1
0
mirror of https://github.com/profanity-im/profanity.git synced 2024-12-04 14:46:46 -05:00

Merge pull request #1137 from paulfariello/feature/fix-omemo-trusted-state

Mark messages received from a session as trusted
This commit is contained in:
Michael Vetter 2019-06-25 20:04:32 +02:00 committed by GitHub
commit a142d3a4f6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 25 additions and 10 deletions

View File

@ -890,15 +890,26 @@ omemo_on_message_recv(const char *const from_jid, uint32_t sid,
goto out;
}
omemo_ctx.identity_key_store.recv = true;
if (key->prekey) {
log_debug("OMEMO: decrypting message with prekey");
pre_key_signal_message *message;
ec_public_key *their_identity_key;
signal_buffer *identity_buffer = NULL;
omemo_ctx.identity_key_store.recv = true;
pre_key_signal_message_deserialize(&message, key->data, key->length, omemo_ctx.signal);
their_identity_key = pre_key_signal_message_get_identity_key(message);
res = session_cipher_decrypt_pre_key_signal_message(cipher, message, NULL, &plaintext_key);
omemo_ctx.identity_key_store.recv = false;
/* Perform a real check of the identity */
ec_public_key_serialize(&identity_buffer, their_identity_key);
*trusted = is_trusted_identity(&address, signal_buffer_data(identity_buffer),
signal_buffer_len(identity_buffer), &omemo_ctx.identity_key_store);
/* Replace used pre_key in bundle */
uint32_t pre_key_id = pre_key_signal_message_get_pre_key_id(message);
ec_key_pair *ec_pair;
@ -918,18 +929,18 @@ omemo_on_message_recv(const char *const from_jid, uint32_t sid,
} else {
log_debug("OMEMO: decrypting message with existing session");
signal_message *message = NULL;
res = signal_message_deserialize(&message, key->data, key->length, omemo_ctx.signal);
if (res < 0) {
log_error("OMEMO: cannot deserialize message");
} else {
res = session_cipher_decrypt_signal_message(cipher, message, NULL, &plaintext_key);
*trusted = true;
SIGNAL_UNREF(message);
}
}
omemo_ctx.identity_key_store.recv = false;
*trusted = omemo_ctx.identity_key_store.trusted_msg;
session_cipher_free(cipher);
if (res != 0) {
log_error("OMEMO: cannot decrypt message key");

View File

@ -362,9 +362,16 @@ save_identity(const signal_protocol_address *address, uint8_t *key_data,
{
identity_key_store_t *identity_key_store = (identity_key_store_t *)user_data;
if (identity_key_store->recv && !identity_key_store->trusted_msg) {
if (identity_key_store->recv) {
/* Do not trust identity automatically */
return SG_SUCCESS;
/* Instead we perform a real trust check */
identity_key_store->recv = false;
int trusted = is_trusted_identity(address, key_data, key_len, user_data);
identity_key_store->recv = true;
if (trusted == 0) {
/* If not trusted we just don't save the identity */
return SG_SUCCESS;
}
}
signal_buffer *buffer = signal_buffer_create(key_data, key_len);
@ -398,7 +405,6 @@ is_trusted_identity(const signal_protocol_address *address, uint8_t *key_data,
GHashTable *trusted = g_hash_table_lookup(identity_key_store->trusted, address->name);
if (!trusted) {
if (identity_key_store->recv) {
identity_key_store->trusted_msg = false;
return 1;
} else {
return 0;
@ -414,7 +420,6 @@ is_trusted_identity(const signal_protocol_address *address, uint8_t *key_data,
if (identity_key_store->recv) {
identity_key_store->trusted_msg = ret;
return 1;
} else {
return ret;

View File

@ -49,7 +49,6 @@ typedef struct {
uint32_t registration_id;
GHashTable *trusted;
bool recv;
bool trusted_msg;
} identity_key_store_t;
GHashTable * session_store_new(void);