Commit 77452756 authored by Philipp Hörist's avatar Philipp Hörist

[omemo] Add Blind Trust Before Verification

Fixes #310
parent 50db85fa
......@@ -30,6 +30,8 @@ from axolotl.identitykeypair import IdentityKeyPair
from axolotl.util.medium import Medium
from axolotl.util.keyhelper import KeyHelper
from gajim.common import app
from omemo.backend.util import Trust
from omemo.backend.util import IdentityKeyExtended
from omemo.backend.util import DEFAULT_PREKEY_AMOUNT
......@@ -75,6 +77,12 @@ class LiteAxolotlStore(AxolotlStore):
self._log.info("Generating OMEMO keys")
self._generate_axolotl_keys()
@staticmethod
def _is_blind_trust_enabled():
plugin = app.plugin_manager.get_active_plugin('omemo')
print(plugin.config['BLIND_TRUST'])
return plugin.config['BLIND_TRUST']
@staticmethod
def _namedtuple_factory(cursor, row):
fields = []
......@@ -596,12 +604,15 @@ class LiteAxolotlStore(AxolotlStore):
self._con.commit()
def saveIdentity(self, recipientId, identityKey):
query = '''INSERT INTO identities (recipient_id, public_key, trust)
VALUES(?, ?, ?)'''
query = '''INSERT INTO identities (recipient_id, public_key, trust, shown)
VALUES(?, ?, ?, ?)'''
if not self.containsIdentity(recipientId, identityKey):
trust = self.getDefaultTrust(recipientId)
print('TRUST', trust)
self._con.execute(query, (recipientId,
identityKey.getPublicKey().serialize(),
Trust.UNDECIDED))
trust,
1 if trust == Trust.BLIND else 0))
self._con.commit()
def containsIdentity(self, recipientId, identityKey):
......@@ -662,10 +673,21 @@ class LiteAxolotlStore(AxolotlStore):
undecided = set(undecided) - set(inactive)
return bool(undecided)
def getDefaultTrust(self, jid):
if not self._is_blind_trust_enabled():
return Trust.UNDECIDED
query = '''SELECT * FROM identities
WHERE recipient_id = ? AND trust IN (0, 1)'''
result = self._con.execute(query, (jid,)).fetchone()
if result is None:
return Trust.BLIND
return Trust.UNDECIDED
def getTrustedFingerprints(self, jid):
query = '''SELECT public_key as "public_key [pk]" FROM identities
WHERE recipient_id = ? AND trust = ?'''
result = self._con.execute(query, (jid, Trust.VERIFIED)).fetchall()
WHERE recipient_id = ? AND trust IN(1, 3)'''
result = self._con.execute(query, (jid,)).fetchall()
return [row.public_key for row in result]
def getNewFingerprints(self, jid):
......@@ -694,7 +716,7 @@ class LiteAxolotlStore(AxolotlStore):
return False
identity_key = record.getSessionState().getRemoteIdentityKey()
return self.getTrustForIdentity(
recipient_id, identity_key) == Trust.VERIFIED
recipient_id, identity_key) in (Trust.VERIFIED, Trust.BLIND)
def getIdentityLastSeen(self, recipient_id, identity_key):
identity_key = identity_key.getPublicKey().serialize()
......
......@@ -32,6 +32,7 @@ class Trust(IntEnum):
UNTRUSTED = 0
VERIFIED = 1
UNDECIDED = 2
BLIND = 3
def get_fingerprint(identity_key, formatted=False):
......
