mirror of
https://github.com/profanity-im/profanity.git
synced 2024-11-03 19:37:16 -05:00
OMEMO - trust mode (#1506)
Add OMEMO trust mode capabilities. * ToFu / first usage * blind trust * manual
This commit is contained in:
parent
c79979401b
commit
3ba38eafa8
@ -193,6 +193,7 @@ static Autocomplete otr_sendfile_ac;
|
|||||||
static Autocomplete omemo_ac;
|
static Autocomplete omemo_ac;
|
||||||
static Autocomplete omemo_log_ac;
|
static Autocomplete omemo_log_ac;
|
||||||
static Autocomplete omemo_policy_ac;
|
static Autocomplete omemo_policy_ac;
|
||||||
|
static Autocomplete omemo_trustmode_ac;
|
||||||
#endif
|
#endif
|
||||||
static Autocomplete connect_property_ac;
|
static Autocomplete connect_property_ac;
|
||||||
static Autocomplete tls_property_ac;
|
static Autocomplete tls_property_ac;
|
||||||
@ -682,6 +683,7 @@ cmd_ac_init(void)
|
|||||||
autocomplete_add(omemo_ac, "fingerprint");
|
autocomplete_add(omemo_ac, "fingerprint");
|
||||||
autocomplete_add(omemo_ac, "clear_device_list");
|
autocomplete_add(omemo_ac, "clear_device_list");
|
||||||
autocomplete_add(omemo_ac, "policy");
|
autocomplete_add(omemo_ac, "policy");
|
||||||
|
autocomplete_add(omemo_ac, "trustmode");
|
||||||
autocomplete_add(omemo_ac, "char");
|
autocomplete_add(omemo_ac, "char");
|
||||||
|
|
||||||
omemo_log_ac = autocomplete_new();
|
omemo_log_ac = autocomplete_new();
|
||||||
@ -693,6 +695,12 @@ cmd_ac_init(void)
|
|||||||
autocomplete_add(omemo_policy_ac, "manual");
|
autocomplete_add(omemo_policy_ac, "manual");
|
||||||
autocomplete_add(omemo_policy_ac, "automatic");
|
autocomplete_add(omemo_policy_ac, "automatic");
|
||||||
autocomplete_add(omemo_policy_ac, "always");
|
autocomplete_add(omemo_policy_ac, "always");
|
||||||
|
|
||||||
|
// Autocomplete OMEMO trustmode
|
||||||
|
omemo_trustmode_ac = autocomplete_new();
|
||||||
|
autocomplete_add(omemo_trustmode_ac, "manual");
|
||||||
|
autocomplete_add(omemo_trustmode_ac, "firstusage");
|
||||||
|
autocomplete_add(omemo_trustmode_ac, "blind");
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
connect_property_ac = autocomplete_new();
|
connect_property_ac = autocomplete_new();
|
||||||
@ -1295,6 +1303,7 @@ cmd_ac_reset(ProfWin* window)
|
|||||||
autocomplete_reset(omemo_ac);
|
autocomplete_reset(omemo_ac);
|
||||||
autocomplete_reset(omemo_log_ac);
|
autocomplete_reset(omemo_log_ac);
|
||||||
autocomplete_reset(omemo_policy_ac);
|
autocomplete_reset(omemo_policy_ac);
|
||||||
|
autocomplete_reset(omemo_trustmode_ac);
|
||||||
#endif
|
#endif
|
||||||
autocomplete_reset(connect_property_ac);
|
autocomplete_reset(connect_property_ac);
|
||||||
autocomplete_reset(tls_property_ac);
|
autocomplete_reset(tls_property_ac);
|
||||||
@ -1453,6 +1462,7 @@ cmd_ac_uninit(void)
|
|||||||
autocomplete_free(omemo_ac);
|
autocomplete_free(omemo_ac);
|
||||||
autocomplete_free(omemo_log_ac);
|
autocomplete_free(omemo_log_ac);
|
||||||
autocomplete_free(omemo_policy_ac);
|
autocomplete_free(omemo_policy_ac);
|
||||||
|
autocomplete_free(omemo_trustmode_ac);
|
||||||
#endif
|
#endif
|
||||||
autocomplete_free(connect_property_ac);
|
autocomplete_free(connect_property_ac);
|
||||||
autocomplete_free(tls_property_ac);
|
autocomplete_free(tls_property_ac);
|
||||||
@ -2519,6 +2529,11 @@ _omemo_autocomplete(ProfWin* window, const char* const input, gboolean previous)
|
|||||||
return found;
|
return found;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
