Code cleanup: create new trust management class
This commit is contained in:
parent
f2283778f6
commit
7e156b3a75
|
@ -45,6 +45,7 @@ SOURCES
|
|||
src/session_store.vala
|
||||
src/signed_pre_key_store.vala
|
||||
src/stream_module.vala
|
||||
src/trust_manager.vala
|
||||
src/util.vala
|
||||
CUSTOM_VAPIS
|
||||
${CMAKE_BINARY_DIR}/exports/signal-protocol.vapi
|
||||
|
|
|
@ -37,14 +37,6 @@ public class ContactDetailsDialog : Gtk.Dialog {
|
|||
.with(plugin.db.identity_meta.address_name, "=", device[plugin.db.identity_meta.address_name])
|
||||
.with(plugin.db.identity_meta.device_id, "=", device[plugin.db.identity_meta.device_id])
|
||||
.set(plugin.db.identity_meta.trust_level, trust_level).perform();
|
||||
|
||||
if (!own) {
|
||||
if(!trust) {
|
||||
plugin.app.stream_interactor.module_manager.get_module(account, StreamModule.IDENTITY).untrust_device(jid, device[plugin.db.identity_meta.device_id]);
|
||||
} else {
|
||||
plugin.app.stream_interactor.module_manager.get_module(account, StreamModule.IDENTITY).trust_device(jid, device[plugin.db.identity_meta.device_id]);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
private void add_fingerprint(Row device, int row, Database.IdentityMetaTable.TrustLevel trust) {
|
||||
|
|
|
@ -12,6 +12,7 @@ public class Manager : StreamInteractionModule, Object {
|
|||
|
||||
private StreamInteractor stream_interactor;
|
||||
private Database db;
|
||||
private TrustManager trust_manager;
|
||||
private Map<Entities.Message, MessageState> message_states = new HashMap<Entities.Message, MessageState>(Entities.Message.hash_func, Entities.Message.equals_func);
|
||||
private ReceivedMessageListener received_message_listener = new ReceivedMessageListener();
|
||||
|
||||
|
@ -64,6 +65,8 @@ public class Manager : StreamInteractionModule, Object {
|
|||
this.stream_interactor = stream_interactor;
|
||||
this.db = db;
|
||||
|
||||
this.trust_manager = new TrustManager(stream_interactor, db);
|
||||
|
||||
stream_interactor.stream_negotiated.connect(on_stream_negotiated);
|
||||
stream_interactor.account_added.connect(on_account_added);
|
||||
stream_interactor.get_module(MessageProcessor.IDENTITY).received_pipeline.connect(received_message_listener);
|
||||
|
@ -85,9 +88,12 @@ public class Manager : StreamInteractionModule, Object {
|
|||
}
|
||||
}
|
||||
|
||||
private Gee.List<Jid> get_occupants(Jid muc, Account account){
|
||||
private Gee.List<Jid> get_occupants(Jid jid, Account account){
|
||||
Gee.List<Jid> occupants = new ArrayList<Jid>(Jid.equals_bare_func);
|
||||
Gee.List<Jid>? occupant_jids = stream_interactor.get_module(MucManager.IDENTITY).get_offline_members(muc, account);
|
||||
if(!stream_interactor.get_module(MucManager.IDENTITY).is_groupchat(jid, account)){
|
||||
occupants.add(jid);
|
||||
}
|
||||
Gee.List<Jid>? occupant_jids = stream_interactor.get_module(MucManager.IDENTITY).get_offline_members(jid, account);
|
||||
if(occupant_jids == null) {
|
||||
return occupants;
|
||||
}
|
||||
|
@ -113,14 +119,6 @@ public class Manager : StreamInteractionModule, Object {
|
|||
}
|
||||
StreamModule module = (!)module_;
|
||||
|
||||
foreach (Row row in db.identity_meta.with_address(conversation.account.id, conversation.account.bare_jid.to_string())){
|
||||
if(row[db.identity_meta.trust_level] == Database.IdentityMetaTable.TrustLevel.TRUSTED || row[db.identity_meta.trust_level] == Database.IdentityMetaTable.TrustLevel.VERIFIED){
