mirror of
https://github.com/profanity-im/profanity.git
synced 2024-12-04 14:46:46 -05:00
1898 lines
66 KiB
C
1898 lines
66 KiB
C
/*
|
|
* omemo.c
|
|
* vim: expandtab:ts=4:sts=4:sw=4
|
|
*
|
|
* Copyright (C) 2019 Paul Fariello <paul@fariello.eu>
|
|
* Copyright (C) 2019 - 2021 Michael Vetter <jubalh@iodoru.org>
|
|
*
|
|
* This file is part of Profanity.
|
|
*
|
|
* Profanity is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation, either version 3 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* Profanity is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with Profanity. If not, see <https://www.gnu.org/licenses/>.
|
|
*
|
|
* In addition, as a special exception, the copyright holders give permission to
|
|
* link the code of portions of this program with the OpenSSL library under
|
|
* certain conditions as described in each individual source file, and
|
|
* distribute linked combinations including the two.
|
|
*
|
|
* You must obey the GNU General Public License in all respects for all of the
|
|
* code used other than OpenSSL. If you modify file(s) with this exception, you
|
|
* may extend this exception to your version of the file(s), but you are not
|
|
* obligated to do so. If you do not wish to do so, delete this exception
|
|
* statement from your version. If you delete this exception statement from all
|
|
* source files in the program, then also delete it here.
|
|
*
|
|
*/
|
|
#include "config.h"
|
|
|
|
#include <sys/time.h>
|
|
#include <sys/stat.h>
|
|
|
|
#include <assert.h>
|
|
#include <errno.h>
|
|
#include <glib.h>
|
|
#include <pthread.h>
|
|
#include <signal/key_helper.h>
|
|
#include <signal/protocol.h>
|
|
#include <signal/signal_protocol.h>
|
|
#include <signal/session_builder.h>
|
|
#include <signal/session_cipher.h>
|
|
|
|
#include "config/account.h"
|
|
#include "config/files.h"
|
|
#include "config/preferences.h"
|
|
#include "log.h"
|
|
#include "omemo/crypto.h"
|
|
#include "omemo/omemo.h"
|
|
#include "omemo/store.h"
|
|
#include "ui/ui.h"
|
|
#include "ui/window_list.h"
|
|
#include "xmpp/connection.h"
|
|
#include "xmpp/muc.h"
|
|
#include "xmpp/omemo.h"
|
|
#include "xmpp/roster_list.h"
|
|
#include "xmpp/xmpp.h"
|
|
|
|
#define AESGCM_URL_NONCE_LEN (2 * OMEMO_AESGCM_NONCE_LENGTH)
|
|
#define AESGCM_URL_KEY_LEN (2 * OMEMO_AESGCM_KEY_LENGTH)
|
|
|
|
static gboolean loaded;
|
|
|
|
static void _generate_pre_keys(int count);
|
|
static void _generate_signed_pre_key(void);
|
|
static gboolean _load_identity(void);
|
|
static void _load_trust(void);
|
|
static void _load_sessions(void);
|
|
static void _load_known_devices(void);
|
|
static void _lock(void* user_data);
|
|
static void _unlock(void* user_data);
|
|
static void _omemo_log(int level, const char* message, size_t len, void* user_data);
|
|
static gboolean _handle_own_device_list(const char* const jid, GList* device_list);
|
|
static gboolean _handle_device_list_start_session(const char* const jid, GList* device_list);
|
|
static char* _omemo_fingerprint(ec_public_key* identity, gboolean formatted);
|
|
static unsigned char* _omemo_fingerprint_decode(const char* const fingerprint, size_t* len);
|
|
static char* _omemo_unformat_fingerprint(const char* const fingerprint_formatted);
|
|
static void _cache_device_identity(const char* const jid, uint32_t device_id, ec_public_key* identity);
|
|
static void _g_hash_table_free(GHashTable* hash_table);
|
|
|
|
typedef gboolean (*OmemoDeviceListHandler)(const char* const jid, GList* device_list);
|
|
|
|
struct omemo_context_t
|
|
{
|
|
pthread_mutexattr_t attr;
|
|
pthread_mutex_t lock;
|
|
signal_context* signal;
|
|
uint32_t device_id;
|
|
GHashTable* device_list;
|
|
GHashTable* device_list_handler;
|
|
ratchet_identity_key_pair* identity_key_pair;
|
|
uint32_t registration_id;
|
|
uint32_t signed_pre_key_id;
|
|
signal_protocol_store_context* store;
|
|
GHashTable* session_store;
|
|
GHashTable* pre_key_store;
|
|
GHashTable* signed_pre_key_store;
|
|
identity_key_store_t identity_key_store;
|
|
GString* identity_filename;
|
|
GKeyFile* identity_keyfile;
|
|
GString* trust_filename;
|
|
GKeyFile* trust_keyfile;
|
|
GString* sessions_filename;
|
|
GKeyFile* sessions_keyfile;
|
|
GHashTable* known_devices;
|
|
GString* known_devices_filename;
|
|
GKeyFile* known_devices_keyfile;
|
|
GHashTable* fingerprint_ac;
|
|
};
|
|
|
|
static omemo_context omemo_ctx;
|
|
|
|
void
|
|
omemo_init(void)
|
|
{
|
|
log_info("[OMEMO] initialising");
|
|
if (omemo_crypto_init() != 0) {
|
|
cons_show("Error initializing OMEMO crypto: gcry_check_version() failed");
|
|
}
|
|
|
|
pthread_mutexattr_init(&omemo_ctx.attr);
|
|
pthread_mutexattr_settype(&omemo_ctx.attr, PTHREAD_MUTEX_RECURSIVE);
|
|
pthread_mutex_init(&omemo_ctx.lock, &omemo_ctx.attr);
|
|
|
|
omemo_ctx.fingerprint_ac = g_hash_table_new_full(g_str_hash, g_str_equal, free, (GDestroyNotify)autocomplete_free);
|
|
}
|
|
|
|
void
|
|
omemo_close(void)
|
|
{
|
|
if (omemo_ctx.fingerprint_ac) {
|
|
g_hash_table_destroy(omemo_ctx.fingerprint_ac);
|
|
omemo_ctx.fingerprint_ac = NULL;
|
|
}
|
|
}
|
|
|
|
void
|
|
omemo_on_connect(ProfAccount* account)
|
|
{
|
|
GError* error = NULL;
|
|
|
|
if (signal_context_create(&omemo_ctx.signal, &omemo_ctx) != 0) {
|
|
cons_show("Error initializing OMEMO context");
|
|
return;
|
|
}
|
|
|
|
if (signal_context_set_log_function(omemo_ctx.signal, _omemo_log) != 0) {
|
|
cons_show("Error initializing OMEMO log");
|
|
}
|
|
|
|
signal_crypto_provider crypto_provider = {
|
|
.random_func = omemo_random_func,
|
|
.hmac_sha256_init_func = omemo_hmac_sha256_init_func,
|
|
.hmac_sha256_update_func = omemo_hmac_sha256_update_func,
|
|
.hmac_sha256_final_func = omemo_hmac_sha256_final_func,
|
|
.hmac_sha256_cleanup_func = omemo_hmac_sha256_cleanup_func,
|
|
.sha512_digest_init_func = omemo_sha512_digest_init_func,
|
|
.sha512_digest_update_func = omemo_sha512_digest_update_func,
|
|
.sha512_digest_final_func = omemo_sha512_digest_final_func,
|
|
.sha512_digest_cleanup_func = omemo_sha512_digest_cleanup_func,
|
|
.encrypt_func = omemo_encrypt_func,
|
|
.decrypt_func = omemo_decrypt_func,
|
|
.user_data = NULL
|
|
};
|
|
|
|
if (signal_context_set_crypto_provider(omemo_ctx.signal, &crypto_provider) != 0) {
|
|
cons_show("Error initializing OMEMO crypto: unable to set crypto provider");
|
|
return;
|
|
}
|
|
|
|
signal_context_set_locking_functions(omemo_ctx.signal, _lock, _unlock);
|
|
|
|
signal_protocol_store_context_create(&omemo_ctx.store, omemo_ctx.signal);
|
|
|
|
omemo_ctx.session_store = session_store_new();
|
|
signal_protocol_session_store session_store = {
|
|
.load_session_func = load_session,
|
|
.get_sub_device_sessions_func = get_sub_device_sessions,
|
|
.store_session_func = store_session,
|
|
.contains_session_func = contains_session,
|
|
.delete_session_func = delete_session,
|
|
.delete_all_sessions_func = delete_all_sessions,
|
|
.destroy_func = NULL,
|
|
.user_data = omemo_ctx.session_store
|
|
};
|
|
signal_protocol_store_context_set_session_store(omemo_ctx.store, &session_store);
|
|
|
|
omemo_ctx.pre_key_store = pre_key_store_new();
|
|
signal_protocol_pre_key_store pre_key_store = {
|
|
.load_pre_key = load_pre_key,
|
|
.store_pre_key = store_pre_key,
|
|
.contains_pre_key = contains_pre_key,
|
|
.remove_pre_key = remove_pre_key,
|
|
.destroy_func = NULL,
|
|
.user_data = omemo_ctx.pre_key_store
|
|
};
|
|
signal_protocol_store_context_set_pre_key_store(omemo_ctx.store, &pre_key_store);
|
|
|
|
omemo_ctx.signed_pre_key_store = signed_pre_key_store_new();
|
|
signal_protocol_signed_pre_key_store signed_pre_key_store = {
|
|
.load_signed_pre_key = load_signed_pre_key,
|
|
.store_signed_pre_key = store_signed_pre_key,
|
|
.contains_signed_pre_key = contains_signed_pre_key,
|
|
.remove_signed_pre_key = remove_signed_pre_key,
|
|
.destroy_func = NULL,
|
|
.user_data = omemo_ctx.signed_pre_key_store
|
|
};
|
|
signal_protocol_store_context_set_signed_pre_key_store(omemo_ctx.store, &signed_pre_key_store);
|
|
|
|
identity_key_store_new(&omemo_ctx.identity_key_store);
|
|
signal_protocol_identity_key_store identity_key_store = {
|
|
.get_identity_key_pair = get_identity_key_pair,
