hueso/gajim-plugins
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[omemo] Add Blind Trust Before Verification

Browse Source 
Fixes #310
This commit is contained in:
lovetox
2020-06-24 21:08:50 +02:00
parent 50db85fad3
commit 77452756cb
6 changed files with 133 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
omemo/backend/liteaxolotlstore.py
View File

@@ -30,6 +30,8 @@ from axolotl.identitykeypair import IdentityKeyPair
from axolotl.util.medium import Medium from axolotl.util.medium import Medium
from axolotl.util.keyhelper import KeyHelper from axolotl.util.keyhelper import KeyHelper
from gajim.common import app
from omemo.backend.util import Trust from omemo.backend.util import Trust
from omemo.backend.util import IdentityKeyExtended from omemo.backend.util import IdentityKeyExtended
from omemo.backend.util import DEFAULT_PREKEY_AMOUNT from omemo.backend.util import DEFAULT_PREKEY_AMOUNT
@@ -75,6 +77,12 @@ class LiteAxolotlStore(AxolotlStore):
self._log.info("Generating OMEMO keys") self._log.info("Generating OMEMO keys")
self._generate_axolotl_keys() self._generate_axolotl_keys()
@staticmethod
def _is_blind_trust_enabled():
plugin = app.plugin_manager.get_active_plugin('omemo')
print(plugin.config['BLIND_TRUST'])
return plugin.config['BLIND_TRUST']
@staticmethod @staticmethod
def _namedtuple_factory(cursor, row): def _namedtuple_factory(cursor, row):
fields = [] fields = []
@@ -596,12 +604,15 @@ class LiteAxolotlStore(AxolotlStore):
self._con.commit() self._con.commit()
def saveIdentity(self, recipientId, identityKey): def saveIdentity(self, recipientId, identityKey):
query = '''INSERT INTO identities (recipient_id, public_key, trust) query = '''INSERT INTO identities (recipient_id, public_key, trust, shown)
VALUES(?, ?, ?)''' VALUES(?, ?, ?, ?)'''
if not self.containsIdentity(recipientId, identityKey): if not self.containsIdentity(recipientId, identityKey):
trust = self.getDefaultTrust(recipientId)
print('TRUST', trust)
self._con.execute(query, (recipientId, self._con.execute(query, (recipientId,
identityKey.getPublicKey().serialize(), identityKey.getPublicKey().serialize(),
Trust.UNDECIDED)) trust,
1 if trust == Trust.BLIND else 0))
self._con.commit() self._con.commit()
def containsIdentity(self, recipientId, identityKey): def containsIdentity(self, recipientId, identityKey):
@@ -662,10 +673,21 @@ class LiteAxolotlStore(AxolotlStore):
undecided = set(undecided) - set(inactive) undecided = set(undecided) - set(inactive)
return bool(undecided) return bool(undecided)
def getDefaultTrust(self, jid):
if not self._is_blind_trust_enabled():
return Trust.UNDECIDED
query = '''SELECT * FROM identities
WHERE recipient_id = ? AND trust IN (0, 1)'''
result = self._con.execute(query, (jid,)).fetchone()
if result is None:
return Trust.BLIND
return Trust.UNDECIDED
def getTrustedFingerprints(self, jid): def getTrustedFingerprints(self, jid):
query = '''SELECT public_key as "public_key [pk]" FROM identities query = '''SELECT public_key as "public_key [pk]" FROM identities
WHERE recipient_id = ? AND trust = ?''' WHERE recipient_id = ? AND trust IN(1, 3)'''
result = self._con.execute(query, (jid, Trust.VERIFIED)).fetchall() result = self._con.execute(query, (jid,)).fetchall()
return [row.public_key for row in result] return [row.public_key for row in result]
def getNewFingerprints(self, jid): def getNewFingerprints(self, jid):
@@ -694,7 +716,7 @@ class LiteAxolotlStore(AxolotlStore):
return False return False
identity_key = record.getSessionState().getRemoteIdentityKey() identity_key = record.getSessionState().getRemoteIdentityKey()
return self.getTrustForIdentity( return self.getTrustForIdentity(
recipient_id, identity_key) == Trust.VERIFIED recipient_id, identity_key) in (Trust.VERIFIED, Trust.BLIND)
def getIdentityLastSeen(self, recipient_id, identity_key): def getIdentityLastSeen(self, recipient_id, identity_key):
identity_key = identity_key.getPublicKey().serialize() identity_key = identity_key.getPublicKey().serialize()

1
omemo/backend/util.py
View File

@@ -32,6 +32,7 @@ class Trust(IntEnum):
UNTRUSTED = 0 UNTRUSTED = 0
VERIFIED = 1 VERIFIED = 1
UNDECIDED = 2 UNDECIDED = 2
BLIND = 3
def get_fingerprint(identity_key, formatted=False): def get_fingerprint(identity_key, formatted=False):

8
omemo/gtk/config.py
View File

@@ -58,6 +58,7 @@ class OMEMOConfigDialog(GajimPluginConfigDialog):
self.update_account_store() self.update_account_store()
self.update_account_combobox() self.update_account_combobox()
self.update_disabled_account_view() self.update_disabled_account_view()
self.update_settings()
def is_in_accountstore(self, account): def is_in_accountstore(self, account):
for row in self._ui.account_store: for row in self._ui.account_store:
@@ -127,6 +128,9 @@ class OMEMOConfigDialog(GajimPluginConfigDialog):
def refresh_button_clicked_cb(self, button, *args): def refresh_button_clicked_cb(self, button, *args):
self.update_context_list() self.update_context_list()
def _on_blind_trust(self, button):
self.plugin.config['BLIND_TRUST'] = button.get_active()
def update_context_list(self): def update_context_list(self):
self._ui.deviceid_store.clear() self._ui.deviceid_store.clear()
@@ -158,3 +162,7 @@ class OMEMOConfigDialog(GajimPluginConfigDialog):
# Set Device ID List # Set Device ID List
for item in omemo.backend.get_devices(own_jid): for item in omemo.backend.get_devices(own_jid):
self._ui.deviceid_store.append([item]) self._ui.deviceid_store.append([item])
def update_settings(self):
self._ui.blind_trust_checkbutton.set_active(
self.plugin.config['BLIND_TRUST'])

