1
0
mirror of https://github.com/profanity-im/profanity.git synced 2024-12-04 14:46:46 -05:00

Refactor OMEMO download into AESGCMDownload tool

This commit is contained in:
William Wennerström 2020-07-20 22:49:50 +02:00
parent fb002a59b6
commit 73f313b921
No known key found for this signature in database
GPG Key ID: E1382990BEDD319B
12 changed files with 386 additions and 23 deletions

View File

@ -45,6 +45,8 @@ core_sources = \
src/tools/http_upload.h \
src/tools/http_download.c \
src/tools/http_download.h \
src/tools/aesgcm_download.c \
src/tools/aesgcm_download.h \
src/tools/bookmark_ignore.c \
src/tools/bookmark_ignore.h \
src/tools/autocomplete.c src/tools/autocomplete.h \

View File

@ -69,6 +69,7 @@
#include "event/client_events.h"
#include "tools/http_upload.h"
#include "tools/http_download.h"
#include "tools/aesgcm_download.h"
#include "tools/autocomplete.h"
#include "tools/parser.h"
#include "tools/bookmark_ignore.h"
@ -9154,6 +9155,40 @@ cmd_url_open(ProfWin* window, const char* const command, gchar** args)
return TRUE;
}
void
_url_open_fallback_method(ProfWin* window, const char* url)
{
/*
gboolean is_omemo_aesgcm = false;
gchar* scheme = g_uri_parse_scheme(url);
if (g_strcmp0(scheme, "aesgcm")) {
is_omemo_aesgcm = true;
}
free(scheme);
if (is_omemo_aesgcm) {
int tmpfd;
char* tmpname = NULL;
if ((tmpfd = g_file_open_tmp("profanity.XXXXXX", &tmpname, NULL)) == -1) {
*err = "Unable to create temporary file for decryption stream.";
return NULL;
}
FILE* tmpfh = fdopen(tmpfd, "wb");
unsigned char* nonce;
unsigned char* key;
char* https_url = omemo_parse_aesgcm_url(url, nonce, key);
_url_save_fallback_method(window, https_url, tmpname);
int crypt_res = omemo_decrypt_file(tmpfh,
remove(tmpname);
free(tmpname);
}
*/
}
void
_url_save_fallback_method(ProfWin* window, const char* url, const char* filename)
{
@ -9163,13 +9198,27 @@ _url_save_fallback_method(ProfWin* window, const char* url, const char* filename
return;
}
HTTPDownload* download = malloc(sizeof(HTTPDownload));
download->window = window;
download->url = strdup(url);
download->filehandle = fh;
gchar* scheme = g_uri_parse_scheme(url);
pthread_create(&(download->worker), NULL, &http_file_get, download);
http_download_add_download(download);
if (g_strcmp0(scheme, "aesgcm") == 0) {
AESGCMDownload* download = malloc(sizeof(AESGCMDownload));
download->window = window;
download->url = strdup(url);
download->filehandle = fh;
pthread_create(&(download->worker), NULL, &aesgcm_file_get, download);
aesgcm_download_add_download(download);
} else {
HTTPDownload* download = malloc(sizeof(HTTPDownload));
download->window = window;
download->url = strdup(url);
download->filehandle = fh;
pthread_create(&(download->worker), NULL, &http_file_get, download);
http_download_add_download(download);
}
free(scheme);
}
void

View File

@ -400,12 +400,12 @@ aes256gcm_crypt_file(FILE* in, FILE* out, off_t file_size,
goto out;
}
res = gcry_cipher_setkey(hd, key, AES256_GCM_KEY_LENGTH);
res = gcry_cipher_setkey(hd, key, OMEMO_AESGCM_KEY_LENGTH);
if (res != GPG_ERR_NO_ERROR) {
goto out;
}
res = gcry_cipher_setiv(hd, nonce, AES256_GCM_NONCE_LENGTH);
res = gcry_cipher_setiv(hd, nonce, OMEMO_AESGCM_NONCE_LENGTH);
if (res != GPG_ERR_NO_ERROR) {
goto out;
}
@ -468,8 +468,8 @@ out:
char*
aes256gcm_create_secure_fragment(unsigned char* key, unsigned char* nonce)
{
int key_size = AES256_GCM_KEY_LENGTH;
int nonce_size = AES256_GCM_NONCE_LENGTH;
int key_size = OMEMO_AESGCM_KEY_LENGTH;
int nonce_size = OMEMO_AESGCM_NONCE_LENGTH;
char* fragment = gcry_malloc_secure((nonce_size + key_size) * 2 + 1);

View File

@ -40,9 +40,6 @@
#define AES128_GCM_IV_LENGTH 12
#define AES128_GCM_TAG_LENGTH 16
#define AES256_GCM_KEY_LENGTH 32
#define AES256_GCM_NONCE_LENGTH 12
int omemo_crypto_init(void);
/**
* Callback for a secure random number generator.

