hueso/gajim-plugins
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[omemo] Save trust of message to database

Browse Source
This commit is contained in:
Philipp Hörist
2019-03-20 12:45:10 +01:00
parent 19e3ab9ba8
commit 7783864f99
6 changed files with 36 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
omemo/backend/liteaxolotlstore.py
View File

@@ -532,7 +532,7 @@ class LiteAxolotlStore(AxolotlStore):
def getTrustedFingerprints(self, jid): def getTrustedFingerprints(self, jid):
query = '''SELECT public_key as "public_key [pk]" FROM identities query = '''SELECT public_key as "public_key [pk]" FROM identities
WHERE recipient_id = ? AND trust = ?''' WHERE recipient_id = ? AND trust = ?'''
result = self._con.execute(query, (jid, Trust.TRUSTED)).fetchall() result = self._con.execute(query, (jid, Trust.VERIFIED)).fetchall()
return [row.public_key for row in result] return [row.public_key for row in result]
def getNewFingerprints(self, jid): def getNewFingerprints(self, jid):
@@ -560,7 +560,7 @@ class LiteAxolotlStore(AxolotlStore):
return False return False
identity_key = record.getSessionState().getRemoteIdentityKey() identity_key = record.getSessionState().getRemoteIdentityKey()
return self.getTrustForIdentity( return self.getTrustForIdentity(
recipient_id, identity_key) == Trust.TRUSTED recipient_id, identity_key) == Trust.VERIFIED
def isUntrustedIdentity(self, recipient_id, identity_key): def isUntrustedIdentity(self, recipient_id, identity_key):
return self.getTrustForIdentity( return self.getTrustForIdentity(

27
omemo/backend/state.py
View File

@@ -40,6 +40,7 @@ from omemo.backend.devices import DeviceManager
from omemo.backend.devices import NoDevicesFound from omemo.backend.devices import NoDevicesFound
from omemo.backend.liteaxolotlstore import LiteAxolotlStore from omemo.backend.liteaxolotlstore import LiteAxolotlStore
from omemo.backend.util import get_fingerprint from omemo.backend.util import get_fingerprint
from omemo.backend.util import Trust
from omemo.backend.util import DEFAULT_PREKEY_AMOUNT from omemo.backend.util import DEFAULT_PREKEY_AMOUNT
from omemo.backend.util import MIN_PREKEY_AMOUNT from omemo.backend.util import MIN_PREKEY_AMOUNT
from omemo.backend.util import SPK_CYCLE_TIME from omemo.backend.util import SPK_CYCLE_TIME
@@ -129,16 +130,12 @@ class OmemoState(DeviceManager):
try: try:
if prekey: if prekey:
key, fingerprint = self._process_pre_key_message( key, fingerprint, trust = self._process_pre_key_message(
jid, omemo_message.sid, encrypted_key) jid, omemo_message.sid, encrypted_key)
else: else:
key, fingerprint = self._process_message( key, fingerprint, trust = self._process_message(
jid, omemo_message.sid, encrypted_key) jid, omemo_message.sid, encrypted_key)
except SenderNotTrusted:
self._log.info('Sender not trusted, ignore message')
raise
except DuplicateMessageException: except DuplicateMessageException:
self._log.info('Received duplicated message') self._log.info('Received duplicated message')
raise DuplicateMessage raise DuplicateMessage
@@ -153,7 +150,7 @@ class OmemoState(DeviceManager):
result = aes_decrypt(key, omemo_message.iv, omemo_message.payload) result = aes_decrypt(key, omemo_message.iv, omemo_message.payload)
self._log.debug("Decrypted Message => %s", result) self._log.debug("Decrypted Message => %s", result)
return result, fingerprint return result, fingerprint, trust
def _get_whisper_message(self, jid, device, key): def _get_whisper_message(self, jid, device, key):
cipher = self._get_session_cipher(jid, device) cipher = self._get_session_cipher(jid, device)
@@ -253,8 +250,8 @@ class OmemoState(DeviceManager):
'without PreKey => %s' % jid) 'without PreKey => %s' % jid)
identity_key = pre_key_message.getIdentityKey() identity_key = pre_key_message.getIdentityKey()
if self._storage.isUntrustedIdentity(jid, identity_key): trust = self._storage.getTrustForIdentity(jid, identity_key)
raise SenderNotTrusted trust = Trust(trust) if trust is not None else Trust.UNDECIDED
session_cipher = self._get_session_cipher(jid, device) session_cipher = self._get_session_cipher(jid, device)
@@ -266,7 +263,7 @@ class OmemoState(DeviceManager):
self.xmpp_con.set_bundle() self.xmpp_con.set_bundle()
self.add_device(jid, device) self.add_device(jid, device)
return key, fingerprint return key, fingerprint, trust
def _process_message(self, jid, device, key): def _process_message(self, jid, device, key):
message = WhisperMessage(serialized=key) message = WhisperMessage(serialized=key)
@@ -278,15 +275,15 @@ class OmemoState(DeviceManager):
session_record = self._storage.loadSession(jid, device) session_record = self._storage.loadSession(jid, device)
identity_key = session_record.getSessionState().getRemoteIdentityKey() identity_key = session_record.getSessionState().getRemoteIdentityKey()
if self._storage.isUntrustedIdentity(jid, identity_key): trust = self._storage.getTrustForIdentity(jid, identity_key)
raise SenderNotTrusted trust = Trust(trust) if trust is not None else Trust.UNDECIDED
fingerprint = get_fingerprint(identity_key) fingerprint = get_fingerprint(identity_key)
self._storage.setIdentityLastSeen(jid, identity_key) self._storage.setIdentityLastSeen(jid, identity_key)
self.add_device(jid, device) self.add_device(jid, device)
return key, fingerprint return key, fingerprint, trust
def _check_pre_key_count(self): def _check_pre_key_count(self):
# Check if enough PreKeys are available # Check if enough PreKeys are available
@@ -350,7 +347,3 @@ class InvalidMessage(Exception):
class DuplicateMessage(Exception): class DuplicateMessage(Exception):
pass pass
class SenderNotTrusted(Exception):
pass