|
|
.get_local_registration_id = get_local_registration_id,
|
|
.save_identity = save_identity,
|
|
.is_trusted_identity = is_trusted_identity,
|
|
.destroy_func = NULL,
|
|
.user_data = &omemo_ctx.identity_key_store
|
|
};
|
|
signal_protocol_store_context_set_identity_key_store(omemo_ctx.store, &identity_key_store);
|
|
|
|
loaded = FALSE;
|
|
omemo_ctx.device_list = g_hash_table_new_full(g_str_hash, g_str_equal, free, (GDestroyNotify)g_list_free);
|
|
omemo_ctx.device_list_handler = g_hash_table_new_full(g_str_hash, g_str_equal, free, NULL);
|
|
omemo_ctx.known_devices = g_hash_table_new_full(g_str_hash, g_str_equal, free, (GDestroyNotify)_g_hash_table_free);
|
|
|
|
gchar* omemo_dir = files_get_account_data_path(DIR_OMEMO, account->jid);
|
|
|
|
omemo_ctx.identity_filename = g_string_new(omemo_dir);
|
|
g_string_append(omemo_ctx.identity_filename, "/identity.txt");
|
|
omemo_ctx.trust_filename = g_string_new(omemo_dir);
|
|
g_string_append(omemo_ctx.trust_filename, "/trust.txt");
|
|
omemo_ctx.sessions_filename = g_string_new(omemo_dir);
|
|
g_string_append(omemo_ctx.sessions_filename, "/sessions.txt");
|
|
omemo_ctx.known_devices_filename = g_string_new(omemo_dir);
|
|
g_string_append(omemo_ctx.known_devices_filename, "/known_devices.txt");
|
|
|
|
errno = 0;
|
|
int res = g_mkdir_with_parents(omemo_dir, S_IRWXU);
|
|
if (res == -1) {
|
|
const char* errmsg = strerror(errno);
|
|
if (errmsg) {
|
|
log_error("[OMEMO] error creating directory: %s, %s", omemo_dir, errmsg);
|
|
} else {
|
|
log_error("[OMEMO] creating directory: %s", omemo_dir);
|
|
}
|
|
}
|
|
|
|
g_free(omemo_dir);
|
|
|
|
omemo_devicelist_subscribe();
|
|
|
|
omemo_ctx.identity_keyfile = g_key_file_new();
|
|
omemo_ctx.trust_keyfile = g_key_file_new();
|
|
omemo_ctx.sessions_keyfile = g_key_file_new();
|
|
omemo_ctx.known_devices_keyfile = g_key_file_new();
|
|
|
|
if (g_key_file_load_from_file(omemo_ctx.identity_keyfile, omemo_ctx.identity_filename->str, G_KEY_FILE_KEEP_COMMENTS, &error)) {
|
|
if (!_load_identity()) {
|
|
return;
|
|
}
|
|
} else if (error->code != G_FILE_ERROR_NOENT) {
|
|
log_warning("[OMEMO] error loading identity from: %s, %s", omemo_ctx.identity_filename->str, error->message);
|
|
g_error_free(error);
|
|
return;
|
|
}
|
|
|
|
error = NULL;
|
|
if (g_key_file_load_from_file(omemo_ctx.trust_keyfile, omemo_ctx.trust_filename->str, G_KEY_FILE_KEEP_COMMENTS, &error)) {
|
|
_load_trust();
|
|
} else if (error->code != G_FILE_ERROR_NOENT) {
|
|
log_warning("[OMEMO] error loading trust from: %s, %s", omemo_ctx.trust_filename->str, error->message);
|
|
g_error_free(error);
|
|
} else {
|
|
log_warning("[OMEMO] no such file: %s", omemo_ctx.trust_filename->str);
|
|
g_error_free(error);
|
|
}
|
|
|
|
error = NULL;
|
|
if (g_key_file_load_from_file(omemo_ctx.sessions_keyfile, omemo_ctx.sessions_filename->str, G_KEY_FILE_KEEP_COMMENTS, &error)) {
|
|
_load_sessions();
|
|
} else if (error->code != G_FILE_ERROR_NOENT) {
|
|
log_warning("[OMEMO] error loading sessions from: %s, %s", omemo_ctx.sessions_filename->str, error->message);
|
|
g_error_free(error);
|
|
} else {
|
|
log_warning("[OMEMO] no such file: %s", omemo_ctx.trust_filename->str);
|
|
g_error_free(error);
|
|
}
|
|
|
|
error = NULL;
|
|
if (g_key_file_load_from_file(omemo_ctx.known_devices_keyfile, omemo_ctx.known_devices_filename->str, G_KEY_FILE_KEEP_COMMENTS, &error)) {
|
|
_load_known_devices();
|
|
} else if (error->code != G_FILE_ERROR_NOENT) {
|
|
log_warning("[OMEMO] error loading known devices from: %s, %s", omemo_ctx.known_devices_filename->str, error->message);
|
|
g_error_free(error);
|
|
} else {
|
|
log_warning("[OMEMO] no such file: %s", omemo_ctx.trust_filename->str);
|
|
g_error_free(error);
|
|
}
|
|
}
|
|
|
|
void
|
|
omemo_on_disconnect(void)
|
|
{
|
|
if (!loaded) {
|
|
return;
|
|
}
|
|
|
|
_g_hash_table_free(omemo_ctx.signed_pre_key_store);
|
|
_g_hash_table_free(omemo_ctx.pre_key_store);
|
|
_g_hash_table_free(omemo_ctx.device_list_handler);
|
|
|
|
g_string_free(omemo_ctx.identity_filename, TRUE);
|
|
g_key_file_free(omemo_ctx.identity_keyfile);
|
|
g_string_free(omemo_ctx.trust_filename, TRUE);
|
|
g_key_file_free(omemo_ctx.trust_keyfile);
|
|
g_string_free(omemo_ctx.sessions_filename, TRUE);
|
|
g_key_file_free(omemo_ctx.sessions_keyfile);
|
|
_g_hash_table_free(omemo_ctx.session_store);
|
|
g_string_free(omemo_ctx.known_devices_filename, TRUE);
|
|
g_key_file_free(omemo_ctx.known_devices_keyfile);
|
|
}
|
|
|
|
void
|
|
omemo_generate_crypto_materials(ProfAccount* account)
|
|
{
|
|
if (loaded) {
|
|
return;
|
|
}
|
|
|
|
log_info("Generate long term OMEMO cryptography materials");
|
|
|
|
/* Device ID */
|
|
gcry_randomize(&omemo_ctx.device_id, 4, GCRY_VERY_STRONG_RANDOM);
|
|
omemo_ctx.device_id &= 0x7fffffff;
|
|
g_key_file_set_uint64(omemo_ctx.identity_keyfile, OMEMO_STORE_GROUP_IDENTITY, OMEMO_STORE_KEY_DEVICE_ID, omemo_ctx.device_id);
|
|
log_info("[OMEMO] device id: %d", omemo_ctx.device_id);
|
|
|
|
/* Identity key */
|
|
signal_protocol_key_helper_generate_identity_key_pair(&omemo_ctx.identity_key_pair, omemo_ctx.signal);
|
|
|
|
ec_public_key_serialize(&omemo_ctx.identity_key_store.public, ratchet_identity_key_pair_get_public(omemo_ctx.identity_key_pair));
|
|
char* identity_key_public = g_base64_encode(signal_buffer_data(omemo_ctx.identity_key_store.public), signal_buffer_len(omemo_ctx.identity_key_store.public));
|
|
g_key_file_set_string(omemo_ctx.identity_keyfile, OMEMO_STORE_GROUP_IDENTITY, OMEMO_STORE_KEY_IDENTITY_KEY_PUBLIC, identity_key_public);
|
|
g_free(identity_key_public);
|
|
|
|
ec_private_key_serialize(&omemo_ctx.identity_key_store.private, ratchet_identity_key_pair_get_private(omemo_ctx.identity_key_pair));
|
|
char* identity_key_private = g_base64_encode(signal_buffer_data(omemo_ctx.identity_key_store.private), signal_buffer_len(omemo_ctx.identity_key_store.private));
|
|
g_key_file_set_string(omemo_ctx.identity_keyfile, OMEMO_STORE_GROUP_IDENTITY, OMEMO_STORE_KEY_IDENTITY_KEY_PRIVATE, identity_key_private);
|
|
g_free(identity_key_private);
|
|
|
|
/* Registration ID */
|
|
signal_protocol_key_helper_generate_registration_id(&omemo_ctx.registration_id, 0, omemo_ctx.signal);
|
|
g_key_file_set_uint64(omemo_ctx.identity_keyfile, OMEMO_STORE_GROUP_IDENTITY, OMEMO_STORE_KEY_REGISTRATION_ID, omemo_ctx.registration_id);
|
|
|
|
/* Pre keys */
|
|
_generate_pre_keys(100);
|
|
|
|
/* Signed pre key */
|
|
_generate_signed_pre_key();
|
|
|
|
omemo_identity_keyfile_save();
|
|
|
|
loaded = TRUE;
|
|
|
|
omemo_publish_crypto_materials();
|
|
omemo_start_sessions();
|
|
}
|
|
|
|
void
|
|
omemo_publish_crypto_materials(void)
|
|
{
|
|
log_debug("[OMEMO] publish crypto materials");
|
|
|
|
if (loaded != TRUE) {
|
|
cons_show("OMEMO: cannot publish crypto materials before they are generated");
|
|
log_error("[OMEMO] cannot publish crypto materials before they are generated");
|
|
return;
|
|
}
|
|
|
|
char* barejid = connection_get_barejid();
|
|
|
|
/* Ensure we get our current device list, and it gets updated with our
|
|
* device_id */
|
|
g_hash_table_insert(omemo_ctx.device_list_handler, strdup(barejid), _handle_own_device_list);
|
|
omemo_devicelist_request(barejid);
|
|
|
|
omemo_bundle_publish(true);
|
|
|
|
free(barejid);
|
|
}
|
|
|
|
void
|
|
omemo_start_sessions(void)
|
|
{
|
|
GSList* contacts = roster_get_contacts(ROSTER_ORD_NAME);
|
|
if (contacts) {
|
|
GSList* curr;
|
|
for (curr = contacts; curr != NULL; curr = g_slist_next(curr)) {
|
|
PContact contact = curr->data;
|
|
const char* jid = p_contact_barejid(contact);
|
|
omemo_start_session(jid);
|
|
}
|
|
g_slist_free(contacts);
|
|
}
|
|
}
|
|
|
|
void
|
|
omemo_start_session(const char* const barejid)
|
|
{
|
|
if (omemo_loaded()) {
|
|
log_debug("[OMEMO] start session with %s", barejid);
|
|
GList* device_list = g_hash_table_lookup(omemo_ctx.device_list, barejid);
|
|
if (!device_list) {
|
|
log_debug("[OMEMO] missing device list for %s", barejid);
|
|
// Own devices are handled by _handle_own_device_list
|
|
// We won't add _handle_device_list_start_session for ourself
|
|
char* mybarejid = connection_get_barejid();
|
|