View File

@ -62,6 +62,9 @@
#include "xmpp/roster_list.h"
#include "xmpp/xmpp.h"
#define AESGCM_URL_NONCE_LEN (2 * OMEMO_AESGCM_NONCE_LENGTH)
#define AESGCM_URL_KEY_LEN (2 * OMEMO_AESGCM_KEY_LENGTH)
static gboolean loaded;
static void _generate_pre_keys(int count);
@ -1664,12 +1667,12 @@ char*
omemo_encrypt_file(FILE* in, FILE* out, off_t file_size, int* gcry_res)
{
unsigned char* key = gcry_random_bytes_secure(
AES256_GCM_KEY_LENGTH,
OMEMO_AESGCM_KEY_LENGTH,
GCRY_VERY_STRONG_RANDOM);
// Create nonce/IV with random bytes.
unsigned char nonce[AES256_GCM_NONCE_LENGTH];
gcry_create_nonce(nonce, AES256_GCM_NONCE_LENGTH);
unsigned char nonce[OMEMO_AESGCM_NONCE_LENGTH];
gcry_create_nonce(nonce, OMEMO_AESGCM_NONCE_LENGTH);
char* fragment = aes256gcm_create_secure_fragment(key, nonce);
*gcry_res = aes256gcm_crypt_file(in, out, file_size, key, nonce, true);
@ -1684,7 +1687,96 @@ omemo_encrypt_file(FILE* in, FILE* out, off_t file_size, int* gcry_res)
return fragment;
}
//int omemo_decrypt_file(FILE *in, FILE *out, off_t file_size,
// unsigned char key[], unsigned char nonce[]) {
// return aes256gcm_crypt_file(in, out, file_size, key, nonce, false);
//}
void
_bytes_from_hex(const char* hex, size_t hex_size,
unsigned char* bytes, size_t bytes_size)
{
const unsigned char ht[] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, // 01234567
0x08, 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 89:;<=>?
0x00, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x00, // @ABCDEFG
};
const size_t ht_size = sizeof(ht);
unsigned char b0;
unsigned char b1;
memset(bytes, 0, bytes_size);
for (int i = 0; (i < hex_size) && (i / 2 < bytes_size); i += 2) {
b0 = ((unsigned char)hex[i + 0] & 0x1f) ^ 0x10;
b1 = ((unsigned char)hex[i + 1] & 0x1f) ^ 0x10;
if (b0 <= ht_size && b1 <= ht_size) {
bytes[i / 2] = (unsigned char)(ht[b0] << 4) | ht[b1];
}
}
}
int
omemo_decrypt_file(FILE* in, FILE* out, off_t file_size, const char* fragment)
{
char nonce_hex[AESGCM_URL_NONCE_LEN];
char key_hex[AESGCM_URL_KEY_LEN];
const int nonce_pos = 0;
const int key_pos = AESGCM_URL_NONCE_LEN;
memcpy(nonce_hex, &(fragment[nonce_pos]), AESGCM_URL_NONCE_LEN);
memcpy(key_hex, &(fragment[key_pos]), AESGCM_URL_KEY_LEN);
unsigned char nonce[OMEMO_AESGCM_NONCE_LENGTH];
unsigned char* key = gcry_malloc_secure(OMEMO_AESGCM_KEY_LENGTH);
_bytes_from_hex(nonce_hex, AESGCM_URL_NONCE_LEN,
nonce, OMEMO_AESGCM_NONCE_LENGTH);
_bytes_from_hex(key_hex, AESGCM_URL_KEY_LEN,
key, OMEMO_AESGCM_KEY_LENGTH);
int crypt_res = aes256gcm_crypt_file(in, out, file_size, key, nonce, false);
gcry_free(key);
return crypt_res;
}
int
omemo_parse_aesgcm_url(const char* aesgcm_url,
char** https_url,
char** fragment)
{
CURLUcode ret;
CURLU* url = curl_url();
// Required to allow for the "aesgcm://" scheme that OMEMO Media Sharing
// uses.
unsigned int curl_flags = CURLU_NON_SUPPORT_SCHEME;
ret = curl_url_set(url, CURLUPART_URL, aesgcm_url, curl_flags);
if (ret) {
goto out;
}
ret = curl_url_get(url, CURLUPART_FRAGMENT, fragment, curl_flags);
if (ret) {
goto out;
}
if (strlen(*fragment) != AESGCM_URL_NONCE_LEN + AESGCM_URL_KEY_LEN) {
goto out;
}
ret = curl_url_set(url, CURLUPART_SCHEME, "https", curl_flags);
if (ret) {
goto out;
}
ret = curl_url_get(url, CURLUPART_URL, https_url, curl_flags);
if (ret) {
goto out;
}
out:
curl_url_cleanup(url);
return ret;
}