......@@ -58,6 +58,7 @@ class OMEMOConfigDialog(GajimPluginConfigDialog):
self.update_account_store()
self.update_account_combobox()
self.update_disabled_account_view()
self.update_settings()
def is_in_accountstore(self, account):
for row in self._ui.account_store:
......@@ -127,6 +128,9 @@ class OMEMOConfigDialog(GajimPluginConfigDialog):
def refresh_button_clicked_cb(self, button, *args):
self.update_context_list()
def _on_blind_trust(self, button):
self.plugin.config['BLIND_TRUST'] = button.get_active()
def update_context_list(self):
self._ui.deviceid_store.clear()
......@@ -158,3 +162,7 @@ class OMEMOConfigDialog(GajimPluginConfigDialog):
# Set Device ID List
for item in omemo.backend.get_devices(own_jid):
self._ui.deviceid_store.append([item])
def update_settings(self):
self._ui.blind_trust_checkbutton.set_active(
self.plugin.config['BLIND_TRUST'])
\ No newline at end of file
......@@ -522,6 +522,80 @@ It is advised to go online with all of your actively used devices after clearing
<property name="tab_fill">False</property>
</packing>
</child>
<child>
<object class="GtkGrid">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="margin_left">18</property>
<property name="margin_right">18</property>
<property name="margin_top">18</property>
<property name="margin_bottom">18</property>
<child>
<object class="GtkFrame">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="label_xalign">0</property>
<property name="shadow_type">none</property>
<child>
<object class="GtkAlignment">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="top_padding">12</property>
<property name="left_padding">12</property>
<child>
<object class="GtkGrid">
<property name="visible">True</property>
<property name="can_focus">False</property>
<child>
<object class="GtkCheckButton" id="blind_trust_checkbutton">
<property name="label" translatable="yes">Blind Trust Before Verification</property>
<property name="visible">True</property>
<property name="can_focus">True</property>
<property name="receives_default">False</property>
<property name="draw_indicator">True</property>
<signal name="toggled" handler="_on_blind_trust" swapped="no"/>
</object>
<packing>
<property name="left_attach">0</property>
<property name="top_attach">0</property>
</packing>
</child>
</object>
</child>
</object>
</child>
<child type="label">
<object class="GtkLabel">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="label" translatable="yes">General</property>
<attributes>
<attribute name="weight" value="bold"/>
</attributes>
</object>
</child>
</object>
<packing>
<property name="left_attach">0</property>
<property name="top_attach">0</property>
</packing>
</child>
</object>
<packing>
<property name="position">3</property>
</packing>
</child>
<child type="tab">
<object class="GtkLabel">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="label" translatable="yes">Settings</property>
</object>
<packing>
<property name="position">3</property>
<property name="tab_fill">False</property>
</packing>
</child>
</object>
<object class="GtkListStore" id="fingerprint_store">
<columns>
......
......@@ -47,7 +47,10 @@ TRUST_DATA = {
'warning-color'),
Trust.VERIFIED: ('security-high-symbolic',
_('Verified'),
'encrypted-color')
'encrypted-color'),
Trust.BLIND: ('security-medium-symbolic',
_('Blind Trust'),
'encrypted-color')
}
......@@ -352,11 +355,7 @@ class TrustPopver(Gtk.Popover):
self._row = row
self._listbox = Gtk.ListBox()
self._listbox.set_selection_mode(Gtk.SelectionMode.NONE)
if row.trust != Trust.VERIFIED:
self._listbox.add(VerifiedOption())
if row.trust != Trust.UNTRUSTED:
self._listbox.add(NotTrustedOption())
self._listbox.add(DeleteOption())
self.update()
self.add(self._listbox)
self._listbox.show_all()
self._listbox.connect('row-activated', self._activated)
......@@ -376,6 +375,8 @@ class TrustPopver(Gtk.Popover):
self._listbox.foreach(self._listbox.remove)
if self._row.trust != Trust.VERIFIED:
self._listbox.add(VerifiedOption())
if self._row.trust != Trust.BLIND:
self._listbox.add(BlindOption())
if self._row.trust != Trust.UNTRUSTED:
self._listbox.add(NotTrustedOption())
self._listbox.add(DeleteOption())
......@@ -398,6 +399,17 @@ class MenuOption(Gtk.ListBoxRow):
self.show_all()
class BlindOption(MenuOption):
type_ = Trust.BLIND
icon = 'security-medium-symbolic'
label = _('Blind Trust')
color = 'encrypted-color'
def __init__(self):
MenuOption.__init__(self)
class VerifiedOption(MenuOption):
type_ = Trust.VERIFIED
......
......@@ -114,7 +114,10 @@ class OmemoPlugin(GajimPlugin):
self.disabled_accounts = []
self._windows = {}
self.config_default_values = {'DISABLED_ACCOUNTS': ([], ''), }
self.config_default_values = {
'DISABLED_ACCOUNTS': ([], ''),
'BLIND_TRUST': (True, '')
}
for account in self.config['DISABLED_ACCOUNTS']:
self.disabled_accounts.append(account)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment