rnhmjoj
/
nheko
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Show verification status next to messages

master
Nicolas Werner 2021-05-07 12:19:46 +02:00
parent 7333de19da
commit 0d0709ccd3
No known key found for this signature in database
GPG Key ID: C8D75E610773F2D9
14 changed files with 108 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CMakeLists.txt
View File

@ -526,6 +526,7 @@ qt5_wrap_cpp(MOC_HEADERS
src/AvatarProvider.h
src/BlurhashProvider.h
src/Cache_p.h
src/CacheCryptoStructs.h
src/CallDevices.h
src/CallManager.h
src/ChatPage.h

29
resources/qml/EncryptionIndicator.qml
View File

@ -10,17 +10,38 @@ Image {
id: stateImg
property bool encrypted: false
property int trust: Crypto.Unverified
width: 16
height: 16
source: {
if (encrypted)
return "image://colorimage/:/icons/icons/ui/lock.png?" + colors.buttonText;
else
if (encrypted) {
switch (trust) {
case Crypto.Verified:
return "image://colorimage/:/icons/icons/ui/lock.png?green";
case Crypto.TOFU:
return "image://colorimage/:/icons/icons/ui/lock.png?" + colors.buttonText;
default:
return "image://colorimage/:/icons/icons/ui/lock.png?#dd3d3d";
}
} else {
return "image://colorimage/:/icons/icons/ui/unlock.png?#dd3d3d";
}
}
ToolTip.visible: ma.hovered
ToolTip.text: encrypted ? qsTr("Encrypted") : qsTr("This message is not encrypted!")
ToolTip.text: {
if (!encrypted)
return qsTr("This message is not encrypted!");
switch (trust) {
case Crypto.Verified:
return qsTr("Encrypted by a verified device");
case Crypto.TOFU:
return qsTr("Encrypted by an unverified device, but you have trusted that user so far.");
default:
return qsTr("Encrypted by an unverified device");
}
}
HoverHandler {
id: ma

1
resources/qml/TimelineRow.qml
View File

@ -86,6 +86,7 @@ Item {
EncryptionIndicator {
visible: model.isRoomEncrypted
encrypted: model.isEncrypted
trust: model.trustlevel
Layout.alignment: Qt.AlignRight | Qt.AlignTop
Layout.preferredHeight: 16
Layout.preferredWidth: 16

8
resources/qml/UserProfile.qml
View File

@ -137,16 +137,16 @@ ApplicationWindow {
text: qsTr("Verify")
Layout.alignment: Qt.AlignHCenter
enabled: !profile.isUserVerified
visible: !profile.isUserVerified && !profile.isSelf && profile.userVerificationEnabled
enabled: profile.userVerified != Crypto.Verified
visible: profile.userVerified != Crypto.Verified && !profile.isSelf && profile.userVerificationEnabled
onClicked: profile.verify()
}
Image {
Layout.preferredHeight: 16
Layout.preferredWidth: 16
source: "image://colorimage/:/icons/icons/ui/lock.png?green"
visible: profile.isUserVerified
source: "image://colorimage/:/icons/icons/ui/lock.png?" + ((profile.userVerified == Crypto.Verified) ? "green" : colors.buttonText)
visible: profile.userVerified != Crypto.Unverified
Layout.alignment: Qt.AlignHCenter
}