found = autocomplete_param_with_ac(input, "/omemo trustmode", omemo_trustmode_ac, TRUE, previous);
|
||||||
|
if (found) {
|
||||||
|
return found;
|
||||||
|
}
|
||||||
|
|
||||||
jabber_conn_status_t conn_status = connection_get_status();
|
jabber_conn_status_t conn_status = connection_get_status();
|
||||||
|
|
||||||
if (conn_status == JABBER_CONNECTED) {
|
if (conn_status == JABBER_CONNECTED) {
|
||||||
|
@ -2292,6 +2292,7 @@ static struct cmd_t command_defs[] = {
|
|||||||
{ "log", cmd_omemo_log },
|
{ "log", cmd_omemo_log },
|
||||||
{ "start", cmd_omemo_start },
|
{ "start", cmd_omemo_start },
|
||||||
{ "end", cmd_omemo_end },
|
{ "end", cmd_omemo_end },
|
||||||
|
{ "trustmode", cmd_omemo_trust_mode },
|
||||||
{ "trust", cmd_omemo_trust },
|
{ "trust", cmd_omemo_trust },
|
||||||
{ "untrust", cmd_omemo_untrust },
|
{ "untrust", cmd_omemo_untrust },
|
||||||
{ "fingerprint", cmd_omemo_fingerprint },
|
{ "fingerprint", cmd_omemo_fingerprint },
|
||||||
@ -2310,6 +2311,7 @@ static struct cmd_t command_defs[] = {
|
|||||||
"/omemo end",
|
"/omemo end",
|
||||||
"/omemo fingerprint [<contact>]",
|
"/omemo fingerprint [<contact>]",
|
||||||
"/omemo char <char>",
|
"/omemo char <char>",
|
||||||
|
"/omemo trustmode manual|firstusage|blind",
|
||||||
"/omemo policy manual|automatic|always",
|
"/omemo policy manual|automatic|always",
|
||||||
"/omemo clear_device_list")
|
"/omemo clear_device_list")
|
||||||
CMD_DESC(
|
CMD_DESC(
|
||||||
@ -2322,6 +2324,9 @@ static struct cmd_t command_defs[] = {
|
|||||||
{ "log redact", "Log OMEMO encrypted messages, but replace the contents with [redacted]. This is the default." },
|
{ "log redact", "Log OMEMO encrypted messages, but replace the contents with [redacted]. This is the default." },
|
||||||
{ "fingerprint [<contact>]", "Show contact fingerprints, or current recipient if omitted." },
|
{ "fingerprint [<contact>]", "Show contact fingerprints, or current recipient if omitted." },
|
||||||
{ "char <char>", "Set the character to be displayed next to OMEMO encrypted messages." },
|
{ "char <char>", "Set the character to be displayed next to OMEMO encrypted messages." },
|
||||||
|
{ "trustmode manual", "Set the global OMEMO trust mode to manual, OMEMO keys has to be trusted manually." },
|
||||||
|
{ "trustmode firstusage", "Set the global OMEMO trust mode to ToFu, first OMEMO keys trusted automatically." },
|
||||||
|
{ "trustmode blind", "Set the global OMEMO trust mode to blind, ALL OMEMO keys trusted automatically." },
|
||||||
{ "policy manual", "Set the global OMEMO policy to manual, OMEMO sessions must be started manually." },
|
{ "policy manual", "Set the global OMEMO policy to manual, OMEMO sessions must be started manually." },
|
||||||
{ "policy automatic", "Set the global OMEMO policy to opportunistic, an OMEMO session will be attempted upon starting a conversation." },
|
{ "policy automatic", "Set the global OMEMO policy to opportunistic, an OMEMO session will be attempted upon starting a conversation." },
|
||||||
{ "policy always", "Set the global OMEMO policy to always, an error will be displayed if an OMEMO session cannot be initiated upon starting a conversation." },
|
{ "policy always", "Set the global OMEMO policy to always, an error will be displayed if an OMEMO session cannot be initiated upon starting a conversation." },
|
||||||
|
@ -8474,6 +8474,37 @@ cmd_omemo_start(ProfWin* window, const char* const command, gchar** args)
|
|||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
