From bbe578343e5544aea2b57aebcadb37a1b31c8ba2 Mon Sep 17 00:00:00 2001 From: Samuel Hand Date: Mon, 28 May 2018 01:01:37 +0100 Subject: [PATCH 01/38] remove bundle requests so session creation doesn't fail --- plugins/omemo/src/stream_module.vala | 1 + 1 file changed, 1 insertion(+) diff --git a/plugins/omemo/src/stream_module.vala b/plugins/omemo/src/stream_module.vala index 0148a7f2..6e6772ca 100644 --- a/plugins/omemo/src/stream_module.vala +++ b/plugins/omemo/src/stream_module.vala @@ -197,6 +197,7 @@ public class StreamModule : XmppStreamModule { if (active_bundle_requests.add(jid.bare_jid.to_string() + @":$device_id")) { if (Plugin.DEBUG) print(@"OMEMO: Asking for bundle from $(jid.bare_jid.to_string()):$device_id\n"); stream.get_module(Pubsub.Module.IDENTITY).request(stream, jid.bare_jid, @"$NODE_BUNDLES:$device_id", (stream, jid, id, node) => { + stream.get_module(IDENTITY).active_bundle_requests.remove(jid.bare_jid.to_string() + @":$device_id"); bundle_fetched(jid, device_id, new Bundle(node)); }); } From 630df3a2ee3ac5086ab15ecbb4da88e0e2e9c82d Mon Sep 17 00:00:00 2001 From: Samuel Hand Date: Fri, 8 Jun 2018 02:37:50 +0100 Subject: [PATCH 02/38] Properly handle the case where the recipients device list hasn't been fetched --- plugins/omemo/src/manager.vala | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/plugins/omemo/src/manager.vala b/plugins/omemo/src/manager.vala index 00b73138..eb0c6378 100644 --- a/plugins/omemo/src/manager.vala +++ b/plugins/omemo/src/manager.vala @@ -37,12 +37,12 @@ public class Manager : StreamInteractionModule, Object { this.waiting_other_sessions = new_try.other_unknown; this.waiting_own_sessions = new_try.own_unknown; this.waiting_own_devicelist = !new_try.own_list; - this.waiting_other_devicelist = !new_try.own_list; + this.waiting_other_devicelist = !new_try.other_list; this.active_send_attempt = false; will_send_now = false; if (new_try.other_failure > 0 || (new_try.other_lost == new_try.other_devices && new_try.other_devices > 0)) { msg.marked = Entities.Message.Marked.WONTSEND; - } else if (new_try.other_unknown > 0 || new_try.own_devices == 0) { + } else if (new_try.other_unknown > 0 || new_try.own_unknown > 0 || !new_try.other_list || !new_try.own_list || new_try.own_devices == 0) { msg.marked = Entities.Message.Marked.UNSENT; } else if (!new_try.encrypted) { msg.marked = Entities.Message.Marked.WONTSEND; From 40c6835600cc6ebcb816f9aee4a6540ef8e362f0 Mon Sep 17 00:00:00 2001 From: Samuel Hand Date: Mon, 11 Jun 2018 07:11:04 +0100 Subject: [PATCH 03/38] Add trust management utilities to the omemo plugin --- libdino/src/plugin/interfaces.vala | 6 + .../conversation_view.vala | 14 ++ plugins/omemo/CMakeLists.txt | 3 + plugins/omemo/data/contact_details_dialog.ui | 111 +++++++++++++++ plugins/omemo/src/contact_details_dialog.vala | 130 ++++++++++++++++++ .../omemo/src/contact_details_provider.vala | 23 +++- plugins/omemo/src/database.vala | 46 +++++-- .../src/device_notification_populator.vala | 92 +++++++++++++ plugins/omemo/src/manager.vala | 76 +++++++++- plugins/omemo/src/plugin.vala | 5 +- plugins/omemo/src/stream_module.vala | 75 ++++++---- plugins/signal-protocol/src/store.vala | 6 +- 12 files changed, 539 insertions(+), 48 deletions(-) create mode 100644 plugins/omemo/data/contact_details_dialog.ui create mode 100644 plugins/omemo/src/contact_details_dialog.vala create mode 100644 plugins/omemo/src/device_notification_populator.vala diff --git a/libdino/src/plugin/interfaces.vala b/libdino/src/plugin/interfaces.vala index 62260076..1bd3676b 100644 --- a/libdino/src/plugin/interfaces.vala +++ b/libdino/src/plugin/interfaces.vala @@ -98,9 +98,15 @@ public abstract class MetaConversationItem : Object { public abstract Object? get_widget(WidgetType type); } +public abstract class MetaConversationNotification : Object { + public abstract Object? get_widget(WidgetType type); +} + public interface ConversationItemCollection : Object { public signal void insert_item(MetaConversationItem item); public signal void remove_item(MetaConversationItem item); + public signal void add_meta_notification(MetaConversationNotification item); + public signal void remove_meta_notification(MetaConversationNotification item); } public interface MessageDisplayProvider : Object { diff --git a/main/src/ui/conversation_summary/conversation_view.vala b/main/src/ui/conversation_summary/conversation_view.vala index fac53b7d..87a2dd34 100644 --- a/main/src/ui/conversation_summary/conversation_view.vala +++ b/main/src/ui/conversation_summary/conversation_view.vala @@ -44,6 +44,8 @@ public class ConversationView : Box, Plugins.ConversationItemCollection { insert_item.connect(on_insert_item); remove_item.connect(on_remove_item); + add_meta_notification.connect(on_add_meta_notification); + remove_meta_notification.connect(on_remove_meta_notification); Application app = GLib.Application.get_default() as Application; app.plugin_registry.register_conversation_item_populator(new ChatStatePopulator(stream_interactor)); @@ -126,6 +128,18 @@ public class ConversationView : Box, Plugins.ConversationItemCollection { } } + public void on_add_meta_notification(Plugins.MetaConversationNotification notification) { + Widget? widget = (Widget) notification.get_widget(Plugins.WidgetType.GTK); + if(widget != null) + add_notification(widget); + } + + public void on_remove_meta_notification(Plugins.MetaConversationNotification notification){ + Widget? widget = (Widget) notification.get_widget(Plugins.WidgetType.GTK); + if(widget != null) + remove_notification(widget); + } + public void add_notification(Widget widget) { notifications.add(widget); Timeout.add(20, () => { diff --git a/plugins/omemo/CMakeLists.txt b/plugins/omemo/CMakeLists.txt index 50cd6627..bcec941b 100644 --- a/plugins/omemo/CMakeLists.txt +++ b/plugins/omemo/CMakeLists.txt @@ -13,6 +13,7 @@ find_packages(OMEMO_PACKAGES REQUIRED set(RESOURCE_LIST account_settings_dialog.ui + contact_details_dialog.ui ) compile_gresources( @@ -32,7 +33,9 @@ SOURCES src/account_settings_widget.vala src/bundle.vala src/contact_details_provider.vala + src/contact_details_dialog.vala src/database.vala + src/device_notification_populator.vala src/encrypt_state.vala src/encryption_list_entry.vala src/manager.vala diff --git a/plugins/omemo/data/contact_details_dialog.ui b/plugins/omemo/data/contact_details_dialog.ui new file mode 100644 index 00000000..e26f79af --- /dev/null +++ b/plugins/omemo/data/contact_details_dialog.ui @@ -0,0 +1,111 @@ + + + + diff --git a/plugins/omemo/src/contact_details_dialog.vala b/plugins/omemo/src/contact_details_dialog.vala new file mode 100644 index 00000000..3b60580e --- /dev/null +++ b/plugins/omemo/src/contact_details_dialog.vala @@ -0,0 +1,130 @@ +using Gtk; +using Xmpp; +using Gee; +using Qlite; +using Dino.Entities; + +namespace Dino.Plugins.Omemo { + +[GtkTemplate (ui = "/im/dino/Dino/omemo/contact_details_dialog.ui")] +public class ContactDetailsDialog : Gtk.Dialog { + + private Plugin plugin; + private Account account; + private Jid jid; + + [GtkChild] private Grid fingerprints; + [GtkChild] private Box fingerprints_prompt_label; + [GtkChild] private Frame fingerprints_prompt_container; + [GtkChild] private Grid fingerprints_prompt; + + + private void set_device_trust(Row device, bool trust) { + plugin.db.identity_meta.update() + .with(plugin.db.identity_meta.identity_id, "=", account.id) + .with(plugin.db.identity_meta.address_name, "=", device[plugin.db.identity_meta.address_name]) + .with(plugin.db.identity_meta.device_id, "=", device[plugin.db.identity_meta.device_id]) + .set(plugin.db.identity_meta.trusted_identity, trust).perform(); + + if(!trust) { + plugin.app.stream_interactor.module_manager.get_module(account, StreamModule.IDENTITY).untrust_device(jid, device[plugin.db.identity_meta.device_id]); + } else { + plugin.app.stream_interactor.module_manager.get_module(account, StreamModule.IDENTITY).trust_device(jid, device[plugin.db.identity_meta.device_id]); + } + } + + private void add_fingerprint(Row device, int row, bool trust) { + string res = fingerprint_markup(fingerprint_from_base64(device[plugin.db.identity_meta.identity_key_public_base64])); + Label lbl = new Label(res) + { use_markup=true, justify=Justification.RIGHT, visible=true, margin = 8, halign = Align.START, valign = Align.CENTER }; + Switch tgl = new Switch() {visible = true, halign = Align.END, valign = Align.CENTER, margin = 8, hexpand = true, active = trust }; + tgl.state_set.connect((active) => { + set_device_trust(device, active); + + return false; + }); + + fingerprints.attach(lbl, 0, row); + fingerprints.attach(tgl, 1, row); + } + + public ContactDetailsDialog(Plugin plugin, Account account, Jid jid) { + Object(use_header_bar : 1); + this.plugin = plugin; + this.account = account; + this.jid = jid; + + int i = 0; + foreach (Row device in plugin.db.identity_meta.with_address(jid.to_string()).without_null(plugin.db.identity_meta.trusted_identity).with(plugin.db.identity_meta.identity_id, "=", account.id)) { + if(device[plugin.db.identity_meta.identity_key_public_base64] == null) + continue; + add_fingerprint(device, i, device[plugin.db.identity_meta.trusted_identity]); + + i++; + + } + + int j = 0; + foreach (Row device in plugin.db.identity_meta.with_address(jid.to_string()).with_null(plugin.db.identity_meta.trusted_identity).with(plugin.db.identity_meta.identity_id, "=", account.id)) { + if(device[plugin.db.identity_meta.identity_key_public_base64] == null) + continue; + + string res = fingerprint_markup(fingerprint_from_base64(device[plugin.db.identity_meta.identity_key_public_base64])); + Label lbl = new Label(res) + { use_markup=true, justify=Justification.RIGHT, visible=true, margin = 8, halign = Align.START }; + + Box box = new Box(Gtk.Orientation.HORIZONTAL, 0) { visible = true, valign = Align.CENTER, hexpand = true, margin = 8 }; + + Button yes = new Button() { visible = true, valign = Align.CENTER, hexpand = true}; + yes.image = new Image.from_icon_name("list-add-symbolic", IconSize.BUTTON); + + yes.clicked.connect(() => { + set_device_trust(device, true); + + fingerprints_prompt.remove(box); + fingerprints_prompt.remove(lbl); + j--; + + add_fingerprint(device, i, true); + i++; + + if(j == 0) + fingerprints_prompt.attach(new Label("No more new devices") { visible = true, valign = Align.CENTER, halign = Align.CENTER, margin = 8, hexpand = true }, 0, 0); + }); + + Button no = new Button() { visible = true, valign = Align.CENTER, hexpand = true}; + no.image = new Image.from_icon_name("list-remove-symbolic", IconSize.BUTTON); + + no.clicked.connect(() => { + set_device_trust(device, false); + + fingerprints_prompt.remove(box); + fingerprints_prompt.remove(lbl); + j--; + + add_fingerprint(device, i, false); + i++; + + if(j == 0) + fingerprints_prompt.attach(new Label("No more new devices") { visible = true, valign = Align.CENTER, halign = Align.CENTER, margin = 8, hexpand = true }, 0, 0); + }); + + box.pack_start(yes); + box.pack_start(no); + + box.get_style_context().add_class("linked"); + + fingerprints_prompt.attach(lbl, 0, j); + fingerprints_prompt.attach(box, 1, j); + j++; + } + if( j > 0 ){ + fingerprints_prompt_label.visible = true; + fingerprints_prompt_container.visible = true; + } + + } + +} + +} diff --git a/plugins/omemo/src/contact_details_provider.vala b/plugins/omemo/src/contact_details_provider.vala index 05b85d9f..2c6c4944 100644 --- a/plugins/omemo/src/contact_details_provider.vala +++ b/plugins/omemo/src/contact_details_provider.vala @@ -1,4 +1,5 @@ using Gtk; +using Gee; using Qlite; using Dino.Entities; @@ -15,20 +16,28 @@ public class ContactDetailsProvider : Plugins.ContactDetailsProvider, Object { public void populate(Conversation conversation, Plugins.ContactDetails contact_details, WidgetType type) { if (conversation.type_ == Conversation.Type.CHAT && type == WidgetType.GTK) { - string res = ""; + int i = 0; foreach (Row row in plugin.db.identity_meta.with_address(conversation.counterpart.to_string())) { if (row[plugin.db.identity_meta.identity_key_public_base64] != null) { - if (i != 0) { - res += "\n\n"; - } - res += fingerprint_markup(fingerprint_from_base64(row[plugin.db.identity_meta.identity_key_public_base64])); i++; } } + if (i > 0) { - Label label = new Label(res) { use_markup=true, justify=Justification.RIGHT, selectable=true, visible=true }; - contact_details.add(_("Encryption"), "OMEMO", n("%d OMEMO device", "%d OMEMO devices", i).printf(i), label); + Button btn = new Button(); + btn.image = new Image.from_icon_name("view-list-symbolic", IconSize.BUTTON); + btn.relief = ReliefStyle.NONE; + btn.visible = true; + btn.valign = Align.CENTER; + btn.clicked.connect(() => { + btn.activate(); + ContactDetailsDialog dialog = new ContactDetailsDialog(plugin, conversation.account, conversation.counterpart); + dialog.set_transient_for((Window) btn.get_toplevel()); + dialog.present(); + }); + + contact_details.add(_("Encryption"), "OMEMO", n("%d OMEMO device", "%d OMEMO devices", i).printf(i), btn); } } } diff --git a/plugins/omemo/src/database.vala b/plugins/omemo/src/database.vala index 5c7309f3..2b295322 100644 --- a/plugins/omemo/src/database.vala +++ b/plugins/omemo/src/database.vala @@ -9,28 +9,30 @@ public class Database : Qlite.Database { private const int VERSION = 1; public class IdentityMetaTable : Table { + public Column identity_id = new Column.Integer("identity_id") { not_null = true }; public Column address_name = new Column.Text("address_name") { not_null = true }; public Column device_id = new Column.Integer("device_id") { not_null = true }; public Column identity_key_public_base64 = new Column.Text("identity_key_public_base64"); - public Column trusted_identity = new Column.BoolInt("trusted_identity") { default = "0" }; + public Column trusted_identity = new Column.BoolInt("trusted_identity"); public Column now_active = new Column.BoolInt("now_active") { default = "1" }; public Column last_active = new Column.Long("last_active"); internal IdentityMetaTable(Database db) { base(db, "identity_meta"); - init({address_name, device_id, identity_key_public_base64, trusted_identity, now_active, last_active}); - index("identity_meta_idx", {address_name, device_id}, true); - index("identity_meta_list_idx", {address_name}); + init({identity_id, address_name, device_id, identity_key_public_base64, trusted_identity, now_active, last_active}); + index("identity_meta_idx", {identity_id, address_name, device_id}, true); + index("identity_meta_list_idx", {identity_id, address_name}); } public QueryBuilder with_address(string address_name) { return select().with(this.address_name, "=", address_name); } - public void insert_device_list(string address_name, ArrayList devices) { + public void insert_device_list(int32 identity_id, string address_name, ArrayList devices) { update().with(this.address_name, "=", address_name).set(now_active, false).perform(); foreach (int32 device_id in devices) { upsert() + .value(this.identity_id, identity_id, true) .value(this.address_name, address_name, true) .value(this.device_id, device_id, true) .value(this.now_active, true) @@ -39,13 +41,35 @@ public class Database : Qlite.Database { } } - public int64 insert_device_bundle(string address_name, int device_id, Bundle bundle) { + public int64 insert_device_bundle(int32 identity_id, string address_name, int device_id, Bundle bundle, bool? trust) { if (bundle == null || bundle.identity_key == null) return -1; - return upsert() + UpsertBuilder query = upsert() + .value(this.identity_id, identity_id, true) .value(this.address_name, address_name, true) .value(this.device_id, device_id, true) - .value(this.identity_key_public_base64, Base64.encode(bundle.identity_key.serialize())) - .perform(); + .value(this.identity_key_public_base64, Base64.encode(bundle.identity_key.serialize())); + if(trust != null) + query.value(this.trusted_identity, trust); + return query.perform(); + } + } + + + public class TrustTable : Table { + public Column identity_id = new Column.Integer("identity_id") { not_null = true }; + public Column address_name = new Column.Text("address_name"); + public Column blind_trust = new Column.BoolInt("blind_trust") { default = "1" } ; + + internal TrustTable(Database db) { + base(db, "trust"); + init({identity_id, address_name, blind_trust}); + index("trust_idx", {identity_id, address_name}, true); + } + + public bool get_blind_trust(int32 identity_id, string address_name) { + return this.select().with(this.identity_id, "=", identity_id) + .with(this.address_name, "=", address_name) + .with(this.blind_trust, "=", true).count() > 0; } } @@ -103,6 +127,7 @@ public class Database : Qlite.Database { } public IdentityMetaTable identity_meta { get; private set; } + public TrustTable trust { get; private set; } public IdentityTable identity { get; private set; } public SignedPreKeyTable signed_pre_key { get; private set; } public PreKeyTable pre_key { get; private set; } @@ -111,11 +136,12 @@ public class Database : Qlite.Database { public Database(string fileName) { base(fileName, VERSION); identity_meta = new IdentityMetaTable(this); + trust = new TrustTable(this); identity = new IdentityTable(this); signed_pre_key = new SignedPreKeyTable(this); pre_key = new PreKeyTable(this); session = new SessionTable(this); - init({identity_meta, identity, signed_pre_key, pre_key, session}); + init({identity_meta, trust, identity, signed_pre_key, pre_key, session}); try { exec("PRAGMA synchronous=0"); } catch (Error e) { } diff --git a/plugins/omemo/src/device_notification_populator.vala b/plugins/omemo/src/device_notification_populator.vala new file mode 100644 index 00000000..6b3e668b --- /dev/null +++ b/plugins/omemo/src/device_notification_populator.vala @@ -0,0 +1,92 @@ +using Dino.Entities; +using Xmpp; +using Gtk; + +namespace Dino.Plugins.Omemo { + +public class DeviceNotificationPopulator : ConversationItemPopulator, Object { + + public string id { get { return "device_notification"; } } + + private StreamInteractor? stream_interactor; + private Plugin plugin; + private Conversation? current_conversation; + private ConversationItemCollection? item_collection; + private ConversationNotification notification; + + public DeviceNotificationPopulator(Plugin plugin, StreamInteractor stream_interactor) { + this.stream_interactor = stream_interactor; + this.plugin = plugin; + } + + public bool has_new_devices(Jid jid) { + return plugin.db.identity_meta.with_address(jid.bare_jid.to_string()).with(plugin.db.identity_meta.identity_id, "=", current_conversation.account.id).with_null(plugin.db.identity_meta.trusted_identity).without_null(plugin.db.identity_meta.identity_key_public_base64).count() > 0; + } + + public void init(Conversation conversation, ConversationItemCollection item_collection, Plugins.WidgetType type) { + current_conversation = conversation; + this.item_collection = item_collection; + stream_interactor.module_manager.get_module(conversation.account, StreamModule.IDENTITY).device_list_loaded.connect((jid) => { + if(jid == conversation.counterpart && has_new_devices(conversation.counterpart) && conversation.type_ == Conversation.Type.CHAT) + display_notification(); + }); + if (has_new_devices(conversation.counterpart) && conversation.type_ == Conversation.Type.CHAT) + display_notification(); + } + + public void close(Conversation conversation) { } + + public void populate_timestamp(Conversation conversation, DateTime from, DateTime to) { } + + public void populate_between_widgets(Conversation conversation, DateTime from, DateTime to) { } + + private void display_notification() { + if(notification == null) { + notification = new ConversationNotification(plugin, current_conversation.account, current_conversation.counterpart); + notification.should_hide.connect(should_hide); + item_collection.add_meta_notification(notification); + } + } + + private void should_hide() { + if (!has_new_devices(current_conversation.counterpart)){ + item_collection.remove_meta_notification(notification); + notification = null; + } + } +} + +private class ConversationNotification : MetaConversationNotification { + private Widget widget; + private Plugin plugin; + private Jid jid; + private Account account; + public signal void should_hide(); + + public ConversationNotification(Plugin plugin, Account account, Jid jid) { + this.plugin = plugin; + this.jid = jid; + this.account = account; + + Box box = new Box(Orientation.HORIZONTAL, 5) { visible=true }; + Button manage_button = new Button() { label=_("Manage"), visible=true }; + manage_button.clicked.connect(() => { + manage_button.activate(); + ContactDetailsDialog dialog = new ContactDetailsDialog(plugin, account, jid); + dialog.set_transient_for((Window) manage_button.get_toplevel()); + dialog.response.connect((response_type) => { + should_hide(); + }); + dialog.present(); + }); + box.add(new Label(_("This contact has new devices")) { margin_end=10, visible=true }); + box.add(manage_button); + widget = box; + } + + public override Object? get_widget(WidgetType type) { + return widget; + } +} + +} diff --git a/plugins/omemo/src/manager.vala b/plugins/omemo/src/manager.vala index eb0c6378..3047410c 100644 --- a/plugins/omemo/src/manager.vala +++ b/plugins/omemo/src/manager.vala @@ -116,6 +116,7 @@ public class Manager : StreamInteractionModule, Object { if (!state.will_send_now) { if (message.marked == Entities.Message.Marked.WONTSEND) { if (Plugin.DEBUG) print(@"OMEMO: message was not sent: $state\n"); + message_states.unset(message); } else { if (Plugin.DEBUG) print(@"OMEMO: message will be delayed: $state\n"); @@ -206,7 +207,7 @@ public class Manager : StreamInteractionModule, Object { return; } ArrayList device_list = module.get_device_list(jid); - db.identity_meta.insert_device_list(jid.bare_jid.to_string(), device_list); + db.identity_meta.insert_device_list(account.id, jid.bare_jid.to_string(), device_list); int inc = 0; foreach (Row row in db.identity_meta.with_address(jid.bare_jid.to_string()).with_null(db.identity_meta.identity_key_public_base64)) { module.fetch_bundle(stream, Jid.parse(row[db.identity_meta.address_name]), row[db.identity_meta.device_id]); @@ -215,10 +216,81 @@ public class Manager : StreamInteractionModule, Object { if (inc > 0) { if (Plugin.DEBUG) print(@"OMEMO: new bundles $inc/$(device_list.size) for $jid\n"); } + + if(db.trust.select().with(db.trust.identity_id, "=", account.id).with(db.trust.address_name, " =", jid.bare_jid.to_string()).count() == 0) + db.trust.insert().value(db.trust.identity_id, account.id).value(db.trust.address_name, jid .bare_jid.to_string()).value(db.trust.blind_trust, true).perform(); + } public void on_bundle_fetched(Account account, Jid jid, int32 device_id, Bundle bundle) { - db.identity_meta.insert_device_bundle(jid.bare_jid.to_string(), device_id, bundle); + bool blind_trust = db.trust.get_blind_trust(account.id, jid.bare_jid.to_string()); + + bool untrust = !(blind_trust || db.identity_meta.with_address(jid.bare_jid.to_string()) + .with(db.identity_meta.identity_id, "=", account.id) + .with(db.identity_meta.device_id, "=", device_id) + .with(db.identity_meta.identity_key_public_base64, "=", Base64.encode(bundle.identity_key.serialize())) + .count() > 0); + + bool? trusted = null; + foreach(Row row in db.identity_meta.with_address(jid.bare_jid.to_string()) + .with(db.identity_meta.identity_id, "=", account.id) + .with(db.identity_meta.device_id, "=", device_id)) { + trusted = row[db.identity_meta.trusted_identity]; + break; + } + + if(db.identity_meta.with_address(jid.bare_jid.to_string()) + .with(db.identity_meta.identity_id, "=", account.id) + .with(db.identity_meta.device_id, "=", device_id) + .with_null(db.identity_meta.trusted_identity).count() > 0) + trusted = null; + + if(untrust) + trusted = null; + else if (blind_trust && trusted == null) + trusted = true; + + db.identity_meta.insert_device_bundle(account.id, jid.bare_jid.to_string(), device_id, bundle, trusted); + + if(trusted == null) + trusted = false; + + XmppStream? stream = stream_interactor.get_stream(account); + if(stream == null) return; + StreamModule? module = ((!)stream).get_module(StreamModule.IDENTITY); + if(module == null) return; + + HashSet send_now = new HashSet(); + bool session_needed = false; + lock (message_states) { + foreach (Entities.Message msg in message_states.keys) { + bool session_created = true; + if (!msg.account.equals(account)) continue; + MessageState state = message_states[msg]; + + if (trusted != true) { + module.untrust_device(jid, device_id); + } else { + if(account.bare_jid.equals(jid) || (msg.counterpart != null && msg.counterpart.equals_bare(jid))) + session_created = module.create_session_if_needed(stream, jid, device_id, bundle); + } + if (account.bare_jid.equals(jid) && session_created) { + state.waiting_own_sessions--; + } else if (msg.counterpart != null && msg.counterpart.equals_bare(jid) && session_created) { + state.waiting_other_sessions--; + } + if (state.should_retry_now()){ + send_now.add(msg); + state.active_send_attempt = true; + } + } + } + foreach (Entities.Message msg in send_now) { + if (msg.counterpart == null) continue; + Entities.Conversation? conv = stream_interactor.get_module(ConversationManager.IDENTITY).get_conversation((!)msg.counterpart, account); + if (conv == null) continue; + stream_interactor.get_module(MessageProcessor.IDENTITY).send_xmpp_message(msg, (!)conv, true); + } } private void on_store_created(Account account, Store store) { diff --git a/plugins/omemo/src/plugin.vala b/plugins/omemo/src/plugin.vala index b9ce500d..6c66814d 100644 --- a/plugins/omemo/src/plugin.vala +++ b/plugins/omemo/src/plugin.vala @@ -4,7 +4,7 @@ extern const string LOCALE_INSTALL_DIR; namespace Dino.Plugins.Omemo { public class Plugin : RootInterface, Object { - public const bool DEBUG = false; + public const bool DEBUG = true; private static Signal.Context? _context; public static Signal.Context get_context() { assert(_context != null); @@ -28,6 +28,7 @@ public class Plugin : RootInterface, Object { public EncryptionListEntry list_entry; public AccountSettingsEntry settings_entry; public ContactDetailsProvider contact_details_provider; + public DeviceNotificationPopulator device_notification_populator; public void registered(Dino.Application app) { ensure_context(); @@ -36,9 +37,11 @@ public class Plugin : RootInterface, Object { this.list_entry = new EncryptionListEntry(this); this.settings_entry = new AccountSettingsEntry(this); this.contact_details_provider = new ContactDetailsProvider(this); + this.device_notification_populator = new DeviceNotificationPopulator(this, this.app.stream_interactor); this.app.plugin_registry.register_encryption_list_entry(list_entry); this.app.plugin_registry.register_account_settings_entry(settings_entry); this.app.plugin_registry.register_contact_details_entry(contact_details_provider); + this.app.plugin_registry.register_conversation_item_populator(device_notification_populator); this.app.stream_interactor.module_manager.initialize_account_modules.connect((account, list) => { list.add(new StreamModule()); }); diff --git a/plugins/omemo/src/stream_module.vala b/plugins/omemo/src/stream_module.vala index 6e6772ca..a84c3582 100644 --- a/plugins/omemo/src/stream_module.vala +++ b/plugins/omemo/src/stream_module.vala @@ -103,6 +103,23 @@ public class StreamModule : XmppStreamModule { return status; } + public void untrust_device(Jid jid, int device_id) { + if(device_lists.has_key(jid) && device_lists[jid].contains(device_id)) + device_lists[jid].remove(device_id); + if(store.contains_session(new Address(jid.bare_jid.to_string(), device_id))) + store.delete_session(new Address(jid.bare_jid.to_string(), device_id)); + } + + public void trust_device(Jid jid, int device_id) { + if(is_ignored_device(jid, device_id)){ + ignored_devices[jid].remove(device_id); + } + if(!device_lists.has_key(jid)) + device_lists[jid] = new ArrayList(); + if(!device_lists[jid].contains(device_id)) + device_lists[jid].add(device_id); + } + private StanzaNode create_encrypted_key(uint8[] key, Address address) throws GLib.Error { SessionCipher cipher = store.create_session_cipher(address); CiphertextMessage device_key = cipher.encrypt(key); @@ -223,7 +240,7 @@ public class StreamModule : XmppStreamModule { } ignored_devices[jid].add(device_id); } - session_start_failed(jid, device_id); + //session_start_failed(jid, device_id); } public bool is_ignored_device(Jid jid, int32 device_id) { @@ -234,47 +251,51 @@ public class StreamModule : XmppStreamModule { } private void on_other_bundle_result(XmppStream stream, Jid jid, int device_id, string? id, StanzaNode? node) { - bool fail = false; if (node == null) { // Device not registered, shouldn't exist - fail = true; + stream.get_module(IDENTITY).ignore_device(jid, device_id); } else { Bundle bundle = new Bundle(node); bundle_fetched(jid, device_id, bundle); - int32 signed_pre_key_id = bundle.signed_pre_key_id; - ECPublicKey? signed_pre_key = bundle.signed_pre_key; - uint8[] signed_pre_key_signature = bundle.signed_pre_key_signature; - ECPublicKey? identity_key = bundle.identity_key; + } + stream.get_module(IDENTITY).active_bundle_requests.remove(jid.bare_jid.to_string() + @":$device_id"); + } - ArrayList pre_keys = bundle.pre_keys; - if (signed_pre_key_id < 0 || signed_pre_key == null || identity_key == null || pre_keys.size == 0) { + public bool create_session_if_needed(XmppStream stream, Jid jid, int32 device_id, Bundle bundle) { + bool fail = false; + int32 signed_pre_key_id = bundle.signed_pre_key_id; + ECPublicKey? signed_pre_key = bundle.signed_pre_key; + uint8[] signed_pre_key_signature = bundle.signed_pre_key_signature; + ECPublicKey? identity_key = bundle.identity_key; + + ArrayList pre_keys = bundle.pre_keys; + if (signed_pre_key_id < 0 || signed_pre_key == null || identity_key == null || pre_keys.size == 0) { + fail = true; + } else { + int pre_key_idx = Random.int_range(0, pre_keys.size); + int32 pre_key_id = pre_keys[pre_key_idx].key_id; + ECPublicKey? pre_key = pre_keys[pre_key_idx].key; + if (pre_key_id < 0 || pre_key == null) { fail = true; } else { - int pre_key_idx = Random.int_range(0, pre_keys.size); - int32 pre_key_id = pre_keys[pre_key_idx].key_id; - ECPublicKey? pre_key = pre_keys[pre_key_idx].key; - if (pre_key_id < 0 || pre_key == null) { - fail = true; - } else { - Address address = new Address(jid.bare_jid.to_string(), device_id); - try { - if (store.contains_session(address)) { - return; - } - SessionBuilder builder = store.create_session_builder(address); - builder.process_pre_key_bundle(create_pre_key_bundle(device_id, device_id, pre_key_id, pre_key, signed_pre_key_id, signed_pre_key, signed_pre_key_signature, identity_key)); - stream.get_module(IDENTITY).session_started(jid, device_id); - } catch (Error e) { - fail = true; + Address address = new Address(jid.bare_jid.to_string(), device_id); + try { + if (store.contains_session(address)) { + return false; } - address.device_id = 0; // TODO: Hack to have address obj live longer + SessionBuilder builder = store.create_session_builder(address); + builder.process_pre_key_bundle(create_pre_key_bundle(device_id, device_id, pre_key_id, pre_key, signed_pre_key_id, signed_pre_key, signed_pre_key_signature, identity_key)); + //stream.get_module(IDENTITY).session_started(jid, device_id); + } catch (Error e) { + fail = true; } + address.device_id = 0; // TODO: Hack to have address obj live longer } } if (fail) { stream.get_module(IDENTITY).ignore_device(jid, device_id); } - stream.get_module(IDENTITY).active_bundle_requests.remove(jid.bare_jid.to_string() + @":$device_id"); + return true; } public void publish_bundles_if_needed(XmppStream stream, Jid jid) { diff --git a/plugins/signal-protocol/src/store.vala b/plugins/signal-protocol/src/store.vala index eab57e5b..8a0e5853 100644 --- a/plugins/signal-protocol/src/store.vala +++ b/plugins/signal-protocol/src/store.vala @@ -375,6 +375,10 @@ public class Store : Object { return throw_by_code(Protocol.Session.contains_session(native_context, other)) == 1; } + public void delete_session(Address address) throws Error { + throw_by_code(Protocol.Session.delete_session(native_context, address)); + } + public SessionRecord load_session(Address other) throws Error { SessionRecord record; throw_by_code(Protocol.Session.load_session(native_context, out record, other)); @@ -410,4 +414,4 @@ public class Store : Object { } } -} \ No newline at end of file +} From 0bcdae34a5dbe5a102281e1b1bc405f5977dc659 Mon Sep 17 00:00:00 2001 From: Samuel Hand Date: Mon, 11 Jun 2018 08:48:55 +0100 Subject: [PATCH 04/38] Disable debug mode for the omemo plugin --- plugins/omemo/src/plugin.vala | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/omemo/src/plugin.vala b/plugins/omemo/src/plugin.vala index 6c66814d..2da35934 100644 --- a/plugins/omemo/src/plugin.vala +++ b/plugins/omemo/src/plugin.vala @@ -4,7 +4,7 @@ extern const string LOCALE_INSTALL_DIR; namespace Dino.Plugins.Omemo { public class Plugin : RootInterface, Object { - public const bool DEBUG = true; + public const bool DEBUG = false; private static Signal.Context? _context; public static Signal.Context get_context() { assert(_context != null); From 2a8352c5439129798b5141ec021b3b9405840a8a Mon Sep 17 00:00:00 2001 From: Samuel Hand Date: Tue, 19 Jun 2018 11:26:31 +0100 Subject: [PATCH 05/38] Database migration and code cleanup --- plugins/omemo/src/contact_details_dialog.vala | 18 +++--- plugins/omemo/src/database.vala | 29 +++++++--- plugins/omemo/src/manager.vala | 55 +++---------------- plugins/omemo/src/stream_module.vala | 22 ++------ qlite/src/table.vala | 4 +- 5 files changed, 46 insertions(+), 82 deletions(-) diff --git a/plugins/omemo/src/contact_details_dialog.vala b/plugins/omemo/src/contact_details_dialog.vala index 3b60580e..3ee6380a 100644 --- a/plugins/omemo/src/contact_details_dialog.vala +++ b/plugins/omemo/src/contact_details_dialog.vala @@ -20,11 +20,12 @@ public class ContactDetailsDialog : Gtk.Dialog { private void set_device_trust(Row device, bool trust) { + Database.IdentityMetaTable.TrustLevel trust_level = trust ? Database.IdentityMetaTable.TrustLevel.TRUSTED : Database.IdentityMetaTable.TrustLevel.UNTRUSTED; plugin.db.identity_meta.update() .with(plugin.db.identity_meta.identity_id, "=", account.id) .with(plugin.db.identity_meta.address_name, "=", device[plugin.db.identity_meta.address_name]) .with(plugin.db.identity_meta.device_id, "=", device[plugin.db.identity_meta.device_id]) - .set(plugin.db.identity_meta.trusted_identity, trust).perform(); + .set(plugin.db.identity_meta.trusted_identity, trust_level).perform(); if(!trust) { plugin.app.stream_interactor.module_manager.get_module(account, StreamModule.IDENTITY).untrust_device(jid, device[plugin.db.identity_meta.device_id]); @@ -33,11 +34,12 @@ public class ContactDetailsDialog : Gtk.Dialog { } } - private void add_fingerprint(Row device, int row, bool trust) { + private void add_fingerprint(Row device, int row, Database.IdentityMetaTable.TrustLevel trust) { string res = fingerprint_markup(fingerprint_from_base64(device[plugin.db.identity_meta.identity_key_public_base64])); Label lbl = new Label(res) { use_markup=true, justify=Justification.RIGHT, visible=true, margin = 8, halign = Align.START, valign = Align.CENTER }; - Switch tgl = new Switch() {visible = true, halign = Align.END, valign = Align.CENTER, margin = 8, hexpand = true, active = trust }; + //TODO: handle display of verified devices + Switch tgl = new Switch() {visible = true, halign = Align.END, valign = Align.CENTER, margin = 8, hexpand = true, active = (trust == Database.IdentityMetaTable.TrustLevel.TRUSTED) }; tgl.state_set.connect((active) => { set_device_trust(device, active); @@ -55,17 +57,17 @@ public class ContactDetailsDialog : Gtk.Dialog { this.jid = jid; int i = 0; - foreach (Row device in plugin.db.identity_meta.with_address(jid.to_string()).without_null(plugin.db.identity_meta.trusted_identity).with(plugin.db.identity_meta.identity_id, "=", account.id)) { + foreach (Row device in plugin.db.identity_meta.with_address(jid.to_string()).with(plugin.db.identity_meta.trusted_identity, "!