From 839ef8e14b576e546a13942d72139248873f7fac Mon Sep 17 00:00:00 2001 From: Daniel Gultsch Date: Wed, 23 Nov 2016 10:42:27 +0100 Subject: introduced blind trust before verification mode read more about the concept on https://gultsch.de/trust.html --- .../crypto/axolotl/AxolotlService.java | 23 ++++++++++++++++++++-- .../crypto/axolotl/FingerprintStatus.java | 8 ++++++++ .../crypto/axolotl/SQLiteAxolotlStore.java | 10 +++++++++- .../services/XmppConnectionService.java | 4 ++++ .../siacs/conversations/ui/SettingsActivity.java | 1 + .../siacs/conversations/ui/TrustKeysActivity.java | 15 ++++++++++---- src/main/res/values/strings.xml | 3 +++ src/main/res/xml/preferences.xml | 5 +++++ 8 files changed, 62 insertions(+), 7 deletions(-) (limited to 'src') diff --git a/src/main/java/eu/siacs/conversations/crypto/axolotl/AxolotlService.java b/src/main/java/eu/siacs/conversations/crypto/axolotl/AxolotlService.java index 377d26b9..45f0529f 100644 --- a/src/main/java/eu/siacs/conversations/crypto/axolotl/AxolotlService.java +++ b/src/main/java/eu/siacs/conversations/crypto/axolotl/AxolotlService.java @@ -112,6 +112,15 @@ public class AxolotlService implements OnAdvancedStreamFeaturesLoaded { axolotlStore.preVerifyFingerprint(account, account.getJid().toBareJid().toPreppedString(), fingerprint); } + public boolean hasVerifiedKeys(String name) { + for(XmppAxolotlSession session : this.sessions.getAll(new AxolotlAddress(name,0)).values()) { + if (session.getTrust().isVerified()) { + return true; + } + } + return false; + } + private static class AxolotlAddressMap { protected Map> map; protected final Object MAP_LOCK = new Object(); @@ -226,6 +235,7 @@ public class AxolotlService implements OnAdvancedStreamFeaturesLoaded { SUCCESS, SUCCESS_VERIFIED, TIMEOUT, + SUCCESS_TRUSTED, ERROR } @@ -779,6 +789,8 @@ public class AxolotlService implements OnAdvancedStreamFeaturesLoaded { report = FetchStatus.SUCCESS; } else if (own.containsValue(FetchStatus.SUCCESS_VERIFIED) || remote.containsValue(FetchStatus.SUCCESS_VERIFIED)) { report = FetchStatus.SUCCESS_VERIFIED; + } else if (own.containsValue(FetchStatus.SUCCESS_TRUSTED) || remote.containsValue(FetchStatus.SUCCESS_TRUSTED)) { + report = FetchStatus.SUCCESS_TRUSTED; } else if (own.containsValue(FetchStatus.ERROR) || remote.containsValue(FetchStatus.ERROR)) { report = FetchStatus.ERROR; } @@ -836,8 +848,15 @@ public class AxolotlService implements OnAdvancedStreamFeaturesLoaded { verifySessionWithPEP(session); } else { FingerprintStatus status = getFingerprintTrust(bundle.getIdentityKey().getFingerprint().replaceAll("\\s","")); - boolean verified = status != null && status.isVerified(); - fetchStatusMap.put(address, verified ? FetchStatus.SUCCESS_VERIFIED : FetchStatus.SUCCESS); + FetchStatus fetchStatus; + if (status != null && status.isVerified()) { + fetchStatus = FetchStatus.SUCCESS_VERIFIED; + } else if (status != null && status.isTrusted()) { + fetchStatus = FetchStatus.SUCCESS_TRUSTED; + } else { + fetchStatus = FetchStatus.SUCCESS; + } + fetchStatusMap.put(address, fetchStatus); finishBuildingSessionsFromPEP(address); } } catch (UntrustedIdentityException | InvalidKeyException e) { diff --git a/src/main/java/eu/siacs/conversations/crypto/axolotl/FingerprintStatus.java b/src/main/java/eu/siacs/conversations/crypto/axolotl/FingerprintStatus.java index cfd3b214..31b2264b 100644 --- a/src/main/java/eu/siacs/conversations/crypto/axolotl/FingerprintStatus.java +++ b/src/main/java/eu/siacs/conversations/crypto/axolotl/FingerprintStatus.java @@ -63,6 +63,14 @@ public class FingerprintStatus implements Comparable { return status; } + public static FingerprintStatus createActiveTrusted() { + final FingerprintStatus status = new FingerprintStatus(); + status.trust = Trust.TRUSTED; + status.active = true; + status.lastActivation = System.currentTimeMillis(); + return status; + } + public static FingerprintStatus createActiveVerified(boolean x509) { final FingerprintStatus status = new FingerprintStatus(); status.trust = x509 ? Trust.VERIFIED_X509 : Trust.VERIFIED; diff --git a/src/main/java/eu/siacs/conversations/crypto/axolotl/SQLiteAxolotlStore.java b/src/main/java/eu/siacs/conversations/crypto/axolotl/SQLiteAxolotlStore.java index cd605248..13858b74 100644 --- a/src/main/java/eu/siacs/conversations/crypto/axolotl/SQLiteAxolotlStore.java +++ b/src/main/java/eu/siacs/conversations/crypto/axolotl/SQLiteAxolotlStore.java @@ -21,7 +21,10 @@ import java.util.Set; import eu.siacs.conversations.Config; import eu.siacs.conversations.entities.Account; +import eu.siacs.conversations.entities.Contact; import eu.siacs.conversations.services.XmppConnectionService; +import eu.siacs.conversations.xmpp.jid.InvalidJidException; +import eu.siacs.conversations.xmpp.jid.Jid; public class SQLiteAxolotlStore implements AxolotlStore { @@ -191,7 +194,12 @@ public class SQLiteAxolotlStore implements AxolotlStore { String fingerprint = identityKey.getFingerprint().replaceAll("\\s", ""); FingerprintStatus status = getFingerprintStatus(fingerprint); if (status == null) { - status = FingerprintStatus.createActiveUndecided(); //default for new keys + if (mXmppConnectionService.blindTrustBeforeVerification() && !account.getAxolotlService().hasVerifiedKeys(name)) { + Log.d(Config.LOGTAG,account.getJid().toBareJid()+": blindly trusted "+fingerprint+" of "+name); + status = FingerprintStatus.createActiveTrusted(); + } else { + status = FingerprintStatus.createActiveUndecided(); + } } else { status = status.toActive(); } diff --git a/src/main/java/eu/siacs/conversations/services/XmppConnectionService.java b/src/main/java/eu/siacs/conversations/services/XmppConnectionService.java index c69dd2db..eba09184 100644 --- a/src/main/java/eu/siacs/conversations/services/XmppConnectionService.java +++ b/src/main/java/eu/siacs/conversations/services/XmppConnectionService.java @@ -3666,6 +3666,10 @@ public class XmppConnectionService extends Service { return verifiedSomething; } + public boolean blindTrustBeforeVerification() { + return getPreferences().getBoolean(SettingsActivity.BLIND_TRUST_BEFORE_VERIFICATION, true); + } + public interface OnMamPreferencesFetched { void onPreferencesFetched(Element prefs); void onPreferencesFetchFailed(); diff --git a/src/main/java/eu/siacs/conversations/ui/SettingsActivity.java b/src/main/java/eu/siacs/conversations/ui/SettingsActivity.java index e3e05d7d..9c8beb09 100644 --- a/src/main/java/eu/siacs/conversations/ui/SettingsActivity.java +++ b/src/main/java/eu/siacs/conversations/ui/SettingsActivity.java @@ -39,6 +39,7 @@ public class SettingsActivity extends XmppActivity implements public static final String AWAY_WHEN_SCREEN_IS_OFF = "away_when_screen_off"; public static final String TREAT_VIBRATE_AS_SILENT = "treat_vibrate_as_silent"; public static final