diff options
author | Christian Schneppe <christian@pix-art.de> | 2016-11-24 21:42:35 +0100 |
---|---|---|
committer | Christian Schneppe <christian@pix-art.de> | 2016-11-24 21:42:35 +0100 |
commit | fefae63f1dceef88c42a2c80ce7265419095316f (patch) | |
tree | 304098147b44995538ff9ca6cb7d46c6825254ed | |
parent | 02ff5375371d5178c6e0bb099d2a962488c1ef4a (diff) |
introduced blind trust before verification mode
read more about the concept on https://gultsch.de/trust.html
8 files changed, 59 insertions, 7 deletions
diff --git a/src/main/java/de/pixart/messenger/crypto/axolotl/AxolotlService.java b/src/main/java/de/pixart/messenger/crypto/axolotl/AxolotlService.java index 8a38ce20d..7ecdcb355 100644 --- a/src/main/java/de/pixart/messenger/crypto/axolotl/AxolotlService.java +++ b/src/main/java/de/pixart/messenger/crypto/axolotl/AxolotlService.java @@ -111,6 +111,15 @@ public class AxolotlService implements OnAdvancedStreamFeaturesLoaded { axolotlStore.preVerifyFingerprint(account, account.getJid().toBareJid().toPreppedString(), fingerprint); } + public boolean hasVerifiedKeys(String name) { + for(XmppAxolotlSession session : this.sessions.getAll(new AxolotlAddress(name,0)).values()) { + if (session.getTrust().isVerified()) { + return true; + } + } + return false; + } + private static class AxolotlAddressMap<T> { protected Map<String, Map<Integer, T>> map; protected final Object MAP_LOCK = new Object(); @@ -225,6 +234,7 @@ public class AxolotlService implements OnAdvancedStreamFeaturesLoaded { SUCCESS, SUCCESS_VERIFIED, TIMEOUT, + SUCCESS_TRUSTED, ERROR } @@ -775,6 +785,8 @@ public class AxolotlService implements OnAdvancedStreamFeaturesLoaded { report = FetchStatus.SUCCESS; } else if (own.containsValue(FetchStatus.SUCCESS_VERIFIED) || remote.containsValue(FetchStatus.SUCCESS_VERIFIED)) { report = FetchStatus.SUCCESS_VERIFIED; + } else if (own.containsValue(FetchStatus.SUCCESS_TRUSTED) || remote.containsValue(FetchStatus.SUCCESS_TRUSTED)) { + report = FetchStatus.SUCCESS_TRUSTED; } else if (own.containsValue(FetchStatus.ERROR) || remote.containsValue(FetchStatus.ERROR)) { report = FetchStatus.ERROR; } @@ -832,8 +844,15 @@ public class AxolotlService implements OnAdvancedStreamFeaturesLoaded { verifySessionWithPEP(session); } else { FingerprintStatus status = getFingerprintTrust(bundle.getIdentityKey().getFingerprint().replaceAll("\\s", "")); - boolean verified = status != null && status.isVerified(); - fetchStatusMap.put(address, verified ? FetchStatus.SUCCESS_VERIFIED : FetchStatus.SUCCESS); + FetchStatus fetchStatus; + if (status != null && status.isVerified()) { + fetchStatus = FetchStatus.SUCCESS_VERIFIED; + } else if (status != null && status.isTrusted()) { + fetchStatus = FetchStatus.SUCCESS_TRUSTED; + } else { + fetchStatus = FetchStatus.SUCCESS; + } + fetchStatusMap.put(address, fetchStatus); finishBuildingSessionsFromPEP(address); } } catch (UntrustedIdentityException | InvalidKeyException e) { diff --git a/src/main/java/de/pixart/messenger/crypto/axolotl/FingerprintStatus.java b/src/main/java/de/pixart/messenger/crypto/axolotl/FingerprintStatus.java index 0614b759f..c38847be5 100644 --- a/src/main/java/de/pixart/messenger/crypto/axolotl/FingerprintStatus.java +++ b/src/main/java/de/pixart/messenger/crypto/axolotl/FingerprintStatus.java @@ -63,6 +63,14 @@ public class FingerprintStatus implements Comparable<FingerprintStatus> { return