mirror
/
nheko
mirror of https://github.com/Nheko-Reborn/nheko
2
0
Fork 1
Code Issues Releases Wiki Activity

Merge pull request #355 from Nheko-Reborn/ssss

Browse Source 
Cross-signing with self and user signing keys
pull/357/head
DeepBlueV7.X 4 years ago committed by GitHub
parent d4dfd84e7b 3b900bdcd2
commit 45701b0896
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
17 changed files with 736 additions and 79 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 3
      .ci/macos/Brewfile
  2. 34
      CMakeLists.txt
  3. 18
      io.github.NhekoReborn.Nheko.json
  4. 98
      src/Cache.cpp
  5. 5
      src/Cache.h
  6. 5
      src/Cache_p.h
  7. 64
      src/ChatPage.cpp
  8. 8
      src/ChatPage.h
  9. 67
      src/DeviceVerificationFlow.cpp
  10. 5
      src/MainWindow.cpp
  11. 398
      src/Olm.cpp
  12. 7
      src/Olm.h
  13. 6
      src/RoomList.h
  14. 78
      src/UserSettingsPage.cpp
  15. 7
      src/UserSettingsPage.h
  16. 5
      src/Utils.cpp
  17. 7
      src/timeline/TimelineViewManager.h

3
.ci/macos/Brewfile
Unescape View File

@ -11,4 +11,5 @@ brew "nlohmann_json"
brew "gstreamer"
brew "gst-plugins-base"
brew "gst-plugins-good"
brew "gst-plugins-bad"
brew "gst-plugins-bad"
brew "qtkeychain"

34
CMakeLists.txt
Unescape View File

@ -41,6 +41,8 @@ option(USE_BUNDLED_LMDBXX "Use the bundled version of lmdb++."
${HUNTER_ENABLED})
option(USE_BUNDLED_TWEENY "Use the bundled version of tweeny."
${HUNTER_ENABLED})
option(USE_BUNDLED_QTKEYCHAIN "Use the bundled version of Qt5Keychain."
${HUNTER_ENABLED})
list(APPEND CMAKE_MODULE_PATH "${CMAKE_SOURCE_DIR}/cmake")
@ -137,6 +139,24 @@ find_package(Qt5 COMPONENTS Core Widgets LinguistTools Concurrent Svg Multimedia
find_package(Qt5QuickCompiler)
find_package(Qt5DBus)
if (USE_BUNDLED_QTKEYCHAIN)
include(FetchContent)
FetchContent_Declare(
qt5keychain
GIT_REPOSITORY https://github.com/frankosterfeld/qtkeychain.git
GIT_TAG v0.12.0
)
if (BUILD_SHARED_LIBS)
set(QTKEYCHAIN_STATIC OFF CACHE INTERNAL "")
else()
set(QTKEYCHAIN_STATIC ON CACHE INTERNAL "")
endif()
set(BUILD_TEST_APPLICATION OFF CACHE INTERNAL "")
FetchContent_MakeAvailable(qt5keychain)
else()
find_package(Qt5Keychain REQUIRED)
endif()
if (APPLE)
find_package(Qt5MacExtras REQUIRED)
endif(APPLE)
@ -333,25 +353,25 @@ endif()
find_package(OpenSSL 1.1.0 REQUIRED)
if(USE_BUNDLED_MTXCLIENT)
include(FetchContent)
set(BUILD_LIB_EXAMPLES OFF CACHE INTERNAL "")
set(BUILD_LIB_TESTS OFF CACHE INTERNAL "")
FetchContent_Declare(
MatrixClient
GIT_REPOSITORY https://github.com/Nheko-Reborn/mtxclient.git
GIT_TAG ed6315563409ce9d47978ff2a2d771b863e375c5
GIT_TAG ce8bc9c3dd6bba432e716f55136133111b0186e7
)
set(BUILD_LIB_EXAMPLES OFF CACHE INTERNAL "")
set(BUILD_LIB_TESTS OFF CACHE INTERNAL "")
FetchContent_MakeAvailable(MatrixClient)
else()
find_package(MatrixClient 0.3.1 REQUIRED)
endif()
if(USE_BUNDLED_OLM)
include(FetchContent)
set(OLM_TESTS OFF CACHE INTERNAL "")
FetchContent_Declare(
Olm
GIT_REPOSITORY https://gitlab.matrix.org/matrix-org/olm.git
GIT_TAG 3.1.4
)
set(OLM_TESTS OFF CACHE INTERNAL "")
FetchContent_MakeAvailable(Olm)
else()
find_package(Olm 3)
@ -573,6 +593,11 @@ else()
endif()
target_include_directories(nheko PRIVATE src includes third_party/blurhash third_party/cpp-httplib-0.5.12)
# Fixup bundled keychain include dirs
if (USE_BUNDLED_QTKEYCHAIN)
target_include_directories(nheko PRIVATE ${qt5keychain_SOURCE_DIR} ${qt5keychain_BINARY_DIR})
endif()
target_link_libraries(nheko PRIVATE
MatrixClient::MatrixClient
Boost::iostreams
@ -587,6 +612,7 @@ target_link_libraries(nheko PRIVATE
Qt5::Qml
Qt5::QuickControls2
Qt5::QuickWidgets
qt5keychain
nlohmann_json::nlohmann_json
lmdbxx::lmdbxx
liblmdb::lmdb