if (g_strcmp0(mybarejid, barejid) != 0) {
|
|
g_hash_table_insert(omemo_ctx.device_list_handler, strdup(barejid), _handle_device_list_start_session);
|
|
}
|
|
free(mybarejid);
|
|
omemo_devicelist_request(barejid);
|
|
return;
|
|
}
|
|
|
|
GList* device_id;
|
|
for (device_id = device_list; device_id != NULL; device_id = device_id->next) {
|
|
omemo_bundle_request(barejid, GPOINTER_TO_INT(device_id->data), omemo_start_device_session_handle_bundle, free, strdup(barejid));
|
|
}
|
|
}
|
|
}
|
|
|
|
void
|
|
omemo_start_muc_sessions(const char* const roomjid)
|
|
{
|
|
GList* members = muc_members(roomjid);
|
|
GList* iter;
|
|
for (iter = members; iter != NULL; iter = iter->next) {
|
|
Jid* jid = jid_create(iter->data);
|
|
omemo_start_session(jid->barejid);
|
|
jid_destroy(jid);
|
|
}
|
|
g_list_free(members);
|
|
}
|
|
|
|
gboolean
|
|
omemo_loaded(void)
|
|
{
|
|
return loaded;
|
|
}
|
|
|
|
uint32_t
|
|
omemo_device_id(void)
|
|
{
|
|
return omemo_ctx.device_id;
|
|
}
|
|
|
|
void
|
|
omemo_identity_key(unsigned char** output, size_t* length)
|
|
{
|
|
signal_buffer* buffer = NULL;
|
|
ec_public_key_serialize(&buffer, ratchet_identity_key_pair_get_public(omemo_ctx.identity_key_pair));
|
|
*length = signal_buffer_len(buffer);
|
|
*output = malloc(*length);
|
|
memcpy(*output, signal_buffer_data(buffer), *length);
|
|
signal_buffer_free(buffer);
|
|
}
|
|
|
|
void
|
|
omemo_signed_prekey(unsigned char** output, size_t* length)
|
|
{
|
|
session_signed_pre_key* signed_pre_key;
|
|
signal_buffer* buffer = NULL;
|
|
|
|
if (signal_protocol_signed_pre_key_load_key(omemo_ctx.store, &signed_pre_key, omemo_ctx.signed_pre_key_id) != SG_SUCCESS) {
|
|
*output = NULL;
|
|
*length = 0;
|
|
return;
|
|
}
|
|
|
|
ec_public_key_serialize(&buffer, ec_key_pair_get_public(session_signed_pre_key_get_key_pair(signed_pre_key)));
|
|
SIGNAL_UNREF(signed_pre_key);
|
|
*length = signal_buffer_len(buffer);
|
|
*output = malloc(*length);
|
|
memcpy(*output, signal_buffer_data(buffer), *length);
|
|
signal_buffer_free(buffer);
|
|
}
|
|
|
|
void
|
|
omemo_signed_prekey_signature(unsigned char** output, size_t* length)
|
|
{
|
|
session_signed_pre_key* signed_pre_key;
|
|
|
|
if (signal_protocol_signed_pre_key_load_key(omemo_ctx.store, &signed_pre_key, omemo_ctx.signed_pre_key_id) != SG_SUCCESS) {
|
|
*output = NULL;
|
|
*length = 0;
|
|
return;
|
|
}
|
|
|
|
*length = session_signed_pre_key_get_signature_len(signed_pre_key);
|
|
*output = malloc(*length);
|
|
memcpy(*output, session_signed_pre_key_get_signature(signed_pre_key), *length);
|
|
SIGNAL_UNREF(signed_pre_key);
|
|
}
|
|
|
|
void
|
|
omemo_prekeys(GList** prekeys, GList** ids, GList** lengths)
|
|
{
|
|
GHashTableIter iter;
|
|
gpointer id;
|
|
|
|
g_hash_table_iter_init(&iter, omemo_ctx.pre_key_store);
|
|
while (g_hash_table_iter_next(&iter, &id, NULL)) {
|
|
session_pre_key* pre_key;
|
|
int ret;
|
|
ret = signal_protocol_pre_key_load_key(omemo_ctx.store, &pre_key, GPOINTER_TO_INT(id));
|
|
if (ret != SG_SUCCESS) {
|
|
continue;
|
|
}
|
|
|
|
signal_buffer* public_key;
|
|
ec_public_key_serialize(&public_key, ec_key_pair_get_public(session_pre_key_get_key_pair(pre_key)));
|
|
SIGNAL_UNREF(pre_key);
|
|
size_t length = signal_buffer_len(public_key);
|
|
unsigned char* prekey_value = malloc(length);
|
|
memcpy(prekey_value, signal_buffer_data(public_key), length);
|
|
signal_buffer_free(public_key);
|
|
|
|
*prekeys = g_list_append(*prekeys, prekey_value);
|
|
*ids = g_list_append(*ids, GINT_TO_POINTER(id));
|
|
*lengths = g_list_append(*lengths, GINT_TO_POINTER(length));
|
|
}
|
|
}
|
|
|
|
void
|
|
omemo_set_device_list(const char* const from, GList* device_list)
|
|
{
|
|
log_debug("[OMEMO] Setting device list for %s", from);
|
|
Jid* jid;
|
|
if (from) {
|
|
jid = jid_create(from);
|
|
} else {
|
|
jid = jid_create(connection_get_fulljid());
|
|
}
|
|
|
|
g_hash_table_insert(omemo_ctx.device_list, strdup(jid->barejid), device_list);
|
|
|
|
OmemoDeviceListHandler handler = g_hash_table_lookup(omemo_ctx.device_list_handler, jid->barejid);
|
|
if (handler) {
|
|
gboolean keep = handler(jid->barejid, device_list);
|
|
if (!keep) {
|
|
g_hash_table_remove(omemo_ctx.device_list_handler, jid->barejid);
|
|
}
|
|
} else {
|
|
log_debug("[OMEMO] No Device List Handler for %s", from);
|
|
}
|
|
|
|
// OMEMO trustmode ToFu
|
|
if (g_strcmp0(prefs_get_string(PREF_OMEMO_TRUST_MODE), "firstusage") == 0) {
|
|
log_debug("[OMEMO] Checking firstusage state for %s", jid->barejid);
|
|
GHashTable* trusted = g_hash_table_lookup(omemo_ctx.identity_key_store.trusted, jid->barejid);
|
|
if (trusted) {
|
|
if (g_hash_table_size(trusted) > 0) {
|
|
log_debug("[OMEMO] Found trusted device for %s - skip firstusage", jid->barejid);
|
|
return;
|
|
}
|
|
} else {
|
|
if (device_list) {
|
|
cons_show("OMEMO: No trusted devices found for %s", jid->barejid);
|
|
GList* device_id;
|
|
for (device_id = device_list; device_id != NULL; device_id = device_id->next) {
|
|
GHashTable* known_identities = g_hash_table_lookup(omemo_ctx.known_devices, jid->barejid);
|
|
if (known_identities) {
|
|
GList* fp = NULL;
|
|
for (fp = g_hash_table_get_keys(known_identities); fp != NULL; fp = fp->next) {
|
|
if (device_id->data == g_hash_table_lookup(known_identities, fp->data)) {
|
|
cons_show("OMEMO: Adding firstusage trust for %s device %d - Fingerprint %s", jid->barejid, device_id->data, omemo_format_fingerprint(fp->data));
|
|
omemo_trust(jid->barejid, omemo_format_fingerprint(fp->data));
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
jid_destroy(jid);
|
|
}
|
|
|
|
GKeyFile*
|
|
omemo_identity_keyfile(void)
|
|
{
|
|
return omemo_ctx.identity_keyfile;
|
|
}
|
|
|
|
void
|
|
omemo_identity_keyfile_save(void)
|
|
{
|
|
GError* error = NULL;
|
|
|
|
if (!g_key_file_save_to_file(omemo_ctx.identity_keyfile, omemo_ctx.identity_filename->str, &error)) {
|
|
log_error("[OMEMO] error saving identity to: %s, %s", omemo_ctx.identity_filename->str, error->message);
|
|
}
|
|
}
|
|
|
|
GKeyFile*
|
|
omemo_trust_keyfile(void)
|
|
{
|
|
return omemo_ctx.trust_keyfile;
|
|
}
|
|
|
|
void
|
|
omemo_trust_keyfile_save(void)
|
|
{
|
|
GError* error = NULL;
|
|
|
|
if (!g_key_file_save_to_file(omemo_ctx.trust_keyfile, omemo_ctx.trust_filename->str, &error)) {
|
|
log_error("[OMEMO] error saving trust to: %s, %s", omemo_ctx.trust_filename->str, error->message);
|
|
}
|
|
}
|
|
|
|
GKeyFile*
|
|
omemo_sessions_keyfile(void)
|
|
{
|
|
return omemo_ctx.sessions_keyfile;
|
|
}
|
|
|
|
void
|
|
omemo_sessions_keyfile_save(void)
|
|
{
|
|
GError* error = NULL;
|
|
|
|
if (!g_key_file_save_to_file(omemo_ctx.sessions_keyfile, omemo_ctx.sessions_filename->str, &error)) {
|
|
log_error("[OMEMO] error saving sessions to: %s, %s", omemo_ctx.sessions_filename->str, error->message);
|
|
}
|
|
}
|
|
|
|
void
|
|
omemo_known_devices_keyfile_save(void)
|
|
{
|
|
GError* error = NULL;
|
|
|
|
if (!g_key_file_save_to_file(omemo_ctx.known_devices_keyfile, omemo_ctx.known_devices_filename->str, &error)) {
|
|
log_error("[OMEMO] error saving known devices to: %s, %s", omemo_ctx.known_devices_filename->str, error->message);
|
|
}
|
|
}
|
|
|
|
void
|
|
omemo_start_device_session(const char* const jid, uint32_t device_id,
|
|
GList* prekeys, uint32_t signed_prekey_id,
|
|
const unsigned char* const signed_prekey_raw, size_t signed_prekey_len,
|
|
const unsigned char* const signature, size_t signature_len,
|
|
const unsigned char* const identity_key_raw, size_t identity_key_len)
|
|
{
|
|
log_debug("[OMEMO] Starting device session for %s with device %d", jid, device_id);
|
|
signal_protocol_address address = {
|
|
.name = jid,
|
|
.name_len = strlen(jid),
|
|
.device_id = device_id,
|
|
};
|
|
|
|
ec_public_key* identity_key;
|
|
curve_decode_point(&identity_key, identity_key_raw, identity_key_len, omemo_ctx.signal);
|
|
_cache_device_identity(jid, device_id, identity_key);
|
|
|
|
gboolean trusted = is_trusted_identity(&address, (uint8_t*)identity_key_raw, identity_key_len, &omemo_ctx.identity_key_store);
|
|
log_debug("[OMEMO] Trust %s (%d): %d", jid, device_id, trusted);
|
|
|
|
if ((g_strcmp0(prefs_get_string(PREF_OMEMO_TRUST_MODE), "blind") == 0) && !trusted) {
