Mercurial > libervia-backend
annotate src/plugins/plugin_sec_otr.py @ 1135:3158f9e08760
plugin OTR: a warning is logged when Account is instancied with a bare jid.
author | Goffi <goffi@goffi.org> |
---|---|
date | Mon, 25 Aug 2014 21:32:23 +0200 |
parents | 8def4a3f55c2 |
children | ea2bbdf5b541 |
rev | line source |
---|---|
1055 | 1 #!/usr/bin/python |
2 # -*- coding: utf-8 -*- | |
3 | |
4 # SAT plugin for OTR encryption | |
5 # Copyright (C) 2009, 2010, 2011, 2012, 2013, 2014 Jérôme Poisson (goffi@goffi.org) | |
6 | |
7 # This program is free software: you can redistribute it and/or modify | |
8 # it under the terms of the GNU Affero General Public License as published by | |
9 # the Free Software Foundation, either version 3 of the License, or | |
10 # (at your option) any later version. | |
11 | |
12 # This program is distributed in the hope that it will be useful, | |
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
15 # GNU Affero General Public License for more details. | |
16 | |
17 # You should have received a copy of the GNU Affero General Public License | |
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. | |
19 | |
20 # XXX: thanks to Darrik L Mazey for his documentation (https://blog.darmasoft.net/2013/06/30/using-pure-python-otr.html) | |
21 # this implentation is based on it | |
22 | |
23 from sat.core.i18n import _ | |
24 from sat.core.log import getLogger | |
25 from sat.core import exceptions | |
26 log = getLogger(__name__) | |
27 from twisted.words.protocols.jabber import jid | |
28 from twisted.python import failure | |
1095 | 29 from twisted.internet import defer |
1055 | 30 import potr |
1095 | 31 from sat.memory import persistent |
32 | |
33 NS_OTR = "otr_plugin" | |
34 PRIVATE_KEY = "PRIVATE KEY" | |
1055 | 35 |
36 DEFAULT_POLICY_FLAGS = { | |
37 'ALLOW_V1':False, | |
38 'ALLOW_V2':True, | |
39 'REQUIRE_ENCRYPTION':True, | |
40 } | |
41 | |
42 PLUGIN_INFO = { | |
43 "name": "OTR", | |
44 "import_name": "OTR", | |
45 "type": "SEC", | |
46 "protocols": [], | |
47 "dependencies": [], | |
48 "main": "OTR", | |
49 "handler": "no", | |
50 "description": _("""Implementation of OTR""") | |
51 } | |
52 | |
53 | |
54 class Context(potr.context.Context): | |
55 | |
1095 | 56 def __init__(self, host, account, other_jid): |
57 super(Context, self).__init__(account, other_jid) | |
1055 | 58 self.host = host |
59 | |
60 def getPolicy(self, key): | |
61 if key in DEFAULT_POLICY_FLAGS: | |
62 return DEFAULT_POLICY_FLAGS[key] | |
63 else: | |
64 return False | |
65 | |
1095 | 66 def inject(self, msg_str, appdata=None): |
67 assert isinstance(self.peer, jid.JID) | |
68 msg = msg_str.decode('utf-8') | |
69 client = self.user.client | |
70 log.debug(u'inject(%s, appdata=%s, to=%s)' % (msg, appdata, self.peer)) | |
1055 | 71 mess_data = {'message': msg, |
72 'type': 'chat', | |
73 'from': client.jid, | |
1095 | 74 'to': self.peer, |
1055 | 75 'subject': None, |
76 } | |
77 self.host.generateMessageXML(mess_data) | |
78 client.xmlstream.send(mess_data['xml']) | |
79 | |
80 def setState(self, state): | |
1095 | 81 old_state = self.state |
1055 | 82 super(Context, self).setState(state) |
1135
3158f9e08760
plugin OTR: a warning is logged when Account is instancied with a bare jid.