|
||||
module.trust_device(conversation.account.bare_jid, row[db.identity_meta.device_id]);
|
||||
} else {
|
||||
module.untrust_device(conversation.account.bare_jid, row[db.identity_meta.device_id]);
|
||||
}
|
||||
}
|
||||
|
||||
Gee.List<Jid> recipients;
|
||||
if (message_stanza.type_ == MessageStanza.TYPE_GROUPCHAT) {
|
||||
recipients = get_occupants((!)message.to.bare_jid, conversation.account);
|
||||
|
@ -133,7 +131,7 @@ public class Manager : StreamInteractionModule, Object {
|
|||
recipients.add(message_stanza.to);
|
||||
}
|
||||
|
||||
EncryptState enc_state = module.encrypt(message_stanza, conversation.account.bare_jid, recipients);
|
||||
EncryptState enc_state = trust_manager.encrypt(message_stanza, conversation.account.bare_jid, recipients, stream, conversation.account);
|
||||
MessageState state;
|
||||
lock (message_states) {
|
||||
if (message_states.has_key(message)) {
|
||||
|
@ -156,13 +154,17 @@ public class Manager : StreamInteractionModule, Object {
|
|||
if (Plugin.DEBUG) print(@"OMEMO: message will be delayed: $state\n");
|
||||
|
||||
if (state.waiting_own_sessions > 0) {
|
||||
module.fetch_bundles((!)stream, conversation.account.bare_jid);
|
||||
module.fetch_bundles((!)stream, conversation.account.bare_jid, trust_manager.get_trusted_devices(conversation.account, conversation.account.bare_jid));
|
||||
}
|
||||
if (state.waiting_other_sessions > 0 && message.counterpart != null) {
|
||||
module.fetch_bundles((!)stream, ((!)message.counterpart).bare_jid);
|
||||
foreach(Jid jid in get_occupants(((!)message.counterpart).bare_jid, conversation.account)) {
|
||||
module.fetch_bundles((!)stream, jid, trust_manager.get_trusted_devices(conversation.account, jid));
|
||||
}
|
||||
}
|
||||
if (state.waiting_other_devicelists > 0 && message.counterpart != null) {
|
||||
module.request_user_devicelist((!)stream, ((!)message.counterpart).bare_jid);
|
||||
foreach(Jid jid in get_occupants(((!)message.counterpart).bare_jid, conversation.account)) {
|
||||
module.request_user_devicelist((!)stream, jid);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -171,7 +173,7 @@ public class Manager : StreamInteractionModule, Object {
|
|||
|
||||
private void on_account_added(Account account) {
|
||||
stream_interactor.module_manager.get_module(account, StreamModule.IDENTITY).store_created.connect((store) => on_store_created(account, store));
|
||||
stream_interactor.module_manager.get_module(account, StreamModule.IDENTITY).device_list_loaded.connect((jid) => on_device_list_loaded(account, jid));
|
||||
stream_interactor.module_manager.get_module(account, StreamModule.IDENTITY).device_list_loaded.connect((jid, devices) => on_device_list_loaded(account, jid, devices));
|
||||
stream_interactor.module_manager.get_module(account, StreamModule.IDENTITY).bundle_fetched.connect((jid, device_id, bundle) => on_bundle_fetched(account, jid, device_id, bundle));
|
||||
}
|
||||
|
||||
|
@ -179,8 +181,33 @@ public class Manager : StreamInteractionModule, Object {
|
|||
stream_interactor.module_manager.get_module(account, StreamModule.IDENTITY).request_user_devicelist(stream, account.bare_jid);
|
||||
}
|
||||
|
||||
private void on_device_list_loaded(Account account, Jid jid) {
|
||||
private void on_device_list_loaded(Account account, Jid jid, ArrayList<int32> device_list) {