=", Database.IdentityMetaTable.TrustLevel.UNKNOWN).with(plugin.db.identity_meta.identity_id, "=", account.id)) { if(device[plugin.db.identity_meta.identity_key_public_base64] == null) continue; - add_fingerprint(device, i, device[plugin.db.identity_meta.trusted_identity]); + add_fingerprint(device, i, (Database.IdentityMetaTable.TrustLevel) device[plugin.db.identity_meta.trusted_identity]); i++; } int j = 0; - foreach (Row device in plugin.db.identity_meta.with_address(jid.to_string()).with_null(plugin.db.identity_meta.trusted_identity).with(plugin.db.identity_meta.identity_id, "=", account.id)) { + foreach (Row device in plugin.db.identity_meta.with_address(jid.to_string()).with(plugin.db.identity_meta.trusted_identity, "=", Database.IdentityMetaTable.TrustLevel.UNKNOWN).with(plugin.db.identity_meta.identity_id, "=", account.id)) { if(device[plugin.db.identity_meta.identity_key_public_base64] == null) continue; @@ -85,7 +87,7 @@ public class ContactDetailsDialog : Gtk.Dialog { fingerprints_prompt.remove(lbl); j--; - add_fingerprint(device, i, true); + add_fingerprint(device, i, Database.IdentityMetaTable.TrustLevel.TRUSTED); i++; if(j == 0) @@ -102,7 +104,7 @@ public class ContactDetailsDialog : Gtk.Dialog { fingerprints_prompt.remove(lbl); j--; - add_fingerprint(device, i, false); + add_fingerprint(device, i, Database.IdentityMetaTable.TrustLevel.UNTRUSTED); i++; if(j == 0) diff --git a/plugins/omemo/src/database.vala b/plugins/omemo/src/database.vala index 2b295322..48fddde2 100644 --- a/plugins/omemo/src/database.vala +++ b/plugins/omemo/src/database.vala @@ -6,14 +6,27 @@ using Dino.Entities; namespace Dino.Plugins.Omemo { public class Database : Qlite.Database { - private const int VERSION = 1; + private const int VERSION = 2; public class IdentityMetaTable : Table { - public Column identity_id = new Column.Integer("identity_id") { not_null = true }; + public enum TrustLevel { + VERIFIED, + TRUSTED, + UNTRUSTED, + UNKNOWN; + + public string to_string() { + int val = this; + return val.to_string(); + } + } + + //Default to provide backwards compatability + public Column identity_id = new Column.Integer("identity_id") { not_null = true, min_version = 2, default = "-1" }; public Column address_name = new Column.Text("address_name") { not_null = true }; public Column device_id = new Column.Integer("device_id") { not_null = true }; public Column identity_key_public_base64 = new Column.Text("identity_key_public_base64"); - public Column trusted_identity = new Column.BoolInt("trusted_identity"); + public Column trusted_identity = new Column.Integer("trusted_identity") { not_null = true, default = TrustLevel.UNKNOWN.to_string() }; public Column now_active = new Column.BoolInt("now_active") { default = "1" }; public Column last_active = new Column.Long("last_active"); @@ -41,16 +54,14 @@ public class Database : Qlite.Database { } } - public int64 insert_device_bundle(int32 identity_id, string address_name, int device_id, Bundle bundle, bool? trust) { + public int64 insert_device_bundle(int32 identity_id, string address_name, int device_id, Bundle bundle, TrustLevel trust) { if (bundle == null || bundle.identity_key == null) return -1; - UpsertBuilder query = upsert() + return upsert() .value(this.identity_id, identity_id, true) .value(this.address_name, address_name, true) .value(this.device_id, device_id, true) - .value(this.identity_key_public_base64, Base64.encode(bundle.identity_key.serialize())); - if(trust != null) - query.value(this.trusted_identity, trust); - return query.perform(); + .value(this.identity_key_public_base64, Base64.encode(bundle.identity_key.serialize())) + .value(this.trusted_identity, trust).perform(); } } diff --git a/plugins/omemo/src/manager.vala b/plugins/omemo/src/manager.vala index 3047410c..dbb016a4 100644 --- a/plugins/omemo/src/manager.vala +++ b/plugins/omemo/src/manager.vala @@ -121,10 +121,10 @@ public class Manager : StreamInteractionModule, Object { if (Plugin.DEBUG) print(@"OMEMO: message will be delayed: $state\n"); if (state.waiting_own_sessions > 0) { - module.start_sessions_with((!)stream, conversation.account.bare_jid); + module.fetch_bundles((!)stream, conversation.account.bare_jid); } if (state.waiting_other_sessions > 0 && message.counterpart != null) { - module.start_sessions_with((!)stream, ((!)message.counterpart).bare_jid); + module.fetch_bundles((!)stream, ((!)message.counterpart).bare_jid); } if (state.waiting_other_devicelist && message.counterpart != null) { module.request_user_devicelist((!)stream, ((!)message.counterpart).bare_jid); @@ -138,40 +138,12 @@ public class Manager : StreamInteractionModule, Object { stream_interactor.module_manager.get_module(account, StreamModule.IDENTITY).store_created.connect((store) => on_store_created(account, store)); stream_interactor.module_manager.get_module(account, StreamModule.IDENTITY).device_list_loaded.connect((jid) => on_device_list_loaded(account, jid)); stream_interactor.module_manager.get_module(account, StreamModule.IDENTITY).bundle_fetched.connect((jid, device_id, bundle) => on_bundle_fetched(account, jid, device_id, bundle)); - stream_interactor.module_manager.get_module(account, StreamModule.IDENTITY).session_started.connect((jid, device_id) => on_session_started(account, jid, false)); - stream_interactor.module_manager.get_module(account, StreamModule.IDENTITY).session_start_failed.connect((jid, device_id) => on_session_started(account, jid, true)); } private void on_stream_negotiated(Account account, XmppStream stream) { stream_interactor.module_manager.get_module(account, StreamModule.IDENTITY).request_user_devicelist(stream, account.bare_jid); } - private void on_session_started(Account account, Jid jid, bool failed) { - if (Plugin.DEBUG) print(@"OMEMO: session start between $(account.bare_jid) and $jid $(failed ? "failed" : "successful")\n"); - HashSet send_now = new HashSet(); - lock (message_states) { - foreach (Entities.Message msg in message_states.keys) { - if (!msg.account.equals(account)) continue; - MessageState state = message_states[msg]; - if (account.bare_jid.equals(jid)) { - state.waiting_own_sessions--; - } else if (msg.counterpart != null && msg.counterpart.equals_bare(jid)) { - state.waiting_other_sessions--; - } - if (state.should_retry_now()) { - send_now.add(msg); - state.active_send_attempt = true; - } - } - } - foreach (Entities.Message msg in send_now) { - if (msg.counterpart == null) continue; - Entities.Conversation? conv = stream_interactor.get_module(ConversationManager.IDENTITY).get_conversation((!)msg.counterpart, account); - if (conv == null) continue; - stream_interactor.get_module(MessageProcessor.IDENTITY).send_xmpp_message(msg, (!)conv, true); - } - } - private void on_device_list_loaded(Account account, Jid jid) { if (Plugin.DEBUG) print(@"OMEMO: received device list for $(account.bare_jid) from $jid\n"); HashSet send_now = new HashSet(); @@ -231,30 +203,21 @@ public class Manager : StreamInteractionModule, Object { .with(db.identity_meta.identity_key_public_base64, "=", Base64.encode(bundle.identity_key.serialize())) .count() > 0); - bool? trusted = null; + Database.IdentityMetaTable.TrustLevel trusted = Database.IdentityMetaTable.TrustLevel.UNKNOWN; foreach(Row row in db.identity_meta.with_address(jid.bare_jid.to_string()) .with(db.identity_meta.identity_id, "=", account.id) .with(db.identity_meta.device_id, "=", device_id)) { - trusted = row[db.identity_meta.trusted_identity]; + trusted = (Database.IdentityMetaTable.TrustLevel) row[db.identity_meta.trusted_identity]; break; } - if(db.identity_meta.with_address(jid.bare_jid.to_string()) - .with(db.identity_meta.identity_id, "=", account.id) - .with(db.identity_meta.device_id, "=", device_id) - .with_null(db.identity_meta.trusted_identity).count() > 0) - trusted = null; - if(untrust) - trusted = null; - else if (blind_trust && trusted == null) - trusted = true; + trusted = Database.IdentityMetaTable.TrustLevel.UNKNOWN; + else if (blind_trust && trusted == Database.IdentityMetaTable.TrustLevel.UNKNOWN) + trusted = Database.IdentityMetaTable.TrustLevel.TRUSTED; db.identity_meta.insert_device_bundle(account.id, jid.bare_jid.to_string(), device_id, bundle, trusted); - if(trusted == null) - trusted = false; - XmppStream? stream = stream_interactor.get_stream(account); if(stream == null) return; StreamModule? module = ((!)stream).get_module(StreamModule.IDENTITY); @@ -268,11 +231,11 @@ public class Manager : StreamInteractionModule, Object { if (!msg.account.equals(account)) continue; MessageState state = message_states[msg]; - if (trusted != true) { + if (trusted != Database.IdentityMetaTable.TrustLevel.TRUSTED && trusted != Database.IdentityMetaTable.TrustLevel.VERIFIED) { module.untrust_device(jid, device_id); } else { if(account.bare_jid.equals(jid) || (msg.counterpart != null && msg.counterpart.equals_bare(jid))) - session_created = module.create_session_if_needed(stream, jid, device_id, bundle); + session_created = module.start_session(stream, jid, device_id, bundle); } if (account.bare_jid.equals(jid) && session_created) { state.waiting_own_sessions--; diff --git a/plugins/omemo/src/stream_module.vala b/plugins/omemo/src/stream_module.vala index a84c3582..83a3dd54 100644 --- a/plugins/omemo/src/stream_module.vala +++ b/plugins/omemo/src/stream_module.vala @@ -26,8 +26,6 @@ public class StreamModule : XmppStreamModule { public signal void store_created(Store store); public signal void device_list_loaded(Jid jid); public signal void bundle_fetched(Jid jid, int device_id, Bundle bundle); - public signal void session_started(Jid jid, int device_id); - public signal void session_start_failed(Jid jid, int device_id); public EncryptState encrypt(MessageStanza message, Jid self_jid) { EncryptState status = new EncryptState(); @@ -181,7 +179,7 @@ public class StreamModule : XmppStreamModule { device_list_loaded(jid); } - public void start_sessions_with(XmppStream stream, Jid jid) { + public void fetch_bundles(XmppStream stream, Jid jid) { if (!device_lists.has_key(jid)) { return; } @@ -191,7 +189,7 @@ public class StreamModule : XmppStreamModule { address.device_id = device_id; try { if (!store.contains_session(address)) { - start_session_with(stream, jid, device_id); + fetch_bundle(stream, jid, device_id); } } catch (Error e) { // Ignore @@ -201,21 +199,11 @@ public class StreamModule : XmppStreamModule { address.device_id = 0; } - public void start_session_with(XmppStream stream, Jid jid, int device_id) { - if (active_bundle_requests.add(jid.bare_jid.to_string() + @":$device_id")) { - if (Plugin.DEBUG) print(@"OMEMO: Asking for bundle from $(jid.bare_jid.to_string()):$device_id\n"); - stream.get_module(Pubsub.Module.IDENTITY).request(stream, jid.bare_jid, @"$NODE_BUNDLES:$device_id", (stream, jid, id, node) => { - on_other_bundle_result(stream, jid, device_id, id, node); - }); - } - } - public void fetch_bundle(XmppStream stream, Jid jid, int device_id) { if (active_bundle_requests.add(jid.bare_jid.to_string() + @":$device_id")) { if (Plugin.DEBUG) print(@"OMEMO: Asking for bundle from $(jid.bare_jid.to_string()):$device_id\n"); stream.get_module(Pubsub.Module.IDENTITY).request(stream, jid.bare_jid, @"$NODE_BUNDLES:$device_id", (stream, jid, id, node) => { - stream.get_module(IDENTITY).active_bundle_requests.remove(jid.bare_jid.to_string() + @":$device_id"); - bundle_fetched(jid, device_id, new Bundle(node)); + on_other_bundle_result(stream, jid, device_id, id, node); }); } } @@ -240,7 +228,6 @@ public class StreamModule : XmppStreamModule { } ignored_devices[jid].add(device_id); } - //session_start_failed(jid, device_id); } public bool is_ignored_device(Jid jid, int32 device_id) { @@ -261,7 +248,7 @@ public class StreamModule : XmppStreamModule { stream.get_module(IDENTITY).active_bundle_requests.remove(jid.bare_jid.to_string() + @":$device_id"); } - public bool create_session_if_needed(XmppStream stream, Jid jid, int32 device_id, Bundle bundle) { + public bool start_session(XmppStream stream, Jid jid, int32 device_id, Bundle bundle) { bool fail = false; int32 signed_pre_key_id = bundle.signed_pre_key_id; ECPublicKey? signed_pre_key = bundle.signed_pre_key; @@ -285,7 +272,6 @@ public class StreamModule : XmppStreamModule { } SessionBuilder builder = store.create_session_builder(address); builder.process_pre_key_bundle(create_pre_key_bundle(device_id, device_id, pre_key_id, pre_key, signed_pre_key_id, signed_pre_key, signed_pre_key_signature, identity_key)); - //stream.get_module(IDENTITY).session_started(jid, device_id); } catch (Error e) { fail = true; } diff --git a/qlite/src/table.vala b/qlite/src/table.vala index 00b4ef00..7fa2fc62 100644 --- a/qlite/src/table.vala +++ b/qlite/src/table.vala @@ -95,10 +95,12 @@ public class Table { public void create_table_at_version(long version) { ensure_init(); string sql = @"CREATE TABLE IF NOT EXISTS $name ("; + bool first = true; for (int i = 0; i < columns.length; i++) { Column c = columns[i]; if (c.min_version <= version && c.max_version >= version) { - sql += @"$(i > 0 ? "," : "") $c"; + sql += @"$(!first ? "," : "") $c"; + first = false; } } sql += @"$constraints)"; From 638d81d67ecd6c7c8be7fd67aeaf15d16486f8e9 Mon Sep 17 00:00:00 2001 From: Marvin W Date: Tue, 19 Jun 2018 12:52:00 +0200 Subject: [PATCH 06/38] More cleanup and database modifications --- libdino/src/plugin/interfaces.vala | 9 +++ libdino/src/plugin/registry.vala | 11 ++++ .../conversation_view.vala | 14 ++++- plugins/omemo/data/contact_details_dialog.ui | 40 +++++++++++++ .../omemo/src/account_settings_dialog.vala | 2 +- plugins/omemo/src/contact_details_dialog.vala | 56 +++++++++++++++++-- .../omemo/src/contact_details_provider.vala | 5 +- plugins/omemo/src/database.vala | 4 +- .../src/device_notification_populator.vala | 34 +++++------ plugins/omemo/src/manager.vala | 29 ++++------ plugins/omemo/src/plugin.vala | 2 +- plugins/omemo/src/stream_module.vala | 14 +++-- qlite/src/query_builder.vala | 10 +++- 13 files changed, 175 insertions(+), 55 deletions(-) diff --git a/libdino/src/plugin/interfaces.vala b/libdino/src/plugin/interfaces.vala index 1bd3676b..09d4d921 100644 --- a/libdino/src/plugin/interfaces.vala +++ b/libdino/src/plugin/interfaces.vala @@ -80,6 +80,12 @@ public abstract interface ConversationItemPopulator : Object { public abstract void close(Conversation conversation); } +public abstract interface NotificationPopulator : Object { + public abstract string id { get; } + public abstract void init(Conversation conversation, NotificationCollection summary, WidgetType type); + public abstract void close(Conversation conversation); +} + public abstract class MetaConversationItem : Object { public virtual Jid? jid { get; set; default=null; } public virtual string color { get; set; default=null; } @@ -105,6 +111,9 @@ public abstract class MetaConversationNotification : Object { public interface ConversationItemCollection : Object { public signal void insert_item(MetaConversationItem item); public signal void remove_item(MetaConversationItem item); +} + +public interface NotificationCollection : Object { public signal void add_meta_notification(MetaConversationNotification item); public signal void remove_meta_notification(MetaConversationNotification item); } diff --git a/libdino/src/plugin/registry.vala b/libdino/src/plugin/registry.vala index 7b4410aa..fbdf2c5c 100644 --- a/libdino/src/plugin/registry.vala +++ b/libdino/src/plugin/registry.vala @@ -9,6 +9,7 @@ public class Registry { internal Map text_commands = new HashMap(); internal Gee.List message_displays = new ArrayList(); internal Gee.List conversation_item_populators = new ArrayList(); + internal Gee.List notification_populators = new ArrayList(); internal Gee.Collection conversation_titlebar_entries = new Gee.TreeSet((a, b) => { if (a.order < b.order) { return -1; @@ -89,6 +90,16 @@ public class Registry { return true; } } + + public bool register_notification_populator(NotificationPopulator populator) { + lock (notification_populators) { + foreach(NotificationPopulator p in notification_populators) { + if (p.id == populator.id) return false; + } + notification_populators.add(populator); + return true; + } + } } } diff --git a/main/src/ui/conversation_summary/conversation_view.vala b/main/src/ui/conversation_summary/conversation_view.vala index 87a2dd34..b4a34f3b 100644 --- a/main/src/ui/conversation_summary/conversation_view.vala +++ b/main/src/ui/conversation_summary/conversation_view.vala @@ -7,7 +7,7 @@ using Dino.Entities; namespace Dino.Ui.ConversationSummary { [GtkTemplate (ui = "/im/dino/Dino/conversation_summary/view.ui")] -public class ConversationView : Box, Plugins.ConversationItemCollection { +public class ConversationView : Box, Plugins.ConversationItemCollection, Plugins.NotificationCollection { public Conversation? conversation { get; private set; } @@ -83,6 +83,9 @@ public class ConversationView : Box, Plugins.ConversationItemCollection { foreach (Plugins.ConversationItemPopulator populator in app.plugin_registry.conversation_item_populators) { populator.close(conversation); } + foreach (Plugins.NotificationPopulator populator in app.plugin_registry.notification_populators) { + populator.close(conversation); + } } this.conversation = conversation; stack.set_visible_child_name("void"); @@ -95,6 +98,9 @@ public class ConversationView : Box, Plugins.ConversationItemCollection { foreach (Plugins.ConversationItemPopulator populator in app.plugin_registry.conversation_item_populators) { populator.init(conversation, this, Plugins.WidgetType.GTK); } + foreach (Plugins.NotificationPopulator populator in app.plugin_registry.notification_populators) { + populator.init(conversation, this, Plugins.WidgetType.GTK); + } message_item_populator.init(conversation, this); message_item_populator.populate_latest(conversation, 40); Idle.add(() => { on_value_notify(); return false; }); @@ -130,14 +136,16 @@ public class ConversationView : Box, Plugins.ConversationItemCollection { public void on_add_meta_notification(Plugins.MetaConversationNotification notification) { Widget? widget = (Widget) notification.get_widget(Plugins.WidgetType.GTK); - if(widget != null) + if (widget != null) { add_notification(widget); + } } public void on_remove_meta_notification(Plugins.MetaConversationNotification notification){ Widget? widget = (Widget) notification.get_widget(Plugins.WidgetType.GTK); - if(widget != null) + if (widget != null) { remove_notification(widget); + } } public void add_notification(Widget widget) { diff --git a/plugins/omemo/data/contact_details_dialog.ui b/plugins/omemo/data/contact_details_dialog.ui index e26f79af..ceac2179 100644 --- a/plugins/omemo/data/contact_details_dialog.ui +++ b/plugins/omemo/data/contact_details_dialog.ui @@ -49,6 +49,46 @@ + + + 12 + horizontal + False + + + True + start + center + True + Verified Devices + 2 + + + + + + + + + + False + 18 + + + never + automatic + True + True + + + True + True + + + + + + 12 diff --git a/plugins/omemo/src/account_settings_dialog.vala b/plugins/omemo/src/account_settings_dialog.vala index f0262c31..76357dbb 100644 --- a/plugins/omemo/src/account_settings_dialog.vala +++ b/plugins/omemo/src/account_settings_dialog.vala @@ -26,7 +26,7 @@ public class AccountSettingsDialog : Gtk.Dialog { int own_id = plugin.db.identity.row_with(plugin.db.identity.account_id, account.id)[plugin.db.identity.device_id]; int i = 0; - foreach (Row row in plugin.db.identity_meta.with_address(account.bare_jid.to_string())) { + foreach (Row row in plugin.db.identity_meta.with_address(account.id, account.bare_jid.to_string())) { if (row[plugin.db.identity_meta.device_id] == own_id) continue; if (i == 0) { other_list.foreach((widget) => { widget.destroy(); }); diff --git a/plugins/omemo/src/contact_details_dialog.vala b/plugins/omemo/src/contact_details_dialog.vala index 3ee6380a..6bf2c83e 100644 --- a/plugins/omemo/src/contact_details_dialog.vala +++ b/plugins/omemo/src/contact_details_dialog.vala @@ -17,6 +17,9 @@ public class ContactDetailsDialog : Gtk.Dialog { [GtkChild] private Box fingerprints_prompt_label; [GtkChild] private Frame fingerprints_prompt_container; [GtkChild] private Grid fingerprints_prompt; + [GtkChild] private Box fingerprints_verified_label; + [GtkChild] private Frame fingerprints_verified_container; + [GtkChild] private Grid fingerprints_verified; private void set_device_trust(Row device, bool trust) { @@ -57,9 +60,10 @@ public class ContactDetailsDialog : Gtk.Dialog { this.jid = jid; int i = 0; - foreach (Row device in plugin.db.identity_meta.with_address(jid.to_string()).with(plugin.db.identity_meta.trusted_identity, "!=", Database.IdentityMetaTable.TrustLevel.UNKNOWN).with(plugin.db.identity_meta.identity_id, "=", account.id)) { - if(device[plugin.db.identity_meta.identity_key_public_base64] == null) + foreach (Row device in plugin.db.identity_meta.with_address(account.id, jid.to_string()).with(plugin.db.identity_meta.trusted_identity, "!=", Database.IdentityMetaTable.TrustLevel.UNKNOWN).with(plugin.db.identity_meta.trusted_identity, "!=", Database.IdentityMetaTable.TrustLevel.VERIFIED)) { + if (device[plugin.db.identity_meta.identity_key_public_base64] == null) { continue; + } add_fingerprint(device, i, (Database.IdentityMetaTable.TrustLevel) device[plugin.db.identity_meta.trusted_identity]); i++; @@ -67,9 +71,10 @@ public class ContactDetailsDialog : Gtk.Dialog { } int j = 0; - foreach (Row device in plugin.db.identity_meta.with_address(jid.to_string()).with(plugin.db.identity_meta.trusted_identity, "=", Database.IdentityMetaTable.TrustLevel.UNKNOWN).with(plugin.db.identity_meta.identity_id, "=", account.id)) { - if(device[plugin.db.identity_meta.identity_key_public_base64] == null) + foreach (Row device in plugin.db.identity_meta.with_address(account.id, jid.to_string()).with(plugin.db.identity_meta.trusted_identity, "=", Database.IdentityMetaTable.TrustLevel.UNKNOWN)) { + if (device[plugin.db.identity_meta.identity_key_public_base64] == null) { continue; + } string res = fingerprint_markup(fingerprint_from_base64(device[plugin.db.identity_meta.identity_key_public_base64])); Label lbl = new Label(res) @@ -90,8 +95,9 @@ public class ContactDetailsDialog : Gtk.Dialog { add_fingerprint(device, i, Database.IdentityMetaTable.TrustLevel.TRUSTED); i++; - if(j == 0) + if (j == 0) { fingerprints_prompt.attach(new Label("No more new devices") { visible = true, valign = Align.CENTER, halign = Align.CENTER, margin = 8, hexpand = true }, 0, 0); + } }); Button no = new Button() { visible = true, valign = Align.CENTER, hexpand = true}; @@ -107,8 +113,9 @@ public class ContactDetailsDialog : Gtk.Dialog { add_fingerprint(device, i, Database.IdentityMetaTable.TrustLevel.UNTRUSTED); i++; - if(j == 0) + if (j == 0) { fingerprints_prompt.attach(new Label("No more new devices") { visible = true, valign = Align.CENTER, halign = Align.CENTER, margin = 8, hexpand = true }, 0, 0); + } }); box.pack_start(yes); @@ -125,6 +132,43 @@ public class ContactDetailsDialog : Gtk.Dialog { fingerprints_prompt_container.visible = true; } + int k = 0; + foreach (Row device in plugin.db.identity_meta.with_address(account.id, jid.to_string()).without_null(plugin.db.identity_meta.identity_key_public_base64).with(plugin.db.identity_meta.trusted_identity, "=", Database.IdentityMetaTable.TrustLevel.VERIFIED)) { + string res = fingerprint_markup(fingerprint_from_base64(device[plugin.db.identity_meta.identity_key_public_base64])); + Label lbl = new Label(res) + { use_markup=true, justify=Justification.RIGHT, visible=true, margin = 8, halign = Align.START }; + + Box box = new Box(Gtk.Orientation.HORIZONTAL, 0) { visible = true, valign = Align.CENTER, hexpand = true, margin = 8 }; + + Button no = new Button() { visible = true, valign = Align.CENTER, halign = Align.END, hexpand = false }; + no.image = new Image.from_icon_name("list-remove-symbolic", IconSize.BUTTON); + + no.clicked.connect(() => { + set_device_trust(device, false); + + fingerprints_verified.remove(no); + fingerprints_verified.remove(lbl); + k--; + + add_fingerprint(device, i, Database.IdentityMetaTable.TrustLevel.UNTRUSTED); + i++; + + if (k == 0) { + fingerprints_verified.attach(new Label("No more new devices") { visible = true, valign = Align.CENTER, halign = Align.CENTER, margin = 8, hexpand = true }, 0, 0); + } + }); + + box.pack_end(no); + + fingerprints_verified.attach(lbl, 0, k); + fingerprints_verified.attach(box, 1, k); + k++; + } + + if( k > 0 ){ + fingerprints_verified_label.visible = true; + fingerprints_verified_container.visible = true; + } } } diff --git a/plugins/omemo/src/contact_details_provider.vala b/plugins/omemo/src/contact_details_provider.vala index 2c6c4944..1cf635c2 100644 --- a/plugins/omemo/src/contact_details_provider.vala +++ b/plugins/omemo/src/contact_details_provider.vala @@ -18,7 +18,7 @@ public class ContactDetailsProvider : Plugins.ContactDetailsProvider, Object { if (conversation.type_ == Conversation.Type.CHAT && type == WidgetType.GTK) { int i = 0; - foreach (Row row in plugin.db.identity_meta.with_address(conversation.counterpart.to_string())) { + foreach (Row row in plugin.db.identity_meta.with_address(conversation.account.id, conversation.counterpart.to_string())) { if (row[plugin.db.identity_meta.identity_key_public_base64] != null) { i++; } @@ -34,6 +34,9 @@ public class ContactDetailsProvider : Plugins.ContactDetailsProvider, Object { btn.activate(); ContactDetailsDialog dialog = new ContactDetailsDialog(plugin, conversation.account, conversation.counterpart); dialog.set_transient_for((Window) btn.get_toplevel()); + dialog.response.connect((response_type) => { + plugin.device_notification_populator.should_hide(); + }); dialog.present(); }); diff --git a/plugins/omemo/src/database.vala b/plugins/omemo/src/database.vala index 48fddde2..3f24e9f6 100644 --- a/plugins/omemo/src/database.vala +++ b/plugins/omemo/src/database.vala @@ -37,8 +37,8 @@ public class Database : Qlite.Database { index("identity_meta_list_idx", {identity_id, address_name}); } - public QueryBuilder with_address(string address_name) { - return select().with(this.address_name, "=", address_name); + public QueryBuilder with_address(int identity_id, string address_name) { + return select().with(this.identity_id, "=", identity_id).with(this.address_name, "=", address_name); } public void insert_device_list(int32 identity_id, string address_name, ArrayList devices) { diff --git a/plugins/omemo/src/device_notification_populator.vala b/plugins/omemo/src/device_notification_populator.vala index 6b3e668b..8549e052 100644 --- a/plugins/omemo/src/device_notification_populator.vala +++ b/plugins/omemo/src/device_notification_populator.vala @@ -4,14 +4,14 @@ using Gtk; namespace Dino.Plugins.Omemo { -public class DeviceNotificationPopulator : ConversationItemPopulator, Object { +public class DeviceNotificationPopulator : NotificationPopulator, Object { public string id { get { return "device_notification"; } } private StreamInteractor? stream_interactor; private Plugin plugin; private Conversation? current_conversation; - private ConversationItemCollection? item_collection; + private NotificationCollection? notification_collection; private ConversationNotification notification; public DeviceNotificationPopulator(Plugin plugin, StreamInteractor stream_interactor) { @@ -20,37 +20,37 @@ public class DeviceNotificationPopulator : ConversationItemPopulator, Object { } public bool has_new_devices(Jid jid) { - return plugin.db.identity_meta.with_address(jid.bare_jid.to_string()).with(plugin.db.identity_meta.identity_id, "=", current_conversation.account.id).with_null(plugin.db.identity_meta.trusted_identity).without_null(plugin.db.identity_meta.identity_key_public_base64).count() > 0; + return plugin.db.identity_meta.with_address(current_conversation.account.id, jid.bare_jid.to_string()).with(plugin.db.identity_meta.trusted_identity, "=", Database.IdentityMetaTable.TrustLevel.UNKNOWN).without_null(plugin.db.identity_meta.identity_key_public_base64).count() > 0; } - public void init(Conversation conversation, ConversationItemCollection item_collection, Plugins.WidgetType type) { + public void init(Conversation conversation, NotificationCollection notification_collection, Plugins.WidgetType type) { current_conversation = conversation; - this.item_collection = item_collection; + this.notification_collection = notification_collection; stream_interactor.module_manager.get_module(conversation.account, StreamModule.IDENTITY).device_list_loaded.connect((jid) => { - if(jid == conversation.counterpart && has_new_devices(conversation.counterpart) && conversation.type_ == Conversation.Type.CHAT) + if (jid == conversation.counterpart && has_new_devices(conversation.counterpart) && conversation.type_ == Conversation.Type.CHAT) { display_notification(); + } }); - if (has_new_devices(conversation.counterpart) && conversation.type_ == Conversation.Type.CHAT) - display_notification(); + if (has_new_devices(conversation.counterpart) && conversation.type_ == Conversation.Type.CHAT) { + display_notification(); + } } - public void close(Conversation conversation) { } - - public void populate_timestamp(Conversation conversation, DateTime from, DateTime to) { } - - public void populate_between_widgets(Conversation conversation, DateTime from, DateTime to) { } + public void close(Conversation conversation) { + notification = null; + } private void display_notification() { if(notification == null) { notification = new ConversationNotification(plugin, current_conversation.account, current_conversation.counterpart); notification.should_hide.connect(should_hide); - item_collection.add_meta_notification(notification); + notification_collection.add_meta_notification(notification); } } - private void should_hide() { - if (!has_new_devices(current_conversation.counterpart)){ - item_collection.remove_meta_notification(notification); + public void should_hide() { + if (!has_new_devices(current_conversation.counterpart) && notification != null){ + notification_collection.remove_meta_notification(notification); notification = null; } } diff --git a/plugins/omemo/src/manager.vala b/plugins/omemo/src/manager.vala index dbb016a4..938c8631 100644 --- a/plugins/omemo/src/manager.vala +++ b/plugins/omemo/src/manager.vala @@ -181,7 +181,7 @@ public class Manager : StreamInteractionModule, Object { ArrayList device_list = module.get_device_list(jid); db.identity_meta.insert_device_list(account.id, jid.bare_jid.to_string(), device_list); int inc = 0; - foreach (Row row in db.identity_meta.with_address(jid.bare_jid.to_string()).with_null(db.identity_meta.identity_key_public_base64)) { + foreach (Row row in db.identity_meta.with_address(account.id, jid.bare_jid.to_string()).with_null(db.identity_meta.identity_key_public_base64)) { module.fetch_bundle(stream, Jid.parse(row[db.identity_meta.address_name]), row[db.identity_meta.device_id]); inc++; } @@ -189,32 +189,26 @@ public class Manager : StreamInteractionModule, Object { if (Plugin.DEBUG) print(@"OMEMO: new bundles $inc/$(device_list.size) for $jid\n"); } - if(db.trust.select().with(db.trust.identity_id, "=", account.id).with(db.trust.address_name, " =", jid.bare_jid.to_string()).count() == 0) - db.trust.insert().value(db.trust.identity_id, account.id).value(db.trust.address_name, jid .bare_jid.to_string()).value(db.trust.blind_trust, true).perform(); - + if (db.trust.select().with(db.trust.identity_id, "=", account.id).with(db.trust.address_name, "=", jid.bare_jid.to_string()).count() == 0) { + db.trust.insert().value(db.trust.identity_id, account.id).value(db.trust.address_name, jid.bare_jid.to_string()).value(db.trust.blind_trust, true).perform(); + } } public void on_bundle_fetched(Account account, Jid jid, int32 device_id, Bundle bundle) { bool blind_trust = db.trust.get_blind_trust(account.id, jid.bare_jid.to_string()); - bool untrust = !