null) {
return;
}
ArrayList<int32> device_list = module.get_device_list(jid);
db.identity_meta.insert_device_list(account.id, jid.bare_jid.to_string(), device_list);
int inc = 0;
foreach (Row row in db.identity_meta.with_address(account.id, jid.bare_jid.to_string()).with_null(db.identity_meta.identity_key_public_base64)) {
module.fetch_bundle(stream, Jid.parse(row[db.identity_meta.address_name]), row[db.identity_meta.device_id]);
inc++;
}
if (inc > 0) {
if (Plugin.DEBUG) print(@"OMEMO: new bundles $inc/$(device_list.size) for $jid\n");
}
if (db.trust.select().with(db.trust.identity_id, "=", account.id).with(db.trust.address_name, "=", jid.bare_jid.to_string()).count() == 0) {
db.trust.insert().value(db.trust.identity_id, account.id).value(db.trust.address_name, jid.bare_jid.to_string()).value(db.trust.blind_trust, true).perform();
}
} }
public void on_bundle_fetched(Account account, Jid jid, int32 device_id, Bundle bundle) { public void on_bundle_fetched(Account account, Jid jid, int32 device_id, Bundle bundle) {
@ -264,9 +267,7 @@ public class Manager : StreamInteractionModule, Object {
MessageState state = message_states[msg]; MessageState state = message_states[msg];
if (trusted != Database.IdentityMetaTable.TrustLevel.TRUSTED && trusted != Database.IdentityMetaTable.TrustLevel.VERIFIED) { if (trusted == Database.IdentityMetaTable.TrustLevel.TRUSTED || trusted == Database.IdentityMetaTable.TrustLevel.VERIFIED) {
module.untrust_device(jid, device_id);
} else {
if(account.bare_jid.equals(jid) || (msg.counterpart != null && (msg.counterpart.equals_bare(jid) || occupants.contains(jid)))) { if(account.bare_jid.equals(jid) || (msg.counterpart != null && (msg.counterpart.equals_bare(jid) || occupants.contains(jid)))) {
session_created = module.start_session(stream, jid, device_id, bundle); session_created = module.start_session(stream, jid, device_id, bundle);
} }
@ -339,14 +340,14 @@ public class Manager : StreamInteractionModule, Object {
if (flag == null) return false; if (flag == null) return false;
if (flag.has_room_feature(conversation.counterpart, Xep.Muc.Feature.NON_ANONYMOUS) && flag.has_room_feature(conversation.counterpart, Xep.Muc.Feature.MEMBERS_ONLY)) { if (flag.has_room_feature(conversation.counterpart, Xep.Muc.Feature.NON_ANONYMOUS) && flag.has_room_feature(conversation.counterpart, Xep.Muc.Feature.MEMBERS_ONLY)) {
foreach(Jid jid in stream_interactor.get_module(MucManager.IDENTITY).get_offline_members(conversation.counterpart, conversation.account)) { foreach(Jid jid in stream_interactor.get_module(MucManager.IDENTITY).get_offline_members(conversation.counterpart, conversation.account)) {
if (!((!)module).is_known_address(jid.bare_jid)) return false; if (!trust_manager.is_known_address(conversation.account, jid.bare_jid)) return false;
} }
return true; return true;
} else { } else {
return false; return false;
} }
} else { } else {
return ((!)module).is_known_address(conversation.counterpart.bare_jid); return trust_manager.is_known_address(conversation.account, conversation.counterpart.bare_jid);
} }
} }

View file

@ -16,137 +16,16 @@ private const int NUM_KEYS_TO_PUBLISH = 100;
public class StreamModule : XmppStreamModule { public class StreamModule : XmppStreamModule {
public static Xmpp.ModuleIdentity<StreamModule> IDENTITY = new Xmpp.ModuleIdentity<StreamModule>(NS_URI, "omemo_module"); public static Xmpp.ModuleIdentity<StreamModule> IDENTITY = new Xmpp.ModuleIdentity<StreamModule>(NS_URI, "omemo_module");
private Store store; public Store store { public get; private set; }
private ConcurrentSet<string> active_bundle_requests = new ConcurrentSet<string>(); private ConcurrentSet<string> active_bundle_requests = new ConcurrentSet<string>();
private ConcurrentSet<Jid> active_devicelist_requests = new ConcurrentSet<Jid>(); private ConcurrentSet<Jid> active_devicelist_requests = new ConcurrentSet<Jid>();
private Map<Jid, ArrayList<int32>> device_lists = new HashMap<Jid, ArrayList<int32>>(Jid.hash_bare_func, Jid.equals_bare_func);
private Map<Jid, ArrayList<int32>> ignored_devices = new HashMap<Jid, ArrayList<int32>>(Jid.hash_bare_func, Jid.equals_bare_func); private Map<Jid, ArrayList<int32>> ignored_devices = new HashMap<Jid, ArrayList<int32>>(Jid.hash_bare_func, Jid.equals_bare_func);