|
||||
if (Plugin.DEBUG) print(@"OMEMO: received device list for $(account.bare_jid) from $jid\n");
|
||||
|
||||
// Update meta database
|
||||
XmppStream? stream = stream_interactor.get_stream(account);
|
||||
if (stream == null) {
|
||||
return;
|
||||
}
|
||||
StreamModule? module = ((!)stream).get_module(StreamModule.IDENTITY);
|
||||
if (module == null) {
|
||||
return;
|
||||
}
|
||||
|
||||
db.identity_meta.insert_device_list(account.id, jid.bare_jid.to_string(), device_list);
|
||||
int inc = 0;
|
||||
foreach (Row row in db.identity_meta.with_address(account.id, jid.bare_jid.to_string()).with_null(db.identity_meta.identity_key_public_base64)) {
|
||||
module.fetch_bundle(stream, Jid.parse(row[db.identity_meta.address_name]), row[db.identity_meta.device_id]);
|
||||
inc++;
|
||||
}
|
||||
if (inc > 0) {
|
||||
if (Plugin.DEBUG) print(@"OMEMO: new bundles $inc/$(device_list.size) for $jid\n");
|
||||
}
|
||||
|
||||
if (db.trust.select().with(db.trust.identity_id, "=", account.id).with(db.trust.address_name, "=", jid.bare_jid.to_string()).count() == 0) {
|
||||
db.trust.insert().value(db.trust.identity_id, account.id).value(db.trust.address_name, jid.bare_jid.to_string()).value(db.trust.blind_trust, true).perform();
|
||||
}
|
||||
|
||||
HashSet<Entities.Message> send_now = new HashSet<Entities.Message>();
|
||||
lock (message_states) {
|
||||
foreach (Entities.Message msg in message_states.keys) {
|
||||
|
@ -189,7 +216,7 @@ public class Manager : StreamInteractionModule, Object {
|
|||
MessageState state = message_states[msg];
|
||||
if (account.bare_jid.equals(jid)) {
|
||||
state.waiting_own_devicelist = false;
|
||||
} else if (msg.counterpart != null && (msg.counterpart.equals_bare(jid) || occupants.contains(jid))) {
|
||||
} else if (msg.counterpart != null && occupants.contains(jid)) {
|
||||
state.waiting_other_devicelists--;
|
||||
}
|
||||
if (state.should_retry_now()) {
|
||||
|
@ -205,30 +232,6 @@ public class Manager : StreamInteractionModule, Object {
|
|||
stream_interactor.get_module(MessageProcessor.IDENTITY).send_xmpp_message(msg, (!)conv, true);
|
||||
}
|
||||
|
||||
// Update meta database
|
||||
XmppStream? stream = stream_interactor.get_stream(account);
|
||||
if (stream == null) {
|
||||
return;
|
||||
}
|
||||
StreamModule? module = ((!)stream).get_module(StreamModule.IDENTITY);
|
||||
if (module == null) {
|
||||
return;
|
||||
}
|
||||
|
||||
ArrayList<int32> device_list = module.get_device_list(jid);
|
||||
db.identity_meta.insert_device_list(account.id, jid.bare_jid.to_string(), device_list);
|
||||
int inc = 0;
|
||||
foreach (Row row in db.identity_meta.with_address(account.id, jid.bare_jid.to_string()).with_null(db.identity_meta.identity_key_public_base64)) {
|
||||
module.fetch_bundle(stream, Jid.parse(row[db.identity_meta.address_name]), row[db.identity_meta.device_id]);
|
||||
inc++;
|
||||
}
|
||||
if (inc > 0) {
|
||||
if (Plugin.DEBUG) print(@"OMEMO: new bundles $inc/$(device_list.size) for $jid\n");
|
||||
}
|
||||
|
||||
if (db.trust.select().with(db.trust.identity_id, "=", account.id).with(db.trust.address_name, "=", jid.bare_jid.to_string()).count() == 0) {
|
||||
db.trust.insert().value(db.trust.identity_id, account.id).value(db.trust.address_name, jid.bare_jid.to_string()).value(db.trust.blind_trust, true).perform();
|
||||
}
