From c029da49bc20fdaf6da2788fbb83662ec9cf278e Mon Sep 17 00:00:00 2001 From: fiaxh Date: Fri, 27 Mar 2020 19:28:13 +0100 Subject: [PATCH] Warn about undecrypted and untrusted messages --- plugins/omemo/CMakeLists.txt | 1 + plugins/omemo/src/logic/database.vala | 30 ++- plugins/omemo/src/logic/trust_manager.vala | 249 ++++++++++-------- plugins/omemo/src/plugin.vala | 1 + .../omemo/src/ui/bad_messages_populator.vala | 136 ++++++++++ 5 files changed, 301 insertions(+), 116 deletions(-) create mode 100644 plugins/omemo/src/ui/bad_messages_populator.vala diff --git a/plugins/omemo/CMakeLists.txt b/plugins/omemo/CMakeLists.txt index 8ae4acc3..ca64b353 100644 --- a/plugins/omemo/CMakeLists.txt +++ b/plugins/omemo/CMakeLists.txt @@ -53,6 +53,7 @@ SOURCES src/ui/account_settings_entry.vala src/ui/account_settings_widget.vala + src/ui/bad_messages_populator.vala src/ui/contact_details_provider.vala src/ui/contact_details_dialog.vala src/ui/device_notification_populator.vala diff --git a/plugins/omemo/src/logic/database.vala b/plugins/omemo/src/logic/database.vala index 7a320696..429b5f0b 100644 --- a/plugins/omemo/src/logic/database.vala +++ b/plugins/omemo/src/logic/database.vala @@ -6,7 +6,7 @@ using Dino.Entities; namespace Dino.Plugins.Omemo { public class Database : Qlite.Database { - private const int VERSION = 4; + private const int VERSION = 5; public class IdentityMetaTable : Table { //Default to provide backwards compatability @@ -18,10 +18,12 @@ public class Database : Qlite.Database { public Column trust_level = new Column.Integer("trust_level") { default = TrustLevel.UNKNOWN.to_string(), min_version = 2 }; public Column now_active = new Column.BoolInt("now_active") { default = "1" }; public Column last_active = new Column.Long("last_active"); + public Column last_message_untrusted = new Column.Long("last_message_untrusted") { min_version = 5 }; + public Column last_message_undecryptable = new Column.Long("last_message_undecryptable") { min_version = 5 }; internal IdentityMetaTable(Database db) { base(db, "identity_meta"); - init({identity_id, address_name, device_id, identity_key_public_base64, trusted_identity, trust_level, now_active, last_active}); + init({identity_id, address_name, device_id, identity_key_public_base64, trusted_identity, trust_level, now_active, last_active, last_message_untrusted, last_message_undecryptable}); index("identity_meta_idx", {identity_id, address_name, device_id}, true); index("identity_meta_list_idx", {identity_id, address_name}); } @@ -78,6 +80,30 @@ public class Database : Qlite.Database { .value(this.trust_level, trust).perform(); } + public void update_last_message_untrusted(int identity_id, int device_id, DateTime? time) { + var stmt = update() + .with(this.identity_id, "=", identity_id) + .with(this.device_id, "=", device_id); + if (time != null) { + stmt.set(last_message_untrusted, (long)time.to_unix()); + } else { + stmt.set_null(last_message_untrusted); + } + stmt.perform(); + } + + public void update_last_message_undecryptable(int identity_id, int device_id, DateTime? time) { + var stmt = update() + .with(this.identity_id, "=", identity_id) + .with(this.device_id, "=", device_id); + if (time != null) { + stmt.set(last_message_undecryptable, (long)time.to_unix()); + } else { + stmt.set_null(last_message_undecryptable); + } + stmt.perform(); + } + public QueryBuilder get_trusted_devices(int identity_id, string address_name) { return this.with_address(identity_id, address_name) .with(this.trust_level, "!