Commit graph

269 commits

Author SHA1 Message Date
fiaxh 29a849cb92 Decrypt PGP messages in background 2015-10-28 19:57:11 +00:00
Daniel Gultsch 3c6c424d31 don't retry building broken omemo keys 2015-10-17 15:51:21 +02:00
Daniel Gultsch e9e31b1c9b load axolotl session cache on first device update 2015-10-17 14:44:59 +02:00
Daniel Gultsch a83aae341f improved error reporting in trust keys activity 2015-10-17 14:09:26 +02:00
Daniel Gultsch cfeb67d71d introduced code to verify omemo device keys with x509 certificates.
cleaned up TrustKeysActivity to automatically close if there is nothing to do
2015-10-16 23:48:42 +02:00
Daniel Gultsch c1716a35e3 moved other name parsing into seperate method 2015-10-15 20:05:55 +02:00
Daniel Gultsch fc96dcaa4d use constants for oids in xmppdomainverifier 2015-10-15 19:14:41 +02:00
Daniel Gultsch 5b271e1ed8 more checks for xmppdomainverifier and better wildcard handling 2015-10-15 18:06:26 +02:00
Daniel Gultsch e75c2cd731 use own XmppDomainVerifier instead of deprecated StrictHostnameVerifier. fixes #1189 2015-10-15 17:08:38 +02:00
Daniel Gultsch 212d1a8c91 add config variable to enable x509 verification 2015-10-12 13:18:20 +02:00
Daniel Gultsch 933538a39d code clean up 2015-10-12 12:36:54 +02:00
Daniel Gultsch b519411d34 enable SASL EXTERNAL (certificate login 2015-10-11 20:45:01 +02:00
Daniel Gultsch 7be331bbb2 add menu item in account details to renew certificate 2015-10-11 16:10:52 +02:00
Andreas Straub fdd88aa530 Clean up
Fixes some random linter warnings.
2015-10-11 16:05:44 +02:00
Daniel Gultsch 506b83ddc6 be more careful when publishing device bundle 2015-09-17 14:18:06 +02:00
Daniel Gultsch eff173ebc2 indicate broken pep in server info 2015-09-06 19:40:28 +02:00
Andreas Straub a95c451f1e Only show that have sessions in fingerprint list
Doesn't access database directly anymore but goes through AxolotlService
now to obtain list of fingerprints associated with an Account/Contact.
This should prevent orphaned keys littering the UI which previously
couldn't be removed through the Clear Devices function.

Together with 1c79982da84964c1d81179a0927d9cd1eadf53de this fixes #1393
2015-09-06 15:15:57 +02:00
Andreas Straub 2bb033267b Don't manually add keys to the store
There is no need to preemptively add the keys to the store oneself.
SessionBuilder will take care of this for us. What's more, this will
prevent IdentityKeys from otherwise invalid bundles to show up in our
UI.
2015-09-06 15:15:57 +02:00
Andreas Straub e2d506c96a Never build a session with oneself
If we detect our own ID is not in our own devicelist on receiving an
update, we reannounce ourselves. This used to have the side effect of
modifying the list of devices we thought were in the update set, causing
us to accidentally build a session with ourselves.

This lead to our own key being set to TRUSTED_INACTIVE, resulting in red
lock icons on messages sent by the own device.

We fix this by having publishOwnDeviceId() operate on a copy of the
original set. This commit also includes a db migration which deletes
sessions with oneself and sets own keys back to TRUSTED.
2015-09-05 17:29:58 +02:00
Daniel Gultsch 91b0605bc2 use same method to add message hints to otr message everywhere it is needed 2015-09-01 22:36:56 +02:00
Andreas Straub 1156ccbce2 Fix error handling for announce check retrieval
Only aborts when a timeout was received. Error conditions (most notably
item-not-found) are interpreted as no other devices existing.
2015-08-26 20:52:44 +02:00
Andreas Straub c4a548ada0 Only announce device after publishing bundle 2015-08-26 15:45:21 +02:00
Andreas Straub 0eeaccd974 Fix key publishing
Remove invalid check for result code, which prevented publishing if the
node was empty to begin with.

