Commit graph

271 commits

Author SHA1 Message Date
Daniel Gultsch c8bd5bc1f5 made OF selfSigned() workaround only available >=kitkat
this undos 8a729061d5. as it turns out 4.1
and 4.0 only break when checking if a cert is self signed.
2017-07-23 07:47:39 +02:00
Daniel Gultsch 85dc0c284d made omemo always available but in public mucs 2017-07-18 12:51:15 +02:00
Daniel Gultsch da87eac48e provide upgrade path for accounts with publish-options 2017-07-18 12:51:15 +02:00
Daniel Gultsch 9a57673130 use publish-options instead of always pushing node configuration 2017-07-18 12:51:15 +02:00
Daniel Gultsch 8d6b2074cb let hasPendingFetches() return true when fetching device ids 2017-07-18 12:51:15 +02:00
Daniel Gultsch 7a2856ac86 fetch required device ids on demand 2017-07-18 12:51:15 +02:00
Daniel Gultsch f7258d16e1 explicitly fetch device ids before building sessions in single mode conversation 2017-07-18 12:51:15 +02:00
Daniel Gultsch 25e993693f change access model of omemo pep nodes after every publish 2017-07-18 12:51:15 +02:00
Daniel Gultsch 6c95897f09 fetch device ids for muc members w/o known devices 2017-07-18 12:51:15 +02:00
Daniel Gultsch 8a729061d5 use CN-workaround for pre-kitkat 2017-07-17 23:13:55 +02:00
Daniel Gultsch 217335703c fix regression introduces with OF fix. properly fall back to common name 2017-07-17 21:11:15 +02:00
Daniel Gultsch 8afe7efc2c workaround for OpenFire: check CN first in self signed certs
The self signed certificates created by OpenFire (Not sure if other
certs are affected as well) will crash the Java/Android TLS stack when
accessing getSubjectAlternativeNames() on the the peer certificate.

This usually goes unnoticed in other applications since the
DefaultHostnameVerifier checkes the CN first. That however is a
violation of RFC6125 section 6.4.4 which requires us to check for the
existence of SAN first.

This commit adds a work around where in self signed certificates we
check for the CN first as well. (Avoiding the call to
getSubjectAlternativeNames())
2017-07-16 11:05:25 +02:00
Daniel Gultsch cbce73c301 fixed fingerprint trust (was messed up after library upgrade) 2017-06-25 18:18:13 +02:00
Daniel Gultsch 2ed71df01a also check for hostname in in certs if hostname is from trusted source 2017-06-21 23:40:01 +02:00
Daniel Gultsch 24768d051d upgrade to signal-protocol-java. thanks @ysangkok
fixes #1384
closes #2509
2017-06-18 16:36:30 +02:00
Daniel Gultsch f98888d796 display open pgp key id in account details and allow to delete. fixes #2470 2017-05-04 13:02:46 +02:00
Daniel Gultsch cc1402442a don't load signed prekeys on startup 2017-05-04 11:03:58 +02:00
cijo-saju 3467a67e75 Removed unused imports from entire project. 2017-04-12 20:24:36 +05:30
Daniel Gultsch 99565a6876 treat URL as file if URL is in oob or contains key 2017-04-05 22:35:42 +02:00
Daniel Gultsch 0c0ff882a9 make x509 verification node world readable 2017-02-24 19:58:46 +01:00
Daniel Gultsch 53241f2ef1 add explicit encryption hints to outgoing messages 2017-01-26 19:19:08 +01:00
Sam Whited bfc2cffc2f Add SCRAM-SHA-2 support 2017-01-15 23:43:44 -06:00
Daniel Gultsch d028f4b398 refactored whispermessage processing 2017-01-15 18:54:47 +01:00
Daniel Gultsch 8f39a594ff partially improved logging for receiving omemo messages 2017-01-14 18:10:04 +01:00
Daniel Gultsch bfacc180c5 don't allow to purge keys. offer distrut instead 2017-01-12 15:59:13 +01:00
Daniel Gultsch 2c1d3ef968 fixed avatar republish missing the mime type 2017-01-12 12:20:10 +01:00
Daniel Gultsch f0c3b31a42 treat omemo keys >= 32 bytes as containing auth tag. add config flag to put auth tag in key 2017-01-09 21:47:07 +01:00
Daniel Gultsch a1cb855739 adding prekey='true' to omemo messages if applicable 2017-01-09 20:20:02 +01:00
Daniel Gultsch fcd9ab17fe don't throw assertion error when building session with same device id from other contact 2016-12-28 22:15:24 +01:00