18
io.github.NhekoReborn.Nheko.json
Unescape View File

@ -94,6 +94,22 @@
}
]
},
{
"config-opts": [
"-DCMAKE_BUILD_TYPE=Release",
"-DBUILD_TEST_APPLICATION=OFF"
],
"buildsystem": "cmake-ninja",
"name": "QtKeychain",
"sources": [
{
"commit": "815fe610353ff8ad7e2f1121c368a74df8db5eb7",
"tag": "v0.12.0",
"type": "git",
"url": "https://github.com/frankosterfeld/qtkeychain.git"
}
]
},
{
"config-opts":[
"-DJSON_BuildTests=OFF"
@ -145,7 +161,7 @@
"name": "mtxclient",
"sources": [
{
"commit": "ed6315563409ce9d47978ff2a2d771b863e375c5",
"commit": "ce8bc9c3dd6bba432e716f55136133111b0186e7",
"type": "git",
"url": "https://github.com/Nheko-Reborn/mtxclient.git"
}

98
src/Cache.cpp
Unescape View File

@ -24,9 +24,14 @@
#include <QFile>
#include <QHash>
#include <QMap>
#include <QSettings>
#include <QStandardPaths>
#if __has_include(<keychain.h>)
#include <keychain.h>
#else
#include <qt5keychain/keychain.h>
#endif
#include <mtx/responses/common.hpp>
#include "Cache.h"
@ -569,6 +574,64 @@ Cache::restoreOlmAccount()
return std::string(pickled.data(), pickled.size());
}
void
Cache::storeSecret(const std::string &name, const std::string &secret)
{
QKeychain::WritePasswordJob job(QCoreApplication::applicationName());
job.setAutoDelete(false);
job.setInsecureFallback(true);
job.setKey(QString::fromStdString(name));
job.setTextData(QString::fromStdString(secret));
QEventLoop loop;
job.connect(&job, &QKeychain::Job::finished, &loop, &QEventLoop::quit);
job.start();
loop.exec();
if (job.error()) {
nhlog::db()->warn(
"Storing secret '{}' failed: {}", name, job.errorString().toStdString());
} else {
emit secretChanged(name);
}
}
void
Cache::deleteSecret(const std::string &name)
{
QKeychain::DeletePasswordJob job(QCoreApplication::applicationName());
job.setAutoDelete(false);
job.setInsecureFallback(true);
job.setKey(QString::fromStdString(name));
QEventLoop loop;
job.connect(&job, &QKeychain::Job::finished, &loop, &QEventLoop::quit);
job.start();
loop.exec();
emit secretChanged(name);
}
std::optional<std::string>
Cache::secret(const std::string &name)
{
QKeychain::ReadPasswordJob job(QCoreApplication::applicationName());
job.setAutoDelete(false);
job.setInsecureFallback(true);
job.setKey(QString::fromStdString(name));
QEventLoop loop;
job.connect(&job, &QKeychain::Job::finished, &loop, &QEventLoop::quit);
job.start();
loop.exec();
const QString secret = job.textData();
if (job.error()) {
nhlog::db()->debug(
"Restoring secret '{}' failed: {}", name, job.errorString().toStdString());
return std::nullopt;
}
return secret.toStdString();
}
//
// Media Management
//
@ -726,10 +789,32 @@ void
Cache::deleteData()
{
// TODO: We need to remove the env_ while not accepting new requests.
lmdb::dbi_close(env_, syncStateDb_);
lmdb::dbi_close(env_, roomsDb_);
lmdb::dbi_close(env_, invitesDb_);
lmdb::dbi_close(env_, mediaDb_);
lmdb::dbi_close(env_, readReceiptsDb_);
lmdb::dbi_close(env_, notificationsDb_);
lmdb::dbi_close(env_, devicesDb_);
lmdb::dbi_close(env_, deviceKeysDb_);
lmdb::dbi_close(env_, inboundMegolmSessionDb_);
lmdb::dbi_close(env_, outboundMegolmSessionDb_);
env_.close();
verification_storage.status.clear();
if (!cacheDirectory_.isEmpty()) {
QDir(cacheDirectory_).removeRecursively();
nhlog::db()->info("deleted cache files from disk");
}
deleteSecret(mtx::secret_storage::secrets::megolm_backup_v1);
deleteSecret(mtx::secret_storage::secrets::cross_signing_master);
deleteSecret(mtx::secret_storage::secrets::cross_signing_user_signing);
deleteSecret(mtx::secret_storage::secrets::cross_signing_self_signing);
}
//! migrates db to the current format
@ -4262,4 +4347,15 @@ restoreOlmAccount()
{
return instance_->restoreOlmAccount();
}
void
storeSecret(const std::string &name, const std::string &secret)
{
instance_->storeSecret(name, secret);
}
std::optional<std::string>
secret(const std::string &name)
{
return instance_->secret(name);
}
} // namespace cache

5
src/Cache.h
Unescape View File

@ -282,4 +282,9 @@ saveOlmAccount(const std::string &pickled);
std::string
restoreOlmAccount();
void
storeSecret(const std::string &name, const std::string &secret);
std::optional<std::string>
secret(const std::string &name);
}

5
src/Cache_p.h
Unescape View File

@ -269,6 +269,10 @@ public:
void saveOlmAccount(const std::string &pickled);
std::string restoreOlmAccount();
void storeSecret(const std::string &name, const std::string &secret);
void deleteSecret(const std::string &name);
std::optional<std::string> secret(const std::string &name);
signals:
void newReadReceipts(const QString &room_id, const std::vector<QString> &event_ids);
void roomReadStatus(const std::map<QString, bool> &status);
@ -276,6 +280,7 @@ signals:
void userKeysUpdate(const std::string &sync_token,
const mtx::responses::QueryKeys &keyQuery);
void verificationStatusChanged(const std::string &userid);
void secretChanged(const std::string name);
private:
//! Save an invited room.