|
||||
}
|
||||
|
||||
public void on_bundle_fetched(Account account, Jid jid, int32 device_id, Bundle bundle) {
|
||||
|
@ -264,9 +267,7 @@ public class Manager : StreamInteractionModule, Object {
|
|||
|
||||
MessageState state = message_states[msg];
|
||||
|
||||
if (trusted != Database.IdentityMetaTable.TrustLevel.TRUSTED && trusted != Database.IdentityMetaTable.TrustLevel.VERIFIED) {
|
||||
module.untrust_device(jid, device_id);
|
||||
} else {
|
||||
if (trusted == Database.IdentityMetaTable.TrustLevel.TRUSTED || trusted == Database.IdentityMetaTable.TrustLevel.VERIFIED) {
|
||||
if(account.bare_jid.equals(jid) || (msg.counterpart != null && (msg.counterpart.equals_bare(jid) || occupants.contains(jid)))) {
|
||||
session_created = module.start_session(stream, jid, device_id, bundle);
|
||||
}
|
||||
|
@ -339,14 +340,14 @@ public class Manager : StreamInteractionModule, Object {
|
|||
if (flag == null) return false;
|
||||
if (flag.has_room_feature(conversation.counterpart, Xep.Muc.Feature.NON_ANONYMOUS) && flag.has_room_feature(conversation.counterpart, Xep.Muc.Feature.MEMBERS_ONLY)) {
|
||||
foreach(Jid jid in stream_interactor.get_module(MucManager.IDENTITY).get_offline_members(conversation.counterpart, conversation.account)) {
|
||||
if (!((!)module).is_known_address(jid.bare_jid)) return false;
|
||||
if (!trust_manager.is_known_address(conversation.account, jid.bare_jid)) return false;
|
||||
}
|
||||
return true;
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
} else {
|
||||
return ((!)module).is_known_address(conversation.counterpart.bare_jid);
|
||||
return trust_manager.is_known_address(conversation.account, conversation.counterpart.bare_jid);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -16,137 +16,16 @@ private const int NUM_KEYS_TO_PUBLISH = 100;
|
|||
public class StreamModule : XmppStreamModule {
|
||||
public static Xmpp.ModuleIdentity<StreamModule> IDENTITY = new Xmpp.ModuleIdentity<StreamModule>(NS_URI, "omemo_module");
|
||||
|
||||
private Store store;
|
||||
public Store store { public get; private set; }
|
||||
private ConcurrentSet<string> active_bundle_requests = new ConcurrentSet<string>();
|
||||
private ConcurrentSet<Jid> active_devicelist_requests = new ConcurrentSet<Jid>();
|
||||
private Map<Jid, ArrayList<int32>> device_lists = new HashMap<Jid, ArrayList<int32>>(Jid.hash_bare_func, Jid.equals_bare_func);
|
||||
private Map<Jid, ArrayList<int32>> ignored_devices = new HashMap<Jid, ArrayList<int32>>(Jid.hash_bare_func, Jid.equals_bare_func);
|
||||
private Map<Jid, Gee.List<Jid>> occupants = new HashMap<Jid, ArrayList<Jid>>(Jid.hash_bare_func, Jid.equals_bare_func);
|
||||
private ReceivedPipelineListener received_pipeline_listener;
|
||||
|
||||
public signal void store_created(Store store);
|
||||
public signal void device_list_loaded(Jid jid);
|
||||
public signal void device_list_loaded(Jid jid, ArrayList<int32> devices);
|
||||
public signal void bundle_fetched(Jid jid, int device_id, Bundle bundle);
|
||||
|
||||
public EncryptState encrypt(MessageStanza message, Jid self_jid, Gee.List<Jid> recipients) {
|
||||
EncryptState status = new EncryptState();
|
||||
if (!Plugin.ensure_context()) return status;
|
||||
if (message.to == null) return status;
|
||||
|
||||
if(message.type_ == MessageStanza.TYPE_GROUPCHAT) {
|
||||
occupants[message.to] = recipients;
|