status; } + public static FingerprintStatus createActiveTrusted() { + final FingerprintStatus status = new FingerprintStatus(); + status.trust = Trust.TRUSTED; + status.active = true; + status.lastActivation = System.currentTimeMillis(); + return status; + } + public static FingerprintStatus createActiveVerified(boolean x509) { final FingerprintStatus status = new FingerprintStatus(); status.trust = x509 ? Trust.VERIFIED_X509 : Trust.VERIFIED; diff --git a/src/main/java/de/pixart/messenger/crypto/axolotl/SQLiteAxolotlStore.java b/src/main/java/de/pixart/messenger/crypto/axolotl/SQLiteAxolotlStore.java index 0d246795d..ed944b45a 100644 --- a/src/main/java/de/pixart/messenger/crypto/axolotl/SQLiteAxolotlStore.java +++ b/src/main/java/de/pixart/messenger/crypto/axolotl/SQLiteAxolotlStore.java @@ -191,7 +191,12 @@ public class SQLiteAxolotlStore implements AxolotlStore { String fingerprint = identityKey.getFingerprint().replaceAll("\\s", ""); FingerprintStatus status = getFingerprintStatus(fingerprint); if (status == null) { - status = FingerprintStatus.createActiveUndecided(); //default for new keys + if (mXmppConnectionService.blindTrustBeforeVerification() && !account.getAxolotlService().hasVerifiedKeys(name)) { + Log.d(Config.LOGTAG,account.getJid().toBareJid()+": blindly trusted "+fingerprint+" of "+name); + status = FingerprintStatus.createActiveTrusted(); + } else { + status = FingerprintStatus.createActiveUndecided(); + } } else { status = status.toActive(); } diff --git a/src/main/java/de/pixart/messenger/services/XmppConnectionService.java b/src/main/java/de/pixart/messenger/services/XmppConnectionService.java index f2eacda56..bb028b354 100644 --- a/src/main/java/de/pixart/messenger/services/XmppConnectionService.java +++ b/src/main/java/de/pixart/messenger/services/XmppConnectionService.java @@ -3820,6 +3820,10 @@ public class XmppConnectionService extends Service { return verifiedSomething; } + public boolean blindTrustBeforeVerification() { + return getPreferences().getBoolean(SettingsActivity.BLIND_TRUST_BEFORE_VERIFICATION, true); + } + public interface OnMamPreferencesFetched { void onPreferencesFetched(Element prefs); diff --git a/src/main/java/de/pixart/messenger/ui/SettingsActivity.java b/src/main/java/de/pixart/messenger/ui/SettingsActivity.java index 9c712a553..7c3131a0f 100644 --- a/src/main/java/de/pixart/messenger/ui/SettingsActivity.java +++ b/src/main/java/de/pixart/messenger/ui/SettingsActivity.java @@ -39,6 +39,7 @@ public class SettingsActivity extends XmppActivity implements public static final String AWAY_WHEN_SCREEN_IS_OFF = "away_when_screen_off"; public static final String TREAT_VIBRATE_AS_SILENT = "treat_vibrate_as_silent"; public static final String MANUALLY_CHANGE_PRESENCE = "manually_change_presence"; + public static final String BLIND_TRUST_BEFORE_VERIFICATION = "btbv"; public static final int REQUEST_WRITE_LOGS = 0xbf8701; private SettingsFragment mSettingsFragment; diff --git a/src/main/java/de/pixart/messenger/ui/TrustKeysActivity.java b/src/main/java/de/pixart/messenger/ui/TrustKeysActivity.java index a354f5a88..3564f7fc1 100644 --- a/src/main/java/de/pixart/messenger/ui/TrustKeysActivity.java +++ b/src/main/java/de/pixart/messenger/ui/TrustKeysActivity.java @@ -75,6 +75,7 @@ public class TrustKeysActivity extends OmemoActivity implements OnKeyStatusUpdat }; private XmppUri