Goffi <goffi@goffi.org>
parents:
1134
diff
changeset
|
83 log.debug(u"setState: %s (old_state=%s)" % (state, old_state)) |
1095 | 84 |
85 if state == potr.context.STATE_PLAINTEXT: | |
86 feedback = _(u"/!\\ conversation with %(other_jid)s is now UNENCRYPTED") % {'other_jid': self.peer.full()} | |
87 elif state == potr.context.STATE_ENCRYPTED: | |
88 try: | |
89 fingerprint, trusted = self.getCurrentTrust() | |
90 except TypeError: | |
91 trusted = False | |
92 trusted_str = _(u"trusted") if trusted else _(u"untrusted") | |
93 | |
94 if old_state == potr.context.STATE_ENCRYPTED: | |
95 feedback = _(u"%(trusted)s OTR conversation with %(other_jid)s REFRESHED") % {'trusted': trusted_str, 'other_jid': self.peer.full()} | |
96 else: | |
97 feedback = _(u"%(trusted)s Encrypted OTR conversation started with %(other_jid)s") % {'trusted': trusted_str, 'other_jid': self.peer.full()} | |
98 elif state == potr.context.STATE_FINISHED: | |
99 feedback = _(u"OTR conversation with %(other_jid)s is FINISHED") % {'other_jid': self.peer.full()} | |
100 else: | |
101 log.error(_(u"Unknown OTR state")) | |
102 return | |
103 | |
104 client = self.user.client | |
105 # FIXME: newMessage should manage system message, so they don't appear as coming from the contact | |
106 self.host.bridge.newMessage(client.jid.full(), | |
107 feedback, | |
108 mess_type="headline", | |
109 to_jid=self.peer.full(), | |
110 extra={}, | |
111 profile=client.profile) | |
112 # TODO: send signal to frontends | |
1055 | 113 |
114 | |
115 class Account(potr.context.Account): | |
116 | |
1095 | 117 def __init__(self, host, client): |
118 log.debug(u"new account: %s" % client.jid) | |
1135
3158f9e08760
plugin OTR: a warning is logged when Account is instancied with a bare jid.
Goffi <goffi@goffi.org>
parents:
1134
diff
changeset
|
119 if not client.jid.resource: |
3158f9e08760
plugin OTR: a warning is logged when Account is instancied with a bare jid.
Goffi <goffi@goffi.org>
parents:
1134
diff
changeset
|
120 log.warning("Account created without resource") |
3158f9e08760
plugin OTR: a warning is logged when Account is instancied with a bare jid.
Goffi <goffi@goffi.org>
parents:
1134
diff
changeset
|
121 super(Account, self).__init__(unicode(client.jid), "xmpp", 1024) |
1095 | 122 self.host = host |
123 self.client = client | |
1055 | 124 |
125 def loadPrivkey(self): | |
1095 | 126 log.debug(u"loadPrivkey") |
127 return self.client.otr_priv_key | |
1055 | 128 |
129 def savePrivkey(self): | |
1095 | 130 log.debug(u"savePrivkey") |
131 priv_key = self.getPrivkey().serializePrivateKey() | |
132 d = self.host.memory.encryptValue(priv_key, self.client.profile) | |
133 def save_encrypted_key(encrypted_priv_key): | |
134 self.client.otr_data[PRIVATE_KEY] = encrypted_priv_key | |
135 d.addCallback(save_encrypted_key) | |
1055 | 136 |
137 | |
138 class ContextManager(object): | |
139 | |
140 def __init__(self, host, client): | |
141 self.host = host | |
1095 | 142 self.account = Account(host, client) |
1055 | 143 self.contexts = {} |
144 | |
1095 | 145 def startContext(self, other_jid): |
146 assert isinstance(other_jid, jid.JID) | |
147 context = self.contexts.setdefault(other_jid, Context(self.host, self.account, other_jid)) | |
148 return context | |
1055 | 149 |
150 def getContextForUser(self, other): | |
1095 | 151 log.debug(u"getContextForUser [%s]" % other) |
1135
3158f9e08760
plugin OTR: a warning is logged when Account is instancied with a bare jid.
Goffi <goffi@goffi.org>
parents:
1134
diff
changeset
|
152 if not other.resource: |
3158f9e08760
plugin OTR: a warning is logged when Account is instancied with a bare jid.