View File

@ -40,7 +40,9 @@
#define OMEMO_ERR_UNSUPPORTED_CRYPTO -10000
#define OMEMO_ERR_GCRYPT -20000
#define OMEMO_AESGCM_URL_SCHEME "aesgcm"
#define OMEMO_AESGCM_NONCE_LENGTH 12
#define OMEMO_AESGCM_KEY_LENGTH 32
#define OMEMO_AESGCM_URL_SCHEME "aesgcm"
typedef enum {
PROF_OMEMOPOLICY_MANUAL,
@ -99,4 +101,6 @@ char* omemo_on_message_send(ProfWin* win, const char* const message, gboolean re
char* omemo_on_message_recv(const char* const from, uint32_t sid, const unsigned char* const iv, size_t iv_len, GList* keys, const unsigned char* const payload, size_t payload_len, gboolean muc, gboolean* trusted);
char* omemo_encrypt_file(FILE* in, FILE* out, off_t file_size, int* gcry_res);
int omemo_decrypt_file(FILE* in, FILE* out, off_t file_size, const char* fragment);
void omemo_free(void* a);
int omemo_parse_aesgcm_url(const char* aesgcm_url, char** https_url, char** fragment);

134
src/tools/aesgcm_download.c Normal file
View File

@ -0,0 +1,134 @@
/*
* aesgcm_download.c
* vim: expandtab:ts=4:sts=4:sw=4
*
* Copyright (C) 2012 - 2019 James Booth <boothj5@gmail.com>
* Copyright (C) 2020 William Wennerström <william@wstrm.dev>
*
* This file is part of Profanity.
*
* Profanity is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Profanity is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with Profanity. If not, see <https://www.gnu.org/licenses/>.
*
* In addition, as a special exception, the copyright holders give permission to
* link the code of portions of this program with the OpenSSL library under
* certain conditions as described in each individual source file, and
* distribute linked combinations including the two.
*
* You must obey the GNU General Public License in all respects for all of the
* code used other than OpenSSL. If you modify file(s) with this exception, you
* may extend this exception to your version of the file(s), but you are not
* obligated to do so. If you do not wish to do so, delete this exception
* statement from your version. If you delete this exception statement from all
* source files in the program, then also delete it here.
*
*/
#define _GNU_SOURCE 1
#include "config.h"
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <curl/curl.h>
#include <gio/gio.h>
#include <pthread.h>
#include <assert.h>
#include "profanity.h"
#include "event/client_events.h"
#include "tools/aesgcm_download.h"
#include "omemo/omemo.h"
#include "config/preferences.h"
#include "ui/ui.h"
#include "ui/window.h"
#include "common.h"
#define FALLBACK_MSG ""
void*
aesgcm_file_get(void* userdata)
{
AESGCMDownload* aesgcm_dl = (AESGCMDownload*)userdata;
char* https_url = NULL;
char* fragment = NULL;
if (omemo_parse_aesgcm_url(aesgcm_dl->url, &https_url, &fragment) != 0) {
http_print_transfer_update(aesgcm_dl->window, aesgcm_dl->url,
"Download failed: Cannot parse URL.");
return NULL;
}
int tmpfd;
char* tmpname = NULL;
if ((tmpfd = g_file_open_tmp("profanity.XXXXXX", &tmpname, NULL)) == -1) {
http_print_transfer_update(aesgcm_dl->window, aesgcm_dl->url,
"Downloading '%s' failed: Unable to create "
"temporary ciphertext file for writing.",
https_url);
return NULL;
}
FILE* tmpfh = fdopen(tmpfd, "wb");
// Remove the file once it is closed.
remove(tmpname);
free(tmpname);
HTTPDownload* http_dl = malloc(sizeof(HTTPDownload));
http_dl->window = aesgcm_dl->window;
http_dl->worker = aesgcm_dl->worker;
http_dl->url = https_url;
http_dl->filehandle = tmpfh;
http_dl->close = 0;
aesgcm_dl->http_dl = http_dl;
// TODO: Verify result.
http_file_get(http_dl);
// Force flush as the decrypt function will read from the same stream.
fflush(tmpfh);
rewind(tmpfh);
int crypt_res = omemo_decrypt_file(tmpfh, aesgcm_dl->filehandle,
http_dl->bytes_received, fragment);
fclose(tmpfh);
if (crypt_res != 0) {
http_print_transfer_update(aesgcm_dl->window, aesgcm_dl->url,
"Downloading '%s' failed: Failed to decrypt"
"file.",
https_url);
}
fclose(aesgcm_dl->filehandle);
return NULL;
}
void
aesgcm_download_cancel_processes(ProfWin* window)
{
http_download_cancel_processes(window);
}
void
aesgcm_download_add_download(AESGCMDownload* aesgcm_dl)
{
http_download_add_download(aesgcm_dl->http_dl);
}