|
|
char* fp = _omemo_fingerprint(identity_key, TRUE);
|
|
cons_show("Blind trust for %s device %d (%s)", jid, device_id, fp);
|
|
omemo_trust(jid, fp);
|
|
free(fp);
|
|
trusted = TRUE;
|
|
}
|
|
|
|
if (!trusted) {
|
|
log_debug("[OMEMO] We don't trust device %d for %s\n", device_id, jid);
|
|
goto out;
|
|
}
|
|
|
|
if (!contains_session(&address, omemo_ctx.session_store)) {
|
|
log_debug("[OMEMO] There is no Session for %s ( %d) ,... building session.", address.name, address.device_id);
|
|
int res;
|
|
session_pre_key_bundle* bundle;
|
|
signal_protocol_address* address;
|
|
|
|
address = malloc(sizeof(signal_protocol_address));
|
|
address->name = strdup(jid);
|
|
address->name_len = strlen(jid);
|
|
address->device_id = device_id;
|
|
|
|
session_builder* builder;
|
|
res = session_builder_create(&builder, omemo_ctx.store, address, omemo_ctx.signal);
|
|
if (res != 0) {
|
|
log_error("[OMEMO] cannot create session builder for %s device %d", jid, device_id);
|
|
goto out;
|
|
}
|
|
|
|
int prekey_index;
|
|
gcry_randomize(&prekey_index, sizeof(int), GCRY_STRONG_RANDOM);
|
|
prekey_index %= g_list_length(prekeys);
|
|
omemo_key_t* prekey = g_list_nth_data(prekeys, prekey_index);
|
|
|
|
ec_public_key* prekey_public;
|
|
curve_decode_point(&prekey_public, prekey->data, prekey->length, omemo_ctx.signal);
|
|
ec_public_key* signed_prekey;
|
|
curve_decode_point(&signed_prekey, signed_prekey_raw, signed_prekey_len, omemo_ctx.signal);
|
|
|
|
res = session_pre_key_bundle_create(&bundle, 0, device_id, prekey->id, prekey_public, signed_prekey_id, signed_prekey, signature, signature_len, identity_key);
|
|
if (res != 0) {
|
|
log_error("[OMEMO] cannot create pre key bundle for %s device %d", jid, device_id);
|
|
goto out;
|
|
}
|
|
|
|
res = session_builder_process_pre_key_bundle(builder, bundle);
|
|
if (res != 0) {
|
|
log_error("[OMEMO] cannot process pre key bundle for %s device %d", jid, device_id);
|
|
goto out;
|
|
}
|
|
|
|
log_debug("[OMEMO] create session with %s device %d", jid, device_id);
|
|
} else {
|
|
log_debug("[OMEMO] session with %s device %d exists", jid, device_id);
|
|
}
|
|
|
|
out:
|
|
SIGNAL_UNREF(identity_key);
|
|
}
|
|
|
|
char*
|
|
omemo_on_message_send(ProfWin* win, const char* const message, gboolean request_receipt, gboolean muc, const char* const replace_id)
|
|
{
|
|
char* id = NULL;
|
|
int res;
|
|
Jid* jid = jid_create(connection_get_fulljid());
|
|
GList* keys = NULL;
|
|
|
|
unsigned char* key;
|
|
unsigned char* iv;
|
|
unsigned char* ciphertext;
|
|
unsigned char* tag;
|
|
unsigned char* key_tag;
|
|
size_t ciphertext_len, tag_len;
|
|
|
|
ciphertext_len = strlen(message);
|
|
ciphertext = malloc(ciphertext_len);
|
|
tag_len = AES128_GCM_TAG_LENGTH;
|
|
tag = gcry_malloc_secure(tag_len);
|
|
key_tag = gcry_malloc_secure(AES128_GCM_KEY_LENGTH + AES128_GCM_TAG_LENGTH);
|
|
|
|
key = gcry_random_bytes_secure(AES128_GCM_KEY_LENGTH, GCRY_VERY_STRONG_RANDOM);
|
|
iv = gcry_random_bytes_secure(AES128_GCM_IV_LENGTH, GCRY_VERY_STRONG_RANDOM);
|
|
|
|
res = aes128gcm_encrypt(ciphertext, &ciphertext_len, tag, &tag_len, (const unsigned char* const)message, strlen(message), iv, key);
|
|
if (res != 0) {
|
|
log_error("[OMEMO][SEND] cannot encrypt message");
|
|
goto out;
|
|
}
|
|
|
|
memcpy(key_tag, key, AES128_GCM_KEY_LENGTH);
|
|
memcpy(key_tag + AES128_GCM_KEY_LENGTH, tag, AES128_GCM_TAG_LENGTH);
|
|
|
|
// List of barejids of the recipients of this message
|
|
GList* recipients = NULL;
|
|
if (muc) {
|
|
ProfMucWin* mucwin = (ProfMucWin*)win;
|
|
assert(mucwin->memcheck == PROFMUCWIN_MEMCHECK);
|
|
GList* members = muc_members(mucwin->roomjid);
|
|
GList* iter;
|
|
for (iter = members; iter != NULL; iter = iter->next) {
|
|
Jid* jid = jid_create(iter->data);
|
|
recipients = g_list_append(recipients, strdup(jid->barejid));
|
|
jid_destroy(jid);
|
|
}
|
|
g_list_free(members);
|
|
} else {
|
|
ProfChatWin* chatwin = (ProfChatWin*)win;
|
|
assert(chatwin->memcheck == PROFCHATWIN_MEMCHECK);
|
|
recipients = g_list_append(recipients, strdup(chatwin->barejid));
|
|
}
|
|
|
|
GList* device_ids_iter;
|
|
|
|
omemo_ctx.identity_key_store.recv = false;
|
|
|
|
// Encrypt keys for the recipients
|
|
GList* recipients_iter;
|
|
for (recipients_iter = recipients; recipients_iter != NULL; recipients_iter = recipients_iter->next) {
|
|
GList* recipient_device_id = NULL;
|
|
recipient_device_id = g_hash_table_lookup(omemo_ctx.device_list, recipients_iter->data);
|
|
if (!recipient_device_id) {
|
|
log_warning("[OMEMO][SEND] cannot find device ids for %s", recipients_iter->data);
|
|
win_println(win, THEME_ERROR, "!", "Can't find a OMEMO device id for %s.\n", recipients_iter->data);
|
|
continue;
|
|
}
|
|
|
|
for (device_ids_iter = recipient_device_id; device_ids_iter != NULL; device_ids_iter = device_ids_iter->next) {
|
|
int res;
|
|
ciphertext_message* ciphertext;
|
|
session_cipher* cipher;
|
|
signal_protocol_address address = {
|
|
.name = recipients_iter->data,
|
|
.name_len = strlen(recipients_iter->data),
|
|
.device_id = GPOINTER_TO_INT(device_ids_iter->data)
|
|
};
|
|
|
|
// Don't encrypt for this device (according to
|
|
// <https://xmpp.org/extensions/xep-0384.html#encrypt>).
|
|
// Yourself as recipients in case of MUC
|
|
char* mybarejid = connection_get_barejid();
|
|
if (!g_strcmp0(mybarejid, recipients_iter->data)) {
|
|
if (GPOINTER_TO_INT(device_ids_iter->data) == omemo_ctx.device_id) {
|
|
free(mybarejid);
|
|
log_debug("[OMEMO][SEND] Skipping %d (my device) ", GPOINTER_TO_INT(device_ids_iter->data));
|
|
continue;
|
|
}
|
|
}
|
|
free(mybarejid);
|
|
|
|
log_debug("[OMEMO][SEND] recipients with device id %d for %s", GPOINTER_TO_INT(device_ids_iter->data), recipients_iter->data);
|
|
res = session_cipher_create(&cipher, omemo_ctx.store, &address, omemo_ctx.signal);
|
|
if (res != SG_SUCCESS) {
|
|
log_error("[OMEMO][SEND] cannot create cipher for %s device id %d - code: %d", address.name, address.device_id, res);
|
|
continue;
|
|
}
|
|
|
|
res = session_cipher_encrypt(cipher, key_tag, AES128_GCM_KEY_LENGTH + AES128_GCM_TAG_LENGTH, &ciphertext);
|
|
session_cipher_free(cipher);
|
|
if (res != SG_SUCCESS) {
|
|
log_info("[OMEMO][SEND] cannot encrypt key for %s device id %d - code: %d", address.name, address.device_id, res);
|
|
continue;
|
|
}
|
|
signal_buffer* buffer = ciphertext_message_get_serialized(ciphertext);
|
|
omemo_key_t* key = malloc(sizeof(omemo_key_t));
|
|
key->length = signal_buffer_len(buffer);
|
|
key->data = malloc(key->length);
|
|
memcpy(key->data, signal_buffer_data(buffer), key->length);
|
|
key->device_id = GPOINTER_TO_INT(device_ids_iter->data);
|
|
key->prekey = ciphertext_message_get_type(ciphertext) == CIPHERTEXT_PREKEY_TYPE;
|
|
keys = g_list_append(keys, key);
|
|
SIGNAL_UNREF(ciphertext);
|
|
}
|
|
}
|
|
|
|
g_list_free_full(recipients, free);
|
|
|
|
// Don't send the message if no key could be encrypted.
|
|
// (Since none of the recipients would be able to read the message.)
|
|
if (keys == NULL) {
|
|
win_println(win, THEME_ERROR, "!", "This message cannot be decrypted for any recipient.\n"
|
|
"You should trust your recipients' device fingerprint(s) using \"/omemo fingerprint trust FINGERPRINT\".\n"
|
|
"It could also be that the key bundle of the recipient(s) have not been received. "
|
|
"In this case, you could try \"omemo end\", \"omemo start\", and send the message again.");
|
|
goto out;
|
|
}
|
|
|
|
// Encrypt keys for the sender
|
|
if (!muc) {
|
|
GList* sender_device_id = g_hash_table_lookup(omemo_ctx.device_list, jid->barejid);
|
|
|
|
for (device_ids_iter = sender_device_id; device_ids_iter != NULL; device_ids_iter = device_ids_iter->next) {
|
|
int res;
|
|
ciphertext_message* ciphertext;
|
|
session_cipher* cipher;
|
|
signal_protocol_address address = {
|
|
.name = jid->barejid,
|
|
.name_len = strlen(jid->barejid),
|
|
.device_id = GPOINTER_TO_INT(device_ids_iter->data)
|
|
};
|
|
log_debug("[OMEMO][SEND][Sender] Sending to device %d for %s ", address.device_id, address.name);
|
|
// Don't encrypt for this device (according to
|
|
// <https://xmpp.org/extensions/xep-0384.html#encrypt>).
