aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChristian Schneppe <christian@pix-art.de>2016-11-24 21:42:35 +0100
committerChristian Schneppe <christian@pix-art.de>2016-11-24 21:42:35 +0100
commitfefae63f1dceef88c42a2c80ce7265419095316f (patch)
tree304098147b44995538ff9ca6cb7d46c6825254ed
parent02ff5375371d5178c6e0bb099d2a962488c1ef4a (diff)
introduced blind trust before verification mode
read more about the concept on https://gultsch.de/trust.html
-rw-r--r--src/main/java/de/pixart/messenger/crypto/axolotl/AxolotlService.java23
-rw-r--r--src/main/java/de/pixart/messenger/crypto/axolotl/FingerprintStatus.java8
-rw-r--r--src/main/java/de/pixart/messenger/crypto/axolotl/SQLiteAxolotlStore.java7
-rw-r--r--src/main/java/de/pixart/messenger/services/XmppConnectionService.java4
-rw-r--r--src/main/java/de/pixart/messenger/ui/SettingsActivity.java1
-rw-r--r--src/main/java/de/pixart/messenger/ui/TrustKeysActivity.java15
-rw-r--r--src/main/res/values/strings.xml3
-rw-r--r--src/main/res/xml/preferences.xml5
8 files changed, 59 insertions, 7 deletions
diff --git a/src/main/java/de/pixart/messenger/crypto/axolotl/AxolotlService.java b/src/main/java/de/pixart/messenger/crypto/axolotl/AxolotlService.java
index 8a38ce20d..7ecdcb355 100644
--- a/src/main/java/de/pixart/messenger/crypto/axolotl/AxolotlService.java
+++ b/src/main/java/de/pixart/messenger/crypto/axolotl/AxolotlService.java
@@ -111,6 +111,15 @@ public class AxolotlService implements OnAdvancedStreamFeaturesLoaded {
axolotlStore.preVerifyFingerprint(account, account.getJid().toBareJid().toPreppedString(), fingerprint);
}
+ public boolean hasVerifiedKeys(String name) {
+ for(XmppAxolotlSession session : this.sessions.getAll(new AxolotlAddress(name,0)).values()) {
+ if (session.getTrust().isVerified()) {
+ return true;
+ }
+ }
+ return false;
+ }
+
private static class AxolotlAddressMap<T> {
protected Map<String, Map<Integer, T>> map;
protected final Object MAP_LOCK = new Object();
@@ -225,6 +234,7 @@ public class AxolotlService implements OnAdvancedStreamFeaturesLoaded {
SUCCESS,
SUCCESS_VERIFIED,
TIMEOUT,
+ SUCCESS_TRUSTED,
ERROR
}
@@ -775,6 +785,8 @@ public class AxolotlService implements OnAdvancedStreamFeaturesLoaded {
report = FetchStatus.SUCCESS;
} else if (own.containsValue(FetchStatus.SUCCESS_VERIFIED) || remote.containsValue(FetchStatus.SUCCESS_VERIFIED)) {
report = FetchStatus.SUCCESS_VERIFIED;
+ } else if (own.containsValue(FetchStatus.SUCCESS_TRUSTED) || remote.containsValue(FetchStatus.SUCCESS_TRUSTED)) {
+ report = FetchStatus.SUCCESS_TRUSTED;
} else if (own.containsValue(FetchStatus.ERROR) || remote.containsValue(FetchStatus.ERROR)) {
report = FetchStatus.ERROR;
}
@@ -832,8 +844,15 @@ public class AxolotlService implements OnAdvancedStreamFeaturesLoaded {
verifySessionWithPEP(session);
} else {
FingerprintStatus status = getFingerprintTrust(bundle.getIdentityKey().getFingerprint().replaceAll("\\s", ""));
- boolean verified = status != null && status.isVerified();
- fetchStatusMap.put(address, verified ? FetchStatus.SUCCESS_VERIFIED : FetchStatus.SUCCESS);
+ FetchStatus fetchStatus;
+ if (status != null && status.isVerified()) {
+ fetchStatus = FetchStatus.SUCCESS_VERIFIED;
+ } else if (status != null && status.isTrusted()) {
+ fetchStatus = FetchStatus.SUCCESS_TRUSTED;
+ } else {
+ fetchStatus = FetchStatus.SUCCESS;
+ }
+ fetchStatusMap.put(address, fetchStatus);
finishBuildingSessionsFromPEP(address);
}
} catch (UntrustedIdentityException | InvalidKeyException e) {
