1
1
mirror of https://github.com/profanity-im/profanity.git synced 2025-01-03 14:57:42 -05:00

Decrypt all incoming OMEMO msg

Trust all key as long as it's for reading. This code isn't multithread
safe.
This commit is contained in:
Paul Fariello 2019-06-07 23:44:26 +02:00
parent 7c119aa9bf
commit 2604786cb6
3 changed files with 23 additions and 1 deletions

View File

@ -724,6 +724,8 @@ omemo_on_message_send(ProfWin *win, const char *const message, gboolean request_
GList *device_ids_iter; GList *device_ids_iter;
omemo_ctx.identity_key_store.recv = false;
GList *recipients_iter; GList *recipients_iter;
for (recipients_iter = recipients; recipients_iter != NULL; recipients_iter = recipients_iter->next) { for (recipients_iter = recipients; recipients_iter != NULL; recipients_iter = recipients_iter->next) {
GList *recipient_device_id = NULL; GList *recipient_device_id = NULL;
@ -888,6 +890,8 @@ omemo_on_message_recv(const char *const from_jid, uint32_t sid,
goto out; goto out;
} }
omemo_ctx.identity_key_store.recv = true;
if (key->prekey) { if (key->prekey) {
log_debug("OMEMO: decrypting message with prekey"); log_debug("OMEMO: decrypting message with prekey");
pre_key_signal_message *message; pre_key_signal_message *message;
@ -923,6 +927,9 @@ omemo_on_message_recv(const char *const from_jid, uint32_t sid,
} }
} }
omemo_ctx.identity_key_store.recv = false;
*trusted = omemo_ctx.identity_key_store.trusted_msg;
session_cipher_free(cipher); session_cipher_free(cipher);
if (res != 0) { if (res != 0) {
log_error("OMEMO: cannot decrypt message key"); log_error("OMEMO: cannot decrypt message key");

View File

@ -362,6 +362,11 @@ save_identity(const signal_protocol_address *address, uint8_t *key_data,
{ {
identity_key_store_t *identity_key_store = (identity_key_store_t *)user_data; identity_key_store_t *identity_key_store = (identity_key_store_t *)user_data;
if (identity_key_store->recv && !identity_key_store->trusted_msg) {
/* Do not trust identity automatically */
return SG_SUCCESS;
}
signal_buffer *buffer = signal_buffer_create(key_data, key_len); signal_buffer *buffer = signal_buffer_create(key_data, key_len);
GHashTable *trusted = g_hash_table_lookup(identity_key_store->trusted, strdup(address->name)); GHashTable *trusted = g_hash_table_lookup(identity_key_store->trusted, strdup(address->name));
@ -390,10 +395,19 @@ is_trusted_identity(const signal_protocol_address *address, uint8_t *key_data,
int ret; int ret;
identity_key_store_t *identity_key_store = (identity_key_store_t *)user_data; identity_key_store_t *identity_key_store = (identity_key_store_t *)user_data;
if (identity_key_store->recv) {
return true;
}
GHashTable *trusted = g_hash_table_lookup(identity_key_store->trusted, address->name); GHashTable *trusted = g_hash_table_lookup(identity_key_store->trusted, address->name);
if (!trusted) { if (!trusted) {
if (identity_key_store->recv) {
identity_key_store->trusted_msg = false;
return 1;
} else {
return 0; return 0;
} }
}
signal_buffer *buffer = signal_buffer_create(key_data, key_len); signal_buffer *buffer = signal_buffer_create(key_data, key_len);
signal_buffer *original = g_hash_table_lookup(trusted, GINT_TO_POINTER(address->device_id)); signal_buffer *original = g_hash_table_lookup(trusted, GINT_TO_POINTER(address->device_id));

View File

@ -48,6 +48,7 @@ typedef struct {
signal_buffer *private; signal_buffer *private;
uint32_t registration_id; uint32_t registration_id;
GHashTable *trusted; GHashTable *trusted;
bool recv;
} identity_key_store_t; } identity_key_store_t;
GHashTable * session_store_new(void); GHashTable * session_store_new(void);