Daniel Gultsch
f7258d16e1
explicitly fetch device ids before building sessions in single mode conversation
2017-07-18 12:51:15 +02:00
Daniel Gultsch
25e993693f
change access model of omemo pep nodes after every publish
2017-07-18 12:51:15 +02:00
Daniel Gultsch
6c95897f09
fetch device ids for muc members w/o known devices
2017-07-18 12:51:15 +02:00
Daniel Gultsch
8a729061d5
use CN-workaround for pre-kitkat
2017-07-17 23:13:55 +02:00
Daniel Gultsch
217335703c
fix regression introduces with OF fix. properly fall back to common name
2017-07-17 21:11:15 +02:00
Daniel Gultsch
8afe7efc2c
workaround for OpenFire: check CN first in self signed certs
...
The self signed certificates created by OpenFire (Not sure if other
certs are affected as well) will crash the Java/Android TLS stack when
accessing getSubjectAlternativeNames() on the the peer certificate.
This usually goes unnoticed in other applications since the
DefaultHostnameVerifier checkes the CN first. That however is a
violation of RFC6125 section 6.4.4 which requires us to check for the
existence of SAN first.
This commit adds a work around where in self signed certificates we
check for the CN first as well. (Avoiding the call to
getSubjectAlternativeNames())
2017-07-16 11:05:25 +02:00
Daniel Gultsch
cbce73c301
fixed fingerprint trust (was messed up after library upgrade)
2017-06-25 18:18:13 +02:00
Daniel Gultsch
2ed71df01a
also check for hostname in in certs if hostname is from trusted source
2017-06-21 23:40:01 +02:00
Daniel Gultsch
24768d051d
upgrade to signal-protocol-java. thanks @ysangkok
...
fixes #1384
closes #2509
2017-06-18 16:36:30 +02:00
Daniel Gultsch
f98888d796
display open pgp key id in account details and allow to delete. fixes #2470
2017-05-04 13:02:46 +02:00
Daniel Gultsch
cc1402442a
don't load signed prekeys on startup
2017-05-04 11:03:58 +02:00
cijo-saju
3467a67e75
Removed unused imports from entire project.
2017-04-12 20:24:36 +05:30
Daniel Gultsch
99565a6876
treat URL as file if URL is in oob or contains key
2017-04-05 22:35:42 +02:00
Daniel Gultsch
0c0ff882a9
make x509 verification node world readable
2017-02-24 19:58:46 +01:00
Daniel Gultsch
53241f2ef1
add explicit encryption hints to outgoing messages
2017-01-26 19:19:08 +01:00
Sam Whited
bfc2cffc2f
Add SCRAM-SHA-2 support
2017-01-15 23:43:44 -06:00
Daniel Gultsch
d028f4b398
refactored whispermessage processing
2017-01-15 18:54:47 +01:00
Daniel Gultsch
8f39a594ff
partially improved logging for receiving omemo messages
2017-01-14 18:10:04 +01:00
Daniel Gultsch
bfacc180c5
don't allow to purge keys. offer distrut instead
2017-01-12 15:59:13 +01:00
Daniel Gultsch
2c1d3ef968
fixed avatar republish missing the mime type
2017-01-12 12:20:10 +01:00
Daniel Gultsch
f0c3b31a42
treat omemo keys >= 32 bytes as containing auth tag. add config flag to put auth tag in key
2017-01-09 21:47:07 +01:00
Daniel Gultsch
a1cb855739
adding prekey='true' to omemo messages if applicable
2017-01-09 20:20:02 +01:00
Daniel Gultsch
fcd9ab17fe
don't throw assertion error when building session with same device id from other contact
2016-12-28 22:15:24 +01:00
Daniel Gultsch
e5fff42b10
added omemo padding but disabled by Config.java flag
2016-12-20 16:12:12 +01:00
Daniel Gultsch
fbbf1a37b4
disable removing of broken devices by default
2016-12-18 11:49:27 +01:00
Daniel Gultsch
dbda2afd6d
remove broken devices only once to prevent loops
2016-12-18 11:47:42 +01:00
Daniel Gultsch
87746ca2ba
remove own fetch errors from device announcement
2016-12-16 17:12:26 +01:00
Daniel Gultsch
58de10bcab
use prepped string when building axolotl session
2016-12-01 20:48:39 +01:00
Daniel Gultsch
2ec7165381
update the conversations view (and the lock icon) after receiving device list
2016-11-24 11:28:04 +01:00
Daniel Gultsch
839ef8e14b
introduced blind trust before verification mode
...