2
omemo/backend/util.py
View File

@@ -30,7 +30,7 @@ UNACKNOWLEDGED_COUNT = 300
class Trust(IntEnum): class Trust(IntEnum):
UNTRUSTED = 0 UNTRUSTED = 0
TRUSTED = 1 VERIFIED = 1
UNDECIDED = 2 UNDECIDED = 2

37
omemo/gtk/key.py
View File

@@ -19,12 +19,11 @@ import time
import locale import locale
import logging import logging
import tempfile import tempfile
from distutils.version import LooseVersion as V
from gi.repository import Gtk
from gi.repository import GdkPixbuf
from pkg_resources import get_distribution from pkg_resources import get_distribution
from distutils.version import LooseVersion as V from gi.repository import Gtk
from gi.repository import GdkPixbuf
from gajim.common import app from gajim.common import app
from gajim.plugins.plugins_i18n import _ from gajim.plugins.plugins_i18n import _
@@ -32,7 +31,7 @@ from gajim.plugins.helpers import get_builder
from omemo.gtk.util import DialogButton, ButtonAction from omemo.gtk.util import DialogButton, ButtonAction
from omemo.gtk.util import NewConfirmationDialog from omemo.gtk.util import NewConfirmationDialog
from omemo.gtk.util import Trust from omemo.backend.util import Trust
from omemo.backend.util import IdentityKeyExtended from omemo.backend.util import IdentityKeyExtended
from omemo.backend.util import get_fingerprint from omemo.backend.util import get_fingerprint
@@ -40,15 +39,15 @@ log = logging.getLogger('gajim.p.omemo')
TRUST_DATA = { TRUST_DATA = {
Trust.NOT_TRUSTED: ('dialog-error-symbolic', Trust.UNTRUSTED: ('dialog-error-symbolic',
_('Not Trusted'), _('Untrusted'),
'error-color'), 'error-color'),
Trust.UNKNOWN: ('security-low-symbolic', Trust.UNDECIDED: ('security-low-symbolic',
_('Not Decided'), _('Not Decided'),
'warning-color'), 'warning-color'),
Trust.VERIFIED: ('security-high-symbolic', Trust.VERIFIED: ('security-high-symbolic',
_('Trusted'), _('Verified'),
'success-color') 'encrypted-color')
} }
@@ -358,7 +357,7 @@ class TrustPopver(Gtk.Popover):
self._listbox.set_selection_mode(Gtk.SelectionMode.NONE) self._listbox.set_selection_mode(Gtk.SelectionMode.NONE)
if row.trust != Trust.VERIFIED: if row.trust != Trust.VERIFIED:
self._listbox.add(VerifiedOption()) self._listbox.add(VerifiedOption())
if row.trust != Trust.NOT_TRUSTED: if row.trust != Trust.UNTRUSTED:
self._listbox.add(NotTrustedOption()) self._listbox.add(NotTrustedOption())
self._listbox.add(DeleteOption()) self._listbox.add(DeleteOption())
self.add(self._listbox) self.add(self._listbox)
@@ -380,7 +379,7 @@ class TrustPopver(Gtk.Popover):
self._listbox.foreach(self._listbox.remove) self._listbox.foreach(self._listbox.remove)
if self._row.trust != Trust.VERIFIED: if self._row.trust != Trust.VERIFIED:
self._listbox.add(VerifiedOption()) self._listbox.add(VerifiedOption())
if self._row.trust != Trust.NOT_TRUSTED: if self._row.trust != Trust.UNTRUSTED:
self._listbox.add(NotTrustedOption()) self._listbox.add(NotTrustedOption())
self._listbox.add(DeleteOption()) self._listbox.add(DeleteOption())
@@ -406,8 +405,8 @@ class VerifiedOption(MenuOption):
type_ = Trust.VERIFIED type_ = Trust.VERIFIED
icon = 'security-high-symbolic' icon = 'security-high-symbolic'
label = _('Trusted') label = _('Verified')
color = 'success-color' color = 'encrypted-color'
def __init__(self): def __init__(self):
MenuOption.__init__(self) MenuOption.__init__(self)
@@ -415,9 +414,9 @@ class VerifiedOption(MenuOption):
class NotTrustedOption(MenuOption): class NotTrustedOption(MenuOption):
type_ = Trust.NOT_TRUSTED type_ = Trust.UNTRUSTED
icon = 'dialog-error-symbolic' icon = 'dialog-error-symbolic'
label = _('Not Trusted') label = _('Untrusted')
color = 'error-color' color = 'error-color'
def __init__(self): def __init__(self):

