Commit Graph

62 Commits

Author SHA1 Message Date
Andreas Straub d173913eba Overhauled Message tagging
Messages are now tagged with the IdentityKey fingerprint of the
originating session. IdentityKeys have one of three trust states:
undecided (default), trusted, and untrusted/not yet trusted.
2015-07-19 22:17:58 +02:00
Andreas Straub f1d73b9d4e Use full int range for device IDs 2015-07-19 22:17:57 +02:00
Andreas Straub 540faeb54b Clean up unused constant 2015-07-19 22:17:57 +02:00
Andreas Straub bd29653a20 Make some fields final 2015-07-19 22:17:57 +02:00
Andreas Straub 3458f5bb91 Clean up logging
Add a fixed prefix to axolotl-related log messages, set log levels
sensibly.
2015-07-19 22:17:57 +02:00
Andreas Straub 7049904c32 Add basic PEP managemend UI to EditAccountActivity
EditAccountActivity now show own fingerprint, and gives an option to
regenerate local keying material (and wipe all sessions associated with
the old keys in the process).

It also now displays a list of other own devices, and gives an option to
remove all but the current device.
2015-07-19 22:17:55 +02:00
Andreas Straub 968410ae33 Fix devicelist update handling
No longer store own device ID (so that we don't encrypt messages for
ourselves), verify that own device ID is present in update list
(otherwise republish), reflect update in UI.
2015-07-19 21:32:27 +02:00
Andreas Straub 0cf64857cf Only cache session if successfully established
When receiving a message, only remember the XmppAxolotlSession wrapper
if the prospective session was actually established. This prevents us
from erroneously adding empty sessions that are never established using
received PreKeyWhisperMessages, which would lead to errors if we try to
use them for sending.
2015-07-19 21:32:27 +02:00
Andreas Straub 6867b5c3ab Return empty set on invalid PEP devicelist 2015-07-19 21:32:27 +02:00
Andreas Straub 25450bf6d3 Trust all IdentityKeys
The trust-on-first-use policy leads to problems when receiving messages
from two different devices of a contact before sending a message to them
(as their IdentityKeys will not have been added yet). Since session
trust will be managed externally anyway, this change is not a security
problem, and will allow us to decrypt messages from yet-untrusted
sessions.
2015-07-19 21:32:27 +02:00
Andreas Straub bf4185ac08 Refresh PEP on session establish
We now track preKeys used to establish incoming sessions with us. On
each new established session, we remove the used prekey from PEP. We
have to do this because libaxolotl-java internally clears the used
preKey from its storage, so we will not be able to establish any future
sessions using that key.
2015-07-19 21:32:27 +02:00
Andreas Straub 69600502d2 Fix asynchronous axolotl message sending
XmppConnectionService.sendMessage() now dispatches messages to the
AxolotlService, where they only are prepared for sending and cached.
AxolotlService now triggers a XmppConnectionService.resendMessage(),
which then handles sending the cached message packet.

This transparently fixes, e.g., handling of messages sent while we are
offline.
2015-07-19 21:32:27 +02:00
Andreas Straub ec6870307e Properly track message sender
Previously, the sender was assumed to be the conversation counterpart.
This broke carboned own-device messages. We now track the sender
properly, and also set the status (sent by one of the own devices vs
received from the counterpart) accordingly.
2015-07-19 21:32:27 +02:00
Andreas Straub 18c1e15d00 Rework PEP content verification
Now checks which part(s) are out of sync w/ local storage, and updates
only those, rather than assuming the entire node corrupt and
overwriting it all (especially relevant for preKey list)
2015-07-19 21:32:27 +02:00
Andreas Straub 9a0232f7e7 Formatting fixes 2015-07-19 21:32:27 +02:00
Andreas Straub 992cf5652e When receiving, add mock session if none exists
We need a session object in order to build a session from a
PreKeyWhisperMessage, so add an empty one when none exists on receiving
a message.

Warning: this will break right now if the session can not be constructed
from the received message.There will be an invalid session which will
break if we try to send using it.
2015-07-19 21:32:26 +02:00
Andreas Straub 1b0596d574 Tag messages with originating session
This can be used later in order to display trust status of messages, as
well as for potential resending of messages in case of preKey conflicts.
2015-07-19 21:32:26 +02:00
Andreas Straub 3815d4efa3 Fetch bundles on-demand, encrypt in background
Bundles are now fetched on demand when a session needs to be
established. This should lessen the chance of changes to the bundles
occuring before they're used, as well as lessen the load of fetching
bundles.

