don't allow to purge keys. offer distrut instead

This commit is contained in:
Daniel Gultsch 2017-01-12 15:59:13 +01:00
parent 2c1d3ef968
commit bfacc180c5
6 changed files with 25 additions and 26 deletions

View File

@ -439,8 +439,10 @@ public class AxolotlService implements OnAdvancedStreamFeaturesLoaded {
mXmppConnectionService.sendIqPacket(account, publish, null); mXmppConnectionService.sendIqPacket(account, publish, null);
} }
public void purgeKey(final String fingerprint) { public void distrustFingerprint(final String fingerprint) {
axolotlStore.setFingerprintStatus(fingerprint.replaceAll("\\s", ""), FingerprintStatus.createCompromised()); final String fp = fingerprint.replaceAll("\\s", "");
final FingerprintStatus fingerprintStatus = axolotlStore.getFingerprintStatus(fp);
axolotlStore.setFingerprintStatus(fp,fingerprintStatus.toUntrusted());
} }
public void publishOwnDeviceIdIfNeeded() { public void publishOwnDeviceIdIfNeeded() {

View File

@ -126,13 +126,6 @@ public class FingerprintStatus implements Comparable<FingerprintStatus> {
return trust; return trust;
} }
public static FingerprintStatus createCompromised() {
FingerprintStatus status = new FingerprintStatus();
status.active = false;
status.trust = Trust.COMPROMISED;
return status;
}
public FingerprintStatus toVerified() { public FingerprintStatus toVerified() {
FingerprintStatus status = new FingerprintStatus(); FingerprintStatus status = new FingerprintStatus();
status.active = active; status.active = active;
@ -140,6 +133,13 @@ public class FingerprintStatus implements Comparable<FingerprintStatus> {
return status; return status;
} }
public FingerprintStatus toUntrusted() {
FingerprintStatus status = new FingerprintStatus();
status.active = active;
status.trust = Trust.UNTRUSTED;
return status;
}
public static FingerprintStatus createInactiveVerified() { public static FingerprintStatus createInactiveVerified() {
final FingerprintStatus status = new FingerprintStatus(); final FingerprintStatus status = new FingerprintStatus();
status.trust = Trust.VERIFIED; status.trust = Trust.VERIFIED;

View File

@ -118,6 +118,8 @@ public class XmppAxolotlSession implements Comparable<XmppAxolotlSession> {
setTrust(status.toActive()); setTrust(status.toActive());
} }
} }
} else {
Log.d(Config.LOGTAG,account.getJid().toBareJid()+" not encrypting omemo message from fingerprint "+getFingerprint()+" because it was marked as compromised");
} }
return plaintext; return plaintext;
} }

View File

@ -24,8 +24,6 @@ import eu.siacs.conversations.R;
import eu.siacs.conversations.crypto.axolotl.FingerprintStatus; import eu.siacs.conversations.crypto.axolotl.FingerprintStatus;
import eu.siacs.conversations.crypto.axolotl.XmppAxolotlSession; import eu.siacs.conversations.crypto.axolotl.XmppAxolotlSession;
import eu.siacs.conversations.entities.Account; import eu.siacs.conversations.entities.Account;
import eu.siacs.conversations.ui.TrustKeysActivity;
import eu.siacs.conversations.ui.XmppActivity;
import eu.siacs.conversations.ui.widget.Switch; import eu.siacs.conversations.ui.widget.Switch;
import eu.siacs.conversations.utils.CryptoHelper; import eu.siacs.conversations.utils.CryptoHelper;
import eu.siacs.conversations.utils.XmppUri; import eu.siacs.conversations.utils.XmppUri;
@ -51,16 +49,17 @@ public abstract class OmemoActivity extends XmppActivity {
&& fingerprint instanceof String && fingerprint instanceof String
&& fingerprintStatus instanceof FingerprintStatus) { && fingerprintStatus instanceof FingerprintStatus) {
getMenuInflater().inflate(R.menu.omemo_key_context, menu); getMenuInflater().inflate(R.menu.omemo_key_context, menu);
MenuItem purgeItem = menu.findItem(R.id.purge_omemo_key); MenuItem distrust = menu.findItem(R.id.distrust_key);
MenuItem verifyScan = menu.findItem(R.id.verify_scan); MenuItem verifyScan = menu.findItem(R.id.verify_scan);
if (this instanceof TrustKeysActivity) { if (this instanceof TrustKeysActivity) {
purgeItem.setVisible(false); distrust.setVisible(false);
verifyScan.setVisible(false); verifyScan.setVisible(false);
} else { } else {
FingerprintStatus status = (FingerprintStatus) fingerprintStatus; FingerprintStatus status = (FingerprintStatus) fingerprintStatus;
if (!status.isActive() || status.isVerified()) { if (!status.isActive() || status.isVerified()) {
verifyScan.setVisible(false); verifyScan.setVisible(false);
} }
distrust.setVisible(status.isVerified());
} }
this.mSelectedAccount = (Account) account; this.mSelectedAccount = (Account) account;
this.mSelectedFingerprint = (String) fingerprint; this.mSelectedFingerprint = (String) fingerprint;
@ -70,7 +69,7 @@ public abstract class OmemoActivity extends XmppActivity {
@Override @Override
public boolean onContextItemSelected(MenuItem item) { public boolean onContextItemSelected(MenuItem item) {
switch (item.getItemId()) { switch (item.getItemId()) {
case R.id.purge_omemo_key: case R.id.distrust_key:
showPurgeKeyDialog(mSelectedAccount,mSelectedFingerprint); showPurgeKeyDialog(mSelectedAccount,mSelectedFingerprint);
break; break;
case R.id.copy_omemo_key: case R.id.copy_omemo_key:
@ -242,17 +241,14 @@ public abstract class OmemoActivity extends XmppActivity {
public void showPurgeKeyDialog(final Account account, final String fingerprint) { public void showPurgeKeyDialog(final Account account, final String fingerprint) {
AlertDialog.Builder builder = new AlertDialog.Builder(this); AlertDialog.Builder builder = new AlertDialog.Builder(this);
builder.setTitle(getString(R.string.purge_key)); builder.setTitle(R.string.distrust_omemo_key);
builder.setIconAttribute(android.R.attr.alertDialogIcon); builder.setMessage(R.string.distrust_omemo_key_text);
builder.setMessage(getString(R.string.purge_key_desc_part1)
+ "\n\n" + CryptoHelper.prettifyFingerprint(fingerprint.substring(2))
+ "\n\n" + getString(R.string.purge_key_desc_part2));
builder.setNegativeButton(getString(R.string.cancel), null); builder.setNegativeButton(getString(R.string.cancel), null);
builder.setPositiveButton(getString(R.string.purge_key), builder.setPositiveButton(R.string.confirm,
new DialogInterface.OnClickListener() { new DialogInterface.OnClickListener() {
@Override @Override
public void onClick(DialogInterface dialog, int which) { public void onClick(DialogInterface dialog, int which) {
account.getAxolotlService().purgeKey(fingerprint); account.getAxolotlService().distrustFingerprint(fingerprint);
refreshUi(); refreshUi();
} }
}); });