Daniel Gultsch e5fff42b10 added omemo padding but disabled by Config.java flag 2016-12-20 16:12:12 +01:00
Daniel Gultsch fbbf1a37b4 disable removing of broken devices by default 2016-12-18 11:49:27 +01:00
Daniel Gultsch dbda2afd6d remove broken devices only once to prevent loops 2016-12-18 11:47:42 +01:00
Daniel Gultsch 87746ca2ba remove own fetch errors from device announcement 2016-12-16 17:12:26 +01:00
Daniel Gultsch 58de10bcab use prepped string when building axolotl session 2016-12-01 20:48:39 +01:00
Daniel Gultsch 2ec7165381 update the conversations view (and the lock icon) after receiving device list 2016-11-24 11:28:04 +01:00
Daniel Gultsch 839ef8e14b introduced blind trust before verification mode
read more about the concept on https://gultsch.de/trust.html
2016-11-23 10:42:27 +01:00
Daniel Gultsch b71aa6d3a4 remove omemo devices from annoucement after 7 days of inactivity 2016-11-19 21:39:16 +01:00
Daniel Gultsch 6362799d56 save last activation time in fingerprint status 2016-11-19 13:34:54 +01:00
Daniel Gultsch 2b9b3be3f1 show 'clear devices' button underneath own devices 2016-11-18 21:49:52 +01:00
Daniel Gultsch a86a36f570 removed some unecessary logging from omemo message generation 2016-11-18 20:13:09 +01:00
Daniel Gultsch 9d9a9e63ad removed some very verbose logging from axolotl service 2016-11-18 13:03:02 +01:00
Daniel Gultsch 211354ee26 put omemo fingerprint in own uri (qr code / nfc) 2016-11-17 22:28:45 +01:00
Daniel Gultsch 7e2e42cb11 parse omemo fingerprints from uris 2016-11-17 20:09:42 +01:00
Daniel Gultsch ad9a8c2281 use base64.nowrap for omemo keys 2016-11-17 10:58:44 +01:00
Daniel Gultsch d61b00604d fixed enabling trust toggle. unknown->untrusted 2016-11-15 15:14:21 +01:00
Daniel Gultsch 05fc15be3d refactore trust enum to be FingerprintStatus class with trust and active 2016-11-14 22:27:41 +01:00
Daniel Gultsch 44ce5df359 write prepped string to db. use display version everywhere else 2016-10-20 17:31:46 +02:00
Daniel Gultsch dce8149aae retrigger key selection if openpgp key was deleted 2016-10-19 11:53:55 +02:00
Daniel Gultsch dc02e2b498 small code reformation in pgp decryption service 2016-10-17 09:52:43 +02:00
Daniel Gultsch f6cfa27741 synchronize access to json key storage in account model 2016-10-13 11:27:26 +02:00
Daniel Gultsch 1f7f82da7b respond to chat marker request only when mutual presence subscription exists 2016-10-07 10:05:08 +02:00
Daniel Gultsch 0af13fc746 be more careful parsing integers in omemo 2016-10-06 22:05:18 +02:00
Daniel Gultsch 5ac0e9267d fixed omemo shown as unavailable in 1:1 chats 2016-10-03 21:04:10 +02:00
Daniel Gultsch 7c6d1d19d5 when activating omemo in conference always check preferences 2016-10-03 10:42:43 +02:00
Daniel Gultsch badc97e280 don't simply ignore null in message body but try to avoid it 2016-09-18 22:15:02 +02:00
Sam Whited 805717673c Support ANONYMOUS SASL 2016-09-12 11:30:03 -05:00
Daniel Gultsch ac9f13a9f2 provide hint on why conference can not be encrypted 2016-09-08 11:01:27 +02:00
Daniel Gultsch af329eff46 add more logging to pgp engine 2016-08-30 13:12:09 +02:00
Daniel Gultsch f7933c26d7 don't crash on broken base64 in omemo messages. fixes #1934 2016-06-29 17:18:57 +02:00
Daniel Gultsch 28dc888159 display toast on pgp error 2016-06-19 11:08:17 +02:00
Daniel Gultsch 1eb776f39c synchronize message body changes for message correction 2016-06-16 11:47:40 +02:00
Daniel Gultsch 60588af825 replace corrected messages in decryption queue 2016-06-15 14:29:25 +02:00
Daniel Gultsch 5f40a7042d delay notification until after pgp decryption 2016-06-15 12:44:29 +02:00
Daniel Gultsch 39ad426ca9 remove messages from decryption queue when trimming a conversation 2016-06-13 19:06:09 +02:00
Daniel Gultsch 587fb3cca3 refactored pgp decryption 2016-06-13 13:32:14 +02:00
Daniel Gultsch c06e2787c7 sending warning to receiving client if that client doesn't support omemo.
