diff options
| author | Melvin Keskin <melvo@olomono.de> | 2021-09-17 01:38:29 +0200 |
|---|---|---|
| committer | Linus Jahn <lnj@kaidan.im> | 2021-09-25 15:51:01 +0200 |
| commit | effe99a4c0006cf159ab7342cc27b13c2d1cf2e6 (patch) | |
| tree | d04778225074c7c7788e4b0e29d71d2ec245da85 | |
| parent | d071f033c8298fb159eb8f2fb24462e4d0371dc4 (diff) | |
| download | qxmpp-effe99a4c0006cf159ab7342cc27b13c2d1cf2e6.tar.gz | |
AtmManager: Use security policies
| -rw-r--r-- | src/client/QXmppAtmManager.cpp | 20 | ||||
| -rw-r--r-- | tests/qxmppatmmanager/tst_qxmppatmmanager.cpp | 73 |
2 files changed, 75 insertions, 18 deletions
diff --git a/src/client/QXmppAtmManager.cpp b/src/client/QXmppAtmManager.cpp index df3b1350..fb14aec0 100644 --- a/src/client/QXmppAtmManager.cpp +++ b/src/client/QXmppAtmManager.cpp @@ -52,6 +52,13 @@ using namespace QXmpp::Private; /// QXmppTrustStorage *trustStorage = new QXmppTrustMemoryStorage; /// \endcode /// +/// You can set a security policy used by ATM via the trust manager. +/// Is is recommended to apply TOAKAFA for good security and usability when +/// using \xep{0384, OMEMO Encryption}: +/// \code +/// trustStorage->setSecurityPolicy("urn:xmpp:omemo:1", QXmppTrustStorage::Toakafa); +/// \endcode +/// /// Afterwards, this manager must be added with the storage: /// \code /// QXmppAtmManager *manager = new QXmppAtmManager(trustStorage); @@ -402,13 +409,20 @@ QFuture<void> QXmppAtmManager::authenticate(const QString &encryption, const QMu } else { auto future = m_trustStorage->setTrustLevel(encryption, keyIds, QXmppTrustStorage::Authenticated); await(future, this, [=]() { - auto future = distrustAutomaticallyTrustedKeys(encryption, keyIds.uniqueKeys()); - await(future, this, [=]() { + if (m_trustStorage->securityPolicy(encryption) == QXmppTrustStorage::Toakafa) { + auto future = distrustAutomaticallyTrustedKeys(encryption, keyIds.uniqueKeys()); + await(future, this, [=]() { + auto future = makePostponedTrustDecisions(encryption, keyIds.values()); + await(future, this, [=]() { + interface->reportFinished(); + }); + }); + } else { auto future = makePostponedTrustDecisions(encryption, keyIds.values()); await(future, this, [=]() { interface->reportFinished(); }); - }); + } }); } diff --git a/tests/qxmppatmmanager/tst_qxmppatmmanager.cpp b/tests/qxmppatmmanager/tst_qxmppatmmanager.cpp index ab6071b3..db39c2f8 100644 --- a/tests/qxmppatmmanager/tst_qxmppatmmanager.cpp +++ b/tests/qxmppatmmanager/tst_qxmppatmmanager.cpp @@ -52,6 +52,7 @@ private slots: void testMakePostponedTrustDecisions(); void testDistrustAutomaticallyTrustedKeys(); void testDistrust(); + void testAuthenticate_data(); void testAuthenticate(); void testMakeTrustDecisions(); void testHandleMessage_data(); @@ -448,10 +449,24 @@ void tst_QXmppAtmManager::testDistrust() distrustedKeys) })); } +void tst_QXmppAtmManager::testAuthenticate_data() +{ + QTest::addColumn<QXmppTrustStorage::SecurityPolicy>("securityPolicy"); + + QTest::newRow("noSecurityPolicy") + << QXmppTrustStorage::NoSecurityPolicy; + + QTest::newRow("toakafa") + << QXmppTrustStorage::Toakafa; +} + void