View File

@ -5,8 +5,8 @@
android:title="@string/scan_qr_code" android:title="@string/scan_qr_code"
/> />
<item <item
android:id="@+id/purge_omemo_key" android:id="@+id/distrust_key"
android:title="@string/purge_key"/> android:title="@string/distrust_omemo_key"/>
<item <item
android:id="@+id/copy_omemo_key" android:id="@+id/copy_omemo_key"
android:title="@string/copy_fingerprint"/> android:title="@string/copy_fingerprint"/>

View File

@ -429,9 +429,6 @@
<string name="wipe_omemo_pep">Wipe other devices from PEP</string> <string name="wipe_omemo_pep">Wipe other devices from PEP</string>
<string name="clear_other_devices">Clear devices</string> <string name="clear_other_devices">Clear devices</string>
<string name="clear_other_devices_desc">Are you sure you want to clear all other devices from the OMEMO announcement? The next time your devices connect, they will reannounce themselves, but they might not receive messages sent in the meantime.</string> <string name="clear_other_devices_desc">Are you sure you want to clear all other devices from the OMEMO announcement? The next time your devices connect, they will reannounce themselves, but they might not receive messages sent in the meantime.</string>
<string name="purge_key">Purge key</string>
<string name="purge_key_desc_part1">Are you sure you want to purge this key?</string>
<string name="purge_key_desc_part2">It will irreversibly be considered compromised, and you can never build a session with it again.</string>
<string name="error_no_keys_to_trust_server_error">There are no usable keys available for this contact.\nFetching new keys from the server has been unsuccessful. Maybe there is something wrong with your contacts server.</string> <string name="error_no_keys_to_trust_server_error">There are no usable keys available for this contact.\nFetching new keys from the server has been unsuccessful. Maybe there is something wrong with your contacts server.</string>
<string name="error_no_keys_to_trust">There are no usable keys available for this contact. If you have purged any of their keys, they need to generate new ones.</string> <string name="error_no_keys_to_trust">There are no usable keys available for this contact. If you have purged any of their keys, they need to generate new ones.</string>
<string name="error_trustkeys_title">Error</string> <string name="error_trustkeys_title">Error</string>
@ -725,4 +722,6 @@
<string name="verify_omemo_keys">Verify OMEMO keys</string> <string name="verify_omemo_keys">Verify OMEMO keys</string>
<string name="show_inactive_devices">Show inactive devices</string> <string name="show_inactive_devices">Show inactive devices</string>
<string name="hide_inactive_devices">Hide inactive devices</string> <string name="hide_inactive_devices">Hide inactive devices</string>
<string name="distrust_omemo_key">Distrust device</string>
<string name="distrust_omemo_key_text">Are you sure you want to remove the verification for this device?\nThis device and messages coming from that device will be marked as untrusted.</string>
</resources> </resources>