74
omemo/gtk/config.ui
View File

@@ -522,6 +522,80 @@ It is advised to go online with all of your actively used devices after clearing
<property name="tab_fill">False</property> <property name="tab_fill">False</property>
</packing> </packing>
</child> </child>
<child>
<object class="GtkGrid">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="margin_left">18</property>
<property name="margin_right">18</property>
<property name="margin_top">18</property>
<property name="margin_bottom">18</property>
<child>
<object class="GtkFrame">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="label_xalign">0</property>
<property name="shadow_type">none</property>
<child>
<object class="GtkAlignment">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="top_padding">12</property>
<property name="left_padding">12</property>
<child>
<object class="GtkGrid">
<property name="visible">True</property>
<property name="can_focus">False</property>
<child>
<object class="GtkCheckButton" id="blind_trust_checkbutton">
<property name="label" translatable="yes">Blind Trust Before Verification</property>
<property name="visible">True</property>
<property name="can_focus">True</property>
<property name="receives_default">False</property>
<property name="draw_indicator">True</property>
<signal name="toggled" handler="_on_blind_trust" swapped="no"/>
</object>
<packing>
<property name="left_attach">0</property>
<property name="top_attach">0</property>
</packing>
</child>
</object>
</child>
</object>
</child>
<child type="label">
<object class="GtkLabel">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="label" translatable="yes">General</property>
<attributes>
<attribute name="weight" value="bold"/>
</attributes>
</object>
</child>
</object>
<packing>
<property name="left_attach">0</property>
<property name="top_attach">0</property>
</packing>
</child>
</object>
<packing>
<property name="position">3</property>
</packing>
</child>
<child type="tab">
<object class="GtkLabel">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="label" translatable="yes">Settings</property>
</object>
<packing>
<property name="position">3</property>
<property name="tab_fill">False</property>
</packing>
</child>
</object> </object>
<object class="GtkListStore" id="fingerprint_store"> <object class="GtkListStore" id="fingerprint_store">
<columns> <columns>

24
omemo/gtk/key.py
View File

@@ -47,7 +47,10 @@ TRUST_DATA = {
'warning-color'), 'warning-color'),
Trust.VERIFIED: ('security-high-symbolic', Trust.VERIFIED: ('security-high-symbolic',
_('Verified'), _('Verified'),
'encrypted-color') 'encrypted-color'),
Trust.BLIND: ('security-medium-symbolic',
_('Blind Trust'),
'encrypted-color')
} }
@@ -352,11 +355,7 @@ class TrustPopver(Gtk.Popover):
self._row = row self._row = row
self._listbox = Gtk.ListBox() self._listbox = Gtk.ListBox()
self._listbox.set_selection_mode(Gtk.SelectionMode.NONE) self._listbox.set_selection_mode(Gtk.SelectionMode.NONE)
if row.trust != Trust.VERIFIED: self.update()
self._listbox.add(VerifiedOption())
if row.trust != Trust.UNTRUSTED:
self._listbox.add(NotTrustedOption())
self._listbox.add(DeleteOption())
self.add(self._listbox) self.add(self._listbox)
self._listbox.show_all() self._listbox.show_all()
self._listbox.connect('row-activated', self._activated) self._listbox.connect('row-activated', self._activated)
@@ -376,6 +375,8 @@ class TrustPopver(Gtk.Popover):
self._listbox.foreach(self._listbox.remove) self._listbox.foreach(self._listbox.remove)
if self._row.trust != Trust.VERIFIED: if self._row.trust != Trust.VERIFIED:
self._listbox.add(VerifiedOption()) self._listbox.add(VerifiedOption())
if self._row.trust != Trust.BLIND:
self._listbox.add(BlindOption())
if self._row.trust != Trust.UNTRUSTED: if self._row.trust != Trust.UNTRUSTED:
self._listbox.add(NotTrustedOption()) self._listbox.add(NotTrustedOption())
self._listbox.add(DeleteOption()) self._listbox.add(DeleteOption())
@@ -398,6 +399,17 @@ class MenuOption(Gtk.ListBoxRow):
self.show_all() self.show_all()
class BlindOption(MenuOption):
type_ = Trust.BLIND
icon = 'security-medium-symbolic'
label = _('Blind Trust')
color = 'encrypted-color'
def __init__(self):
MenuOption.__init__(self)
class VerifiedOption(MenuOption): class VerifiedOption(MenuOption):
type_ = Trust.VERIFIED type_ = Trust.VERIFIED

5
omemo/plugin.py
View File

@@ -114,7 +114,10 @@ class OmemoPlugin(GajimPlugin):
self.disabled_accounts = [] self.disabled_accounts = []
self._windows = {} self._windows = {}
self.config_default_values = {'DISABLED_ACCOUNTS': ([], ''), } self.config_default_values = {
'DISABLED_ACCOUNTS': ([], ''),
'BLIND_TRUST': (True, '')
}
for account in self.config['DISABLED_ACCOUNTS']: for account in self.config['DISABLED_ACCOUNTS']:
self.disabled_accounts.append(account) self.disabled_accounts.append(account)