read more about the concept on https://gultsch.de/trust.html
2016-11-23 10:42:27 +01:00
Daniel Gultsch
b71aa6d3a4
remove omemo devices from annoucement after 7 days of inactivity
2016-11-19 21:39:16 +01:00
Daniel Gultsch
6362799d56
save last activation time in fingerprint status
2016-11-19 13:34:54 +01:00
Daniel Gultsch
2b9b3be3f1
show 'clear devices' button underneath own devices
2016-11-18 21:49:52 +01:00
Daniel Gultsch
a86a36f570
removed some unecessary logging from omemo message generation
2016-11-18 20:13:09 +01:00
Daniel Gultsch
9d9a9e63ad
removed some very verbose logging from axolotl service
2016-11-18 13:03:02 +01:00
Daniel Gultsch
211354ee26
put omemo fingerprint in own uri (qr code / nfc)
2016-11-17 22:28:45 +01:00
Daniel Gultsch
7e2e42cb11
parse omemo fingerprints from uris
2016-11-17 20:09:42 +01:00
Daniel Gultsch
ad9a8c2281
use base64.nowrap for omemo keys
2016-11-17 10:58:44 +01:00
Daniel Gultsch
d61b00604d
fixed enabling trust toggle. unknown->untrusted
2016-11-15 15:14:21 +01:00
Daniel Gultsch
05fc15be3d
refactore trust enum to be FingerprintStatus class with trust and active
2016-11-14 22:27:41 +01:00
Daniel Gultsch
44ce5df359
write prepped string to db. use display version everywhere else
2016-10-20 17:31:46 +02:00
Daniel Gultsch
dce8149aae
retrigger key selection if openpgp key was deleted
2016-10-19 11:53:55 +02:00
Daniel Gultsch
dc02e2b498
small code reformation in pgp decryption service
2016-10-17 09:52:43 +02:00
Daniel Gultsch
f6cfa27741
synchronize access to json key storage in account model
2016-10-13 11:27:26 +02:00
Daniel Gultsch
1f7f82da7b
respond to chat marker request only when mutual presence subscription exists
2016-10-07 10:05:08 +02:00
Daniel Gultsch
0af13fc746
be more careful parsing integers in omemo
2016-10-06 22:05:18 +02:00
Daniel Gultsch
5ac0e9267d
fixed omemo shown as unavailable in 1:1 chats
2016-10-03 21:04:10 +02:00
Daniel Gultsch
7c6d1d19d5
when activating omemo in conference always check preferences
2016-10-03 10:42:43 +02:00
Daniel Gultsch
badc97e280
don't simply ignore null in message body but try to avoid it
2016-09-18 22:15:02 +02:00
Sam Whited
805717673c
Support ANONYMOUS SASL
2016-09-12 11:30:03 -05:00
Daniel Gultsch
ac9f13a9f2
provide hint on why conference can not be encrypted
2016-09-08 11:01:27 +02:00
Daniel Gultsch
af329eff46
add more logging to pgp engine
2016-08-30 13:12:09 +02:00
Daniel Gultsch
f7933c26d7
don't crash on broken base64 in omemo messages. fixes #1934
2016-06-29 17:18:57 +02:00
Daniel Gultsch
28dc888159
display toast on pgp error
2016-06-19 11:08:17 +02:00
Daniel Gultsch
1eb776f39c
synchronize message body changes for message correction
2016-06-16 11:47:40 +02:00
Daniel Gultsch
60588af825
replace corrected messages in decryption queue
2016-06-15 14:29:25 +02:00
Daniel Gultsch
5f40a7042d
delay notification until after pgp decryption
2016-06-15 12:44:29 +02:00
Daniel Gultsch
39ad426ca9
remove messages from decryption queue when trimming a conversation
2016-06-13 19:06:09 +02:00
Daniel Gultsch
587fb3cca3
refactored pgp decryption
2016-06-13 13:32:14 +02:00
Daniel Gultsch
c06e2787c7
sending warning to receiving client if that client doesn't support omemo.