tst_QXmppAtmManager::testAuthenticate() { clearTrustStorage(); + QFETCH(QXmppTrustStorage::SecurityPolicy, securityPolicy); + m_trustStorage->setSecurityPolicies(ns_omemo, securityPolicy); + QMultiHash<QString, QString> authenticatedKeys = { { QStringLiteral("alice@example.org"), QStringLiteral("ad020bd9a95bb924758b4e84640a75b99f37f3351e120188ab6c21c2edecf998") }, { QStringLiteral("carol@example.net"), @@ -615,25 +630,53 @@ void tst_QXmppAtmManager::testAuthenticate() { QStringLiteral("carol@example.net"), QStringLiteral("f82419945cb175e4c681b3dbcbb62fbd94f760855c222fb513c3799d273a4130") } }; - automaticallyDistrustedKeys = { { QStringLiteral("alice@example.org"), - QStringLiteral("b5fb24aee735c5c7c2f952b3baabcb65425565c7195ff3e0e63f3cba4a6e6363") }, - { QStringLiteral("bob@example.com"), - QStringLiteral("fddaafd3e44dc8520f74c42227b99210958a544c45794044bd35f13ada883038") } }; + if (securityPolicy == QXmppTrustStorage::NoSecurityPolicy) { + automaticallyDistrustedKeys = { { QStringLiteral("alice@example.org"), + QStringLiteral("b5fb24aee735c5c7c2f952b3baabcb65425565c7195ff3e0e63f3cba4a6e6363") } }; + + automaticallyTrustedKeys = { { QStringLiteral("bob@example.com"), + QStringLiteral("fddaafd3e44dc8520f74c42227b99210958a544c45794044bd35f13ada883038") } }; + } else if (securityPolicy == QXmppTrustStorage::Toakafa) { + automaticallyDistrustedKeys = { { QStringLiteral("alice@example.org"), + QStringLiteral("b5fb24aee735c5c7c2f952b3baabcb65425565c7195ff3e0e63f3cba4a6e6363") }, + { QStringLiteral("bob@example.com"), + QStringLiteral("fddaafd3e44dc8520f74c42227b99210958a544c45794044bd35f13ada883038") } }; + } future = m_trustStorage->keys(ns_omemo); QVERIFY(future.isFinished()); result = future.result(); - QCOMPARE( - result, - QHash({ std::pair( - QXmppTrustStorage::Authenticated, - authenticatedKeys), - std::pair( - QXmppTrustStorage::ManuallyDistrusted, - manuallyDistrustedKeys), - std::pair( - QXmppTrustStorage::AutomaticallyDistrusted, - automaticallyDistrustedKeys) })); + switch (securityPolicy) { + case QXmppTrustStorage::NoSecurityPolicy: + QCOMPARE( + result, + QHash({ std::pair( + QXmppTrustStorage::Authenticated, + authenticatedKeys), + std::pair( + QXmppTrustStorage::AutomaticallyTrusted, + automaticallyTrustedKeys), + std::pair( + QXmppTrustStorage::ManuallyDistrusted, + manuallyDistrustedKeys), + std::pair( + QXmppTrustStorage::AutomaticallyDistrusted, + automaticallyDistrustedKeys) })); + break; + case QXmppTrustStorage::Toakafa: + QCOMPARE( + result, + QHash({ std::pair( + QXmppTrustStorage::Authenticated, + authenticatedKeys), + std::pair( + QXmppTrustStorage::ManuallyDistrusted, + manuallyDistrustedKeys), + std::pair( + QXmppTrustStorage::AutomaticallyDistrusted, + automaticallyDistrustedKeys) })); + break; + } auto futurePostponed = m_trustStorage->keysForPostponedTrustDecisions(ns_omemo, { QStringLiteral("470c88ff79bd978c208eef4976e1716f930426f04d4437cf7e8d44c219750c42"), |