mPendingFingerprintVerificationUri = null; + private Toast mUseCameraHintToast = null; @Override protected void refreshUiReal() { @@ -116,10 +117,10 @@ public class TrustKeysActivity extends OmemoActivity implements OnKeyStatusUpdat @Override public boolean onCreateOptionsMenu(Menu menu) { getMenuInflater().inflate(R.menu.trust_keys, menu); - Toast toast = Toast.makeText(this,R.string.use_camera_icon_to_scan_barcode,Toast.LENGTH_LONG); + mUseCameraHintToast = Toast.makeText(this,R.string.use_camera_icon_to_scan_barcode,Toast.LENGTH_LONG); ActionBar actionBar = getActionBar(); - toast.setGravity(Gravity.TOP | Gravity.END, 0 ,actionBar == null ? 0 : actionBar.getHeight()); - toast.show(); + mUseCameraHintToast.setGravity(Gravity.TOP | Gravity.END, 0 ,actionBar == null ? 0 : actionBar.getHeight()); + mUseCameraHintToast.show(); return super.onCreateOptionsMenu(menu); } @@ -309,15 +310,22 @@ public class TrustKeysActivity extends OmemoActivity implements OnKeyStatusUpdat @Override public void onKeyStatusUpdated(final AxolotlService.FetchStatus report) { + final boolean keysToTrust = reloadFingerprints(); if (report != null) { lastFetchReport = report; runOnUiThread(new Runnable() { @Override public void run() { + if (mUseCameraHintToast != null && !keysToTrust) { + mUseCameraHintToast.cancel(); + } switch (report) { case ERROR: Toast.makeText(TrustKeysActivity.this, R.string.error_fetching_omemo_key, Toast.LENGTH_SHORT).show(); break; + case SUCCESS_TRUSTED: + Toast.makeText(TrustKeysActivity.this,R.string.blindly_trusted_omemo_keys,Toast.LENGTH_LONG).show(); + break; case SUCCESS_VERIFIED: Toast.makeText(TrustKeysActivity.this, Config.X509_VERIFICATION ? R.string.verified_omemo_key_with_certificate : R.string.all_omemo_keys_have_been_verified, @@ -328,7 +336,6 @@ public class TrustKeysActivity extends OmemoActivity implements OnKeyStatusUpdat }); } - boolean keysToTrust = reloadFingerprints(); if (keysToTrust || hasPendingKeyFetches() || hasNoOtherTrustedKeys()) { refreshUi(); } else { diff --git a/src/main/res/values/strings.xml b/src/main/res/values/strings.xml index 1dbb0454c..efd8bcc26 100644 --- a/src/main/res/values/strings.xml +++ b/src/main/res/values/strings.xml @@ -718,4 +718,7 @@ <string name="share_as_barcode">Share as Barcode</string> <string name="share_as_uri">Share as XMPP URI</string> <string name="share_as_http">Share as HTTP link</string> + <string name="blindly_trusted_omemo_keys">Blindly trusted OMEMO keys</string> + <string name="pref_blind_trust_before_verification">Blind Trust Before Verification</string> + <string name="pref_blind_trust_before_verification_summary">Automatically trust all new devices from contacts that haven’t been verified before.</string> </resources> diff --git a/src/main/res/xml/preferences.xml b/src/main/res/xml/preferences.xml index 3159fd61e..959201f5c 100644 --- a/src/main/res/xml/preferences.xml +++ b/src/main/res/xml/preferences.xml @@ -228,6 +228,11 @@ </PreferenceCategory> <PreferenceCategory android:title="@string/pref_security_settings"> <CheckBoxPreference + android:defaultValue="true" + android:key="btbv" + android:title="@string/pref_blind_trust_before_verification" + android:summary="@string/pref_blind_trust_before_verification_summary"/> + <CheckBoxPreference android:defaultValue="false" android:key="dont_save_encrypted" android:summary="@string/pref_dont_save_encrypted_summary" |