||||
}
|
||||
|
||||
try {
|
||||
if (!device_lists.has_key(self_jid)) return status;
|
||||
status.own_list = true;
|
||||
status.own_devices = device_lists.get(self_jid).size;
|
||||
status.other_waiting_lists = 0;
|
||||
status.other_devices = 0;
|
||||
foreach (Jid recipient in recipients) {
|
||||
if (!device_lists.has_key(recipient)) {
|
||||
status.other_waiting_lists++;
|
||||
return status;
|
||||
}
|
||||
status.other_devices += device_lists.get(recipient).size;
|
||||
}
|
||||
if (status.own_devices == 0 || status.other_devices == 0) return status;
|
||||
|
||||
uint8[] key = new uint8[16];
|
||||
Plugin.get_context().randomize(key);
|
||||
uint8[] iv = new uint8[16];
|
||||
Plugin.get_context().randomize(iv);
|
||||
|
||||
uint8[] ciphertext = aes_encrypt(Cipher.AES_GCM_NOPADDING, key, iv, message.body.data);
|
||||
|
||||
StanzaNode header;
|
||||
StanzaNode encrypted = new StanzaNode.build("encrypted", NS_URI).add_self_xmlns()
|
||||
.put_node(header = new StanzaNode.build("header", NS_URI)
|
||||
.put_attribute("sid", store.local_registration_id.to_string())
|
||||
.put_node(new StanzaNode.build("iv", NS_URI)
|
||||
.put_node(new StanzaNode.text(Base64.encode(iv)))))
|
||||
.put_node(new StanzaNode.build("payload", NS_URI)
|
||||
.put_node(new StanzaNode.text(Base64.encode(ciphertext))));
|
||||
|
||||
Address address = new Address(message.to.bare_jid.to_string(), 0);
|
||||
foreach (Jid recipient in recipients) {
|
||||
foreach(int32 device_id in device_lists[recipient]) {
|
||||
if (is_ignored_device(recipient, device_id)) {
|
||||
status.other_lost++;
|
||||
continue;
|
||||
}
|
||||
try {
|
||||
address.name = recipient.bare_jid.to_string();
|
||||
address.device_id = (int) device_id;
|
||||
StanzaNode key_node = create_encrypted_key(key, address);
|
||||
header.put_node(key_node);
|
||||
status.other_success++;
|
||||
} catch (Error e) {
|
||||
if (e.code == ErrorCode.UNKNOWN) status.other_unknown++;
|
||||
else status.other_failure++;
|
||||
}
|
||||
}
|
||||
}
|
||||
address.name = self_jid.bare_jid.to_string();
|
||||
foreach(int32 device_id in device_lists[self_jid]) {
|
||||
if (is_ignored_device(self_jid, device_id)) {
|
||||
status.own_lost++;
|
||||
continue;
|
||||
}
|
||||
if (device_id != store.local_registration_id) {
|
||||
address.device_id = (int) device_id;
|
||||
try {
|
||||
StanzaNode key_node = create_encrypted_key(key, address);
|
||||
header.put_node(key_node);
|
||||
status.own_success++;
|
||||
} catch (Error e) {
|
||||
if (e.code == ErrorCode.UNKNOWN) status.own_unknown++;
|
||||
else status.own_failure++;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
message.stanza.put_node(encrypted);
|
||||
Xep.ExplicitEncryption.add_encryption_tag_to_message(message, NS_URI, "OMEMO");
|
||||
message.body = "[This message is OMEMO encrypted]";
|
||||
status.encrypted = true;
|
||||
} catch (Error e) {
|
||||
if (Plugin.DEBUG) print(@"OMEMO: Signal error while encrypting message: $(e.message)\n");
|
||||
}
|
||||
return status;
|
||||
}
|
||||
|
||||
public void untrust_device(Jid jid, int device_id) {
|
||||
if (device_lists.has_key(jid) && device_lists[jid].contains(device_id)) {
|
||||
device_lists[jid].remove(device_id);
|
||||
}
|
||||
if (store.contains_session(new Address(jid.bare_jid.to_string(), device_id))) {
|
||||
store.delete_session(new Address(jid.bare_jid.to_string(), device_id));
