mirror of
https://github.com/profanity-im/profanity.git
synced 2024-12-04 14:46:46 -05:00
Mark messages received from a session as trusted
This commit is contained in:
parent
684fdf68ac
commit
f081766913
@ -890,15 +890,26 @@ omemo_on_message_recv(const char *const from_jid, uint32_t sid,
|
|||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
omemo_ctx.identity_key_store.recv = true;
|
|
||||||
|
|
||||||
if (key->prekey) {
|
if (key->prekey) {
|
||||||
log_debug("OMEMO: decrypting message with prekey");
|
log_debug("OMEMO: decrypting message with prekey");
|
||||||
pre_key_signal_message *message;
|
pre_key_signal_message *message;
|
||||||
|
ec_public_key *their_identity_key;
|
||||||
|
signal_buffer *identity_buffer = NULL;
|
||||||
|
|
||||||
|
omemo_ctx.identity_key_store.recv = true;
|
||||||
|
|
||||||
pre_key_signal_message_deserialize(&message, key->data, key->length, omemo_ctx.signal);
|
pre_key_signal_message_deserialize(&message, key->data, key->length, omemo_ctx.signal);
|
||||||
|
their_identity_key = pre_key_signal_message_get_identity_key(message);
|
||||||
|
|
||||||
res = session_cipher_decrypt_pre_key_signal_message(cipher, message, NULL, &plaintext_key);
|
res = session_cipher_decrypt_pre_key_signal_message(cipher, message, NULL, &plaintext_key);
|
||||||
|
|
||||||
|
omemo_ctx.identity_key_store.recv = false;
|
||||||
|
|
||||||
|
/* Perform a real check of the identity */
|
||||||
|
ec_public_key_serialize(&identity_buffer, their_identity_key);
|
||||||
|
*trusted = is_trusted_identity(&address, signal_buffer_data(identity_buffer),
|
||||||
|
signal_buffer_len(identity_buffer), &omemo_ctx.identity_key_store);
|
||||||
|
|
||||||
/* Replace used pre_key in bundle */
|
/* Replace used pre_key in bundle */
|
||||||
uint32_t pre_key_id = pre_key_signal_message_get_pre_key_id(message);
|
uint32_t pre_key_id = pre_key_signal_message_get_pre_key_id(message);
|
||||||
ec_key_pair *ec_pair;
|
ec_key_pair *ec_pair;
|
||||||
@ -918,18 +929,18 @@ omemo_on_message_recv(const char *const from_jid, uint32_t sid,
|
|||||||
} else {
|
} else {
|
||||||
log_debug("OMEMO: decrypting message with existing session");
|
log_debug("OMEMO: decrypting message with existing session");
|
||||||
signal_message *message = NULL;
|
signal_message *message = NULL;
|
||||||
|
|
||||||
res = signal_message_deserialize(&message, key->data, key->length, omemo_ctx.signal);
|
res = signal_message_deserialize(&message, key->data, key->length, omemo_ctx.signal);
|
||||||
|
|
||||||
if (res < 0) {
|
if (res < 0) {
|
||||||
log_error("OMEMO: cannot deserialize message");
|
log_error("OMEMO: cannot deserialize message");
|
||||||
} else {
|
} else {
|
||||||
res = session_cipher_decrypt_signal_message(cipher, message, NULL, &plaintext_key);
|
res = session_cipher_decrypt_signal_message(cipher, message, NULL, &plaintext_key);
|
||||||
|
*trusted = true;
|
||||||
SIGNAL_UNREF(message);
|
SIGNAL_UNREF(message);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
omemo_ctx.identity_key_store.recv = false;
|
|
||||||
*trusted = omemo_ctx.identity_key_store.trusted_msg;
|
|
||||||
|
|
||||||
session_cipher_free(cipher);
|
session_cipher_free(cipher);
|
||||||
if (res != 0) {
|
if (res != 0) {
|
||||||
log_error("OMEMO: cannot decrypt message key");
|
log_error("OMEMO: cannot decrypt message key");
|
||||||
|
@ -362,9 +362,16 @@ save_identity(const signal_protocol_address *address, uint8_t *key_data,
|
|||||||
{
|
{
|
||||||
identity_key_store_t *identity_key_store = (identity_key_store_t *)user_data;
|
identity_key_store_t *identity_key_store = (identity_key_store_t *)user_data;
|
||||||
|
|
||||||
if (identity_key_store->recv && !identity_key_store->trusted_msg) {
|
if (identity_key_store->recv) {
|
||||||
/* Do not trust identity automatically */
|
/* Do not trust identity automatically */
|
||||||
return SG_SUCCESS;
|
/* Instead we perform a real trust check */
|
||||||
|
identity_key_store->recv = false;
|
||||||
|
int trusted = is_trusted_identity(address, key_data, key_len, user_data);
|
||||||
|
identity_key_store->recv = true;
|
||||||
|
if (trusted == 0) {
|
||||||
|
/* If not trusted we just don't save the identity */
|
||||||
|
return SG_SUCCESS;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
signal_buffer *buffer = signal_buffer_create(key_data, key_len);
|
signal_buffer *buffer = signal_buffer_create(key_data, key_len);
|
||||||
@ -398,7 +405,6 @@ is_trusted_identity(const signal_protocol_address *address, uint8_t *key_data,
|
|||||||
GHashTable *trusted = g_hash_table_lookup(identity_key_store->trusted, address->name);
|
GHashTable *trusted = g_hash_table_lookup(identity_key_store->trusted, address->name);
|
||||||
if (!trusted) {
|
if (!trusted) {
|
||||||
if (identity_key_store->recv) {
|
if (identity_key_store->recv) {
|
||||||
identity_key_store->trusted_msg = false;
|
|
||||||
return 1;
|
return 1;
|
||||||
} else {
|
} else {
|
||||||
return 0;
|
return 0;
|
||||||
@ -414,7 +420,6 @@ is_trusted_identity(const signal_protocol_address *address, uint8_t *key_data,
|
|||||||
|
|
||||||
|
|
||||||
if (identity_key_store->recv) {
|
if (identity_key_store->recv) {
|
||||||
identity_key_store->trusted_msg = ret;
|
|
||||||
return 1;
|
return 1;
|
||||||
} else {
|
} else {
|
||||||
return ret;
|
return ret;
|
||||||
|
@ -49,7 +49,6 @@ typedef struct {
|
|||||||
uint32_t registration_id;
|
uint32_t registration_id;
|
||||||
GHashTable *trusted;
|
GHashTable *trusted;
|
||||||
bool recv;
|
bool recv;
|
||||||
bool trusted_msg;
|
|
||||||
} identity_key_store_t;
|
} identity_key_store_t;
|
||||||
|
|
||||||
GHashTable * session_store_new(void);
|
GHashTable * session_store_new(void);
|
||||||
|
Loading…
Reference in New Issue
Block a user