[omemo] Save trust of message to database

7783864f · Philipp Hörist · 19e3ab9b · 7783864f · 7783864f · 7783864f
Commit 7783864f authored Mar 20, 2019 by Philipp Hörist
6 changed files
--- a/omemo/backend/liteaxolotlstore.py
+++ b/omemo/backend/liteaxolotlstore.py
@@ -532,7 +532,7 @@ class LiteAxolotlStore(AxolotlStore):
    def getTrustedFingerprints(self, jid):
        query = '''SELECT public_key as "public_key [pk]" FROM identities
                   WHERE recipient_id = ? AND trust = ?'''
-        result = self._con.execute(query, (jid, Trust.TRUSTED)).fetchall()
+        result = self._con.execute(query, (jid, Trust.VERIFIED)).fetchall()
        return [row.public_key for row in result]

    def getNewFingerprints(self, jid):
@@ -560,7 +560,7 @@ class LiteAxolotlStore(AxolotlStore):
            return False
        identity_key = record.getSessionState().getRemoteIdentityKey()
        return self.getTrustForIdentity(
-            recipient_id, identity_key) == Trust.TRUSTED
+            recipient_id, identity_key) == Trust.VERIFIED

    def isUntrustedIdentity(self, recipient_id, identity_key):
        return self.getTrustForIdentity(

--- a/omemo/backend/state.py
+++ b/omemo/backend/state.py
@@ -40,6 +40,7 @@ from omemo.backend.devices import DeviceManager
 from omemo.backend.devices import NoDevicesFound
 from omemo.backend.liteaxolotlstore import LiteAxolotlStore
 from omemo.backend.util import get_fingerprint
+from omemo.backend.util import Trust
 from omemo.backend.util import DEFAULT_PREKEY_AMOUNT
 from omemo.backend.util import MIN_PREKEY_AMOUNT
 from omemo.backend.util import SPK_CYCLE_TIME
@@ -129,16 +130,12 @@ class OmemoState(DeviceManager):

        try:
            if prekey:
-                key, fingerprint = self._process_pre_key_message(
+                key, fingerprint, trust = self._process_pre_key_message(
                    jid, omemo_message.sid, encrypted_key)
            else:
-                key, fingerprint = self._process_message(
+                key, fingerprint, trust = self._process_message(
                    jid, omemo_message.sid, encrypted_key)

-        except SenderNotTrusted:
-            self._log.info('Sender not trusted, ignore message')
-            raise
-
        except DuplicateMessageException:
            self._log.info('Received duplicated message')
            raise DuplicateMessage
@@ -153,7 +150,7 @@ class OmemoState(DeviceManager):

        result = aes_decrypt(key, omemo_message.iv, omemo_message.payload)
        self._log.debug("Decrypted Message => %s", result)
-        return result, fingerprint
+        return result, fingerprint, trust

    def _get_whisper_message(self, jid, device, key):
        cipher = self._get_session_cipher(jid, device)
@@ -253,8 +250,8 @@ class OmemoState(DeviceManager):
                            'without PreKey => %s' % jid)

        identity_key = pre_key_message.getIdentityKey()
-        if self._storage.isUntrustedIdentity(jid, identity_key):
-            raise SenderNotTrusted
+        trust = self._storage.getTrustForIdentity(jid, identity_key)
+        trust = Trust(trust) if trust is not None else Trust.UNDECIDED

        session_cipher = self._get_session_cipher(jid, device)

@@ -266,7 +263,7 @@ class OmemoState(DeviceManager):

        self.xmpp_con.set_bundle()
        self.add_device(jid, device)
-        return key, fingerprint
+        return key, fingerprint, trust

    def _process_message(self, jid, device, key):
        message = WhisperMessage(serialized=key)
@@ -278,15 +275,15 @@ class OmemoState(DeviceManager):
        session_record = self._storage.loadSession(jid, device)
        identity_key = session_record.getSessionState().getRemoteIdentityKey()

-        if self._storage.isUntrustedIdentity(jid, identity_key):
-            raise SenderNotTrusted
+        trust = self._storage.getTrustForIdentity(jid, identity_key)
+        trust = Trust(trust) if trust is not None else Trust.UNDECIDED

        fingerprint = get_fingerprint(identity_key)
        self._storage.setIdentityLastSeen(jid, identity_key)

        self.add_device(jid, device)

-        return key, fingerprint
+        return key, fingerprint, trust

    def _check_pre_key_count(self):
        # Check if enough PreKeys are available
@@ -350,7 +347,3 @@ class InvalidMessage(Exception):

 class DuplicateMessage(Exception):
    pass
-
-
-class SenderNotTrusted(Exception):
-    pass
--- a/omemo/backend/util.py
+++ b/omemo/backend/util.py
@@ -30,7 +30,7 @@ UNACKNOWLEDGED_COUNT = 300

 class Trust(IntEnum):
    UNTRUSTED = 0
-    TRUSTED = 1
+    VERIFIED = 1
    UNDECIDED = 2



--- a/omemo/gtk/key.py
+++ b/omemo/gtk/key.py
@@ -19,20 +19,19 @@ import time
 import locale
 import logging
 import tempfile
+from distutils.version import LooseVersion as V

+from pkg_resources import get_distribution
 from gi.repository import Gtk
 from gi.repository import GdkPixbuf