|
|
if (address.device_id == omemo_ctx.device_id) {
|
|
continue;
|
|
}
|
|
|
|
res = session_cipher_create(&cipher, omemo_ctx.store, &address, omemo_ctx.signal);
|
|
if (res != 0) {
|
|
log_info("[OMEMO][SEND][Sender] cannot create cipher for %s device id %d", address.name, address.device_id);
|
|
continue;
|
|
}
|
|
|
|
res = session_cipher_encrypt(cipher, key_tag, AES128_GCM_KEY_LENGTH + AES128_GCM_TAG_LENGTH, &ciphertext);
|
|
session_cipher_free(cipher);
|
|
if (res != 0) {
|
|
log_info("[OMEMO][SEND][Sender] cannot encrypt key for %s device id %d", address.name, address.device_id);
|
|
continue;
|
|
}
|
|
signal_buffer* buffer = ciphertext_message_get_serialized(ciphertext);
|
|
omemo_key_t* key = malloc(sizeof(omemo_key_t));
|
|
key->length = signal_buffer_len(buffer);
|
|
key->data = malloc(key->length);
|
|
memcpy(key->data, signal_buffer_data(buffer), key->length);
|
|
key->device_id = GPOINTER_TO_INT(device_ids_iter->data);
|
|
key->prekey = ciphertext_message_get_type(ciphertext) == CIPHERTEXT_PREKEY_TYPE;
|
|
keys = g_list_append(keys, key);
|
|
SIGNAL_UNREF(ciphertext);
|
|
}
|
|
}
|
|
|
|
// Send the message
|
|
if (muc) {
|
|
ProfMucWin* mucwin = (ProfMucWin*)win;
|
|
assert(mucwin->memcheck == PROFMUCWIN_MEMCHECK);
|
|
id = message_send_chat_omemo(mucwin->roomjid, omemo_ctx.device_id, keys, iv, AES128_GCM_IV_LENGTH, ciphertext, ciphertext_len, request_receipt, TRUE, replace_id);
|
|
} else {
|
|
ProfChatWin* chatwin = (ProfChatWin*)win;
|
|
assert(chatwin->memcheck == PROFCHATWIN_MEMCHECK);
|
|
id = message_send_chat_omemo(chatwin->barejid, omemo_ctx.device_id, keys, iv, AES128_GCM_IV_LENGTH, ciphertext, ciphertext_len, request_receipt, FALSE, replace_id);
|
|
}
|
|
|
|
out:
|
|
jid_destroy(jid);
|
|
g_list_free_full(keys, (GDestroyNotify)omemo_key_free);
|
|
free(ciphertext);
|
|
gcry_free(key);
|
|
gcry_free(iv);
|
|
gcry_free(tag);
|
|
gcry_free(key_tag);
|
|
|
|
return id;
|
|
}
|
|
|
|
char*
|
|
omemo_on_message_recv(const char* const from_jid, uint32_t sid,
|
|
const unsigned char* const iv, size_t iv_len, GList* keys,
|
|
const unsigned char* const payload, size_t payload_len, gboolean muc, gboolean* trusted)
|
|
{
|
|
unsigned char* plaintext = NULL;
|
|
Jid* sender = NULL;
|
|
Jid* from = jid_create(from_jid);
|
|
if (!from) {
|
|
log_error("[OMEMO][RECV] Invalid jid %s", from_jid);
|
|
goto out;
|
|
}
|
|
|
|
int res;
|
|
GList* key_iter;
|
|
omemo_key_t* key = NULL;
|
|
for (key_iter = keys; key_iter != NULL; key_iter = key_iter->next) {
|
|
if (((omemo_key_t*)key_iter->data)->device_id == omemo_ctx.device_id) {
|
|
key = key_iter->data;
|
|
break;
|
|
}
|
|
}
|
|
|
|
if (!key) {
|
|
log_warning("[OMEMO][RECV] received a message with no corresponding key");
|
|
goto out;
|
|
}
|
|
|
|
if (muc) {
|
|
GList* roster = muc_roster(from->barejid);
|
|
GList* iter;
|
|
for (iter = roster; iter != NULL; iter = iter->next) {
|
|
Occupant* occupant = (Occupant*)iter->data;
|
|
if (g_strcmp0(occupant->nick, from->resourcepart) == 0) {
|
|
sender = jid_create(occupant->jid);
|
|
break;
|
|
}
|
|
}
|
|
g_list_free(roster);
|
|
if (!sender) {
|
|
log_warning("[OMEMO][RECV] cannot find MUC message sender fulljid");
|
|
goto out;
|
|
}
|
|
} else {
|
|
sender = jid_create(from->barejid);
|
|
}
|
|
|
|
session_cipher* cipher;
|
|
signal_buffer* plaintext_key;
|
|
signal_protocol_address address = {
|
|
.name = sender->barejid,
|
|
.name_len = strlen(sender->barejid),
|
|
.device_id = sid
|
|
};
|
|
|
|
res = session_cipher_create(&cipher, omemo_ctx.store, &address, omemo_ctx.signal);
|
|
if (res != 0) {
|
|
log_error("[OMEMO][RECV] cannot create session cipher");
|
|
goto out;
|
|
}
|
|
|
|
if (key->prekey) {
|
|
log_debug("[OMEMO][RECV] decrypting message with prekey");
|
|
pre_key_signal_message* message;
|
|
ec_public_key* their_identity_key;
|
|
signal_buffer* identity_buffer = NULL;
|
|
|
|
omemo_ctx.identity_key_store.recv = true;
|
|
|
|
pre_key_signal_message_deserialize(&message, key->data, key->length, omemo_ctx.signal);
|
|
their_identity_key = pre_key_signal_message_get_identity_key(message);
|
|
|
|
res = session_cipher_decrypt_pre_key_signal_message(cipher, message, NULL, &plaintext_key);
|
|
|
|
omemo_ctx.identity_key_store.recv = false;
|
|
|
|
/* Perform a real check of the identity */
|
|
ec_public_key_serialize(&identity_buffer, their_identity_key);
|
|
*trusted = is_trusted_identity(&address, signal_buffer_data(identity_buffer),
|
|
signal_buffer_len(identity_buffer), &omemo_ctx.identity_key_store);
|
|
|
|
/* Replace used pre_key in bundle */
|
|
uint32_t pre_key_id = pre_key_signal_message_get_pre_key_id(message);
|
|
ec_key_pair* ec_pair;
|
|
session_pre_key* new_pre_key;
|
|
curve_generate_key_pair(omemo_ctx.signal, &ec_pair);
|
|
session_pre_key_create(&new_pre_key, pre_key_id, ec_pair);
|
|
signal_protocol_pre_key_store_key(omemo_ctx.store, new_pre_key);
|
|
SIGNAL_UNREF(new_pre_key);
|
|
SIGNAL_UNREF(message);
|
|
SIGNAL_UNREF(ec_pair);
|
|
omemo_bundle_publish(true);
|
|
|
|
if (res == 0) {
|
|
/* Start a new session */
|
|
log_debug("[OMEMO][RECV] Res is 0 => omemo_bundle_request");
|
|
omemo_bundle_request(sender->barejid, sid, omemo_start_device_session_handle_bundle, free, strdup(sender->barejid));
|
|
}
|
|
} else {
|
|
log_debug("[OMEMO][RECV] decrypting message with existing session");
|
|
signal_message* message = NULL;
|
|
|
|
res = signal_message_deserialize(&message, key->data, key->length, omemo_ctx.signal);
|
|
|
|
if (res < 0) {
|
|
log_error("[OMEMO][RECV] cannot deserialize message");
|
|
} else {
|
|
res = session_cipher_decrypt_signal_message(cipher, message, NULL, &plaintext_key);
|
|
*trusted = true;
|
|
SIGNAL_UNREF(message);
|
|
}
|
|
}
|
|
|
|
session_cipher_free(cipher);
|
|
if (res != 0) {
|
|
log_error("[OMEMO][RECV] cannot decrypt message key");
|
|
goto out;
|
|
}
|
|
|
|
if (signal_buffer_len(plaintext_key) != AES128_GCM_KEY_LENGTH + AES128_GCM_TAG_LENGTH) {
|
|
log_error("[OMEMO][RECV] invalid key length");
|
|
signal_buffer_free(plaintext_key);
|
|
goto out;
|
|
}
|
|
|
|
size_t plaintext_len = payload_len;
|
|
plaintext = malloc(plaintext_len + 1);
|
|
res = aes128gcm_decrypt(plaintext, &plaintext_len, payload, payload_len, iv,
|
|
iv_len, signal_buffer_data(plaintext_key),
|
|
signal_buffer_data(plaintext_key) + AES128_GCM_KEY_LENGTH);
|
|
signal_buffer_free(plaintext_key);
|
|
if (res != 0) {
|
|
log_error("[OMEMO][RECV] cannot decrypt message: %s", gcry_strerror(res));
|
|
free(plaintext);
|
|
plaintext = NULL;
|
|
goto out;
|
|
}
|
|
|
|
plaintext[plaintext_len] = '\0';
|
|
|
|
out:
|
|
jid_destroy(from);
|
|
jid_destroy(sender);
|
|
return (char*)plaintext;
|
|
}
|
|
|
|
char*
|
|
omemo_format_fingerprint(const char* const fingerprint)
|
|
{
|
|
char* output = malloc(strlen(fingerprint) + strlen(fingerprint) / 8);
|
|
|
|
int i, j;
|
|
for (i = 0, j = 0; i < strlen(fingerprint); i++) {
|
|
if (i > 0 && i % 8 == 0) {
|
|
output[j++] = '-';
|
|
}
|
|
output[j++] = fingerprint[i];
|
|
}
|
|
|
|
output[j] = '\0';
|
|
|
|
return output;
|
|
}
|
|
|
|
static char*
|
|
_omemo_unformat_fingerprint(const char* const fingerprint_formatted)
|
|
{
|
|
/* Unformat fingerprint */
|
|
char* fingerprint = malloc(strlen(fingerprint_formatted));
|
|
int i;
|
|
int j;
|
|
for (i = 0, j = 0; fingerprint_formatted[i] != '\0'; i++) {
|
|
if (!g_ascii_isxdigit(fingerprint_formatted[i])) {
|
|
continue;
|
|
}
|
|
fingerprint[j++] = fingerprint_formatted[i];
|
|
}
|
|
|
|
fingerprint[j] = '\0';
|
|
|
|
return fingerprint;
|
|
}
|
|
|
|
char*
|
|
omemo_own_fingerprint(gboolean formatted)
|
|
{
|
|
ec_public_key* identity = ratchet_identity_key_pair_get_public(omemo_ctx.identity_key_pair);
|
|
return _omemo_fingerprint(identity, formatted);
|
|
}
|
|
|
|
GList*
|
|
omemo_known_device_identities(const char* const jid)
|
|
{
|
|
GHashTable* known_identities = g_hash_table_lookup(omemo_ctx.known_devices, jid);
|
|
if (!known_identities) {
|
|
return NULL;
|
|
}
|
|
|
|
return g_hash_table_get_keys(known_identities);
|
|
}
|
|
|
|
gboolean
|
|
omemo_is_trusted_identity(const char* const jid, const char* const fingerprint)
|
|
{
|
|
GHashTable* known_identities = g_hash_table_lookup(omemo_ctx.known_devices, jid);
|
|
if (!known_identities) {
|
|
return FALSE;
|
|
}
|
|
|
|
void* device_id = g_hash_table_lookup(known_identities, fingerprint);
|
|
if (!device_id) {
|
|
return FALSE;
|
|
}
|
|
|
|
signal_protocol_address address = {
|
|
.name = jid,
|
|
.name_len = strlen(jid),
|
|
.device_id = GPOINTER_TO_INT(device_id),
|
|
};
|
|
|
|
size_t fingerprint_len;
|
|
unsigned char* fingerprint_raw = _omemo_fingerprint_decode(fingerprint, &fingerprint_len);
|
|
unsigned char djb_type[] = { '\x05' };
|
|
signal_buffer* buffer = signal_buffer_create(djb_type, 1);
|
|
buffer = signal_buffer_append(buffer, fingerprint_raw, fingerprint_len);
|
|
|
|
gboolean trusted = is_trusted_identity(&address, signal_buffer_data(buffer), signal_buffer_len(buffer), &omemo_ctx.identity_key_store);
|
|
log_debug("[OMEMO] Device trusted %s (%d): %d", jid, GPOINTER_TO_INT(device_id), trusted);
|
|
|
|
free(fingerprint_raw);
|
|
signal_buffer_free(buffer);
|
|
|
|
return trusted;
|
|
}
|
|
|
|
static char*
|
|
_omemo_fingerprint(ec_public_key* identity, gboolean formatted)
|
|
{
|
|
int i;
|
|
signal_buffer* identity_public_key;
|
|
|
|
ec_public_key_serialize(&identity_public_key, identity);
|
|
size_t identity_public_key_len = signal_buffer_len(identity_public_key);
|
|
unsigned char* identity_public_key_data = signal_buffer_data(identity_public_key);
|
|
|
|
/* Skip first byte corresponding to signal DJB_TYPE */
|
|
identity_public_key_len--;
|
|
identity_public_key_data = &identity_public_key_data[1];
|
|
|
|
char* fingerprint = malloc(identity_public_key_len * 2 + 1);
|
|
|
|
for (i = 0; i < identity_public_key_len; i++) {
|
|
fingerprint[i * 2] = (identity_public_key_data[i] & 0xf0) >> 4;
|
|
fingerprint[i * 2] += '0';
|
|
if (fingerprint[i * 2] > '9') {
|
|
fingerprint[i * 2] += 0x27;
|
|
}
|
|
|
|
fingerprint[(i * 2) + 1] = identity_public_key_data[i] & 0x0f;
|
|
fingerprint[(i * 2) + 1] += '0';
|
|
if (fingerprint[(i * 2) + 1] > '9') {
|
|
fingerprint[(i * 2) + 1] += 0x27;
|
|
}
|
|
}
|
|
|
|
fingerprint[i * 2] = '\0';
|
|
signal_buffer_free(identity_public_key);
|
|
|
|
if (!formatted) {
|
|
return fingerprint;
|
|
} else {
|
|
char* formatted_fingerprint = omemo_format_fingerprint(fingerprint);
|
|
free(fingerprint);
|
|
return formatted_fingerprint;
|
|
}
|
|
}
|
|
|
|
static unsigned char*
|
|
_omemo_fingerprint_decode(const char* const fingerprint, size_t* len)
|
|
{
|
|
unsigned char* output = malloc(strlen(fingerprint) / 2 + 1);
|
|
|
|
int i;
|
|
int j;
|
|
for (i = 0, j = 0; i < strlen(fingerprint);) {
|
|
if (!g_ascii_isxdigit(fingerprint[i])) {
|
|
i++;
|
|
continue;
|
|
}
|
|
|
|
output[j] = g_ascii_xdigit_value(fingerprint[i++]) << 4;
|
|
output[j] |= g_ascii_xdigit_value(fingerprint[i++]);
|
|
j++;
|
|
}
|
|
|
|
*len = j;
|
|
|
|
return output;
|
|
}
|
|
|
|
void
|
|
omemo_trust(const char* const jid, const char* const fingerprint_formatted)
|
|
{
|
|
size_t len;
|
|
|
|
GHashTable* known_identities = g_hash_table_lookup(omemo_ctx.known_devices, jid);
|
|
if (!known_identities) {
|
|
log_warning("[OMEMO] cannot trust unknown device: %s", fingerprint_formatted);
|
|
cons_show("Cannot trust unknown device: %s", fingerprint_formatted);
|
|
return;
|
|
}
|
|
|
|
char* fingerprint = _omemo_unformat_fingerprint(fingerprint_formatted);
|
|
|
|
uint32_t device_id = GPOINTER_TO_INT(g_hash_table_lookup(known_identities, fingerprint));
|
|
free(fingerprint);
|
|
|
|
if (!device_id) {
|
|
log_warning("[OMEMO] cannot trust unknown device: %s", fingerprint_formatted);
|
|
cons_show("Cannot trust unknown device: %s", fingerprint_formatted);
|
|
return;
|
|
}
|
|
|
|
/* TODO should not hardcode DJB_TYPE here
|
|
* should instead store identity key in known_identities along with
|
|
* device_id */
|
|
signal_protocol_address address = {
|
|
.name = jid,
|
|
.name_len = strlen(jid),
|
|
.device_id = device_id,
|
|
};
|
|
|
|
unsigned char* fingerprint_raw = _omemo_fingerprint_decode(fingerprint_formatted, &len);
|
|
unsigned char djb_type[] = { '\x05' };
|
|
signal_buffer* buffer = signal_buffer_create(djb_type, 1);
|
|
buffer = signal_buffer_append(buffer, fingerprint_raw, len);
|
|
save_identity(&address, signal_buffer_data(buffer), signal_buffer_len(buffer), &omemo_ctx.identity_key_store);
|
|
free(fingerprint_raw);
|
|
signal_buffer_free(buffer);
|
|
|
|
omemo_bundle_request(jid, device_id, omemo_start_device_session_handle_bundle, free, strdup(jid));
|
|
}
|
|
|
|
void
|
|
omemo_untrust(const char* const jid, const char* const fingerprint_formatted)
|
|
{
|
|
size_t len;
|
|
unsigned char* identity = _omemo_fingerprint_decode(fingerprint_formatted, &len);
|
|
|
|
GHashTableIter iter;
|
|
gpointer key, value;
|
|
|
|
GHashTable* trusted = g_hash_table_lookup(omemo_ctx.identity_key_store.trusted, jid);
|
|
if (!trusted) {
|
|
free(identity);
|
|
return;
|
|
}
|
|
|
|
g_hash_table_iter_init(&iter, trusted);
|
|
while (g_hash_table_iter_next(&iter, &key, &value)) {
|
|
signal_buffer* buffer = value;
|
|
unsigned char* original = signal_buffer_data(buffer);
|
|
/* Skip DJB_TYPE byte */
|
|
original++;
|
|
if ((signal_buffer_len(buffer) - 1) == len && memcmp(original, identity, len) == 0) {
|
|
g_hash_table_remove(trusted, key);
|
|
}
|
|
}
|
|
free(identity);
|
|
|
|
char* fingerprint = _omemo_unformat_fingerprint(fingerprint_formatted);
|
|
|
|
/* Remove existing session */
|
|
GHashTable* known_identities = g_hash_table_lookup(omemo_ctx.known_devices, jid);
|
|
if (!known_identities) {
|
|
log_error("[OMEMO] cannot find known device while untrusting a fingerprint");
|
|
goto out;
|
|
}
|
|
|
|
uint32_t device_id = GPOINTER_TO_INT(g_hash_table_lookup(known_identities, fingerprint));
|
|
if (!device_id) {
|
|
log_error("[OMEMO] cannot find device id while untrusting a fingerprint");
|
|
goto out;
|
|
}
|
|
signal_protocol_address address = {
|
|
.name = jid,
|
|
.name_len = strlen(jid),
|
|
.device_id = device_id
|
|
};
|
|
|
|
delete_session(&address, omemo_ctx.session_store);
|
|
|
|
/* Remove from keyfile */
|
|
char* device_id_str = g_strdup_printf("%d", device_id);
|
|
g_key_file_remove_key(omemo_ctx.trust_keyfile, jid, device_id_str, NULL);
|
|
g_free(device_id_str);
|
|
omemo_trust_keyfile_save();
|
|
|
|
out:
|
|
free(fingerprint);
|
|
}
|
|
|
|
static void
|
|
_lock(void* user_data)
|
|
{
|
|
omemo_context* ctx = (omemo_context*)user_data;
|
|
pthread_mutex_lock(&ctx->lock);
|
|
}
|
|
|
|
static void
|
|
_unlock(void* user_data)
|
|
{
|
|
omemo_context* ctx = (omemo_context*)user_data;
|
|
pthread_mutex_unlock(&ctx->lock);
|
|
}
|
|
|
|
static void
|
|
_omemo_log(int level, const char* message, size_t len, void* user_data)
|
|
{
|
|
switch (level) {
|
|
case SG_LOG_ERROR:
|
|
log_error("[OMEMO][SIGNAL] %s", message);
|
|
break;
|
|
case SG_LOG_WARNING:
|
|
log_warning("[OMEMO][SIGNAL] %s", message);
|
|
break;
|
|
case SG_LOG_NOTICE:
|
|
case SG_LOG_INFO:
|
|
log_debug("[OMEMO][SIGNAL] %s", message);
|
|
break;
|
|
case SG_LOG_DEBUG:
|
|
log_debug("[OMEMO][SIGNAL] %s", message);
|
|
break;
|
|
}
|
|
}
|
|
|
|
static gboolean
|
|
_handle_own_device_list(const char* const jid, GList* device_list)
|
|
{
|
|
// We didn't find the own device id -> publish
|
|
if (!g_list_find(device_list, GINT_TO_POINTER(omemo_ctx.device_id))) {
|
|
cons_show("Could not find own OMEMO device ID. Going to publish own device ID: %d", GINT_TO_POINTER(omemo_ctx.device_id));
|
|
log_debug("[OMEMO] No device ID for our device. Publishing device list");
|
|
device_list = g_list_copy(device_list);
|
|
device_list = g_list_append(device_list, GINT_TO_POINTER(omemo_ctx.device_id));
|
|
g_hash_table_insert(omemo_ctx.device_list, strdup(jid), device_list);
|
|
omemo_devicelist_publish(device_list);
|
|
}
|
|
|
|
log_debug("[OMEMO] Request OMEMO Bundles for our devices");
|
|
GList* device_id;
|
|
for (device_id = device_list; device_id != NULL; device_id = device_id->next) {
|
|
omemo_bundle_request(jid, GPOINTER_TO_INT(device_id->data), omemo_start_device_session_handle_bundle, free, strdup(jid));
|
|
}
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
static gboolean
|
|
_handle_device_list_start_session(const char* const jid, GList* device_list)
|
|
{
|
|
log_debug("[OMEMO] Start session for %s - device_list", jid);
|
|
omemo_start_session(jid);