21
src/Cache.cpp
View File

@ -3666,8 +3666,11 @@ Cache::verificationStatus(const std::string &user_id)
const auto local_user = utils::localUser().toStdString();
if (user_id == local_user)
crypto::Trust trustlevel = crypto::Trust::Unverified;
if (user_id == local_user) {
status.verified_devices.push_back(http::client()->device_id());
trustlevel = crypto::Trust::Verified;
}
verification_storage.status[user_id] = status;
@ -3723,16 +3726,24 @@ Cache::verificationStatus(const std::string &user_id)
master_keys = theirKeys->master_keys.keys;
}
status.user_verified = true;
trustlevel = crypto::Trust::Verified;
status.user_verified = crypto::Trust::Verified;
if (!verifyAtLeastOneSig(theirKeys->self_signing_keys, master_keys, user_id))
return status;
for (const auto &[device, device_key] : theirKeys->device_keys) {
(void)device;
if (verifyAtLeastOneSig(
device_key, theirKeys->self_signing_keys.keys, user_id))
status.verified_devices.push_back(device_key.device_id);
try {
auto identkey =
device_key.keys.at("curve25519:" + device_key.device_id);
if (verifyAtLeastOneSig(
device_key, theirKeys->self_signing_keys.keys, user_id)) {
status.verified_devices.push_back(device_key.device_id);
status.verified_device_keys[identkey] = trustlevel;
}
} catch (...) {
}
}
verification_storage.status[user_id] = status;

20
src/CacheCryptoStructs.h
View File

@ -4,12 +4,28 @@
#pragma once
#include <QObject>
#include <map>
#include <mutex>
#include <mtx/events/encrypted.hpp>
#include <mtx/responses/crypto.hpp>
#include <mtxclient/crypto/objects.hpp>
namespace crypto {
Q_NAMESPACE
//! How much a participant is trusted.
enum Trust
{
Unverified, //! Device unverified or master key changed.
TOFU, //! Device is signed by the sender, but the user is not verified, but they never
//! changed the master key.
Verified, //! User was verified and has crosssigned this device or device is verified.
};
Q_ENUM_NS(Trust)
}
struct DeviceAndMasterKeys
{
// map from device id or master key id to message_index
@ -87,9 +103,11 @@ from_json(const nlohmann::json &obj, StoredOlmSession &msg);
struct VerificationStatus
{
//! True, if the users master key is verified
bool user_verified = false;
crypto::Trust user_verified = crypto::Trust::Unverified;
//! List of all devices marked as verified
std::vector<std::string> verified_devices;
//! Map from sender key/curve25519 to trust status
std::map<std::string, crypto::Trust> verified_device_keys;
};
//! In memory cache of verification status

2
src/DeviceVerificationFlow.cpp
View File

@ -78,7 +78,7 @@ DeviceVerificationFlow::DeviceVerificationFlow(QObject *,
if (auto status =
cache::verificationStatus(http::client()->user_id().to_string());
status && status->user_verified)
status && status->user_verified == crypto::Trust::Verified)
this->our_trusted_master_key = res.master_keys.keys.begin()->second;
});

12
src/Olm.cpp
View File

@ -939,7 +939,6 @@ decryptEvent(const MegolmSessionIndex &index,
}
// TODO: Lookup index,event_id,origin_server_ts tuple for replay attack errors
// TODO: Verify sender_key
std::string msg_str;
try {
@ -976,6 +975,17 @@ decryptEvent(const MegolmSessionIndex &index,
return {std::nullopt, std::nullopt, std::move(te.data)};
}
crypto::Trust
calculate_trust(const std::string &user_id, const std::string &curve25519)
{
auto status = cache::client()->verificationStatus(user_id);
crypto::Trust trustlevel = crypto::Trust::Unverified;
if (status.verified_device_keys.count(curve25519))
trustlevel = status.verified_device_keys.at(curve25519);
return trustlevel;
}
//! Send encrypted to device messages, targets is a map from userid to device ids or {} for all
//! devices
void

3
src/Olm.h
View File

@ -34,6 +34,7 @@ struct DecryptionResult
{
std::optional<DecryptionErrorCode> error;
std::optional<std::string> error_message;
std::optional<mtx::events::collections::TimelineEvents> event;
};
@ -83,6 +84,8 @@ encrypt_group_message(const std::string &room_id,
DecryptionResult
decryptEvent(const MegolmSessionIndex &index,
const mtx::events::EncryptedEvent<mtx::events::msg::Encrypted> &event);
crypto::Trust
calculate_trust(const std::string &user_id, const std::string &curve25519);
void
mark_keys_as_published();