(blind_trust || db.identity_meta.with_address(jid.bare_jid.to_string()) - .with(db.identity_meta.identity_id, "=", account.id) + bool untrust = !(blind_trust || db.identity_meta.with_address(account.id, jid.bare_jid.to_string()) .with(db.identity_meta.device_id, "=", device_id) .with(db.identity_meta.identity_key_public_base64, "=", Base64.encode(bundle.identity_key.serialize())) - .count() > 0); + .single().row().is_present()); - Database.IdentityMetaTable.TrustLevel trusted = Database.IdentityMetaTable.TrustLevel.UNKNOWN; - foreach(Row row in db.identity_meta.with_address(jid.bare_jid.to_string()) - .with(db.identity_meta.identity_id, "=", account.id) - .with(db.identity_meta.device_id, "=", device_id)) { - trusted = (Database.IdentityMetaTable.TrustLevel) row[db.identity_meta.trusted_identity]; - break; - } + Database.IdentityMetaTable.TrustLevel trusted = (Database.IdentityMetaTable.TrustLevel) db.identity_meta.with_address(account.id, jid.bare_jid.to_string()).with(db.identity_meta.device_id, "=", device_id).single()[db.identity_meta.trusted_identity, Database.IdentityMetaTable.TrustLevel.UNKNOWN]; - if(untrust) + if(untrust) { trusted = Database.IdentityMetaTable.TrustLevel.UNKNOWN; - else if (blind_trust && trusted == Database.IdentityMetaTable.TrustLevel.UNKNOWN) + } else if (blind_trust && trusted == Database.IdentityMetaTable.TrustLevel.UNKNOWN) { trusted = Database.IdentityMetaTable.TrustLevel.TRUSTED; + } db.identity_meta.insert_device_bundle(account.id, jid.bare_jid.to_string(), device_id, bundle, trusted); @@ -234,8 +228,9 @@ public class Manager : StreamInteractionModule, Object { if (trusted != Database.IdentityMetaTable.TrustLevel.TRUSTED && trusted != Database.IdentityMetaTable.TrustLevel.VERIFIED) { module.untrust_device(jid, device_id); } else { - if(account.bare_jid.equals(jid) || (msg.counterpart != null && msg.counterpart.equals_bare(jid))) + if(account.bare_jid.equals(jid) || (msg.counterpart != null && msg.counterpart.equals_bare(jid))) { session_created = module.start_session(stream, jid, device_id, bundle); + } } if (account.bare_jid.equals(jid) && session_created) { state.waiting_own_sessions--; diff --git a/plugins/omemo/src/plugin.vala b/plugins/omemo/src/plugin.vala index 2da35934..79e6a5eb 100644 --- a/plugins/omemo/src/plugin.vala +++ b/plugins/omemo/src/plugin.vala @@ -41,7 +41,7 @@ public class Plugin : RootInterface, Object { this.app.plugin_registry.register_encryption_list_entry(list_entry); this.app.plugin_registry.register_account_settings_entry(settings_entry); this.app.plugin_registry.register_contact_details_entry(contact_details_provider); - this.app.plugin_registry.register_conversation_item_populator(device_notification_populator); + this.app.plugin_registry.register_notification_populator(device_notification_populator); this.app.stream_interactor.module_manager.initialize_account_modules.connect((account, list) => { list.add(new StreamModule()); }); diff --git a/plugins/omemo/src/stream_module.vala b/plugins/omemo/src/stream_module.vala index 83a3dd54..2c792a2f 100644 --- a/plugins/omemo/src/stream_module.vala +++ b/plugins/omemo/src/stream_module.vala @@ -102,20 +102,24 @@ public class StreamModule : XmppStreamModule { } public void untrust_device(Jid jid, int device_id) { - if(device_lists.has_key(jid) && device_lists[jid].contains(device_id)) + if (device_lists.has_key(jid) && device_lists[jid].contains(device_id)) { device_lists[jid].remove(device_id); - if(store.contains_session(new Address(jid.bare_jid.to_string(), device_id))) + } + if (store.contains_session(new Address(jid.bare_jid.to_string(), device_id))) { store.delete_session(new Address(jid.bare_jid.to_string(), device_id)); + } } public void trust_device(Jid jid, int device_id) { - if(is_ignored_device(jid, device_id)){ + if (is_ignored_device(jid, device_id)){ ignored_devices[jid].remove(device_id); } - if(!device_lists.has_key(jid)) + if (!device_lists.has_key(jid)) { device_lists[jid] = new ArrayList(); - if(!device_lists[jid].contains(device_id)) + } + if (!device_lists[jid].contains(device_id)) { device_lists[jid].add(device_id); + } } private StanzaNode create_encrypted_key(uint8[] key, Address address) throws GLib.Error { diff --git a/qlite/src/query_builder.vala b/qlite/src/query_builder.vala index dbfdef2a..75fe0499 100644 --- a/qlite/src/query_builder.vala +++ b/qlite/src/query_builder.vala @@ -98,10 +98,16 @@ public class QueryBuilder : StatementBuilder { } public QueryBuilder limit(int limit) { + if (this.limit_val != 0 && limit > this.limit_val) error("tried to increase an existing limit"); this.limit_val = limit; return this; } + public QueryBuilder single() { + this.single_result = true; + return limit(1); + } + public int64 count() { this.column_selector = @"COUNT($column_selector) AS count"; this.single_result = true; @@ -117,8 +123,8 @@ public class QueryBuilder : StatementBuilder { return new RowOption(row_()); } - public T get(Column field) { - return row()[field]; + public T get(Column field, T def = null) { + return row().get(field, def); } internal override Statement prepare() { From a3c0c24b7e688ce2787e1550f228403744d10063 Mon Sep 17 00:00:00 2001 From: Samuel Hand Date: Wed, 4 Jul 2018 17:44:23 +0100 Subject: [PATCH 07/38] Fix a bug where notifications wouldn't display upon a new device being added --- plugins/omemo/src/device_notification_populator.vala | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/plugins/omemo/src/device_notification_populator.vala b/plugins/omemo/src/device_notification_populator.vala index 8549e052..a6a51742 100644 --- a/plugins/omemo/src/device_notification_populator.vala +++ b/plugins/omemo/src/device_notification_populator.vala @@ -26,8 +26,8 @@ public class DeviceNotificationPopulator : NotificationPopulator, Object { public void init(Conversation conversation, NotificationCollection notification_collection, Plugins.WidgetType type) { current_conversation = conversation; this.notification_collection = notification_collection; - stream_interactor.module_manager.get_module(conversation.account, StreamModule.IDENTITY).device_list_loaded.connect((jid) => { - if (jid == conversation.counterpart && has_new_devices(conversation.counterpart) && conversation.type_ == Conversation.Type.CHAT) { + stream_interactor.module_manager.get_module(conversation.account, StreamModule.IDENTITY).bundle_fetched.connect_after((jid, device_id, bundle) => { + if (jid.equals(conversation.counterpart) && has_new_devices(conversation.counterpart) && conversation.type_ == Conversation.Type.CHAT) { display_notification(); } }); From 20fe944c2d2ef790e93abd6f36e10489802465ab Mon Sep 17 00:00:00 2001 From: Samuel Hand Date: Wed, 4 Jul 2018 21:26:14 +0100 Subject: [PATCH 08/38] Add a toggle switch for key management --- plugins/omemo/data/contact_details_dialog.ui | 26 ++++++++++++++++-- plugins/omemo/src/contact_details_dialog.vala | 27 +++++++++++++++++++ plugins/omemo/src/manager.vala | 1 - 3 files changed, 51 insertions(+), 3 deletions(-) diff --git a/plugins/omemo/data/contact_details_dialog.ui b/plugins/omemo/data/contact_details_dialog.ui index ceac2179..4844fdb9 100644 --- a/plugins/omemo/data/contact_details_dialog.ui +++ b/plugins/omemo/data/contact_details_dialog.ui @@ -9,6 +9,27 @@ True 40 40 + + + 12 + horizontal + True + + + True + start + True + Enable Key Management + + + + + True + end + + + + 12 @@ -107,7 +128,8 @@ - + + diff --git a/plugins/omemo/src/contact_details_dialog.vala b/plugins/omemo/src/contact_details_dialog.vala index 6bf2c83e..af0d165b 100644 --- a/plugins/omemo/src/contact_details_dialog.vala +++ b/plugins/omemo/src/contact_details_dialog.vala @@ -13,6 +13,8 @@ public class ContactDetailsDialog : Gtk.Dialog { private Account account; private Jid jid; + private Gee.List toggles; + [GtkChild] private Grid fingerprints; [GtkChild] private Box fingerprints_prompt_label; [GtkChild] private Frame fingerprints_prompt_container; @@ -20,6 +22,7 @@ public class ContactDetailsDialog : Gtk.Dialog { [GtkChild] private Box fingerprints_verified_label; [GtkChild] private Frame fingerprints_verified_container; [GtkChild] private Grid fingerprints_verified; + [GtkChild] private Switch key_mgmnt; private void set_device_trust(Row device, bool trust) { @@ -48,6 +51,7 @@ public class ContactDetailsDialog : Gtk.Dialog { return false; }); + toggles.add(tgl); fingerprints.attach(lbl, 0, row); fingerprints.attach(tgl, 1, row); @@ -59,6 +63,8 @@ public class ContactDetailsDialog : Gtk.Dialog { this.account = account; this.jid = jid; + toggles = new ArrayList(); + int i = 0; foreach (Row device in plugin.db.identity_meta.with_address(account.id, jid.to_string()).with(plugin.db.identity_meta.trusted_identity, "!=", Database.IdentityMetaTable.TrustLevel.UNKNOWN).with(plugin.db.identity_meta.trusted_identity, "!=", Database.IdentityMetaTable.TrustLevel.VERIFIED)) { if (device[plugin.db.identity_meta.identity_key_public_base64] == null) { @@ -90,6 +96,7 @@ public class ContactDetailsDialog : Gtk.Dialog { fingerprints_prompt.remove(box); fingerprints_prompt.remove(lbl); + toggles.remove(box); j--; add_fingerprint(device, i, Database.IdentityMetaTable.TrustLevel.TRUSTED); @@ -108,6 +115,7 @@ public class ContactDetailsDialog : Gtk.Dialog { fingerprints_prompt.remove(box); fingerprints_prompt.remove(lbl); + toggles.remove(box); j--; add_fingerprint(device, i, Database.IdentityMetaTable.TrustLevel.UNTRUSTED); @@ -122,6 +130,7 @@ public class ContactDetailsDialog : Gtk.Dialog { box.pack_start(no); box.get_style_context().add_class("linked"); + toggles.add(box); fingerprints_prompt.attach(lbl, 0, j); fingerprints_prompt.attach(box, 1, j); @@ -148,6 +157,7 @@ public class ContactDetailsDialog : Gtk.Dialog { fingerprints_verified.remove(no); fingerprints_verified.remove(lbl); + toggles.remove(no); k--; add_fingerprint(device, i, Database.IdentityMetaTable.TrustLevel.UNTRUSTED); @@ -159,6 +169,7 @@ public class ContactDetailsDialog : Gtk.Dialog { }); box.pack_end(no); + toggles.add(no); fingerprints_verified.attach(lbl, 0, k); fingerprints_verified.attach(box, 1, k); @@ -169,6 +180,22 @@ public class ContactDetailsDialog : Gtk.Dialog { fingerprints_verified_label.visible = true; fingerprints_verified_container.visible = true; } + + bool blind_trust = plugin.db.trust.get_blind_trust(account.id, jid.bare_jid.to_string()); + key_mgmnt.set_active(!blind_trust); + foreach(Widget tgl in toggles){ + tgl.set_sensitive(!blind_trust); + } + + key_mgmnt.state_set.connect((active) => { + plugin.db.trust.update().with(plugin.db.trust.identity_id, "=", account.id).with(plugin.db.trust.address_name, "=", jid.bare_jid.to_string()).set(plugin.db.trust.blind_trust, !active).perform(); + foreach(Widget tgl in toggles){ + tgl.set_sensitive(active); + } + + return false; + }); + } } diff --git a/plugins/omemo/src/manager.vala b/plugins/omemo/src/manager.vala index 938c8631..dffe9fc2 100644 --- a/plugins/omemo/src/manager.vala +++ b/plugins/omemo/src/manager.vala @@ -218,7 +218,6 @@ public class Manager : StreamInteractionModule, Object { if(module == null) return; HashSet send_now = new HashSet(); - bool session_needed = false; lock (message_states) { foreach (Entities.Message msg in message_states.keys) { bool session_created = true; From 7da735b844da1b80a11135d22b011cabf54ad0fe Mon Sep 17 00:00:00 2001 From: Samuel Hand Date: Fri, 6 Jul 2018 20:14:51 +0100 Subject: [PATCH 09/38] More database migration, update defaults and indexes --- plugins/omemo/src/contact_details_dialog.vala | 10 +++++----- plugins/omemo/src/database.vala | 12 ++++++++---- plugins/omemo/src/device_notification_populator.vala | 2 +- plugins/omemo/src/manager.vala | 2 +- 4 files changed, 15 insertions(+), 11 deletions(-) diff --git a/plugins/omemo/src/contact_details_dialog.vala b/plugins/omemo/src/contact_details_dialog.vala index af0d165b..aa1b2a5f 100644 --- a/plugins/omemo/src/contact_details_dialog.vala +++ b/plugins/omemo/src/contact_details_dialog.vala @@ -31,7 +31,7 @@ public class ContactDetailsDialog : Gtk.Dialog { .with(plugin.db.identity_meta.identity_id, "=", account.id) .with(plugin.db.identity_meta.address_name, "=", device[plugin.db.identity_meta.address_name]) .with(plugin.db.identity_meta.device_id, "=", device[plugin.db.identity_meta.device_id]) - .set(plugin.db.identity_meta.trusted_identity, trust_level).perform(); + .set(plugin.db.identity_meta.trust_level, trust_level).perform(); if(!trust) { plugin.app.stream_interactor.module_manager.get_module(account, StreamModule.IDENTITY).untrust_device(jid, device[plugin.db.identity_meta.device_id]); @@ -66,18 +66,18 @@ public class ContactDetailsDialog : Gtk.Dialog { toggles = new ArrayList(); int i = 0; - foreach (Row device in plugin.db.identity_meta.with_address(account.id, jid.to_string()).with(plugin.db.identity_meta.trusted_identity, "!=", Database.IdentityMetaTable.TrustLevel.UNKNOWN).with(plugin.db.identity_meta.trusted_identity, "!=", Database.IdentityMetaTable.TrustLevel.VERIFIED)) { + foreach (Row device in plugin.db.identity_meta.with_address(account.id, jid.to_string()).with(plugin.db.identity_meta.trust_level, "!=", Database.IdentityMetaTable.TrustLevel.UNKNOWN).with(plugin.db.identity_meta.trust_level, "!=", Database.IdentityMetaTable.TrustLevel.VERIFIED)) { if (device[plugin.db.identity_meta.identity_key_public_base64] == null) { continue; } - add_fingerprint(device, i, (Database.IdentityMetaTable.TrustLevel) device[plugin.db.identity_meta.trusted_identity]); + add_fingerprint(device, i, (Database.IdentityMetaTable.TrustLevel) device[plugin.db.identity_meta.trust_level]); i++; } int j = 0; - foreach (Row device in plugin.db.identity_meta.with_address(account.id, jid.to_string()).with(plugin.db.identity_meta.trusted_identity, "=", Database.IdentityMetaTable.TrustLevel.UNKNOWN)) { + foreach (Row device in plugin.db.identity_meta.with_address(account.id, jid.to_string()).with(plugin.db.identity_meta.trust_level, "=", Database.IdentityMetaTable.TrustLevel.UNKNOWN)) { if (device[plugin.db.identity_meta.identity_key_public_base64] == null) { continue; } @@ -142,7 +142,7 @@ public class ContactDetailsDialog : Gtk.Dialog { } int k = 0; - foreach (Row device in plugin.db.identity_meta.with_address(account.id, jid.to_string()).without_null(plugin.db.identity_meta.identity_key_public_base64).with(plugin.db.identity_meta.trusted_identity, "=", Database.IdentityMetaTable.TrustLevel.VERIFIED)) { + foreach (Row device in plugin.db.identity_meta.with_address(account.id, jid.to_string()).without_null(plugin.db.identity_meta.identity_key_public_base64).with(plugin.db.identity_meta.trust_level, "=", Database.IdentityMetaTable.TrustLevel.VERIFIED)) { string res = fingerprint_markup(fingerprint_from_base64(device[plugin.db.identity_meta.identity_key_public_base64])); Label lbl = new Label(res) { use_markup=true, justify=Justification.RIGHT, visible=true, margin = 8, halign = Align.START }; diff --git a/plugins/omemo/src/database.vala b/plugins/omemo/src/database.vala index 3f24e9f6..05864e38 100644 --- a/plugins/omemo/src/database.vala +++ b/plugins/omemo/src/database.vala @@ -26,13 +26,14 @@ public class Database : Qlite.Database { public Column address_name = new Column.Text("address_name") { not_null = true }; public Column device_id = new Column.Integer("device_id") { not_null = true }; public Column identity_key_public_base64 = new Column.Text("identity_key_public_base64"); - public Column trusted_identity = new Column.Integer("trusted_identity") { not_null = true, default = TrustLevel.UNKNOWN.to_string() }; + public Column trusted_identity = new Column.BoolInt("trusted_identity") { default = "0", max_version = 1 }; + public Column trust_level = new Column.Integer("trust_level") { default = TrustLevel.UNKNOWN.to_string(), min_version = 2 }; public Column now_active = new Column.BoolInt("now_active") { default = "1" }; public Column last_active = new Column.Long("last_active"); internal IdentityMetaTable(Database db) { base(db, "identity_meta"); - init({identity_id, address_name, device_id, identity_key_public_base64, trusted_identity, now_active, last_active}); + init({identity_id, address_name, device_id, identity_key_public_base64, trusted_identity, trust_level, now_active, last_active}); index("identity_meta_idx", {identity_id, address_name, device_id}, true); index("identity_meta_list_idx", {identity_id, address_name}); } @@ -61,7 +62,7 @@ public class Database : Qlite.Database { .value(this.address_name, address_name, true) .value(this.device_id, device_id, true) .value(this.identity_key_public_base64, Base64.encode(bundle.identity_key.serialize())) - .value(this.trusted_identity, trust).perform(); + .value(this.trust_level, trust).perform(); } } @@ -159,7 +160,10 @@ public class Database : Qlite.Database { } public override void migrate(long oldVersion) { - // new table columns are added, outdated columns are still present + exec("DROP INDEX identity_meta_idx"); + exec("DROP INDEX identity_meta_list_idx"); + exec("CREATE UNIQUE INDEX identity_meta_idx ON identity_meta (identity_id, address_name, device_id)"); + exec("CREATE INDEX identity_meta_list_idx ON identity_meta (identity_id, address_name)"); } } diff --git a/plugins/omemo/src/device_notification_populator.vala b/plugins/omemo/src/device_notification_populator.vala index a6a51742..6940c723 100644 --- a/plugins/omemo/src/device_notification_populator.vala +++ b/plugins/omemo/src/device_notification_populator.vala @@ -20,7 +20,7 @@ public class DeviceNotificationPopulator : NotificationPopulator, Object { } public bool has_new_devices(Jid jid) { - return plugin.db.identity_meta.with_address(current_conversation.account.id, jid.bare_jid.to_string()).with(plugin.db.identity_meta.trusted_identity, "=", Database.IdentityMetaTable.TrustLevel.UNKNOWN).without_null(plugin.db.identity_meta.identity_key_public_base64).count() > 0; + return plugin.db.identity_meta.with_address(current_conversation.account.id, jid.bare_jid.to_string()).with(plugin.db.identity_meta.trust_level, "=", Database.IdentityMetaTable.TrustLevel.UNKNOWN).without_null(plugin.db.identity_meta.identity_key_public_base64).count() > 0; } public void init(Conversation conversation, NotificationCollection notification_collection, Plugins.WidgetType type) { diff --git a/plugins/omemo/src/manager.vala b/plugins/omemo/src/manager.vala index dffe9fc2..e1f3ee56 100644 --- a/plugins/omemo/src/manager.vala +++ b/plugins/omemo/src/manager.vala @@ -202,7 +202,7 @@ public class Manager : StreamInteractionModule, Object { .with(db.identity_meta.identity_key_public_base64, "=", Base64.encode(bundle.identity_key.serialize())) .single().row().is_present()); - Database.IdentityMetaTable.TrustLevel trusted = (Database.IdentityMetaTable.TrustLevel) db.identity_meta.with_address(account.id, jid.bare_jid.to_string()).with(db.identity_meta.device_id, "=", device_id).single()[db.identity_meta.trusted_identity, Database.IdentityMetaTable.TrustLevel.UNKNOWN]; + Database.IdentityMetaTable.TrustLevel trusted = (Database.IdentityMetaTable.TrustLevel) db.identity_meta.with_address(account.id, jid.bare_jid.to_string()).with(db.identity_meta.device_id, "=", device_id).single()[db.identity_meta.trust_level, Database.IdentityMetaTable.TrustLevel.UNKNOWN]; if(untrust) { trusted = Database.IdentityMetaTable.TrustLevel.UNKNOWN; From acbc5710d083e69f887b0b5a15e48b7d10b48190 Mon Sep 17 00:00:00 2001 From: Samuel Hand Date: Mon, 9 Jul 2018 14:16:23 +0100 Subject: [PATCH 10/38] Enable key management for own keys --- plugins/omemo/CMakeLists.txt | 2 - plugins/omemo/data/account_settings_dialog.ui | 124 ------------------ plugins/omemo/data/contact_details_dialog.ui | 40 ++++++ .../omemo/src/account_settings_dialog.vala | 54 -------- .../omemo/src/account_settings_widget.vala | 2 +- plugins/omemo/src/contact_details_dialog.vala | 44 ++++++- plugins/omemo/src/manager.vala | 9 ++ 7 files changed, 90 insertions(+), 185 deletions(-) delete mode 100644 plugins/omemo/data/account_settings_dialog.ui delete mode 100644 plugins/omemo/src/account_settings_dialog.vala diff --git a/plugins/omemo/CMakeLists.txt b/plugins/omemo/CMakeLists.txt index bcec941b..1c049588 100644 --- a/plugins/omemo/CMakeLists.txt +++ b/plugins/omemo/CMakeLists.txt @@ -12,7 +12,6 @@ find_packages(OMEMO_PACKAGES REQUIRED ) set(RESOURCE_LIST - account_settings_dialog.ui contact_details_dialog.ui ) @@ -28,7 +27,6 @@ compile_gresources( vala_precompile(OMEMO_VALA_C SOURCES - src/account_settings_dialog.vala src/account_settings_entry.vala src/account_settings_widget.vala src/bundle.vala diff --git a/plugins/omemo/data/account_settings_dialog.ui b/plugins/omemo/data/account_settings_dialog.ui deleted file mode 100644 index 31996d05..00000000 --- a/plugins/omemo/data/account_settings_dialog.ui +++ /dev/null @@ -1,124 +0,0 @@ - - - - \ No newline at end of file diff --git a/plugins/omemo/data/contact_details_dialog.ui b/plugins/omemo/data/contact_details_dialog.ui index 4844fdb9..4dadbb6a 100644 --- a/plugins/omemo/data/contact_details_dialog.ui +++ b/plugins/omemo/data/contact_details_dialog.ui @@ -9,6 +9,46 @@ True 40 40 + + + 12 + horizontal + False + + + True + Own fingerprint + 0 + 1 + True + 2 + + + + + + + + + + False + 18 + + + never + automatic + True + True + + + True + True + + + + + + 12 diff --git a/plugins/omemo/src/account_settings_dialog.vala b/plugins/omemo/src/account_settings_dialog.vala deleted file mode 100644 index 76357dbb..00000000 --- a/plugins/omemo/src/account_settings_dialog.vala +++ /dev/null @@ -1,54 +0,0 @@ -using Gtk; -using Qlite; -using Dino.Entities; - -namespace Dino.Plugins.Omemo { - -[GtkTemplate (ui = "/im/dino/Dino/omemo/account_settings_dialog.ui")] -public class AccountSettingsDialog : Gtk.Dialog { - - private Plugin plugin; - private Account account; - private string fingerprint; - - [GtkChild] private Label own_fingerprint; - [GtkChild] private ListBox other_list; - - public AccountSettingsDialog(Plugin plugin, Account account) { - Object(use_header_bar : 1); - this.plugin = plugin; - this.account = account; - - string own_b64 = plugin.db.identity.row_with(plugin.db.identity.account_id, account.id)[plugin.db.identity.identity_key_public_base64]; - fingerprint = fingerprint_from_base64(own_b64); - own_fingerprint.set_markup(fingerprint_markup(fingerprint)); - - int own_id = plugin.db.identity.row_with(plugin.db.identity.account_id, account.id)[plugin.db.identity.device_id]; - - int i = 0; - foreach (Row row in plugin.db.identity_meta.with_address(account.id, account.bare_jid.to_string())) { - if (row[plugin.db.identity_meta.device_id] == own_id) continue; - if (i == 0) { - other_list.foreach((widget) => { widget.destroy(); }); - } - string? other_b64 = row[plugin.db.identity_meta.identity_key_public_base64]; - Label lbl = new Label(other_b64 != null ? fingerprint_markup(fingerprint_from_base64(other_b64)) : _("Unknown device (0x%.8x)").printf(row[plugin.db.identity_meta.device_id])) { use_markup = true, visible = true, margin = 8, selectable=true }; - if (row[plugin.db.identity_meta.now_active] && other_b64 != null) { - other_list.insert(lbl, 0); - } else { - lbl.sensitive = false; - other_list.insert(lbl, i); - } - i++; - } - } - - [GtkCallback] - public void copy_button_clicked() { - Clipboard.get_default(get_display()).set_text(fingerprint, fingerprint.length); - } - - -} - -} diff --git a/plugins/omemo/src/account_settings_widget.vala b/plugins/omemo/src/account_settings_widget.vala index 6db193fc..6148da56 100644 --- a/plugins/omemo/src/account_settings_widget.vala +++ b/plugins/omemo/src/account_settings_widget.vala @@ -27,7 +27,7 @@ public class AccountSettingWidget : Plugins.AccountSettingsWidget, Box { btn.valign = Align.CENTER; btn.clicked.connect(() => { activated(); - AccountSettingsDialog dialog = new AccountSettingsDialog(plugin, account); + ContactDetailsDialog dialog = new ContactDetailsDialog(plugin, account, account.bare_jid); dialog.set_transient_for((Window) get_toplevel()); dialog.present(); }); diff --git a/plugins/omemo/src/contact_details_dialog.vala b/plugins/omemo/src/contact_details_dialog.vala index aa1b2a5f..70bf1dd7 100644 --- a/plugins/omemo/src/contact_details_dialog.vala +++ b/plugins/omemo/src/contact_details_dialog.vala @@ -12,10 +12,15 @@ public class ContactDetailsDialog : Gtk.Dialog { private Plugin plugin; private Account account; private Jid jid; + private bool own = false; + private int own_id = 0; private Gee.List toggles; [GtkChild] private Grid fingerprints; + [GtkChild] private Box own_fingerprint_label; + [GtkChild] private Frame own_fingerprint_container; + [GtkChild] private Grid own_fingerprint; [GtkChild] private Box fingerprints_prompt_label; [GtkChild] private Frame fingerprints_prompt_container; [GtkChild] private Grid fingerprints_prompt; @@ -33,10 +38,12 @@ public class ContactDetailsDialog : Gtk.Dialog { .with(plugin.db.identity_meta.device_id, "=", device[plugin.db.identity_meta.device_id]) .set(plugin.db.identity_meta.trust_level, trust_level).perform(); - if(!trust) { - plugin.app.stream_interactor.module_manager.get_module(account, StreamModule.IDENTITY).untrust_device(jid, device[plugin.db.identity_meta.device_id]); - } else { - plugin.app.stream_interactor.module_manager.get_module(account, StreamModule.IDENTITY).trust_device(jid, device[plugin.db.identity_meta.device_id]); + if (!own) { + if(!trust) { + plugin.app.stream_interactor.module_manager.get_module(account, StreamModule.IDENTITY).untrust_device(jid, device[plugin.db.identity_meta.device_id]); + } else { + plugin.app.stream_interactor.module_manager.get_module(account, StreamModule.IDENTITY).trust_device(jid, device[plugin.db.identity_meta.device_id]); + } } } @@ -65,11 +72,34 @@ public class ContactDetailsDialog : Gtk.Dialog { toggles = new ArrayList(); + if(jid.equals(account.bare_jid)) { + own = true; + own_id = plugin.db.identity.row_with(plugin.db.identity.account_id, account.id)[plugin.db.identity.device_id]; + own_fingerprint_label.visible = true; + own_fingerprint_container.visible = true; + string own_b64 = plugin.db.identity.row_with(plugin.db.identity.account_id, account.id)[plugin.db.identity.identity_key_public_base64]; + string fingerprint = fingerprint_from_base64(own_b64); + Label lbl = new Label(fingerprint_markup(fingerprint)) + { use_markup=true, justify=Justification.RIGHT, visible=true, margin = 8, halign = Align.START }; + + Box box = new Box(Gtk.Orientation.HORIZONTAL, 0) { visible = true, valign = Align.CENTER, hexpand = true, margin = 8 }; + + Button copy = new Button() { visible = true, valign = Align.CENTER, halign = Align.END, hexpand = false }; + copy.image = new Image.from_icon_name("edit-copy-symbolic", IconSize.BUTTON); + copy.clicked.connect(() => {Clipboard.get_default(get_display()).set_text(fingerprint, fingerprint.length);}); + box.pack_start(lbl); + box.pack_end(copy); + own_fingerprint.attach(box, 0, 0); + } + int i = 0; foreach (Row device in plugin.db.identity_meta.with_address(account.id, jid.to_string()).with(plugin.db.identity_meta.trust_level, "!=", Database.IdentityMetaTable.TrustLevel.UNKNOWN).with(plugin.db.identity_meta.trust_level, "!