|
||||
}
|
||||
}
|
||||
|
||||
public void trust_device(Jid jid, int device_id) {
|
||||
if (is_ignored_device(jid, device_id)){
|
||||
ignored_devices[jid].remove(device_id);
|
||||
}
|
||||
if (!device_lists.has_key(jid)) {
|
||||
device_lists[jid] = new ArrayList<int32>();
|
||||
}
|
||||
if (!device_lists[jid].contains(device_id)) {
|
||||
device_lists[jid].add(device_id);
|
||||
}
|
||||
}
|
||||
|
||||
private StanzaNode create_encrypted_key(uint8[] key, Address address) throws GLib.Error {
|
||||
SessionCipher cipher = store.create_session_cipher(address);
|
||||
CiphertextMessage device_key = cipher.encrypt(key);
|
||||
StanzaNode key_node = new StanzaNode.build("key", NS_URI)
|
||||
.put_attribute("rid", address.device_id.to_string())
|
||||
.put_node(new StanzaNode.text(Base64.encode(device_key.serialized)));
|
||||
if (device_key.type == CiphertextType.PREKEY) key_node.put_attribute("prekey", "true");
|
||||
return key_node;
|
||||
}
|
||||
|
||||
public override void attach(XmppStream stream) {
|
||||
if (!Plugin.ensure_context()) return;
|
||||
|
||||
|
@ -162,18 +41,9 @@ public class StreamModule : XmppStreamModule {
|
|||
}
|
||||
|
||||
public void request_user_devicelist(XmppStream stream, Jid jid) {
|
||||
Gee.List<Jid> recipients;
|
||||
if (occupants.contains(jid)) {
|
||||
recipients = occupants.get(jid);
|
||||
} else {
|
||||
recipients = new ArrayList<Jid>(Jid.equals_bare_func);
|
||||
recipients.add(jid);
|
||||
}
|
||||
foreach (Jid recipient in recipients) {
|
||||
if (active_devicelist_requests.add(recipient)) {
|
||||
if (active_devicelist_requests.add(jid)) {
|
||||
if (Plugin.DEBUG) print(@"OMEMO: requesting device list for $jid\n");
|
||||
stream.get_module(Pubsub.Module.IDENTITY).request(stream, recipient, NODE_DEVICELIST, (stream, jid, id, node) => on_devicelist(stream, jid, id, node));
|
||||
}
|
||||
stream.get_module(Pubsub.Module.IDENTITY).request(stream, jid, NODE_DEVICELIST, (stream, jid, id, node) => on_devicelist(stream, jid, id, node));
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -197,35 +67,23 @@ public class StreamModule : XmppStreamModule {
|
|||
publish_bundles_if_needed(stream, jid);
|
||||
}
|
||||
}
|
||||
lock(device_lists) {
|
||||
device_lists[jid] = new ArrayList<int32>();
|
||||
|
||||
ArrayList<int32> device_list = new ArrayList<int32>();
|
||||
foreach (StanzaNode device_node in node.get_subnodes("device")) {
|
||||
device_lists[jid].add(device_node.get_attribute_int("id"));
|
||||
}
|
||||
device_list.add(device_node.get_attribute_int("id"));
|
||||
}
|
||||
active_devicelist_requests.remove(jid);
|
||||
device_list_loaded(jid);
|
||||
device_list_loaded(jid, device_list);
|
||||
}
|
||||
|
||||
public void fetch_bundles(XmppStream stream, Jid jid) {
|
||||
Gee.List<Jid> recipients;
|
||||
if (occupants.contains(jid)) {
|
||||
recipients = occupants.get(jid);
|
||||
} else {
|
||||
recipients = new ArrayList<Jid>(Jid.equals_bare_func);
|
||||
recipients.add(jid);
|
||||
}
|
||||
foreach (Jid recipient in recipients) {
|
||||
if (!device_lists.has_key(recipient)) {
|
||||
return;
|
||||
}
|
||||
Address address = new Address(recipient.bare_jid.to_string(), 0);
|
||||
foreach(int32 device_id in device_lists[recipient]) {
|
||||
if (!is_ignored_device(recipient, device_id)) {
|
||||
