diff options
Diffstat (limited to 'src/main/java/eu/siacs/conversations/crypto')
-rw-r--r-- | src/main/java/eu/siacs/conversations/crypto/axolotl/AxolotlService.java | 22 | ||||
-rw-r--r-- | src/main/java/eu/siacs/conversations/crypto/axolotl/XmppAxolotlSession.java | 28 |
2 files changed, 45 insertions, 5 deletions
diff --git a/src/main/java/eu/siacs/conversations/crypto/axolotl/AxolotlService.java b/src/main/java/eu/siacs/conversations/crypto/axolotl/AxolotlService.java index 4a895bb81..2aaadab71 100644 --- a/src/main/java/eu/siacs/conversations/crypto/axolotl/AxolotlService.java +++ b/src/main/java/eu/siacs/conversations/crypto/axolotl/AxolotlService.java @@ -311,6 +311,8 @@ public class AxolotlService implements OnAdvancedStreamFeaturesLoaded { expiredDevices.removeAll(deviceIds); setTrustOnSessions(jid, expiredDevices, XmppAxolotlSession.Trust.TRUSTED, XmppAxolotlSession.Trust.INACTIVE_TRUSTED); + setTrustOnSessions(jid, expiredDevices, XmppAxolotlSession.Trust.TRUSTED_X509, + XmppAxolotlSession.Trust.INACTIVE_TRUSTED_X509); setTrustOnSessions(jid, expiredDevices, XmppAxolotlSession.Trust.UNDECIDED, XmppAxolotlSession.Trust.INACTIVE_UNDECIDED); setTrustOnSessions(jid, expiredDevices, XmppAxolotlSession.Trust.UNTRUSTED, @@ -318,6 +320,8 @@ public class AxolotlService implements OnAdvancedStreamFeaturesLoaded { Set<Integer> newDevices = new HashSet<>(deviceIds); setTrustOnSessions(jid, newDevices, XmppAxolotlSession.Trust.INACTIVE_TRUSTED, XmppAxolotlSession.Trust.TRUSTED); + setTrustOnSessions(jid, newDevices, XmppAxolotlSession.Trust.INACTIVE_TRUSTED_X509, + XmppAxolotlSession.Trust.TRUSTED_X509); setTrustOnSessions(jid, newDevices, XmppAxolotlSession.Trust.INACTIVE_UNDECIDED, XmppAxolotlSession.Trust.UNDECIDED); setTrustOnSessions(jid, newDevices, XmppAxolotlSession.Trust.INACTIVE_UNTRUSTED, @@ -592,7 +596,7 @@ public class AxolotlService implements OnAdvancedStreamFeaturesLoaded { try { mXmppConnectionService.getMemorizingTrustManager().getNonInteractive().checkClientTrusted(verification.first, "RSA"); Log.d(Config.LOGTAG, "verified session with x.509 signature. fingerprint was: "+session.getFingerprint()); - setFingerprintTrust(session.getFingerprint(), XmppAxolotlSession.Trust.TRUSTED); + setFingerprintTrust(session.getFingerprint(), XmppAxolotlSession.Trust.TRUSTED_X509); fetchStatusMap.put(address, FetchStatus.SUCCESS_VERIFIED); finishBuildingSessionsFromPEP(address); return; @@ -774,6 +778,22 @@ public class AxolotlService implements OnAdvancedStreamFeaturesLoaded { return newSessions; } + public boolean trustedSessionVerified(final Conversation conversation) { + Set<XmppAxolotlSession> sessions = findSessionsforContact(conversation.getContact()); + sessions.addAll(findOwnSessions()); + boolean verified = false; + for(XmppAxolotlSession session : sessions) { + if (session.getTrust().trusted()) { + if (session.getTrust() == XmppAxolotlSession.Trust.TRUSTED_X509) { + verified = true; + } else { + return false; + } + } + } + return verified; + } + public boolean hasPendingKeyFetches(Account account, Contact contact) { AxolotlAddress ownAddress = new AxolotlAddress(account.getJid().toBareJid().toString(), 0); AxolotlAddress foreignAddress = new AxolotlAddress(contact.getJid().toBareJid().toString(), 0); diff --git a/src/main/java/eu/siacs/conversations/crypto/axolotl/XmppAxolotlSession.java b/src/main/java/eu/siacs/conversations/crypto/axolotl/XmppAxolotlSession.java index d582db40c..c452acfd4 100644 --- a/src/main/java/eu/siacs/conversations/crypto/axolotl/XmppAxolotlSession.java +++ b/src/main/java/eu/siacs/conversations/crypto/axolotl/XmppAxolotlSession.java @@ -40,7 +40,9 @@ public class XmppAxolotlSession { COMPROMISED(3), INACTIVE_TRUSTED(4), INACTIVE_UNDECIDED(5), - INACTIVE_UNTRUSTED(6); + INACTIVE_UNTRUSTED(6), + TRUSTED_X509(7), + INACTIVE_TRUSTED_X509(8); private static final Map<Integer, Trust> trustsByValue = new HashMap<>(); @@ -74,6 +76,10 @@ public class XmppAxolotlSession { return "Inactive (Undecided)" + getCode(); case INACTIVE_UNTRUSTED: return "Inactive (Untrusted)" + getCode(); + case TRUSTED_X509: + return "Trusted (X509) " + getCode(); + case INACTIVE_TRUSTED_X509: + return "Inactive (Trusted (X509)) " + getCode(); case UNTRUSTED: default: return "Untrusted " + getCode(); @@ -87,6 +93,14 @@ public class XmppAxolotlSession { public static Trust fromCode(int code) { return trustsByValue.get(code); } + + public boolean trusted() { + return this == TRUSTED_X509 || this == TRUSTED; + } + + public boolean trustedInactive() { + return this == INACTIVE_TRUSTED_X509 || this == INACTIVE_TRUSTED; + } } public XmppAxolotlSession(Account account, SQLiteAxolotlStore store, AxolotlAddress remoteAddress, String fingerprint) { @@ -144,6 +158,8 @@ public class XmppAxolotlSession { case UNDECIDED: case UNTRUSTED: case TRUSTED: + case INACTIVE_TRUSTED_X509: + case TRUSTED_X509: try { try { PreKeyWhisperMessage message = new PreKeyWhisperMessage(encryptedKey); @@ -169,8 +185,12 @@ public class XmppAxolotlSession { Log.w(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Error decrypting axolotl header, " + e.getClass().getName() + ": " + e.getMessage()); } - if (plaintext != null && trust == Trust.INACTIVE_TRUSTED) { - setTrust(Trust.TRUSTED); + if (plaintext != null) { + if (trust == Trust.INACTIVE_TRUSTED) { + setTrust(Trust.TRUSTED); + } else if (trust == Trust.INACTIVE_TRUSTED_X509) { + setTrust(Trust.TRUSTED_X509); + } } break; @@ -186,7 +206,7 @@ public class XmppAxolotlSession { @Nullable public byte[] processSending(@NonNull byte[] outgoingMessage) { Trust trust = getTrust(); - if (trust == Trust.TRUSTED) { + if (trust.trusted()) { CiphertextMessage ciphertextMessage = cipher.encrypt(outgoingMessage); return ciphertextMessage.serialize(); } else { |