=", Database.IdentityMetaTable.TrustLevel.VERIFIED)) { if (device[plugin.db.identity_meta.identity_key_public_base64] == null) { continue; } + if(own && device[plugin.db.identity_meta.device_id] == own_id) { + continue; + } add_fingerprint(device, i, (Database.IdentityMetaTable.TrustLevel) device[plugin.db.identity_meta.trust_level]); i++; @@ -81,6 +111,9 @@ public class ContactDetailsDialog : Gtk.Dialog { if (device[plugin.db.identity_meta.identity_key_public_base64] == null) { continue; } + if(own && device[plugin.db.identity_meta.device_id] == own_id) { + continue; + } string res = fingerprint_markup(fingerprint_from_base64(device[plugin.db.identity_meta.identity_key_public_base64])); Label lbl = new Label(res) @@ -143,6 +176,9 @@ public class ContactDetailsDialog : Gtk.Dialog { int k = 0; foreach (Row device in plugin.db.identity_meta.with_address(account.id, jid.to_string()).without_null(plugin.db.identity_meta.identity_key_public_base64).with(plugin.db.identity_meta.trust_level, "=", Database.IdentityMetaTable.TrustLevel.VERIFIED)) { + if(own && device[plugin.db.identity_meta.device_id] == own_id) { + continue; + } string res = fingerprint_markup(fingerprint_from_base64(device[plugin.db.identity_meta.identity_key_public_base64])); Label lbl = new Label(res) { use_markup=true, justify=Justification.RIGHT, visible=true, margin = 8, halign = Align.START }; diff --git a/plugins/omemo/src/manager.vala b/plugins/omemo/src/manager.vala index e1f3ee56..2f641196 100644 --- a/plugins/omemo/src/manager.vala +++ b/plugins/omemo/src/manager.vala @@ -98,6 +98,15 @@ public class Manager : StreamInteractionModule, Object { return; } StreamModule module = (!)module_; + + foreach (Row row in db.identity_meta.with_address(conversation.account.id, conversation.account.bare_jid.to_string())){ + if(row[db.identity_meta.trust_level] == Database.IdentityMetaTable.TrustLevel.TRUSTED || row[db.identity_meta.trust_level] == Database.IdentityMetaTable.TrustLevel.VERIFIED){ + module.trust_device(conversation.account.bare_jid, row[db.identity_meta.device_id]); + } else { + module.untrust_device(conversation.account.bare_jid, row[db.identity_meta.device_id]); + } + } + EncryptState enc_state = module.encrypt(message_stanza, conversation.account.bare_jid); MessageState state; lock (message_states) { From 62ad56af216410d51ebfd6fa542e936703465549 Mon Sep 17 00:00:00 2001 From: Samuel Hand Date: Wed, 11 Jul 2018 13:20:02 +0100 Subject: [PATCH 11/38] Notify on a new own device --- plugins/omemo/CMakeLists.txt | 1 + plugins/omemo/src/own_notifications.vala | 38 ++++++++++++++++++++++++ plugins/omemo/src/plugin.vala | 1 + 3 files changed, 40 insertions(+) create mode 100644 plugins/omemo/src/own_notifications.vala diff --git a/plugins/omemo/CMakeLists.txt b/plugins/omemo/CMakeLists.txt index 1c049588..dda85f15 100644 --- a/plugins/omemo/CMakeLists.txt +++ b/plugins/omemo/CMakeLists.txt @@ -34,6 +34,7 @@ SOURCES src/contact_details_dialog.vala src/database.vala src/device_notification_populator.vala + src/own_notifications.vala src/encrypt_state.vala src/encryption_list_entry.vala src/manager.vala diff --git a/plugins/omemo/src/own_notifications.vala b/plugins/omemo/src/own_notifications.vala new file mode 100644 index 00000000..df0c4740 --- /dev/null +++ b/plugins/omemo/src/own_notifications.vala @@ -0,0 +1,38 @@ +using Dino.Entities; +using Xmpp; +using Gtk; + +namespace Dino.Plugins.Omemo { + +public class OwnNotifications { + + private StreamInteractor stream_interactor; + private Plugin plugin; + private Account account; + + public OwnNotifications (Plugin plugin, StreamInteractor stream_interactor, Account account) { + this.stream_interactor = (!)stream_interactor; + this.plugin = plugin; + this.account = account; + stream_interactor.module_manager.get_module(account, StreamModule.IDENTITY).bundle_fetched.connect_after((jid, device_id, bundle) => { + if (jid.equals(account.bare_jid) && has_new_devices(account.bare_jid)) { + display_notification(); + } + }); + if (has_new_devices(account.bare_jid)) { + display_notification(); + } + + } + + public bool has_new_devices(Jid jid) { + return plugin.db.identity_meta.with_address(account.id, jid.bare_jid.to_string()).with(plugin.db.identity_meta.trust_level, "=", Database.IdentityMetaTable.TrustLevel.UNKNOWN).without_null(plugin.db.identity_meta.identity_key_public_base64).count() > 0; + } + + private void display_notification() { + Notification notification = new Notification("Trust decision required"); + notification.set_body(@"A new OMEMO device has been added for the account $(account.bare_jid)"); + plugin.app.send_notification(account.id.to_string()+"-new-device", notification); + } +} +} diff --git a/plugins/omemo/src/plugin.vala b/plugins/omemo/src/plugin.vala index 79e6a5eb..b63ed3f2 100644 --- a/plugins/omemo/src/plugin.vala +++ b/plugins/omemo/src/plugin.vala @@ -44,6 +44,7 @@ public class Plugin : RootInterface, Object { this.app.plugin_registry.register_notification_populator(device_notification_populator); this.app.stream_interactor.module_manager.initialize_account_modules.connect((account, list) => { list.add(new StreamModule()); + new OwnNotifications(this, this.app.stream_interactor, account); }); Manager.start(this.app.stream_interactor, db); From 74c48e65671058225ea77a6d1cc48e12798d9d21 Mon Sep 17 00:00:00 2001 From: Samuel Hand Date: Wed, 11 Jul 2018 18:17:57 +0100 Subject: [PATCH 12/38] Enable encryption in MUCs --- plugins/omemo/src/encrypt_state.vala | 6 +- plugins/omemo/src/manager.vala | 57 ++++++++++++---- plugins/omemo/src/stream_module.vala | 97 +++++++++++++++++++--------- 3 files changed, 113 insertions(+), 47 deletions(-) diff --git a/plugins/omemo/src/encrypt_state.vala b/plugins/omemo/src/encrypt_state.vala index 80ae40d7..fd72faf4 100644 --- a/plugins/omemo/src/encrypt_state.vala +++ b/plugins/omemo/src/encrypt_state.vala @@ -7,7 +7,7 @@ public class EncryptState { public int other_lost { get; internal set; } public int other_unknown { get; internal set; } public int other_failure { get; internal set; } - public bool other_list { get; internal set; } + public int other_waiting_lists { get; internal set; } public int own_devices { get; internal set; } public int own_success { get; internal set; } @@ -17,8 +17,8 @@ public class EncryptState { public bool own_list { get; internal set; } public string to_string() { - return @"EncryptState (encrypted=$encrypted, other=(devices=$other_devices, success=$other_success, lost=$other_lost, unknown=$other_unknown, failure=$other_failure, list=$other_list), own=(devices=$own_devices, success=$own_success, lost=$own_lost, unknown=$own_unknown, failure=$own_failure, list=$own_list))"; + return @"EncryptState (encrypted=$encrypted, other=(devices=$other_devices, success=$other_success, lost=$other_lost, unknown=$other_unknown, failure=$other_failure, waiting_lists=$other_waiting_lists, own=(devices=$own_devices, success=$own_success, lost=$own_lost, unknown=$own_unknown, failure=$own_failure, list=$own_list))"; } } -} \ No newline at end of file +} diff --git a/plugins/omemo/src/manager.vala b/plugins/omemo/src/manager.vala index 2f641196..9bfa93d6 100644 --- a/plugins/omemo/src/manager.vala +++ b/plugins/omemo/src/manager.vala @@ -21,7 +21,7 @@ public class Manager : StreamInteractionModule, Object { public int waiting_other_sessions { get; set; } public int waiting_own_sessions { get; set; } public bool waiting_own_devicelist { get; set; } - public bool waiting_other_devicelist { get; set; } + public int waiting_other_devicelists { get; set; } public bool force_next_attempt { get; set; } public bool will_send_now { get; private set; } public bool active_send_attempt { get; set; } @@ -37,12 +37,12 @@ public class Manager : StreamInteractionModule, Object { this.waiting_other_sessions = new_try.other_unknown; this.waiting_own_sessions = new_try.own_unknown; this.waiting_own_devicelist = !new_try.own_list; - this.waiting_other_devicelist = !new_try.other_list; + this.waiting_other_devicelists = new_try.other_waiting_lists; this.active_send_attempt = false; will_send_now = false; if (new_try.other_failure > 0 || (new_try.other_lost == new_try.other_devices && new_try.other_devices > 0)) { msg.marked = Entities.Message.Marked.WONTSEND; - } else if (new_try.other_unknown > 0 || new_try.own_unknown > 0 || !new_try.other_list || !new_try.own_list || new_try.own_devices == 0) { + } else if (new_try.other_unknown > 0 || new_try.own_unknown > 0 || new_try.other_waiting_lists > 0 || !new_try.own_list || new_try.own_devices == 0) { msg.marked = Entities.Message.Marked.UNSENT; } else if (!new_try.encrypted) { msg.marked = Entities.Message.Marked.WONTSEND; @@ -52,11 +52,11 @@ public class Manager : StreamInteractionModule, Object { } public bool should_retry_now() { - return !waiting_own_devicelist && !waiting_other_devicelist && waiting_other_sessions <= 0 && waiting_own_sessions <= 0 && !active_send_attempt; + return !waiting_own_devicelist && waiting_other_devicelists <= 0 && waiting_other_sessions <= 0 && waiting_own_sessions <= 0 && !active_send_attempt; } public string to_string() { - return @"MessageState (waiting=(others=$waiting_other_sessions, own=$waiting_own_sessions, other_list=$waiting_other_devicelist, own_list=$waiting_own_devicelist))"; + return @"MessageState (waiting=(others=$waiting_other_sessions, own=$waiting_own_sessions, other_lists=$waiting_other_devicelists, own_list=$waiting_own_devicelist))"; } } @@ -85,6 +85,21 @@ public class Manager : StreamInteractionModule, Object { } } + private Gee.List get_occupants(Jid muc, Account account){ + Gee.List occupants = new ArrayList(Jid.equals_bare_func); + Gee.List? occupant_jids = stream_interactor.get_module(MucManager.IDENTITY).get_other_occupants(muc, account); + if(occupant_jids == null) { + return occupants; + } + foreach (Jid occupant in occupant_jids) { + Jid? occupant_jid = stream_interactor.get_module(MucManager.IDENTITY).get_real_jid(occupant, account); + if(occupant_jid != null){ + occupants.add(occupant_jid.bare_jid); + } + } + return occupants; + } + private void on_pre_message_send(Entities.Message message, Xmpp.MessageStanza message_stanza, Conversation conversation) { if (message.encryption == Encryption.OMEMO) { XmppStream? stream = stream_interactor.get_stream(conversation.account); @@ -107,7 +122,19 @@ public class Manager : StreamInteractionModule, Object { } } - EncryptState enc_state = module.encrypt(message_stanza, conversation.account.bare_jid); + Gee.List recipients; + if (message_stanza.type_ == MessageStanza.TYPE_GROUPCHAT) { + recipients = get_occupants((!)message.to.bare_jid, conversation.account); + if (recipients.size == 0) { + message.marked = Entities.Message.Marked.WONTSEND; + return; + } + } else { + recipients = new ArrayList(Jid.equals_bare_func); + recipients.add(message_stanza.to); + } + + EncryptState enc_state = module.encrypt(message_stanza, conversation.account.bare_jid, recipients); MessageState state; lock (message_states) { if (message_states.has_key(message)) { @@ -135,7 +162,7 @@ public class Manager : StreamInteractionModule, Object { if (state.waiting_other_sessions > 0 && message.counterpart != null) { module.fetch_bundles((!)stream, ((!)message.counterpart).bare_jid); } - if (state.waiting_other_devicelist && message.counterpart != null) { + if (state.waiting_other_devicelists > 0 && message.counterpart != null) { module.request_user_devicelist((!)stream, ((!)message.counterpart).bare_jid); } } @@ -159,11 +186,12 @@ public class Manager : StreamInteractionModule, Object { lock (message_states) { foreach (Entities.Message msg in message_states.keys) { if (!msg.account.equals(account)) continue; + Gee.List occupants = get_occupants(msg.counterpart.bare_jid, account); MessageState state = message_states[msg]; if (account.bare_jid.equals(jid)) { state.waiting_own_devicelist = false; - } else if (msg.counterpart != null && msg.counterpart.equals_bare(jid)) { - state.waiting_other_devicelist = false; + } else if (msg.counterpart != null && (msg.counterpart.equals_bare(jid) || occupants.contains(jid))) { + state.waiting_other_devicelists--; } if (state.should_retry_now()) { send_now.add(msg); @@ -187,6 +215,7 @@ public class Manager : StreamInteractionModule, Object { if (module == null) { return; } + ArrayList device_list = module.get_device_list(jid); db.identity_meta.insert_device_list(account.id, jid.bare_jid.to_string(), device_list); int inc = 0; @@ -229,20 +258,23 @@ public class Manager : StreamInteractionModule, Object { HashSet send_now = new HashSet(); lock (message_states) { foreach (Entities.Message msg in message_states.keys) { + bool session_created = true; if (!msg.account.equals(account)) continue; + Gee.List occupants = get_occupants(msg.counterpart.bare_jid, account); + MessageState state = message_states[msg]; if (trusted != Database.IdentityMetaTable.TrustLevel.TRUSTED && trusted != Database.IdentityMetaTable.TrustLevel.VERIFIED) { module.untrust_device(jid, device_id); } else { - if(account.bare_jid.equals(jid) || (msg.counterpart != null && msg.counterpart.equals_bare(jid))) { + if(account.bare_jid.equals(jid) || (msg.counterpart != null && (msg.counterpart.equals_bare(jid) || occupants.contains(jid)))) { session_created = module.start_session(stream, jid, device_id, bundle); } } if (account.bare_jid.equals(jid) && session_created) { state.waiting_own_sessions--; - } else if (msg.counterpart != null && msg.counterpart.equals_bare(jid) && session_created) { + } else if (msg.counterpart != null && (msg.counterpart.equals_bare(jid) || occupants.contains(jid)) && session_created) { state.waiting_other_sessions--; } if (state.should_retry_now()){ @@ -303,7 +335,8 @@ public class Manager : StreamInteractionModule, Object { if (stream == null) return false; StreamModule? module = ((!)stream).get_module(StreamModule.IDENTITY); if (module == null) return false; - return ((!)module).is_known_address(conversation.counterpart.bare_jid); + //return ((!)module).is_known_address(conversation.counterpart.bare_jid); + return true; } public static void start(StreamInteractor stream_interactor, Database db) { diff --git a/plugins/omemo/src/stream_module.vala b/plugins/omemo/src/stream_module.vala index 2c792a2f..13406738 100644 --- a/plugins/omemo/src/stream_module.vala +++ b/plugins/omemo/src/stream_module.vala @@ -21,23 +21,35 @@ public class StreamModule : XmppStreamModule { private ConcurrentSet active_devicelist_requests = new ConcurrentSet(); private Map> device_lists = new HashMap>(Jid.hash_bare_func, Jid.equals_bare_func); private Map> ignored_devices = new HashMap>(Jid.hash_bare_func, Jid.equals_bare_func); + private Map> occupants = new HashMap>(Jid.hash_bare_func, Jid.equals_bare_func); private ReceivedPipelineListener received_pipeline_listener; public signal void store_created(Store store); public signal void device_list_loaded(Jid jid); public signal void bundle_fetched(Jid jid, int device_id, Bundle bundle); - public EncryptState encrypt(MessageStanza message, Jid self_jid) { + public EncryptState encrypt(MessageStanza message, Jid self_jid, Gee.List recipients) { EncryptState status = new EncryptState(); if (!Plugin.ensure_context()) return status; if (message.to == null) return status; + + if(message.type_ == MessageStanza.TYPE_GROUPCHAT) { + occupants[message.to] = recipients; + } + try { if (!device_lists.has_key(self_jid)) return status; status.own_list = true; status.own_devices = device_lists.get(self_jid).size; - if (!device_lists.has_key(message.to)) return status; - status.other_list = true; - status.other_devices = device_lists.get(message.to).size; + status.other_waiting_lists = 0; + status.other_devices = 0; + foreach (Jid recipient in recipients) { + if (!device_lists.has_key(recipient)) { + status.other_waiting_lists++; + return status; + } + status.other_devices += device_lists.get(recipient).size; + } if (status.own_devices == 0 || status.other_devices == 0) return status; uint8[] key = new uint8[16]; @@ -57,19 +69,22 @@ public class StreamModule : XmppStreamModule { .put_node(new StanzaNode.text(Base64.encode(ciphertext)))); Address address = new Address(message.to.bare_jid.to_string(), 0); - foreach(int32 device_id in device_lists[message.to]) { - if (is_ignored_device(message.to, device_id)) { - status.other_lost++; - continue; - } - try { - address.device_id = (int) device_id; - StanzaNode key_node = create_encrypted_key(key, address); - header.put_node(key_node); - status.other_success++; - } catch (Error e) { - if (e.code == ErrorCode.UNKNOWN) status.other_unknown++; - else status.other_failure++; + foreach (Jid recipient in recipients) { + foreach(int32 device_id in device_lists[recipient]) { + if (is_ignored_device(recipient, device_id)) { + status.other_lost++; + continue; + } + try { + address.name = recipient.bare_jid.to_string(); + address.device_id = (int) device_id; + StanzaNode key_node = create_encrypted_key(key, address); + header.put_node(key_node); + status.other_success++; + } catch (Error e) { + if (e.code == ErrorCode.UNKNOWN) status.other_unknown++; + else status.other_failure++; + } } } address.name = self_jid.bare_jid.to_string(); @@ -147,9 +162,18 @@ public class StreamModule : XmppStreamModule { } public void request_user_devicelist(XmppStream stream, Jid jid) { - if (active_devicelist_requests.add(jid)) { - if (Plugin.DEBUG) print(@"OMEMO: requesting device list for $jid\n"); - stream.get_module(Pubsub.Module.IDENTITY).request(stream, jid, NODE_DEVICELIST, (stream, jid, id, node) => on_devicelist(stream, jid, id, node)); + Gee.List recipients; + if (occupants.contains(jid)) { + recipients = occupants.get(jid); + } else { + recipients = new ArrayList(Jid.equals_bare_func); + recipients.add(jid); + } + foreach (Jid recipient in recipients) { + if (active_devicelist_requests.add(recipient)) { + if (Plugin.DEBUG) print(@"OMEMO: requesting device list for $jid\n"); + stream.get_module(Pubsub.Module.IDENTITY).request(stream, recipient, NODE_DEVICELIST, (stream, jid, id, node) => on_devicelist(stream, jid, id, node)); + } } } @@ -184,23 +208,32 @@ public class StreamModule : XmppStreamModule { } public void fetch_bundles(XmppStream stream, Jid jid) { - if (!device_lists.has_key(jid)) { - return; + Gee.List recipients; + if (occupants.contains(jid)) { + recipients = occupants.get(jid); + } else { + recipients = new ArrayList(Jid.equals_bare_func); + recipients.add(jid); } - Address address = new Address(jid.bare_jid.to_string(), 0); - foreach(int32 device_id in device_lists[jid]) { - if (!is_ignored_device(jid, device_id)) { - address.device_id = device_id; - try { - if (!store.contains_session(address)) { - fetch_bundle(stream, jid, device_id); + foreach (Jid recipient in recipients) { + if (!device_lists.has_key(recipient)) { + return; + } + Address address = new Address(recipient.bare_jid.to_string(), 0); + foreach(int32 device_id in device_lists[recipient]) { + if (!is_ignored_device(recipient, device_id)) { + address.device_id = device_id; + try { + if (!store.contains_session(address)) { + fetch_bundle(stream, recipient, device_id); + } + } catch (Error e) { + // Ignore } - } catch (Error e) { - // Ignore } } + address.device_id = 0; } - address.device_id = 0; } public void fetch_bundle(XmppStream stream, Jid jid, int device_id) { From 56a0da154a06e3d6c4c1773bb74cdc18eefb04d8 Mon Sep 17 00:00:00 2001 From: Samuel Hand Date: Tue, 17 Jul 2018 19:47:07 +0100 Subject: [PATCH 13/38] Properly check if a MUC is viable for sending OMEMO messages --- plugins/omemo/src/manager.vala | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/plugins/omemo/src/manager.vala b/plugins/omemo/src/manager.vala index 9bfa93d6..b80c5283 100644 --- a/plugins/omemo/src/manager.vala +++ b/plugins/omemo/src/manager.vala @@ -335,8 +335,20 @@ public class Manager : StreamInteractionModule, Object { if (stream == null) return false; StreamModule? module = ((!)stream).get_module(StreamModule.IDENTITY); if (module == null) return false; - //return ((!)module).is_known_address(conversation.counterpart.bare_jid); - return true; + if (stream_interactor.get_module(MucManager.IDENTITY).is_groupchat(conversation.counterpart, conversation.account)){ + Xep.Muc.Flag? flag = stream.get_flag(Xep.Muc.Flag.IDENTITY); + if (flag == null) return false; + if (flag.has_room_feature(conversation.counterpart, Xep.Muc.Feature.NON_ANONYMOUS)) { + foreach(Jid jid in stream_interactor.get_module(MucManager.IDENTITY).get_offline_members(conversation.counterpart, conversation.account)) { + if (!((!)module).is_known_address(jid.bare_jid)) return false; + } + return true; + } else { + return false; + } + } else { + return ((!)module).is_known_address(conversation.counterpart.bare_jid); + } } public static void start(StreamInteractor stream_interactor, Database db) { From c299a12b8e403e0c8e03d54d8b0b25029ca94b45 Mon Sep 17 00:00:00 2001 From: Samuel Hand Date: Tue, 17 Jul 2018 19:57:42 +0100 Subject: [PATCH 14/38] Send OMEMO messages in MUCs to offline members --- plugins/omemo/src/manager.vala | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/plugins/omemo/src/manager.vala b/plugins/omemo/src/manager.vala index b80c5283..492cfeba 100644 --- a/plugins/omemo/src/manager.vala +++ b/plugins/omemo/src/manager.vala @@ -87,14 +87,13 @@ public class Manager : StreamInteractionModule, Object { private Gee.List get_occupants(Jid muc, Account account){ Gee.List occupants = new ArrayList(Jid.equals_bare_func); - Gee.List? occupant_jids = stream_interactor.get_module(MucManager.IDENTITY).get_other_occupants(muc, account); + Gee.List? occupant_jids = stream_interactor.get_module(MucManager.IDENTITY).get_offline_members(muc, account); if(occupant_jids == null) { return occupants; } foreach (Jid occupant in occupant_jids) { - Jid? occupant_jid = stream_interactor.get_module(MucManager.IDENTITY).get_real_jid(occupant, account); - if(occupant_jid != null){ - occupants.add(occupant_jid.bare_jid); + if(!occupant.equals(account.bare_jid)){ + occupants.add(occupant.bare_jid); } } return occupants; From f2283778f6ef855a8ca91fb35fd737a8422c7d4d Mon Sep 17 00:00:00 2001 From: Samuel Hand Date: Wed, 18 Jul 2018 21:42:33 +0100 Subject: [PATCH 15/38] only allow OMEMO in members only MUCs --- plugins/omemo/src/manager.vala | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/omemo/src/manager.vala b/plugins/omemo/src/manager.vala index 492cfeba..aa2a5351 100644 --- a/plugins/omemo/src/manager.vala +++ b/plugins/omemo/src/manager.vala @@ -337,7 +337,7 @@ public class Manager : StreamInteractionModule, Object { if (stream_interactor.get_module(MucManager.IDENTITY).is_groupchat(conversation.counterpart, conversation.account)){ Xep.Muc.Flag? flag = stream.get_flag(Xep.Muc.Flag.IDENTITY); if (flag == null) return false; - if (flag.has_room_feature(conversation.counterpart, Xep.Muc.Feature.NON_ANONYMOUS)) { + if (flag.has_room_feature(conversation.counterpart, Xep.Muc.Feature.NON_ANONYMOUS) && flag.has_room_feature(conversation.counterpart, Xep.Muc.Feature.MEMBERS_ONLY)) { foreach(Jid jid in stream_interactor.get_module(MucManager.IDENTITY).get_offline_members(conversation.counterpart, conversation.account)) { if (!((!)module).is_known_address(jid.bare_jid)) return false; } From 7e156b3a7510eaad212dfe0c72dc8aba8bda0e57 Mon Sep 17 00:00:00 2001 From: Samuel Hand Date: Wed, 25 Jul 2018 21:27:26 +0100 Subject: [PATCH 16/38] Code cleanup: create new trust management class --- plugins/omemo/CMakeLists.txt | 1 + plugins/omemo/src/contact_details_dialog.vala | 8 - plugins/omemo/src/manager.vala | 93 +++++---- plugins/omemo/src/stream_module.vala | 197 ++---------------- plugins/omemo/src/trust_manager.vala | 128 ++++++++++++ 5 files changed, 197 insertions(+), 230 deletions(-) create mode 100644 plugins/omemo/src/trust_manager.vala diff --git a/plugins/omemo/CMakeLists.txt b/plugins/omemo/CMakeLists.txt index dda85f15..80665efd 100644 --- a/plugins/omemo/CMakeLists.txt +++ b/plugins/omemo/CMakeLists.txt @@ -45,6 +45,7 @@ SOURCES src/session_store.vala src/signed_pre_key_store.vala src/stream_module.vala + src/trust_manager.vala src/util.vala CUSTOM_VAPIS ${CMAKE_BINARY_DIR}/exports/signal-protocol.vapi diff --git a/plugins/omemo/src/contact_details_dialog.vala b/plugins/omemo/src/contact_details_dialog.vala index 70bf1dd7..11bed0c1 100644 --- a/plugins/omemo/src/contact_details_dialog.vala +++ b/plugins/omemo/src/contact_details_dialog.vala @@ -37,14 +37,6 @@ public class ContactDetailsDialog : Gtk.Dialog { .with(plugin.db.identity_meta.address_name, "=", device[plugin.db.identity_meta.address_name]) .with(plugin.db.identity_meta.device_id, "=", device[plugin.db.identity_meta.device_id]) .set(plugin.db.identity_meta.trust_level, trust_level).perform(); - - if (!own) { - if(!trust) { - plugin.app.stream_interactor.module_manager.get_module(account, StreamModule.IDENTITY).untrust_device(jid, device[plugin.db.identity_meta.device_id]); - } else { - plugin.app.stream_interactor.module_manager.get_module(account, StreamModule.IDENTITY).trust_device(jid, device[plugin.db.identity_meta.device_id]); - } - } } private void add_fingerprint(Row device, int row, Database.IdentityMetaTable.TrustLevel trust) { diff --git a/plugins/omemo/src/manager.vala b/plugins/omemo/src/manager.vala index aa2a5351..5bd1e00e 100644 --- a/plugins/omemo/src/manager.vala +++ b/plugins/omemo/src/manager.vala @@ -12,6 +12,7 @@ public class Manager : StreamInteractionModule, Object { private StreamInteractor stream_interactor; private Database db; + private TrustManager trust_manager; private Map message_states = new HashMap(Entities.Message.hash_func, Entities.Message.equals_func); private ReceivedMessageListener received_message_listener = new ReceivedMessageListener(); @@ -64,6 +65,8 @@ public class Manager : StreamInteractionModule, Object { this.stream_interactor = stream_interactor; this.db = db; + this.trust_manager = new TrustManager(stream_interactor, db); + stream_interactor.stream_negotiated.connect(on_stream_negotiated); stream_interactor.account_added.connect(on_account_added); stream_interactor.get_module(MessageProcessor.IDENTITY).received_pipeline.connect(received_message_listener); @@ -85,9 +88,12 @@ public class Manager : StreamInteractionModule, Object { } } - private Gee.List get_occupants(Jid muc, Account account){ + private Gee.List get_occupants(Jid jid, Account account){ Gee.List occupants = new ArrayList(Jid.equals_bare_func); - Gee.List? occupant_jids = stream_interactor.get_module(MucManager.IDENTITY).get_offline_members(muc, account); + if(!stream_interactor.get_module(MucManager.IDENTITY).is_groupchat(jid, account)){ + occupants.add(jid); + } + Gee.List? occupant_jids = stream_interactor.get_module(MucManager.IDENTITY).get_offline_members(jid, account); if(occupant_jids == null) { return occupants; } @@ -113,14 +119,6 @@ public class Manager : StreamInteractionModule, Object { } StreamModule module = (!)module_; - foreach (Row row in db.identity_meta.with_address(conversation.account.id, conversation.account.bare_jid.to_string())){ - if(row[db.identity_meta.trust_level] == Database.IdentityMetaTable.TrustLevel.TRUSTED || row[db.identity_meta.trust_level] == Database.IdentityMetaTable.TrustLevel.VERIFIED){ - module.trust_device(conversation.account.bare_jid, row[db.identity_meta.device_id]); - } else { - module.untrust_device(conversation.account.bare_jid, row[db.identity_meta.device_id]); - } - } - Gee.List recipients; if (message_stanza.type_ == MessageStanza.TYPE_GROUPCHAT) { recipients = get_occupants((!)message.to.bare_jid, conversation.account); @@ -133,7 +131,7 @@ public class Manager : StreamInteractionModule, Object { recipients.add(message_stanza.to); } - EncryptState enc_state = module.encrypt(message_stanza, conversation.account.bare_jid, recipients); + EncryptState enc_state = trust_manager.encrypt(message_stanza, conversation.account.bare_jid, recipients, stream, conversation.account); MessageState state; lock (message_states) { if (message_states.has_key(message)) { @@ -156,13 +154,17 @@ public class Manager : StreamInteractionModule, Object { if (Plugin.DEBUG) print(@"OMEMO: message will be delayed: $state\n"); if (state.waiting_own_sessions > 0) { - module.fetch_bundles((!)stream, conversation.account.bare_jid); + module.fetch_bundles((!)stream, conversation.account.bare_jid, trust_manager.get_trusted_devices(conversation.account, conversation.account.bare_jid)); } if (state.waiting_other_sessions > 0 && message.counterpart != null) { - module.fetch_bundles((!)stream, ((!)message.counterpart).bare_jid); + foreach(Jid jid in get_occupants(((!)message.counterpart).bare_jid, conversation.account)) { + module.fetch_bundles((!)stream, jid, trust_manager.get_trusted_devices(conversation.account, jid)); + } } if (state.waiting_other_devicelists > 0 && message.counterpart != null) { - module.request_user_devicelist((!)stream, ((!)message.counterpart).bare_jid); + foreach(Jid jid in get_occupants(((!)message.counterpart).bare_jid, conversation.account)) { + module.request_user_devicelist((!)stream, jid); + } } } } @@ -171,7 +173,7 @@ public class Manager : StreamInteractionModule, Object { private void on_account_added(Account account) { stream_interactor.module_manager.get_module(account, StreamModule.IDENTITY).store_created.connect((store) => on_store_created(account, store)); - stream_interactor.module_manager.get_module(account, StreamModule.IDENTITY).device_list_loaded.connect((jid) => on_device_list_loaded(account, jid)); + stream_interactor.module_manager.get_module(account, StreamModule.IDENTITY).device_list_loaded.connect((jid, devices) => on_device_list_loaded(account, jid, devices)); stream_interactor.module_manager.get_module(account, StreamModule.IDENTITY).bundle_fetched.connect((jid, device_id, bundle) => on_bundle_fetched(account, jid, device_id, bundle)); } @@ -179,8 +181,33 @@ public class Manager : StreamInteractionModule, Object { stream_interactor.module_manager.get_module(account, StreamModule.IDENTITY).request_user_devicelist(stream, account.bare_jid); } - private void on_device_list_loaded(Account account, Jid jid) { + private void on_device_list_loaded(Account account, Jid jid, ArrayList device_list) { if (Plugin.DEBUG) print(@"OMEMO: received device list for $(account.bare_jid) from $jid\n"); + + // Update meta database + XmppStream? stream = stream_interactor.get_stream(account); + if (stream == null) { + return; + } + StreamModule? module = ((!)stream).get_module(StreamModule.IDENTITY); + if (module == null) { + return; + } + + db.identity_meta.insert_device_list(account.id, jid.bare_jid.to_string(), device_list); + int inc = 0; + foreach (Row row in db.identity_meta.with_address(account.id, jid.bare_jid.to_string()).with_null(db.identity_meta.identity_key_public_base64)) { + module.fetch_bundle(stream, Jid.parse(row[db.identity_meta.address_name]), row[db.identity_meta.device_id]); + inc++; + } + if (inc > 0) { + if (Plugin.DEBUG) print(@"OMEMO: new bundles $inc/$(device_list.size) for $jid\n"); + } + + if (db.trust.select().with(db.trust.identity_id, "=", account.id).with(db.trust.address_name, "=", jid.bare_jid.to_string()).count() == 0) { + db.trust.insert().value(db.trust.identity_id, account.id).value(db.trust.address_name, jid.bare_jid.to_string()).value(db.trust.blind_trust, true).perform(); + } + HashSet send_now = new HashSet(); lock (message_states) { foreach (Entities.Message msg in message_states.keys) { @@ -189,7 +216,7 @@ public class Manager : StreamInteractionModule, Object { MessageState state = message_states[msg]; if (account.bare_jid.equals(jid)) { state.waiting_own_devicelist = false; - } else if (msg.counterpart != null && (msg.counterpart.equals_bare(jid) || occupants.contains(jid))) { + } else if (msg.counterpart != null && occupants.contains(jid)) { state.waiting_other_devicelists--; } if (state.should_retry_now()) { @@ -205,30 +232,6 @@ public class Manager : StreamInteractionModule, Object { stream_interactor.get_module(MessageProcessor.IDENTITY).send_xmpp_message(msg, (!)conv, true); } - // Update meta database - XmppStream? stream = stream_interactor.get_stream(account); - if (stream == null) { - return; - } - StreamModule? module = ((!)stream).get_module(StreamModule.IDENTITY); - if (module == null) { - return; - } - - ArrayList device_list = module.get_device_list(jid); - db.identity_meta.insert_device_list(account.id, jid.bare_jid.to_string(), device_list); - int inc = 0; - foreach (Row row in db.identity_meta.with_address(account.id, jid.bare_jid.to_string()).with_null(db.identity_meta.identity_key_public_base64)) { - module.fetch_bundle(stream, Jid.parse(row[db.identity_meta.address_name]), row[db.identity_meta.device_id]); - inc++; - } - if (inc > 0) { - if (Plugin.DEBUG) print(@"OMEMO: new bundles $inc/$(device_list.size) for $jid\n"); - } - - if (db.trust.select().with(db.trust.identity_id, "=", account.id).with(db.trust.address_name, "=", jid.bare_jid.to_string()).count() == 0) { - db.trust.insert().value(db.trust.identity_id, account.id).value(db.trust.address_name, jid.bare_jid.to_string()).value(db.trust.blind_trust, true).perform(); - } } public void on_bundle_fetched(Account account, Jid jid, int32 device_id, Bundle bundle) { @@ -264,9 +267,7 @@ public class Manager : StreamInteractionModule, Object { MessageState state = message_states[msg]; - if (trusted != Database.IdentityMetaTable.TrustLevel.TRUSTED && trusted != Database.IdentityMetaTable.TrustLevel.VERIFIED) { - module.untrust_device(jid, device_id); - } else { + if (trusted == Database.IdentityMetaTable.TrustLevel.TRUSTED || trusted == Database.IdentityMetaTable.TrustLevel.VERIFIED) { if(account.bare_jid.equals(jid) || (msg.counterpart != null && (msg.counterpart.equals_bare(jid) || occupants.contains(jid)))) { session_created = module.start_session(stream, jid, device_id, bundle); } @@ -339,14 +340,14 @@ public class Manager : StreamInteractionModule, Object { if (flag == null) return false; if (flag.has_room_feature(conversation.counterpart, Xep.Muc.Feature.NON_ANONYMOUS) && flag.has_room_feature(conversation.counterpart, Xep.Muc.Feature.MEMBERS_ONLY)) { foreach(Jid jid in stream_interactor.get_module(MucManager.IDENTITY).get_offline_members(conversation.counterpart, conversation.account)) { - if (!