|
gboolean
|
||||||
|
cmd_omemo_trust_mode(ProfWin* window, const char* const command, gchar** args)
|
||||||
|
{
|
||||||
|
#ifdef HAVE_OMEMO
|
||||||
|
|
||||||
|
if (!args[1]) {
|
||||||
|
cons_show("Current trust mode is %s", prefs_get_string(PREF_OMEMO_TRUST_MODE));
|
||||||
|
return TRUE;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (g_strcmp0(args[1], "manual") == 0) {
|
||||||
|
cons_show("Current trust mode is %s - setting to %s", prefs_get_string(PREF_OMEMO_TRUST_MODE), args[1]);
|
||||||
|
cons_show("You need to trust all OMEMO fingerprints manually");
|
||||||
|
} else if (g_strcmp0(args[1], "firstusage") == 0) {
|
||||||
|
cons_show("Current trust mode is %s - setting to %s", prefs_get_string(PREF_OMEMO_TRUST_MODE), args[1]);
|
||||||
|
cons_show("The first seen OMEMO fingerprints will be trusted automatically - new keys must be trusted manually");
|
||||||
|
} else if (g_strcmp0(args[1], "blind") == 0) {
|
||||||
|
cons_show("Current trust mode is %s - setting to %s", prefs_get_string(PREF_OMEMO_TRUST_MODE), args[1]);
|
||||||
|
cons_show("ALL OMEMO fingerprints will be trusted automatically");
|
||||||
|
} else {
|
||||||
|
cons_bad_cmd_usage(command);
|
||||||
|
return TRUE;
|
||||||
|
}
|
||||||
|
prefs_set_string(PREF_OMEMO_TRUST_MODE, args[1]);
|
||||||
|
|
||||||
|
#else
|
||||||
|
cons_show("This version of Profanity has not been built with OMEMO support enabled");
|
||||||
|
#endif
|
||||||
|
return TRUE;
|
||||||
|
}
|
||||||
|
|
||||||
gboolean
|
gboolean
|
||||||
cmd_omemo_char(ProfWin* window, const char* const command, gchar** args)
|
cmd_omemo_char(ProfWin* window, const char* const command, gchar** args)
|
||||||
{
|
{
|
||||||
|
@ -222,6 +222,7 @@ gboolean cmd_omemo_end(ProfWin* window, const char* const command, gchar** args)
|
|||||||
gboolean cmd_omemo_fingerprint(ProfWin* window, const char* const command, gchar** args);
|
gboolean cmd_omemo_fingerprint(ProfWin* window, const char* const command, gchar** args);
|
||||||
gboolean cmd_omemo_trust(ProfWin* window, const char* const command, gchar** args);
|
gboolean cmd_omemo_trust(ProfWin* window, const char* const command, gchar** args);
|
||||||
gboolean cmd_omemo_untrust(ProfWin* window, const char* const command, gchar** args);
|
gboolean cmd_omemo_untrust(ProfWin* window, const char* const command, gchar** args);
|
||||||
|
gboolean cmd_omemo_trust_mode(ProfWin* window, const char* const command, gchar** args);
|
||||||
gboolean cmd_omemo_policy(ProfWin* window, const char* const command, gchar** args);
|
gboolean cmd_omemo_policy(ProfWin* window, const char* const command, gchar** args);
|
||||||
gboolean cmd_omemo_clear_device_list(ProfWin* window, const char* const command, gchar** args);
|
gboolean cmd_omemo_clear_device_list(ProfWin* window, const char* const command, gchar** args);
|
||||||
|
|
||||||
|
@ -1930,6 +1930,7 @@ _get_group(preference_t pref)
|
|||||||
return PREF_GROUP_PLUGINS;
|
return PREF_GROUP_PLUGINS;
|
||||||
case PREF_OMEMO_LOG:
|
case PREF_OMEMO_LOG:
|
||||||
case PREF_OMEMO_POLICY:
|
case PREF_OMEMO_POLICY:
|
||||||
|
case PREF_OMEMO_TRUST_MODE:
|
||||||
return PREF_GROUP_OMEMO;
|
return PREF_GROUP_OMEMO;
|
||||||
default:
|
default:
|
||||||
return NULL;
|
return NULL;
|
||||||
@ -2178,6 +2179,8 @@ _get_key(preference_t pref)
|
|||||||
return "log";
|
return "log";
|
||||||
case PREF_OMEMO_POLICY:
|
case PREF_OMEMO_POLICY:
|
||||||
return "policy";
|
return "policy";
|
||||||
|