=", TrustLevel.UNTRUSTED) diff --git a/plugins/omemo/src/logic/trust_manager.vala b/plugins/omemo/src/logic/trust_manager.vala index 14f19102..1e77fcdd 100644 --- a/plugins/omemo/src/logic/trust_manager.vala +++ b/plugins/omemo/src/logic/trust_manager.vala @@ -8,6 +8,8 @@ namespace Dino.Plugins.Omemo { public class TrustManager { + public signal void bad_message_state_updated(Account account, Jid jid, int device_id); + private StreamInteractor stream_interactor; private Database db; private DecryptMessageListener decrypt_message_listener; @@ -19,8 +21,8 @@ public class TrustManager { this.stream_interactor = stream_interactor; this.db = db; - decrypt_message_listener = new DecryptMessageListener(stream_interactor, db, message_device_id_map); - tag_message_listener = new TagMessageListener(stream_interactor, db, message_device_id_map); + decrypt_message_listener = new DecryptMessageListener(stream_interactor, this, db, message_device_id_map); + tag_message_listener = new TagMessageListener(stream_interactor, this, db, message_device_id_map); stream_interactor.get_module(MessageProcessor.IDENTITY).received_pipeline.connect(decrypt_message_listener); stream_interactor.get_module(MessageProcessor.IDENTITY).received_pipeline.connect(tag_message_listener); } @@ -60,6 +62,11 @@ public class TrustManager { .where(selection, selection_args) .perform(); } + + if (trust_level == TrustLevel.TRUSTED) { + db.identity_meta.update_last_message_untrusted(identity_id, device_id, null); + bad_message_state_updated(account, jid, device_id); + } } private StanzaNode create_encrypted_key_node(uint8[] key, Address address, Store store) throws GLib.Error { @@ -204,11 +211,13 @@ public class TrustManager { public override string[] after_actions { get { return after_actions_const; } } private StreamInteractor stream_interactor; + private TrustManager trust_manager; private Database db; private HashMap message_device_id_map; - public TagMessageListener(StreamInteractor stream_interactor, Database db, HashMap message_device_id_map) { + public TagMessageListener(StreamInteractor stream_interactor, TrustManager trust_manager, Database db, HashMap message_device_id_map) { this.stream_interactor = stream_interactor; + this.trust_manager = trust_manager; this.db = db; this.message_device_id_map = message_device_id_map; } @@ -234,6 +243,8 @@ public class TrustManager { TrustLevel trust_level = (TrustLevel) db.identity_meta.get_device(identity_id, jid.bare_jid.to_string(), device_id)[db.identity_meta.trust_level]; if (trust_level == TrustLevel.UNTRUSTED || trust_level == TrustLevel.UNKNOWN) { stream_interactor.get_module(ContentItemStore.IDENTITY).set_item_hide(content_item, true); + db.identity_meta.update_last_message_untrusted(identity_id, device_id, message.time); + trust_manager.bad_message_state_updated(conversation.account, jid, device_id); } db.content_item_meta.insert() @@ -254,11 +265,13 @@ public class TrustManager { public override string[] after_actions { get { return after_actions_const; } } private StreamInteractor stream_interactor; + private TrustManager trust_manager; private Database db; private HashMap message_device_id_map; - public DecryptMessageListener(StreamInteractor stream_interactor, Database db, HashMap message_device_id_map) { + public DecryptMessageListener(StreamInteractor stream_interactor, TrustManager trust_manager, Database db, HashMap message_device_id_map) { this.stream_interactor = stream_interactor; + this.trust_manager = trust_manager; this.db = db; this.message_device_id_map = message_device_id_map; } @@ -270,9 +283,6 @@ public class TrustManager { StanzaNode? _encrypted = stanza.stanza.get_subnode("encrypted", NS_URI); if (_encrypted == null || MessageFlag.get_flag(stanza) != null || stanza.from == null) return false; StanzaNode encrypted = (!)_encrypted; - if (message.body == null && Xep.ExplicitEncryption.get_encryption_tag(stanza) == NS_URI) { - message.body = "[This message is OMEMO encrypted]"; // TODO temporary - }; if (!Plugin.ensure_context()) return false; int identity_id = db.identity.get_id(conversation.account.id); MessageFlag flag = new MessageFlag(); @@ -282,118 +292,129 @@ public class TrustManager { StanzaNode header = (!)