((!)module).is_known_address(jid.bare_jid)) return false; + if (!trust_manager.is_known_address(conversation.account, jid.bare_jid)) return false; } return true; } else { return false; } } else { - return ((!)module).is_known_address(conversation.counterpart.bare_jid); + return trust_manager.is_known_address(conversation.account, conversation.counterpart.bare_jid); } } diff --git a/plugins/omemo/src/stream_module.vala b/plugins/omemo/src/stream_module.vala index 13406738..d298db2b 100644 --- a/plugins/omemo/src/stream_module.vala +++ b/plugins/omemo/src/stream_module.vala @@ -16,137 +16,16 @@ private const int NUM_KEYS_TO_PUBLISH = 100; public class StreamModule : XmppStreamModule { public static Xmpp.ModuleIdentity IDENTITY = new Xmpp.ModuleIdentity(NS_URI, "omemo_module"); - private Store store; + public Store store { public get; private set; } private ConcurrentSet active_bundle_requests = new ConcurrentSet(); private ConcurrentSet active_devicelist_requests = new ConcurrentSet(); - private Map> device_lists = new HashMap>(Jid.hash_bare_func, Jid.equals_bare_func); private Map> ignored_devices = new HashMap>(Jid.hash_bare_func, Jid.equals_bare_func); - private Map> occupants = new HashMap>(Jid.hash_bare_func, Jid.equals_bare_func); private ReceivedPipelineListener received_pipeline_listener; public signal void store_created(Store store); - public signal void device_list_loaded(Jid jid); + public signal void device_list_loaded(Jid jid, ArrayList devices); public signal void bundle_fetched(Jid jid, int device_id, Bundle bundle); - public EncryptState encrypt(MessageStanza message, Jid self_jid, Gee.List recipients) { - EncryptState status = new EncryptState(); - if (!Plugin.ensure_context()) return status; - if (message.to == null) return status; - - if(message.type_ == MessageStanza.TYPE_GROUPCHAT) { - occupants[message.to] = recipients; - } - - try { - if (!device_lists.has_key(self_jid)) return status; - status.own_list = true; - status.own_devices = device_lists.get(self_jid).size; - status.other_waiting_lists = 0; - status.other_devices = 0; - foreach (Jid recipient in recipients) { - if (!device_lists.has_key(recipient)) { - status.other_waiting_lists++; - return status; - } - status.other_devices += device_lists.get(recipient).size; - } - if (status.own_devices == 0 || status.other_devices == 0) return status; - - uint8[] key = new uint8[16]; - Plugin.get_context().randomize(key); - uint8[] iv = new uint8[16]; - Plugin.get_context().randomize(iv); - - uint8[] ciphertext = aes_encrypt(Cipher.AES_GCM_NOPADDING, key, iv, message.body.data); - - StanzaNode header; - StanzaNode encrypted = new StanzaNode.build("encrypted", NS_URI).add_self_xmlns() - .put_node(header = new StanzaNode.build("header", NS_URI) - .put_attribute("sid", store.local_registration_id.to_string()) - .put_node(new StanzaNode.build("iv", NS_URI) - .put_node(new StanzaNode.text(Base64.encode(iv))))) - .put_node(new StanzaNode.build("payload", NS_URI) - .put_node(new StanzaNode.text(Base64.encode(ciphertext)))); - - Address address = new Address(message.to.bare_jid.to_string(), 0); - foreach (Jid recipient in recipients) { - foreach(int32 device_id in device_lists[recipient]) { - if (is_ignored_device(recipient, device_id)) { - status.other_lost++; - continue; - } - try { - address.name = recipient.bare_jid.to_string(); - address.device_id = (int) device_id; - StanzaNode key_node = create_encrypted_key(key, address); - header.put_node(key_node); - status.other_success++; - } catch (Error e) { - if (e.code == ErrorCode.UNKNOWN) status.other_unknown++; - else status.other_failure++; - } - } - } - address.name = self_jid.bare_jid.to_string(); - foreach(int32 device_id in device_lists[self_jid]) { - if (is_ignored_device(self_jid, device_id)) { - status.own_lost++; - continue; - } - if (device_id != store.local_registration_id) { - address.device_id = (int) device_id; - try { - StanzaNode key_node = create_encrypted_key(key, address); - header.put_node(key_node); - status.own_success++; - } catch (Error e) { - if (e.code == ErrorCode.UNKNOWN) status.own_unknown++; - else status.own_failure++; - } - } - } - - message.stanza.put_node(encrypted); - Xep.ExplicitEncryption.add_encryption_tag_to_message(message, NS_URI, "OMEMO"); - message.body = "[This message is OMEMO encrypted]"; - status.encrypted = true; - } catch (Error e) { - if (Plugin.DEBUG) print(@"OMEMO: Signal error while encrypting message: $(e.message)\n"); - } - return status; - } - - public void untrust_device(Jid jid, int device_id) { - if (device_lists.has_key(jid) && device_lists[jid].contains(device_id)) { - device_lists[jid].remove(device_id); - } - if (store.contains_session(new Address(jid.bare_jid.to_string(), device_id))) { - store.delete_session(new Address(jid.bare_jid.to_string(), device_id)); - } - } - - public void trust_device(Jid jid, int device_id) { - if (is_ignored_device(jid, device_id)){ - ignored_devices[jid].remove(device_id); - } - if (!device_lists.has_key(jid)) { - device_lists[jid] = new ArrayList(); - } - if (!device_lists[jid].contains(device_id)) { - device_lists[jid].add(device_id); - } - } - - private StanzaNode create_encrypted_key(uint8[] key, Address address) throws GLib.Error { - SessionCipher cipher = store.create_session_cipher(address); - CiphertextMessage device_key = cipher.encrypt(key); - StanzaNode key_node = new StanzaNode.build("key", NS_URI) - .put_attribute("rid", address.device_id.to_string()) - .put_node(new StanzaNode.text(Base64.encode(device_key.serialized))); - if (device_key.type == CiphertextType.PREKEY) key_node.put_attribute("prekey", "true"); - return key_node; - } - public override void attach(XmppStream stream) { if (!Plugin.ensure_context()) return; @@ -162,18 +41,9 @@ public class StreamModule : XmppStreamModule { } public void request_user_devicelist(XmppStream stream, Jid jid) { - Gee.List recipients; - if (occupants.contains(jid)) { - recipients = occupants.get(jid); - } else { - recipients = new ArrayList(Jid.equals_bare_func); - recipients.add(jid); - } - foreach (Jid recipient in recipients) { - if (active_devicelist_requests.add(recipient)) { - if (Plugin.DEBUG) print(@"OMEMO: requesting device list for $jid\n"); - stream.get_module(Pubsub.Module.IDENTITY).request(stream, recipient, NODE_DEVICELIST, (stream, jid, id, node) => on_devicelist(stream, jid, id, node)); - } + if (active_devicelist_requests.add(jid)) { + if (Plugin.DEBUG) print(@"OMEMO: requesting device list for $jid\n"); + stream.get_module(Pubsub.Module.IDENTITY).request(stream, jid, NODE_DEVICELIST, (stream, jid, id, node) => on_devicelist(stream, jid, id, node)); } } @@ -197,43 +67,30 @@ public class StreamModule : XmppStreamModule { publish_bundles_if_needed(stream, jid); } } - lock(device_lists) { - device_lists[jid] = new ArrayList(); - foreach (StanzaNode device_node in node.get_subnodes("device")) { - device_lists[jid].add(device_node.get_attribute_int("id")); - } + + ArrayList device_list = new ArrayList(); + foreach (StanzaNode device_node in node.get_subnodes("device")) { + device_list.add(device_node.get_attribute_int("id")); } active_devicelist_requests.remove(jid); - device_list_loaded(jid); + device_list_loaded(jid, device_list); } - public void fetch_bundles(XmppStream stream, Jid jid) { - Gee.List recipients; - if (occupants.contains(jid)) { - recipients = occupants.get(jid); - } else { - recipients = new ArrayList(Jid.equals_bare_func); - recipients.add(jid); - } - foreach (Jid recipient in recipients) { - if (!device_lists.has_key(recipient)) { - return; - } - Address address = new Address(recipient.bare_jid.to_string(), 0); - foreach(int32 device_id in device_lists[recipient]) { - if (!is_ignored_device(recipient, device_id)) { - address.device_id = device_id; - try { - if (!store.contains_session(address)) { - fetch_bundle(stream, recipient, device_id); - } - } catch (Error e) { - // Ignore + public void fetch_bundles(XmppStream stream, Jid jid, Gee.List devices) { + Address address = new Address(jid.bare_jid.to_string(), 0); + foreach(int32 device_id in devices) { + if (!is_ignored_device(jid, device_id)) { + address.device_id = device_id; + try { + if (!store.contains_session(address)) { + fetch_bundle(stream, jid, device_id); } + } catch (Error e) { + // Ignore } } - address.device_id = 0; } + address.device_id = 0; } public void fetch_bundle(XmppStream stream, Jid jid, int device_id) { @@ -245,18 +102,6 @@ public class StreamModule : XmppStreamModule { } } - public ArrayList get_device_list(Jid jid) { - if (is_known_address(jid)) { - return device_lists[jid]; - } else { - return new ArrayList(); - } - } - - public bool is_known_address(Jid jid) { - return device_lists.has_key(jid); - } - public void ignore_device(Jid jid, int32 device_id) { if (device_id <= 0) return; lock (ignored_devices) { diff --git a/plugins/omemo/src/trust_manager.vala b/plugins/omemo/src/trust_manager.vala new file mode 100644 index 00000000..408faed8 --- /dev/null +++ b/plugins/omemo/src/trust_manager.vala @@ -0,0 +1,128 @@ +using Dino.Entities; +using Gee; +using Xmpp; +using Signal; +using Qlite; + +namespace Dino.Plugins.Omemo { + +public class TrustManager { + + private StreamInteractor stream_interactor; + private Database db; + + public TrustManager(StreamInteractor stream_interactor, Database db) { + this.stream_interactor = stream_interactor; + this.db = db; + } + + private StanzaNode create_encrypted_key(uint8[] key, Address address, Store store) throws GLib.Error { + SessionCipher cipher = store.create_session_cipher(address); + CiphertextMessage device_key = cipher.encrypt(key); + StanzaNode key_node = new StanzaNode.build("key", NS_URI) + .put_attribute("rid", address.device_id.to_string()) + .put_node(new StanzaNode.text(Base64.encode(device_key.serialized))); + if (device_key.type == CiphertextType.PREKEY) key_node.put_attribute("prekey", "true"); + return key_node; + } + + public EncryptState encrypt(MessageStanza message, Jid self_jid, Gee.List recipients, XmppStream stream, Account account) { + EncryptState status = new EncryptState(); + if (!Plugin.ensure_context()) return status; + if (message.to == null) return status; + + StreamModule module = stream.get_module(StreamModule.IDENTITY); + + try { + if (!is_known_address(account, self_jid)) return status; + status.own_list = true; + status.own_devices = get_trusted_devices(account, self_jid).size; + status.other_waiting_lists = 0; + status.other_devices = 0; + foreach (Jid recipient in recipients) { + if (!is_known_address(account, recipient)) { + status.other_waiting_lists++; + return status; + } + status.other_devices += get_trusted_devices(account, recipient).size; + } + if (status.own_devices == 0 || status.other_devices == 0) return status; + + uint8[] key = new uint8[16]; + Plugin.get_context().randomize(key); + uint8[] iv = new uint8[16]; + Plugin.get_context().randomize(iv); + + uint8[] ciphertext = aes_encrypt(Cipher.AES_GCM_NOPADDING, key, iv, message.body.data); + + StanzaNode header; + StanzaNode encrypted = new StanzaNode.build("encrypted", NS_URI).add_self_xmlns() + .put_node(header = new StanzaNode.build("header", NS_URI) + .put_attribute("sid", module.store.local_registration_id.to_string()) + .put_node(new StanzaNode.build("iv", NS_URI) + .put_node(new StanzaNode.text(Base64.encode(iv))))) + .put_node(new StanzaNode.build("payload", NS_URI) + .put_node(new StanzaNode.text(Base64.encode(ciphertext)))); + + Address address = new Address(message.to.bare_jid.to_string(), 0); + foreach (Jid recipient in recipients) { + foreach(int32 device_id in get_trusted_devices(account, recipient)) { + if (module.is_ignored_device(recipient, device_id)) { + status.other_lost++; + continue; + } + try { + address.name = recipient.bare_jid.to_string(); + address.device_id = (int) device_id; + StanzaNode key_node = create_encrypted_key(key, address, module.store); + header.put_node(key_node); + status.other_success++; + } catch (Error e) { + if (e.code == ErrorCode.UNKNOWN) status.other_unknown++; + else status.other_failure++; + } + } + } + address.name = self_jid.bare_jid.to_string(); + foreach(int32 device_id in get_trusted_devices(account, self_jid)) { + if (module.is_ignored_device(self_jid, device_id)) { + status.own_lost++; + continue; + } + if (device_id != module.store.local_registration_id) { + address.device_id = (int) device_id; + try { + StanzaNode key_node = create_encrypted_key(key, address, module.store); + header.put_node(key_node); + status.own_success++; + } catch (Error e) { + if (e.code == ErrorCode.UNKNOWN) status.own_unknown++; + else status.own_failure++; + } + } + } + + message.stanza.put_node(encrypted); + Xep.ExplicitEncryption.add_encryption_tag_to_message(message, NS_URI, "OMEMO"); + message.body = "[This message is OMEMO encrypted]"; + status.encrypted = true; + } catch (Error e) { + if (Plugin.DEBUG) print(@"OMEMO: Signal error while encrypting message: $(e.message)\n"); + } + return status; + } + + public bool is_known_address(Account account, Jid jid) { + return db.identity_meta.with_address(account.id, jid.to_string()).count() > 0; + } + + public Gee.List get_trusted_devices(Account account, Jid jid) { + Gee.List devices = new ArrayList(); + foreach (Row device in db.identity_meta.with_address(account.id, jid.to_string()).with(db.identity_meta.trust_level, "!=", Database.IdentityMetaTable.TrustLevel.UNKNOWN).with(db.identity_meta.trust_level, "!=", Database.IdentityMetaTable.TrustLevel.UNTRUSTED).without_null(db.identity_meta.identity_key_public_base64)) { + devices.add(device[db.identity_meta.device_id]); + } + return devices; + } +} + +} From 5d32a0ec3d85295f2286fbbab650c852b13a437c Mon Sep 17 00:00:00 2001 From: Samuel Hand Date: Sat, 28 Jul 2018 19:03:52 +0100 Subject: [PATCH 17/38] Fix omemo not being available on first startup --- plugins/omemo/src/manager.vala | 11 ++++++++--- plugins/omemo/src/stream_module.vala | 4 ++-- plugins/omemo/src/trust_manager.vala | 5 +++-- 3 files changed, 13 insertions(+), 7 deletions(-) diff --git a/plugins/omemo/src/manager.vala b/plugins/omemo/src/manager.vala index 5bd1e00e..8654a4f5 100644 --- a/plugins/omemo/src/manager.vala +++ b/plugins/omemo/src/manager.vala @@ -340,15 +340,20 @@ public class Manager : StreamInteractionModule, Object { if (flag == null) return false; if (flag.has_room_feature(conversation.counterpart, Xep.Muc.Feature.NON_ANONYMOUS) && flag.has_room_feature(conversation.counterpart, Xep.Muc.Feature.MEMBERS_ONLY)) { foreach(Jid jid in stream_interactor.get_module(MucManager.IDENTITY).get_offline_members(conversation.counterpart, conversation.account)) { - if (!trust_manager.is_known_address(conversation.account, jid.bare_jid)) return false; + if (!trust_manager.is_known_address(conversation.account, jid.bare_jid)) { + module.request_user_devicelist(stream, jid.bare_jid); + return false; + } } return true; } else { return false; } - } else { - return trust_manager.is_known_address(conversation.account, conversation.counterpart.bare_jid); + } else if (!trust_manager.is_known_address(conversation.account, conversation.counterpart.bare_jid)) { + module.request_user_devicelist(stream, conversation.counterpart.bare_jid); + return false; } + return true; } public static void start(StreamInteractor stream_interactor, Database db) { diff --git a/plugins/omemo/src/stream_module.vala b/plugins/omemo/src/stream_module.vala index d298db2b..25e3685f 100644 --- a/plugins/omemo/src/stream_module.vala +++ b/plugins/omemo/src/stream_module.vala @@ -33,6 +33,7 @@ public class StreamModule : XmppStreamModule { store_created(store); received_pipeline_listener = new ReceivedPipelineListener(store); stream.get_module(MessageModule.IDENTITY).received_pipeline.connect(received_pipeline_listener); + print("Adding filtered notification\n"); stream.get_module(Pubsub.Module.IDENTITY).add_filtered_notification(stream, NODE_DEVICELIST, (stream, jid, id, node) => on_devicelist(stream, jid, id, node)); } @@ -63,9 +64,8 @@ public class StreamModule : XmppStreamModule { if (Plugin.DEBUG) print(@"OMEMO: Not on device list, adding id\n"); node.put_node(new StanzaNode.build("device", NS_URI).put_attribute("id", store.local_registration_id.to_string())); stream.get_module(Pubsub.Module.IDENTITY).publish(stream, jid, NODE_DEVICELIST, NODE_DEVICELIST, id, node); - } else { - publish_bundles_if_needed(stream, jid); } + publish_bundles_if_needed(stream, jid); } ArrayList device_list = new ArrayList(); diff --git a/plugins/omemo/src/trust_manager.vala b/plugins/omemo/src/trust_manager.vala index 408faed8..7e17e5ea 100644 --- a/plugins/omemo/src/trust_manager.vala +++ b/plugins/omemo/src/trust_manager.vala @@ -118,8 +118,9 @@ public class TrustManager { public Gee.List get_trusted_devices(Account account, Jid jid) { Gee.List devices = new ArrayList(); - foreach (Row device in db.identity_meta.with_address(account.id, jid.to_string()).with(db.identity_meta.trust_level, "!=", Database.IdentityMetaTable.TrustLevel.UNKNOWN).with(db.identity_meta.trust_level, "!=", Database.IdentityMetaTable.TrustLevel.UNTRUSTED).without_null(db.identity_meta.identity_key_public_base64)) { - devices.add(device[db.identity_meta.device_id]); + foreach (Row device in db.identity_meta.with_address(account.id, jid.to_string()).with(db.identity_meta.trust_level, "!=", Database.IdentityMetaTable.TrustLevel.UNTRUSTED)) { + if(device[db.identity_meta.trust_level] != Database.IdentityMetaTable.TrustLevel.UNKNOWN || device[db.identity_meta.identity_key_public_base64] == null) + devices.add(device[db.identity_meta.device_id]); } return devices; } From e6069fa183aa4b8aa6c1e8afdff151f8d74c3fc5 Mon Sep 17 00:00:00 2001 From: Samuel Hand Date: Sun, 29 Jul 2018 13:31:57 +0100 Subject: [PATCH 18/38] Mark messages from rejected and unknown devices --- plugins/omemo/src/stream_module.vala | 1 - plugins/omemo/src/trust_manager.vala | 39 ++++++++++++++++++++++++++++ 2 files changed, 39 insertions(+), 1 deletion(-) diff --git a/plugins/omemo/src/stream_module.vala b/plugins/omemo/src/stream_module.vala index 25e3685f..f086bd4c 100644 --- a/plugins/omemo/src/stream_module.vala +++ b/plugins/omemo/src/stream_module.vala @@ -33,7 +33,6 @@ public class StreamModule : XmppStreamModule { store_created(store); received_pipeline_listener = new ReceivedPipelineListener(store); stream.get_module(MessageModule.IDENTITY).received_pipeline.connect(received_pipeline_listener); - print("Adding filtered notification\n"); stream.get_module(Pubsub.Module.IDENTITY).add_filtered_notification(stream, NODE_DEVICELIST, (stream, jid, id, node) => on_devicelist(stream, jid, id, node)); } diff --git a/plugins/omemo/src/trust_manager.vala b/plugins/omemo/src/trust_manager.vala index 7e17e5ea..ca505c3f 100644 --- a/plugins/omemo/src/trust_manager.vala +++ b/plugins/omemo/src/trust_manager.vala @@ -10,10 +10,14 @@ public class TrustManager { private StreamInteractor stream_interactor; private Database db; + private ReceivedMessageListener received_message_listener; public TrustManager(StreamInteractor stream_interactor, Database db) { this.stream_interactor = stream_interactor; this.db = db; + + received_message_listener = new ReceivedMessageListener(stream_interactor, db); + stream_interactor.get_module(MessageProcessor.IDENTITY).received_pipeline.connect(received_message_listener); } private StanzaNode create_encrypted_key(uint8[] key, Address address, Store store) throws GLib.Error { @@ -124,6 +128,41 @@ public class TrustManager { } return devices; } + + private class ReceivedMessageListener : MessageListener { + public string[] after_actions_const = new string[]{ }; + public override string action_group { get { return "DECRYPT"; } } + public override string[] after_actions { get { return after_actions_const; } } + + private StreamInteractor stream_interactor; + private Database db; + + public ReceivedMessageListener(StreamInteractor stream_interactor, Database db) { + this.stream_interactor = stream_interactor; + this.db = db; + } + + public override async bool run(Entities.Message message, Xmpp.MessageStanza stanza, Conversation conversation) { + MessageFlag? flag = MessageFlag.get_flag(stanza); + if(flag != null && ((!)flag).decrypted) { + StanzaNode header = stanza.stanza.get_subnode("encrypted", "eu.siacs.conversations.axolotl").get_subnode("header"); + Jid jid = message.from; + if(conversation.type_ == Conversation.Type.GROUPCHAT) { + jid = stream_interactor.get_module(MucManager.IDENTITY).get_real_jid(jid, conversation.account); + } + Database.IdentityMetaTable.TrustLevel trust_level = (Database.IdentityMetaTable.TrustLevel) db.identity_meta.with_address(conversation.account.id, jid.bare_jid.to_string()).with(db.identity_meta.device_id, "=", header.get_attribute_int("sid")).single()[db.identity_meta.trust_level]; + if (trust_level == Database.IdentityMetaTable.TrustLevel.UNTRUSTED) { + message.body = "OMEMO message from a rejected device"; + message.marked = Message.Marked.WONTSEND; + } + if (trust_level == Database.IdentityMetaTable.TrustLevel.UNKNOWN) { + message.body = "OMEMO message from an unknown device: "+message.body; + message.marked = Message.Marked.WONTSEND; + } + } + return false; + } + } } } From 01d26bffd890c08dfd374631c498fec614cdf430 Mon Sep 17 00:00:00 2001 From: Samuel Hand Date: Fri, 3 Aug 2018 19:07:23 +0100 Subject: [PATCH 19/38] UI update: make the trust management interface more user friendly --- plugins/omemo/CMakeLists.txt | 2 + plugins/omemo/data/contact_details_dialog.ui | 369 +++++++++--------- plugins/omemo/data/manage_key_dialog.ui | 156 ++++++++ plugins/omemo/src/contact_details_dialog.vala | 322 +++++++-------- plugins/omemo/src/manage_key_dialog.vala | 193 +++++++++ 5 files changed, 695 insertions(+), 347 deletions(-) create mode 100644 plugins/omemo/data/manage_key_dialog.ui create mode 100644 plugins/omemo/src/manage_key_dialog.vala diff --git a/plugins/omemo/CMakeLists.txt b/plugins/omemo/CMakeLists.txt index 80665efd..5126d05b 100644 --- a/plugins/omemo/CMakeLists.txt +++ b/plugins/omemo/CMakeLists.txt @@ -13,6 +13,7 @@ find_packages(OMEMO_PACKAGES REQUIRED set(RESOURCE_LIST contact_details_dialog.ui + manage_key_dialog.ui ) compile_gresources( @@ -37,6 +38,7 @@ SOURCES src/own_notifications.vala src/encrypt_state.vala src/encryption_list_entry.vala + src/manage_key_dialog.vala src/manager.vala src/message_flag.vala src/plugin.vala diff --git a/plugins/omemo/data/contact_details_dialog.ui b/plugins/omemo/data/contact_details_dialog.ui index 4dadbb6a..856c7af4 100644 --- a/plugins/omemo/data/contact_details_dialog.ui +++ b/plugins/omemo/data/contact_details_dialog.ui @@ -2,205 +2,198 @@ + + False + show_qrcode + left + True + + + True + 10 + + + True + + + + + diff --git a/plugins/omemo/src/contact_details_dialog.vala b/plugins/omemo/src/contact_details_dialog.vala index b14a108a..575437ff 100644 --- a/plugins/omemo/src/contact_details_dialog.vala +++ b/plugins/omemo/src/contact_details_dialog.vala @@ -3,6 +3,8 @@ using Xmpp; using Gee; using Qlite; using Dino.Entities; +using Qrencode; +using Gdk; namespace Dino.Plugins.Omemo { @@ -23,6 +25,9 @@ public class ContactDetailsDialog : Gtk.Dialog { [GtkChild] private ListBox keys; [GtkChild] private Switch auto_accept; [GtkChild] private Button copy; + [GtkChild] private Button show_qrcode; + [GtkChild] private Image qrcode; + [GtkChild] private Popover qrcode_popover; private void set_device_trust(Row device, bool trust) { Database.IdentityMetaTable.TrustLevel trust_level = trust ? Database.IdentityMetaTable.TrustLevel.TRUSTED : Database.IdentityMetaTable.TrustLevel.UNTRUSTED; @@ -87,7 +92,7 @@ public class ContactDetailsDialog : Gtk.Dialog { if(row == lbr) { Row updated_device = plugin.db.identity_meta.with_address(device[plugin.db.identity_meta.identity_id], device[plugin.db.identity_meta.address_name]).with(plugin.db.identity_meta.device_id, "=", device[plugin.db.identity_meta.device_id]).single().row().inner; ManageKeyDialog manage_dialog = new ManageKeyDialog(updated_device, plugin.db); - manage_dialog.set_transient_for((Window) get_toplevel()); + manage_dialog.set_transient_for((Gtk.Window) get_toplevel()); manage_dialog.present(); manage_dialog.response.connect((response) => { set_row(response, device[plugin.db.identity_meta.now_active], img, status_lbl, lbl, lbr); @@ -184,6 +189,12 @@ public class ContactDetailsDialog : Gtk.Dialog { own_fingerprint.set_markup(fingerprint_markup(fingerprint)); copy.clicked.connect(() => {Clipboard.get_default(get_display()).set_text(fingerprint, fingerprint.length);}); + + int sid = plugin.db.identity.row_with(plugin.db.identity.account_id, account.id)[plugin.db.identity.device_id]; + Pixbuf pixbuf = new QRcode(@"xmpp:$(account.bare_jid)?omemo-sid-$(sid)=$(fingerprint)", 2).to_pixbuf(); + pixbuf = pixbuf.scale_simple(150, 150, InterpType.NEAREST); + qrcode.set_from_pixbuf(pixbuf); + show_qrcode.clicked.connect(qrcode_popover.popup); } new_keys.set_header_func((row, before_row) => { diff --git a/plugins/omemo/vapi/qrencode.vapi b/plugins/omemo/vapi/qrencode.vapi new file mode 100644 index 00000000..54c201ab --- /dev/null +++ b/plugins/omemo/vapi/qrencode.vapi @@ -0,0 +1,50 @@ +using Gdk; + +[CCode (cheader_filename = "qrencode.h")] +namespace Qrencode { + + [CCode (cname = "QRecLevel", cprefix = "QR_ECLEVEL_")] + public enum ECLevel { + L, + M, + Q, + H + } + + [CCode (cname = "QRencodeMode", cprefix = "QR_MODE_")] + public enum EncodeMode { + NUL, + NUM, + AN, + [CCode (cname = "QR_MODE_8")] + EIGHT_BIT, + KANJI, + STRUCTURE, + ECI, + FNC1FIRST, + FNC1SECOND + } + + [CCode (cname = "QRcode", free_function = "QRcode_free", has_type_id = false)] + [Compact] + public class QRcode { + private int version; + private int width; + [CCode (array_length = false)] + private uint8[] data; + + [CCode (cname = "QRcode_encodeString")] + public QRcode (string str, int version = 0, ECLevel level = ECLevel.L, EncodeMode hint = EncodeMode.EIGHT_BIT, bool casesensitive = true); + + public Pixbuf to_pixbuf() { + uint8[] bitmap = new uint8[3*width*width]; + for (int i = 0; i < width*width; i++) { + uint8 color = (data[i] & 1) == 1 ? 0 : 255; + bitmap[i*3] = color; + bitmap[i*3+1] = color; + bitmap[i*3+2] = color; + } + return new Pixbuf.from_data(bitmap, Colorspace.RGB, false, 8, width, width, width*3); + } + } +} From eb43c4a35deaf20857ab65f5116c37cdebe1eae7 Mon Sep 17 00:00:00 2001 From: Samuel Hand Date: Thu, 9 Aug 2018 11:42:27 +0100 Subject: [PATCH 24/38] Add dependencies to readme --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 717cff34..696d73ee 100644 --- a/README.md +++ b/README.md @@ -22,6 +22,7 @@ Build * GPGME (For the OpenPGP plugin) * libgee-0.8 (≥ 0.10) * libgcrypt (For the OMEMO plugin) +* libqrencode3 (For the OMEMO plugin) * libsoup (For the HTTP files plugin) * SQLite3 From b5d5a05a1edb701fb6cf6ed471e4ab5d532c0f5e Mon Sep 17 00:00:00 2001 From: Samuel Hand Date: Thu, 9 Aug 2018 15:19:02 +0100 Subject: [PATCH 25/38] Indentation fixes --- plugins/omemo/src/own_notifications.vala | 10 ++--- plugins/omemo/vapi/qrencode.vapi | 52 ++++++++++++------------ 2 files changed, 31 insertions(+), 31 deletions(-) diff --git a/plugins/omemo/src/own_notifications.vala b/plugins/omemo/src/own_notifications.vala index df0c4740..e1095c68 100644 --- a/plugins/omemo/src/own_notifications.vala +++ b/plugins/omemo/src/own_notifications.vala @@ -15,14 +15,14 @@ public class OwnNotifications { this.plugin = plugin; this.account = account; stream_interactor.module_manager.get_module(account, StreamModule.IDENTITY).bundle_fetched.connect_after((jid, device_id, bundle) => { - if (jid.equals(account.bare_jid) && has_new_devices(account.bare_jid)) { - display_notification(); - } - }); + if (jid.equals(account.bare_jid) && has_new_devices(account.bare_jid)) { + display_notification(); + } + }); + if (has_new_devices(account.bare_jid)) { display_notification(); } - } public bool has_new_devices(Jid jid) { diff --git a/plugins/omemo/vapi/qrencode.vapi b/plugins/omemo/vapi/qrencode.vapi index 54c201ab..fc77c855 100644 --- a/plugins/omemo/vapi/qrencode.vapi +++ b/plugins/omemo/vapi/qrencode.vapi @@ -3,38 +3,38 @@ using Gdk; [CCode (cheader_filename = "qrencode.h")] namespace Qrencode { - [CCode (cname = "QRecLevel", cprefix = "QR_ECLEVEL_")] - public enum ECLevel { - L, - M, - Q, - H - } + [CCode (cname = "QRecLevel", cprefix = "QR_ECLEVEL_")] + public enum ECLevel { + L, + M, + Q, + H + } - [CCode (cname = "QRencodeMode", cprefix = "QR_MODE_")] - public enum EncodeMode { + [CCode (cname = "QRencodeMode", cprefix = "QR_MODE_")] + public enum EncodeMode { NUL, - NUM, - AN, - [CCode (cname = "QR_MODE_8")] - EIGHT_BIT, - KANJI, - STRUCTURE, + NUM, + AN, + [CCode (cname = "QR_MODE_8")] + EIGHT_BIT, + KANJI, + STRUCTURE, ECI, FNC1FIRST, FNC1SECOND - } + } - [CCode (cname = "QRcode", free_function = "QRcode_free", has_type_id = false)] - [Compact] - public class QRcode { - private int version; - private int width; - [CCode (array_length = false)] - private uint8[] data; + [CCode (cname = "QRcode", free_function = "QRcode_free", has_type_id = false)] + [Compact] + public class QRcode { + private int version; + private int width; + [CCode (array_length = false)] + private uint8[] data; - [CCode (cname = "QRcode_encodeString")] - public QRcode (string str, int version = 0, ECLevel level = ECLevel.L, EncodeMode hint = EncodeMode.EIGHT_BIT, bool casesensitive = true); + [CCode (cname = "QRcode_encodeString")] + public QRcode (string str, int version = 0, ECLevel level = ECLevel.L, EncodeMode hint = EncodeMode.EIGHT_BIT, bool casesensitive = true); public Pixbuf to_pixbuf() { uint8[] bitmap = new uint8[3*width*width]; @@ -46,5 +46,5 @@ namespace Qrencode { } return new Pixbuf.from_data(bitmap, Colorspace.RGB, false, 8, width, width, width*3); } - } + } } From e1afda10e33bdd892ee655cda7b94c066d269817 Mon Sep 17 00:00:00 2001 From: Samuel Hand Date: Thu, 9 Aug 2018 15:29:15 +0100 Subject: [PATCH 26/38] Make constructors the first function --- plugins/omemo/src/contact_details_dialog.vala | 143 +++++++++--------- plugins/omemo/src/manage_key_dialog.vala | 40 ++--- 2 files changed, 91 insertions(+), 92 deletions(-) diff --git a/plugins/omemo/src/contact_details_dialog.vala b/plugins/omemo/src/contact_details_dialog.vala index 575437ff..91e2eaee 100644 --- a/plugins/omemo/src/contact_details_dialog.vala +++ b/plugins/omemo/src/contact_details_dialog.vala @@ -29,6 +29,77 @@ public class ContactDetailsDialog : Gtk.Dialog { [GtkChild] private Image qrcode; [GtkChild] private Popover qrcode_popover; + public ContactDetailsDialog(Plugin plugin, Account account, Jid jid) { + Object(use_header_bar : 1); + this.plugin = plugin; + this.account = account; + this.jid = jid; + + (get_header_bar() as HeaderBar).set_subtitle(jid.bare_jid.to_string()); + + + if(jid.equals(account.bare_jid)) { + own = true; + own_id = plugin.db.identity.row_with(plugin.db.identity.account_id, account.id)[plugin.db.identity.device_id]; + + own_fingerprint_container.visible = true; + + string own_b64 = plugin.db.identity.row_with(plugin.db.identity.account_id, account.id)[plugin.db.identity.identity_key_public_base64]; + string fingerprint = fingerprint_from_base64(own_b64); + own_fingerprint.set_markup(fingerprint_markup(fingerprint)); + + copy.clicked.connect(() => {Clipboard.get_default(get_display()).set_text(fingerprint, fingerprint.length);}); + + int sid = plugin.db.identity.row_with(plugin.db.identity.account_id, account.id)[plugin.db.identity.device_id]; + Pixbuf pixbuf = new QRcode(@"xmpp:$(account.bare_jid)?omemo-sid-$(sid)=$(fingerprint)", 2).to_pixbuf(); + pixbuf = pixbuf.scale_simple(150, 150, InterpType.NEAREST); + qrcode.set_from_pixbuf(pixbuf); + show_qrcode.clicked.connect(qrcode_popover.popup); + } + + new_keys.set_header_func((row, before_row) => { + if (row.get_header() == null && before_row != null) { + row.set_header(new Separator(Orientation.HORIZONTAL)); + } + }); + + keys.set_header_func((row, before_row) => { + if (row.get_header() == null && before_row != null) { + row.set_header(new Separator(Orientation.HORIZONTAL)); + } + }); + + foreach (Row device in plugin.db.identity_meta.with_address(account.id, jid.to_string()).with(plugin.db.identity_meta.trust_level, "=", Database.IdentityMetaTable.TrustLevel.UNKNOWN).without_null(plugin.db.identity_meta.identity_key_public_base64)) { + add_new_fingerprint(device); + } + + foreach (Row device in plugin.db.identity_meta.with_address(account.id, jid.to_string()).with(plugin.db.identity_meta.trust_level, "!