fixes #1873
2016-05-25 23:24:36 +02:00
Daniel Gultsch 5137837f6d only publish keys if omemo is enabled 2016-05-25 21:55:01 +02:00
Daniel Gultsch 9ce2cfa3d2 resetting fetch status error when mutual subscription is reestablished 2016-05-19 10:47:27 +02:00
Daniel Gultsch afa3883089 synchronize around identity key generation 2016-05-19 10:39:47 +02:00
Daniel Gultsch 8d0693ed6a keep conference members in memory and show them in conference details 2016-05-16 19:58:36 +02:00
Daniel Gultsch 908aa19a36 make omemo default when all resources support it 2016-05-12 14:20:11 +02:00
Daniel Gultsch cc209afc51 stop processing PreKeyWhisperMessage if there is no PreKeyId
fixes #1832
2016-05-10 18:11:13 +02:00
Daniel Gultsch 76889b9c58 handle invalid base64 is SASl SCRAM response 2016-05-07 11:34:17 +02:00
Sebastian 544e1dee65 Remove copy of innerkey
The line overwrites this.innerkey with the value that was already there.
2016-05-05 17:09:01 +02:00
Daniel Gultsch 6e0ec9b924 republish pgp signature when changing status 2016-05-05 13:17:04 +02:00
klemens 7047d68165 spelling fixes 2016-05-04 10:29:29 +02:00
Sebastian cf374ec4ef Renaming of variable
Was probably just a copy/paste typo.
2016-05-03 23:35:57 +02:00
Daniel Gultsch ecaf75e5ec better detect broken pep
mark pep as broken when publishing bundle or device list failed
reset 'brokenness' when account is getting disabled
2016-04-05 13:31:03 +02:00
Daniel Gultsch a9b66e3ea5 allow to delete attachments. fixes #1539 2016-03-23 19:23:22 +01:00
Daniel Gultsch 281cb65046 only add image files to media scanner 2016-03-23 12:20:09 +01:00
Daniel Gultsch 198dc2c6b4 let users confirm each member in a conference even if that contact is already trusted 2016-03-01 11:26:59 +01:00
Daniel Gultsch 9e0466d1e6 refactored omemo to take multiple recipients 2016-02-29 13:18:07 +01:00
Daniel Gultsch b00c561f81 check for uuid change when decrypting pgp messages 2016-02-21 11:43:03 +01:00
Daniel Gultsch fab0a45955 re-read common name from certificates on startup 2016-02-02 13:43:20 +01:00
Daniel Gultsch 43521891f0 show fetch errors in trust keys activity 2016-01-23 11:39:02 +01:00
Andreas Straub 58d213f291 Fix OMEMO session creating loggin
Now prints the correct JID to the log when finding devices without
sessions.
2015-12-31 15:48:43 +01:00
Daniel Gultsch f46cbb38a9 show certificate information 2015-12-23 19:18:53 +01:00
Daniel Gultsch d0bad09f13 save certificate when verifying with x509 2015-12-23 17:41:26 +01:00
Daniel Gultsch 534013fd0c store identity key in XmppAxolotlSession instead of the fingerprint 2015-12-19 15:44:11 +01:00
Daniel Gultsch 15c8cb8ac6 add more debugging to certificate checks after new omemo session was established 2015-12-19 12:44:55 +01:00
Daniel Gultsch 15f220747f some more NPE checks 2015-12-10 23:16:39 +01:00
Daniel Gultsch 1de74c2337 also verify sessions in CBE mode that got created by key transport messages 2015-12-08 17:15:08 +01:00
Daniel Gultsch 23ef1c660a encrypt pgp messages to self 2015-11-26 17:44:11 +01:00
Daniel Gultsch a557d38e4d pgp fixes and revert configuration changes 2015-11-25 20:47:02 +01:00
Daniel Gultsch fbb7cb99f7 Merge pull request #1558 from fiaxh/pgp_api_9.0
Use OpenPGP-API 9.0
2015-11-24 06:52:24 +01:00
fiaxh 2c1f7e115c PgpEngine: Get account from conversation instead of from contact. fixes #1568, fixes #1544 2015-11-15 13:24:07 +00:00
fiaxh fac1d4e0bd Use OpenPGP-API 9.0 2015-11-09 13:49:57 +00:00
Daniel Gultsch baf76d883c indicate cbe in chat message hint 2015-10-31 22:55:04 +01:00
Daniel Gultsch bca29cf7fd explicitly mark verified omemo keys in UI 2015-10-31 10:57:57 +01:00
Daniel Gultsch 34bcc59f72 fixed session objects not being build on start up 2015-10-30 12:05:21 +01:00