64
src/ChatPage.cpp
Unescape View File

@ -17,6 +17,7 @@
#include <QApplication>
#include <QImageReader>
#include <QInputDialog>
#include <QMessageBox>
#include <QSettings>
#include <QShortcut>
@ -64,6 +65,8 @@ constexpr size_t MAX_ONETIME_KEYS = 50;
Q_DECLARE_METATYPE(std::optional<mtx::crypto::EncryptedFile>)
Q_DECLARE_METATYPE(std::optional<RelatedInfo>)
Q_DECLARE_METATYPE(mtx::presence::PresenceState)
Q_DECLARE_METATYPE(mtx::secret_storage::AesHmacSha2KeyDescription)
Q_DECLARE_METATYPE(SecretsToDecrypt)
ChatPage::ChatPage(QSharedPointer<UserSettings> userSettings, QWidget *parent)
: QWidget(parent)
@ -79,6 +82,8 @@ ChatPage::ChatPage(QSharedPointer<UserSettings> userSettings, QWidget *parent)
qRegisterMetaType<std::optional<mtx::crypto::EncryptedFile>>();
qRegisterMetaType<std::optional<RelatedInfo>>();
qRegisterMetaType<mtx::presence::PresenceState>();
qRegisterMetaType<mtx::secret_storage::AesHmacSha2KeyDescription>();
qRegisterMetaType<SecretsToDecrypt>();
topLayout_ = new QHBoxLayout(this);
topLayout_->setSpacing(0);
@ -136,6 +141,12 @@ ChatPage::ChatPage(QSharedPointer<UserSettings> userSettings, QWidget *parent)
splitter->addWidget(content_);
splitter->restoreSizes(parent->width());
connect(this,
&ChatPage::downloadedSecrets,
this,
&ChatPage::decryptDownloadedSecrets,
Qt::QueuedConnection);
connect(this, &ChatPage::connectionLost, this, [this]() {
nhlog::net()->info("connectivity lost");
isConnected_ = false;
@ -372,9 +383,8 @@ ChatPage::ChatPage(QSharedPointer<UserSettings> userSettings, QWidget *parent)
void
ChatPage::logout()
{
deleteConfigs();
resetUI();
deleteConfigs();
emit closing();
connectivityTimer_.stop();
@ -385,12 +395,12 @@ ChatPage::dropToLoginPage(const QString &msg)
{
nhlog::ui()->info("dropping to the login page: {}", msg.toStdString());
deleteConfigs();
resetUI();
http::client()->shutdown();
connectivityTimer_.stop();
resetUI();
deleteConfigs();
emit showLoginPage(msg);
}
@ -418,8 +428,8 @@ ChatPage::deleteConfigs()
settings.remove("");
settings.endGroup();
http::client()->shutdown();
cache::deleteData();
http::client()->clear();
}
void
@ -1209,3 +1219,45 @@ ChatPage::connectCallMessage()
view_manager_,
qOverload<const QString &, const T &>(&TimelineViewManager::queueCallMessage));
}
void
ChatPage::decryptDownloadedSecrets(mtx::secret_storage::AesHmacSha2KeyDescription keyDesc,
const SecretsToDecrypt &secrets)
{
QString text = QInputDialog::getText(
ChatPage::instance(),
QCoreApplication::translate("CrossSigningSecrets", "Decrypt secrets"),
keyDesc.name.empty()
? QCoreApplication::translate(
"CrossSigningSecrets",
"Enter your recovery key or passphrase to decrypt your secrets:")
: QCoreApplication::translate(
"CrossSigningSecrets",
"Enter your recovery key or passphrase called %1 to decrypt your secrets:")
.arg(QString::fromStdString(keyDesc.name)),
QLineEdit::Password);
if (text.isEmpty())
return;
auto decryptionKey = mtx::crypto::key_from_recoverykey(text.toStdString(), keyDesc);
if (!decryptionKey)
decryptionKey = mtx::crypto::key_from_passphrase(text.toStdString(), keyDesc);
if (!decryptionKey) {
QMessageBox::information(
ChatPage::instance(),
QCoreApplication::translate("CrossSigningSecrets", "Decrytion failed"),
QCoreApplication::translate("CrossSigningSecrets",
"Failed to decrypt secrets with the "
"provided recovery key or passphrase"));
return;
}
for (const auto &[secretName, encryptedSecret] : secrets) {
auto decrypted = mtx::crypto::decrypt(encryptedSecret, *decryptionKey, secretName);
if (!decrypted.empty())
cache::storeSecret(secretName, decrypted);
}
}

