Commit 02b15215 authored by Vladislav Yarmak's avatar Vladislav Yarmak
Browse files

[pgp] do not learn contact key from signed presence

parent fd4acbc7
...@@ -78,7 +78,6 @@ class PGPLegacy(BaseModule): ...@@ -78,7 +78,6 @@ class PGPLegacy(BaseModule):
self._store = KeyStore(self._account, self.own_jid, self._log, self._store = KeyStore(self._account, self.own_jid, self._log,
self._pgp.list_keys) self._pgp.list_keys)
self._always_trust = [] self._always_trust = []
self._presence_key_id_store = {}
@property @property
def pgp_backend(self): def pgp_backend(self):
...@@ -97,42 +96,30 @@ class PGPLegacy(BaseModule): ...@@ -97,42 +96,30 @@ class PGPLegacy(BaseModule):
return self._store.get_contact_key_data(*args, **kwargs) return self._store.get_contact_key_data(*args, **kwargs)
def has_valid_key_assigned(self, jid): def has_valid_key_assigned(self, jid):
key_data = self.get_contact_key_data(jid) return self.get_contact_key_data(jid) is not None
if key_data is None:
return False
key_id = key_data['key_id']
announced_key_id = self._presence_key_id_store.get(jid)
if announced_key_id is None:
return True
if announced_key_id == key_id:
return True
raise KeyMismatch(announced_key_id)
def _on_presence_received(self, _con, _stanza, properties): def _on_presence_received(self, _con, _stanza, properties):
if properties.signed is None: if properties.signed is None:
return return
jid = properties.jid.getBare() jid = properties.jid.getBare()
known_key_data = self.get_contact_key_data(jid)
key_id = self._pgp.verify(properties.status, properties.signed) if known_key_data is None:
self._log.info('Presence from %s was signed with key-id: %s', self._log.info('Presence from %s is signed, but we don\'t have PGP '
jid, key_id) 'key assigned for this contact.', jid)
if key_id is None:
return
self._presence_key_id_store[jid] = key_id
key_data = self.get_contact_key_data(jid)
if key_data is not None:
return
key = self._pgp.get_key(key_id)
if not key:
self._log.info('Key-id %s not found in keyring, cant assign to %s',
key_id, jid)
return return
self._log.info('Assign key-id: %s to %s', key_id, jid) sig_fp = self._pgp.verify(properties.status, properties.signed)
self.set_contact_key_data(jid, (key_id, key[0]['uids'][0])) if sig_fp is None:
self._log.critical('Signed presence from %s verification failed!',
jid)
else:
if sig_fp == known_key_data['key_id']:
self._log.info('Presence from %s signature OK', jid)
else:
self._log.critical('Presence from %s is signed with wrong key! '
'Expected key fingerprint=%s. '
'Actual key fingerprint=%s.',
jid, known_key_data['key_id'], sig_fp)
def _message_received(self, _con, stanza, properties): def _message_received(self, _con, stanza, properties):
if not properties.is_pgp_legacy or properties.from_muc: if not properties.is_pgp_legacy or properties.from_muc:
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment