From 0fb27dc4961608eb9b088ca659eb087dd2c1cae7 Mon Sep 17 00:00:00 2001 From: Paul Fariello Date: Tue, 26 Feb 2019 20:33:06 +0140 Subject: [PATCH] Add OMEMO message encryption and decryption --- configure.ac | 8 ++ src/command/cmd_funcs.c | 1 + src/config/preferences.c | 28 ++++++ src/config/preferences.h | 3 + src/event/client_events.c | 19 ++++ src/log.c | 34 +++++++ src/log.h | 2 + src/omemo/crypto.c | 196 ++++++++++++++++++++++++++++++++---- src/omemo/crypto.h | 14 ++- src/omemo/omemo.c | 172 ++++++++++++++++++++++++++++++-- src/omemo/omemo.h | 12 +++ src/omemo/store.c | 12 ++- src/ui/chatwin.c | 2 + src/ui/ui.h | 3 +- src/ui/window.c | 2 + src/xmpp/message.c | 203 +++++++++++++++++++++++++++++++++++++- src/xmpp/omemo.c | 4 +- src/xmpp/xmpp.h | 1 + 18 files changed, 681 insertions(+), 35 deletions(-) diff --git a/configure.ac b/configure.ac index e886510e..cc53254f 100644 --- a/configure.ac +++ b/configure.ac @@ -283,6 +283,14 @@ if test "x$enable_omemo" != xno; then [AS_IF([test "x$enable_omemo" = xyes], [AC_MSG_ERROR([libsodium is required for omemo support])], [AC_MSG_NOTICE([libsodium not found, omemo support not enabled])])]) + + AC_CHECK_LIB([gcrypt], [gcry_check_version], + [AM_CONDITIONAL([BUILD_OMEMO], [true]) + AC_DEFINE([HAVE_OMEMO], [1], [Have omemo]), + LIBS="-lgcrypt $LIBS"], + [AS_IF([test "x$enable_omemo" = xyes], + [AC_MSG_ERROR([gcrypt is required for omemo support])], + [AC_MSG_NOTICE([gcrypt not found, omemo support not enabled])])]) fi AS_IF([test "x$with_themes" = xno], diff --git a/src/command/cmd_funcs.c b/src/command/cmd_funcs.c index 66715d20..de3372cd 100644 --- a/src/command/cmd_funcs.c +++ b/src/command/cmd_funcs.c @@ -7949,6 +7949,7 @@ cmd_omemo_start(ProfWin *window, const char *const command, gchar **args) } omemo_start_session(barejid); + chatwin->is_omemo = TRUE; } return TRUE; diff --git a/src/config/preferences.c b/src/config/preferences.c index 265e11db..7d0c91fc 100644 --- a/src/config/preferences.c +++ b/src/config/preferences.c @@ -58,6 +58,7 @@ #define PREF_GROUP_ALIAS "alias" #define PREF_GROUP_OTR "otr" #define PREF_GROUP_PGP "pgp" +#define PREF_GROUP_OMEMO "omemo" #define PREF_GROUP_MUC "muc" #define PREF_GROUP_PLUGINS "plugins" @@ -822,6 +823,33 @@ prefs_set_pgp_char(char ch) _save_prefs(); } +char +prefs_get_omemo_char(void) +{ + char result = '~'; + + char *resultstr = g_key_file_get_string(prefs, PREF_GROUP_OMEMO, "omemo.char", NULL); + if (!resultstr) { + result = '~'; + } else { + result = resultstr[0]; + } + free(resultstr); + + return result; +} + +void +prefs_set_omemo_char(char ch) +{ + char str[2]; + str[0] = ch; + str[1] = '\0'; + + g_key_file_set_string(prefs, PREF_GROUP_OMEMO, "omemo.char", str); + _save_prefs(); +} + char prefs_get_roster_header_char(void) { diff --git a/src/config/preferences.h b/src/config/preferences.h index 65dee327..a4d82967 100644 --- a/src/config/preferences.h +++ b/src/config/preferences.h @@ -148,6 +148,7 @@ typedef enum { PREF_STATUSBAR_SELF, PREF_STATUSBAR_CHAT, PREF_STATUSBAR_ROOM, + PREF_OMEMO_LOG, } preference_t; typedef struct prof_alias_t { @@ -216,6 +217,8 @@ char prefs_get_otr_char(void); void prefs_set_otr_char(char ch); char prefs_get_pgp_char(void); void prefs_set_pgp_char(char ch); +char prefs_get_omemo_char(void); +void prefs_set_omemo_char(char ch); char prefs_get_roster_header_char(void); void prefs_set_roster_header_char(char ch); diff --git a/src/event/client_events.c b/src/event/client_events.c index 3b6218ea..76a38b15 100644 --- a/src/event/client_events.c +++ b/src/event/client_events.c @@ -54,6 +54,10 @@ #include "pgp/gpg.h" #endif +#ifdef HAVE_OMEMO +#include "omemo/omemo.h" +#endif + jabber_conn_status_t cl_ev_connect_jid(const char *const jid, const char *const passwd, const char *const altdomain, const int port, const char *const tls_policy) { @@ -203,6 +207,21 @@ cl_ev_send_msg(ProfChatWin *chatwin, const char *const msg, const char *const oo #endif #endif +#ifdef HAVE_OMEMO + if (chatwin->is_omemo) { + omemo_on_message_send(chatwin, plugin_msg, request_receipt); + } else { + char *id = message_send_chat(chatwin->barejid, plugin_msg, oob_url, request_receipt); + chat_log_msg_out(chatwin->barejid, plugin_msg); + chatwin_outgoing_msg(chatwin, plugin_msg, id, PROF_MSG_PLAIN, request_receipt); + free(id); + } + + plugins_post_chat_message_send(chatwin->barejid, plugin_msg); + free(plugin_msg); + return; +#endif + // OTR