6
omemo/gtk/util.py
View File

@@ -30,12 +30,6 @@ class ButtonAction(Enum):
SUGGESTED = 'suggested-action' SUGGESTED = 'suggested-action'
class Trust(IntEnum):
NOT_TRUSTED = 0
VERIFIED = 1
UNKNOWN = 2
class NewConfirmationDialog(Gtk.MessageDialog): class NewConfirmationDialog(Gtk.MessageDialog):
def __init__(self, text, sec_text, buttons, transient_for=None): def __init__(self, text, sec_text, buttons, transient_for=None):
Gtk.MessageDialog.__init__(self, Gtk.MessageDialog.__init__(self,

9
omemo/modules/omemo.py
View File

@@ -35,6 +35,7 @@ from gajim.common import helpers
from gajim.common import configpaths from gajim.common import configpaths
from gajim.common.nec import NetworkEvent from gajim.common.nec import NetworkEvent
from gajim.common.const import EncryptionData from gajim.common.const import EncryptionData
from gajim.common.const import Trust as GajimTrust
from gajim.common.modules.base import BaseModule from gajim.common.modules.base import BaseModule
from gajim.common.modules.util import event_node from gajim.common.modules.util import event_node
@@ -46,7 +47,6 @@ from omemo.backend.state import SelfMessage
from omemo.backend.state import MessageNotForDevice from omemo.backend.state import MessageNotForDevice
from omemo.backend.state import DecryptionFailed from omemo.backend.state import DecryptionFailed
from omemo.backend.state import DuplicateMessage from omemo.backend.state import DuplicateMessage
from omemo.backend.state import SenderNotTrusted
from omemo.modules.util import prepare_stanza from omemo.modules.util import prepare_stanza
@@ -218,9 +218,9 @@ class OMEMO(BaseModule):
self._log.info('Message received from: %s', from_jid) self._log.info('Message received from: %s', from_jid)
try: try:
plaintext, fingerprint = self.backend.decrypt_message( plaintext, fingerprint, trust = self.backend.decrypt_message(
properties.omemo, from_jid) properties.omemo, from_jid)
except (KeyExchangeMessage, DuplicateMessage, SenderNotTrusted): except (KeyExchangeMessage, DuplicateMessage):
raise NodeProcessed raise NodeProcessed
except SelfMessage: except SelfMessage:
@@ -241,7 +241,8 @@ class OMEMO(BaseModule):
prepare_stanza(stanza, plaintext) prepare_stanza(stanza, plaintext)
self._debug_print_stanza(stanza) self._debug_print_stanza(stanza)
properties.encrypted = EncryptionData({'name': ENCRYPTION_NAME, properties.encrypted = EncryptionData({'name': ENCRYPTION_NAME,
'fingerprint': fingerprint}) 'fingerprint': fingerprint,
'trust': GajimTrust[trust.name]})
def _process_muc_message(self, properties): def _process_muc_message(self, properties):
room_jid = properties.jid.getBare() room_jid = properties.jid.getBare()