private Map<Jid, Gee.List<Jid>> occupants = new HashMap<Jid, ArrayList<Jid>>(Jid.hash_bare_func, Jid.equals_bare_func);
private ReceivedPipelineListener received_pipeline_listener; private ReceivedPipelineListener received_pipeline_listener;
public signal void store_created(Store store); public signal void store_created(Store store);
public signal void device_list_loaded(Jid jid); public signal void device_list_loaded(Jid jid, ArrayList<int32> devices);
public signal void bundle_fetched(Jid jid, int device_id, Bundle bundle); public signal void bundle_fetched(Jid jid, int device_id, Bundle bundle);
public EncryptState encrypt(MessageStanza message, Jid self_jid, Gee.List<Jid> recipients) {
EncryptState status = new EncryptState();
if (!Plugin.ensure_context()) return status;
if (message.to == null) return status;
if(message.type_ == MessageStanza.TYPE_GROUPCHAT) {
occupants[message.to] = recipients;
}
try {
if (!device_lists.has_key(self_jid)) return status;
status.own_list = true;
status.own_devices = device_lists.get(self_jid).size;
status.other_waiting_lists = 0;
status.other_devices = 0;
foreach (Jid recipient in recipients) {
if (!device_lists.has_key(recipient)) {
status.other_waiting_lists++;
return status;
}
status.other_devices += device_lists.get(recipient).size;
}
if (status.own_devices == 0 || status.other_devices == 0) return status;
uint8[] key = new uint8[16];
Plugin.get_context().randomize(key);
uint8[] iv = new uint8[16];
Plugin.get_context().randomize(iv);
uint8[] ciphertext = aes_encrypt(Cipher.AES_GCM_NOPADDING, key, iv, message.body.data);
StanzaNode header;
StanzaNode encrypted = new StanzaNode.build("encrypted", NS_URI).add_self_xmlns()
.put_node(header = new StanzaNode.build("header", NS_URI)
.put_attribute("sid", store.local_registration_id.to_string())
.put_node(new StanzaNode.build("iv", NS_URI)
.put_node(new StanzaNode.text(Base64.encode(iv)))))
.put_node(new StanzaNode.build("payload", NS_URI)
.put_node(new StanzaNode.text(Base64.encode(ciphertext))));
Address address = new Address(message.to.bare_jid.to_string(), 0);
foreach (Jid recipient in recipients) {
foreach(int32 device_id in device_lists[recipient]) {
if (is_ignored_device(recipient, device_id)) {
status.other_lost++;
continue;
}
try {
address.name = recipient.bare_jid.to_string();
address.device_id = (int) device_id;
StanzaNode key_node = create_encrypted_key(key, address);
header.put_node(key_node);
status.other_success++;
} catch (Error e) {
if (e.code == ErrorCode.UNKNOWN) status.other_unknown++;
else status.other_failure++;
}
}
}
address.name = self_jid.bare_jid.to_string();
foreach(int32 device_id in device_lists[self_jid]) {
if (is_ignored_device(self_jid, device_id)) {
status.own_lost++;
continue;
}
if (device_id != store.local_registration_id) {
address.device_id = (int) device_id;
try {
StanzaNode key_node = create_encrypted_key(key, address);
header.put_node(key_node);
status.own_success++;
} catch (Error e) {
if (e.code == ErrorCode.UNKNOWN) status.own_unknown++;
else status.own_failure++;
}
}
}
message.stanza.put_node(encrypted);
Xep.ExplicitEncryption.add_encryption_tag_to_message(message, NS_URI, "OMEMO");
message.body = "[This message is OMEMO encrypted]";
status.encrypted = true;
} catch (Error e) {
if (Plugin.DEBUG) print(@"OMEMO: Signal error while encrypting message: $(e.message)\n");
}
return status;
}
public void untrust_device(Jid jid, int device_id) {
if (device_lists.has_key(jid) && device_lists[jid].contains(device_id)) {
device_lists[jid].remove(device_id);
}
if (store.contains_session(new Address(jid.bare_jid.to_string(), device_id))) {
store.delete_session(new Address(jid.bare_jid.to_string(), device_id));
}
}
public void trust_device(Jid jid, int device_id) {
if (is_ignored_device(jid, device_id)){
ignored_devices[jid].remove(device_id);
}
if (!device_lists.has_key(jid)) {
device_lists[jid] = new ArrayList<int32>();
}
if (!device_lists[jid].contains(device_id)) {
device_lists[jid].add(device_id);
}
}
private StanzaNode create_encrypted_key(uint8[] key, Address address) throws GLib.Error {
SessionCipher cipher = store.create_session_cipher(address);
CiphertextMessage device_key = cipher.encrypt(key);
StanzaNode key_node = new StanzaNode.build("key", NS_URI)
.put_attribute("rid", address.device_id.to_string())
.put_node(new StanzaNode.text(Base64.encode(device_key.serialized)));
if (device_key.type == CiphertextType.PREKEY) key_node.put_attribute("prekey", "true");
return key_node;
}
public override void attach(XmppStream stream) { public override void attach(XmppStream stream) {
if (!Plugin.ensure_context()) return; if (!Plugin.ensure_context()) return;
@ -162,18 +41,9 @@ public class StreamModule : XmppStreamModule {
} }
public void request_user_devicelist(XmppStream stream, Jid jid) { public void request_user_devicelist(XmppStream stream, Jid jid) {
Gee.List<Jid> recipients; if (active_devicelist_requests.add(jid)) {
if (occupants.contains(jid)) { if (Plugin.DEBUG) print(@"OMEMO: requesting device list for $jid\n");
recipients = occupants.get(jid); stream.get_module(Pubsub.Module.IDENTITY).request(stream, jid, NODE_DEVICELIST, (stream, jid, id, node) => on_devicelist(stream, jid, id, node));
} else {
recipients = new ArrayList<Jid>(Jid.equals_bare_func);
recipients.add(jid);
}
foreach (Jid recipient in recipients) {
if (active_devicelist_requests.add(recipient)) {
if (Plugin.DEBUG) print(@"OMEMO: requesting device list for $jid\n");
stream.get_module(Pubsub.Module.IDENTITY).request(stream, recipient, NODE_DEVICELIST, (stream, jid, id, node) => on_devicelist(stream, jid, id, node));
}
} }
} }
@ -197,43 +67,30 @@ public class StreamModule : XmppStreamModule {
publish_bundles_if_needed(stream, jid); publish_bundles_if_needed(stream, jid);
} }
} }
lock(device_lists) {
device_lists[jid] = new ArrayList<int32>(); ArrayList<int32> device_list = new ArrayList<int32>();
foreach (StanzaNode device_node in node.get_subnodes("device")) { foreach (StanzaNode device_node in node.get_subnodes("device")) {
device_lists[jid].add(device_node.get_attribute_int("id")); device_list.add(device_node.get_attribute_int("id"));
}
} }
active_devicelist_requests.remove(jid); active_devicelist_requests.remove(jid);
device_list_loaded(jid); device_list_loaded(jid, device_list);
} }
public void fetch_bundles(XmppStream stream, Jid jid) { public void fetch_bundles(XmppStream stream, Jid jid, Gee.List<int32> devices) {
Gee.List<Jid> recipients; Address address = new Address(jid.bare_jid.to_string(), 0);
if (occupants.contains(jid)) { foreach(int32 device_id in devices) {
recipients = occupants.get(jid); if (!is_ignored_device(jid, device_id)) {
} else { address.device_id = device_id;
recipients = new ArrayList<Jid>(Jid.equals_bare_func); try {
recipients.add(jid); if (!store.contains_session(address)) {
} fetch_bundle(stream, jid, device_id);
foreach (Jid recipient in recipients) {
if (!device_lists.has_key(recipient)) {
return;
}
Address address = new Address(recipient.bare_jid.to_string(), 0);
foreach(int32 device_id in device_lists[recipient]) {
if (!is_ignored_device(recipient, device_id)) {
address.device_id = device_id;
try {
if (!store.contains_session(address)) {
fetch_bundle(stream, recipient, device_id);
}
} catch (Error e) {
// Ignore
} }
} catch (Error e) {
// Ignore
} }
} }
address.device_id = 0;
} }
address.device_id = 0;
} }
public void fetch_bundle(XmppStream stream, Jid jid, int device_id) { public void fetch_bundle(XmppStream stream, Jid jid, int device_id) {
@ -245,18 +102,6 @@ public class StreamModule : XmppStreamModule {
} }
} }
public ArrayList<int32> get_device_list(Jid jid) {
if (is_known_address(jid)) {
return device_lists[jid];
} else {
return new ArrayList<int32>();
}
}
public bool is_known_address(Jid jid) {
return device_lists.has_key(jid);
}
public void ignore_device(Jid jid, int32 device_id) { public void ignore_device(Jid jid, int32 device_id) {
if (device_id <= 0) return; if (device_id <= 0) return;
lock (ignored_devices) { lock (ignored_devices) {

View file

@ -0,0 +1,128 @@
using Dino.Entities;
using Gee;
using Xmpp;
using Signal;
using Qlite;
namespace Dino.Plugins.Omemo {
public class TrustManager {
private StreamInteractor stream_interactor;
private Database db;