_header; int sid = header.get_attribute_int("sid"); if (sid <= 0) return false; + + var our_nodes = new ArrayList(); foreach (StanzaNode key_node in header.get_subnodes("key")) { debug("Is ours? %d =? %u", key_node.get_attribute_int("rid"), store.local_registration_id); if (key_node.get_attribute_int("rid") == store.local_registration_id) { - - string? payload = encrypted.get_deep_string_content("payload"); - string? iv_node = header.get_deep_string_content("iv"); - string? key_node_content = key_node.get_string_content(); - if (payload == null || iv_node == null || key_node_content == null) continue; - uint8[] key; - uint8[] ciphertext = Base64.decode((!)payload); - uint8[] iv = Base64.decode((!)iv_node); - Gee.List possible_jids = new ArrayList(); - if (conversation.type_ == Conversation.Type.CHAT) { - possible_jids.add(stanza.from.bare_jid); - } else { - Jid? real_jid = message.real_jid; - if (real_jid != null) { - possible_jids.add(real_jid.bare_jid); - } else if (key_node.get_attribute_bool("prekey")) { - // pre key messages do store the identity key, so we can use that to find the real jid - PreKeySignalMessage msg = Plugin.get_context().deserialize_pre_key_signal_message(Base64.decode((!)key_node_content)); - string identity_key = Base64.encode(msg.identity_key.serialize()); - foreach (Row row in db.identity_meta.get_with_device_id(identity_id, sid).with(db.identity_meta.identity_key_public_base64, "=", identity_key)) { - try { - possible_jids.add(new Jid(row[db.identity_meta.address_name])); - } catch (InvalidJidError e) { - warning("Ignoring invalid jid from database: %s", e.message); - } - } - if (possible_jids.size != 1) { - continue; - } - } else { - // If we don't know the device name (MUC history w/o MAM), test decryption with all keys with fitting device id - foreach (Row row in db.identity_meta.get_with_device_id(identity_id, sid)) { - try { - possible_jids.add(new Jid(row[db.identity_meta.address_name])); - } catch (InvalidJidError e) { - warning("Ignoring invalid jid from database: %s", e.message); - } - } - } - } - - if (possible_jids.size == 0) { - debug("Received message from unknown entity with device id %d", sid); - } - - foreach (Jid possible_jid in possible_jids) { - try { - Address address = new Address(possible_jid.to_string(), sid); - if (key_node.get_attribute_bool("prekey")) { - Row? device = db.identity_meta.get_device(identity_id, possible_jid.to_string(), sid); - PreKeySignalMessage msg = Plugin.get_context().deserialize_pre_key_signal_message(Base64.decode((!)key_node_content)); - string identity_key = Base64.encode(msg.identity_key.serialize()); - if (device != null && device[db.identity_meta.identity_key_public_base64] != null) { - if (device[db.identity_meta.identity_key_public_base64] != identity_key) { - critical("Tried to use a different identity key for a known device id."); - continue; - } - } else { - debug("Learn new device from incoming message from %s/%d", possible_jid.to_string(), sid); - bool blind_trust = db.trust.get_blind_trust(identity_id, possible_jid.to_string(), true); - if (db.identity_meta.insert_device_session(identity_id, possible_jid.to_string(), sid, identity_key, blind_trust ? TrustLevel.TRUSTED : TrustLevel.UNKNOWN) < 0) { - critical("Failed learning a device."); - continue; - } - XmppStream? stream = stream_interactor.get_stream(conversation.account); - if (device == null && stream != null) { - module.request_user_devicelist.begin(stream, possible_jid); - } - } - debug("Starting new session for decryption with device from %s/%d", possible_jid.to_string(), sid); - SessionCipher cipher = store.create_session_cipher(address); - key = cipher.decrypt_pre_key_signal_message(msg); - // TODO: Finish session - } else { - debug("Continuing session for decryption with device from %s/%d", possible_jid.to_string(), sid); - SignalMessage msg = Plugin.get_context().deserialize_signal_message(Base64.decode((!)key_node_content)); - SessionCipher cipher = store.create_session_cipher(address); - key = cipher.decrypt_signal_message(msg); - } - //address.device_id = 0; // TODO: Hack to have address obj live longer - - if (key.length >= 32) { - int authtaglength = key.length - 16; - uint8[] new_ciphertext = new uint8[ciphertext.length + authtaglength]; - uint8[] new_key = new uint8[16]; - Memory.copy(new_ciphertext, ciphertext, ciphertext.length); - Memory.copy((uint8*)new_ciphertext + ciphertext.length, (uint8*)key + 16, authtaglength); - Memory.copy(new_key, key, 16); - ciphertext = new_ciphertext; - key = new_key; - } - - message.body = arr_to_str(aes_decrypt(Cipher.AES_GCM_NOPADDING, key, iv, ciphertext)); - message_device_id_map[message] = address.device_id; - message.encryption = Encryption.OMEMO; - flag.decrypted = true; - } catch (Error e) { - debug("Decrypting message from %s/%d failed: %s", possible_jid.to_string(), sid, e.message); - continue; - } - - // If we figured out which real jid a message comes from due to decryption working, save it - if (conversation.type_ == Conversation.Type.GROUPCHAT && message.real_jid == null) { - message.real_jid = possible_jid; - } - return false; - } + our_nodes.add(key_node); } } + + foreach (StanzaNode key_node in our_nodes) { + string? payload = encrypted.get_deep_string_content("payload"); + string? iv_node = header.get_deep_string_content("iv"); + string? key_node_content = key_node.get_string_content(); + if (payload == null || iv_node == null || key_node_content == null) continue; + uint8[] key; + uint8[] ciphertext = Base64.decode((!)payload); + uint8[] iv = Base64.decode((!)iv_node); + Gee.List possible_jids = new ArrayList(); + if (conversation.type_ == Conversation.Type.CHAT) { + possible_jids.add(stanza.from.bare_jid); + } else { + Jid? real_jid = message.real_jid; + if (real_jid != null) { + possible_jids.add(real_jid.bare_jid); + } else if (key_node.get_attribute_bool("prekey")) { + // pre key messages do store the identity key, so we can use that to find the real jid + PreKeySignalMessage msg = Plugin.get_context().deserialize_pre_key_signal_message(Base64.decode((!)key_node_content)); + string identity_key = Base64.encode(msg.identity_key.serialize()); + foreach (Row row in db.identity_meta.get_with_device_id(identity_id, sid).with(db.identity_meta.identity_key_public_base64, "=", identity_key)) { + try { + possible_jids.add(new Jid(row[db.identity_meta.address_name])); + } catch (InvalidJidError e) { + warning("Ignoring invalid jid from database: %s", e.message); + } + } + if (possible_jids.size != 1) { + continue; + } + } else { + // If we don't know the device name (MUC history w/o MAM), test decryption with all keys with fitting device id + foreach (Row row in db.identity_meta.get_with_device_id(identity_id, sid)) { + try { + possible_jids.add(new Jid(row[db.identity_meta.address_name])); + } catch (InvalidJidError e) { + warning("Ignoring invalid jid from database: %s", e.message); + } + } + } + } + + if (possible_jids.size == 0) { + debug("Received message from unknown entity with device id %d", sid); + } + + foreach (Jid possible_jid in possible_jids) { + try { + Address address = new Address(possible_jid.to_string(), sid); + if (key_node.get_attribute_bool("prekey")) { + Row? device = db.identity_meta.get_device(identity_id, possible_jid.to_string(), sid); + PreKeySignalMessage msg = Plugin.get_context().deserialize_pre_key_signal_message(Base64.decode((!)key_node_content)); + string identity_key = Base64.encode(msg.identity_key.serialize()); + if (device != null && device[db.identity_meta.identity_key_public_base64] != null) { + if (device[db.identity_meta.identity_key_public_base64] != identity_key) { + critical("Tried to use a different identity key for a known device id."); + continue; + } + } else { + debug("Learn new device from incoming message from %s/%d", possible_jid.to_string(), sid); + bool blind_trust = db.trust.get_blind_trust(identity_id, possible_jid.to_string(), true); + if (db.identity_meta.insert_device_session(identity_id, possible_jid.to_string(), sid, identity_key, blind_trust ? TrustLevel.TRUSTED : TrustLevel.UNKNOWN) < 0) { + critical("Failed learning a device."); + continue; + } + XmppStream? stream = stream_interactor.get_stream(conversation.account); + if (device == null && stream != null) { + module.request_user_devicelist.begin(stream, possible_jid); + } + } + debug("Starting new session for decryption with device from %s/%d", possible_jid.to_string(), sid); + SessionCipher cipher = store.create_session_cipher(address); + key = cipher.decrypt_pre_key_signal_message(msg); + // TODO: Finish session + } else { + debug("Continuing session for decryption with device from %s/%d", possible_jid.to_string(), sid); + SignalMessage msg = Plugin.get_context().deserialize_signal_message(Base64.decode((!)key_node_content)); + SessionCipher cipher = store.create_session_cipher(address); + key = cipher.decrypt_signal_message(msg); + } + //address.device_id = 0; // TODO: Hack to have address obj live longer + + if (key.length >= 32) { + int authtaglength = key.length - 16; + uint8[] new_ciphertext = new uint8[ciphertext.length + authtaglength]; + uint8[] new_key = new uint8[16]; + Memory.copy(new_ciphertext, ciphertext, ciphertext.length); + Memory.copy((uint8*)new_ciphertext + ciphertext.length, (uint8*)key + 16, authtaglength); + Memory.copy(new_key, key, 16); + ciphertext = new_ciphertext; + key = new_key; + } + + message.body = arr_to_str(aes_decrypt(Cipher.AES_GCM_NOPADDING, key, iv, ciphertext)); + message_device_id_map[message] = address.device_id; + message.encryption = Encryption.OMEMO; + flag.decrypted = true; + } catch (Error e) { + debug("Decrypting message from %s/%d failed: %s", possible_jid.to_string(), sid, e.message); + continue; + } + + // If we figured out which real jid a message comes from due to decryption working, save it + if (conversation.type_ == Conversation.Type.GROUPCHAT && message.real_jid == null) { + message.real_jid = possible_jid; + } + return false; + } + } + + if (our_nodes.size == 0) { + db.identity_meta.update_last_message_undecryptable(identity_id, sid, message.time); + trust_manager.bad_message_state_updated(conversation.account, message.from, sid); + } + debug("Received OMEMO encryped message that could not be decrypted."); return false; } diff --git a/plugins/omemo/src/plugin.vala b/plugins/omemo/src/plugin.vala index 0e740f20..d928994f 100644 --- a/plugins/omemo/src/plugin.vala +++ b/plugins/omemo/src/plugin.vala @@ -47,6 +47,7 @@ public class Plugin : RootInterface, Object { this.app.plugin_registry.register_account_settings_entry(settings_entry); this.app.plugin_registry.register_contact_details_entry(contact_details_provider); this.app.plugin_registry.register_notification_populator(device_notification_populator); + this.app.plugin_registry.register_conversation_addition_populator(new BadMessagesPopulator(this.app.stream_interactor, this)); this.app.stream_interactor.module_manager.initialize_account_modules.connect((account, list) => { list.add(new StreamModule()); list.add(new JetOmemo.Module(this)); diff --git a/plugins/omemo/src/ui/bad_messages_populator.vala b/plugins/omemo/src/ui/bad_messages_populator.vala new file mode 100644 index 00000000..4c72dece --- /dev/null +++ b/plugins/omemo/src/ui/bad_messages_populator.vala @@ -0,0 +1,136 @@ +using Gee; +using Gtk; +using Qlite; + +using Dino.Entities; +using Xmpp; + +namespace Dino.Plugins.Omemo { + +public enum BadnessType { + UNTRUSTED, + UNDECRYPTABLE +} + +public class BadMessagesPopulator : Plugins.ConversationItemPopulator, Plugins.ConversationAdditionPopulator, Object { + + public string id { get { return "bad_omemo_messages"; } } + + private StreamInteractor stream_interactor; + private Plugin plugin; + private Database db; + + private Conversation? current_conversation; + private Plugins.ConversationItemCollection? item_collection; + + private Gee.List bad_items = new ArrayList(); + + public BadMessagesPopulator(StreamInteractor