Daniel Gultsch
41da2a5957
fix client crashing on empty passwords (regression)
2022-12-30 17:14:18 +01:00
Daniel Gultsch
304205b2e3
take senders attr into account when converting to and from sdp
2022-11-20 17:00:40 +01:00
Daniel Gultsch
a29c7c725e
modify scram mechanisms to use guava hashing
2022-10-24 13:11:30 +02:00
Daniel Gultsch
e2b9f0e77a
add support for HashedToken channel binding
2022-10-15 20:53:59 +02:00
Daniel Gultsch
24badda4c9
do quick start with HT-SHA-256-NONE
2022-10-15 18:56:31 +02:00
Daniel Gultsch
c13787873c
request fast token
2022-10-15 12:27:38 +02:00
Daniel Gultsch
3378447f60
parse hash token names
2022-10-15 00:09:29 +02:00
Daniel Gultsch
0cd416298d
ensure we only select channel binding methods available for tls version
2022-10-14 20:00:36 +02:00
Daniel Gultsch
d435c1f2ae
let omemoOnly config overwrite OmemoSetting
2022-10-01 11:26:52 +02:00
Daniel Gultsch
495f79921d
store full sasl mechanism (not just priority)
2022-09-15 12:22:05 +02:00
Daniel Gultsch
ecbfe33e8d
support end-point channel binding as last choice option
2022-09-07 12:08:50 +02:00
Daniel Gultsch
018e0d9edf
add (inactive) channel binding end-point code
2022-09-07 11:08:54 +02:00
Daniel Gultsch
e8bce17940
add scram-sha256 and 512 in their plus variants
2022-09-06 17:39:58 +02:00
Daniel Gultsch
789d1dc225
support tls-unique for TLSv1.2
2022-09-06 17:01:57 +02:00
Daniel Gultsch
6d3d9dfe26
support channel binding with tls-exporter
2022-09-06 16:43:51 +02:00
Daniel Gultsch
5da9f5b3a3
refactor ScramMechanism to support PLUS
2022-09-06 16:28:28 +02:00
Daniel Gultsch
b78acb6fca
extract channel binding types via XEP-0440
2022-09-06 14:53:12 +02:00
Daniel Gultsch
a210568a9c
refactor SASL choice into factory; remove unused TagWriter
2022-09-06 09:25:23 +02:00
Daniel Gultsch
5fc8ff899a
support logging in via SASL 2
2022-08-29 17:09:52 +02:00
Daniel Gultsch
a717917b3d
explicitly search for namespaces when processing stream features
2022-08-29 15:09:53 +02:00
Daniel Gultsch
e439c223ee
add overflow menu action to delete own avatar
2022-08-25 19:22:40 +02:00
Daniel Gultsch
7cc96e704e
do not retrieve media attributes from encrypted files
...
fixes #4353
2022-08-12 09:58:35 +02:00
Daniel Gultsch
9b6a570939
bump agp
2022-02-24 12:41:32 +01:00
Daniel Gultsch
d6be6ddd18
use full file name for all new files
2022-02-22 16:05:02 +01:00
Daniel Gultsch
faa4c87b5f
build omemo session when encountering unknown on RTP proceed
2021-05-08 09:25:51 +02:00
Daniel Gultsch
8d391753d7
encrypt rtp map as future
2021-05-08 08:45:31 +02:00
Daniel Gultsch
ddf597e0d3
invoke x509 verification upon receiving prekey message in rtp session
2021-05-06 18:40:35 +02:00
Daniel Gultsch
e2324209ed
make sure omemo sessions are verified if the the respective config flag is set
2021-05-04 19:04:01 +02:00
Daniel Gultsch
3b25fb9038
encrypt to inactive and untrusted devices in jingle
...
encrypting to untrusted devices means no degradition of security
compared to not encrypting at all. Trust status display (shield) is made
independently at a later stage.