View File

@ -0,0 +1,66 @@
/*
* aesgcm_download.h
* vim: expandtab:ts=4:sts=4:sw=4
*
* Copyright (C) 2012 - 2019 James Booth <boothj5@gmail.com>
* Copyright (C) 2020 William Wennerström <william@wstrm.dev>
*
* This file is part of Profanity.
*
* Profanity is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Profanity is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with Profanity. If not, see <https://www.gnu.org/licenses/>.
*
* In addition, as a special exception, the copyright holders give permission to
* link the code of portions of this program with the OpenSSL library under
* certain conditions as described in each individual source file, and
* distribute linked combinations including the two.
*
* You must obey the GNU General Public License in all respects for all of the
* code used other than OpenSSL. If you modify file(s) with this exception, you
* may extend this exception to your version of the file(s), but you are not
* obligated to do so. If you do not wish to do so, delete this exception
* statement from your version. If you delete this exception statement from all
* source files in the program, then also delete it here.
*
*/
#ifndef TOOLS_AESGCM_DOWNLOAD_H
#define TOOLS_AESGCM_DOWNLOAD_H
#ifdef PLATFORM_CYGWIN
#define SOCKET int
#endif
#include <sys/select.h>
#include <curl/curl.h>
#include "tools/http_download.h"
#include "ui/win_types.h"
typedef struct aesgcm_download_t
{
char* url;
FILE* filehandle;
ProfWin* window;
pthread_t worker;
HTTPDownload* http_dl;
} AESGCMDownload;
void* aesgcm_file_get(void* userdata);
void aesgcm_download_cancel_processes(ProfWin* window);
void aesgcm_download_add_download(AESGCMDownload* download);
char* http_basename_from_url(const char* url);
#endif

View File

View File

View File

@ -157,13 +157,12 @@ http_file_get(void* userdata)
curl_easy_cleanup(curl);
curl_global_cleanup();
if (download->filehandle) {
if (download->filehandle && download->close) {
fclose(download->filehandle);
}
pthread_mutex_lock(&lock);
g_free(cert_path);
if (err) {
char* msg;
if (download->cancel) {
@ -237,3 +236,20 @@ http_basename_from_url(const char* url)
return filename;
}
void
http_print_transfer_update(ProfWin* window, char* url,
const char* fmt, ...)
{
va_list args;
va_start(args, fmt);
char* msg;
if (vasprintf(&msg, fmt, args) == -1) {
msg = strdup(FALLBACK_MSG);
}
va_end(args);
win_print_http_transfer(window, msg, url);
free(msg);
}

View File

@ -54,6 +54,7 @@ typedef struct http_download_t
ProfWin* window;
pthread_t worker;
int cancel;
int close;
} HTTPDownload;
void* http_file_get(void* userdata);
@ -62,5 +63,7 @@ void http_download_cancel_processes(ProfWin* window);
void http_download_add_download(HTTPDownload* download);
char* http_basename_from_url(const char* url);
void http_print_transfer_update(ProfWin* window, char* url,
const char* fmt, ...);
#endif