public TrustManager(StreamInteractor stream_interactor, Database db) {
this.stream_interactor = stream_interactor;
this.db = db;
}
private StanzaNode create_encrypted_key(uint8[] key, Address address, Store store) throws GLib.Error {
SessionCipher cipher = store.create_session_cipher(address);
CiphertextMessage device_key = cipher.encrypt(key);
StanzaNode key_node = new StanzaNode.build("key", NS_URI)
.put_attribute("rid", address.device_id.to_string())
.put_node(new StanzaNode.text(Base64.encode(device_key.serialized)));
if (device_key.type == CiphertextType.PREKEY) key_node.put_attribute("prekey", "true");
return key_node;
}
public EncryptState encrypt(MessageStanza message, Jid self_jid, Gee.List<Jid> recipients, XmppStream stream, Account account) {
EncryptState status = new EncryptState();
if (!Plugin.ensure_context()) return status;
if (message.to == null) return status;
StreamModule module = stream.get_module(StreamModule.IDENTITY);
try {
if (!is_known_address(account, self_jid)) return status;
status.own_list = true;
status.own_devices = get_trusted_devices(account, self_jid).size;
status.other_waiting_lists = 0;
status.other_devices = 0;
foreach (Jid recipient in recipients) {
if (!is_known_address(account, recipient)) {
status.other_waiting_lists++;
return status;
}
status.other_devices += get_trusted_devices(account, recipient).size;
}
if (status.own_devices == 0 || status.other_devices == 0) return status;
uint8[] key = new uint8[16];
Plugin.get_context().randomize(key);
uint8[] iv = new uint8[16];
Plugin.get_context().randomize(iv);
uint8[] ciphertext = aes_encrypt(Cipher.AES_GCM_NOPADDING, key, iv, message.body.data);
StanzaNode header;
StanzaNode encrypted = new StanzaNode.build("encrypted", NS_URI).add_self_xmlns()
.put_node(header = new StanzaNode.build("header", NS_URI)
.put_attribute("sid", module.store.local_registration_id.to_string())
.put_node(new StanzaNode.build("iv", NS_URI)
.put_node(new StanzaNode.text(Base64.encode(iv)))))
.put_node(new StanzaNode.build("payload", NS_URI)
.put_node(new StanzaNode.text(Base64.encode(ciphertext))));
Address address = new Address(message.to.bare_jid.to_string(), 0);
foreach (Jid recipient in recipients) {
foreach(int32 device_id in get_trusted_devices(account, recipient)) {
if (module.is_ignored_device(recipient, device_id)) {
status.other_lost++;
continue;
}
try {
address.name = recipient.bare_jid.to_string();
address.device_id = (int) device_id;
StanzaNode key_node = create_encrypted_key(key, address, module.store);
header.put_node(key_node);
status.other_success++;
} catch (Error e) {
if (e.code == ErrorCode.UNKNOWN) status.other_unknown++;
else status.other_failure++;
}
}
}
address.name = self_jid.bare_jid.to_string();
foreach(int32 device_id in get_trusted_devices(account, self_jid)) {
if (module.is_ignored_device(self_jid, device_id)) {
status.own_lost++;
continue;
}
if (device_id != module.store.local_registration_id) {
address.device_id = (int) device_id;
try {
StanzaNode key_node = create_encrypted_key(key, address, module.store);
header.put_node(key_node);
status.own_success++;
} catch (Error e) {
if (e.code == ErrorCode.UNKNOWN) status.own_unknown++;
else status.own_failure++;
}
}
}
message.stanza.put_node(encrypted);
Xep.ExplicitEncryption.add_encryption_tag_to_message(message, NS_URI, "OMEMO");
message.body = "[This message is OMEMO encrypted]";
status.encrypted = true;
} catch (Error e) {
if (Plugin.DEBUG) print(@"OMEMO: Signal error while encrypting message: $(e.message)\n");
}
return status;
}
public bool is_known_address(Account account, Jid jid) {
return db.identity_meta.with_address(account.id, jid.to_string()).count() > 0;
}
public Gee.List<int32> get_trusted_devices(Account account, Jid jid) {
Gee.List<int32> devices = new ArrayList<int32>();
foreach (Row device in db.identity_meta.with_address(account.id, jid.to_string()).with(db.identity_meta.trust_level, "!=", Database.IdentityMetaTable.TrustLevel.UNKNOWN).with(db.identity_meta.trust_level, "!=", Database.IdentityMetaTable.TrustLevel.UNTRUSTED).without_null(db.identity_meta.identity_key_public_base64)) {
devices.add(device[db.identity_meta.device_id]);
}
return devices;
}
}
}