8
src/ChatPage.h
Unescape View File

@ -27,6 +27,7 @@
#include <mtx/events/encrypted.hpp>
#include <mtx/events/member.hpp>
#include <mtx/events/presence.hpp>
#include <mtx/secret_storage.hpp>
#include <QFrame>
#include <QHBoxLayout>
@ -72,6 +73,8 @@ namespace popups {
class UserMentions;
}
using SecretsToDecrypt = std::map<std::string, mtx::secret_storage::AesHmacSha2EncryptedData>;
class ChatPage : public QWidget
{
Q_OBJECT
@ -117,6 +120,8 @@ public slots:
void unbanUser(QString userid, QString reason);
void receivedSessionKey(const std::string &room_id, const std::string &session_id);
void decryptDownloadedSecrets(mtx::secret_storage::AesHmacSha2KeyDescription keyDesc,
const SecretsToDecrypt &secrets);
signals:
void connectionLost();
@ -185,6 +190,9 @@ signals:
void receivedDeviceVerificationReady(const mtx::events::msg::KeyVerificationReady &message);
void receivedDeviceVerificationDone(const mtx::events::msg::KeyVerificationDone &message);
void downloadedSecrets(mtx::secret_storage::AesHmacSha2KeyDescription keyDesc,
const SecretsToDecrypt &secrets);
private slots:
void logout();
void removeRoom(const QString &room_id);

67
src/DeviceVerificationFlow.cpp
Unescape View File

@ -275,11 +275,66 @@ DeviceVerificationFlow::DeviceVerificationFlow(QObject *,
req.signatures[utils::localUser().toStdString()]
[master_key.keys.at(mac.first)] =
master_key;
} else if (mac.first ==
"ed25519:" + this->deviceId.toStdString()) {
// Sign their device key with self signing key
auto device_id = this->deviceId.toStdString();
if (their_keys.device_keys.count(device_id)) {
json j =
their_keys.device_keys.at(device_id);
j.erase("signatures");
j.erase("unsigned");
auto secret = cache::secret(
mtx::secret_storage::secrets::
cross_signing_self_signing);
if (!secret)
continue;
auto ssk =
mtx::crypto::PkSigning::from_seed(
*secret);
mtx::crypto::DeviceKeys dev = j;
dev.signatures
[utils::localUser().toStdString()]
["ed25519:" + ssk.public_key()] =
ssk.sign(j.dump());
req.signatures[utils::localUser()
.toStdString()]
[device_id] = dev;
}
}
}
// TODO(Nico): Sign their device key with self signing key
} else {
// TODO(Nico): Sign their master key with user signing key
// Sign their master key with user signing key
for (const auto &mac : msg.mac) {
if (their_keys.master_keys.keys.count(mac.first)) {
json j = their_keys.master_keys;
j.erase("signatures");
j.erase("unsigned");
auto secret =
cache::secret(mtx::secret_storage::secrets::
cross_signing_user_signing);
if (!secret)
continue;
auto usk =
mtx::crypto::PkSigning::from_seed(*secret);
mtx::crypto::CrossSigningKeys master_key = j;
master_key
.signatures[utils::localUser().toStdString()]
["ed25519:" + usk.public_key()] =
usk.sign(j.dump());
req.signatures[toClient.to_string()]
[master_key.keys.at(mac.first)] =
master_key;
}
}
}
if (!req.signatures.empty()) {
@ -706,6 +761,14 @@ DeviceVerificationFlow::acceptDevice()
cache::markDeviceVerified(this->toClient.to_string(), this->deviceId.toStdString());
this->sendVerificationDone();
setState(Success);
// Request secrets. We should probably check somehow, if a device knowns about the
// secrets.
if (utils::localUser().toStdString() == this->toClient.to_string() &&
(!cache::secret(mtx::secret_storage::secrets::cross_signing_self_signing) ||
!cache::secret(mtx::secret_storage::secrets::cross_signing_user_signing))) {
olm::request_cross_signing_keys();
}
}
}

5
src/MainWindow.cpp
Unescape View File

@ -26,6 +26,7 @@
#include <mtx/responses/login.hpp>
#include "Cache.h"
#include "Cache_p.h"
#include "ChatPage.h"
#include "Config.h"
#include "Logging.h"
@ -294,6 +295,10 @@ MainWindow::showChatPage()
login_page_->reset();
chat_page_->bootstrap(userid, homeserver, token);
connect(cache::client(),
&Cache::secretChanged,
userSettingsPage_,
&UserSettingsPage::updateSecretStatus);
instance_ = this;
}

398
src/Olm.cpp
Unescape View File

@ -1,9 +1,14 @@
#include "Olm.h"
#include <QObject>
#include <QTimer>
#include <nlohmann/json.hpp>
#include <variant>
#include <mtx/responses/common.hpp>
#include <mtx/secret_storage.hpp>
#include "Cache.h"
#include "Cache_p.h"
#include "ChatPage.h"
@ -13,11 +18,13 @@
#include "UserSettingsPage.h"
#include "Utils.h"
static const std::string STORAGE_SECRET_KEY("secret");
constexpr auto MEGOLM_ALGO = "m.megolm.v1.aes-sha2";
namespace {
auto client_ = std::make_unique<mtx::crypto::OlmClient>();
std::map<std::string, std::string> request_id_to_secret_name;
const std::string STORAGE_SECRET_KEY("secret");
constexpr auto MEGOLM_ALGO = "m.megolm.v1.aes-sha2";
}
namespace olm {
@ -43,6 +50,54 @@ client()
return client_.get();
}
static void
handle_secret_request(const mtx::events::DeviceEvent<mtx::events::msg::SecretRequest> *e,
const std::string &sender)
{
using namespace mtx::events;
if (e->content.action != mtx::events::msg::RequestAction::Request)
return;
auto local_user = http::client()->user_id();
if (sender != local_user.to_string())
return;
auto verificationStatus = cache::verificationStatus(local_user.to_string());
if (!verificationStatus)
return;
auto deviceKeys = cache::userKeys(local_user.to_string());
if (!deviceKeys)
return;
if (std::find(verificationStatus->verified_devices.begin(),
verificationStatus->verified_devices.end(),
e->content.requesting_device_id) ==
verificationStatus->verified_devices.end())
return;
// this is a verified device
mtx::events::DeviceEvent<mtx::events::msg::SecretSend> secretSend;
secretSend.type = EventType::SecretSend;
secretSend.content.request_id = e->content.request_id;
auto secret = cache::client()->secret(e->content.name);
if (!secret)
return;
secretSend.content.secret = secret.value();
send_encrypted_to_device_messages(
{{local_user.to_string(), {{e->content.requesting_device_id}}}}, secretSend);
nhlog::net()->info("Sent secret '{}' to ({},{})",
e->content.name,
local_user.to_string(),
e->content.requesting_device_id);
}
void
handle_to_device_messages(const std::vector<mtx::events::collections::DeviceEvents> &msgs)
{
@ -127,6 +182,10 @@ handle_to_device_messages(const std::vector<mtx::events::collections::DeviceEven
std::get<mtx::events::DeviceEvent<mtx::events::msg::KeyVerificationDone>>(
msg);
ChatPage::instance()->receivedDeviceVerificationDone(message.content);
} else if (auto e =
std::get_if<mtx::events::DeviceEvent<mtx::events::msg::SecretRequest>>(
&msg)) {
handle_secret_request(e, e->sender);
} else {
nhlog::crypto()->warn("unhandled event: {}", j_msg.dump(2));
}
@ -163,59 +222,137 @@ handle_olm_message(const OlmMessage &msg)
}
if (!payload.is_null()) {
std::string msg_type = payload["type"];
if (msg_type == to_string(mtx::events::EventType::KeyVerificationAccept)) {
ChatPage::instance()->receivedDeviceVerificationAccept(
payload["content"]);
return;
} else if (msg_type ==
to_string(mtx::events::EventType::KeyVerificationRequest)) {
ChatPage::instance()->receivedDeviceVerificationRequest(
payload["content"], payload["sender"]);
return;
} else if (msg_type ==
to_string(mtx::events::EventType::KeyVerificationCancel)) {
ChatPage::instance()->receivedDeviceVerificationCancel(
payload["content"]);
return;
} else if (msg_type ==
to_string(mtx::events::EventType::KeyVerificationKey)) {
ChatPage::instance()->receivedDeviceVerificationKey(
payload["content"]);
return;
} else if (msg_type ==
to_string(mtx::events::EventType::KeyVerificationMac)) {
ChatPage::instance()->receivedDeviceVerificationMac(
payload["content"]);
return;
} else if (msg_type ==
to_string(mtx::events::EventType::KeyVerificationStart)) {
ChatPage::instance()->receivedDeviceVerificationStart(
payload["content"], payload["sender"]);
return;
} else if (msg_type ==
to_string(mtx::events::EventType::KeyVerificationReady)) {
ChatPage::instance()->receivedDeviceVerificationReady(
payload["content"]);
return;
} else if (msg_type ==
to_string(mtx::events::EventType::KeyVerificationDone)) {
ChatPage::instance()->receivedDeviceVerificationDone(
payload["content"]);
return;
} else if (msg_type == to_string(mtx::events::EventType::RoomKey)) {
mtx::events::DeviceEvent<mtx::events::msg::RoomKey> roomKey =
payload;
create_inbound_megolm_session(roomKey, msg.sender_key);
return;
} else if (msg_type ==