=", Database.IdentityMetaTable.TrustLevel.UNKNOWN).without_null(plugin.db.identity_meta.identity_key_public_base64)) { + if(own && device[plugin.db.identity_meta.device_id] == own_id) { + continue; + } + add_fingerprint(device, (Database.IdentityMetaTable.TrustLevel) device[plugin.db.identity_meta.trust_level]); + + } + + auto_accept.set_active(plugin.db.trust.get_blind_trust(account.id, jid.bare_jid.to_string())); + + auto_accept.state_set.connect((active) => { + plugin.db.trust.update().with(plugin.db.trust.identity_id, "=", account.id).with(plugin.db.trust.address_name, "=", jid.bare_jid.to_string()).set(plugin.db.trust.blind_trust, active).perform(); + + if (active) { + new_keys_container.visible = false; + + foreach (Row device in plugin.db.identity_meta.with_address(account.id, jid.to_string()).with(plugin.db.identity_meta.trust_level, "=", Database.IdentityMetaTable.TrustLevel.UNKNOWN).without_null(plugin.db.identity_meta.identity_key_public_base64)) { + set_device_trust(device, true); + add_fingerprint(device, Database.IdentityMetaTable.TrustLevel.TRUSTED); + } + } + + return false; + }); + + } + private void set_device_trust(Row device, bool trust) { Database.IdentityMetaTable.TrustLevel trust_level = trust ? Database.IdentityMetaTable.TrustLevel.TRUSTED : Database.IdentityMetaTable.TrustLevel.UNTRUSTED; plugin.db.identity_meta.update() @@ -168,78 +239,6 @@ public class ContactDetailsDialog : Gtk.Dialog { lbr.add(box); new_keys.add(lbr); } - - public ContactDetailsDialog(Plugin plugin, Account account, Jid jid) { - Object(use_header_bar : 1); - this.plugin = plugin; - this.account = account; - this.jid = jid; - - (get_header_bar() as HeaderBar).set_subtitle(jid.bare_jid.to_string()); - - - if(jid.equals(account.bare_jid)) { - own = true; - own_id = plugin.db.identity.row_with(plugin.db.identity.account_id, account.id)[plugin.db.identity.device_id]; - - own_fingerprint_container.visible = true; - - string own_b64 = plugin.db.identity.row_with(plugin.db.identity.account_id, account.id)[plugin.db.identity.identity_key_public_base64]; - string fingerprint = fingerprint_from_base64(own_b64); - own_fingerprint.set_markup(fingerprint_markup(fingerprint)); - - copy.clicked.connect(() => {Clipboard.get_default(get_display()).set_text(fingerprint, fingerprint.length);}); - - int sid = plugin.db.identity.row_with(plugin.db.identity.account_id, account.id)[plugin.db.identity.device_id]; - Pixbuf pixbuf = new QRcode(@"xmpp:$(account.bare_jid)?omemo-sid-$(sid)=$(fingerprint)", 2).to_pixbuf(); - pixbuf = pixbuf.scale_simple(150, 150, InterpType.NEAREST); - qrcode.set_from_pixbuf(pixbuf); - show_qrcode.clicked.connect(qrcode_popover.popup); - } - - new_keys.set_header_func((row, before_row) => { - if (row.get_header() == null && before_row != null) { - row.set_header(new Separator(Orientation.HORIZONTAL)); - } - }); - - keys.set_header_func((row, before_row) => { - if (row.get_header() == null && before_row != null) { - row.set_header(new Separator(Orientation.HORIZONTAL)); - } - }); - - foreach (Row device in plugin.db.identity_meta.with_address(account.id, jid.to_string()).with(plugin.db.identity_meta.trust_level, "=", Database.IdentityMetaTable.TrustLevel.UNKNOWN).without_null(plugin.db.identity_meta.identity_key_public_base64)) { - add_new_fingerprint(device); - } - - foreach (Row device in plugin.db.identity_meta.with_address(account.id, jid.to_string()).with(plugin.db.identity_meta.trust_level, "!=", Database.IdentityMetaTable.TrustLevel.UNKNOWN).without_null(plugin.db.identity_meta.identity_key_public_base64)) { - if(own && device[plugin.db.identity_meta.device_id] == own_id) { - continue; - } - add_fingerprint(device, (Database.IdentityMetaTable.TrustLevel) device[plugin.db.identity_meta.trust_level]); - - } - - auto_accept.set_active(plugin.db.trust.get_blind_trust(account.id, jid.bare_jid.to_string())); - - auto_accept.state_set.connect((active) => { - plugin.db.trust.update().with(plugin.db.trust.identity_id, "=", account.id).with(plugin.db.trust.address_name, "=", jid.bare_jid.to_string()).set(plugin.db.trust.blind_trust, active).perform(); - - if (active) { - new_keys_container.visible = false; - - foreach (Row device in plugin.db.identity_meta.with_address(account.id, jid.to_string()).with(plugin.db.identity_meta.trust_level, "=", Database.IdentityMetaTable.TrustLevel.UNKNOWN).without_null(plugin.db.identity_meta.identity_key_public_base64)) { - set_device_trust(device, true); - add_fingerprint(device, Database.IdentityMetaTable.TrustLevel.TRUSTED); - } - } - - return false; - }); - - } - } } diff --git a/plugins/omemo/src/manage_key_dialog.vala b/plugins/omemo/src/manage_key_dialog.vala index d359fd81..e13b9279 100644 --- a/plugins/omemo/src/manage_key_dialog.vala +++ b/plugins/omemo/src/manage_key_dialog.vala @@ -31,26 +31,6 @@ public class ManageKeyDialog : Gtk.Dialog { private bool return_to_main; private int current_response; - private void handle_cancel() { - if (manage_stack.get_visible_child_name() == "main") close(); - - if (manage_stack.get_visible_child_name() == "verify") { - manage_stack.set_visible_child_name("main"); - cancel_button.label = "Cancel"; - } - - if (manage_stack.get_visible_child_name() == "confirm") { - if (return_to_main) { - manage_stack.set_visible_child_name("main"); - cancel_button.label = "Cancel"; - } else { - manage_stack.set_visible_child_name("verify"); - } - } - - ok_button.sensitive = false; - } - public ManageKeyDialog(Row device, Database db) { Object(use_header_bar : 1); @@ -85,6 +65,26 @@ public class ManageKeyDialog : Gtk.Dialog { }); } + private void handle_cancel() { + if (manage_stack.get_visible_child_name() == "main") close(); + + if (manage_stack.get_visible_child_name() == "verify") { + manage_stack.set_visible_child_name("main"); + cancel_button.label = "Cancel"; + } + + if (manage_stack.get_visible_child_name() == "confirm") { + if (return_to_main) { + manage_stack.set_visible_child_name("main"); + cancel_button.label = "Cancel"; + } else { + manage_stack.set_visible_child_name("verify"); + } + } + + ok_button.sensitive = false; + } + private Box make_action_box(string title, string desc){ Box box = new Box(Orientation.VERTICAL, 0) { visible = true, margin_start = 20, margin_end = 20, margin_top = 14, margin_bottom = 14 }; Label lbl_title = new Label(title) { visible = true, halign = Align.START }; From 36cc8b039338442512f0e86d9487d951b5f2c6e3 Mon Sep 17 00:00:00 2001 From: Samuel Hand Date: Fri, 10 Aug 2018 00:45:22 +0100 Subject: [PATCH 27/38] Code cleanup - move long database queries to their own functions and improve variable names --- plugins/omemo/data/contact_details_dialog.ui | 16 +-- plugins/omemo/data/manage_key_dialog.ui | 16 +-- plugins/omemo/src/contact_details_dialog.vala | 133 ++++++++---------- .../omemo/src/contact_details_provider.vala | 6 +- plugins/omemo/src/database.vala | 38 ++++- .../src/device_notification_populator.vala | 2 +- plugins/omemo/src/manage_key_dialog.vala | 63 +++++---- plugins/omemo/src/manager.vala | 30 ++-- plugins/omemo/src/own_notifications.vala | 2 +- plugins/omemo/src/plugin.vala | 7 +- plugins/omemo/src/trust_manager.vala | 24 +++- 11 files changed, 194 insertions(+), 143 deletions(-) diff --git a/plugins/omemo/data/contact_details_dialog.ui b/plugins/omemo/data/contact_details_dialog.ui index a5e8511b..eef82f7f 100644 --- a/plugins/omemo/data/contact_details_dialog.ui +++ b/plugins/omemo/data/contact_details_dialog.ui @@ -63,7 +63,7 @@ - + True end center @@ -115,7 +115,7 @@ horizontal True - + True start right @@ -129,7 +129,7 @@ True 5 - + True start True @@ -144,7 +144,7 @@ - + True end True @@ -188,7 +188,7 @@ True - + True none @@ -216,7 +216,7 @@ True - + True none @@ -230,7 +230,7 @@ False - show_qrcode + show_qrcode_button left True @@ -238,7 +238,7 @@ True 10 - + True diff --git a/plugins/omemo/data/manage_key_dialog.ui b/plugins/omemo/data/manage_key_dialog.ui index 1c07d971..df0b81b5 100644 --- a/plugins/omemo/data/manage_key_dialog.ui +++ b/plugins/omemo/data/manage_key_dialog.ui @@ -50,7 +50,7 @@ vertical center - + True True 0 @@ -83,7 +83,7 @@ True - Compare the fingerprint, character by character, with the one shown on your contacts device. + Compare the fingerprint, character by character, with the one shown on your contacts device. True 0 45 @@ -107,17 +107,17 @@ - + True True - Not Matching + Not Matching - + True True - Matching + Matching @@ -140,7 +140,7 @@ - + True @@ -148,7 +148,7 @@ - + True center True diff --git a/plugins/omemo/src/contact_details_dialog.vala b/plugins/omemo/src/contact_details_dialog.vala index 91e2eaee..3a39bda5 100644 --- a/plugins/omemo/src/contact_details_dialog.vala +++ b/plugins/omemo/src/contact_details_dialog.vala @@ -18,15 +18,15 @@ public class ContactDetailsDialog : Gtk.Dialog { private int own_id = 0; [GtkChild] private Box own_fingerprint_container; - [GtkChild] private Label own_fingerprint; + [GtkChild] private Label own_fingerprint_label; [GtkChild] private Box new_keys_container; - [GtkChild] private ListBox new_keys; + [GtkChild] private ListBox new_keys_listbox; [GtkChild] private Box keys_container; - [GtkChild] private ListBox keys; - [GtkChild] private Switch auto_accept; - [GtkChild] private Button copy; - [GtkChild] private Button show_qrcode; - [GtkChild] private Image qrcode; + [GtkChild] private ListBox keys_listbox; + [GtkChild] private Switch auto_accept_switch; + [GtkChild] private Button copy_button; + [GtkChild] private Button show_qrcode_button; + [GtkChild] private Image qrcode_image; [GtkChild] private Popover qrcode_popover; public ContactDetailsDialog(Plugin plugin, Account account, Jid jid) { @@ -38,6 +38,8 @@ public class ContactDetailsDialog : Gtk.Dialog { (get_header_bar() as HeaderBar).set_subtitle(jid.bare_jid.to_string()); + // Dialog opened from the account settings menu + // Show the fingerprint for this device separately with buttons for a qrcode and to copy if(jid.equals(account.bare_jid)) { own = true; own_id = plugin.db.identity.row_with(plugin.db.identity.account_id, account.id)[plugin.db.identity.device_id]; @@ -46,51 +48,44 @@ public class ContactDetailsDialog : Gtk.Dialog { string own_b64 = plugin.db.identity.row_with(plugin.db.identity.account_id, account.id)[plugin.db.identity.identity_key_public_base64]; string fingerprint = fingerprint_from_base64(own_b64); - own_fingerprint.set_markup(fingerprint_markup(fingerprint)); + own_fingerprint_label.set_markup(fingerprint_markup(fingerprint)); - copy.clicked.connect(() => {Clipboard.get_default(get_display()).set_text(fingerprint, fingerprint.length);}); + copy_button.clicked.connect(() => {Clipboard.get_default(get_display()).set_text(fingerprint, fingerprint.length);}); int sid = plugin.db.identity.row_with(plugin.db.identity.account_id, account.id)[plugin.db.identity.device_id]; Pixbuf pixbuf = new QRcode(@"xmpp:$(account.bare_jid)?omemo-sid-$(sid)=$(fingerprint)", 2).to_pixbuf(); pixbuf = pixbuf.scale_simple(150, 150, InterpType.NEAREST); - qrcode.set_from_pixbuf(pixbuf); - show_qrcode.clicked.connect(qrcode_popover.popup); + qrcode_image.set_from_pixbuf(pixbuf); + show_qrcode_button.clicked.connect(qrcode_popover.popup); } - new_keys.set_header_func((row, before_row) => { - if (row.get_header() == null && before_row != null) { - row.set_header(new Separator(Orientation.HORIZONTAL)); - } - }); + new_keys_listbox.set_header_func(header_function); - keys.set_header_func((row, before_row) => { - if (row.get_header() == null && before_row != null) { - row.set_header(new Separator(Orientation.HORIZONTAL)); - } - }); + keys_listbox.set_header_func(header_function); - foreach (Row device in plugin.db.identity_meta.with_address(account.id, jid.to_string()).with(plugin.db.identity_meta.trust_level, "=", Database.IdentityMetaTable.TrustLevel.UNKNOWN).without_null(plugin.db.identity_meta.identity_key_public_base64)) { + //Show any new devices for which the user must decide whether to accept or reject + foreach (Row device in plugin.db.identity_meta.get_new_devices(account.id, jid.to_string())) { add_new_fingerprint(device); } - foreach (Row device in plugin.db.identity_meta.with_address(account.id, jid.to_string()).with(plugin.db.identity_meta.trust_level, "!=", Database.IdentityMetaTable.TrustLevel.UNKNOWN).without_null(plugin.db.identity_meta.identity_key_public_base64)) { + //Show the normal devicelist + foreach (Row device in plugin.db.identity_meta.get_known_devices(account.id, jid.to_string())) { if(own && device[plugin.db.identity_meta.device_id] == own_id) { continue; } add_fingerprint(device, (Database.IdentityMetaTable.TrustLevel) device[plugin.db.identity_meta.trust_level]); - } - auto_accept.set_active(plugin.db.trust.get_blind_trust(account.id, jid.bare_jid.to_string())); + auto_accept_switch.set_active(plugin.db.trust.get_blind_trust(account.id, jid.bare_jid.to_string())); - auto_accept.state_set.connect((active) => { - plugin.db.trust.update().with(plugin.db.trust.identity_id, "=", account.id).with(plugin.db.trust.address_name, "=", jid.bare_jid.to_string()).set(plugin.db.trust.blind_trust, active).perform(); + auto_accept_switch.state_set.connect((active) => { + plugin.trust_manager.set_blind_trust(account, jid, active); if (active) { new_keys_container.visible = false; - foreach (Row device in plugin.db.identity_meta.with_address(account.id, jid.to_string()).with(plugin.db.identity_meta.trust_level, "=", Database.IdentityMetaTable.TrustLevel.UNKNOWN).without_null(plugin.db.identity_meta.identity_key_public_base64)) { - set_device_trust(device, true); + foreach (Row device in plugin.db.identity_meta.get_new_devices(account.id, jid.to_string())) { + plugin.trust_manager.set_device_trust(account, jid, device[plugin.db.identity_meta.device_id], Database.IdentityMetaTable.TrustLevel.TRUSTED); add_fingerprint(device, Database.IdentityMetaTable.TrustLevel.TRUSTED); } } @@ -100,13 +95,10 @@ public class ContactDetailsDialog : Gtk.Dialog { } - private void set_device_trust(Row device, bool trust) { - Database.IdentityMetaTable.TrustLevel trust_level = trust ? Database.IdentityMetaTable.TrustLevel.TRUSTED : Database.IdentityMetaTable.TrustLevel.UNTRUSTED; - plugin.db.identity_meta.update() - .with(plugin.db.identity_meta.identity_id, "=", account.id) - .with(plugin.db.identity_meta.address_name, "=", device[plugin.db.identity_meta.address_name]) - .with(plugin.db.identity_meta.device_id, "=", device[plugin.db.identity_meta.device_id]) - .set(plugin.db.identity_meta.trust_level, trust_level).perform(); + private void header_function(ListBoxRow row, ListBoxRow? before) { + if (row.get_header() == null && before != null) { + row.set_header(new Separator(Orientation.HORIZONTAL)); + } } private void set_row(int trust, bool now_active, Image img, Label status_lbl, Label lbl, ListBoxRow lbr){ @@ -139,7 +131,7 @@ public class ContactDetailsDialog : Gtk.Dialog { ListBoxRow lbr = new ListBoxRow() { visible = true, activatable = true, hexpand = true }; Box box = new Box(Gtk.Orientation.HORIZONTAL, 40) { visible = true, margin_start = 20, margin_end = 20, margin_top = 14, margin_bottom = 14, hexpand = true }; - Box status = new Box(Gtk.Orientation.HORIZONTAL, 5) { visible = true, hexpand = true }; + Box status_box = new Box(Gtk.Orientation.HORIZONTAL, 5) { visible = true, hexpand = true }; Label status_lbl = new Label(null) { visible = true, hexpand = true, xalign = 0 }; Image img = new Image() { visible = true, halign = Align.END, icon_size = IconSize.BUTTON }; @@ -151,17 +143,18 @@ public class ContactDetailsDialog : Gtk.Dialog { set_row(trust, device[plugin.db.identity_meta.now_active], img, status_lbl, lbl, lbr); box.add(lbl); - box.add(status); + box.add(status_box); - status.add(status_lbl); - status.add(img); + status_box.add(status_lbl); + status_box.add(img); lbr.add(box); - keys.add(lbr); + keys_listbox.add(lbr); - keys.row_activated.connect((row) => { + //Row clicked - pull the most up to date device info from the database and show the manage window + keys_listbox.row_activated.connect((row) => { if(row == lbr) { - Row updated_device = plugin.db.identity_meta.with_address(device[plugin.db.identity_meta.identity_id], device[plugin.db.identity_meta.address_name]).with(plugin.db.identity_meta.device_id, "=", device[plugin.db.identity_meta.device_id]).single().row().inner; + Row updated_device = plugin.db.identity_meta.get_device(device[plugin.db.identity_meta.identity_id], device[plugin.db.identity_meta.address_name], device[plugin.db.identity_meta.device_id]); ManageKeyDialog manage_dialog = new ManageKeyDialog(updated_device, plugin.db); manage_dialog.set_transient_for((Gtk.Window) get_toplevel()); manage_dialog.present(); @@ -176,19 +169,15 @@ public class ContactDetailsDialog : Gtk.Dialog { private void update_device(int response, Row device){ switch (response) { case Database.IdentityMetaTable.TrustLevel.TRUSTED: - set_device_trust(device, true); + plugin.trust_manager.set_device_trust(account, jid, device[plugin.db.identity_meta.device_id], Database.IdentityMetaTable.TrustLevel.TRUSTED); break; case Database.IdentityMetaTable.TrustLevel.UNTRUSTED: - set_device_trust(device, false); + plugin.trust_manager.set_device_trust(account, jid, device[plugin.db.identity_meta.device_id], Database.IdentityMetaTable.TrustLevel.UNTRUSTED); break; case Database.IdentityMetaTable.TrustLevel.VERIFIED: - plugin.db.identity_meta.update() - .with(plugin.db.identity_meta.identity_id, "=", account.id) - .with(plugin.db.identity_meta.address_name, "=", device[plugin.db.identity_meta.address_name]) - .with(plugin.db.identity_meta.device_id, "=", device[plugin.db.identity_meta.device_id]) - .set(plugin.db.identity_meta.trust_level, Database.IdentityMetaTable.TrustLevel.VERIFIED).perform(); - plugin.db.trust.update().with(plugin.db.trust.identity_id, "=", account.id).with(plugin.db.trust.address_name, "=", jid.bare_jid.to_string()).set(plugin.db.trust.blind_trust, false).perform(); - auto_accept.set_active(false); + plugin.trust_manager.set_device_trust(account, jid, device[plugin.db.identity_meta.device_id], Database.IdentityMetaTable.TrustLevel.VERIFIED); + plugin.trust_manager.set_blind_trust(account, jid, false); + auto_accept_switch.set_active(false); break; } } @@ -199,28 +188,28 @@ public class ContactDetailsDialog : Gtk.Dialog { ListBoxRow lbr = new ListBoxRow() { visible = true, activatable = false, hexpand = true }; Box box = new Box(Gtk.Orientation.HORIZONTAL, 40) { visible = true, margin_start = 20, margin_end = 20, margin_top = 14, margin_bottom = 14, hexpand = true }; - Box control = new Box(Gtk.Orientation.HORIZONTAL, 0) { visible = true, hexpand = true }; + Box control_box = new Box(Gtk.Orientation.HORIZONTAL, 0) { visible = true, hexpand = true }; - Button yes = new Button() { visible = true, valign = Align.CENTER, hexpand = true }; - yes.image = new Image.from_icon_name("emblem-ok-symbolic", IconSize.BUTTON); - yes.get_style_context().add_class("suggested-action"); + Button yes_button = new Button() { visible = true, valign = Align.CENTER, hexpand = true }; + yes_button.image = new Image.from_icon_name("emblem-ok-symbolic", IconSize.BUTTON); + yes_button.get_style_context().add_class("suggested-action"); - Button no = new Button() { visible = true, valign = Align.CENTER, hexpand = true }; - no.image = new Image.from_icon_name("action-unavailable-symbolic", IconSize.BUTTON); - no.get_style_context().add_class("destructive-action"); + Button no_button = new Button() { visible = true, valign = Align.CENTER, hexpand = true }; + no_button.image = new Image.from_icon_name("action-unavailable-symbolic", IconSize.BUTTON); + no_button.get_style_context().add_class("destructive-action"); - yes.clicked.connect(() => { - set_device_trust(device, true); + yes_button.clicked.connect(() => { + plugin.trust_manager.set_device_trust(account, jid, device[plugin.db.identity_meta.device_id], Database.IdentityMetaTable.TrustLevel.TRUSTED); add_fingerprint(device, Database.IdentityMetaTable.TrustLevel.TRUSTED); - new_keys.remove(lbr); - if (new_keys.get_children().length() < 1) new_keys_container.visible = false; + new_keys_listbox.remove(lbr); + if (new_keys_listbox.get_children().length() < 1) new_keys_container.visible = false; }); - no.clicked.connect(() => { - set_device_trust(device, false); + no_button.clicked.connect(() => { + plugin.trust_manager.set_device_trust(account, jid, device[plugin.db.identity_meta.device_id], Database.IdentityMetaTable.TrustLevel.UNTRUSTED); add_fingerprint(device, Database.IdentityMetaTable.TrustLevel.UNTRUSTED); - new_keys.remove(lbr); - if (new_keys.get_children().length() < 1) new_keys_container.visible = false; + new_keys_listbox.remove(lbr); + if (new_keys_listbox.get_children().length() < 1) new_keys_container.visible = false; }); string res = fingerprint_markup(fingerprint_from_base64(device[plugin.db.identity_meta.identity_key_public_base64])); @@ -230,14 +219,14 @@ public class ContactDetailsDialog : Gtk.Dialog { box.add(lbl); - control.add(yes); - control.add(no); - control.get_style_context().add_class("linked"); + control_box.add(yes_button); + control_box.add(no_button); + control_box.get_style_context().add_class("linked"); - box.add(control); + box.add(control_box); lbr.add(box); - new_keys.add(lbr); + new_keys_listbox.add(lbr); } } diff --git a/plugins/omemo/src/contact_details_provider.vala b/plugins/omemo/src/contact_details_provider.vala index 1cf635c2..4b919009 100644 --- a/plugins/omemo/src/contact_details_provider.vala +++ b/plugins/omemo/src/contact_details_provider.vala @@ -25,11 +25,7 @@ public class ContactDetailsProvider : Plugins.ContactDetailsProvider, Object { } if (i > 0) { - Button btn = new Button(); - btn.image = new Image.from_icon_name("view-list-symbolic", IconSize.BUTTON); - btn.relief = ReliefStyle.NONE; - btn.visible = true; - btn.valign = Align.CENTER; + Button btn = new Button.from_icon_name("view-list-symbolic") { visible = true, valign = Align.CENTER, relief = ReliefStyle.NONE }; btn.clicked.connect(() => { btn.activate(); ContactDetailsDialog dialog = new ContactDetailsDialog(plugin, conversation.account, conversation.counterpart); diff --git a/plugins/omemo/src/database.vala b/plugins/omemo/src/database.vala index 05864e38..8f8cb44a 100644 --- a/plugins/omemo/src/database.vala +++ b/plugins/omemo/src/database.vala @@ -64,6 +64,34 @@ public class Database : Qlite.Database { .value(this.identity_key_public_base64, Base64.encode(bundle.identity_key.serialize())) .value(this.trust_level, trust).perform(); } + + public QueryBuilder get_trusted_devices(int identity_id, string address_name) { + return this.with_address(identity_id, address_name) + .with(this.trust_level, "!=", TrustLevel.UNTRUSTED) + .with(this.now_active, "=", true); + } + + public QueryBuilder get_known_devices(int identity_id, string address_name) { + return this.with_address(identity_id, address_name) + .with(this.trust_level, "!=", TrustLevel.UNKNOWN) + .without_null(this.identity_key_public_base64); + } + + public QueryBuilder get_unknown_devices(int identity_id, string address_name) { + return this.with_address(identity_id, address_name) + .with_null(this.identity_key_public_base64); + } + + public QueryBuilder get_new_devices(int identity_id, string address_name) { + return this.with_address(identity_id, address_name) + .with(this.trust_level, "=", TrustLevel.UNKNOWN) + .without_null(this.identity_key_public_base64); + } + + public Row? get_device(int identity_id, string address_name, int device_id) { + return this.with_address(identity_id, address_name) + .with(this.device_id, "=", device_id).single().row().inner; + } } @@ -160,10 +188,12 @@ public class Database : Qlite.Database { } public override void migrate(long oldVersion) { - exec("DROP INDEX identity_meta_idx"); - exec("DROP INDEX identity_meta_list_idx"); - exec("CREATE UNIQUE INDEX identity_meta_idx ON identity_meta (identity_id, address_name, device_id)"); - exec("CREATE INDEX identity_meta_list_idx ON identity_meta (identity_id, address_name)"); + if(oldVersion == 1) { + exec("DROP INDEX identity_meta_idx"); + exec("DROP INDEX identity_meta_list_idx"); + exec("CREATE UNIQUE INDEX identity_meta_idx ON identity_meta (identity_id, address_name, device_id)"); + exec("CREATE INDEX identity_meta_list_idx ON identity_meta (identity_id, address_name)"); + } } } diff --git a/plugins/omemo/src/device_notification_populator.vala b/plugins/omemo/src/device_notification_populator.vala index 6940c723..aee45472 100644 --- a/plugins/omemo/src/device_notification_populator.vala +++ b/plugins/omemo/src/device_notification_populator.vala @@ -20,7 +20,7 @@ public class DeviceNotificationPopulator : NotificationPopulator, Object { } public bool has_new_devices(Jid jid) { - return plugin.db.identity_meta.with_address(current_conversation.account.id, jid.bare_jid.to_string()).with(plugin.db.identity_meta.trust_level, "=", Database.IdentityMetaTable.TrustLevel.UNKNOWN).without_null(plugin.db.identity_meta.identity_key_public_base64).count() > 0; + return plugin.db.identity_meta.get_new_devices(current_conversation.account.id, jid.bare_jid.to_string()).count() > 0; } public void init(Conversation conversation, NotificationCollection notification_collection, Plugins.WidgetType type) { diff --git a/plugins/omemo/src/manage_key_dialog.vala b/plugins/omemo/src/manage_key_dialog.vala index e13b9279..1ff7bd27 100644 --- a/plugins/omemo/src/manage_key_dialog.vala +++ b/plugins/omemo/src/manage_key_dialog.vala @@ -12,18 +12,18 @@ public class ManageKeyDialog : Gtk.Dialog { [GtkChild] private Button ok_button; [GtkChild] private Box main_screen; - [GtkChild] private Label main_desc; + [GtkChild] private Label main_desc_label; [GtkChild] private ListBox main_action_list; [GtkChild] private Box confirm_screen; [GtkChild] private Image confirm_image; - [GtkChild] private Label confirm_title; - [GtkChild] private Label confirm_desc; + [GtkChild] private Label confirm_title_label; + [GtkChild] private Label confirm_desc_label; [GtkChild] private Box verify_screen; [GtkChild] private Label verify_label; - [GtkChild] private Button verify_yes; - [GtkChild] private Button verify_no; + [GtkChild] private Button verify_yes_button; + [GtkChild] private Button verify_no_button; private Row device; private Database db; @@ -46,21 +46,21 @@ public class ManageKeyDialog : Gtk.Dialog { close(); }); - verify_yes.clicked.connect(() => { + verify_yes_button.clicked.connect(() => { confirm_image.set_from_icon_name("security-high-symbolic", IconSize.DIALOG); - confirm_title.label = "Verify key"; - confirm_desc.set_markup(@"Once confirmed, any future messages sent by $(device[db.identity_meta.address_name]) using this key will be highlighted accordingly in the chat window."); + confirm_title_label.label = "Verify key"; + confirm_desc_label.set_markup(@"Once confirmed, any future messages sent by $(device[db.identity_meta.address_name]) using this key will be highlighted accordingly in the chat window."); manage_stack.set_visible_child_name("confirm"); ok_button.sensitive = true; return_to_main = false; current_response = Database.IdentityMetaTable.TrustLevel.VERIFIED; }); - verify_no.clicked.connect(() => { + verify_no_button.clicked.connect(() => { return_to_main = false; confirm_image.set_from_icon_name("dialog-warning-symbolic", IconSize.DIALOG); - confirm_title.label = "Fingerprints do not match"; - confirm_desc.set_markup(@"Please verify that you are comparing the correct fingerprint. If fingerprints do not match $(device[db.identity_meta.address_name])'s account may be compromised and you should consider rejecting this key."); + confirm_title_label.label = "Fingerprints do not match"; + confirm_desc_label.set_markup(@"Please verify that you are comparing the correct fingerprint. If fingerprints do not match $(device[db.identity_meta.address_name])'s account may be compromised and you should consider rejecting this key."); manage_stack.set_visible_child_name("confirm"); }); } @@ -132,44 +132,45 @@ public class ManageKeyDialog : Gtk.Dialog { } }); - ListBoxRow verify = new ListBoxRow() { visible = true }; - verify.add(make_action_box("Verify Key Fingerprint", "Compare this key's fingerprint with the fingerprint displayed on the contact's device.")); - ListBoxRow reject = new ListBoxRow() { visible = true }; - reject.add(make_action_box("Reject Key", "Stop accepting this key during communication with its associated contact.")); - ListBoxRow accept = new ListBoxRow() {visible = true }; - accept.add(make_action_box("Accept Key", "Start accepting this key during communication with its assoicated contact")); + ListBoxRow verify_row = new ListBoxRow() { visible = true }; + verify_row.add(make_action_box("Verify Key Fingerprint", "Compare this key's fingerprint with the fingerprint displayed on the contact's device.")); + ListBoxRow reject_row = new ListBoxRow() { visible = true }; + reject_row.add(make_action_box("Reject Key", "Stop accepting this key during communication with its associated contact.")); + ListBoxRow accept_row = new ListBoxRow() {visible = true }; + accept_row.add(make_action_box("Accept Key", "Start accepting this key during communication with its assoicated contact")); switch((Database.IdentityMetaTable.TrustLevel) device[db.identity_meta.trust_level]) { case Database.IdentityMetaTable.TrustLevel.TRUSTED: - main_desc.set_markup(@"This key is currently accepted. This means it can be used by $(device[db.identity_meta.address_name]) to receive and send messages."); - main_action_list.add(verify); - main_action_list.add(reject); + main_desc_label.set_markup(@"This key is currently accepted. This means it can be used by $(device[db.identity_meta.address_name]) to receive and send messages."); + main_action_list.add(verify_row); + main_action_list.add(reject_row); break; case Database.IdentityMetaTable.TrustLevel.VERIFIED: - main_desc.set_markup(@"This key is currently verified. This means it can be used by $(device[db.identity_meta.address_name]) to receive and send messages. Additionaly it has been verified out-of-band to match the key on the contact's device."); - main_action_list.add(reject); + main_desc_label.set_markup(@"This key is currently verified. This means it can be used by $(device[db.identity_meta.address_name]) to receive and send messages. Additionaly it has been verified out-of-band to match the key on the contact's device."); + main_action_list.add(reject_row); break; case Database.IdentityMetaTable.TrustLevel.UNTRUSTED: - main_desc.set_markup(@"This key is currently rejected. This means it cannot be used by $(device[db.identity_meta.address_name]) to receive messages, and any messages sent by it will be ignored"); - main_action_list.add(accept); + main_desc_label.set_markup(@"This key is currently rejected. This means it cannot be used by $(device[db.identity_meta.address_name]) to receive messages, and any messages sent by it will be ignored"); + main_action_list.add(accept_row); break; } + //Row clicked - go to appropriate screen main_action_list.row_activated.connect((row) => { - if(row == verify) { + if(row == verify_row) { manage_stack.set_visible_child_name("verify"); - } else if (row == reject) { + } else if (row == reject_row) { confirm_image.set_from_icon_name("action-unavailable-symbolic", IconSize.DIALOG); - confirm_title.label = "Reject key"; - confirm_desc.set_markup(@"Once confirmed, any future messages sent by $(device[db.identity_meta.address_name]) using this key will be ignored and none of your messages will be readable using this key."); + confirm_title_label.label = "Reject key"; + confirm_desc_label.set_markup(@"Once confirmed, any future messages sent by $(device[db.identity_meta.address_name]) using this key will be ignored and none of your messages will be readable using this key."); manage_stack.set_visible_child_name("confirm"); ok_button.sensitive = true; return_to_main = true; current_response = Database.IdentityMetaTable.TrustLevel.UNTRUSTED; - } else if (row == accept) { + } else if (row == accept_row) { confirm_image.set_from_icon_name("emblem-ok-symbolic", IconSize.DIALOG); - confirm_title.label = "Accept key"; - confirm_desc.set_markup(@"Once confirmed this key will be usable by $(device[db.identity_meta.address_name]) to receive and send messages."); + confirm_title_label.label = "Accept key"; + confirm_desc_label.set_markup(@"Once confirmed this key will be usable by $(device[db.identity_meta.address_name]) to receive and send messages."); manage_stack.set_visible_child_name("confirm"); ok_button.sensitive = true; return_to_main = true; diff --git a/plugins/omemo/src/manager.vala b/plugins/omemo/src/manager.vala index 7c8d8976..bb8063b2 100644 --- a/plugins/omemo/src/manager.vala +++ b/plugins/omemo/src/manager.vala @@ -61,11 +61,10 @@ public class Manager : StreamInteractionModule, Object { } } - private Manager(StreamInteractor stream_interactor, Database db) { + private Manager(StreamInteractor stream_interactor, Database db, TrustManager trust_manager) { this.stream_interactor = stream_interactor; this.db = db; - - this.trust_manager = new TrustManager(stream_interactor, db); + this.trust_manager = trust_manager; stream_interactor.stream_negotiated.connect(on_stream_negotiated); stream_interactor.account_added.connect(on_account_added); @@ -120,6 +119,7 @@ public class Manager : StreamInteractionModule, Object { } StreamModule module = (!)module_; + //Get a list of everyone for whom the message should be encrypted Gee.List recipients; if (message_stanza.type_ == MessageStanza.TYPE_GROUPCHAT) { recipients = get_occupants((!)message.to.bare_jid, conversation.account); @@ -132,6 +132,7 @@ public class Manager : StreamInteractionModule, Object { recipients.add(message_stanza.to); } + //Attempt to encrypt the message EncryptState enc_state = trust_manager.encrypt(message_stanza, conversation.account.bare_jid, recipients, stream, conversation.account); MessageState state; lock (message_states) { @@ -147,6 +148,7 @@ public class Manager : StreamInteractionModule, Object { } } + //Encryption failed - need to fetch more information if (!state.will_send_now) { if (message.marked == Entities.Message.Marked.WONTSEND) { if (Plugin.DEBUG) print(@"OMEMO: message was not sent: $state\n"); @@ -192,7 +194,6 @@ public class Manager : StreamInteractionModule, Object { private void on_device_list_loaded(Account account, Jid jid, ArrayList device_list) { if (Plugin.DEBUG) print(@"OMEMO: received device list for $(account.bare_jid) from $jid\n"); - // Update meta database XmppStream? stream = stream_interactor.get_stream(account); if (stream == null) { return; @@ -202,9 +203,12 @@ public class Manager : StreamInteractionModule, Object { return; } + //Update meta database db.identity_meta.insert_device_list(account.id, jid.bare_jid.to_string(), device_list); + + //Fetch the bundle for each new device int inc = 0; - foreach (Row row in db.identity_meta.with_address(account.id, jid.bare_jid.to_string()).with_null(db.identity_meta.identity_key_public_base64)) { + foreach (Row row in db.identity_meta.get_unknown_devices(account.id, jid.bare_jid.to_string())) { module.fetch_bundle(stream, Jid.parse(row[db.identity_meta.address_name]), row[db.identity_meta.device_id]); inc++; } @@ -212,10 +216,12 @@ public class Manager : StreamInteractionModule, Object { if (Plugin.DEBUG) print(@"OMEMO: new bundles $inc/$(device_list.size) for $jid\n"); } + //Create an entry for the jid in the account table if one does not exist already if (db.trust.select().with(db.trust.identity_id, "=", account.id).with(db.trust.address_name, "=", jid.bare_jid.to_string()).count() == 0) { db.trust.insert().value(db.trust.identity_id, account.id).value(db.trust.address_name, jid.bare_jid.to_string()).value(db.trust.blind_trust, true).perform(); } + //Get all messages that needed the devicelist and determine if we can now send them HashSet send_now = new HashSet(); lock (message_states) { foreach (Entities.Message msg in message_states.keys) { @@ -245,12 +251,18 @@ public class Manager : StreamInteractionModule, Object { public void on_bundle_fetched(Account account, Jid jid, int32 device_id, Bundle bundle) { bool blind_trust = db.trust.get_blind_trust(account.id, jid.bare_jid.to_string()); + //If we don't blindly trust new devices and we haven't seen this key before then don't trust it bool untrust = !(blind_trust || db.identity_meta.with_address(account.id, jid.bare_jid.to_string()) .with(db.identity_meta.device_id, "=", device_id) .with(db.identity_meta.identity_key_public_base64, "=", Base64.encode(bundle.identity_key.serialize())) .single().row().is_present()); - Database.IdentityMetaTable.TrustLevel trusted = (Database.IdentityMetaTable.TrustLevel) db.identity_meta.with_address(account.id, jid.bare_jid.to_string()).with(db.identity_meta.device_id, "=", device_id).single()[db.identity_meta.trust_level, Database.IdentityMetaTable.TrustLevel.UNKNOWN]; + //Get trust information from the database if the device id is known + Row device = db.identity_meta.get_device(account.id, jid.bare_jid.to_string(), device_id); + Database.IdentityMetaTable.TrustLevel trusted = Database.IdentityMetaTable.TrustLevel.UNKNOWN; + if (device != null) { + trusted = (Database.IdentityMetaTable.TrustLevel) device[db.identity_meta.trust_level]; + } if(untrust) { trusted = Database.IdentityMetaTable.TrustLevel.UNKNOWN; @@ -258,6 +270,7 @@ public class Manager : StreamInteractionModule, Object { trusted = Database.IdentityMetaTable.TrustLevel.TRUSTED; } + //Update the database with the appropriate trust information db.identity_meta.insert_device_bundle(account.id, jid.bare_jid.to_string(), device_id, bundle, trusted); XmppStream? stream = stream_interactor.get_stream(account); @@ -265,6 +278,7 @@ public class Manager : StreamInteractionModule, Object { StreamModule? module = ((!)stream).get_module(StreamModule.IDENTITY); if(module == null) return; + //Get all messages waiting on the bundle and determine if they can now be sent HashSet send_now = new HashSet(); lock (message_states) { foreach (Entities.Message msg in message_states.keys) { @@ -360,8 +374,8 @@ public class Manager : StreamInteractionModule, Object { return trust_manager.is_known_address(conversation.account, conversation.counterpart.bare_jid); } - public static void start(StreamInteractor stream_interactor, Database db) { - Manager m = new Manager(stream_interactor, db); + public static void start(StreamInteractor stream_interactor, Database db, TrustManager trust_manager) { + Manager m = new Manager(stream_interactor, db, trust_manager); stream_interactor.add_module(m); } } diff --git a/plugins/omemo/src/own_notifications.vala b/plugins/omemo/src/own_notifications.vala index e1095c68..fbdb7e84 100644 --- a/plugins/omemo/src/own_notifications.vala +++ b/plugins/omemo/src/own_notifications.vala @@ -26,7 +26,7 @@ public class OwnNotifications { } public bool has_new_devices(Jid jid) { - return plugin.db.identity_meta.with_address(account.id, jid.bare_jid.to_string()).with(plugin.db.identity_meta.trust_level, "=", Database.IdentityMetaTable.TrustLevel.UNKNOWN).without_null(plugin.db.identity_meta.identity_key_public_base64).count() > 0; + return plugin.db.identity_meta.get_new_devices(account.id, jid.bare_jid.to_string()).count() > 0; } private void display_notification() { diff --git a/plugins/omemo/src/plugin.vala b/plugins/omemo/src/plugin.vala index b63ed3f2..81cf5c7f 100644 --- a/plugins/omemo/src/plugin.vala +++ b/plugins/omemo/src/plugin.vala @@ -29,6 +29,8 @@ public class Plugin : RootInterface, Object { public AccountSettingsEntry settings_entry; public ContactDetailsProvider contact_details_provider; public DeviceNotificationPopulator device_notification_populator; + public OwnNotifications own_notifications; + public TrustManager trust_manager; public void registered(Dino.Application app) { ensure_context(); @@ -38,15 +40,16 @@ public class Plugin : RootInterface, Object { this.settings_entry = new AccountSettingsEntry(this); this.contact_details_provider = new ContactDetailsProvider(this); this.device_notification_populator = new DeviceNotificationPopulator(this, this.app.stream_interactor); + this.trust_manager = new TrustManager(this.app.stream_interactor, this.db); this.app.plugin_registry.register_encryption_list_entry(list_entry); this.app.plugin_registry.register_account_settings_entry(settings_entry); this.app.plugin_registry.register_contact_details_entry(contact_details_provider); this.app.plugin_registry.register_notification_populator(device_notification_populator); this.app.stream_interactor.module_manager.initialize_account_modules.connect((account, list) => { list.add(new StreamModule()); - new OwnNotifications(this, this.app.stream_interactor, account); + this.own_notifications = new OwnNotifications(this, this.app.stream_interactor, account); }); - Manager.start(this.app.stream_interactor, db); + Manager.start(this.app.stream_interactor, db, trust_manager); string locales_dir; if (app.search_path_generator != null) { diff --git a/plugins/omemo/src/trust_manager.vala b/plugins/omemo/src/trust_manager.vala index d25f7b00..3890d4da 100644 --- a/plugins/omemo/src/trust_manager.vala +++ b/plugins/omemo/src/trust_manager.vala @@ -20,6 +20,21 @@ public class TrustManager { stream_interactor.get_module(MessageProcessor.IDENTITY).received_pipeline.connect(received_message_listener); } + public void set_blind_trust(Account account, Jid jid, bool blind_trust) { + db.trust.update() + .with(db.trust.identity_id, "=", account.id) + .with(db.trust.address_name, "=", jid.bare_jid.to_string()) + .set(db.trust.blind_trust, blind_trust); + } + + public void set_device_trust(Account account, Jid jid, int device_id, Database.IdentityMetaTable.TrustLevel trust_level) { + db.identity_meta.update() + .with(db.identity_meta.identity_id, "=", account.id) + .with(db.identity_meta.address_name, "=", jid.bare_jid.to_string()) + .with(db.identity_meta.device_id, "=", device_id) + .set(db.identity_meta.trust_level, trust_level).perform(); + } + private StanzaNode create_encrypted_key(uint8[] key, Address address, Store store) throws GLib.Error { SessionCipher cipher = store.create_session_cipher(address); CiphertextMessage device_key = cipher.encrypt(key); @@ -38,6 +53,7 @@ public class TrustManager { StreamModule module = stream.get_module(StreamModule.IDENTITY); try { + //Check we have the bundles and device lists needed to send the message if (!is_known_address(account, self_jid)) return status; status.own_list = true; status.own_devices = get_trusted_devices(account, self_jid).size; @@ -46,12 +62,13 @@ public class TrustManager { foreach (Jid recipient in recipients) { if (!is_known_address(account, recipient)) { status.other_waiting_lists++; - return status; } + if (status.other_waiting_lists > 0) return status; status.other_devices += get_trusted_devices(account, recipient).size; } if (status.own_devices == 0 || status.other_devices == 0) return status; + //Create a key and use it to encrypt the message uint8[] key = new uint8[16]; Plugin.get_context().randomize(key); uint8[] iv = new uint8[16]; @@ -68,6 +85,7 @@ public class TrustManager { .put_node(new StanzaNode.build("payload", NS_URI) .put_node(new StanzaNode.text(Base64.encode(ciphertext)))); + //Encrypt the key for each recipient's device individually Address address = new Address(message.to.bare_jid.to_string(), 0); foreach (Jid recipient in recipients) { foreach(int32 device_id in get_trusted_devices(account, recipient)) { @@ -122,7 +140,7 @@ public class TrustManager { public Gee.List get_trusted_devices(Account account, Jid jid) { Gee.List devices = new ArrayList(); - foreach (Row device in db.identity_meta.with_address(account.id, jid.to_string()).with(db.identity_meta.trust_level, "!=", Database.IdentityMetaTable.TrustLevel.UNTRUSTED).with(db.identity_meta.now_active, "=", true)) { + foreach (Row device in db.identity_meta.get_trusted_devices(account.id, jid.bare_jid.to_string())) { if(device[db.identity_meta.trust_level] != Database.IdentityMetaTable.TrustLevel.UNKNOWN || device[db.identity_meta.identity_key_public_base64] == null) devices.add(device[db.identity_meta.device_id]); } @@ -150,7 +168,7 @@ public class TrustManager { if(conversation.type_ == Conversation.Type.GROUPCHAT) { jid = stream_interactor.get_module(MucManager.IDENTITY).get_real_jid(jid, conversation.account); } - Database.IdentityMetaTable.TrustLevel trust_level = (Database.IdentityMetaTable.TrustLevel) db.identity_meta.with_address(conversation.account.id, jid.bare_jid.to_string()).with(db.identity_meta.device_id, "=", header.get_attribute_int("sid")).single()[db.identity_meta.trust_level]; + Database.IdentityMetaTable.TrustLevel trust_level = (Database.IdentityMetaTable.TrustLevel) db.identity_meta.get_device(conversation.account.id, jid.bare_jid.to_string(), header.get_attribute_int("sid"))[db.identity_meta.trust_level]; if (trust_level == Database.IdentityMetaTable.TrustLevel.UNTRUSTED) { message.body = "OMEMO message from a rejected device"; message.marked = Message.Marked.WONTSEND; From 8ebc2c5dd333ce19c9e0592ee1feb8eed6e1a48f Mon Sep 17 00:00:00 2001 From: Samuel Hand Date: Fri, 10 Aug 2018 01:40:20 +0100 Subject: [PATCH 28/38] Fix mutual subscription detection --- libdino/src/service/presence_manager.vala | 4 ---- libdino/src/service/roster_manager.vala | 5 +++++ plugins/omemo/src/manager.vala | 4 ++-- xmpp-vala/src/module/presence/module.vala | 12 ------------ xmpp-vala/src/module/roster/module.vala | 5 +++++ 5 files changed, 12 insertions(+), 18 deletions(-) diff --git a/libdino/src/service/presence_manager.vala b/libdino/src/service/presence_manager.vala index 62100c2c..e832687d 100644 --- a/libdino/src/service/presence_manager.vala +++ b/libdino/src/service/presence_manager.vala @@ -11,7 +11,6 @@ public class PresenceManager : StreamInteractionModule, Object { public signal void show_received(Show show, Jid jid, Account account); public signal void received_subscription_request(Jid jid, Account account); public signal void received_subscription_approval(Jid jid, Account account); - public signal void mutual_subscription(Jid jid, Account account); private StreamInteractor stream_interactor; private HashMap>> shows = new HashMap>>(Jid.hash_bare_func, Jid.equals_bare_func); @@ -99,9 +98,6 @@ public class PresenceManager : StreamInteractionModule, Object { stream_interactor.module_manager.get_module(account, Presence.Module.IDENTITY).received_subscription_approval.connect((stream, jid) => { received_subscription_approval(jid, account); }); - stream_interactor.module_manager.get_module(account, Presence.Module.IDENTITY).mutual_subscription.connect((stream, jid) => { - mutual_subscription(jid, account); - }); } private void on_received_available_show(Account account, Jid jid, string show) { diff --git a/libdino/src/service/roster_manager.vala b/libdino/src/service/roster_manager.vala index 23bc8b76..5181b90e 100644 --- a/libdino/src/service/roster_manager.vala +++ b/libdino/src/service/roster_manager.vala @@ -11,6 +11,7 @@ public class RosterManager : StreamInteractionModule, Object { public signal void removed_roster_item(Account account, Jid jid, Roster.Item roster_item); public signal void updated_roster_item(Account account, Jid jid, Roster.Item roster_item); + public signal void mutual_subscription(Account account, Jid jid); private StreamInteractor stream_interactor; private Database db; @@ -66,6 +67,10 @@ public class RosterManager : StreamInteractionModule, Object { stream_interactor.module_manager.get_module(account, Roster.Module.IDENTITY).item_updated.connect_after( (stream, roster_item) => { on_roster_item_updated(account, roster_item); }); + + stream_interactor.module_manager.get_module(account, Roster.Module.IDENTITY).mutual_subscription.connect_after( (stream, jid) => { + mutual_subscription(account, jid); + }); } private void on_roster_item_updated(Account account, Roster.Item roster_item) { diff --git a/plugins/omemo/src/manager.vala b/plugins/omemo/src/manager.vala index bb8063b2..c75b15e2 100644 --- a/plugins/omemo/src/manager.vala +++ b/plugins/omemo/src/manager.vala @@ -70,7 +70,7 @@ public class Manager : StreamInteractionModule, Object { stream_interactor.account_added.connect(on_account_added); stream_interactor.get_module(MessageProcessor.IDENTITY).received_pipeline.connect(received_message_listener); stream_interactor.get_module(MessageProcessor.IDENTITY).pre_message_send.connect(on_pre_message_send); - stream_interactor.get_module(PresenceManager.IDENTITY).mutual_subscription.connect(on_mutual_subscription); + stream_interactor.get_module(RosterManager.IDENTITY).mutual_subscription.connect(on_mutual_subscription); } private class ReceivedMessageListener : MessageListener { @@ -174,7 +174,7 @@ public class Manager : StreamInteractionModule, Object { } } - private void on_mutual_subscription(Jid jid, Account account) { + private void on_mutual_subscription(Account account, Jid jid) { XmppStream? stream = stream_interactor.get_stream(account); if(stream == null) return; diff --git a/xmpp-vala/src/module/presence/module.vala b/xmpp-vala/src/module/presence/module.vala index 2188d89d..4a9a72a3 100644 --- a/xmpp-vala/src/module/presence/module.vala +++ b/xmpp-vala/src/module/presence/module.vala @@ -15,13 +15,9 @@ namespace Xmpp.Presence { public signal void received_subscription_request(XmppStream stream, Jid jid); public signal void received_subscription_approval(XmppStream stream, Jid jid); public signal void received_unsubscription(XmppStream stream, Jid jid); - public signal void mutual_subscription(XmppStream stream, Jid jid); public bool available_resource = true; - private Gee.List subscriptions = new ArrayList(Jid.equals_bare_func); - private Gee.List subscribers = new ArrayList(Jid.equals_bare_func); - public void request_subscription(XmppStream stream, Jid bare_jid) { Presence.Stanza presence = new Presence.Stanza(); presence.to = bare_jid; @@ -34,8 +30,6 @@ namespace Xmpp.Presence { presence.to = bare_jid; presence.type_ = Presence.Stanza.TYPE_SUBSCRIBED; send_presence(stream, presence); - subscribers.add(bare_jid); - if (subscriptions.contains(bare_jid)) mutual_subscription(stream, bare_jid); } public void deny_subscription(XmppStream stream, Jid bare_jid) { @@ -47,7 +41,6 @@ namespace Xmpp.Presence { presence.to = bare_jid; presence.type_ = Presence.Stanza.TYPE_UNSUBSCRIBED; send_presence(stream, presence); - subscribers.remove(bare_jid); } public void unsubscribe(XmppStream stream, Jid bare_jid) { @@ -55,7 +48,6 @@ namespace Xmpp.Presence { presence.to = bare_jid; presence.type_ = Presence.Stanza.TYPE_UNSUBSCRIBE; send_presence(stream, presence); - subscriptions.remove(bare_jid); } public void send_presence(XmppStream stream, Presence.Stanza presence) { @@ -92,16 +84,12 @@ namespace Xmpp.Presence { break; case Presence.Stanza.TYPE_SUBSCRIBED: received_subscription_approval(stream, presence.from); - subscriptions.add(presence.from); - if (subscribers.contains(presence.from)) mutual_subscription(stream, presence.from); break; case Presence.Stanza.TYPE_UNSUBSCRIBE: stream.get_flag(Flag.IDENTITY).remove_presence(presence.from); received_unsubscription(stream, presence.from); - subscribers.remove(presence.from); break; case Presence.Stanza.TYPE_UNSUBSCRIBED: - subscriptions.remove(presence.from); break; } } diff --git a/xmpp-vala/src/module/roster/module.vala b/xmpp-vala/src/module/roster/module.vala index 5b15a43a..2d36211d 100644 --- a/xmpp-vala/src/module/roster/module.vala +++ b/xmpp-vala/src/module/roster/module.vala @@ -11,6 +11,7 @@ public class Module : XmppStreamModule, Iq.Handler { public signal void pre_get_roster(XmppStream stream, Iq.Stanza iq); public signal void item_removed(XmppStream stream, Item item, Iq.Stanza iq); public signal void item_updated(XmppStream stream, Item item, Iq.Stanza iq); + public signal void mutual_subscription(XmppStream stream, Jid jid); public bool interested_resource = true; @@ -55,8 +56,12 @@ public class Module : XmppStreamModule, Iq.Handler { item_removed(stream, item, iq); break; default: + bool is_new = false; + Item old = flag.get_item(item.jid); + is_new = item.subscription == Item.SUBSCRIPTION_BOTH && (old == null || old.subscription == Item.SUBSCRIPTION_BOTH); flag.roster_items[item.jid] = item; item_updated(stream, item, iq); + if(is_new) mutual_subscription(stream, item.jid); break; } } From d7b5db1d9fb37a310c16d8ffef885f1209a33187 Mon Sep 17 00:00:00 2001 From: Samuel Hand Date: Fri, 10 Aug 2018 12:47:56 +0100 Subject: [PATCH 29/38] Make strings translatable --- plugins/omemo/src/contact_details_dialog.vala | 8 ++--- plugins/omemo/src/manage_key_dialog.vala | 34 +++++++++---------- plugins/omemo/src/own_notifications.vala | 4 +-- plugins/omemo/src/trust_manager.vala | 4 +-- 4 files changed, 25 insertions(+), 25 deletions(-) diff --git a/plugins/omemo/src/contact_details_dialog.vala b/plugins/omemo/src/contact_details_dialog.vala index 3a39bda5..baefe564 100644 --- a/plugins/omemo/src/contact_details_dialog.vala +++ b/plugins/omemo/src/contact_details_dialog.vala @@ -105,22 +105,22 @@ public class ContactDetailsDialog : Gtk.Dialog { switch(trust) { case Database.IdentityMetaTable.TrustLevel.TRUSTED: img.icon_name = "emblem-ok-symbolic"; - status_lbl.set_markup("Accepted"); + status_lbl.set_markup("%s".printf(_("Accepted"))); break; case Database.IdentityMetaTable.TrustLevel.UNTRUSTED: img.icon_name = "action-unavailable-symbolic"; - status_lbl.set_markup("Rejected"); + status_lbl.set_markup("%s".printf(_("Rejected"))); lbl.get_style_context().add_class("dim-label"); break; case Database.IdentityMetaTable.TrustLevel.VERIFIED: img.icon_name = "security-high-symbolic"; - status_lbl.set_markup("Verified"); + status_lbl.set_markup("%s".printf(_("Verified"))); break; } if (!now_active) { img.icon_name= "appointment-missed-symbolic"; - status_lbl.set_markup("Unused"); + status_lbl.set_markup("%s".printf(_("Unused"))); lbr.activatable = false; } } diff --git a/plugins/omemo/src/manage_key_dialog.vala b/plugins/omemo/src/manage_key_dialog.vala index 1ff7bd27..602b2965 100644 --- a/plugins/omemo/src/manage_key_dialog.vala +++ b/plugins/omemo/src/manage_key_dialog.vala @@ -48,8 +48,8 @@ public class ManageKeyDialog : Gtk.Dialog { verify_yes_button.clicked.connect(() => { confirm_image.set_from_icon_name("security-high-symbolic", IconSize.DIALOG); - confirm_title_label.label = "Verify key"; - confirm_desc_label.set_markup(@"Once confirmed, any future messages sent by $(device[db.identity_meta.address_name]) using this key will be highlighted accordingly in the chat window."); + confirm_title_label.label = _("Verify key"); + confirm_desc_label.set_markup(_("Once confirmed, any future messages sent by %s using this key will be highlighted accordingly in the chat window.").printf(@"$(device[db.identity_meta.address_name])")); manage_stack.set_visible_child_name("confirm"); ok_button.sensitive = true; return_to_main = false; @@ -59,8 +59,8 @@ public class ManageKeyDialog : Gtk.Dialog { verify_no_button.clicked.connect(() => { return_to_main = false; confirm_image.set_from_icon_name("dialog-warning-symbolic", IconSize.DIALOG); - confirm_title_label.label = "Fingerprints do not match"; - confirm_desc_label.set_markup(@"Please verify that you are comparing the correct fingerprint. If fingerprints do not match $(device[db.identity_meta.address_name])'s account may be compromised and you should consider rejecting this key."); + confirm_title_label.label = _("Fingerprints do not match"); + confirm_desc_label.set_markup(_("Please verify that you are comparing the correct fingerprint. If fingerprints do not match %s's account may be compromised and you should consider rejecting this key.").printf(@"$(device[db.identity_meta.address_name])")); manage_stack.set_visible_child_name("confirm"); }); } @@ -70,13 +70,13 @@ public class ManageKeyDialog : Gtk.Dialog { if (manage_stack.get_visible_child_name() == "verify") { manage_stack.set_visible_child_name("main"); - cancel_button.label = "Cancel"; + cancel_button.label = _("Cancel"); } if (manage_stack.get_visible_child_name() == "confirm") { if (return_to_main) { manage_stack.set_visible_child_name("main"); - cancel_button.label = "Cancel"; + cancel_button.label = _("Cancel"); } else { manage_stack.set_visible_child_name("verify"); } @@ -133,24 +133,24 @@ public class ManageKeyDialog : Gtk.Dialog { }); ListBoxRow verify_row = new ListBoxRow() { visible = true }; - verify_row.add(make_action_box("Verify Key Fingerprint", "Compare this key's fingerprint with the fingerprint displayed on the contact's device.")); + verify_row.add(make_action_box(_("Verify Key Fingerprint"), _("Compare this key's fingerprint with the fingerprint displayed on the contact's device."))); ListBoxRow reject_row = new ListBoxRow() { visible = true }; - reject_row.add(make_action_box("Reject Key", "Stop accepting this key during communication with its associated contact.")); + reject_row.add(make_action_box(_("Reject Key"), _("Stop accepting this key during communication with its associated contact."))); ListBoxRow accept_row = new ListBoxRow() {visible = true }; - accept_row.add(make_action_box("Accept Key", "Start accepting this key during communication with its assoicated contact")); + accept_row.add(make_action_box(_("Accept Key"), _("Start accepting this key during communication with its assoicated contact"))); switch((Database.IdentityMetaTable.TrustLevel) device[db.identity_meta.trust_level]) { case Database.IdentityMetaTable.TrustLevel.TRUSTED: - main_desc_label.set_markup(@"This key is currently accepted. This means it can be used by $(device[db.identity_meta.address_name]) to receive and send messages."); + main_desc_label.set_markup(_("This key is currently %saccepted%s. This means it can be used by %s to receive and send messages.").printf("", "", @"$(device[db.identity_meta.address_name])")); main_action_list.add(verify_row); main_action_list.add(reject_row); break; case Database.IdentityMetaTable.TrustLevel.VERIFIED: - main_desc_label.set_markup(@"This key is currently verified. This means it can be used by $(device[db.identity_meta.address_name]) to receive and send messages. Additionaly it has been verified out-of-band to match the key on the contact's device."); + main_desc_label.set_markup(_("This key is currently %sverified%s. This means it can be used by %s to receive and send messages. Additionally it has been verified out-of-band to match the key on the contact's device.").printf("", "", @"$(device[db.identity_meta.address_name])")); main_action_list.add(reject_row); break; case Database.IdentityMetaTable.TrustLevel.UNTRUSTED: - main_desc_label.set_markup(@"This key is currently rejected. This means it cannot be used by $(device[db.identity_meta.address_name]) to receive messages, and any messages sent by it will be ignored"); + main_desc_label.set_markup(_("This key is currently %srejected%s. This means it cannot be used by %s to receive messages, and any messages sent by it will be ignored").printf("", "", @"$(device[db.identity_meta.address_name])")); main_action_list.add(accept_row); break; } @@ -161,22 +161,22 @@ public class ManageKeyDialog : Gtk.Dialog { manage_stack.set_visible_child_name("verify"); } else if (row == reject_row) { confirm_image.set_from_icon_name("action-unavailable-symbolic", IconSize.DIALOG); - confirm_title_label.label = "Reject key"; - confirm_desc_label.set_markup(@"Once confirmed, any future messages sent by $(device[db.identity_meta.address_name]) using this key will be ignored and none of your messages will be readable using this key."); + confirm_title_label.label = _("Reject key"); + confirm_desc_label.set_markup(_("Once confirmed, any future messages sent by %s using this key will be ignored and none of your messages will be readable using this key.").printf(@"$(device[db.identity_meta.address_name])")); manage_stack.set_visible_child_name("confirm"); ok_button.sensitive = true; return_to_main = true; current_response = Database.IdentityMetaTable.TrustLevel.UNTRUSTED; } else if (row == accept_row) { confirm_image.set_from_icon_name("emblem-ok-symbolic", IconSize.DIALOG); - confirm_title_label.label = "Accept key"; - confirm_desc_label.set_markup(@"Once confirmed this key will be usable by $(device[db.identity_meta.address_name]) to receive and send messages."); + confirm_title_label.label = _("Accept key"); + confirm_desc_label.set_markup(_("Once confirmed this key will be usable by %s to receive and send messages.").printf(@"$(device[db.identity_meta.address_name])")); manage_stack.set_visible_child_name("confirm"); ok_button.sensitive = true; return_to_main = true; current_response = Database.IdentityMetaTable.TrustLevel.TRUSTED; } - cancel_button.label = "Back"; + cancel_button.label = _("Back"); }); manage_stack.set_visible_child_name("main"); diff --git a/plugins/omemo/src/own_notifications.vala b/plugins/omemo/src/own_notifications.vala index fbdb7e84..296e00b6 100644 --- a/plugins/omemo/src/own_notifications.vala +++ b/plugins/omemo/src/own_notifications.vala @@ -30,8 +30,8 @@ public class OwnNotifications { } private void display_notification() { - Notification notification = new Notification("Trust decision required"); - notification.set_body(@"A new OMEMO device has been added for the account $(account.bare_jid)"); + Notification notification = new Notification(_("Trust decision required")); + notification.set_body(_("A new OMEMO device has been added for the account %s").printf("$(account.jid.bare_jid)")); plugin.app.send_notification(account.id.to_string()+"-new-device", notification); } } diff --git a/plugins/omemo/src/trust_manager.vala b/plugins/omemo/src/trust_manager.vala index 3890d4da..9f1ad047 100644 --- a/plugins/omemo/src/trust_manager.vala +++ b/plugins/omemo/src/trust_manager.vala @@ -170,11 +170,11 @@ public class TrustManager { } Database.IdentityMetaTable.TrustLevel trust_level = (Database.IdentityMetaTable.TrustLevel) db.identity_meta.get_device(conversation.account.id, jid.bare_jid.to_string(), header.get_attribute_int("sid"))[db.identity_meta.trust_level]; if (trust_level == Database.IdentityMetaTable.TrustLevel.UNTRUSTED) { - message.body = "OMEMO message from a rejected device"; + message.body = _("OMEMO message from a rejected device"); message.marked = Message.Marked.WONTSEND; } if (trust_level == Database.IdentityMetaTable.TrustLevel.UNKNOWN) { - message.body = "OMEMO message from an unknown device: "+message.body; + message.body = _("OMEMO message from an unknown device: ")+message.body; message.marked = Message.Marked.WONTSEND; } } From 72cb5b4f90da59d5ec4660eca0e6d80e4669a49a Mon Sep 17 00:00:00 2001 From: Samuel Hand Date: Sat, 11 Aug 2018 14:19:06 +0100 Subject: [PATCH 30/38] Fix OMEMO not working when the database is re-created for an existing account --- plugins/omemo/src/manager.vala | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/plugins/omemo/src/manager.vala b/plugins/omemo/src/manager.vala index c75b15e2..51148681 100644 --- a/plugins/omemo/src/manager.vala +++ b/plugins/omemo/src/manager.vala @@ -316,9 +316,11 @@ public class Manager : StreamInteractionModule, Object { private void on_store_created(Account account, Store store) { Qlite.Row? row = db.identity.row_with(db.identity.account_id, account.id).inner; int identity_id = -1; + bool publish_identity = false; if (row == null) { // OMEMO not yet initialized, starting with empty base + publish_identity = true; try { store.identity_key_store.local_registration_id = Random.int_range(1, int32.MAX); @@ -349,14 +351,21 @@ public class Manager : StreamInteractionModule, Object { } else { print(@"OMEMO: store for $(account.bare_jid) is not persisted!"); } + + // Generated new device ID, ensure this gets added to the devicelist + if (publish_identity) { + XmppStream? stream = stream_interactor.get_stream(account); + if (stream == null) return; + StreamModule? module = ((!)stream).get_module(StreamModule.IDENTITY); + if(module == null) return; + module.request_user_devicelist(stream, account.bare_jid); + } } public bool can_encrypt(Entities.Conversation conversation) { XmppStream? stream = stream_interactor.get_stream(conversation.account); if (stream == null) return false; - StreamModule? module = ((!)stream).get_module(StreamModule.IDENTITY); - if (module == null) return false; if (stream_interactor.get_module(MucManager.IDENTITY).is_groupchat(conversation.counterpart, conversation.account)){ Xep.Muc.Flag? flag = stream.get_flag(Xep.Muc.Flag.IDENTITY); if (flag == null) return false; From 9b984289966cc6c29f5ce14daa76de1a380a42cd Mon Sep 17 00:00:00 2001 From: Samuel Hand Date: Sat, 11 Aug 2018 15:54:14 +0100 Subject: [PATCH 31/38] Un-dim fingerprint when accepting keys --- plugins/omemo/src/contact_details_dialog.vala | 2 ++ 1 file changed, 2 insertions(+) diff --git a/plugins/omemo/src/contact_details_dialog.vala b/plugins/omemo/src/contact_details_dialog.vala index baefe564..006e95f1 100644 --- a/plugins/omemo/src/contact_details_dialog.vala +++ b/plugins/omemo/src/contact_details_dialog.vala @@ -106,6 +106,7 @@ public class ContactDetailsDialog : Gtk.Dialog { case Database.IdentityMetaTable.TrustLevel.TRUSTED: img.icon_name = "emblem-ok-symbolic"; status_lbl.set_markup("%s".printf(_("Accepted"))); + lbl.get_style_context().remove_class("dim-label"); break; case Database.IdentityMetaTable.TrustLevel.UNTRUSTED: img.icon_name = "action-unavailable-symbolic"; @@ -115,6 +116,7 @@ public class ContactDetailsDialog : Gtk.Dialog { case Database.IdentityMetaTable.TrustLevel.VERIFIED: img.icon_name = "security-high-symbolic"; status_lbl.set_markup("%s".printf(_("Verified"))); + lbl.get_style_context().remove_class("dim-label"); break; } From b589275ab46d42584bfc99edfa2054e9c8841ccc Mon Sep 17 00:00:00 2001 From: Samuel Hand Date: Sat, 11 Aug 2018 15:56:30 +0100 Subject: [PATCH 32/38] Actually perform the database update when changing blind trust --- plugins/omemo/src/trust_manager.vala | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/omemo/src/trust_manager.vala b/plugins/omemo/src/trust_manager.vala index 9f1ad047..2631513b 100644 --- a/plugins/omemo/src/trust_manager.vala +++ b/plugins/omemo/src/trust_manager.vala @@ -24,7 +24,7 @@ public class TrustManager { db.trust.update() .with(db.trust.identity_id, "=", account.id) .with(db.trust.address_name, "=", jid.bare_jid.to_string()) - .set(db.trust.blind_trust, blind_trust); + .set(db.trust.blind_trust, blind_trust).perform(); } public void set_device_trust(Account account, Jid jid, int device_id, Database.IdentityMetaTable.TrustLevel trust_level) { From e2932af18f31d8457c3d72ba9d3b80d912934c7f Mon Sep 17 00:00:00 2001 From: Samuel Hand Date: Sun, 12 Aug 2018 11:04:40 +0100 Subject: [PATCH 33/38] Index consistently with the identity id --- plugins/omemo/src/contact_details_dialog.vala | 10 +++++---- .../omemo/src/contact_details_provider.vala | 5 ++++- plugins/omemo/src/database.vala | 9 +++++++- .../src/device_notification_populator.vala | 4 +++- plugins/omemo/src/manager.vala | 22 ++++++++++++------- plugins/omemo/src/own_notifications.vala | 5 ++++- plugins/omemo/src/trust_manager.vala | 19 +++++++++++----- 7 files changed, 53 insertions(+), 21 deletions(-) diff --git a/plugins/omemo/src/contact_details_dialog.vala b/plugins/omemo/src/contact_details_dialog.vala index 006e95f1..037cd6e9 100644 --- a/plugins/omemo/src/contact_details_dialog.vala +++ b/plugins/omemo/src/contact_details_dialog.vala @@ -37,6 +37,8 @@ public class ContactDetailsDialog : Gtk.Dialog { (get_header_bar() as HeaderBar).set_subtitle(jid.bare_jid.to_string()); + int identity_id = plugin.db.identity.get_id(account.id); + if (identity_id < 0) return; // Dialog opened from the account settings menu // Show the fingerprint for this device separately with buttons for a qrcode and to copy @@ -64,19 +66,19 @@ public class ContactDetailsDialog : Gtk.Dialog { keys_listbox.set_header_func(header_function); //Show any new devices for which the user must decide whether to accept or reject - foreach (Row device in plugin.db.identity_meta.get_new_devices(account.id, jid.to_string())) { + foreach (Row device in plugin.db.identity_meta.get_new_devices(identity_id, jid.to_string())) { add_new_fingerprint(device); } //Show the normal devicelist - foreach (Row device in plugin.db.identity_meta.get_known_devices(account.id, jid.to_string())) { + foreach (Row device in plugin.db.identity_meta.get_known_devices(identity_id, jid.to_string())) { if(own && device[plugin.db.identity_meta.device_id] == own_id) { continue; } add_fingerprint(device, (Database.IdentityMetaTable.TrustLevel) device[plugin.db.identity_meta.trust_level]); } - auto_accept_switch.set_active(plugin.db.trust.get_blind_trust(account.id, jid.bare_jid.to_string())); + auto_accept_switch.set_active(plugin.db.trust.get_blind_trust(identity_id, jid.bare_jid.to_string())); auto_accept_switch.state_set.connect((active) => { plugin.trust_manager.set_blind_trust(account, jid, active); @@ -84,7 +86,7 @@ public class ContactDetailsDialog : Gtk.Dialog { if (active) { new_keys_container.visible = false; - foreach (Row device in plugin.db.identity_meta.get_new_devices(account.id, jid.to_string())) { + foreach (Row device in plugin.db.identity_meta.get_new_devices(identity_id, jid.to_string())) { plugin.trust_manager.set_device_trust(account, jid, device[plugin.db.identity_meta.device_id], Database.IdentityMetaTable.TrustLevel.TRUSTED); add_fingerprint(device, Database.IdentityMetaTable.TrustLevel.TRUSTED); } diff --git a/plugins/omemo/src/contact_details_provider.vala b/plugins/omemo/src/contact_details_provider.vala index 4b919009..7250d135 100644 --- a/plugins/omemo/src/contact_details_provider.vala +++ b/plugins/omemo/src/contact_details_provider.vala @@ -17,8 +17,11 @@ public class ContactDetailsProvider : Plugins.ContactDetailsProvider, Object { public void populate(Conversation conversation, Plugins.ContactDetails contact_details, WidgetType type) { if (conversation.type_ == Conversation.Type.CHAT && type == WidgetType.GTK) { + int identity_id = plugin.db.identity.get_id(conversation.account.id); + if (identity_id < 0) return; + int i = 0; - foreach (Row row in plugin.db.identity_meta.with_address(conversation.account.id, conversation.counterpart.to_string())) { + foreach (Row row in plugin.db.identity_meta.with_address(identity_id, conversation.counterpart.to_string())) { if (row[plugin.db.identity_meta.identity_key_public_base64] != null) { i++; } diff --git a/plugins/omemo/src/database.vala b/plugins/omemo/src/database.vala index 8f8cb44a..0b15d198 100644 --- a/plugins/omemo/src/database.vala +++ b/plugins/omemo/src/database.vala @@ -43,7 +43,7 @@ public class Database : Qlite.Database { } public void insert_device_list(int32 identity_id, string address_name, ArrayList devices) { - update().with(this.address_name, "=", address_name).set(now_active, false).perform(); + update().with(this.identity_id, "=", identity_id).with(this.address_name, "=", address_name).set(now_active, false).perform(); foreach (int32 device_id in devices) { upsert() .value(this.identity_id, identity_id, true) @@ -124,6 +124,13 @@ public class Database : Qlite.Database { base(db, "identity"); init({id, account_id, device_id, identity_key_private_base64, identity_key_public_base64}); } + + public int get_id(int account_id) { + int id = -1; + Row? row = this.row_with(this.account_id, account_id).inner; + if (row != null) id = ((!)row)[this.id]; + return id; + } } public class SignedPreKeyTable : Table { diff --git a/plugins/omemo/src/device_notification_populator.vala b/plugins/omemo/src/device_notification_populator.vala index aee45472..900cac96 100644 --- a/plugins/omemo/src/device_notification_populator.vala +++ b/plugins/omemo/src/device_notification_populator.vala @@ -20,7 +20,9 @@ public class DeviceNotificationPopulator : NotificationPopulator, Object { } public bool has_new_devices(Jid jid) { - return plugin.db.identity_meta.get_new_devices(current_conversation.account.id, jid.bare_jid.to_string()).count() > 0; + int identity_id = plugin.db.identity.get_id(current_conversation.account.id); + if (identity_id < 0) return false; + return plugin.db.identity_meta.get_new_devices(identity_id, jid.bare_jid.to_string()).count() > 0; } public void init(Conversation conversation, NotificationCollection notification_collection, Plugins.WidgetType type) { diff --git a/plugins/omemo/src/manager.vala b/plugins/omemo/src/manager.vala index 51148681..95b15d60 100644 --- a/plugins/omemo/src/manager.vala +++ b/plugins/omemo/src/manager.vala @@ -203,12 +203,15 @@ public class Manager : StreamInteractionModule, Object { return; } + int identity_id = db.identity.get_id(account.id); + if (identity_id < 0) return; + //Update meta database - db.identity_meta.insert_device_list(account.id, jid.bare_jid.to_string(), device_list); + db.identity_meta.insert_device_list(identity_id, jid.bare_jid.to_string(), device_list); //Fetch the bundle for each new device int inc = 0; - foreach (Row row in db.identity_meta.get_unknown_devices(account.id, jid.bare_jid.to_string())) { + foreach (Row row in db.identity_meta.get_unknown_devices(identity_id, jid.bare_jid.to_string())) { module.fetch_bundle(stream, Jid.parse(row[db.identity_meta.address_name]), row[db.identity_meta.device_id]); inc++; } @@ -217,8 +220,8 @@ public class Manager : StreamInteractionModule, Object { } //Create an entry for the jid in the account table if one does not exist already - if (db.trust.select().with(db.trust.identity_id, "=", account.id).with(db.trust.address_name, "=", jid.bare_jid.to_string()).count() == 0) { - db.trust.insert().value(db.trust.identity_id, account.id).value(db.trust.address_name, jid.bare_jid.to_string()).value(db.trust.blind_trust, true).perform(); + if (db.trust.select().with(db.trust.identity_id, "=", identity_id).with(db.trust.address_name, "=", jid.bare_jid.to_string()).count() == 0) { + db.trust.insert().value(db.trust.identity_id, identity_id).value(db.trust.address_name, jid.bare_jid.to_string()).value(db.trust.blind_trust, true).perform(); } //Get all messages that needed the devicelist and determine if we can now send them @@ -249,16 +252,19 @@ public class Manager : StreamInteractionModule, Object { } public void on_bundle_fetched(Account account, Jid jid, int32 device_id, Bundle bundle) { - bool blind_trust = db.trust.get_blind_trust(account.id, jid.bare_jid.to_string()); + int identity_id = db.identity.get_id(account.id); + if (identity_id < 0) return; + + bool blind_trust = db.trust.get_blind_trust(identity_id, jid.bare_jid.to_string()); //If we don't blindly trust new devices and we haven't seen this key before then don't trust it - bool untrust = !(blind_trust || db.identity_meta.with_address(account.id, jid.bare_jid.to_string()) + bool untrust = !(blind_trust || db.identity_meta.with_address(identity_id, jid.bare_jid.to_string()) .with(db.identity_meta.device_id, "=", device_id) .with(db.identity_meta.identity_key_public_base64, "=", Base64.encode(bundle.identity_key.serialize())) .single().row().is_present()); //Get trust information from the database if the device id is known - Row device = db.identity_meta.get_device(account.id, jid.bare_jid.to_string(), device_id); + Row device = db.identity_meta.get_device(identity_id, jid.bare_jid.to_string(), device_id); Database.IdentityMetaTable.TrustLevel trusted = Database.IdentityMetaTable.TrustLevel.UNKNOWN; if (device != null) { trusted = (Database.IdentityMetaTable.TrustLevel) device[db.identity_meta.trust_level]; @@ -271,7 +277,7 @@ public class Manager : StreamInteractionModule, Object { } //Update the database with the appropriate trust information - db.identity_meta.insert_device_bundle(account.id, jid.bare_jid.to_string(), device_id, bundle, trusted); + db.identity_meta.insert_device_bundle(identity_id, jid.bare_jid.to_string(), device_id, bundle, trusted); XmppStream? stream = stream_interactor.get_stream(account); if(stream == null) return; diff --git a/plugins/omemo/src/own_notifications.vala b/plugins/omemo/src/own_notifications.vala index 296e00b6..862ff33a 100644 --- a/plugins/omemo/src/own_notifications.vala +++ b/plugins/omemo/src/own_notifications.vala @@ -26,7 +26,10 @@ public class OwnNotifications { } public bool has_new_devices(Jid jid) { - return plugin.db.identity_meta.get_new_devices(account.id, jid.bare_jid.to_string()).count() > 0; + int identity_id = plugin.db.identity.get_id(account.id); + if (identity_id < 0) return false; + + return plugin.db.identity_meta.get_new_devices(identity_id, jid.bare_jid.to_string()).count() > 0; } private void display_notification() { diff --git a/plugins/omemo/src/trust_manager.vala b/plugins/omemo/src/trust_manager.vala index 2631513b..495d2657 100644 --- a/plugins/omemo/src/trust_manager.vala +++ b/plugins/omemo/src/trust_manager.vala @@ -21,15 +21,18 @@ public class TrustManager { } public void set_blind_trust(Account account, Jid jid, bool blind_trust) { + int identity_id = db.identity.get_id(account.id); + if (identity_id < 0) return; db.trust.update() - .with(db.trust.identity_id, "=", account.id) + .with(db.trust.identity_id, "=", identity_id) .with(db.trust.address_name, "=", jid.bare_jid.to_string()) .set(db.trust.blind_trust, blind_trust).perform(); } public void set_device_trust(Account account, Jid jid, int device_id, Database.IdentityMetaTable.TrustLevel trust_level) { + int identity_id = db.identity.get_id(account.id); db.identity_meta.update() - .with(db.identity_meta.identity_id, "=", account.id) + .with(db.identity_meta.identity_id, "=", identity_id) .with(db.identity_meta.address_name, "=", jid.bare_jid.to_string()) .with(db.identity_meta.device_id, "=", device_id) .set(db.identity_meta.trust_level, trust_level).perform(); @@ -135,12 +138,16 @@ public class TrustManager { } public bool is_known_address(Account account, Jid jid) { - return db.identity_meta.with_address(account.id, jid.to_string()).count() > 0; + int identity_id = db.identity.get_id(account.id); + if (identity_id < 0) return false; + return db.identity_meta.with_address(identity_id, jid.to_string()).count() > 0; } public Gee.List get_trusted_devices(Account account, Jid jid) { Gee.List devices = new ArrayList(); - foreach (Row device in db.identity_meta.get_trusted_devices(account.id, jid.bare_jid.to_string())) { + int identity_id = db.identity.get_id(account.id); + if (identity_id < 0) return devices; + foreach (Row device in db.identity_meta.get_trusted_devices(identity_id, jid.bare_jid.to_string())) { if(device[db.identity_meta.trust_level] != Database.IdentityMetaTable.TrustLevel.UNKNOWN || device[db.identity_meta.identity_key_public_base64] == null) devices.add(device[db.identity_meta.device_id]); } @@ -163,12 +170,14 @@ public class TrustManager { public override async bool run(Entities.Message message, Xmpp.MessageStanza stanza, Conversation conversation) { MessageFlag? flag = MessageFlag.get_flag(stanza); if(flag != null && ((!)flag).decrypted) { + int identity_id = db.identity.get_id(conversation.account.id); + if (identity_id < 0) return false; StanzaNode header = stanza.stanza.get_subnode("encrypted", "eu.siacs.conversations.axolotl").get_subnode("header"); Jid jid = message.from; if(conversation.type_ == Conversation.Type.GROUPCHAT) { jid = stream_interactor.get_module(MucManager.IDENTITY).get_real_jid(jid, conversation.account); } - Database.IdentityMetaTable.TrustLevel trust_level = (Database.IdentityMetaTable.TrustLevel) db.identity_meta.get_device(conversation.account.id, jid.bare_jid.to_string(), header.get_attribute_int("sid"))[db.identity_meta.trust_level]; + Database.IdentityMetaTable.TrustLevel trust_level = (Database.IdentityMetaTable.TrustLevel) db.identity_meta.get_device(identity_id, jid.bare_jid.to_string(), header.get_attribute_int("sid"))[db.identity_meta.trust_level]; if (trust_level == Database.IdentityMetaTable.TrustLevel.UNTRUSTED) { message.body = _("OMEMO message from a rejected device"); message.marked = Message.Marked.WONTSEND; From c59faad5bf62b9e9a124a6e330745885c993ea21 Mon Sep 17 00:00:00 2001 From: Samuel Hand Date: Sun, 12 Aug 2018 11:23:32 +0100 Subject: [PATCH 34/38] Make the key lists scrollable --- plugins/omemo/data/contact_details_dialog.ui | 24 ++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/plugins/omemo/data/contact_details_dialog.ui b/plugins/omemo/data/contact_details_dialog.ui index eef82f7f..dc97cb56 100644 --- a/plugins/omemo/data/contact_details_dialog.ui +++ b/plugins/omemo/data/contact_details_dialog.ui @@ -188,9 +188,17 @@ True - + + never + automatic True - none + True + + + True + none + + @@ -216,9 +224,17 @@ True - + + never + automatic True - none + True + + + True + none + + From 380e5edc5108d549d2faa0b3b5819a7c2ee03bd8 Mon Sep 17 00:00:00 2001 From: Samuel Hand Date: Sun, 12 Aug 2018 12:16:42 +0100 Subject: [PATCH 35/38] Change own-notifcation wording and add a default action --- plugins/omemo/src/own_notifications.vala | 5 +++-- plugins/omemo/src/plugin.vala | 12 ++++++++++++ 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/plugins/omemo/src/own_notifications.vala b/plugins/omemo/src/own_notifications.vala index 862ff33a..5c96f8d5 100644 --- a/plugins/omemo/src/own_notifications.vala +++ b/plugins/omemo/src/own_notifications.vala @@ -33,8 +33,9 @@ public class OwnNotifications { } private void display_notification() { - Notification notification = new Notification(_("Trust decision required")); - notification.set_body(_("A new OMEMO device has been added for the account %s").printf("$(account.jid.bare_jid)")); + Notification notification = new Notification(_("OMEMO trust decision required")); + notification.set_default_action_and_target_value("app.own-keys", new Variant.int32(account.id)); + notification.set_body(_("Did you add a new device for account %s").printf(@"$(account.bare_jid.to_string())")); plugin.app.send_notification(account.id.to_string()+"-new-device", notification); } } diff --git a/plugins/omemo/src/plugin.vala b/plugins/omemo/src/plugin.vala index 81cf5c7f..ab22651f 100644 --- a/plugins/omemo/src/plugin.vala +++ b/plugins/omemo/src/plugin.vala @@ -51,6 +51,18 @@ public class Plugin : RootInterface, Object { }); Manager.start(this.app.stream_interactor, db, trust_manager); + SimpleAction own_keys_action = new SimpleAction("own-keys", VariantType.INT32); + own_keys_action.activate.connect((variant) => { + foreach(Dino.Entities.Account account in this.app.stream_interactor.get_accounts()) { + if(account.id == variant.get_int32()) { + ContactDetailsDialog dialog = new ContactDetailsDialog(this, account, account.bare_jid); + dialog.set_transient_for((this.app as Gtk.Application).get_active_window()); + dialog.present(); + } + } + }); + this.app.add_action(own_keys_action); + string locales_dir; if (app.search_path_generator != null) { locales_dir = ((!)app.search_path_generator).get_locale_path(GETTEXT_PACKAGE, LOCALE_INSTALL_DIR); From 65724233f01f48185a96135a55a941c0aad43ae1 Mon Sep 17 00:00:00 2001 From: Samuel Hand Date: Sun, 12 Aug 2018 12:42:06 +0100 Subject: [PATCH 36/38] Move formatting out of translatable strings in manage_key_dialog --- plugins/omemo/src/manage_key_dialog.vala | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/plugins/omemo/src/manage_key_dialog.vala b/plugins/omemo/src/manage_key_dialog.vala index 602b2965..ecfabfd5 100644 --- a/plugins/omemo/src/manage_key_dialog.vala +++ b/plugins/omemo/src/manage_key_dialog.vala @@ -141,16 +141,16 @@ public class ManageKeyDialog : Gtk.Dialog { switch((Database.IdentityMetaTable.TrustLevel) device[db.identity_meta.trust_level]) { case Database.IdentityMetaTable.TrustLevel.TRUSTED: - main_desc_label.set_markup(_("This key is currently %saccepted%s. This means it can be used by %s to receive and send messages.").printf("", "", @"$(device[db.identity_meta.address_name])")); + main_desc_label.set_markup(_("This key is currently %s.").printf(""+_("accepted")+"")+" "+_("This means it can be used by %s to receive and send messages.").printf(@"$(device[db.identity_meta.address_name])")); main_action_list.add(verify_row); main_action_list.add(reject_row); break; case Database.IdentityMetaTable.TrustLevel.VERIFIED: - main_desc_label.set_markup(_("This key is currently %sverified%s. This means it can be used by %s to receive and send messages. Additionally it has been verified out-of-band to match the key on the contact's device.").printf("", "", @"$(device[db.identity_meta.address_name])")); + main_desc_label.set_markup(_("This key is currently %s.").printf(""+_("verified")+"")+" "+_("This means it can be used by %s to receive and send messages. Additionally it has been verified to match the key on the contact's device.").printf(@"$(device[db.identity_meta.address_name])")); main_action_list.add(reject_row); break; case Database.IdentityMetaTable.TrustLevel.UNTRUSTED: - main_desc_label.set_markup(_("This key is currently %srejected%s. This means it cannot be used by %s to receive messages, and any messages sent by it will be ignored").printf("", "", @"$(device[db.identity_meta.address_name])")); + main_desc_label.set_markup(_("This key is currently %s.").printf(""+_("rejected")+"")+" "+_("This means it cannot be used by %s to receive messages, and any messages sent by it will be ignored").printf(@"$(device[db.identity_meta.address_name])")); main_action_list.add(accept_row); break; } From 3c819a19e194c0bbc06544813ff103ee0519f264 Mon Sep 17 00:00:00 2001 From: Samuel Hand Date: Tue, 14 Aug 2018 01:37:55 +0100 Subject: [PATCH 37/38] Properly decrypt messages from MUCs --- plugins/omemo/src/stream_module.vala | 80 ------------------------ plugins/omemo/src/trust_manager.vala | 92 +++++++++++++++++++++++----- 2 files changed, 75 insertions(+), 97 deletions(-) diff --git a/plugins/omemo/src/stream_module.vala b/plugins/omemo/src/stream_module.vala index f086bd4c..6ee42771 100644 --- a/plugins/omemo/src/stream_module.vala +++ b/plugins/omemo/src/stream_module.vala @@ -20,7 +20,6 @@ public class StreamModule : XmppStreamModule { private ConcurrentSet active_bundle_requests = new ConcurrentSet(); private ConcurrentSet active_devicelist_requests = new ConcurrentSet(); private Map> ignored_devices = new HashMap>(Jid.hash_bare_func, Jid.equals_bare_func); - private ReceivedPipelineListener received_pipeline_listener; public signal void store_created(Store store); public signal void device_list_loaded(Jid jid, ArrayList devices); @@ -31,13 +30,10 @@ public class StreamModule : XmppStreamModule { this.store = Plugin.get_context().create_store(); store_created(store); - received_pipeline_listener = new ReceivedPipelineListener(store); - stream.get_module(MessageModule.IDENTITY).received_pipeline.connect(received_pipeline_listener); stream.get_module(Pubsub.Module.IDENTITY).add_filtered_notification(stream, NODE_DEVICELIST, (stream, jid, id, node) => on_devicelist(stream, jid, id, node)); } public override void detach(XmppStream stream) { - stream.get_module(MessageModule.IDENTITY).received_pipeline.disconnect(received_pipeline_listener); } public void request_user_devicelist(XmppStream stream, Jid jid) { @@ -273,80 +269,4 @@ public class StreamModule : XmppStreamModule { } } - -public class ReceivedPipelineListener : StanzaListener { - - private const string[] after_actions_const = {"EXTRACT_MESSAGE_2"}; - - public override string action_group { get { return "ENCRYPT_BODY"; } } - public override string[] after_actions { get { return after_actions_const; } } - - private Store store; - - public ReceivedPipelineListener(Store store) { - this.store = store; - } - - public override async bool run(XmppStream stream, MessageStanza message) { - StanzaNode? _encrypted = message.stanza.get_subnode("encrypted", NS_URI); - if (_encrypted == null || MessageFlag.get_flag(message) != null || message.from == null) return false; - StanzaNode encrypted = (!)_encrypted; - if (!Plugin.ensure_context()) return false; - MessageFlag flag = new MessageFlag(); - message.add_flag(flag); - StanzaNode? _header = encrypted.get_subnode("header"); - if (_header == null) return false; - StanzaNode header = (!)_header; - if (header.get_attribute_int("sid") <= 0) return false; - foreach (StanzaNode key_node in header.get_subnodes("key")) { - if (key_node.get_attribute_int("rid") == store.local_registration_id) { - try { - string? payload = encrypted.get_deep_string_content("payload"); - string? iv_node = header.get_deep_string_content("iv"); - string? key_node_content = key_node.get_string_content(); - if (payload == null || iv_node == null || key_node_content == null) continue; - uint8[] key; - uint8[] ciphertext = Base64.decode((!)payload); - uint8[] iv = Base64.decode((!)iv_node); - Address address = new Address(message.from.bare_jid.to_string(), header.get_attribute_int("sid")); - if (key_node.get_attribute_bool("prekey")) { - PreKeySignalMessage msg = Plugin.get_context().deserialize_pre_key_signal_message(Base64.decode((!)key_node_content)); - SessionCipher cipher = store.create_session_cipher(address); - key = cipher.decrypt_pre_key_signal_message(msg); - } else { - SignalMessage msg = Plugin.get_context().deserialize_signal_message(Base64.decode((!)key_node_content)); - SessionCipher cipher = store.create_session_cipher(address); - key = cipher.decrypt_signal_message(msg); - } - address.device_id = 0; // TODO: Hack to have address obj live longer - - if (key.length >= 32) { - int authtaglength = key.length - 16; - uint8[] new_ciphertext = new uint8[ciphertext.length + authtaglength]; - uint8[] new_key = new uint8[16]; - Memory.copy(new_ciphertext, ciphertext, ciphertext.length); - Memory.copy((uint8*)new_ciphertext + ciphertext.length, (uint8*)key + 16, authtaglength); - Memory.copy(new_key, key, 16); - ciphertext = new_ciphertext; - key = new_key; - } - - message.body = arr_to_str(aes_decrypt(Cipher.AES_GCM_NOPADDING, key, iv, ciphertext)); - flag.decrypted = true; - } catch (Error e) { - if (Plugin.DEBUG) print(@"OMEMO: Signal error while decrypting message: $(e.message)\n"); - } - } - } - return false; - } - - private string arr_to_str(uint8[] arr) { - // null-terminate the array - uint8[] rarr = new uint8[arr.length+1]; - Memory.copy(rarr, arr, arr.length); - return (string)rarr; - } -} - } diff --git a/plugins/omemo/src/trust_manager.vala b/plugins/omemo/src/trust_manager.vala index 495d2657..8f6e9017 100644 --- a/plugins/omemo/src/trust_manager.vala +++ b/plugins/omemo/src/trust_manager.vala @@ -168,27 +168,85 @@ public class TrustManager { } public override async bool run(Entities.Message message, Xmpp.MessageStanza stanza, Conversation conversation) { - MessageFlag? flag = MessageFlag.get_flag(stanza); - if(flag != null && ((!)flag).decrypted) { - int identity_id = db.identity.get_id(conversation.account.id); - if (identity_id < 0) return false; - StanzaNode header = stanza.stanza.get_subnode("encrypted", "eu.siacs.conversations.axolotl").get_subnode("header"); - Jid jid = message.from; - if(conversation.type_ == Conversation.Type.GROUPCHAT) { - jid = stream_interactor.get_module(MucManager.IDENTITY).get_real_jid(jid, conversation.account); - } - Database.IdentityMetaTable.TrustLevel trust_level = (Database.IdentityMetaTable.TrustLevel) db.identity_meta.get_device(identity_id, jid.bare_jid.to_string(), header.get_attribute_int("sid"))[db.identity_meta.trust_level]; - if (trust_level == Database.IdentityMetaTable.TrustLevel.UNTRUSTED) { - message.body = _("OMEMO message from a rejected device"); - message.marked = Message.Marked.WONTSEND; - } - if (trust_level == Database.IdentityMetaTable.TrustLevel.UNKNOWN) { - message.body = _("OMEMO message from an unknown device: ")+message.body; - message.marked = Message.Marked.WONTSEND; + Store store = stream_interactor.module_manager.get_module(conversation.account, StreamModule.IDENTITY).store; + + StanzaNode? _encrypted = stanza.stanza.get_subnode("encrypted", NS_URI); + if (_encrypted == null || MessageFlag.get_flag(stanza) != null || stanza.from == null) return false; + StanzaNode encrypted = (!)_encrypted; + if (!Plugin.ensure_context()) return false; + MessageFlag flag = new MessageFlag(); + stanza.add_flag(flag); + StanzaNode? _header = encrypted.get_subnode("header"); + if (_header == null) return false; + StanzaNode header = (!)_header; + if (header.get_attribute_int("sid") <= 0) return false; + foreach (StanzaNode key_node in header.get_subnodes("key")) { + if (key_node.get_attribute_int("rid") == store.local_registration_id) { + try { + string? payload = encrypted.get_deep_string_content("payload"); + string? iv_node = header.get_deep_string_content("iv"); + string? key_node_content = key_node.get_string_content(); + if (payload == null || iv_node == null || key_node_content == null) continue; + uint8[] key; + uint8[] ciphertext = Base64.decode((!)payload); + uint8[] iv = Base64.decode((!)iv_node); + Jid jid = stanza.from; + if (conversation.type_ == Conversation.Type.GROUPCHAT) { + jid = stream_interactor.get_module(MucManager.IDENTITY).get_real_jid(jid, conversation.account); + } + + Address address = new Address(jid.bare_jid.to_string(), header.get_attribute_int("sid")); + if (key_node.get_attribute_bool("prekey")) { + PreKeySignalMessage msg = Plugin.get_context().deserialize_pre_key_signal_message(Base64.decode((!)key_node_content)); + SessionCipher cipher = store.create_session_cipher(address); + key = cipher.decrypt_pre_key_signal_message(msg); + } else { + SignalMessage msg = Plugin.get_context().deserialize_signal_message(Base64.decode((!)key_node_content)); + SessionCipher cipher = store.create_session_cipher(address); + key = cipher.decrypt_signal_message(msg); + } + address.device_id = 0; // TODO: Hack to have address obj live longer + + if (key.length >= 32) { + int authtaglength = key.length - 16; + uint8[] new_ciphertext = new uint8[ciphertext.length + authtaglength]; + uint8[] new_key = new uint8[16]; + Memory.copy(new_ciphertext, ciphertext, ciphertext.length); + Memory.copy((uint8*)new_ciphertext + ciphertext.length, (uint8*)key + 16, authtaglength); + Memory.copy(new_key, key, 16); + ciphertext = new_ciphertext; + key = new_key; + } + + message.body = arr_to_str(aes_decrypt(Cipher.AES_GCM_NOPADDING, key, iv, ciphertext)); + flag.decrypted = true; + + int identity_id = db.identity.get_id(conversation.account.id); + if (identity_id < 0) return false; + + Database.IdentityMetaTable.TrustLevel trust_level = (Database.IdentityMetaTable.TrustLevel) db.identity_meta.get_device(identity_id, jid.bare_jid.to_string(), header.get_attribute_int("sid"))[db.identity_meta.trust_level]; + if (trust_level == Database.IdentityMetaTable.TrustLevel.UNTRUSTED) { + message.body = _("OMEMO message from a rejected device"); + message.marked = Message.Marked.WONTSEND; + } + if (trust_level == Database.IdentityMetaTable.TrustLevel.UNKNOWN) { + message.body = _("OMEMO message from an unknown device: ")+message.body; + message.marked = Message.Marked.WONTSEND; + } + } catch (Error e) { + if (Plugin.DEBUG) print(@"OMEMO: Signal error while decrypting message: $(e.message)\n"); + } } } return false; } + + private string arr_to_str(uint8[] arr) { + // null-terminate the array + uint8[] rarr = new uint8[arr.length+1]; + Memory.copy(rarr, arr, arr.length); + return (string)rarr; + } } } From 65a12021bc7abbf5ddea068ffe9b4715cfc34f0b Mon Sep 17 00:00:00 2001 From: Samuel Hand Date: Tue, 14 Aug 2018 02:00:39 +0100 Subject: [PATCH 38/38] Solve a few compiler warnings --- plugins/omemo/src/database.vala | 13 +++++++++---- plugins/omemo/src/manage_key_dialog.vala | 24 ------------------------ 2 files changed, 9 insertions(+), 28 deletions(-) diff --git a/plugins/omemo/src/database.vala b/plugins/omemo/src/database.vala index 0b15d198..247c00f6 100644 --- a/plugins/omemo/src/database.vala +++ b/plugins/omemo/src/database.vala @@ -196,10 +196,15 @@ public class Database : Qlite.Database { public override void migrate(long oldVersion) { if(oldVersion == 1) { - exec("DROP INDEX identity_meta_idx"); - exec("DROP INDEX identity_meta_list_idx"); - exec("CREATE UNIQUE INDEX identity_meta_idx ON identity_meta (identity_id, address_name, device_id)"); - exec("CREATE INDEX identity_meta_list_idx ON identity_meta (identity_id, address_name)"); + try { + exec("DROP INDEX identity_meta_idx"); + exec("DROP INDEX identity_meta_list_idx"); + exec("CREATE UNIQUE INDEX identity_meta_idx ON identity_meta (identity_id, address_name, device_id)"); + exec("CREATE INDEX identity_meta_list_idx ON identity_meta (identity_id, address_name)"); + } catch (Error e) { + stderr.printf("Failed to migrate OMEMO database\n"); + Process.exit(-1); + } } } } diff --git a/plugins/omemo/src/manage_key_dialog.vala b/plugins/omemo/src/manage_key_dialog.vala index ecfabfd5..d1d8fefd 100644 --- a/plugins/omemo/src/manage_key_dialog.vala +++ b/plugins/omemo/src/manage_key_dialog.vala @@ -11,16 +11,13 @@ public class ManageKeyDialog : Gtk.Dialog { [GtkChild] private Button cancel_button; [GtkChild] private Button ok_button; - [GtkChild] private Box main_screen; [GtkChild] private Label main_desc_label; [GtkChild] private ListBox main_action_list; - [GtkChild] private Box confirm_screen; [GtkChild] private Image confirm_image; [GtkChild] private Label confirm_title_label; [GtkChild] private Label confirm_desc_label; - [GtkChild] private Box verify_screen; [GtkChild] private Label verify_label; [GtkChild] private Button verify_yes_button; [GtkChild] private Button verify_no_button; @@ -104,27 +101,6 @@ public class ManageKeyDialog : Gtk.Dialog { return box; } - private Box make_trust_screen(string icon_name, string title, string desc) { - Box box = new Box(Orientation.VERTICAL, 12) { margin = 12, spacing = 12 }; - Image icon = new Image.from_icon_name(icon_name, IconSize.DIALOG) { visible = true }; - box.add(icon); - Label lbl_title = new Label(title) { visible = true }; - Label lbl_desc = new Label(desc) { visible = true, use_markup = true, max_width_chars = 1, wrap = true, justify = Justification.CENTER }; - - Pango.AttrList title_attrs = new Pango.AttrList(); - title_attrs.insert(Pango.attr_scale_new(1.1)); - lbl_title.attributes = title_attrs; - Pango.AttrList desc_attrs = new Pango.AttrList(); - desc_attrs.insert(Pango.attr_scale_new(0.8)); - lbl_desc.attributes = desc_attrs; - lbl_desc.get_style_context().add_class("dim-label"); - - box.add(lbl_title); - box.add(lbl_desc); - - return box; - } - private void setup_main_screen() { main_action_list.set_header_func((row, before_row) => { if (row.get_header() == null && before_row != null) {