unsupported, PGP unsupported #ifndef HAVE_LIBOTR #ifndef HAVE_LIBGPGME diff --git a/src/log.c b/src/log.c index 0133a6cf..090fd2f8 100644 --- a/src/log.c +++ b/src/log.c @@ -304,6 +304,23 @@ chat_log_pgp_msg_out(const char *const barejid, const char *const msg) } } +void +chat_log_omemo_msg_out(const char *const barejid, const char *const msg) +{ + if (prefs_get_boolean(PREF_CHLOG)) { + const char *jid = connection_get_fulljid(); + Jid *jidp = jid_create(jid); + char *pref_omemo_log = prefs_get_string(PREF_OMEMO_LOG); + if (strcmp(pref_omemo_log, "on") == 0) { + _chat_log_chat(jidp->barejid, barejid, msg, PROF_OUT_LOG, NULL); + } else if (strcmp(pref_omemo_log, "redact") == 0) { + _chat_log_chat(jidp->barejid, barejid, "[redacted]", PROF_OUT_LOG, NULL); + } + prefs_free_string(pref_omemo_log); + jid_destroy(jidp); + } +} + void chat_log_otr_msg_in(const char *const barejid, const char *const msg, gboolean was_decrypted, GDateTime *timestamp) { @@ -338,6 +355,23 @@ chat_log_pgp_msg_in(const char *const barejid, const char *const msg, GDateTime } } +void +chat_log_omemo_msg_in(const char *const barejid, const char *const msg, GDateTime *timestamp) +{ + if (prefs_get_boolean(PREF_CHLOG)) { + const char *jid = connection_get_fulljid(); + Jid *jidp = jid_create(jid); + char *pref_omemo_log = prefs_get_string(PREF_OMEMO_LOG); + if (strcmp(pref_omemo_log, "on") == 0) { + _chat_log_chat(jidp->barejid, barejid, msg, PROF_IN_LOG, timestamp); + } else if (strcmp(pref_omemo_log, "redact") == 0) { + _chat_log_chat(jidp->barejid, barejid, "[redacted]", PROF_IN_LOG, timestamp); + } + prefs_free_string(pref_omemo_log); + jid_destroy(jidp); + } +} + void chat_log_msg_in(const char *const barejid, const char *const msg, GDateTime *timestamp) { diff --git a/src/log.h b/src/log.h index 43a34ca1..b14231b7 100644 --- a/src/log.h +++ b/src/log.h @@ -71,10 +71,12 @@ void chat_log_init(void); void chat_log_msg_out(const char *const barejid, const char *const msg); void chat_log_otr_msg_out(const char *const barejid, const char *const msg); void chat_log_pgp_msg_out(const char *const barejid, const char *const msg); +void chat_log_omemo_msg_out(const char *const barejid, const char *const msg); void chat_log_msg_in(const char *const barejid, const char *const msg, GDateTime *timestamp); void chat_log_otr_msg_in(const char *const barejid, const char *const msg, gboolean was_decrypted, GDateTime *timestamp); void chat_log_pgp_msg_in(const char *const barejid, const char *const msg, GDateTime *timestamp); +void chat_log_omemo_msg_in(const char *const barejid, const char *const msg, GDateTime *timestamp); void chat_log_close(void); GSList* chat_log_get_previous(const gchar *const login, const gchar *const recipient); diff --git a/src/omemo/crypto.c b/src/omemo/crypto.c index a986c729..73b2ba0d 100644 --- a/src/omemo/crypto.c +++ b/src/omemo/crypto.c @@ -2,7 +2,9 @@ #include #include #include +#include +#include "omemo/omemo.h" #include "omemo/crypto.h" int @@ -12,10 +14,12 @@ omemo_crypto_init(void) return -1; } - if (crypto_aead_aes256gcm_is_available() == 0) { + if (!gcry_check_version(GCRYPT_VERSION)) { return -1; } + gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0); + return 0; } @@ -96,41 +100,195 @@ int omemo_encrypt_func(signal_buffer **output, int cipher, const uint8_t *key, size_t key_len, const uint8_t *iv, size_t iv_len, const uint8_t *plaintext, size_t plaintext_len, void *user_data) { + gcry_cipher_hd_t hd; + unsigned char *padded_plaintext; unsigned char *ciphertext; - unsigned long long ciphertext_len; + size_t ciphertext_len; + int mode; + int algo; + uint8_t padding = 0; - assert(cipher != SG_CIPHER_AES_GCM_NOPADDING); - assert(key_len == crypto_aead_aes256gcm_KEYBYTES); - assert(iv_len == crypto_aead_aes256gcm_NPUBBYTES); + switch (key_len) { + case 32: + algo = GCRY_CIPHER_AES256; + break; + default: + return OMEMO_ERR_UNSUPPORTED_CRYPTO; + } - ciphertext = malloc(plaintext_len + crypto_aead_aes256gcm_ABYTES); - crypto_aead_aes256gcm_encrypt(ciphertext, &ciphertext_len, plaintext, plaintext_len, NULL, 0, NULL, iv, key); + switch (cipher) { + case SG_CIPHER_AES_CBC_PKCS5: + mode = GCRY_CIPHER_MODE_CBC; + break; + default: + return OMEMO_ERR_UNSUPPORTED_CRYPTO; + } + + gcry_cipher_open(&hd, algo, mode, GCRY_CIPHER_SECURE); + + gcry_cipher_setkey(hd, key, key_len); + + switch (cipher) { + case SG_CIPHER_AES_CBC_PKCS5: + gcry_cipher_setiv(hd, iv, iv_len); + padding = 16 - (plaintext_len % 16); + break; + default: + assert(FALSE); + } + + padded_plaintext = malloc(plaintext_len + padding); + memcpy(padded_plaintext, plaintext, plaintext_len); + memset(padded_plaintext + plaintext_len, padding, padding); + + ciphertext_len = plaintext_len + padding; + ciphertext = malloc(ciphertext_len); + gcry_cipher_encrypt(hd, ciphertext, ciphertext_len, padded_plaintext, plaintext_len + padding); *output = signal_buffer_create(ciphertext, ciphertext_len); + free(padded_plaintext); free(ciphertext); - return 0; + gcry_cipher_close(hd); + + return SG_SUCCESS; } int omemo_decrypt_func(signal_buffer **output, int cipher, const uint8_t *key, size_t key_len, const uint8_t *iv, size_t iv_len, const uint8_t *ciphertext, size_t ciphertext_len, void *user_data) { + int ret = SG_SUCCESS; + gcry_cipher_hd_t hd; unsigned char *plaintext; - unsigned long long plaintext_len; + size_t plaintext_len; + int mode; + int algo; + uint8_t padding = 0; - assert(cipher != SG_CIPHER_AES_GCM_NOPADDING); - assert(key_len == crypto_aead_aes256gcm_KEYBYTES); - assert(iv_len == crypto_aead_aes256gcm_NPUBBYTES); - - plaintext = malloc(ciphertext_len - crypto_aead_aes256gcm_ABYTES); - if (crypto_aead_aes256gcm_decrypt(plaintext, &plaintext_len, NULL, ciphertext, ciphertext_len, NULL, 0, iv, key) < 0) { - free(plaintext); - return -1; + switch (key_len) { + case 32: + algo = GCRY_CIPHER_AES256; + break; + default: + return OMEMO_ERR_UNSUPPORTED_CRYPTO; } - *output = signal_buffer_create(plaintext, plaintext_len); + switch (cipher) { + case SG_CIPHER_AES_CBC_PKCS5: + mode = GCRY_CIPHER_MODE_CBC; + break; + default: + return OMEMO_ERR_UNSUPPORTED_CRYPTO; + } + + gcry_cipher_open(&hd, algo, mode, GCRY_CIPHER_SECURE); + + gcry_cipher_setkey(hd, key, key_len); + + switch (cipher) { + case SG_CIPHER_AES_CBC_PKCS5: + gcry_cipher_setiv(hd, iv, iv_len); + break; + default: + assert(FALSE); + } + + plaintext_len = ciphertext_len; + plaintext = malloc(plaintext_len); + gcry_cipher_decrypt(hd, plaintext, plaintext_len, ciphertext, ciphertext_len); + + switch (cipher) { + case SG_CIPHER_AES_CBC_PKCS5: + padding = plaintext[plaintext_len - 1]; + break; + default: + assert(FALSE); + } + + int i; + for (i = 0; i < padding; i++) { + if (plaintext[plaintext_len - 1 - i] != padding) { + ret = SG_ERR_UNKNOWN; + goto out; + } + } + + *output = signal_buffer_create(plaintext, plaintext_len - padding); + +out: free(plaintext); - return 0; + gcry_cipher_close(hd); + + return ret; +} + +int +aes128gcm_encrypt(unsigned char *ciphertext, size_t *ciphertext_len, const unsigned char *const plaintext, size_t plaintext_len, const unsigned char *const iv, const unsigned char *const key) +{ + gcry_error_t res; + gcry_cipher_hd_t hd; + + res = gcry_cipher_open(&hd, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_GCM, GCRY_CIPHER_SECURE); + if (res != GPG_ERR_NO_ERROR) { + goto out; + } + res = gcry_cipher_setkey(hd, key, AES128_GCM_KEY_LENGTH); + if (res != GPG_ERR_NO_ERROR) { + goto out; + } + res = gcry_cipher_setiv(hd, iv, AES128_GCM_IV_LENGTH); + if (res != GPG_ERR_NO_ERROR) { + goto out; + } + + res = gcry_cipher_encrypt(hd, ciphertext, *ciphertext_len, plaintext, plaintext_len); + if (res != GPG_ERR_NO_ERROR) { + goto out; + } + + res = gcry_cipher_gettag(hd, ciphertext + plaintext_len, AES128_GCM_TAG_LENGTH); + if (res != GPG_ERR_NO_ERROR) { + goto out; + } + +out: + gcry_cipher_close(hd); + return res; +} + +int +aes128gcm_decrypt(unsigned char *plaintext, size_t *plaintext_len, const unsigned char *const ciphertext, size_t ciphertext_len, const unsigned char *const iv, const unsigned char *const key) +{ + gcry_error_t res; + gcry_cipher_hd_t hd; + + res = gcry_cipher_open(&hd, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_GCM, GCRY_CIPHER_SECURE); + if (res != GPG_ERR_NO_ERROR) { + goto out; + } + + res = gcry_cipher_setkey(hd, key, AES128_GCM_KEY_LENGTH); + if (res != GPG_ERR_NO_ERROR) { + goto out; + } + + res = gcry_cipher_setiv(hd, iv, AES128_GCM_IV_LENGTH); + if (res != GPG_ERR_NO_ERROR) { + goto out; + } + + res = gcry_cipher_decrypt(hd, plaintext, *plaintext_len, ciphertext, ciphertext_len); + if (res != GPG_ERR_NO_ERROR) { + goto out; + } + //res = gcry_cipher_checktag(hd, ciphertext + ciphertext_len - AES128_GCM_TAG_LENGTH, AES128_GCM_TAG_LENGTH); + //if (res != GPG_ERR_NO_ERROR) { + // goto out; + //} + +out: + gcry_cipher_close(hd); + return