to_string(mtx::events::EventType::ForwardedRoomKey)) {
mtx::events::DeviceEvent<mtx::events::msg::ForwardedRoomKey>
roomKey = payload;
import_inbound_megolm_session(roomKey);
return;
mtx::events::collections::DeviceEvents device_event;
{
std::string msg_type = payload["type"];
json event_array = json::array();
event_array.push_back(payload);
std::vector<mtx::events::collections::DeviceEvents> temp_events;
mtx::responses::utils::parse_device_events(event_array,
temp_events);
if (temp_events.empty()) {
nhlog::crypto()->warn("Decrypted unknown event: {}",
payload.dump());
continue;
}
device_event = temp_events.at(0);
}
using namespace mtx::events;
if (auto e1 =
std::get_if<DeviceEvent<msg::KeyVerificationAccept>>(&device_event)) {
ChatPage::instance()->receivedDeviceVerificationAccept(e1->content);
} else if (auto e2 = std::get_if<DeviceEvent<msg::KeyVerificationRequest>>(
&device_event)) {
ChatPage::instance()->receivedDeviceVerificationRequest(e2->content,
e2->sender);
} else if (auto e3 = std::get_if<DeviceEvent<msg::KeyVerificationCancel>>(
&device_event)) {
ChatPage::instance()->receivedDeviceVerificationCancel(e3->content);
} else if (auto e4 = std::get_if<DeviceEvent<msg::KeyVerificationKey>>(
&device_event)) {
ChatPage::instance()->receivedDeviceVerificationKey(e4->content);
} else if (auto e5 = std::get_if<DeviceEvent<msg::KeyVerificationMac>>(
&device_event)) {
ChatPage::instance()->receivedDeviceVerificationMac(e5->content);
} else if (auto e6 = std::get_if<DeviceEvent<msg::KeyVerificationStart>>(
&device_event)) {
ChatPage::instance()->receivedDeviceVerificationStart(e6->content,
e6->sender);
} else if (auto e7 = std::get_if<DeviceEvent<msg::KeyVerificationReady>>(
&device_event)) {
ChatPage::instance()->receivedDeviceVerificationReady(e7->content);
} else if (auto e8 = std::get_if<DeviceEvent<msg::KeyVerificationDone>>(
&device_event)) {
ChatPage::instance()->receivedDeviceVerificationDone(e8->content);
} else if (auto roomKey =
std::get_if<DeviceEvent<msg::RoomKey>>(&device_event)) {
create_inbound_megolm_session(*roomKey, msg.sender_key);
} else if (auto forwardedRoomKey =
std::get_if<DeviceEvent<msg::ForwardedRoomKey>>(
&device_event)) {
import_inbound_megolm_session(*forwardedRoomKey);
} else if (auto e =
std::get_if<DeviceEvent<msg::SecretSend>>(&device_event)) {
auto local_user = http::client()->user_id();
if (msg.sender != local_user.to_string())
continue;
auto secret_name =
request_id_to_secret_name.find(e->content.request_id);
if (secret_name != request_id_to_secret_name.end()) {
nhlog::crypto()->info("Received secret: {}",
secret_name->second);
mtx::events::msg::SecretRequest secretRequest{};
secretRequest.action =
mtx::events::msg::RequestAction::Cancellation;
secretRequest.requesting_device_id =
http::client()->device_id();
secretRequest.request_id = e->content.request_id;
auto verificationStatus =
cache::verificationStatus(local_user.to_string());
if (!verificationStatus)
continue;
auto deviceKeys = cache::userKeys(local_user.to_string());
std::string sender_device_id;
if (deviceKeys) {
for (auto &[dev, key] : deviceKeys->device_keys) {
if (key.keys["curve25519:" + dev] ==
msg.sender_key) {
sender_device_id = dev;
break;
}
}
}
std::map<
mtx::identifiers::User,
std::map<std::string, mtx::events::msg::SecretRequest>>
body;
for (const auto &dev :
verificationStatus->verified_devices) {
if (dev != secretRequest.requesting_device_id &&
dev != sender_device_id)
body[local_user][dev] = secretRequest;
}
http::client()
->send_to_device<mtx::events::msg::SecretRequest>(
http::client()->generate_txn_id(),
body,
[name =
secret_name->second](mtx::http::RequestErr err) {
if (err) {
nhlog::net()->error(
"Failed to send request cancellation "
"for secrect "
"'{}'",
name);
return;
}
});
cache::client()->storeSecret(secret_name->second,
e->content.secret);
request_id_to_secret_name.erase(secret_name);
}
} else if (auto sec_req =
std::get_if<DeviceEvent<msg::SecretRequest>>(&device_event)) {
handle_secret_request(sec_req, msg.sender);
}
return;
}
}
}
@ -332,11 +469,13 @@ encrypt_group_message(const std::string &room_id, const std::string &device_id,
// new member, send them the session at this index
sendSessionTo[member_it->first] = {};
for (const auto &dev : member_it->second->device_keys)
if (member_it->first != own_user_id ||
