# HG changeset patch # User Goffi # Date 1576841281 -3600 # Node ID c048fc192739707edbc4812f65e52da724752b9e # Parent ffcdd93b61faeeab7217987f98f14506f6d66bce plugin XEP-0384: update to latest python-omemo + better trust management: - python-omemo minimal version is now 0.11.0 - `undecided` devices are now handled, fixing the "accept all or none" issue: if a device is `undecided`, the trust manager will be shown with the missing devices before sending the message. - `untrusted` devices are discarded diff -r ffcdd93b61fa -r c048fc192739 sat/plugins/plugin_xep_0384.py --- a/sat/plugins/plugin_xep_0384.py Sat Dec 07 11:30:56 2019 +0100 +++ b/sat/plugins/plugin_xep_0384.py Fri Dec 20 12:28:01 2019 +0100 @@ -1,5 +1,4 @@ #!/usr/bin/env python3 -# -*- coding: utf-8 -*- # SAT plugin for OMEMO encryption # Copyright (C) 2009-2019 Jérôme Poisson (goffi@goffi.org) @@ -61,7 +60,7 @@ C.PI_DESCRIPTION: _("""Implementation of OMEMO"""), } -OMEMO_MIN_VER = (0, 10, 4) +OMEMO_MIN_VER = (0, 11, 0) NS_OMEMO = "eu.siacs.conversations.axolotl" NS_OMEMO_DEVICES = NS_OMEMO + ".devicelist" NS_OMEMO_BUNDLE = NS_OMEMO + ".bundles:{device_id}" @@ -360,21 +359,15 @@ ) return promise2Deferred(decrypt_mess_p) - def trust(self, bare_jid, device, key): + def setTrust(self, bare_jid, device, key, trusted): bare_jid = bare_jid.userhost() - trust_p = self._session.trust( + setTrust_p = self._session.setTrust( bare_jid=bare_jid, device=device, - key=key) - return promise2Deferred(trust_p) - - def distrust(self, bare_jid, device, key): - bare_jid = bare_jid.userhost() - distrust_p = self._session.distrust( - bare_jid=bare_jid, - device=device, - key=key) - return promise2Deferred(distrust_p) + key=key, + trusted=trusted, + ) + return promise2Deferred(setTrust_p) def getTrustForJID(self, bare_jid): bare_jid = bare_jid.userhost() @@ -418,16 +411,16 @@ continue data = trust_data[trust_id] trust = C.bool(value) - if trust: - yield session.trust(data["jid"], - data["device"], - data["ik"]) - else: - yield session.distrust(data["jid"], - data["device"], - data["ik"]) - if expect_problems is not None: - expect_problems.setdefault(data.bare_jid, set()).add(data.device) + yield session.setTrust( + data["jid"], + data["device"], + data["ik"], + trusted=trust, + ) + if not trust and expect_problems is not None: + expect_problems.setdefault(data['jid'].userhost(), set()).add( + data['device'] + ) defer.returnValue({}) @defer.inlineCallbacks @@ -807,12 +800,31 @@ This dict is updated """ # FIXME: not all problems are handled yet - untrusted = {} + undecided = {} missing_bundles = {} + found_bundles = None cache = client._xep_0384_cache for problem in problems: if isinstance(problem, omemo_excpt.TrustException): - untrusted[str(hash(problem))] = problem + if problem.problem == 'undecided': + undecided[str(hash(problem))] = problem + elif problem.problem == 'untrusted': + expect_problems.setdefault(problem.bare_jid, set()).add( + problem.device) + log.info(_( + "discarding untrusted device {device_id} with key {device_key} " + "for {entity}").format( + device_id=problem.device, + device_key=problem.ik.hex().upper(), + entity=problem.bare_jid, + ) + ) + else: + log.error( + f"Unexpected trust problem: {problem.problem!r} for device " + f"{problem.device} for {problem.bare_jid}, ignoring device") + expect_problems.setdefault(problem.bare_jid, set()).add( + problem.device) elif isinstance(problem, omemo_excpt.MissingBundleException): pb_entity = jid.JID(problem.bare_jid) entity_cache = cache.setdefault(pb_entity, {}) @@ -830,7 +842,7 @@ expect_problems.setdefault(problem.bare_jid, set()).add( problem.device) elif isinstance(problem, omemo_excpt.NoEligibleDevicesException): - if untrusted or found_bundles: + if undecided or found_bundles: # we may have new devices after this run, so let's continue for now continue else: @@ -851,9 +863,9 @@ "be readable on this/those device.").format( peer=peer_jid.full(), devices=", ".join(devices_s))) - if untrusted: + if undecided: trust_data = {} - for trust_id, data in untrusted.items(): + for trust_id, data in undecided.items(): trust_data[trust_id] = { 'jid': jid.JID(data.bare_jid), 'device': data.device, diff -r ffcdd93b61fa -r c048fc192739 setup.py --- a/setup.py Sat Dec 07 11:30:56 2019 +0100 +++ b/setup.py Fri Dec 20 12:28:01 2019 +0100 @@ -48,7 +48,7 @@ 'urwid >= 1.2.0', 'urwid-satext >= 0.7.0a2', 'wokkel >= 0.7.1', - 'omemo', + 'omemo >= 0.11.0', 'omemo-backend-signal', ]