-from pkg_resources import get_distribution
-from distutils.version import LooseVersion as V
-
 from gajim.common import app
 from gajim.plugins.plugins_i18n import _
 from gajim.plugins.helpers import get_builder

 from omemo.gtk.util import DialogButton, ButtonAction
 from omemo.gtk.util import NewConfirmationDialog
-from omemo.gtk.util import Trust
+from omemo.backend.util import Trust
 from omemo.backend.util import IdentityKeyExtended
 from omemo.backend.util import get_fingerprint

@@ -40,15 +39,15 @@ log = logging.getLogger('gajim.p.omemo')


 TRUST_DATA = {
-    Trust.NOT_TRUSTED: ('dialog-error-symbolic',
-                        _('Not Trusted'),
-                        'error-color'),
-    Trust.UNKNOWN: ('security-low-symbolic',
-                    _('Not Decided'),
-                    'warning-color'),
+    Trust.UNTRUSTED: ('dialog-error-symbolic',
+                      _('Untrusted'),
+                      'error-color'),
+    Trust.UNDECIDED: ('security-low-symbolic',
+                      _('Not Decided'),
+                      'warning-color'),
    Trust.VERIFIED: ('security-high-symbolic',
-                     _('Trusted'),
-                     'success-color')
+                     _('Verified'),
+                     'encrypted-color')
 }


@@ -358,7 +357,7 @@ class TrustPopver(Gtk.Popover):
        self._listbox.set_selection_mode(Gtk.SelectionMode.NONE)
        if row.trust != Trust.VERIFIED:
            self._listbox.add(VerifiedOption())
-        if row.trust != Trust.NOT_TRUSTED:
+        if row.trust != Trust.UNTRUSTED:
            self._listbox.add(NotTrustedOption())
        self._listbox.add(DeleteOption())
        self.add(self._listbox)
@@ -380,7 +379,7 @@ class TrustPopver(Gtk.Popover):
        self._listbox.foreach(self._listbox.remove)
        if self._row.trust != Trust.VERIFIED:
            self._listbox.add(VerifiedOption())
-        if self._row.trust != Trust.NOT_TRUSTED:
+        if self._row.trust != Trust.UNTRUSTED:
            self._listbox.add(NotTrustedOption())
        self._listbox.add(DeleteOption())

@@ -406,8 +405,8 @@ class VerifiedOption(MenuOption):

    type_ = Trust.VERIFIED
    icon = 'security-high-symbolic'
-    label = _('Trusted')
-    color = 'success-color'
+    label = _('Verified')
+    color = 'encrypted-color'

    def __init__(self):
        MenuOption.__init__(self)
@@ -415,9 +414,9 @@ class VerifiedOption(MenuOption):

 class NotTrustedOption(MenuOption):

-    type_ = Trust.NOT_TRUSTED
+    type_ = Trust.UNTRUSTED
    icon = 'dialog-error-symbolic'
-    label = _('Not Trusted')
+    label = _('Untrusted')
    color = 'error-color'

    def __init__(self):

--- a/omemo/gtk/util.py
+++ b/omemo/gtk/util.py
@@ -30,12 +30,6 @@ class ButtonAction(Enum):
    SUGGESTED = 'suggested-action'


-class Trust(IntEnum):
-    NOT_TRUSTED = 0
-    VERIFIED = 1
-    UNKNOWN = 2
-
-
 class NewConfirmationDialog(Gtk.MessageDialog):
    def __init__(self, text, sec_text, buttons, transient_for=None):
        Gtk.MessageDialog.__init__(self,

--- a/omemo/modules/omemo.py
+++ b/omemo/modules/omemo.py
@@ -35,6 +35,7 @@ from gajim.common import helpers
 from gajim.common import configpaths
 from gajim.common.nec import NetworkEvent
 from gajim.common.const import EncryptionData
+from gajim.common.const import Trust as GajimTrust
 from gajim.common.modules.base import BaseModule
 from gajim.common.modules.util import event_node

@@ -46,7 +47,6 @@ from omemo.backend.state import SelfMessage
 from omemo.backend.state import MessageNotForDevice
 from omemo.backend.state import DecryptionFailed
 from omemo.backend.state import DuplicateMessage
-from omemo.backend.state import SenderNotTrusted
 from omemo.modules.util import prepare_stanza


@@ -218,9 +218,9 @@ class OMEMO(BaseModule):
        self._log.info('Message received from: %s', from_jid)

        try:
-            plaintext, fingerprint = self.backend.decrypt_message(
+            plaintext, fingerprint, trust = self.backend.decrypt_message(
                properties.omemo, from_jid)
-        except (KeyExchangeMessage, DuplicateMessage, SenderNotTrusted):
+        except (KeyExchangeMessage, DuplicateMessage):
            raise NodeProcessed

        except SelfMessage:
@@ -241,7 +241,8 @@ class OMEMO(BaseModule):
        prepare_stanza(stanza, plaintext)
        self._debug_print_stanza(stanza)
        properties.encrypted = EncryptionData({'name': ENCRYPTION_NAME,
-                                               'fingerprint': fingerprint})
+                                               'fingerprint': fingerprint,
+                                               'trust': GajimTrust[trust.name]})

    def _process_muc_message(self, properties):
        room_jid = properties.jid.getBare()