16
src/timeline/TimelineModel.cpp
View File

@ -407,6 +407,7 @@ TimelineModel::roleNames() const
{IsEdited, "isEdited"},
{IsEditable, "isEditable"},
{IsEncrypted, "isEncrypted"},
{Trustlevel, "trustlevel"},
{IsRoomEncrypted, "isRoomEncrypted"},
{ReplyTo, "replyTo"},
{Reactions, "reactions"},
@ -575,6 +576,21 @@ TimelineModel::data(const mtx::events::collections::TimelineEvents &event, int r
mtx::events::EncryptedEvent<mtx::events::msg::Encrypted>>(
*encrypted_event);
}
case Trustlevel: {
auto id = event_id(event);
auto encrypted_event = events.get(id, id, false);
if (encrypted_event) {
if (auto encrypted =
std::get_if<mtx::events::EncryptedEvent<mtx::events::msg::Encrypted>>(
&*encrypted_event)) {
return olm::calculate_trust(encrypted->sender,
encrypted->content.sender_key);
}
}
return crypto::Trust::Unverified;
}
case IsRoomEncrypted: {
return cache::isRoomEncrypted(room_id_.toStdString());
}

1
src/timeline/TimelineModel.h
View File

@ -196,6 +196,7 @@ public:
IsEdited,
IsEditable,
IsEncrypted,
Trustlevel,
IsRoomEncrypted,
ReplyTo,
Reactions,

2
src/timeline/TimelineViewManager.cpp
View File

@ -164,6 +164,8 @@ TimelineViewManager::TimelineViewManager(CallManager *callManager, ChatPage *par
0,
"MtxEvent",
"Can't instantiate enum!");
qmlRegisterUncreatableMetaObject(
crypto::staticMetaObject, "im.nheko", 1, 0, "Crypto", "Can't instantiate enum!");
qmlRegisterUncreatableMetaObject(verification::staticMetaObject,
"im.nheko",
1,

2
src/ui/UserProfile.cpp
View File

@ -135,7 +135,7 @@ UserProfile::isGlobalUserProfile() const
return roomid_ == "";
}
bool
crypto::Trust
UserProfile::getUserStatus()
{
return isUserVerified;

12
src/ui/UserProfile.h
View File

@ -11,6 +11,8 @@
#include <mtx/responses.hpp>
#include <mtx/responses/common.hpp>
#include "CacheCryptoStructs.h"
namespace verification {
Q_NAMESPACE
@ -90,7 +92,7 @@ class UserProfile : public QObject
Q_PROPERTY(QString avatarUrl READ avatarUrl NOTIFY avatarUrlChanged)
Q_PROPERTY(DeviceInfoModel *deviceList READ deviceList CONSTANT)
Q_PROPERTY(bool isGlobalUserProfile READ isGlobalUserProfile CONSTANT)
Q_PROPERTY(bool isUserVerified READ getUserStatus NOTIFY userStatusChanged)
Q_PROPERTY(int userVerified READ getUserStatus NOTIFY userStatusChanged)
Q_PROPERTY(bool isLoading READ isLoading NOTIFY loadingChanged)
Q_PROPERTY(
bool userVerificationEnabled READ userVerificationEnabled NOTIFY userStatusChanged)
@ -108,7 +110,7 @@ public:
QString displayName();
QString avatarUrl();
bool isGlobalUserProfile() const;
bool getUserStatus();
crypto::Trust getUserStatus();
bool userVerificationEnabled() const;
bool isSelf() const;
bool isLoading() const;
@ -147,9 +149,9 @@ private:
QString globalUsername;
QString globalAvatarUrl;
DeviceInfoModel deviceList_;
bool isUserVerified = false;
bool hasMasterKey = false;
bool isLoading_ = false;
crypto::Trust isUserVerified = crypto::Trust::Unverified;
bool hasMasterKey = false;
bool isLoading_ = false;
TimelineViewManager *manager;
TimelineModel *model;
};