Fix pepBroken check
2015-08-26 00:27:39 +02:00
Andreas Straub 25a9d59412 Add more logging to pep attemp counter logic 2015-08-25 18:52:36 +02:00
Andreas Straub eafcf38ec9 Limit number of PEP publish tries
If PEP publish tries are repeatedly triggered by empty PEP updates, stop
attempting to publish after 3 tries. This should work around broken PEP
implementations in older ejabberd and OpenFire versions.
2015-08-25 18:43:44 +02:00
Andreas Straub b84fecf51a Pass through device IDs when updating own list 2015-08-25 12:17:09 +02:00
Daniel Gultsch 5eae1e52d2 cleared up some error messages in axolotl service and execute publishOwnDevicesWhenNeeded() only if processing our own jid 2015-08-25 11:43:10 +02:00
Andreas Straub e1dc7f990d Add error handling to OMEMO PEP code
Log received errors and abort processing
2015-08-23 13:23:51 +02:00
Daniel Gultsch c082066118 catch null pointer in ScramSHA1 sasl 2015-08-16 11:50:33 +02:00
Andreas Straub 7437d0fe0c Increase number of published prekeys for release 2015-08-07 12:30:39 +02:00
Andreas Straub 6cd9383e53 Let UNTRUSTED/UNDECIDED keys become INACTIVE 2015-08-01 18:30:11 +02:00
Andreas Straub 6059b96456 Provide process function for key transport message 2015-07-31 23:28:09 +02:00
Andreas Straub 909f761ca1 Refactor axolotl message processing workflow
XmppAxolotlMessage is now entirely responsible for handling encryption
and decryption of messages, only leveraging XmppAxolotlSession as a
packing/unpacking primitive for payload keys.

Removed pseudo-dead session generation code step from prepareMessage
function, as sessions have been created by invoking the
TrustKeysActivity for a while now.

Added prepareKeyTransportMessage function, which creates a message with
no payload. The key that is packed into the header keyElements can then
be used for other purposes (e.g. encrypted file transfer).
2015-07-31 21:31:45 +02:00
Andreas Straub 50b14434ee Reformat code 2015-07-31 21:31:45 +02:00
Andreas Straub 5c421da1e1 Change to new wire protocol version 2015-07-31 21:31:45 +02:00
Andreas Straub e10a6c5b87 Fix NPE: consider unknown keys UNDECIDED 2015-07-29 02:59:41 +02:00
Andreas Straub efcefc2e63 Refactor out inner classes, cache trust store
Moves SQLiteAxolotlStore and XmppAxolotlSession into proper classes.

IdentityKeys trust statuses are now cached in an LruCache to prevent
hammering the database when rendering the UI.
2015-07-29 02:59:26 +02:00
Andreas Straub db05d26433 Always build own device session automatically 2015-07-22 15:03:52 +02:00
Andreas Straub 92b5081b5e Add INACTIVE state for removed keys
We introduce a new trust state: INACTIVE. This state is intended for
old keys that have been removed.

When a TRUSTED device is removed from the PEP devicelist, it's status
will be set to INACTIVE. INACTIVE keys are shown in the UI as greyed
out, non-interactible key rows. Messages are not encrypted for INACTIVE
devices.