diff --git a/src/main/java/de/pixart/messenger/crypto/axolotl/FingerprintStatus.java b/src/main/java/de/pixart/messenger/crypto/axolotl/FingerprintStatus.java
index 0614b759f..c38847be5 100644
--- a/src/main/java/de/pixart/messenger/crypto/axolotl/FingerprintStatus.java
+++ b/src/main/java/de/pixart/messenger/crypto/axolotl/FingerprintStatus.java
@@ -63,6 +63,14 @@ public class FingerprintStatus implements Comparable<FingerprintStatus> {
return status;
}
+ public static FingerprintStatus createActiveTrusted() {
+ final FingerprintStatus status = new FingerprintStatus();
+ status.trust = Trust.TRUSTED;
+ status.active = true;
+ status.lastActivation = System.currentTimeMillis();
+ return status;
+ }
+
public static FingerprintStatus createActiveVerified(boolean x509) {
final FingerprintStatus status = new FingerprintStatus();
status.trust = x509 ? Trust.VERIFIED_X509 : Trust.VERIFIED;
diff --git a/src/main/java/de/pixart/messenger/crypto/axolotl/SQLiteAxolotlStore.java b/src/main/java/de/pixart/messenger/crypto/axolotl/SQLiteAxolotlStore.java
index 0d246795d..ed944b45a 100644
--- a/src/main/java/de/pixart/messenger/crypto/axolotl/SQLiteAxolotlStore.java
+++ b/src/main/java/de/pixart/messenger/crypto/axolotl/SQLiteAxolotlStore.java
@@ -191,7 +191,12 @@ public class SQLiteAxolotlStore implements AxolotlStore {
String fingerprint = identityKey.getFingerprint().replaceAll("\\s", "");
FingerprintStatus status = getFingerprintStatus(fingerprint);
if (status == null) {
- status = FingerprintStatus.createActiveUndecided(); //default for new keys
+ if (mXmppConnectionService.blindTrustBeforeVerification() && !account.getAxolotlService().hasVerifiedKeys(name)) {
+ Log.d(Config.LOGTAG,account.getJid().toBareJid()+": blindly trusted "+fingerprint+" of "+name);
+ status = FingerprintStatus.createActiveTrusted();
+ } else {
+ status = FingerprintStatus.createActiveUndecided();
+ }
} else {
status = status.toActive();
}
diff --git a/src/main/java/de/pixart/messenger/services/XmppConnectionService.java b/src/main/java/de/pixart/messenger/services/XmppConnectionService.java
index f2eacda56..bb028b354 100644
--- a/src/main/java/de/pixart/messenger/services/XmppConnectionService.java
+++ b/src/main/java/de/pixart/messenger/services/XmppConnectionService.java
@@ -3820,6 +3820,10 @@ public class XmppConnectionService extends Service {
return verifiedSomething;
}
+ public boolean blindTrustBeforeVerification() {
+ return getPreferences().getBoolean(SettingsActivity.BLIND_TRUST_BEFORE_VERIFICATION, true);
+ }
+
public interface OnMamPreferencesFetched {
void onPreferencesFetched(Element prefs);
diff --git a/src/main/java/de/pixart/messenger/ui/SettingsActivity.java b/src/main/java/de/pixart/messenger/ui/SettingsActivity.java
index 9c712a553..7c3131a0f 100644
--- a/src/main/java/de/pixart/messenger/ui/SettingsActivity.java
+++ b/src/main/java/de/pixart/messenger/ui/SettingsActivity.java
@@ -39,6 +39,7 @@ public class SettingsActivity extends XmppActivity implements
public static final String AWAY_WHEN_SCREEN_IS_OFF = "away_when_screen_off";
public static final String TREAT_VIBRATE_AS_SILENT = "treat_vibrate_as_silent";
public static final String MANUALLY_CHANGE_PRESENCE = "manually_change_presence";
+ public static final String BLIND_TRUST_BEFORE_VERIFICATION = "btbv";
public static final int REQUEST_WRITE_LOGS = 0xbf8701;
private SettingsFragment mSettingsFragment;
diff --git a/src/main/java/de/pixart/messenger/ui/TrustKeysActivity.java b/src/main/java/de/pixart/messenger/ui/TrustKeysActivity.java
index a354f5a88..3564f7fc1 100644
--- a/src/main/java/de/pixart/messenger/ui/TrustKeysActivity.java