Goffi <goffi@goffi.org>
parents:
1134
diff
changeset
|
153 log.warning("getContextForUser called with a bare jid") |
1055 | 154 return self.startContext(other) |
155 | |
156 | |
157 class OTR(object): | |
158 | |
159 def __init__(self, host): | |
1095 | 160 log.info(_(u"OTR plugin initialization")) |
1134
8def4a3f55c2
plugin OTR: temporary potr monkey patch to work around a unicode bug, to be removed as soon as a potr fixed version is released (potr maintainer should do it soon)
Goffi <goffi@goffi.org>
parents:
1095
diff
changeset
|
161 self._fixPotr() # FIXME: to be removed when potr will be fixed |
1055 | 162 self.host = host |
163 self.context_managers = {} | |
164 host.trigger.add("MessageReceived", self.MessageReceivedTrigger, priority=100000) | |
165 host.trigger.add("sendMessage", self.sendMessageTrigger, priority=100000) | |
166 | |
1134
8def4a3f55c2
plugin OTR: temporary potr monkey patch to work around a unicode bug, to be removed as soon as a potr fixed version is released (potr maintainer should do it soon)
Goffi <goffi@goffi.org>
parents:
1095
diff
changeset
|
167 def _fixPotr(self): |
8def4a3f55c2
plugin OTR: temporary potr monkey patch to work around a unicode bug, to be removed as soon as a potr fixed version is released (potr maintainer should do it soon)
Goffi <goffi@goffi.org>
parents:
1095
diff
changeset
|
168 # FIXME: potr fix for bad unicode handling |
8def4a3f55c2
plugin OTR: temporary potr monkey patch to work around a unicode bug, to be removed as soon as a potr fixed version is released (potr maintainer should do it soon)
Goffi <goffi@goffi.org>
parents:
1095
diff
changeset
|
169 # this method monkeypatch it, must be removed when potr |
8def4a3f55c2
plugin OTR: temporary potr monkey patch to work around a unicode bug, to be removed as soon as a potr fixed version is released (potr maintainer should do it soon)
Goffi <goffi@goffi.org>
parents:
1095
diff
changeset
|
170 # is fixed |
8def4a3f55c2
plugin OTR: temporary potr monkey patch to work around a unicode bug, to be removed as soon as a potr fixed version is released (potr maintainer should do it soon)
Goffi <goffi@goffi.org>
parents:
1095
diff
changeset
|
171 |
8def4a3f55c2
plugin OTR: temporary potr monkey patch to work around a unicode bug, to be removed as soon as a potr fixed version is released (potr maintainer should do it soon)
Goffi <goffi@goffi.org>
parents:
1095
diff
changeset
|
172 def getDefaultQueryMessage(self, policy): |
8def4a3f55c2
plugin OTR: temporary potr monkey patch to work around a unicode bug, to be removed as soon as a potr fixed version is released (potr maintainer should do it soon)
Goffi <goffi@goffi.org>
parents:
1095
diff
changeset
|
173 defaultQuery = '?OTRv{versions}?\nI would like to start ' \ |
8def4a3f55c2
plugin OTR: temporary potr monkey patch to work around a unicode bug, to be removed as soon as a potr fixed version is released (potr maintainer should do it soon)
Goffi <goffi@goffi.org>
parents:
1095
diff
changeset
|
174 'an Off-the-Record private conversation. However, you ' \ |
8def4a3f55c2
plugin OTR: temporary potr monkey patch to work around a unicode bug, to be removed as soon as a potr fixed version is released (potr maintainer should do it soon)
Goffi <goffi@goffi.org>
parents:
1095
diff
changeset
|
175 'do not have a plugin to support that.\nSee '\ |
8def4a3f55c2
plugin OTR: temporary potr monkey patch to work around a unicode bug, to be removed as soon as a potr fixed version is released (potr maintainer should do it soon)
Goffi <goffi@goffi.org>
parents:
1095
diff
changeset
|
176 'https://otr.cypherpunks.ca/ for more information.' |
8def4a3f55c2
plugin OTR: temporary potr monkey patch to work around a unicode bug, to be removed as soon as a potr fixed version is released (potr maintainer should do it soon)
Goffi <goffi@goffi.org>
parents:
1095
diff
changeset
|
177 v = '2' if policy('ALLOW_V2') else '' |
8def4a3f55c2
plugin OTR: temporary potr monkey patch to work around a unicode bug, to be removed as soon as a potr fixed version is released (potr maintainer should do it soon)
Goffi <goffi@goffi.org>
parents:
1095
diff
changeset
|
178 msg = defaultQuery.format(versions=v) |
8def4a3f55c2