dev.first != device_id)
sendSessionTo[member_it->first].push_back(
dev.first);
if (member_it->second) {
for (const auto &dev : member_it->second->device_keys)
if (member_it->first != own_user_id ||
dev.first != device_id)
sendSessionTo[member_it->first].push_back(
dev.first);
}
++member_it;
} else {
@ -1035,4 +1174,143 @@ send_encrypted_to_device_messages(const std::map<std::string, std::vector<std::s
}
}
void
request_cross_signing_keys()
{
mtx::events::msg::SecretRequest secretRequest{};
secretRequest.action = mtx::events::msg::RequestAction::Request;
secretRequest.requesting_device_id = http::client()->device_id();
auto local_user = http::client()->user_id();
auto verificationStatus = cache::verificationStatus(local_user.to_string());
if (!verificationStatus)
return;
auto request = [&](std::string secretName) {
secretRequest.name = secretName;
secretRequest.request_id = "ss." + http::client()->generate_txn_id();
request_id_to_secret_name[secretRequest.request_id] = secretRequest.name;
std::map<mtx::identifiers::User,
std::map<std::string, mtx::events::msg::SecretRequest>>
body;
for (const auto &dev : verificationStatus->verified_devices) {
if (dev != secretRequest.requesting_device_id)
body[local_user][dev] = secretRequest;
}
http::client()->send_to_device<mtx::events::msg::SecretRequest>(
http::client()->generate_txn_id(),
body,
[request_id = secretRequest.request_id, secretName](mtx::http::RequestErr err) {
if (err) {
request_id_to_secret_name.erase(request_id);
nhlog::net()->error("Failed to send request for secrect '{}'",
secretName);
return;
}
});
for (const auto &dev : verificationStatus->verified_devices) {
if (dev != secretRequest.requesting_device_id)
body[local_user][dev].action =
mtx::events::msg::RequestAction::Cancellation;
}
// timeout after 15 min
QTimer::singleShot(15 * 60 * 1000, [secretRequest, body]() {
if (request_id_to_secret_name.count(secretRequest.request_id)) {
request_id_to_secret_name.erase(secretRequest.request_id);
http::client()->send_to_device<mtx::events::msg::SecretRequest>(
http::client()->generate_txn_id(),
body,
[secretRequest](mtx::http::RequestErr err) {
if (err) {
nhlog::net()->error(
"Failed to cancel request for secrect '{}'",
secretRequest.name);
return;
}
});
}
});
};
request(mtx::secret_storage::secrets::cross_signing_self_signing);
request(mtx::secret_storage::secrets::cross_signing_user_signing);
request(mtx::secret_storage::secrets::megolm_backup_v1);
}
namespace {
void
unlock_secrets(const std::string &key,
const std::map<std::string, mtx::secret_storage::AesHmacSha2EncryptedData> &secrets)
{
http::client()->secret_storage_key(
key,
[secrets](mtx::secret_storage::AesHmacSha2KeyDescription keyDesc,
mtx::http::RequestErr err) {
if (err) {
nhlog::net()->error("Failed to download secret storage key");
return;
}
emit ChatPage::instance()->downloadedSecrets(keyDesc, secrets);
});
}
}
void
download_cross_signing_keys()
{
using namespace mtx::secret_storage;
http::client()->secret_storage_secret(
secrets::megolm_backup_v1, [](Secret secret, mtx::http::RequestErr err) {
std::optional<Secret> backup_key;
if (!err)
backup_key = secret;
http::client()->secret_storage_secret(
secrets::cross_signing_self_signing,
[backup_key](Secret secret, mtx::http::RequestErr err) {
std::optional<Secret> self_signing_key;
if (!err)
self_signing_key = secret;
http::client()->secret_storage_secret(
secrets::cross_signing_user_signing,
[backup_key, self_signing_key](Secret secret,
mtx::http::RequestErr err) {
std::optional<Secret> user_signing_key;
if (!err)
user_signing_key = secret;
std::map<std::string,
std::map<std::string, AesHmacSha2EncryptedData>>
secrets;
if (backup_key && !backup_key->encrypted.empty())
secrets[backup_key->encrypted.begin()->first]
[secrets::megolm_backup_v1] =
backup_key->encrypted.begin()->second;
if (self_signing_key && !self_signing_key->encrypted.empty())
secrets[self_signing_key->encrypted.begin()->first]
[secrets::cross_signing_self_signing] =
self_signing_key->encrypted.begin()->second;
if (user_signing_key && !user_signing_key->encrypted.empty())
secrets[user_signing_key->encrypted.begin()->first]
[secrets::cross_signing_user_signing] =
user_signing_key->encrypted.begin()->second;
for (const auto &[key, secrets] : secrets)
unlock_secrets(key, secrets);
});
});
});
}
} // namespace olm