When an INACTIVE device reappears in PEP, or a message is received from
an INACTIVE device, it is set back to trusted.
2015-07-21 14:24:59 +02:00
Andreas Straub 3c5c0c7d3b Fill own device sessions into SessionMap 2015-07-21 14:24:59 +02:00
Daniel Gultsch ffa588ba3e and now do that properly 2015-07-21 12:01:20 +02:00
Daniel Gultsch a5027104fd bugfix: also add no-permanent-storage to message hints 2015-07-21 11:50:32 +02:00
Andreas Straub b7ff2c3461 Use properly fixed numeral values in Trust enum
Why, oh God, why?! #thanksjamesgosling
2015-07-21 01:52:22 +02:00
Andreas Straub 639ebd644b Remove unused import 2015-07-21 01:17:29 +02:00
Andreas Straub 122bc97ce2 Switch payload encryption to AES-GCM
This also ensures that the IV is generated with proper randomness.
2015-07-21 01:17:14 +02:00
Andreas Straub 971aa3a11e Also decrypt messages from UNTRUSTED sessions 2015-07-20 23:16:06 +02:00
Andreas Straub d2845e9ac1 Refactor axolotl send processing/caching flow 2015-07-20 23:13:28 +02:00
Andreas Straub 8be0e8a27d Start TrustKeysActivity if no keys are TRUSTED
If there are no UNDECIDED keys, but none of the contact's keys are
trusted, redirect the user to the TrustKeysActivity
2015-07-20 22:35:07 +02:00
Andreas Straub ab2d114bbc Add purge axolotl key option
Can now long-press a key to permanently purge it.
2015-07-20 22:18:24 +02:00
Daniel Gultsch e79f82ca72 attempt to fix the delay problem 2015-07-20 18:11:33 +02:00
Andreas Straub 19a0ae42d6 Lock TrustKeys if no trusted keys are available 2015-07-20 14:56:41 +02:00
Andreas Straub 012f036840 Optimize imports 2015-07-20 14:26:29 +02:00
Andreas Straub 14010bf5a6 Ask for key trust when sending messages
If the contact (or the own account) has keys that have UNDECIDED trust,
we now drop the user into the new TrustKeysActivity, where they have to
decide for each new key whether it should be TRUSTED or UNTRUSTED.
2015-07-19 22:27:26 +02:00
Andreas Straub 9c4d55f82c Send correct body for HTTP files
When using HTTP upload to send files, take care to transmit only the URL
rather than the entire body, which contains metadata.
2015-07-19 22:23:28 +02:00
Andreas Straub 4038af2f47 Fix trust status for outgoing messages
Tag sent messages with own fingerprint, set own fingerprint as always
trusted, include own fingerprint in database trust search, explicitly
reset trust colorfilter
2015-07-19 22:23:28 +02:00
Andreas Straub 35714d3d08 Ensure that available sessions are always used
Any time a new session is established, call syncRosterToDisk() to ensure
that on subsequent restoreFromDatabase() calls, the roster is actually
available. This is important so that initAccountServices() can properly
initialize the SessionMap. This prevents a race condition where after
adding a new account and initiating sessions with it, if the app is
killed (e.g. by reinstall) before triggering a syncRosterToDisk(),
subsequent restores will not have the roster available, leading to
missing XmppAxolotlSessions in the SessionMap cache. As a result of
this, a new session was initiated when sending a new message, and
received messages could not be tagged with the originating session's
fingerprint.

As an added sanity check, go to the database to confirm no records are
present before creating fresh XmppAxolotlSession objects (both in the
sending and receiving case).
2015-07-19 22:23:27 +02:00
Andreas Straub 461d0446f7 Fix and expand key regeneration function
Wipe session cache to prevent stale sessions being used. Wipe fetch
status cache to enable recreation of sessions. Regenerate deviceId, so
that foreign devices will talk to us again.
2015-07-19 22:23:27 +02:00
Andreas Straub d173913eba Overhauled Message tagging
Messages are now tagged with the IdentityKey fingerprint of the
originating session. IdentityKeys have one of three trust states:
undecided (default), trusted, and untrusted/not yet trusted.
2015-07-19 22:17:58 +02:00
Andreas Straub f1d73b9d4e Use full int range for device IDs 2015-07-19 22:17:57 +02:00
Andreas Straub 540faeb54b Clean up unused constant 2015-07-19 22:17:57 +02:00
Andreas Straub bd29653a20 Make some fields final 2015-07-19 22:17:57 +02:00
Andreas Straub 3458f5bb91 Clean up logging
Add a fixed prefix to axolotl-related log messages, set log levels
sensibly.
2015-07-19 22:17:57 +02:00
Andreas Straub 7049904c32 Add basic PEP managemend UI to EditAccountActivity
EditAccountActivity now show own fingerprint, and gives an option to
regenerate local keying material (and wipe all sessions associated with
the old keys in the process).

It also now displays a list of other own devices, and gives an option to
remove all but the current device.
2015-07-19 22:17:55 +02:00
Andreas Straub 968410ae33 Fix devicelist update handling
No longer store own device ID (so that we don't encrypt messages for
ourselves), verify that own device ID is present in update list
(otherwise republish), reflect update in UI.
2015-07-19 21:32:27 +02:00
Andreas Straub 0cf64857cf Only cache session if successfully established
When receiving a message, only remember the XmppAxolotlSession wrapper
if the prospective session was actually established. This prevents us
from erroneously adding empty sessions that are never established using
received PreKeyWhisperMessages, which would lead to errors if we try to
use them for sending.
2015-07-19 21:32:27 +02:00
Andreas Straub 6867b5c3ab Return empty set on invalid PEP devicelist 2015-07-19 21:32:27 +02:00
Andreas Straub 25450bf6d3 Trust all IdentityKeys
The trust-on-first-use policy leads to problems when receiving messages
from two different devices of a contact before sending a message to them
(as their IdentityKeys will not have been added yet). Since session
trust will be managed externally anyway, this change is not a security
problem, and will allow us to decrypt messages from yet-untrusted
sessions.
2015-07-19 21:32:27 +02:00
Andreas Straub bf4185ac08 Refresh PEP on session establish
We now track preKeys used to establish incoming sessions with us. On
each new established session, we remove the used prekey from PEP. We
have to do this because libaxolotl-java internally clears the used
preKey from its storage, so we will not be able to establish any future
sessions using that key.
2015-07-19 21:32:27 +02:00
Andreas Straub 69600502d2 Fix asynchronous axolotl message sending
XmppConnectionService.sendMessage() now dispatches messages to the
AxolotlService, where they only are prepared for sending and cached.
AxolotlService now triggers a XmppConnectionService.resendMessage(),
which then handles sending the cached message packet.