Also, the message encryption is now done in a background thread, as this
can be somewhat costly if many sessions are present. This is probably
not going to be an issue in real use, but it's good practice anyway.
2015-07-19 21:32:26 +02:00
Andreas Straub cb7980c65e Use bareJid for own session retrieval 2015-07-19 21:32:26 +02:00
Andreas Straub c1d23b2395 Migrate to new PEP layout
Merge prekeys into bundle node
2015-07-19 21:32:26 +02:00
Andreas Straub 6492801b89 Formatting fixes 2015-07-19 21:32:26 +02:00
Andreas Straub 74026b742b Save IdentityKeys in database 2015-07-19 21:32:26 +02:00
Andreas Straub 299bbdf27f Reformat code to use tabs
This really sucks to do it like this. Sorry. :(
2015-07-19 21:32:26 +02:00
Andreas Straub 77619b55e4 Added PEP and message protocol layers
Can now fetch/retrieve from PEP, as well as encode/decode messages
2015-07-19 21:32:26 +02:00
Andreas Straub f73aa1a200 Reworked axolotl protocol layer
Numerous fixes
2015-07-19 21:32:25 +02:00
Andreas Straub b8048a5538 CryptoNext persistance layer mockup
Initial sketch of the peripheral storage infrastructure for the new
axolotl-based encryption scheme.
2015-07-19 21:32:21 +02:00
Daniel Gultsch 78aff1329f renamed HttpConnection to HttpDownloadConnection 2015-07-10 15:14:13 +02:00
Daniel Gultsch 492e387482 added null check in sasl response verifier 2015-07-10 12:16:30 +02:00
Daniel Gultsch c20a088ea8 changed mime type handling 2015-07-01 16:01:18 +02:00
Daniel Gultsch aca9d8036c made httpconnection (download) ready all kind of files 2015-06-30 17:15:02 +02:00
Daniel Gultsch d7de311379 refactored bodyContainsDownloadable to be more flexible 2015-06-30 13:52:53 +02:00
Daniel Gultsch 0030bbf472 untested pgp support for http upload 2015-06-29 15:38:16 +02:00
Daniel Gultsch dc91ff8f29 renamed OtrEngine to OtrService 2015-05-26 04:36:32 +02:00
BrianBlade d6443d9b2f OTR: Fix onContactStatusChanged & dont archive OTR
- Fix session handling on contact status change: Do not reset
  potentially active sessions; check peer's OTR-resource on disconnect
- use no-permanent-store hint instead of no-store to ensure
  finished messages are delivered to offline/disconnected clients
- add no-permanent-store to ask compliant servers not to archive
  OTR messages
2015-04-21 22:35:35 +02:00
BrianBlade db74cb52c4 Fix OTR-Error messages
Send out OTR-Errors on unreadableMessageReceived() as well, not only on
messageFromAnotherInstanceReceived
2015-04-01 20:03:09 +02:00
iNPUTmice 99b2ef7e9d respond to unreadable OTR messages with error message. fixed #1021 2015-03-21 16:07:17 +01:00
iNPUTmice 7ee5e95959 added typing notifications through XEP-0085. fixed #210 2015-02-21 11:06:52 +01:00
Michael fa7d748c3f otr4j: update to 0.22 2015-01-20 18:01:39 +01:00
Daniel Gultsch ef6e4c5dd5 do not check image file size over http if accepted file size is 0 2015-01-11 22:18:18 +01:00
Daniel Gultsch 1988e244ef some further otr improvements 2015-01-02 15:14:06 +01:00
Daniel Gultsch 8d2f454479 prefer PLAIN over DIGEST-MD5
DIGEST-MD5 seems to be broken for a lot of cases (OpenFire)
switched priority of PLAIN to not cause any security errors
2015-01-02 01:39:19 +01:00
Daniel Gultsch 3833e6dfef improved OTR verification part one 2015-01-02 01:21:14 +01:00
iNPUTmice f2510ae9f6 mark otr messages as no-store for mam 2014-12-10 14:08:06 +01:00
iNPUTmice 9c9e22c020 fixed digest-md5 2014-12-04 12:33:56 +01:00
Sam Whited feec659b08 Make sure SASL tokenizer strips strings
Fix DIGEST-MD5 auth (make sure we're not splitting on BASE64 `==')
2014-12-02 19:33:41 -05:00
Michael dc0dba3faf remove unused imports. 2014-11-21 19:17:27 +01:00
iNPUTmice de0b36fc78 verify contacts key only on initiating side of smp 2014-11-21 13:42:25 +01:00
Sam Whited cfdda5f8fd Don't escape passwords in SASL
Fixes #671
2014-11-15 21:11:14 -05:00
Sam Whited a463f82e3b Cache SCRAM-SHA-1 keys for current session 2014-11-15 12:57:36 -05:00
Sam Whited 847877f9d2 Add auth method pinning 2014-11-15 10:01:08 -05:00