...
fixes #1873
2016-05-25 23:24:36 +02:00
Daniel Gultsch
5137837f6d
only publish keys if omemo is enabled
2016-05-25 21:55:01 +02:00
Daniel Gultsch
9ce2cfa3d2
resetting fetch status error when mutual subscription is reestablished
2016-05-19 10:47:27 +02:00
Daniel Gultsch
afa3883089
synchronize around identity key generation
2016-05-19 10:39:47 +02:00
Daniel Gultsch
8d0693ed6a
keep conference members in memory and show them in conference details
2016-05-16 19:58:36 +02:00
Daniel Gultsch
908aa19a36
make omemo default when all resources support it
2016-05-12 14:20:11 +02:00
Daniel Gultsch
cc209afc51
stop processing PreKeyWhisperMessage if there is no PreKeyId
...
fixes #1832
2016-05-10 18:11:13 +02:00
Daniel Gultsch
76889b9c58
handle invalid base64 is SASl SCRAM response
2016-05-07 11:34:17 +02:00
Sebastian
544e1dee65
Remove copy of innerkey
...
The line overwrites this.innerkey with the value that was already there.
2016-05-05 17:09:01 +02:00
Daniel Gultsch
6e0ec9b924
republish pgp signature when changing status
2016-05-05 13:17:04 +02:00
klemens
7047d68165
spelling fixes
2016-05-04 10:29:29 +02:00
Sebastian
cf374ec4ef
Renaming of variable
...
Was probably just a copy/paste typo.
2016-05-03 23:35:57 +02:00
Daniel Gultsch
ecaf75e5ec
better detect broken pep
...
mark pep as broken when publishing bundle or device list failed
reset 'brokenness' when account is getting disabled
2016-04-05 13:31:03 +02:00
Daniel Gultsch
a9b66e3ea5
allow to delete attachments. fixes #1539
2016-03-23 19:23:22 +01:00
Daniel Gultsch
281cb65046
only add image files to media scanner
2016-03-23 12:20:09 +01:00
Daniel Gultsch
198dc2c6b4
let users confirm each member in a conference even if that contact is already trusted
2016-03-01 11:26:59 +01:00
Daniel Gultsch
9e0466d1e6
refactored omemo to take multiple recipients
2016-02-29 13:18:07 +01:00
Daniel Gultsch
b00c561f81
check for uuid change when decrypting pgp messages
2016-02-21 11:43:03 +01:00
Daniel Gultsch
fab0a45955
re-read common name from certificates on startup
2016-02-02 13:43:20 +01:00
Daniel Gultsch
43521891f0
show fetch errors in trust keys activity
2016-01-23 11:39:02 +01:00
Andreas Straub
58d213f291
Fix OMEMO session creating loggin
...
Now prints the correct JID to the log when finding devices without
sessions.
2015-12-31 15:48:43 +01:00
Daniel Gultsch
f46cbb38a9
show certificate information
2015-12-23 19:18:53 +01:00
Daniel Gultsch
d0bad09f13
save certificate when verifying with x509
2015-12-23 17:41:26 +01:00
Daniel Gultsch
534013fd0c
store identity key in XmppAxolotlSession instead of the fingerprint
2015-12-19 15:44:11 +01:00
Daniel Gultsch
15c8cb8ac6
add more debugging to certificate checks after new omemo session was established
2015-12-19 12:44:55 +01:00
Daniel Gultsch
15f220747f
some more NPE checks
2015-12-10 23:16:39 +01:00
Daniel Gultsch
1de74c2337
also verify sessions in CBE mode that got created by key transport messages
2015-12-08 17:15:08 +01:00
Daniel Gultsch
23ef1c660a
encrypt pgp messages to self
2015-11-26 17:44:11 +01:00
Daniel Gultsch
a557d38e4d
pgp fixes and revert configuration changes
2015-11-25 20:47:02 +01:00
Daniel Gultsch
fbb7cb99f7
Merge pull request #1558 from fiaxh/pgp_api_9.0
...
Use OpenPGP-API 9.0
2015-11-24 06:52:24 +01:00
fiaxh
2c1f7e115c
PgpEngine: Get account from conversation instead of from contact. fixes #1568 , fixes #1544
2015-11-15 13:24:07 +00:00
fiaxh
fac1d4e0bd
Use OpenPGP-API 9.0
2015-11-09 13:49:57 +00:00
Daniel Gultsch
baf76d883c
indicate cbe in chat message hint
2015-10-31 22:55:04 +01:00
Daniel Gultsch
bca29cf7fd
explicitly mark verified omemo keys in UI
2015-10-31 10:57:57 +01:00
Daniel Gultsch
34bcc59f72
fixed session objects not being build on start up
2015-10-30 12:05:21 +01:00
Daniel Gultsch
6a458b853c
Merge pull request #1513 from fiaxh/pgp_background_decryption
...
PGP messages background decryption
2015-10-30 10:18:27 +01:00
Daniel Gultsch
c7ff196f58
push CN into nick pep node when uploading certificate. subscribe to nick node
2015-10-29 13:41:08 +01:00
fiaxh
29a849cb92
Decrypt PGP messages in background
2015-10-28 19:57:11 +00:00
Daniel Gultsch
3c6c424d31
don't retry building broken omemo keys
2015-10-17 15:51:21 +02:00
Daniel Gultsch
e9e31b1c9b
load axolotl session cache on first device update
2015-10-17 14:44:59 +02:00
Daniel Gultsch
a83aae341f
improved error reporting in trust keys activity
2015-10-17 14:09:26 +02:00
Daniel Gultsch
cfeb67d71d
introduced code to verify omemo device keys with x509 certificates.
...
cleaned up TrustKeysActivity to automatically close if there is nothing to do
2015-10-16 23:48:42 +02:00
Daniel Gultsch
c1716a35e3
moved other name parsing into seperate method
2015-10-15 20:05:55 +02:00
Daniel Gultsch
fc96dcaa4d
use constants for oids in xmppdomainverifier
2015-10-15 19:14:41 +02:00
Daniel Gultsch
5b271e1ed8
more checks for xmppdomainverifier and better wildcard handling
2015-10-15 18:06:26 +02:00
Daniel Gultsch
e75c2cd731
use own XmppDomainVerifier instead of deprecated StrictHostnameVerifier. fixes #1189
2015-10-15 17:08:38 +02:00
Daniel Gultsch
212d1a8c91
add config variable to enable x509 verification
2015-10-12 13:18:20 +02:00
Daniel Gultsch
933538a39d
code clean up
2015-10-12 12:36:54 +02:00
Daniel Gultsch
b519411d34
enable SASL EXTERNAL (certificate login
2015-10-11 20:45:01 +02:00
Daniel Gultsch
7be331bbb2
add menu item in account details to renew certificate
2015-10-11 16:10:52 +02:00
Andreas Straub
fdd88aa530
Clean up
...
Fixes some random linter warnings.
2015-10-11 16:05:44 +02:00
Daniel Gultsch
506b83ddc6
be more careful when publishing device bundle
2015-09-17 14:18:06 +02:00
Daniel Gultsch
eff173ebc2
indicate broken pep in server info
2015-09-06 19:40:28 +02:00
Andreas Straub
a95c451f1e
Only show that have sessions in fingerprint list
...
Doesn't access database directly anymore but goes through AxolotlService
now to obtain list of fingerprints associated with an Account/Contact.
This should prevent orphaned keys littering the UI which previously
couldn't be removed through the Clear Devices function.
Together with 1c79982da84964c1d81179a0927d9cd1eadf53de this fixes #1393
2015-09-06 15:15:57 +02:00
Andreas Straub
2bb033267b
Don't manually add keys to the store
...
There is no need to preemptively add the keys to the store oneself.
SessionBuilder will take care of this for us. What's more, this will
prevent IdentityKeys from otherwise invalid bundles to show up in our
UI.
2015-09-06 15:15:57 +02:00
Andreas Straub
e2d506c96a
Never build a session with oneself
...
If we detect our own ID is not in our own devicelist on receiving an
update, we reannounce ourselves. This used to have the side effect of
modifying the list of devices we thought were in the update set, causing
us to accidentally build a session with ourselves.
This lead to our own key being set to TRUSTED_INACTIVE, resulting in red
lock icons on messages sent by the own device.
We fix this by having publishOwnDeviceId() operate on a copy of the
original set. This commit also includes a db migration which deletes
sessions with oneself and sets own keys back to TRUSTED.
2015-09-05 17:29:58 +02:00
Daniel Gultsch
91b0605bc2
use same method to add message hints to otr message everywhere it is needed
2015-09-01 22:36:56 +02:00
Andreas Straub
1156ccbce2
Fix error handling for announce check retrieval
...
Only aborts when a timeout was received. Error conditions (most notably
item-not-found) are interpreted as no other devices existing.
2015-08-26 20:52:44 +02:00
Andreas Straub
c4a548ada0
Only announce device after publishing bundle
2015-08-26 15:45:21 +02:00
Andreas Straub
0eeaccd974
Fix key publishing
...
Remove invalid check for result code, which prevented publishing if the
node was empty to begin with.
Fix pepBroken check
2015-08-26 00:27:39 +02:00
Andreas Straub
25a9d59412
Add more logging to pep attemp counter logic
2015-08-25 18:52:36 +02:00
Andreas Straub
eafcf38ec9
Limit number of PEP publish tries
...
If PEP publish tries are repeatedly triggered by empty PEP updates, stop
attempting to publish after 3 tries. This should work around broken PEP
implementations in older ejabberd and OpenFire versions.
2015-08-25 18:43:44 +02:00
Andreas Straub
b84fecf51a
Pass through device IDs when updating own list
2015-08-25 12:17:09 +02:00
Daniel Gultsch
5eae1e52d2
cleared up some error messages in axolotl service and execute publishOwnDevicesWhenNeeded() only if processing our own jid
2015-08-25 11:43:10 +02:00
Andreas Straub
e1dc7f990d
Add error handling to OMEMO PEP code
...
Log received errors and abort processing
2015-08-23 13:23:51 +02:00
Daniel Gultsch
c082066118
catch null pointer in ScramSHA1 sasl
2015-08-16 11:50:33 +02:00
Andreas Straub
7437d0fe0c
Increase number of published prekeys for release
2015-08-07 12:30:39 +02:00
Andreas Straub
6cd9383e53
Let UNTRUSTED/UNDECIDED keys become INACTIVE
2015-08-01 18:30:11 +02:00
Andreas Straub
6059b96456
Provide process function for key transport message
2015-07-31 23:28:09 +02:00
Andreas Straub
909f761ca1
Refactor axolotl message processing workflow
...
XmppAxolotlMessage is now entirely responsible for handling encryption
and decryption of messages, only leveraging XmppAxolotlSession as a
packing/unpacking primitive for payload keys.
Removed pseudo-dead session generation code step from prepareMessage
function, as sessions have been created by invoking the
TrustKeysActivity for a while now.