2021-05-04 10:49:45 +02:00
Daniel Gultsch
ac7855a332
show domains in manual cert accept dialog
2021-05-03 08:28:03 +02:00
Daniel Gultsch
9a7fc3d9b8
disable omemo by default for *.covid.monal.im domains
2021-03-23 11:52:34 +01:00
Daniel Gultsch
739d20428a
optimize imports
2021-03-21 21:39:04 +01:00
Daniel Gultsch
e217551a82
migrate to OkHttp instead of HttpUrlConnection
...
OkHttp gives us more fine grained control over the HTTP library and frees us from any platform bugs
2021-03-19 14:57:20 +01:00
Daniel Gultsch
5848013a1e
handle pre key messages in dtls verification
2021-03-03 14:03:08 +01:00
Daniel Gultsch
e4b2bb4a42
throw exception when unable to encrypt
2021-03-03 08:22:21 +01:00
Daniel Gultsch
8a6430ae29
ground work for omemo dtls verification
2021-03-02 21:13:49 +01:00
Daniel Gultsch
d889c02a0a
make ascii armor parsing more resiliant
2021-02-24 11:05:11 +01:00
Daniel Gultsch
78901e3339
use detached signatures
2021-02-17 22:47:40 +01:00
Daniel Gultsch
b76b60df5c
verify against IDN variant of domain
2021-02-04 11:15:59 +01:00
Daniel Gultsch
8ce7bfb95e
automated code clean up
2021-01-23 09:25:34 +01:00
Ferdinand Pöll
453ca7c0ed
Migrate from Android Support Library to AndroidX
...
Unignored gradle.properties since androidX requires additions there
See also https://developer.android.com/jetpack/androidx/migrate
2021-01-18 20:49:35 +01:00
Daniel Gultsch
0e54d8a2cf
implement SCRAM-SHA512
2020-12-31 09:32:05 +01:00
Daniel Gultsch
2a57c92f63
rewrote scram cache implementation
2020-12-30 22:01:08 +01:00
Daniel Gultsch
692ee6c9fb
SCRAM remove cache. made digest and hmac non static
...
DIGEST and HMAC were static variables. Those are initialized by
what ever concrete implementation gets executed first.
(Perform SCRAM-SHA1 first and those variables got initialized with
SHA1 variants)
For subsequent SHA256 executions those variables contained wrong
values.
2020-12-30 15:57:44 +01:00
Daniel Gultsch
575ada3b27
fix scram crash for broken metronome servers
2020-05-27 13:53:28 +02:00
Daniel Gultsch
f8fedf0059
sasl prep password before hashing. fixes #1893
2020-05-19 15:28:12 +02:00
Daniel Gultsch
b6703dbe38
switch xmpp-addr to jxmpp-jid
2020-05-15 17:06:16 +02:00
Daniel Gultsch
00191e2b60
explicitly use BouncyCastle for file crypto
2020-03-09 19:12:30 +01:00
Daniel Gultsch
aecb771ab5
use 16 byte IVs for http upload files larger than 768KiB
...
Ever since Android 9+ switched to Conscrypt we can no longer efficiently
encrypt (and decrypt) large files with AES-GCM. We did’t notice this before
because when using 16 byte IVs even modern Androids will fall back to bouncy
castle. However the 'bug'/'feature' in Conscrypt surfaced when we switched over
to 12 byte IVs (which uses Conscrypt on Android 9+)
Switching back entirely to 16 byte IVs is undesirable as this would break
compatibility with Monal. So we end up with a weird compromise where we use
12 byte for normale plain text OMEMO messages and 'small' files where the
inefficiencies aren’t a problem.
The result of this commit is that Monal won’t be able to receive our files
larger than 768KiB. However the alternative is that Conversations would always
OOM when attempting to send larger files (where large depends on the available
RAM.)
fixes #3653
2020-03-08 13:13:19 +01:00
Daniel Gultsch
0f40e7e73b
fixed typo in resolver that cause hostnames not to be marked as authenticated (with DNSSec)
...
usually this wasn’t a problem as this is only the fallback after no IPs
have been discovered.
this also isn‘t a security issue as worst case is the hostname doesn’t get
accepeted as fallback in cert validation.
thanks @genofire for spotting this
2020-02-29 12:55:54 +01:00