This transparently fixes, e.g., handling of messages sent while we are
offline.
2015-07-19 21:32:27 +02:00
Andreas Straub ec6870307e Properly track message sender
Previously, the sender was assumed to be the conversation counterpart.
This broke carboned own-device messages. We now track the sender
properly, and also set the status (sent by one of the own devices vs
received from the counterpart) accordingly.
2015-07-19 21:32:27 +02:00
Andreas Straub 18c1e15d00 Rework PEP content verification
Now checks which part(s) are out of sync w/ local storage, and updates
only those, rather than assuming the entire node corrupt and
overwriting it all (especially relevant for preKey list)
2015-07-19 21:32:27 +02:00
Andreas Straub 9a0232f7e7 Formatting fixes 2015-07-19 21:32:27 +02:00
Andreas Straub 992cf5652e When receiving, add mock session if none exists
We need a session object in order to build a session from a
PreKeyWhisperMessage, so add an empty one when none exists on receiving
a message.

Warning: this will break right now if the session can not be constructed
from the received message.There will be an invalid session which will
break if we try to send using it.
2015-07-19 21:32:26 +02:00
Andreas Straub 1b0596d574 Tag messages with originating session
This can be used later in order to display trust status of messages, as
well as for potential resending of messages in case of preKey conflicts.
2015-07-19 21:32:26 +02:00
Andreas Straub 3815d4efa3 Fetch bundles on-demand, encrypt in background
Bundles are now fetched on demand when a session needs to be
established. This should lessen the chance of changes to the bundles
occuring before they're used, as well as lessen the load of fetching
bundles.

