Doesn't access database directly anymore but goes through AxolotlService
now to obtain list of fingerprints associated with an Account/Contact.
This should prevent orphaned keys littering the UI which previously
couldn't be removed through the Clear Devices function.
Together with 1c79982da84964c1d81179a0927d9cd1eadf53de this fixes#1393
There is no need to preemptively add the keys to the store oneself.
SessionBuilder will take care of this for us. What's more, this will
prevent IdentityKeys from otherwise invalid bundles to show up in our
UI.
If we detect our own ID is not in our own devicelist on receiving an
update, we reannounce ourselves. This used to have the side effect of
modifying the list of devices we thought were in the update set, causing
us to accidentally build a session with ourselves.
This lead to our own key being set to TRUSTED_INACTIVE, resulting in red
lock icons on messages sent by the own device.
We fix this by having publishOwnDeviceId() operate on a copy of the
original set. This commit also includes a db migration which deletes
sessions with oneself and sets own keys back to TRUSTED.
If PEP publish tries are repeatedly triggered by empty PEP updates, stop
attempting to publish after 3 tries. This should work around broken PEP
implementations in older ejabberd and OpenFire versions.
Slider used to skip back on drag-and-drop action. The switch doesn't
trigger explicit whole UI refreshes anymore, it now directly adjusts the
"done" button's locked status.
XmppAxolotlMessage is now entirely responsible for handling encryption
and decryption of messages, only leveraging XmppAxolotlSession as a
packing/unpacking primitive for payload keys.
Removed pseudo-dead session generation code step from prepareMessage
function, as sessions have been created by invoking the
TrustKeysActivity for a while now.
Added prepareKeyTransportMessage function, which creates a message with
no payload. The key that is packed into the header keyElements can then
be used for other purposes (e.g. encrypted file transfer).
Messages sent from another device of the own account are now explicitly
tagged as carboned message. The session detection logic now uses this
tag to find "session borders".
Plaintext messages that were received while in an encrypted session are
now colored red. We define "in an encrypted session" if a) the last
message sent by our own device before the message under consideration
(or any message received between then and now) was encrypted AND b) the
next message will be sent encrypted or the next message sent after the
one under consideration was sent encrypted
Moves SQLiteAxolotlStore and XmppAxolotlSession into proper classes.
IdentityKeys trust statuses are now cached in an LruCache to prevent
hammering the database when rendering the UI.
* change chat states to type=chat and chat markers to type=chat
* use same type as requesting stanza for delivery receipts (which should make them type=chat most of the time)
We introduce a new trust state: INACTIVE. This state is intended for
old keys that have been removed.
When a TRUSTED device is removed from the PEP devicelist, it's status
will be set to INACTIVE. INACTIVE keys are shown in the UI as greyed
out, non-interactible key rows. Messages are not encrypted for INACTIVE
devices.
When an INACTIVE device reappears in PEP, or a message is received from
an INACTIVE device, it is set back to trusted.
* CryptoNextBeta: (60 commits)
Lock TrustKeys if no trusted keys are available
Optimize imports
Use MD style for key trust toggle switch
Fix set/remove OnUpdateBlocklistListener
Fix axolotl database migration
Remove device list from EditAccount
Add clear devices to overflow menu in EditAccount
Ask for key trust when sending messages
Encrypt files for HTTP upload in encrypted chats
Refactor trust key ui and show in account details
Send correct body for HTTP files
Handle file transmission properly in axolotl
Remove unneccessary code
Fix trust status for outgoing messages
Don't merge messages with different trust statuses
Fix copying of axolotl keys to clipboard
Add refresh icon to v21 theme
Disable Axolotl option if not usable
Show trust status of messages' originating session
Add key trust toggle to ContactDetailsActivity
...
If the contact (or the own account) has keys that have UNDECIDED trust,
we now drop the user into the new TrustKeysActivity, where they have to
decide for each new key whether it should be TRUSTED or UNTRUSTED.
Refactored the trust key row UI element so it can be used in multiple
places. It now also uses a slider to toggle the trust state, and the
redundant trust state description was removed.
EditAccountActivity now shows the keys of other devices associated with
that account.
Tag sent messages with own fingerprint, set own fingerprint as always
trusted, include own fingerprint in database trust search, explicitly
reset trust colorfilter
Any time a new session is established, call syncRosterToDisk() to ensure
that on subsequent restoreFromDatabase() calls, the roster is actually
available. This is important so that initAccountServices() can properly
initialize the SessionMap. This prevents a race condition where after
adding a new account and initiating sessions with it, if the app is
killed (e.g. by reinstall) before triggering a syncRosterToDisk(),
subsequent restores will not have the roster available, leading to
missing XmppAxolotlSessions in the SessionMap cache. As a result of
this, a new session was initiated when sending a new message, and
received messages could not be tagged with the originating session's
fingerprint.
As an added sanity check, go to the database to confirm no records are
present before creating fresh XmppAxolotlSession objects (both in the
sending and receiving case).
Wipe session cache to prevent stale sessions being used. Wipe fetch
status cache to enable recreation of sessions. Regenerate deviceId, so
that foreign devices will talk to us again.
Messages are now tagged with the IdentityKey fingerprint of the
originating session. IdentityKeys have one of three trust states:
undecided (default), trusted, and untrusted/not yet trusted.
EditAccountActivity now show own fingerprint, and gives an option to
regenerate local keying material (and wipe all sessions associated with
the old keys in the process).
It also now displays a list of other own devices, and gives an option to
remove all but the current device.
No longer store own device ID (so that we don't encrypt messages for
ourselves), verify that own device ID is present in update list
(otherwise republish), reflect update in UI.
When receiving a message, only remember the XmppAxolotlSession wrapper
if the prospective session was actually established. This prevents us
from erroneously adding empty sessions that are never established using
received PreKeyWhisperMessages, which would lead to errors if we try to
use them for sending.
The trust-on-first-use policy leads to problems when receiving messages
from two different devices of a contact before sending a message to them
(as their IdentityKeys will not have been added yet). Since session
trust will be managed externally anyway, this change is not a security
problem, and will allow us to decrypt messages from yet-untrusted
sessions.
We now track preKeys used to establish incoming sessions with us. On
each new established session, we remove the used prekey from PEP. We
have to do this because libaxolotl-java internally clears the used
preKey from its storage, so we will not be able to establish any future
sessions using that key.
XmppConnectionService.sendMessage() now dispatches messages to the
AxolotlService, where they only are prepared for sending and cached.
AxolotlService now triggers a XmppConnectionService.resendMessage(),
which then handles sending the cached message packet.
This transparently fixes, e.g., handling of messages sent while we are
offline.
Previously, the sender was assumed to be the conversation counterpart.
This broke carboned own-device messages. We now track the sender
properly, and also set the status (sent by one of the own devices vs
received from the counterpart) accordingly.
Now checks which part(s) are out of sync w/ local storage, and updates
only those, rather than assuming the entire node corrupt and
overwriting it all (especially relevant for preKey list)
We need a session object in order to build a session from a
PreKeyWhisperMessage, so add an empty one when none exists on receiving
a message.
Warning: this will break right now if the session can not be constructed
from the received message.There will be an invalid session which will
break if we try to send using it.
Bundles are now fetched on demand when a session needs to be
established. This should lessen the chance of changes to the bundles
occuring before they're used, as well as lessen the load of fetching
bundles.
Also, the message encryption is now done in a background thread, as this
can be somewhat costly if many sessions are present. This is probably
not going to be an issue in real use, but it's good practice anyway.