Mercurial > libervia-backend

view sat/plugins/plugin_xep_0380.py @ 3934:e345d93fb6e5

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
plugin OXPS: OpenPGP for XMPP Pubsub implementation: OpenPGP for XMPP Pubsub (https://xmpp.org/extensions/inbox/pubsub-encryption.html, currently a protoXEP) is implemented and activated when `encrypted` is set to `True` in pubsub's `extra` data. On item retrieval, the decryption is transparent if the key is known, except if the `decrypt` key in `extra` is set to `False` (notably useful when one wants to checks that data is well encrypted). Methods and corresponding bridge methods have been implemented to manage shared secrets (to share, revoke or rotate the secrets). plugin XEP-0060's `XEP-0060_publish` trigger point as been move before actual publish so item can be modified (here e2ee) by the triggers. A new `XEP-0060_items` trigger point has also been added. `encrypted` flag can be used with plugin XEP-0277's microblog data rel 380
author Goffi <goffi@goffi.org>
date Sat, 15 Oct 2022 20:36:53 +0200
parents be6d91572633
children 524856bd7b19
line wrap: on
line source

#!/usr/bin/env python3


# SAT plugin for Explicit Message Encryption
# Copyright (C) 2009-2021 Jérôme Poisson (goffi@goffi.org)

# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.

# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.

# You should have received a copy of the GNU Affero General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

from sat.core.i18n import _, D_
from sat.core.constants import Const as C
from sat.core.log import getLogger
from twisted.words.protocols.jabber import jid

log = getLogger(__name__)

PLUGIN_INFO = {
    C.PI_NAME: "Explicit Message Encryption",
    C.PI_IMPORT_NAME: "XEP-0380",
    C.PI_TYPE: "SEC",
    C.PI_PROTOCOLS: ["XEP-0380"],
    C.PI_DEPENDENCIES: [],
    C.PI_MAIN: "XEP_0380",
    C.PI_HANDLER: "no",
    C.PI_DESCRIPTION: _("""Implementation of Explicit Message Encryption"""),
}

NS_EME = "urn:xmpp:eme:0"
KNOWN_NAMESPACES = {
    "urn:xmpp:otr:0": "OTR",
    "jabber:x:encrypted": "Legacy OpenPGP",
    "urn:xmpp:openpgp:0": "OpenPGP for XMPP",
}


class XEP_0380(object):

    def __init__(self, host):
        self.host = host
        host.trigger.add("sendMessage", self._sendMessageTrigger)
        host.trigger.add("messageReceived", self._messageReceivedTrigger, priority=100)
        host.registerNamespace("eme", NS_EME)

    def _addEMEElement(self, mess_data, namespace, name):
        message_elt = mess_data['xml']
        encryption_elt = message_elt.addElement((NS_EME, 'encryption'))
        encryption_elt['namespace'] = namespace
        if name is not None:
            encryption_elt['name'] = name
        return mess_data

    def _sendMessageTrigger(self, client, mess_data, __, post_xml_treatments):
        encryption = mess_data.get(C.MESS_KEY_ENCRYPTION)
        if encryption is not None:
            namespace = encryption['plugin'].namespace
            if namespace not in KNOWN_NAMESPACES:
                name = encryption['plugin'].name
            else:
                name = None
            post_xml_treatments.addCallback(
                self._addEMEElement, namespace=namespace, name=name)
        return True

    def _messageReceivedTrigger(self, client, message_elt, post_treat):
        try:
            encryption_elt = next(message_elt.elements(NS_EME, 'encryption'))
        except StopIteration:
            return True

        namespace = encryption_elt['namespace']
        if namespace in client.encryption.getNamespaces():
            # message is encrypted and we can decrypt it
            return True

        name = KNOWN_NAMESPACES.get(namespace, encryption_elt.getAttribute("name"))

        # at this point, message is encrypted but we know that we can't decrypt it,
        # we need to notify the user
        sender_s = message_elt['from']
        to_jid = jid.JID(message_elt['from'])
        algorithm = "{} [{}]".format(name, namespace) if name else namespace
        log.warning(
            _("Message from {sender} is encrypted with {algorithm} and we can't "
              "decrypt it.".format(sender=message_elt['from'], algorithm=algorithm)))

        user_msg = D_(
            "User {sender} sent you an encrypted message (encrypted with {algorithm}), "
            "and we can't decrypt it.").format(sender=sender_s, algorithm=algorithm)

        extra = {C.MESS_EXTRA_INFO: C.EXTRA_INFO_DECR_ERR}
        client.feedback(to_jid, user_msg, extra)
        return False