res; } diff --git a/src/omemo/crypto.h b/src/omemo/crypto.h index 759cef69..35c5d72a 100644 --- a/src/omemo/crypto.h +++ b/src/omemo/crypto.h @@ -1,6 +1,8 @@ #include -#define SG_CIPHER_AES_GCM_NOPADDING 1000 +#define AES128_GCM_KEY_LENGTH 16 +#define AES128_GCM_IV_LENGTH 16 +#define AES128_GCM_TAG_LENGTH 16 int omemo_crypto_init(void); /** @@ -134,3 +136,13 @@ int omemo_decrypt_func(signal_buffer **output, const uint8_t *iv, size_t iv_len, const uint8_t *ciphertext, size_t ciphertext_len, void *user_data); + +int aes128gcm_encrypt(unsigned char *ciphertext, + size_t *ciphertext_len, const unsigned char *const cleartext, + size_t cleatext_len, const unsigned char *const iv, + const unsigned char *const key); + +int aes128gcm_decrypt(unsigned char *plaintext, + size_t *plaintext_len, const unsigned char *const ciphertext, + size_t ciphertext_len, const unsigned char *const iv, + const unsigned char *const key); diff --git a/src/omemo/omemo.c b/src/omemo/omemo.c index 95de1aa2..a9860851 100644 --- a/src/omemo/omemo.c +++ b/src/omemo/omemo.c @@ -3,8 +3,10 @@ #include #include #include +#include #include #include +#include #include #include "config/account.h" @@ -21,6 +23,7 @@ static gboolean loaded; static void lock(void *user_data); static void unlock(void *user_data); +static void omemo_log(int level, const char *message, size_t len, void *user_data); struct omemo_context_t { pthread_mutexattr_t attr; @@ -37,6 +40,7 @@ struct omemo_context_t { GHashTable *pre_key_store; GHashTable *signed_pre_key_store; identity_key_store_t identity_key_store; + GHashTable *device_ids; }; static omemo_context omemo_ctx; @@ -73,6 +77,10 @@ omemo_init(void) return; } + if (signal_context_set_log_function(omemo_ctx.signal, omemo_log) != 0) { + cons_show("Error initializing OMEMO log"); + } + if (signal_context_set_crypto_provider(omemo_ctx.signal, &crypto_provider) != 0) { cons_show("Error initializing OMEMO crypto"); return; @@ -123,6 +131,8 @@ omemo_init(void) .get_local_registration_id = get_local_registration_id, .save_identity = save_identity, .is_trusted_identity = is_trusted_identity, + .destroy_func = NULL, + .user_data = &omemo_ctx.identity_key_store }; signal_protocol_store_context_set_identity_key_store(omemo_ctx.store, &identity_key_store); @@ -148,6 +158,9 @@ omemo_generate_crypto_materials(ProfAccount *account) unsigned long long timestamp = (unsigned long long)(tv.tv_sec) * 1000 + (unsigned long long)(tv.tv_usec) / 1000; signal_protocol_key_helper_generate_signed_pre_key(&omemo_ctx.signed_pre_key, omemo_ctx.identity_key_pair, 5, timestamp, omemo_ctx.signal); + ec_public_key_serialize(&omemo_ctx.identity_key_store.public, ratchet_identity_key_pair_get_public(omemo_ctx.identity_key_pair)); + ec_private_key_serialize(&omemo_ctx.identity_key_store.private, ratchet_identity_key_pair_get_private(omemo_ctx.identity_key_pair)); + loaded = TRUE; /* Ensure we get our current device list, and it gets updated with our @@ -191,7 +204,7 @@ omemo_identity_key(unsigned char **output, size_t *length) ec_public_key_serialize(&buffer, ratchet_identity_key_pair_get_public(omemo_ctx.identity_key_pair)); *length = signal_buffer_len(buffer); *output = malloc(*length); - memcpy(*output, signal_buffer_const_data(buffer), *length); + memcpy(*output, signal_buffer_data(buffer), *length); signal_buffer_free(buffer); } @@ -202,7 +215,7 @@ omemo_signed_prekey(unsigned char **output, size_t *length) ec_public_key_serialize(&buffer, ec_key_pair_get_public(session_signed_pre_key_get_key_pair(omemo_ctx.signed_pre_key))); *length = signal_buffer_len(buffer); *output = malloc(*length); - memcpy(*output, signal_buffer_const_data(buffer), *length); + memcpy(*output, signal_buffer_data(buffer), *length); signal_buffer_free(buffer); } @@ -224,7 +237,7 @@ omemo_prekeys(GList **prekeys, GList **ids, GList **lengths) ec_public_key_serialize(&buffer, ec_key_pair_get_public(session_pre_key_get_key_pair(prekey))); size_t length = signal_buffer_len(buffer); unsigned char *prekey_value = malloc(length); - memcpy(prekey_value, signal_buffer_const_data(buffer), length); + memcpy(prekey_value, signal_buffer_data(buffer), length); signal_buffer_free(buffer); *prekeys = g_list_append(*prekeys, prekey_value); *ids = g_list_append(*ids, GINT_TO_POINTER(session_pre_key_get_id(prekey))); @@ -257,12 +270,15 @@ omemo_start_device_session(const char *const jid, uint32_t device_id, size_t