7
src/Olm.h
Unescape View File

@ -102,4 +102,11 @@ send_encrypted_to_device_messages(const std::map<std::string, std::vector<std::s
const mtx::events::collections::DeviceEvents &event,
bool force_new_session = false);
//! Request backup and signing keys and cache them locally
void
request_cross_signing_keys();
//! Download backup and signing keys and cache them locally
void
download_cross_signing_keys();
} // namespace olm

6
src/RoomList.h
Unescape View File

@ -43,7 +43,11 @@ public:
void initialize(const QMap<QString, RoomInfo> &info);
void sync(const std::map<QString, RoomInfo> &info);
void clear() { rooms_.clear(); };
void clear()
{
rooms_.clear();
rooms_sort_cache_.clear();
};
void updateAvatar(const QString &room_id, const QString &url);
void addRoom(const QString &room_id, const RoomInfo &info);

78
src/UserSettingsPage.cpp
Unescape View File

@ -637,6 +637,15 @@ UserSettingsPage::UserSettingsPage(QSharedPointer<UserSettings> settings, QWidge
deviceFingerprintValue_->setText(utils::humanReadableFingerprint(QString(44, 'X')));
backupSecretCached = new QLabel{this};
masterSecretCached = new QLabel{this};
selfSigningSecretCached = new QLabel{this};
userSigningSecretCached = new QLabel{this};
backupSecretCached->setFont(monospaceFont);
masterSecretCached->setFont(monospaceFont);
selfSigningSecretCached->setFont(monospaceFont);
userSigningSecretCached->setFont(monospaceFont);
auto sessionKeysLabel = new QLabel{tr("Session Keys"), this};
sessionKeysLabel->setFont(font);
sessionKeysLabel->setMargin(OptionMargin);
@ -649,6 +658,18 @@ UserSettingsPage::UserSettingsPage(QSharedPointer<UserSettings> settings, QWidge
sessionKeysLayout->addWidget(sessionKeysExportBtn, 0, Qt::AlignRight);
sessionKeysLayout->addWidget(sessionKeysImportBtn, 0, Qt::AlignRight);
auto crossSigningKeysLabel = new QLabel{tr("Cross Signing Keys"), this};
crossSigningKeysLabel->setFont(font);
crossSigningKeysLabel->setMargin(OptionMargin);
auto crossSigningRequestBtn = new QPushButton{tr("REQUEST"), this};
auto crossSigningDownloadBtn = new QPushButton{tr("DOWNLOAD"), this};
auto crossSigningKeysLayout = new QHBoxLayout;
crossSigningKeysLayout->addWidget(new QLabel{"", this}, 1, Qt::AlignRight);
crossSigningKeysLayout->addWidget(crossSigningRequestBtn, 0, Qt::AlignRight);
crossSigningKeysLayout->addWidget(crossSigningDownloadBtn, 0, Qt::AlignRight);
auto boxWrap = [this, &font](QString labelText, QWidget *field, QString tooltipText = "") {
auto label = new QLabel{labelText, this};
label->setFont(font);
@ -787,6 +808,28 @@ UserSettingsPage::UserSettingsPage(QSharedPointer<UserSettings> settings, QWidge
tr("Automatically replies to key requests from other users, if they are verified."));
formLayout_->addRow(new HorizontalLine{this});
formLayout_->addRow(sessionKeysLabel, sessionKeysLayout);
formLayout_->addRow(crossSigningKeysLabel, crossSigningKeysLayout);
boxWrap(tr("Master signing key"),
masterSecretCached,
tr("Your most important key. You don't need to have it cached, since not caching "
"it makes it less likely it can be stolen and it is only needed to rotate your "
"other signing keys."));
boxWrap(tr("User signing key"),
userSigningSecretCached,
tr("The key to verify other users. If it is cached, verifying a user will verify "
"all their devices."));
boxWrap(
tr("Self signing key"),
selfSigningSecretCached,
tr("The key to verify your own devices. If it is cached, verifying one of your devices "
"will mark it verified for all your other devices and for users, that have verified "
"you."));
boxWrap(tr("Backup key"),
backupSecretCached,
tr("The key to decrypt online key backups. If it is cached, you can enable online "
"key backup to store encryption keys securely encrypted on the server."));
updateSecretStatus();
auto scrollArea_ = new QScrollArea{this};
scrollArea_->setFrameShape(QFrame::NoFrame);
@ -982,6 +1025,14 @@ UserSettingsPage::UserSettingsPage(QSharedPointer<UserSettings> settings, QWidge
connect(
sessionKeysExportBtn, &QPushButton::clicked, this, &UserSettingsPage::exportSessionKeys);
connect(crossSigningRequestBtn, &QPushButton::clicked, this, []() {
olm::request_cross_signing_keys();
});
connect(crossSigningDownloadBtn, &QPushButton::clicked, this, []() {
olm::download_cross_signing_keys();
});
connect(backBtn_, &QPushButton::clicked, this, [this]() {
settings_->save();
emit moveBack();
@ -1137,3 +1188,30 @@ UserSettingsPage::exportSessionKeys()
QMessageBox::warning(this, tr("Error"), e.what());
}
}
void
UserSettingsPage::updateSecretStatus()
{
QString ok = "QLabel { color : #00cc66; }";
QString notSoOk = "QLabel { color : #ff9933; }";
auto updateLabel = [&ok, &notSoOk](QLabel *label, const std::string &secretName) {
if (cache::secret(secretName)) {
label->setStyleSheet(ok);
label->setText(tr("CACHED"));
} else {
if (secretName == mtx::secret_storage::secrets::cross_signing_master)
label->setStyleSheet(ok);
else
label->setStyleSheet(notSoOk);
label->setText(tr("NOT CACHED"));
}
};
updateLabel(masterSecretCached, mtx::secret_storage::secrets::cross_signing_master);
updateLabel(userSigningSecretCached,
mtx::secret_storage::secrets::cross_signing_user_signing);
updateLabel(selfSigningSecretCached,
mtx::secret_storage::secrets::cross_signing_self_signing);
updateLabel(backupSecretCached, mtx::secret_storage::secrets::megolm_backup_v1);
}

7
src/UserSettingsPage.h
Unescape View File

@ -253,6 +253,9 @@ signals:
void themeChanged();
void decryptSidebarChanged();
public slots:
void updateSecretStatus();
private slots:
void importSessionKeys();
void exportSessionKeys();
@ -285,6 +288,10 @@ private:
Toggle *mobileMode_;
QLabel *deviceFingerprintValue_;
QLabel *deviceIdValue_;
QLabel *backupSecretCached;
QLabel *masterSecretCached;
QLabel *selfSigningSecretCached;
QLabel *userSigningSecretCached;
QComboBox *themeCombo_;
QComboBox *scaleFactorCombo_;

5
src/Utils.cpp
Unescape View File

@ -54,8 +54,9 @@ bool
utils::codepointIsEmoji(uint code)
{
// TODO: Be more precise here.
return (code >= 0x2600 && code <= 0x27bf) || (code >= 0x1f300 && code <= 0x1f3ff) ||
(code >= 0x1f000 && code <= 0x1faff);
return (code >= 0x2600 && code <= 0x27bf) || (code >= 0x2b00 && code <= 0x2bff) ||
(code >= 0x1f300 && code <= 0x1f3ff) || (code >= 0x1f000 && code <= 0x1faff) ||
code == 0x200d;
}
QString

7
src/timeline/TimelineViewManager.h
Unescape View File

@ -51,7 +51,12 @@ public:
void sync(const mtx::responses::Rooms &rooms);
void addRoom(const QString &room_id);
void clearAll() { models.clear(); }
void clearAll()
{
timeline_ = nullptr;
emit activeTimelineChanged(nullptr);
models.clear();
}
Q_INVOKABLE TimelineModel *activeTimeline() const { return timeline_; }
Q_INVOKABLE bool isInitialSync() const { return isInitialSync_; }

Write Preview
Loading…
Cancel
Save