case PREF_OMEMO_TRUST_MODE:
|
||||||
|
return "trustmode";
|
||||||
case PREF_CORRECTION_ALLOW:
|
case PREF_CORRECTION_ALLOW:
|
||||||
return "correction.allow";
|
return "correction.allow";
|
||||||
case PREF_AVATAR_CMD:
|
case PREF_AVATAR_CMD:
|
||||||
@ -2323,6 +2326,8 @@ _get_default_string(preference_t pref)
|
|||||||
return "redact";
|
return "redact";
|
||||||
case PREF_OMEMO_POLICY:
|
case PREF_OMEMO_POLICY:
|
||||||
return "automatic";
|
return "automatic";
|
||||||
|
case PREF_OMEMO_TRUST_MODE:
|
||||||
|
return "manual";
|
||||||
case PREF_COLOR_NICK:
|
case PREF_COLOR_NICK:
|
||||||
return "false";
|
return "false";
|
||||||
case PREF_AVATAR_CMD:
|
case PREF_AVATAR_CMD:
|
||||||
|
@ -166,6 +166,7 @@ typedef enum {
|
|||||||
PREF_STATUSBAR_ROOM,
|
PREF_STATUSBAR_ROOM,
|
||||||
PREF_OMEMO_LOG,
|
PREF_OMEMO_LOG,
|
||||||
PREF_OMEMO_POLICY,
|
PREF_OMEMO_POLICY,
|
||||||
|
PREF_OMEMO_TRUST_MODE,
|
||||||
PREF_OCCUPANTS_WRAP,
|
PREF_OCCUPANTS_WRAP,
|
||||||
PREF_CORRECTION_ALLOW,
|
PREF_CORRECTION_ALLOW,
|
||||||
PREF_AVATAR_CMD,
|
PREF_AVATAR_CMD,
|
||||||
|
@ -542,6 +542,34 @@ omemo_set_device_list(const char* const from, GList* device_list)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// OMEMO trustmode ToFu
|
||||||
|
if (g_strcmp0(prefs_get_string(PREF_OMEMO_TRUST_MODE), "firstusage") == 0) {
|
||||||
|
log_info("[OMEMO] Checking firstusage state for %s", jid->barejid);
|
||||||
|
GHashTable* trusted = g_hash_table_lookup(omemo_ctx.identity_key_store.trusted, jid->barejid);
|
||||||
|
if (trusted) {
|
||||||
|
if (g_hash_table_size(trusted) > 0) {
|
||||||
|
log_info("[OMEMO] Found trusted device for %s - skip firstusage", jid->barejid);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
if (device_list) {
|
||||||
|
cons_show("OMEMO: No trusted devices found for %s", jid->barejid);
|
||||||
|
GList* device_id;
|
||||||
|
for (device_id = device_list; device_id != NULL; device_id = device_id->next) {
|
||||||
|
GHashTable* known_identities = g_hash_table_lookup(omemo_ctx.known_devices, jid->barejid);
|
||||||
|
if (known_identities) {
|
||||||
|
GList* fp = NULL;
|
||||||
|
for (fp = g_hash_table_get_keys(known_identities); fp != NULL; fp = fp->next) {
|
||||||
|
if (device_id->data == g_hash_table_lookup(known_identities, fp->data)) {
|
||||||
|
cons_show("OMEMO: Adding firstusage trust for %s device %d - Fingerprint %s", jid->barejid, device_id->data, omemo_format_fingerprint(fp->data));
|
||||||
|
omemo_trust(jid->barejid, omemo_format_fingerprint(fp->data));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
jid_destroy(jid);
|
jid_destroy(jid);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -622,6 +650,14 @@ omemo_start_device_session(const char* const jid, uint32_t device_id,
|
|||||||
|
|
||||||
gboolean trusted = is_trusted_identity(&address, (uint8_t*)identity_key_raw, identity_key_len, &omemo_ctx.identity_key_store);
|
gboolean trusted = is_trusted_identity(&address, (uint8_t*)identity_key_raw, identity_key_len, &omemo_ctx.identity_key_store);
|
||||||
|
|
||||||
|
if ((g_strcmp0(prefs_get_string(PREF_OMEMO_TRUST_MODE), "blind") == 0) && !trusted) {
|
||||||
|
char* fp = _omemo_fingerprint(identity_key, TRUE);
|
||||||
|
cons_show("Blind trust for %s device %d (%s)", jid, device_id, fp);
|
||||||
|
omemo_trust(jid, fp);
|
||||||
|
free(fp);
|
||||||
|
trusted = TRUE;
|
||||||
|
}
|
||||||
|
|
||||||
if (!trusted) {
|
if (!trusted) {
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user