Added prepareKeyTransportMessage function, which creates a message with
no payload. The key that is packed into the header keyElements can then
be used for other purposes (e.g. encrypted file transfer).
2015-07-31 21:31:45 +02:00
Andreas Straub
50b14434ee
Reformat code
2015-07-31 21:31:45 +02:00
Andreas Straub
5c421da1e1
Change to new wire protocol version
2015-07-31 21:31:45 +02:00
Andreas Straub
e10a6c5b87
Fix NPE: consider unknown keys UNDECIDED
2015-07-29 02:59:41 +02:00
Andreas Straub
efcefc2e63
Refactor out inner classes, cache trust store
...
Moves SQLiteAxolotlStore and XmppAxolotlSession into proper classes.
IdentityKeys trust statuses are now cached in an LruCache to prevent
hammering the database when rendering the UI.
2015-07-29 02:59:26 +02:00
Andreas Straub
db05d26433
Always build own device session automatically
2015-07-22 15:03:52 +02:00
Andreas Straub
92b5081b5e
Add INACTIVE state for removed keys
...
We introduce a new trust state: INACTIVE. This state is intended for
old keys that have been removed.
When a TRUSTED device is removed from the PEP devicelist, it's status
will be set to INACTIVE. INACTIVE keys are shown in the UI as greyed
out, non-interactible key rows. Messages are not encrypted for INACTIVE
devices.
When an INACTIVE device reappears in PEP, or a message is received from
an INACTIVE device, it is set back to trusted.
2015-07-21 14:24:59 +02:00
Andreas Straub
3c5c0c7d3b
Fill own device sessions into SessionMap
2015-07-21 14:24:59 +02:00
Daniel Gultsch
ffa588ba3e
and now do that properly
2015-07-21 12:01:20 +02:00
Daniel Gultsch
a5027104fd
bugfix: also add no-permanent-storage to message hints
2015-07-21 11:50:32 +02:00
Andreas Straub
b7ff2c3461
Use properly fixed numeral values in Trust enum
...
Why, oh God, why?! #thanksjamesgosling
2015-07-21 01:52:22 +02:00
Andreas Straub
639ebd644b
Remove unused import
2015-07-21 01:17:29 +02:00
Andreas Straub
122bc97ce2
Switch payload encryption to AES-GCM
...
This also ensures that the IV is generated with proper randomness.
2015-07-21 01:17:14 +02:00
Andreas Straub
971aa3a11e
Also decrypt messages from UNTRUSTED sessions
2015-07-20 23:16:06 +02:00
Andreas Straub
d2845e9ac1
Refactor axolotl send processing/caching flow
2015-07-20 23:13:28 +02:00
Andreas Straub
8be0e8a27d
Start TrustKeysActivity if no keys are TRUSTED
...
If there are no UNDECIDED keys, but none of the contact's keys are
trusted, redirect the user to the TrustKeysActivity
2015-07-20 22:35:07 +02:00
Andreas Straub
ab2d114bbc
Add purge axolotl key option
...
Can now long-press a key to permanently purge it.
2015-07-20 22:18:24 +02:00
Daniel Gultsch
e79f82ca72
attempt to fix the delay problem
2015-07-20 18:11:33 +02:00
Andreas Straub
19a0ae42d6
Lock TrustKeys if no trusted keys are available
2015-07-20 14:56:41 +02:00
Andreas Straub
012f036840
Optimize imports
2015-07-20 14:26:29 +02:00
Andreas Straub
14010bf5a6
Ask for key trust when sending messages
...
If the contact (or the own account) has keys that have UNDECIDED trust,
we now drop the user into the new TrustKeysActivity, where they have to
decide for each new key whether it should be TRUSTED or UNTRUSTED.
2015-07-19 22:27:26 +02:00
Andreas Straub
9c4d55f82c
Send correct body for HTTP files
...
When using HTTP upload to send files, take care to transmit only the URL
rather than the entire body, which contains metadata.
2015-07-19 22:23:28 +02:00