String MANUALLY_CHANGE_PRESENCE = "manually_change_presence"; + public static final String BLIND_TRUST_BEFORE_VERIFICATION = "btbv"; public static final int REQUEST_WRITE_LOGS = 0xbf8701; private SettingsFragment mSettingsFragment; diff --git a/src/main/java/eu/siacs/conversations/ui/TrustKeysActivity.java b/src/main/java/eu/siacs/conversations/ui/TrustKeysActivity.java index 9af0d075..55112702 100644 --- a/src/main/java/eu/siacs/conversations/ui/TrustKeysActivity.java +++ b/src/main/java/eu/siacs/conversations/ui/TrustKeysActivity.java @@ -73,6 +73,7 @@ public class TrustKeysActivity extends OmemoActivity implements OnKeyStatusUpdat } }; private XmppUri mPendingFingerprintVerificationUri = null; + private Toast mUseCameraHintToast = null; @Override protected void refreshUiReal() { @@ -114,10 +115,10 @@ public class TrustKeysActivity extends OmemoActivity implements OnKeyStatusUpdat @Override public boolean onCreateOptionsMenu(Menu menu) { getMenuInflater().inflate(R.menu.trust_keys, menu); - Toast toast = Toast.makeText(this,R.string.use_camera_icon_to_scan_barcode,Toast.LENGTH_LONG); + mUseCameraHintToast = Toast.makeText(this,R.string.use_camera_icon_to_scan_barcode,Toast.LENGTH_LONG); ActionBar actionBar = getActionBar(); - toast.setGravity(Gravity.TOP | Gravity.END, 0 ,actionBar == null ? 0 : actionBar.getHeight()); - toast.show(); + mUseCameraHintToast.setGravity(Gravity.TOP | Gravity.END, 0 ,actionBar == null ? 0 : actionBar.getHeight()); + mUseCameraHintToast.show(); return super.onCreateOptionsMenu(menu); } @@ -307,15 +308,22 @@ public class TrustKeysActivity extends OmemoActivity implements OnKeyStatusUpdat @Override public void onKeyStatusUpdated(final AxolotlService.FetchStatus report) { + final boolean keysToTrust = reloadFingerprints(); if (report != null) { lastFetchReport = report; runOnUiThread(new Runnable() { @Override public void run() { + if (mUseCameraHintToast != null && !keysToTrust) { + mUseCameraHintToast.cancel(); + } switch (report) { case ERROR: Toast.makeText(TrustKeysActivity.this,R.string.error_fetching_omemo_key,Toast.LENGTH_SHORT).show(); break; + case SUCCESS_TRUSTED: + Toast.makeText(TrustKeysActivity.this,R.string.blindly_trusted_omemo_keys,Toast.LENGTH_LONG).show(); + break; case SUCCESS_VERIFIED: Toast.makeText(TrustKeysActivity.this, Config.X509_VERIFICATION ? R.string.verified_omemo_key_with_certificate : R.string.all_omemo_keys_have_been_verified, @@ -326,7 +334,6 @@ public class TrustKeysActivity extends OmemoActivity implements OnKeyStatusUpdat }); } - boolean keysToTrust = reloadFingerprints(); if (keysToTrust || hasPendingKeyFetches() || hasNoOtherTrustedKeys()) { refreshUi(); } else { diff --git a/src/main/res/values/strings.xml b/src/main/res/values/strings.xml index b67aa23f..a62a4210 100644 --- a/src/main/res/values/strings.xml +++ b/src/main/res/values/strings.xml @@ -710,4 +710,7 @@ Share as Barcode Share as XMPP URI Share as HTTP link + Blind Trust Before Verification + Automatically trust all new devices from contacts that haven’t been verified before. + Blindly trusted OMEMO keys diff --git a/src/main/res/xml/preferences.xml b/src/main/res/xml/preferences.xml index cee43491..f6c3a54b 100644 --- a/src/main/res/xml/preferences.xml +++ b/src/main/res/xml/preferences.xml @@ -164,6 +164,11 @@ android:summary="@string/pref_expert_options_summary" android:title="@string/pref_expert_options"> +