+++ b/src/main/java/de/pixart/messenger/ui/TrustKeysActivity.java
@@ -75,6 +75,7 @@ public class TrustKeysActivity extends OmemoActivity implements OnKeyStatusUpdat
};
private XmppUri mPendingFingerprintVerificationUri = null;
+ private Toast mUseCameraHintToast = null;
@Override
protected void refreshUiReal() {
@@ -116,10 +117,10 @@ public class TrustKeysActivity extends OmemoActivity implements OnKeyStatusUpdat
@Override
public boolean onCreateOptionsMenu(Menu menu) {
getMenuInflater().inflate(R.menu.trust_keys, menu);
- Toast toast = Toast.makeText(this,R.string.use_camera_icon_to_scan_barcode,Toast.LENGTH_LONG);
+ mUseCameraHintToast = Toast.makeText(this,R.string.use_camera_icon_to_scan_barcode,Toast.LENGTH_LONG);
ActionBar actionBar = getActionBar();
- toast.setGravity(Gravity.TOP | Gravity.END, 0 ,actionBar == null ? 0 : actionBar.getHeight());
- toast.show();
+ mUseCameraHintToast.setGravity(Gravity.TOP | Gravity.END, 0 ,actionBar == null ? 0 : actionBar.getHeight());
+ mUseCameraHintToast.show();
return super.onCreateOptionsMenu(menu);
}
@@ -309,15 +310,22 @@ public class TrustKeysActivity extends OmemoActivity implements OnKeyStatusUpdat
@Override
public void onKeyStatusUpdated(final AxolotlService.FetchStatus report) {
+ final boolean keysToTrust = reloadFingerprints();
if (report != null) {
lastFetchReport = report;
runOnUiThread(new Runnable() {
@Override
public void run() {
+ if (mUseCameraHintToast != null && !keysToTrust) {
+ mUseCameraHintToast.cancel();
+ }
switch (report) {
case ERROR:
Toast.makeText(TrustKeysActivity.this, R.string.error_fetching_omemo_key, Toast.LENGTH_SHORT).show();
break;
+ case SUCCESS_TRUSTED:
+ Toast.makeText(TrustKeysActivity.this,R.string.blindly_trusted_omemo_keys,Toast.LENGTH_LONG).show();
+ break;
case SUCCESS_VERIFIED:
Toast.makeText(TrustKeysActivity.this,
Config.X509_VERIFICATION ? R.string.verified_omemo_key_with_certificate : R.string.all_omemo_keys_have_been_verified,
@@ -328,7 +336,6 @@ public class TrustKeysActivity extends OmemoActivity implements OnKeyStatusUpdat
});
}
- boolean keysToTrust = reloadFingerprints();
if (keysToTrust || hasPendingKeyFetches() || hasNoOtherTrustedKeys()) {
refreshUi();
} else {
diff --git a/src/main/res/values/strings.xml b/src/main/res/values/strings.xml
index 1dbb0454c..efd8bcc26 100644
--- a/src/main/res/values/strings.xml
+++ b/src/main/res/values/strings.xml
@@ -718,4 +718,7 @@
<string name="share_as_barcode">Share as Barcode</string>
<string name="share_as_uri">Share as XMPP URI</string>
<string name="share_as_http">Share as HTTP link</string>
+ <string name="blindly_trusted_omemo_keys">Blindly trusted OMEMO keys</string>
+ <string name="pref_blind_trust_before_verification">Blind Trust Before Verification</string>
+ <string name="pref_blind_trust_before_verification_summary">Automatically trust all new devices from contacts that haven’t been verified before.</string>
</resources>
diff --git a/src/main/res/xml/preferences.xml b/src/main/res/xml/preferences.xml
index 3159fd61e..959201f5c 100644
--- a/src/main/res/xml/preferences.xml
+++ b/src/main/res/xml/preferences.xml
@@ -228,6 +228,11 @@
</PreferenceCategory>
<PreferenceCategory android:title="@string/pref_security_settings">
<CheckBoxPreference
+ android:defaultValue="true"
+ android:key="btbv"
+ android:title="@string/pref_blind_trust_before_verification"
+ android:summary="@string/pref_blind_trust_before_verification_summary"/>
+ <CheckBoxPreference
android:defaultValue="false"
android:key="dont_save_encrypted"
android:summary="@string/pref_dont_save_encrypted_summary"