Feature/omemo

[paulfariello]

Add native support to OMEMO

TODO:

• OMEMO crypto materials generation
• send OMEMO encrypted messages
• receive OMEMO encrypted messages
• long term storage for identity keys
• add long term storage for session, {signed,}prekeys
• get rid of libsodium
• handle carbons
• handle device_list_request response
• check if prekey can be avoid while sending message
• trust key from command line
• untrust key from command line
• valgrind check
• add support for old gcm tag format parsing (not being done for now since we are not aware of any client using it)
• put gcm tag in key element (new format)
• add support for signal pre v3 encryption (not being done for now since we are not aware of any client using it)
• start session on reception of a message with prekey (and republish bundle)
• add support for libsignal 2.3.2
• muc support
• ensure MUC has the right options (nonanonymous and access to fulljid)
• Ensure PEP with bundle and device list are open (see publish option )
• Check if publish-options is supported by server before attaching such node to query
• Handle precondition-not-met error for publish-options
• add autocompletion trust command
• add autocompletion untrust command
• add a way to list trusted keys
• alert if sending message in a MUC with untrusted devices
• add visual feedback when message has been sent on MUC

To test this PR you must install:

• gcrypt
• libsignal-protocol-c (>= v2.3.1)

On first run, ensure to create OMEMO cryptographic materials:

/omemo gen

To start an omemo session you must start it twice (issue about handling device_list_request response):

/omemo start buddy@example.org

Then you must trust some fingerprint:

/omemo fingerprint
/omemo trust <fingerprint>

[kaffeekanne]

To build this PR with profanity i had to remove -Werror from EM_CF_FLAGS in configure.ac
i am no developer, how should it be actually built?

[paulfariello]

@kaffeekanne that's an issue. It should build without error. Can you provide a log of failing build?

[kaffeekanne]

Sure:

src/omemo/omemo.c: In function ‘omemo_init’:
src/omemo/omemo.c:108:30: error: initialization of ‘int (*)(signal_buffer **, signal_buffer **, const signal_protocol_address *, void *)’ {aka ‘int (*)(struct signal_buffer **, struct signal_buffer **, const struct signal_protocol_address *, void *)’} from incompatible pointer type ‘int (*)(signal_buffer **, const signal_protocol_address *, void *)’ {aka ‘int (*)(struct signal_buffer **, const struct signal_protocol_address *, void *)’} [-Werror=incompatible-pointer-types]

         .load_session_func = load_session,
                              ^~~~~~~~~~~~
src/omemo/omemo.c:108:30: note: (near initialization for ‘session_store.load_session_func’)
src/omemo/omemo.c:110:31: error: initialization of ‘int (*)(const signal_protocol_address *, uint8_t *, size_t,  uint8_t *, size_t,  void *)’ {aka ‘int (*)(const struct signal_protocol_address *, unsigned char *, long unsigned int,  unsigned char *, long unsigned int,  void *)’} from incompatible pointer type ‘int (*)(const signal_protocol_address *, uint8_t *, size_t,  void *)’int (*)(const struct signal_protocol_address *, unsigned char *, long unsigned int,  void *)’} [-Werror=incompatible-pointer-types]
         .store_session_func = store_session,
                               ^~~~~~~~~~~~~
src/omemo/omemo.c:110:31: note: (near initialization for ‘session_store.store_session_func’)
cc1: all warnings being treated as errors
make[1]: *** [Makefile:1823: src/omemo/omemo.o] Error 1
make[1]: Leaving directory '/home/ta/profanity'
make: *** [Makefile:1158: all] Error 2

Steps to reproduce:

git clone https://github.com/boothj5/profanity.git
cd profanity
git pull origin pull/1039/head
./bootstrap.sh
./configure
make

Do you set your build flags somewhere outside that configure.ac? Also i noticed libsodium is still being checked although you mention only needing libgcrypt and libsignal-protocol-c.

Also i /omemo gen does not give me any feedback and trying to start a omemo session does not work, because no crypto was generated. Any hints? I know this is alpha, but i am very interested in helping out.

[NiklausHofer]

@kaffeekanne I have observed the same behaviour with /omemo gen. You can work around this by restarting profanity after generating the keys.

[kaffeekanne]

@NiklausHofer ok, that did the trick for generation. Now i get the feedback, that everything has been created. Starting a OMEMO-Chat segfaults profanity.

[NiklausHofer]

@kaffeekanne I am getting this as well, yes. See my comment in the bug report: #658 (comment)

[paulfariello]

@kaffeekanne can you tell which version of libsignal you have? I suspect it's 2.3.2. Currently the PR only support 2.3.1.

[paulfariello]

Concerning the /omemo gen giving no feedback. I'll add this. And fix the issue of required restart after it.

[kaffeekanne]

libsignal-protocol-c is 2.3.2 using Archlinux. So every involved component should have the version of upstream.

[paulfariello]

Sadly libsignal broke the api between 2.3.1 and 2.3.2 😒

[kaffeekanne]

Building libsignal-protocol-c in version 2.3.1 results in other errors. That is somewhat out of my league. I can merely understand well written build instructions but not sort out detailed compiler errors.

[NiklausHofer]

I am using 2.3.1 (signalapp/libsignal-protocol-c@aac6c68) though and as mentioned I am also getting the segfault.

[paulfariello]

@kaffeekanne just wait monday so I can add support for 2.3.2.

@NiklausHofer yes your issue doesn't seems to be related to libsignal.

[paulfariello]

@kaffeekanne 61ec496 should add support for both 2.3.2 and 2.3.1

[paulfariello]

@NiklausHofer 35a11bf should fix your segfault.

[kaffeekanne]

I can compile with libsignal-protocol-2=2.3.2 now and don't get segfaults. But i can't establish a OMEMO-session, did /omemo start <jid>, /close, /omemo start <jid>. The recepient is using gajim, if that matters. Anything i do to analyse? Where would you want to discuss such issues @paulfariello ?

[paulfariello]

You could give a look at logs and xmlconsole.
What happens when you send a message? The other end do not receive anything?
What happens when the other end tries to send you messages? You do not see anything?
I'm using gajim for some test and have no issue with it.

I'll have to add way more logs to debug this kind of issue.

[jubalh]

I think add support for libsignal 2.3.2 is already done, right? So this can be checked off? :)

[jubalh]

Basic OMEMO functionality merged!

@paulfariello some of the tasks in the first comment are unchecked. You you reply down here which ones and why we chose to leave them out for now?

Maybe we can also create individual issues for the one that make sense.

[pasis]

Good job @paulfariello! @jubalh, sorry, I didn't have time to fully review the code. I will do it separately from the pull request.