plugin OTR: temporary potr monkey patch to work around a unicode bug, to be removed as soon as a potr fixed version is released (potr maintainer should do it soon)
Goffi <goffi@goffi.org>
parents:
1095
diff
changeset
|
179 return msg.encode('ascii') |
8def4a3f55c2
plugin OTR: temporary potr monkey patch to work around a unicode bug, to be removed as soon as a potr fixed version is released (potr maintainer should do it soon)
Goffi <goffi@goffi.org>
parents:
1095
diff
changeset
|
180 |
8def4a3f55c2
plugin OTR: temporary potr monkey patch to work around a unicode bug, to be removed as soon as a potr fixed version is released (potr maintainer should do it soon)
Goffi <goffi@goffi.org>
parents:
1095
diff
changeset
|
181 potr.context.Account.getDefaultQueryMessage = getDefaultQueryMessage |
8def4a3f55c2
plugin OTR: temporary potr monkey patch to work around a unicode bug, to be removed as soon as a potr fixed version is released (potr maintainer should do it soon)
Goffi <goffi@goffi.org>
parents:
1095
diff
changeset
|
182 |
1095 | 183 @defer.inlineCallbacks |
1055 | 184 def profileConnected(self, profile): |
185 client = self.host.getClient(profile) | |
186 self.context_managers[profile] = ContextManager(self.host, client) | |
1095 | 187 client.otr_data = persistent.PersistentBinaryDict(NS_OTR, profile) |
188 yield client.otr_data.load() | |
189 encrypted_priv_key = client.otr_data.get(PRIVATE_KEY, None) | |
190 if encrypted_priv_key is not None: | |
191 priv_key = yield self.host.memory.decryptValue(encrypted_priv_key, profile) | |
192 client.otr_priv_key = potr.crypt.PK.parsePrivateKey(priv_key)[0] | |
193 else: | |
194 client.otr_priv_key = None | |
1055 | 195 |
196 def _receivedTreatment(self, data, profile): | |
197 from_jid = jid.JID(data['from']) | |
1095 | 198 log.debug(u"_receivedTreatment [from_jid = %s]" % from_jid) |
1055 | 199 otrctx = self.context_managers[profile].getContextForUser(from_jid) |
1095 | 200 encrypted = True |
1055 | 201 |
202 try: | |
1095 | 203 res = otrctx.receiveMessage(data['body'].encode('utf-8')) |
1055 | 204 except potr.context.UnencryptedMessage: |
1095 | 205 if otrctx.state == potr.context.STATE_ENCRYPTED: |
206 log.warning(u"Received unencrypted message in an encrypted context (from %(jid)s)" % {'jid': from_jid.full()}) | |
207 client = self.host.getClient(profile) | |
208 self.host.bridge.newMessage(from_jid.full(), | |
209 _(u"WARNING: received unencrypted data in a supposedly encrypted context"), | |
210 mess_type="headline", # FIXME: add message type for internal informations | |
211 to_jid=client.jid.full(), | |
212 extra={}, | |
213 profile=client.profile) | |
1055 | 214 encrypted = False |
215 | |
1095 | 216 if not encrypted: |
1055 | 217 return data |
218 else: | |
219 if res[0] != None: | |
220 # decrypted messages handling. | |
221 # receiveMessage() will return a tuple, the first part of which will be the decrypted message | |
222 data['body'] = res[0].decode('utf-8') | |
223 raise failure.Failure(exceptions.SkipHistory()) # we send the decrypted message to frontends, but we don't want it in history | |
224 else: | |
225 raise failure.Failure(exceptions.CancelError()) # no message at all (no history, no signal) | |
226 | |
227 def MessageReceivedTrigger(self, message, post_treat, profile): | |
228 post_treat.addCallback(self._receivedTreatment, profile) | |
229 return True | |
230 | |
231 def sendMessageTrigger(self, mess_data, pre_xml_treatments, post_xml_treatments, profile): | |
232 to_jid = mess_data['to'] | |
233 if mess_data['type'] != 'groupchat' and not to_jid.resource: | |
234 to_jid.resource = self.host.memory.getLastResource(to_jid, profile) # FIXME: it's dirty, but frontends don't manage resources correctly now, refactoring is planed | |
235 otrctx = self.context_managers[profile].getContextForUser(to_jid) | |
236 if mess_data['type'] != 'groupchat' and otrctx.state == potr.context.STATE_ENCRYPTED: | |
1095 | 237 log.debug(u"encrypting message") |
238 otrctx.sendMessage(0, mess_data['message'].encode('utf-8')) | |
1055 | 239 client = self.host.getClient(profile) |
240 self.host.sendMessageToBridge(mess_data, client) | |
241 return False | |
242 else: | |
1095 | 243 log.debug(u"sending message unencrypted") |
1055 | 244 return True |
245 |