|
|
|
|
return FALSE;
|
|
}
|
|
|
|
void
|
|
omemo_key_free(omemo_key_t* key)
|
|
{
|
|
if (key == NULL) {
|
|
return;
|
|
}
|
|
|
|
free(key->data);
|
|
free(key);
|
|
}
|
|
|
|
char*
|
|
omemo_fingerprint_autocomplete(const char* const search_str, gboolean previous, void* context)
|
|
{
|
|
Autocomplete ac = g_hash_table_lookup(omemo_ctx.fingerprint_ac, context);
|
|
if (ac != NULL) {
|
|
return autocomplete_complete(ac, search_str, FALSE, previous);
|
|
} else {
|
|
return NULL;
|
|
}
|
|
}
|
|
|
|
void
|
|
omemo_fingerprint_autocomplete_reset(void)
|
|
{
|
|
gpointer value;
|
|
GHashTableIter iter;
|
|
g_hash_table_iter_init(&iter, omemo_ctx.fingerprint_ac);
|
|
|
|
while (g_hash_table_iter_next(&iter, NULL, &value)) {
|
|
Autocomplete ac = value;
|
|
autocomplete_reset(ac);
|
|
}
|
|
}
|
|
|
|
gboolean
|
|
omemo_automatic_start(const char* const recipient)
|
|
{
|
|
gboolean result = FALSE;
|
|
char* account_name = session_get_account_name();
|
|
ProfAccount* account = accounts_get_account(account_name);
|
|
prof_omemopolicy_t policy;
|
|
|
|
if (account->omemo_policy) {
|
|
// check default account setting
|
|
if (g_strcmp0(account->omemo_policy, "manual") == 0) {
|
|
policy = PROF_OMEMOPOLICY_MANUAL;
|
|
}
|
|
if (g_strcmp0(account->omemo_policy, "opportunistic") == 0) {
|
|
policy = PROF_OMEMOPOLICY_AUTOMATIC;
|
|
}
|
|
if (g_strcmp0(account->omemo_policy, "always") == 0) {
|
|
policy = PROF_OMEMOPOLICY_ALWAYS;
|
|
}
|
|
} else {
|
|
// check global setting
|
|
char* pref_omemo_policy = prefs_get_string(PREF_OMEMO_POLICY);
|
|
|
|
// pref defaults to manual
|
|
policy = PROF_OMEMOPOLICY_AUTOMATIC;
|
|
|
|
if (strcmp(pref_omemo_policy, "manual") == 0) {
|
|
policy = PROF_OMEMOPOLICY_MANUAL;
|
|
} else if (strcmp(pref_omemo_policy, "always") == 0) {
|
|
policy = PROF_OMEMOPOLICY_ALWAYS;
|
|
}
|
|
|
|
g_free(pref_omemo_policy);
|
|
}
|
|
|
|
switch (policy) {
|
|
case PROF_OMEMOPOLICY_MANUAL:
|
|
result = FALSE;
|
|
break;
|
|
case PROF_OMEMOPOLICY_AUTOMATIC:
|
|
if (g_list_find_custom(account->omemo_enabled, recipient, (GCompareFunc)g_strcmp0)) {
|
|
result = TRUE;
|
|
} else if (g_list_find_custom(account->omemo_disabled, recipient, (GCompareFunc)g_strcmp0)) {
|
|
result = FALSE;
|
|
} else {
|
|
result = FALSE;
|
|
}
|
|
break;
|
|
case PROF_OMEMOPOLICY_ALWAYS:
|
|
if (g_list_find_custom(account->omemo_disabled, recipient, (GCompareFunc)g_strcmp0)) {
|
|
result = FALSE;
|
|
} else {
|
|
result = TRUE;
|
|
}
|
|
break;
|
|
}
|
|
|
|
account_free(account);
|
|
return result;
|
|
}
|
|
|
|
static gboolean
|
|
_load_identity(void)
|
|
{
|
|
GError* error = NULL;
|
|
log_info("[OMEMO] Loading OMEMO identity");
|
|
|
|
/* Device ID */
|
|
error = NULL;
|
|
omemo_ctx.device_id = g_key_file_get_uint64(omemo_ctx.identity_keyfile, OMEMO_STORE_GROUP_IDENTITY, OMEMO_STORE_KEY_DEVICE_ID, &error);
|
|
if (error != NULL) {
|
|
log_error("[OMEMO] cannot load device id: %s", error->message);
|
|
return FALSE;
|
|
}
|
|
log_debug("[OMEMO] device id: %d", omemo_ctx.device_id);
|
|
|
|
/* Registration ID */
|
|
error = NULL;
|
|
omemo_ctx.registration_id = g_key_file_get_uint64(omemo_ctx.identity_keyfile, OMEMO_STORE_GROUP_IDENTITY, OMEMO_STORE_KEY_REGISTRATION_ID, &error);
|
|
if (error != NULL) {
|
|
log_error("[OMEMO] cannot load registration id: %s", error->message);
|
|
return FALSE;
|
|
}
|
|
|
|
/* Identity key */
|
|
error = NULL;
|
|
char* identity_key_public_b64 = g_key_file_get_string(omemo_ctx.identity_keyfile, OMEMO_STORE_GROUP_IDENTITY, OMEMO_STORE_KEY_IDENTITY_KEY_PUBLIC, &error);
|
|
if (!identity_key_public_b64) {
|
|
log_error("[OMEMO] cannot load identity public key: %s", error->message);
|
|
return FALSE;
|
|
}
|
|
|
|
size_t identity_key_public_len;
|
|
unsigned char* identity_key_public = g_base64_decode(identity_key_public_b64, &identity_key_public_len);
|
|
g_free(identity_key_public_b64);
|
|
omemo_ctx.identity_key_store.public = signal_buffer_create(identity_key_public, identity_key_public_len);
|
|
|
|
error = NULL;
|
|
char* identity_key_private_b64 = g_key_file_get_string(omemo_ctx.identity_keyfile, OMEMO_STORE_GROUP_IDENTITY, OMEMO_STORE_KEY_IDENTITY_KEY_PRIVATE, &error);
|
|
if (!identity_key_private_b64) {
|
|
log_error("[OMEMO] cannot load identity private key: %s", error->message);
|
|
return FALSE;
|
|
}
|
|
|
|
size_t identity_key_private_len;
|
|
unsigned char* identity_key_private = g_base64_decode(identity_key_private_b64, &identity_key_private_len);
|
|
g_free(identity_key_private_b64);
|
|
omemo_ctx.identity_key_store.private = signal_buffer_create(identity_key_private, identity_key_private_len);
|
|
|
|
ec_public_key* public_key;
|
|
curve_decode_point(&public_key, identity_key_public, identity_key_public_len, omemo_ctx.signal);
|
|
ec_private_key* private_key;
|
|
curve_decode_private_point(&private_key, identity_key_private, identity_key_private_len, omemo_ctx.signal);
|
|
ratchet_identity_key_pair_create(&omemo_ctx.identity_key_pair, public_key, private_key);
|
|
|
|
g_free(identity_key_public);
|
|
g_free(identity_key_private);
|
|
|
|
char** keys = NULL;
|
|
int i;
|
|
/* Pre keys */
|
|
i = 0;
|
|
keys = g_key_file_get_keys(omemo_ctx.identity_keyfile, OMEMO_STORE_GROUP_PREKEYS, NULL, NULL);
|
|
if (keys) {
|
|
for (i = 0; keys[i] != NULL; i++) {
|
|
char* pre_key_b64 = g_key_file_get_string(omemo_ctx.identity_keyfile, OMEMO_STORE_GROUP_PREKEYS, keys[i], NULL);
|
|
size_t pre_key_len;
|
|
unsigned char* pre_key = g_base64_decode(pre_key_b64, &pre_key_len);
|
|
g_free(pre_key_b64);
|
|
signal_buffer* buffer = signal_buffer_create(pre_key, pre_key_len);
|
|
g_free(pre_key);
|
|
g_hash_table_insert(omemo_ctx.pre_key_store, GINT_TO_POINTER(strtoul(keys[i], NULL, 10)), buffer);
|
|
}
|
|
|
|
g_strfreev(keys);
|
|
}
|
|
|
|
/* Ensure we have at least 100 pre keys */
|
|
if (i < 100) {
|
|
_generate_pre_keys(100 - i);
|
|
}
|
|
|
|
/* Signed pre keys */
|
|
i = 0;
|
|
keys = g_key_file_get_keys(omemo_ctx.identity_keyfile, OMEMO_STORE_GROUP_SIGNED_PREKEYS, NULL, NULL);
|
|
if (keys) {
|
|
for (i = 0; keys[i] != NULL; i++) {
|
|
char* signed_pre_key_b64 = g_key_file_get_string(omemo_ctx.identity_keyfile, OMEMO_STORE_GROUP_SIGNED_PREKEYS, keys[i], NULL);
|
|
size_t signed_pre_key_len;
|
|
unsigned char* signed_pre_key = g_base64_decode(signed_pre_key_b64, &signed_pre_key_len);
|
|
g_free(signed_pre_key_b64);
|
|
signal_buffer* buffer = signal_buffer_create(signed_pre_key, signed_pre_key_len);
|
|
g_free(signed_pre_key);
|
|
g_hash_table_insert(omemo_ctx.signed_pre_key_store, GINT_TO_POINTER(strtoul(keys[i], NULL, 10)), buffer);
|
|
omemo_ctx.signed_pre_key_id = strtoul(keys[i], NULL, 10);
|
|
}
|
|
g_strfreev(keys);
|
|
}
|
|
|
|
if (i == 0) {
|
|
_generate_signed_pre_key();
|
|
}
|
|
|
|
loaded = TRUE;
|
|
|
|
omemo_identity_keyfile_save();
|
|
omemo_start_sessions();
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
static void
|
|
_load_trust(void)
|
|
{
|
|
char** keys = NULL;
|
|
char** groups = g_key_file_get_groups(omemo_ctx.trust_keyfile, NULL);
|
|
if (groups) {
|
|
int i;
|
|
for (i = 0; groups[i] != NULL; i++) {
|
|
GHashTable* trusted;
|
|
|
|
trusted = g_hash_table_lookup(omemo_ctx.identity_key_store.trusted, groups[i]);
|
|
if (!trusted) {
|
|
trusted = g_hash_table_new_full(g_direct_hash, g_direct_equal, NULL, (GDestroyNotify)signal_buffer_free);
|
|
g_hash_table_insert(omemo_ctx.identity_key_store.trusted, strdup(groups[i]), trusted);
|
|
}
|
|
|
|
keys = g_key_file_get_keys(omemo_ctx.trust_keyfile, groups[i], NULL, NULL);
|
|
int j;
|
|
for (j = 0; keys[j] != NULL; j++) {
|
|
char* key_b64 = g_key_file_get_string(omemo_ctx.trust_keyfile, groups[i], keys[j], NULL);
|
|
size_t key_len;
|
|
unsigned char* key = g_base64_decode(key_b64, &key_len);
|
|
g_free(key_b64);
|
|
signal_buffer* buffer = signal_buffer_create(key, key_len);
|
|
g_free(key);
|
|
uint32_t device_id = strtoul(keys[j], NULL, 10);
|
|
g_hash_table_insert(trusted, GINT_TO_POINTER(device_id), buffer);
|
|
}
|
|
g_strfreev(keys);
|
|
}
|
|
g_strfreev(groups);
|
|
}
|
|
}
|
|
|
|
static void
|
|
_load_sessions(void)
|
|
{
|
|
int i;
|
|
char** groups = g_key_file_get_groups(omemo_ctx.sessions_keyfile, NULL);
|
|
if (groups) {
|
|
for (i = 0; groups[i] != NULL; i++) {
|
|
int j;
|
|
GHashTable* device_store = NULL;
|
|
|
|
device_store = g_hash_table_lookup(omemo_ctx.session_store, groups[i]);
|
|
if (!device_store) {
|
|
device_store = g_hash_table_new_full(g_direct_hash, g_direct_equal, NULL, (GDestroyNotify)signal_buffer_free);
|
|
g_hash_table_insert(omemo_ctx.session_store, strdup(groups[i]), device_store);
|
|
}
|
|
|
|
char** keys = g_key_file_get_keys(omemo_ctx.sessions_keyfile, groups[i], NULL, NULL);
|
|
for (j = 0; keys[j] != NULL; j++) {
|
|
uint32_t id = strtoul(keys[j], NULL, 10);
|
|
char* record_b64 = g_key_file_get_string(omemo_ctx.sessions_keyfile, groups[i], keys[j], NULL);
|
|
size_t record_len;
|
|
unsigned char* record = g_base64_decode(record_b64, &record_len);
|
|
g_free(record_b64);
|
|
signal_buffer* buffer = signal_buffer_create(record, record_len);
|
|
g_free(record);
|
|
g_hash_table_insert(device_store, GINT_TO_POINTER(id), buffer);
|
|
}
|
|
g_strfreev(keys);
|
|
}
|
|
g_strfreev(groups);
|
|
}
|
|
}
|
|
|
|
static void
|
|
_load_known_devices(void)
|
|
{
|
|
int i;
|
|
char** groups = g_key_file_get_groups(omemo_ctx.known_devices_keyfile, NULL);
|
|
if (groups) {
|
|
for (i = 0; groups[i] != NULL; i++) {
|
|
int j;
|
|
GHashTable* known_identities = NULL;
|
|
|
|
known_identities = g_hash_table_lookup(omemo_ctx.known_devices, groups[i]);
|
|
if (!known_identities) {
|
|
known_identities = g_hash_table_new_full(g_str_hash, g_str_equal, free, NULL);
|
|
g_hash_table_insert(omemo_ctx.known_devices, strdup(groups[i]), known_identities);
|
|
}
|
|
|
|
char** keys = g_key_file_get_keys(omemo_ctx.known_devices_keyfile, groups[i], NULL, NULL);
|
|
for (j = 0; keys[j] != NULL; j++) {
|
|
uint32_t device_id = strtoul(keys[j], NULL, 10);
|
|
char* fingerprint = g_key_file_get_string(omemo_ctx.known_devices_keyfile, groups[i], keys[j], NULL);
|
|
g_hash_table_insert(known_identities, strdup(fingerprint), GINT_TO_POINTER(device_id));
|
|
g_free(fingerprint);
|
|
}
|
|
g_strfreev(keys);
|
|
}
|
|
g_strfreev(groups);
|
|
}
|
|
}
|
|
|
|
static void
|
|
_cache_device_identity(const char* const jid, uint32_t device_id, ec_public_key* identity)
|
|
{
|
|
GHashTable* known_identities = g_hash_table_lookup(omemo_ctx.known_devices, jid);
|
|
if (!known_identities) {
|
|
known_identities = g_hash_table_new_full(g_str_hash, g_str_equal, free, NULL);
|
|
g_hash_table_insert(omemo_ctx.known_devices, strdup(jid), known_identities);
|
|
}
|
|
|
|
char* fingerprint = _omemo_fingerprint(identity, FALSE);
|
|
log_debug("[OMEMO] cache identity for %s:%d: %s", jid, device_id, fingerprint);
|
|
g_hash_table_insert(known_identities, strdup(fingerprint), GINT_TO_POINTER(device_id));
|
|
|
|
char* device_id_str = g_strdup_printf("%d", device_id);
|
|
g_key_file_set_string(omemo_ctx.known_devices_keyfile, jid, device_id_str, fingerprint);
|
|
g_free(device_id_str);
|
|
omemo_known_devices_keyfile_save();
|
|
|
|
Autocomplete ac = g_hash_table_lookup(omemo_ctx.fingerprint_ac, jid);
|
|
if (ac == NULL) {
|
|
ac = autocomplete_new();
|
|
g_hash_table_insert(omemo_ctx.fingerprint_ac, strdup(jid), ac);
|
|
}
|
|
|
|
char* formatted_fingerprint = omemo_format_fingerprint(fingerprint);
|
|
autocomplete_add(ac, formatted_fingerprint);
|
|
free(formatted_fingerprint);
|
|
free(fingerprint);
|
|
}
|
|
|
|
static void
|
|
_g_hash_table_free(GHashTable* hash_table)
|
|
{
|
|
g_hash_table_remove_all(hash_table);
|
|
g_hash_table_unref(hash_table);
|
|
}
|
|
|
|
static void
|
|
_generate_pre_keys(int count)
|
|
{
|
|
unsigned int start;
|
|
gcry_randomize(&start, sizeof(unsigned int), GCRY_VERY_STRONG_RANDOM);
|
|
signal_protocol_key_helper_pre_key_list_node* pre_keys_head;
|
|
signal_protocol_key_helper_generate_pre_keys(&pre_keys_head, start, count, omemo_ctx.signal);
|
|
|
|
signal_protocol_key_helper_pre_key_list_node* p;
|
|
for (p = pre_keys_head; p != NULL; p = signal_protocol_key_helper_key_list_next(p)) {
|
|
session_pre_key* prekey = signal_protocol_key_helper_key_list_element(p);
|
|
signal_protocol_pre_key_store_key(omemo_ctx.store, prekey);
|
|
}
|
|
signal_protocol_key_helper_key_list_free(pre_keys_head);
|
|
}
|
|
|
|
static void
|
|
_generate_signed_pre_key(void)
|
|
{
|
|
session_signed_pre_key* signed_pre_key;
|
|
struct timeval tv;
|
|
gettimeofday(&tv, NULL);
|
|
unsigned long long timestamp = (unsigned long long)(tv.tv_sec) * 1000 + (unsigned long long)(tv.tv_usec) / 1000;
|
|
|
|
omemo_ctx.signed_pre_key_id = 1;
|
|
signal_protocol_key_helper_generate_signed_pre_key(&signed_pre_key, omemo_ctx.identity_key_pair, omemo_ctx.signed_pre_key_id, timestamp, omemo_ctx.signal);
|
|
signal_protocol_signed_pre_key_store_key(omemo_ctx.store, signed_pre_key);
|
|
SIGNAL_UNREF(signed_pre_key);
|
|
}
|
|
|
|
void
|
|
omemo_free(void* a)
|
|
{
|
|
gcry_free(a);
|
|
}
|
|
|
|
char*
|
|
omemo_encrypt_file(FILE* in, FILE* out, off_t file_size, int* gcry_res)
|
|
{
|
|
unsigned char* key = gcry_random_bytes_secure(
|
|
OMEMO_AESGCM_KEY_LENGTH,
|
|
GCRY_VERY_STRONG_RANDOM);
|
|
|
|
// Create nonce/IV with random bytes.
|
|
unsigned char nonce[OMEMO_AESGCM_NONCE_LENGTH];
|
|
gcry_create_nonce(nonce, OMEMO_AESGCM_NONCE_LENGTH);
|
|
|
|
char* fragment = aes256gcm_create_secure_fragment(key, nonce);
|
|
*gcry_res = aes256gcm_crypt_file(in, out, file_size, key, nonce, true);
|
|
|
|
if (*gcry_res != GPG_ERR_NO_ERROR) {
|
|
gcry_free(fragment);
|
|
fragment = NULL;
|
|
}
|
|
|
|
gcry_free(key);
|
|
|
|
return fragment;
|
|
}
|
|
|
|
void
|
|
_bytes_from_hex(const char* hex, size_t hex_size,
|
|
unsigned char* bytes, size_t bytes_size)
|
|
{
|
|
const unsigned char ht[] = {
|
|
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, // 01234567
|
|
0x08, 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 89:;<=>?
|
|
0x00, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x00, // @ABCDEFG
|
|
};
|
|
const size_t ht_size = sizeof(ht);
|
|
|
|
unsigned char b0;
|
|
unsigned char b1;
|
|
|
|
memset(bytes, 0, bytes_size);
|
|
|
|
for (int i = 0; (i < hex_size) && (i / 2 < bytes_size); i += 2) {
|
|
b0 = ((unsigned char)hex[i + 0] & 0x1f) ^ 0x10;
|
|
b1 = ((unsigned char)hex[i + 1] & 0x1f) ^ 0x10;
|
|
|
|
if (b0 <= ht_size && b1 <= ht_size) {
|
|
bytes[i / 2] = (unsigned char)(ht[b0] << 4) | ht[b1];
|
|
}
|
|
}
|
|
}
|
|
|
|
gcry_error_t
|
|
omemo_decrypt_file(FILE* in, FILE* out, off_t file_size, const char* fragment)
|
|
{
|
|
char nonce_hex[AESGCM_URL_NONCE_LEN];
|
|
char key_hex[AESGCM_URL_KEY_LEN];
|
|
|
|
const int nonce_pos = 0;
|
|
const int key_pos = AESGCM_URL_NONCE_LEN;
|
|
|
|
memcpy(nonce_hex, &(fragment[nonce_pos]), AESGCM_URL_NONCE_LEN);
|
|
memcpy(key_hex, &(fragment[key_pos]), AESGCM_URL_KEY_LEN);
|
|
|
|
unsigned char nonce[OMEMO_AESGCM_NONCE_LENGTH];
|
|
unsigned char* key = gcry_malloc_secure(OMEMO_AESGCM_KEY_LENGTH);
|
|
|
|
_bytes_from_hex(nonce_hex, AESGCM_URL_NONCE_LEN,
|
|
nonce, OMEMO_AESGCM_NONCE_LENGTH);
|
|
_bytes_from_hex(key_hex, AESGCM_URL_KEY_LEN,
|
|
key, OMEMO_AESGCM_KEY_LENGTH);
|
|
|
|
gcry_error_t crypt_res;
|
|
crypt_res = aes256gcm_crypt_file(in, out, file_size, key, nonce, false);
|
|
|
|
gcry_free(key);
|
|
|
|
return crypt_res;
|
|
}
|
|
|
|
int
|
|
omemo_parse_aesgcm_url(const char* aesgcm_url,
|
|
char** https_url,
|
|
char** fragment)
|
|
{
|
|
CURLUcode ret;
|
|
CURLU* url = curl_url();
|
|
|
|
// Required to allow for the "aesgcm://" scheme that OMEMO Media Sharing
|
|
// uses.
|
|
unsigned int curl_flags = CURLU_NON_SUPPORT_SCHEME;
|
|
|
|
ret = curl_url_set(url, CURLUPART_URL, aesgcm_url, curl_flags);
|
|
if (ret) {
|
|
goto out;
|
|
}
|
|
|
|
ret = curl_url_get(url, CURLUPART_FRAGMENT, fragment, curl_flags);
|
|
if (ret) {
|
|
goto out;
|
|
}
|
|
|
|
if (strlen(*fragment) != AESGCM_URL_NONCE_LEN + AESGCM_URL_KEY_LEN) {
|
|
ret = 1;
|
|
goto out;
|
|
}
|
|
|
|
// Clear fragment from HTTPS URL as it's not required for download.
|
|
ret = curl_url_set(url, CURLUPART_FRAGMENT, NULL, curl_flags);
|
|
if (ret) {
|
|
goto out;
|
|
}
|
|
|
|
ret = curl_url_set(url, CURLUPART_SCHEME, "https", curl_flags);
|
|
if (ret) {
|
|
goto out;
|
|
}
|
|
|
|
ret = curl_url_get(url, CURLUPART_URL, https_url, curl_flags);
|
|
if (ret) {
|
|
goto out;
|
|
}
|
|
|
|
out:
|
|
curl_url_cleanup(url);
|
|
return ret;
|
|
}
|