Also, the message encryption is now done in a background thread, as this
can be somewhat costly if many sessions are present. This is probably
not going to be an issue in real use, but it's good practice anyway.
2015-07-19 21:32:26 +02:00
Andreas Straub cb7980c65e Use bareJid for own session retrieval 2015-07-19 21:32:26 +02:00
Andreas Straub c1d23b2395 Migrate to new PEP layout
Merge prekeys into bundle node
2015-07-19 21:32:26 +02:00
Andreas Straub 6492801b89 Formatting fixes 2015-07-19 21:32:26 +02:00
Andreas Straub 74026b742b Save IdentityKeys in database 2015-07-19 21:32:26 +02:00
Andreas Straub 299bbdf27f Reformat code to use tabs
This really sucks to do it like this. Sorry. :(
2015-07-19 21:32:26 +02:00
Andreas Straub 77619b55e4 Added PEP and message protocol layers
Can now fetch/retrieve from PEP, as well as encode/decode messages
2015-07-19 21:32:26 +02:00
Andreas Straub f73aa1a200 Reworked axolotl protocol layer
Numerous fixes
2015-07-19 21:32:25 +02:00
Andreas Straub b8048a5538 CryptoNext persistance layer mockup
Initial sketch of the peripheral storage infrastructure for the new
axolotl-based encryption scheme.
2015-07-19 21:32:21 +02:00
Daniel Gultsch 78aff1329f renamed HttpConnection to HttpDownloadConnection 2015-07-10 15:14:13 +02:00
Daniel Gultsch 492e387482 added null check in sasl response verifier 2015-07-10 12:16:30 +02:00
Daniel Gultsch c20a088ea8 changed mime type handling 2015-07-01 16:01:18 +02:00
Daniel Gultsch aca9d8036c made httpconnection (download) ready all kind of files 2015-06-30 17:15:02 +02:00
Daniel Gultsch d7de311379 refactored bodyContainsDownloadable to be more flexible 2015-06-30 13:52:53 +02:00
Daniel Gultsch 0030bbf472 untested pgp support for http upload 2015-06-29 15:38:16 +02:00
Daniel Gultsch dc91ff8f29 renamed OtrEngine to OtrService 2015-05-26 04:36:32 +02:00
BrianBlade d6443d9b2f OTR: Fix onContactStatusChanged & dont archive OTR
- Fix session handling on contact status change: Do not reset
  potentially active sessions; check peer's OTR-resource on disconnect
- use no-permanent-store hint instead of no-store to ensure
  finished messages are delivered to offline/disconnected clients
- add no-permanent-store to ask compliant servers not to archive
  OTR messages
2015-04-21 22:35:35 +02:00
BrianBlade db74cb52c4 Fix OTR-Error messages
Send out OTR-Errors on unreadableMessageReceived() as well, not only on
messageFromAnotherInstanceReceived
2015-04-01 20:03:09 +02:00
iNPUTmice 99b2ef7e9d respond to unreadable OTR messages with error message. fixed #1021 2015-03-21 16:07:17 +01:00
iNPUTmice 7ee5e95959 added typing notifications through XEP-0085. fixed #210 2015-02-21 11:06:52 +01:00
Michael fa7d748c3f otr4j: update to 0.22 2015-01-20 18:01:39 +01:00
Daniel Gultsch ef6e4c5dd5 do not check image file size over http if accepted file size is 0 2015-01-11 22:18:18 +01:00
Daniel Gultsch 1988e244ef some further otr improvements 2015-01-02 15:14:06 +01:00
Daniel Gultsch 8d2f454479 prefer PLAIN over DIGEST-MD5
DIGEST-MD5 seems to be broken for a lot of cases (OpenFire)
switched priority of PLAIN to not cause any security errors
2015-01-02 01:39:19 +01:00
Daniel Gultsch 3833e6dfef improved OTR verification part one 2015-01-02 01:21:14 +01:00
iNPUTmice f2510ae9f6 mark otr messages as no-store for mam 2014-12-10 14:08:06 +01:00
iNPUTmice 9c9e22c020 fixed digest-md5 2014-12-04 12:33:56 +01:00
Sam Whited feec659b08 Make sure SASL tokenizer strips strings
Fix DIGEST-MD5 auth (make sure we're not splitting on BASE64 `==')
2014-12-02 19:33:41 -05:00
Michael dc0dba3faf remove unused imports. 2014-11-21 19:17:27 +01:00
iNPUTmice de0b36fc78 verify contacts key only on initiating side of smp 2014-11-21 13:42:25 +01:00
Sam Whited cfdda5f8fd Don't escape passwords in SASL
Fixes #671
2014-11-15 21:11:14 -05:00
Sam Whited a463f82e3b Cache SCRAM-SHA-1 keys for current session 2014-11-15 12:57:36 -05:00
Sam Whited 847877f9d2 Add auth method pinning 2014-11-15 10:01:08 -05:00
iNPUTmice 35bf13f5ef Merge branch 'feature/file_transfer' into development
Conflicts:
	src/main/res/values/strings.xml
2014-11-15 15:52:15 +01:00
iNPUTmice 5b9c690c47 Merge branch 'feature/otr_verification' into development 2014-11-15 15:50:35 +01:00
iNPUTmice e7a70a46e0 some mime and pgp fixes for file transfer 2014-11-15 15:34:12 +01:00
iNPUTmice 16847a30c8 support for pgp files 2014-11-15 15:34:12 +01:00
Sam Whited 4b5d6f5b4f Improve auth error handling and state machine 2014-11-15 08:49:00 -05:00
Sam Whited 0e550789d3 Add SCRAM-SHA1 support
Factor out GS2 tokanization into own class
Add authentication exception class

Fixes #71
2014-11-14 18:00:12 -05:00
Sam Whited 14cfb60952 Refactor authentication code 2014-11-12 10:15:38 -05:00
iNPUTmice 6cd2ff0d88 initial smp support 2014-11-11 17:40:51 +01:00
Sam Whited 180a0e4408 Rework `Account.getJid()' to return full JIDs
Remove `Account.getFullJid()'
2014-11-09 10:57:22 -05:00
Sam Whited 9053f4aca0 Move a chunk of classes over to using JID objects 2014-11-09 07:00:40 -05:00
Sam Whited 46f147a82c Merge branch 'gradle' into development
Conflicts:
	.gitignore
	CHANGELOG.md
	README.md
	libs/MemorizingTrustManager
	libs/minidns
	libs/openpgp-api-lib
2014-10-30 15:33:13 -04:00
Sam Whited 281ce3105f Make conversations the root project 2014-10-22 15:47:11 -04:00