public void fetch_bundles(XmppStream stream, Jid jid, Gee.List<int32> devices) {
|
||||
Address address = new Address(jid.bare_jid.to_string(), 0);
|
||||
foreach(int32 device_id in devices) {
|
||||
if (!is_ignored_device(jid, device_id)) {
|
||||
address.device_id = device_id;
|
||||
try {
|
||||
if (!store.contains_session(address)) {
|
||||
fetch_bundle(stream, recipient, device_id);
|
||||
fetch_bundle(stream, jid, device_id);
|
||||
}
|
||||
} catch (Error e) {
|
||||
// Ignore
|
||||
|
@ -234,7 +92,6 @@ public class StreamModule : XmppStreamModule {
|
|||
}
|
||||
address.device_id = 0;
|
||||
}
|
||||
}
|
||||
|
||||
public void fetch_bundle(XmppStream stream, Jid jid, int device_id) {
|
||||
if (active_bundle_requests.add(jid.bare_jid.to_string() + @":$device_id")) {
|
||||
|
@ -245,18 +102,6 @@ public class StreamModule : XmppStreamModule {
|
|||
}
|
||||
}
|
||||
|
||||
public ArrayList<int32> get_device_list(Jid jid) {
|
||||
if (is_known_address(jid)) {
|
||||
return device_lists[jid];
|
||||
} else {
|
||||
return new ArrayList<int32>();
|
||||
}
|
||||
}
|
||||
|
||||
public bool is_known_address(Jid jid) {
|
||||
return device_lists.has_key(jid);
|
||||
}
|
||||
|
||||
public void ignore_device(Jid jid, int32 device_id) {
|
||||
if (device_id <= 0) return;
|
||||
lock (ignored_devices) {
|
||||
|
|
128
plugins/omemo/src/trust_manager.vala
Normal file
128
plugins/omemo/src/trust_manager.vala
Normal file
|
@ -0,0 +1,128 @@
|
|||
using Dino.Entities;
|
||||
using Gee;
|
||||
using Xmpp;
|
||||
using Signal;
|
||||
using Qlite;
|
||||
|
||||
namespace Dino.Plugins.Omemo {
|
||||
|
||||
public class TrustManager {
|
||||
|
||||
private StreamInteractor stream_interactor;
|
||||
private Database db;
|
||||
|
||||
public TrustManager(StreamInteractor stream_interactor, Database db) {
|
||||
this.stream_interactor = stream_interactor;
|
||||
this.db = db;
|
||||
}
|
||||
|
||||
private StanzaNode create_encrypted_key(uint8[] key, Address address, Store store) throws GLib.Error {
|
||||
SessionCipher cipher = store.create_session_cipher(address);
|
||||
CiphertextMessage device_key = cipher.encrypt(key);
|
||||
StanzaNode key_node = new StanzaNode.build("key", NS_URI)
|
||||
.put_attribute("rid", address.device_id.to_string())
|
||||
.put_node(new StanzaNode.text(Base64.encode(device_key.serialized)));
|
||||
if (device_key.type == CiphertextType.PREKEY) key_node.put_attribute("prekey", "true");
|
||||
return key_node;
|
||||
}
|
||||
|
||||
public EncryptState encrypt(MessageStanza message, Jid self_jid, Gee.List<Jid> recipients, XmppStream stream, Account account) {
|
||||
EncryptState status = new EncryptState();
|
||||
if (!Plugin.ensure_context()) return status;
|
||||
if (message.to == null) return status;
|
||||
|
||||
StreamModule module = stream.get_module(StreamModule.IDENTITY);
|
||||
|
||||
try {
|
||||
if (!is_known_address(account, self_jid)) return status;
|
||||
status.own_list = true;
|
||||
status.own_devices = get_trusted_devices(account, self_jid).size;
|
||||
status.other_waiting_lists = 0;
|
||||
status.other_devices = 0;
|
||||
foreach (Jid recipient in recipients) {
|
||||
if (!is_known_address(account, recipient)) {
|
||||
status.other_waiting_lists++;
|
||||
return status;
|
||||
}
|
||||
status.other_devices += get_trusted_devices(account, recipient).size;
|
||||
}
|
||||
if (status.own_devices == 0 || status.other_devices == 0) return status;