stream_interactor, Plugin plugin) { + this.stream_interactor = stream_interactor; + this.plugin = plugin; + this.db = plugin.db; + + plugin.trust_manager.bad_message_state_updated.connect((account, jid, device_id) => { + clear_state(); + init_state(); + }); + } + + private void init_state() { + var qry = db.identity_meta.select() + .join_with(db.identity, db.identity.id, db.identity_meta.identity_id) + .with(db.identity.account_id, "=", current_conversation.account.id) + .with(db.identity_meta.address_name, "=", current_conversation.counterpart.to_string()) + .where("last_message_untrusted is not NULL OR last_message_undecryptable is not NULL"); + + foreach (Row row in qry) { + Jid jid = new Jid(row[db.identity_meta.address_name]); + if (!db.identity_meta.last_message_untrusted.is_null(row)) { + DateTime time = new DateTime.from_unix_utc(row[db.identity_meta.last_message_untrusted]); + var item = new BadMessageItem(plugin, current_conversation.account, jid, time, BadnessType.UNTRUSTED); + bad_items.add(item); + item_collection.insert_item(item); + } + if (!db.identity_meta.last_message_undecryptable.is_null(row)) { + DateTime time = new DateTime.from_unix_utc(row[db.identity_meta.last_message_undecryptable]); + var item = new BadMessageItem(plugin, current_conversation.account, jid, time, BadnessType.UNDECRYPTABLE); + bad_items.add(item); + item_collection.insert_item(item); + } + } + } + + private void clear_state() { + foreach (BadMessageItem bad_item in bad_items) { + item_collection.remove_item(bad_item); + } + } + + public void init(Conversation conversation, Plugins.ConversationItemCollection item_collection, Plugins.WidgetType type) { + current_conversation = conversation; + this.item_collection = item_collection; + + init_state(); + } + + public void close(Conversation conversation) { } + + public void populate_timespan(Conversation conversation, DateTime after, DateTime before) { } +} + +public class BadMessageItem : Plugins.MetaConversationItem { + public override bool can_merge { get; set; default=false; } + public override bool requires_avatar { get; set; default=false; } + public override bool requires_header { get; set; default=false; } + + private Plugin plugin; + private Account account; + private DateTime date; + private Jid problem_jid; + private BadnessType badness_type; + + public BadMessageItem(Plugin plugin, Account account, Jid jid, DateTime date, BadnessType badness_type) { + this.plugin = plugin; + this.account = account; + this.problem_jid = jid; + this.date = date; + this.sort_time = date; + this.badness_type = badness_type; + } + + public override Object? get_widget(Plugins.WidgetType widget_type) { + return new BadMessagesWidget(plugin, account, problem_jid, badness_type); + } +} + +public class BadMessagesWidget : Box { + public BadMessagesWidget(Plugin plugin, Account account, Jid jid, BadnessType badness_type) { + Object(orientation:Orientation.HORIZONTAL, spacing:5); + + this.halign = Align.CENTER; + this.visible = true; + + var sb = new StringBuilder(); + if (badness_type == BadnessType.UNTRUSTED) { + sb.append("Your contact has been using an untrusted device. You won't see messages from devices that you do not trust."); + sb.append(" %s".printf(_("Manage devices"))); + } else { + sb.append("Your contact does not trust this device. That means, you might be missing messages."); + } + Label label = new Label(sb.str) { margin_start=70, margin_end=70, justify=Justification.CENTER, use_markup=true, selectable=true, wrap=true, wrap_mode=Pango.WrapMode.WORD_CHAR, hexpand=true, visible=true }; + label.get_style_context().add_class("dim-label"); + this.add(label); + + label.activate_link.connect(() => { + if (badness_type == BadnessType.UNTRUSTED) { + ContactDetailsDialog dialog = new ContactDetailsDialog(plugin, account, jid); + dialog.set_transient_for((Window) get_toplevel()); + dialog.present(); + } + + return false; + }); + } +} + +}