identity_key_len) { session_pre_key_bundle *bundle; - signal_protocol_address address = { - jid, strlen(jid), device_id - }; + signal_protocol_address *address; + + address = malloc(sizeof(signal_protocol_address)); + address->name = strdup(jid); + address->name_len = strlen(jid); + address->device_id = device_id; session_builder *builder; - session_builder_create(&builder, omemo_ctx.store, &address, omemo_ctx.signal); + session_builder_create(&builder, omemo_ctx.store, address, omemo_ctx.signal); ec_public_key *prekey; curve_decode_point(&prekey, prekey_raw, prekey_len, omemo_ctx.signal); @@ -275,6 +291,142 @@ omemo_start_device_session(const char *const jid, uint32_t device_id, session_builder_process_pre_key_bundle(builder, bundle); } +gboolean +omemo_on_message_send(ProfChatWin *chatwin, const char *const message, gboolean request_receipt) +{ + int res; + xmpp_ctx_t * const ctx = connection_get_ctx(); + char *barejid = xmpp_jid_bare(ctx, session_get_account_name()); + GList *device_ids = NULL; + + GList *recipient_device_id = g_hash_table_lookup(omemo_ctx.device_list, chatwin->barejid); + if (!recipient_device_id) { + return FALSE; + } + device_ids = g_list_copy(recipient_device_id); + + GList *sender_device_id = g_hash_table_lookup(omemo_ctx.device_list, barejid); + device_ids = g_list_concat(device_ids, g_list_copy(sender_device_id)); + + /* TODO generate fresh AES-GCM materials */ + /* TODO encrypt message */ + unsigned char *key; + unsigned char *iv; + unsigned char *ciphertext; + size_t ciphertext_len; + + key = sodium_malloc(AES128_GCM_KEY_LENGTH); + iv = sodium_malloc(AES128_GCM_IV_LENGTH); + ciphertext_len = strlen(message) + AES128_GCM_TAG_LENGTH; + ciphertext = malloc(ciphertext_len); + + randombytes_buf(key, 16); + randombytes_buf(iv, 16); + + res = aes128gcm_encrypt(ciphertext, &ciphertext_len, (const unsigned char * const)message, strlen(message), iv, key); + if (res != 0) { + return FALSE; + } + + GList *keys = NULL; + GList *device_ids_iter; + for (device_ids_iter = device_ids; device_ids_iter != NULL; device_ids_iter = device_ids_iter->next) { + int res; + ciphertext_message *ciphertext; + session_cipher *cipher; + signal_protocol_address address = { + chatwin->barejid, strlen(chatwin->barejid), GPOINTER_TO_INT(device_ids_iter->data) + }; + + res = session_cipher_create(&cipher, omemo_ctx.store, &address, omemo_ctx.signal); + if (res != 0) { + continue; + } + + res = session_cipher_encrypt(cipher, key, AES128_GCM_KEY_LENGTH, &ciphertext); + if (res != 0) { + continue; + } + signal_buffer *buffer = ciphertext_message_get_serialized(ciphertext); + omemo_key_t *key = malloc(sizeof(omemo_key_t)); + key->data = signal_buffer_data(buffer); + key->length = signal_buffer_len(buffer); + key->device_id = GPOINTER_TO_INT(device_ids_iter->data); + key->prekey = TRUE; + keys = g_list_append(keys, key); + } + + char *id = message_send_chat_omemo(chatwin->barejid, omemo_ctx.device_id, keys, iv, AES128_GCM_IV_LENGTH, ciphertext, ciphertext_len, request_receipt); + chat_log_omemo_msg_out(chatwin->barejid, message); + chatwin_outgoing_msg(chatwin, message, id, PROF_MSG_OMEMO, request_receipt); + + free(id); + g_list_free_full(keys, free); + free(ciphertext); + sodium_free(key); + sodium_free(iv); + g_list_free(device_ids); + + return TRUE; +} + +char * +omemo_on_message_recv(const char *const from, uint32_t sid, + const unsigned char *const iv, size_t iv_len, GList *keys, + const unsigned char *const payload, size_t payload_len) +{ + int res; + GList *key_iter; + omemo_key_t *key = NULL; + for (key_iter = keys; key_iter != NULL; key_iter = key_iter->next) { + if (((omemo_key_t *)key_iter->data)->device_id == omemo_ctx.device_id) { + key = key_iter->data; + break; + } + } + + if (!key) { + return NULL; + } + + session_cipher *cipher; + signal_buffer *plaintext_key; + signal_protocol_address address = { + from, strlen(from), sid + }; + + res = session_cipher_create(&cipher, omemo_ctx.store, &address, omemo_ctx.signal); + if (res != 0) { + return NULL; + } + + if (key->prekey) { + pre_key_signal_message *message; + pre_key_signal_message_deserialize(&message, key->data, key->length, omemo_ctx.signal); + res = session_cipher_decrypt_pre_key_signal_message(cipher, message, NULL, &plaintext_key); + } else { + signal_message *message; + signal_message_deserialize(&message, key->data, key->length, omemo_ctx.signal); + res = session_cipher_decrypt_signal_message(cipher, message, NULL, &plaintext_key); + } + if (res != 0) { + return NULL; + } + + size_t plaintext_len = payload_len; + unsigned char *plaintext = malloc(plaintext_len + 1); + res = aes128gcm_decrypt(plaintext, &plaintext_len, payload, payload_len, iv, signal_buffer_data(plaintext_key)); + if (res != 0) { + free(plaintext); + return NULL; + } + + plaintext[plaintext_len] = '\0'; + + return (char *)plaintext; + +} + static void lock(void *user_data) { @@ -288,3 +440,9 @@ unlock(void *user_data) omemo_context *ctx = (omemo_context *)user_data; pthread_mutex_unlock(&ctx->lock); } + +static void +omemo_log(int level, const char *message, size_t len, void *user_data) +{ + cons_show(message); +} diff --git a/src/omemo/omemo.h b/src/omemo/omemo.h index bf42b3e3..eb9569a3 100644 --- a/src/omemo/omemo.h +++ b/src/omemo/omemo.h @@ -1,9 +1,19 @@ #include +#include "ui/ui.h" #include "config/account.h" +#define OMEMO_ERR_UNSUPPORTED_CRYPTO -10000 + typedef struct omemo_context_t omemo_context; +typedef struct omemo_key { + const unsigned char *data; + size_t length; + gboolean prekey; + uint32_t device_id; +} omemo_key_t; + void omemo_init(void); void omemo_generate_crypto_materials(ProfAccount *account); @@ -18,3 +28,5 @@ void omemo_start_session(const char *const barejid); void omemo_start_device_session(const char *const jid, uint32_t device_id, uint32_t prekey_id, const unsigned char *const prekey, size_t prekey_len, uint32_t signed_prekey_id, const unsigned char *const signed_prekey, size_t signed_prekey_len, const unsigned char *const signature, size_t signature_len, const unsigned char *const identity_key, size_t identity_key_len); gboolean omemo_loaded(void); +gboolean omemo_on_message_send(ProfChatWin *chatwin, const char *const message, gboolean request_receipt); +char * omemo_on_message_recv(const char *const from, uint32_t sid, const unsigned char *const iv, size_t iv_len, GList *keys, const unsigned char *const payload, size_t payload_len); diff --git a/src/omemo/store.c b/src/omemo/store.c index 384eb9ce..ab8cd81b 100644 --- a/src/omemo/store.c +++ b/src/omemo/store.c @@ -39,12 +39,16 @@ load_session(signal_buffer **record, const signal_protocol_address *address, device_store = g_hash_table_lookup(session_store, address->name); if (!device_store) { *record = NULL; - return SG_SUCCESS; + return 0; } signal_buffer *original = g_hash_table_lookup(device_store, GINT_TO_POINTER(address->device_id)); + if (!original) { + *record = NULL; + return 0; + } *record = signal_buffer_copy(original); - return SG_SUCCESS; + return 1; } int @@ -208,8 +212,8 @@ get_identity_key_pair(signal_buffer **public_data, signal_buffer **private_data, { identity_key_store_t *identity_key_store = (identity_key_store_t *)user_data; - *public_data = identity_key_store->public; - *private_data = identity_key_store->private; + *public_data = signal_buffer_copy(identity_key_store->public); + *private_data = signal_buffer_copy(identity_key_store->private); return SG_SUCCESS; } diff --git a/src/ui/chatwin.c b/src/ui/chatwin.c index 98431a60..c7acce52 100644 --- a/src/ui/chatwin.c +++ b/src/ui/chatwin.c @@ -305,6 +305,8 @@ chatwin_outgoing_msg(ProfChatWin *chatwin, const char *const message, char *id, enc_char = prefs_get_otr_char(); } else if (enc_mode == PROF_MSG_PGP) { enc_char = prefs_get_pgp_char(); + } else if (enc_mode == PROF_MSG_OMEMO) { + enc_char = prefs_get_omemo_char(); } if (request_receipt && id) { diff --git a/src/ui/ui.h b/src/ui/ui.h index ad5a1216..95d291b4 100644 --- a/src/ui/ui.h +++ b/src/ui/ui.h @@ -56,7 +56,8 @@ typedef enum { PROF_MSG_PLAIN, PROF_MSG_OTR, - PROF_MSG_PGP + PROF_MSG_PGP, + PROF_MSG_OMEMO } prof_enc_t; // core UI diff --git a/src/ui/window.c b/src/ui/window.c index 5693e35f..ef0f93d2 100644 --- a/src/ui/window.c +++ b/src/ui/window.c @@ -1058,6 +1058,8 @@ win_print_incoming(ProfWin *window, GDateTime *timestamp, enc_char = prefs_get_otr_char(); } else if (enc_mode == PROF_MSG_PGP) { enc_char = prefs_get_pgp_char(); + } else if (enc_mode == PROF_MSG_OMEMO) { + enc_char = prefs_get_omemo_char(); } _win_printf(window, enc_char, 0, timestamp, NO_ME, THEME_TEXT_THEM, from, "%s", message); break; diff --git a/src/xmpp/message.c b/src/xmpp/message.c index fba62bc8..bf4e6a2f 100644 --- a/src/xmpp/message.c +++ b/src/xmpp/message.c @@ -52,6 +52,7 @@ #include "pgp/gpg.h" #include "plugins/plugins.h" #include "ui/ui.h" +#include "ui/window_list.h" #include "xmpp/chat_session.h" #include "xmpp/muc.h" #include "xmpp/session.h" @@ -62,6 +63,10 @@ #include "xmpp/connection.h" #include "xmpp/xmpp.h" +#ifdef HAVE_OMEMO +#include "omemo/omemo.h" +#endif + typedef struct p_message_handle_t { ProfMessageCallback func; ProfMessageFreeCallback free_func; @@ -77,6 +82,7 @@ static void _handle_conference(xmpp_stanza_t *const stanza); static void _handle_captcha(xmpp_stanza_t *const stanza); static void _handle_receipt_received(xmpp_stanza_t *const stanza); static void _handle_chat(xmpp_stanza_t *const stanza); +static void _handle_omemo(xmpp_stanza_t *const stanza); static void _send_message_stanza(xmpp_stanza_t *const stanza); @@ -144,6 +150,13 @@ _message_handler(xmpp_conn_t *const conn, xmpp_stanza_t *const stanza, void *con } } +#ifdef HAVE_OMEMO + xmpp_stanza_t *omemo = xmpp_stanza_get_child_by_ns(stanza, STANZA_NS_OMEMO); + if (omemo) { + _handle_omemo(stanza); + } +#endif + _handle_chat(stanza); return 1; @@ -307,6 +320,99 @@ message_send_chat_otr(const char *const barejid, const char *const msg, gboolean return id; } +#ifdef HAVE_OMEMO +char* +message_send_chat_omemo(const char *const jid, uint32_t sid, GList *keys, + const unsigned char *const iv, size_t iv_len, + const unsigned char *const ciphertext, size_t ciphertext_len, + gboolean request_receipt) +{ + xmpp_ctx_t * const ctx = connection_get_ctx(); + char *id = connection_create_stanza_id("msg"); + + xmpp_stanza_t *message = xmpp_message_new(ctx, STANZA_TYPE_CHAT, jid, id); + + xmpp_stanza_t *encrypted = xmpp_stanza_new(ctx); + xmpp_stanza_set_name(encrypted, "encrypted"); + xmpp_stanza_set_ns(encrypted, STANZA_NS_OMEMO); + + xmpp_stanza_t *header = xmpp_stanza_new(ctx); + xmpp_stanza_set_name(header, "header"); + char *sid_text = g_strdup_printf("%d", sid); + xmpp_stanza_set_attribute(header, "sid", sid_text); + g_free(sid_text); + + GList *key_iter; + for (key_iter = keys; key_iter != NULL; key_iter = key_iter->next) { + omemo_key_t *key = (omemo_key_t *)key_iter->data; + + xmpp_stanza_t *key_stanza = xmpp_stanza_new(ctx); + xmpp_stanza_set_name(key_stanza, "key"); + char *rid = g_strdup_printf("%d", key->device_id); + xmpp_stanza_set_attribute(key_stanza, "rid", rid); + g_free(rid); + if (key->prekey) { + xmpp_stanza_set_attribute(key_stanza, "prekey", "true"); + } + + gchar *key_raw = g_base64_encode(key->data, key->length); + xmpp_stanza_t *key_text = xmpp_stanza_new(ctx); + xmpp_stanza_set_text(key_text, key_raw); + g_free(key_raw); + + xmpp_stanza_add_child(key_stanza, key_text); + xmpp_stanza_add_child(header, key_stanza); + xmpp_stanza_release(key_text); + xmpp_stanza_release(key_stanza); + } + + xmpp_stanza_t *iv_stanza = xmpp_stanza_new(ctx); + xmpp_stanza_set_name(iv_stanza, "iv"); + + gchar *iv_raw = g_base64_encode(iv, iv_len); + xmpp_stanza_t *iv_text = xmpp_stanza_new(ctx); + xmpp_stanza_set_text(iv_text, iv_raw); + g_free(iv_raw); + + xmpp_stanza_add_child(iv_stanza, iv_text); + xmpp_stanza_add_child(header, iv_stanza); + xmpp_stanza_release(iv_text); + xmpp_stanza_release(iv_stanza); + + xmpp_stanza_add_child(encrypted, header); + xmpp_stanza_release(header); + + xmpp_stanza_t *payload = xmpp_stanza_new(ctx); + xmpp_stanza_set_name(payload, "payload"); + + gchar *ciphertext_raw = g_base64_encode(ciphertext, ciphertext_len); + xmpp_stanza_t *payload_text = xmpp_stanza_new(ctx); + xmpp_stanza_set_text(payload_text, ciphertext_raw); + g_free(ciphertext_raw); + + xmpp_stanza_add_child(payload, payload_text); + xmpp_stanza_add_child(encrypted, payload); + xmpp_stanza_release(payload_text); + xmpp_stanza_release(payload); + + xmpp_stanza_add_child(message, encrypted); + xmpp_stanza_release(encrypted); + + stanza_attach_carbons_private(ctx, message); + stanza_attach_hints_no_copy(ctx, message); + stanza_attach_hints_no_store(ctx, message); + + if (request_receipt) { + stanza_attach_receipt_request(ctx, message); + } + + _send_message_stanza(message); + xmpp_stanza_release(message); + + return id; +} +#endif + void message_send_private(const char *const fulljid, const char *const msg, const char *const oob_url) { @@ -828,7 +934,8 @@ _handle_chat(xmpp_stanza_t *const stanza) // ignore handled namespaces xmpp_stanza_t *conf = xmpp_stanza_get_child_by_ns(stanza, STANZA_NS_CONFERENCE); xmpp_stanza_t *captcha = xmpp_stanza_get_child_by_ns(stanza, STANZA_NS_CAPTCHA); - if (conf || captcha) { + xmpp_stanza_t *omemo = xmpp_stanza_get_child_by_ns(stanza, STANZA_NS_OMEMO); + if (conf || captcha || omemo) { return; } @@ -896,6 +1003,100 @@ _handle_chat(xmpp_stanza_t *const stanza) jid_destroy(jid); } +static void +_handle_omemo(xmpp_stanza_t *const stanza) +{ + xmpp_stanza_t *encrypted = xmpp_stanza_get_child_by_ns(stanza, STANZA_NS_OMEMO); + if (!encrypted) { + return; + } + + xmpp_stanza_t *header = xmpp_stanza_get_child_by_name(encrypted, "header"); + if (!header) { + return; + } + + const char *sid_text = xmpp_stanza_get_attribute(header, "sid"); + if (!sid_text) { + return; + } + uint32_t sid = strtoul(sid_text, NULL, 10); + + xmpp_stanza_t *iv = xmpp_stanza_get_child_by_name(header, "iv"); + if (!iv) { + return; + } + const char *iv_text = xmpp_stanza_get_text(iv); + if (!iv_text) { + return; + } + size_t iv_len; + const unsigned char *iv_raw = g_base64_decode(iv_text, &iv_len); + + xmpp_stanza_t *payload = xmpp_stanza_get_child_by_name(encrypted, "payload"); + if (!payload) { + return; + } + const char *payload_text = xmpp_stanza_get_text(payload); + if (!payload_text) { + return; + } + size_t payload_len; + const unsigned char *payload_raw = g_base64_decode(payload_text, &payload_len); + + GList *keys = NULL; + xmpp_stanza_t *key_stanza; + for (key_stanza = xmpp_stanza_get_children(header); key_stanza != NULL; key_stanza = xmpp_stanza_get_next(key_stanza)) { + if (g_strcmp0(xmpp_stanza_get_name(key_stanza), "key") != 0) { + continue; + } + + omemo_key_t *key = malloc(sizeof(omemo_key_t)); + const char *key_text = xmpp_stanza_get_text(key_stanza); + if (!key_text) { + goto skip; + } + + + const char *rid_text = xmpp_stanza_get_attribute(key_stanza, "rid"); + key->device_id = strtoul(rid_text, NULL, 10); + if (!key->device_id) { + goto skip; + } + key->data = g_base64_decode(key_text, &key->length); + key->prekey = g_strcmp0(xmpp_stanza_get_attribute(key_stanza, "prekey"), "true") == 0; + keys = g_list_append(keys, key); + continue; + +skip: + free(key); + } + + const char *from = xmpp_stanza_get_from(stanza); + Jid *jid = jid_create(from); + GDateTime *timestamp = stanza_get_delay(stanza); + + char *plaintext = omemo_on_message_recv(jid->barejid, sid, iv_raw, iv_len, keys, payload_raw, payload_len); + if (!plaintext) { + goto out; + } + + gboolean new_win = FALSE; + ProfChatWin *chatwin = wins_get_chat(jid->barejid); + if (!chatwin) { + ProfWin *window = wins_new_chat(jid->barejid); + chatwin = (ProfChatWin*)window; + new_win = TRUE; + } + + chat_log_omemo_msg_in(jid->barejid, plaintext, timestamp); + chatwin_incoming_msg(chatwin, jid->resourcepart, plaintext, timestamp, new_win, PROF_MSG_OMEMO); + +out: + jid_destroy(jid); + if (timestamp) g_date_time_unref(timestamp); +} + static void _send_message_stanza(xmpp_stanza_t *const stanza) { diff --git a/src/xmpp/omemo.c b/src/xmpp/omemo.c index 709b6ad8..048126fa 100644 --- a/src/xmpp/omemo.c +++ b/src/xmpp/omemo.c @@ -93,7 +93,7 @@ omemo_start_device_session_handle_bundle(xmpp_stanza_t *const stanza, void *cons return 1; } - if (!g_strcmp0(from, userdata)) { + if (g_strcmp0(from, userdata) != 0) { return 1; } @@ -112,7 +112,7 @@ omemo_start_device_session_handle_bundle(xmpp_stanza_t *const stanza, void *cons return 1; } - uint32_t device_id = strtoul(device_id_str, NULL, 10); + uint32_t device_id = strtoul(++device_id_str, NULL, 10); xmpp_stanza_t *item = xmpp_stanza_get_child_by_name(items, "item"); if (!item) { diff --git a/src/xmpp/xmpp.h b/src/xmpp/xmpp.h index 5c0dae76..f2eec6c7 100644 --- a/src/xmpp/xmpp.h +++ b/src/xmpp/xmpp.h @@ -140,6 +140,7 @@ char* message_send_chat(const char *const barejid, const char *const msg, const gboolean request_receipt); char* message_send_chat_otr(const char *const barejid, const char *const msg, gboolean request_receipt); char* message_send_chat_pgp(const char *const barejid, const char *const msg, gboolean request_receipt); +char* message_send_chat_omemo(const char *const jid, uint32_t sid, GList *keys, const unsigned char *const iv, size_t iv_len, const unsigned char *const ciphertext, size_t ciphertext_len, gboolean request_receipt); void message_send_private(const char *const fulljid, const char *const msg, const char *const oob_url); void message_send_groupchat(const char *const roomjid, const char *const msg, const char *const oob_url); void message_send_groupchat_subject(const char *const roomjid, const char *const subject);