1
0
mirror of https://github.com/profanity-im/profanity.git synced 2024-11-03 19:37:16 -05:00

OMEMO - trust mode (#1506)

Add OMEMO trust mode capabilities.

* ToFu / first usage
* blind trust
* manual
This commit is contained in:
Stefan 2021-04-17 13:28:54 +02:00 committed by GitHub
parent c79979401b
commit 3ba38eafa8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 94 additions and 0 deletions

View File

@ -193,6 +193,7 @@ static Autocomplete otr_sendfile_ac;
static Autocomplete omemo_ac; static Autocomplete omemo_ac;
static Autocomplete omemo_log_ac; static Autocomplete omemo_log_ac;
static Autocomplete omemo_policy_ac; static Autocomplete omemo_policy_ac;
static Autocomplete omemo_trustmode_ac;
#endif #endif
static Autocomplete connect_property_ac; static Autocomplete connect_property_ac;
static Autocomplete tls_property_ac; static Autocomplete tls_property_ac;
@ -682,6 +683,7 @@ cmd_ac_init(void)
autocomplete_add(omemo_ac, "fingerprint"); autocomplete_add(omemo_ac, "fingerprint");
autocomplete_add(omemo_ac, "clear_device_list"); autocomplete_add(omemo_ac, "clear_device_list");
autocomplete_add(omemo_ac, "policy"); autocomplete_add(omemo_ac, "policy");
autocomplete_add(omemo_ac, "trustmode");
autocomplete_add(omemo_ac, "char"); autocomplete_add(omemo_ac, "char");
omemo_log_ac = autocomplete_new(); omemo_log_ac = autocomplete_new();
@ -693,6 +695,12 @@ cmd_ac_init(void)
autocomplete_add(omemo_policy_ac, "manual"); autocomplete_add(omemo_policy_ac, "manual");
autocomplete_add(omemo_policy_ac, "automatic"); autocomplete_add(omemo_policy_ac, "automatic");
autocomplete_add(omemo_policy_ac, "always"); autocomplete_add(omemo_policy_ac, "always");
// Autocomplete OMEMO trustmode
omemo_trustmode_ac = autocomplete_new();
autocomplete_add(omemo_trustmode_ac, "manual");
autocomplete_add(omemo_trustmode_ac, "firstusage");
autocomplete_add(omemo_trustmode_ac, "blind");
#endif #endif
connect_property_ac = autocomplete_new(); connect_property_ac = autocomplete_new();
@ -1295,6 +1303,7 @@ cmd_ac_reset(ProfWin* window)
autocomplete_reset(omemo_ac); autocomplete_reset(omemo_ac);
autocomplete_reset(omemo_log_ac); autocomplete_reset(omemo_log_ac);
autocomplete_reset(omemo_policy_ac); autocomplete_reset(omemo_policy_ac);
autocomplete_reset(omemo_trustmode_ac);
#endif #endif
autocomplete_reset(connect_property_ac); autocomplete_reset(connect_property_ac);
autocomplete_reset(tls_property_ac); autocomplete_reset(tls_property_ac);
@ -1453,6 +1462,7 @@ cmd_ac_uninit(void)
autocomplete_free(omemo_ac); autocomplete_free(omemo_ac);
autocomplete_free(omemo_log_ac); autocomplete_free(omemo_log_ac);
autocomplete_free(omemo_policy_ac); autocomplete_free(omemo_policy_ac);
autocomplete_free(omemo_trustmode_ac);
#endif #endif
autocomplete_free(connect_property_ac); autocomplete_free(connect_property_ac);
autocomplete_free(tls_property_ac); autocomplete_free(tls_property_ac);
@ -2519,6 +2529,11 @@ _omemo_autocomplete(ProfWin* window, const char* const input, gboolean previous)
return found; return found;
} }
found = autocomplete_param_with_ac(input, "/omemo trustmode", omemo_trustmode_ac, TRUE, previous);
if (found) {
return found;
}
jabber_conn_status_t conn_status = connection_get_status(); jabber_conn_status_t conn_status = connection_get_status();
if (conn_status == JABBER_CONNECTED) { if (conn_status == JABBER_CONNECTED) {

View File

@ -2292,6 +2292,7 @@ static struct cmd_t command_defs[] = {
{ "log", cmd_omemo_log }, { "log", cmd_omemo_log },
{ "start", cmd_omemo_start }, { "start", cmd_omemo_start },
{ "end", cmd_omemo_end }, { "end", cmd_omemo_end },
{ "trustmode", cmd_omemo_trust_mode },
{ "trust", cmd_omemo_trust }, { "trust", cmd_omemo_trust },
{ "untrust", cmd_omemo_untrust }, { "untrust", cmd_omemo_untrust },
{ "fingerprint", cmd_omemo_fingerprint }, { "fingerprint", cmd_omemo_fingerprint },
@ -2310,6 +2311,7 @@ static struct cmd_t command_defs[] = {
"/omemo end", "/omemo end",
"/omemo fingerprint [<contact>]", "/omemo fingerprint [<contact>]",
"/omemo char <char>", "/omemo char <char>",
"/omemo trustmode manual|firstusage|blind",
"/omemo policy manual|automatic|always", "/omemo policy manual|automatic|always",
"/omemo clear_device_list") "/omemo clear_device_list")
CMD_DESC( CMD_DESC(
@ -2322,6 +2324,9 @@ static struct cmd_t command_defs[] = {
{ "log redact", "Log OMEMO encrypted messages, but replace the contents with [redacted]. This is the default." }, { "log redact", "Log OMEMO encrypted messages, but replace the contents with [redacted]. This is the default." },
{ "fingerprint [<contact>]", "Show contact fingerprints, or current recipient if omitted." }, { "fingerprint [<contact>]", "Show contact fingerprints, or current recipient if omitted." },
{ "char <char>", "Set the character to be displayed next to OMEMO encrypted messages." }, { "char <char>", "Set the character to be displayed next to OMEMO encrypted messages." },
{ "trustmode manual", "Set the global OMEMO trust mode to manual, OMEMO keys has to be trusted manually." },
{ "trustmode firstusage", "Set the global OMEMO trust mode to ToFu, first OMEMO keys trusted automatically." },
{ "trustmode blind", "Set the global OMEMO trust mode to blind, ALL OMEMO keys trusted automatically." },
{ "policy manual", "Set the global OMEMO policy to manual, OMEMO sessions must be started manually." }, { "policy manual", "Set the global OMEMO policy to manual, OMEMO sessions must be started manually." },
{ "policy automatic", "Set the global OMEMO policy to opportunistic, an OMEMO session will be attempted upon starting a conversation." }, { "policy automatic", "Set the global OMEMO policy to opportunistic, an OMEMO session will be attempted upon starting a conversation." },
{ "policy always", "Set the global OMEMO policy to always, an error will be displayed if an OMEMO session cannot be initiated upon starting a conversation." }, { "policy always", "Set the global OMEMO policy to always, an error will be displayed if an OMEMO session cannot be initiated upon starting a conversation." },

View File

@ -8474,6 +8474,37 @@ cmd_omemo_start(ProfWin* window, const char* const command, gchar** args)
#endif #endif
} }
gboolean
cmd_omemo_trust_mode(ProfWin* window, const char* const command, gchar** args)
{
#ifdef HAVE_OMEMO
if (!args[1]) {
cons_show("Current trust mode is %s", prefs_get_string(PREF_OMEMO_TRUST_MODE));
return TRUE;
}
if (g_strcmp0(args[1], "manual") == 0) {
cons_show("Current trust mode is %s - setting to %s", prefs_get_string(PREF_OMEMO_TRUST_MODE), args[1]);
cons_show("You need to trust all OMEMO fingerprints manually");
} else if (g_strcmp0(args[1], "firstusage") == 0) {
cons_show("Current trust mode is %s - setting to %s", prefs_get_string(PREF_OMEMO_TRUST_MODE), args[1]);
cons_show("The first seen OMEMO fingerprints will be trusted automatically - new keys must be trusted manually");
} else if (g_strcmp0(args[1], "blind") == 0) {
cons_show("Current trust mode is %s - setting to %s", prefs_get_string(PREF_OMEMO_TRUST_MODE), args[1]);
cons_show("ALL OMEMO fingerprints will be trusted automatically");
} else {
cons_bad_cmd_usage(command);
return TRUE;
}
prefs_set_string(PREF_OMEMO_TRUST_MODE, args[1]);
#else
cons_show("This version of Profanity has not been built with OMEMO support enabled");
#endif
return TRUE;
}
gboolean gboolean
cmd_omemo_char(ProfWin* window, const char* const command, gchar** args) cmd_omemo_char(ProfWin* window, const char* const command, gchar** args)
{ {

View File

@ -222,6 +222,7 @@ gboolean cmd_omemo_end(ProfWin* window, const char* const command, gchar** args)
gboolean cmd_omemo_fingerprint(ProfWin* window, const char* const command, gchar** args); gboolean cmd_omemo_fingerprint(ProfWin* window, const char* const command, gchar** args);
gboolean cmd_omemo_trust(ProfWin* window, const char* const command, gchar** args); gboolean cmd_omemo_trust(ProfWin* window, const char* const command, gchar** args);
gboolean cmd_omemo_untrust(ProfWin* window, const char* const command, gchar** args); gboolean cmd_omemo_untrust(ProfWin* window, const char* const command, gchar** args);
gboolean cmd_omemo_trust_mode(ProfWin* window, const char* const command, gchar** args);
gboolean cmd_omemo_policy(ProfWin* window, const char* const command, gchar** args); gboolean cmd_omemo_policy(ProfWin* window, const char* const command, gchar** args);
gboolean cmd_omemo_clear_device_list(ProfWin* window, const char* const command, gchar** args); gboolean cmd_omemo_clear_device_list(ProfWin* window, const char* const command, gchar** args);

View File

@ -1930,6 +1930,7 @@ _get_group(preference_t pref)
return PREF_GROUP_PLUGINS; return PREF_GROUP_PLUGINS;
case PREF_OMEMO_LOG: case PREF_OMEMO_LOG:
case PREF_OMEMO_POLICY: case PREF_OMEMO_POLICY:
case PREF_OMEMO_TRUST_MODE:
return PREF_GROUP_OMEMO; return PREF_GROUP_OMEMO;
default: default:
return NULL; return NULL;
@ -2178,6 +2179,8 @@ _get_key(preference_t pref)
return "log"; return "log";
case PREF_OMEMO_POLICY: case PREF_OMEMO_POLICY:
return "policy"; return "policy";
case PREF_OMEMO_TRUST_MODE:
return "trustmode";
case PREF_CORRECTION_ALLOW: case PREF_CORRECTION_ALLOW:
return "correction.allow"; return "correction.allow";
case PREF_AVATAR_CMD: case PREF_AVATAR_CMD:
@ -2323,6 +2326,8 @@ _get_default_string(preference_t pref)
return "redact"; return "redact";
case PREF_OMEMO_POLICY: case PREF_OMEMO_POLICY:
return "automatic"; return "automatic";
case PREF_OMEMO_TRUST_MODE:
return "manual";
case PREF_COLOR_NICK: case PREF_COLOR_NICK:
return "false"; return "false";
case PREF_AVATAR_CMD: case PREF_AVATAR_CMD:

View File

@ -166,6 +166,7 @@ typedef enum {
PREF_STATUSBAR_ROOM, PREF_STATUSBAR_ROOM,
PREF_OMEMO_LOG, PREF_OMEMO_LOG,
PREF_OMEMO_POLICY, PREF_OMEMO_POLICY,
PREF_OMEMO_TRUST_MODE,
PREF_OCCUPANTS_WRAP, PREF_OCCUPANTS_WRAP,
PREF_CORRECTION_ALLOW, PREF_CORRECTION_ALLOW,
PREF_AVATAR_CMD, PREF_AVATAR_CMD,

View File

@ -542,6 +542,34 @@ omemo_set_device_list(const char* const from, GList* device_list)
} }
} }
// OMEMO trustmode ToFu
if (g_strcmp0(prefs_get_string(PREF_OMEMO_TRUST_MODE), "firstusage") == 0) {
log_info("[OMEMO] Checking firstusage state for %s", jid->barejid);
GHashTable* trusted = g_hash_table_lookup(omemo_ctx.identity_key_store.trusted, jid->barejid);
if (trusted) {
if (g_hash_table_size(trusted) > 0) {
log_info("[OMEMO] Found trusted device for %s - skip firstusage", jid->barejid);
return;
}
} else {
if (device_list) {
cons_show("OMEMO: No trusted devices found for %s", jid->barejid);
GList* device_id;
for (device_id = device_list; device_id != NULL; device_id = device_id->next) {
GHashTable* known_identities = g_hash_table_lookup(omemo_ctx.known_devices, jid->barejid);
if (known_identities) {
GList* fp = NULL;
for (fp = g_hash_table_get_keys(known_identities); fp != NULL; fp = fp->next) {
if (device_id->data == g_hash_table_lookup(known_identities, fp->data)) {
cons_show("OMEMO: Adding firstusage trust for %s device %d - Fingerprint %s", jid->barejid, device_id->data, omemo_format_fingerprint(fp->data));
omemo_trust(jid->barejid, omemo_format_fingerprint(fp->data));
}
}
}
}
}
}
}
jid_destroy(jid); jid_destroy(jid);
} }
@ -622,6 +650,14 @@ omemo_start_device_session(const char* const jid, uint32_t device_id,
gboolean trusted = is_trusted_identity(&address, (uint8_t*)identity_key_raw, identity_key_len, &omemo_ctx.identity_key_store); gboolean trusted = is_trusted_identity(&address, (uint8_t*)identity_key_raw, identity_key_len, &omemo_ctx.identity_key_store);
if ((g_strcmp0(prefs_get_string(PREF_OMEMO_TRUST_MODE), "blind") == 0) && !trusted) {
char* fp = _omemo_fingerprint(identity_key, TRUE);
cons_show("Blind trust for %s device %d (%s)", jid, device_id, fp);
omemo_trust(jid, fp);
free(fp);
trusted = TRUE;
}
if (!trusted) { if (!trusted) {
goto out; goto out;
} }