|
||||
|
||||
uint8[] key = new uint8[16];
|
||||
Plugin.get_context().randomize(key);
|
||||
uint8[] iv = new uint8[16];
|
||||
Plugin.get_context().randomize(iv);
|
||||
|
||||
uint8[] ciphertext = aes_encrypt(Cipher.AES_GCM_NOPADDING, key, iv, message.body.data);
|
||||
|
||||
StanzaNode header;
|
||||
StanzaNode encrypted = new StanzaNode.build("encrypted", NS_URI).add_self_xmlns()
|
||||
.put_node(header = new StanzaNode.build("header", NS_URI)
|
||||
.put_attribute("sid", module.store.local_registration_id.to_string())
|
||||
.put_node(new StanzaNode.build("iv", NS_URI)
|
||||
.put_node(new StanzaNode.text(Base64.encode(iv)))))
|
||||
.put_node(new StanzaNode.build("payload", NS_URI)
|
||||
.put_node(new StanzaNode.text(Base64.encode(ciphertext))));
|
||||
|
||||
Address address = new Address(message.to.bare_jid.to_string(), 0);
|
||||
foreach (Jid recipient in recipients) {
|
||||
foreach(int32 device_id in get_trusted_devices(account, recipient)) {
|
||||
if (module.is_ignored_device(recipient, device_id)) {
|
||||
status.other_lost++;
|
||||
continue;
|
||||
}
|
||||
try {
|
||||
address.name = recipient.bare_jid.to_string();
|
||||
address.device_id = (int) device_id;
|
||||
StanzaNode key_node = create_encrypted_key(key, address, module.store);
|
||||
header.put_node(key_node);
|
||||
status.other_success++;
|
||||
} catch (Error e) {
|
||||
if (e.code == ErrorCode.UNKNOWN) status.other_unknown++;
|
||||
else status.other_failure++;
|
||||
}
|
||||
}
|
||||
}
|
||||
address.name = self_jid.bare_jid.to_string();
|
||||
foreach(int32 device_id in get_trusted_devices(account, self_jid)) {
|
||||
if (module.is_ignored_device(self_jid, device_id)) {
|
||||
status.own_lost++;
|
||||
continue;
|
||||
}
|
||||
if (device_id != module.store.local_registration_id) {
|
||||
address.device_id = (int) device_id;
|
||||
try {
|
||||
StanzaNode key_node = create_encrypted_key(key, address, module.store);
|
||||
header.put_node(key_node);
|
||||
status.own_success++;
|
||||
} catch (Error e) {
|
||||
if (e.code == ErrorCode.UNKNOWN) status.own_unknown++;
|
||||
else status.own_failure++;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
message.stanza.put_node(encrypted);
|
||||
Xep.ExplicitEncryption.add_encryption_tag_to_message(message, NS_URI, "OMEMO");
|
||||
message.body = "[This message is OMEMO encrypted]";
|
||||
status.encrypted = true;
|
||||
} catch (Error e) {
|
||||
if (Plugin.DEBUG) print(@"OMEMO: Signal error while encrypting message: $(e.message)\n");
|
||||
}
|
||||
return status;
|
||||
}
|
||||
|
||||
public bool is_known_address(Account account, Jid jid) {
|
||||
return db.identity_meta.with_address(account.id, jid.to_string()).count() > 0;
|
||||
}
|
||||
|
||||
public Gee.List<int32> get_trusted_devices(Account account, Jid jid) {
|
||||
Gee.List<int32> devices = new ArrayList<int32>();
|
||||
foreach (Row device in db.identity_meta.with_address(account.id, jid.to_string()).with(db.identity_meta.trust_level, "!=", Database.IdentityMetaTable.TrustLevel.UNKNOWN).with(db.identity_meta.trust_level, "!=", Database.IdentityMetaTable.TrustLevel.UNTRUSTED).without_null(db.identity_meta.identity_key_public_base64)) {
|
||||
devices.add(device[db.identity_meta.device_id]);
|
||||
}
|
||||
return devices;
|
||||
}
|
||||
}
|
||||
|
||||
}
|
Loading…
Reference in a new issue