Commit 353bdc92 authored by Matthieu Tanon's avatar Matthieu Tanon
Browse files

Add [encryption] section in config for LIMEv2 parameters

parent 56ee39a8
......@@ -113,10 +113,10 @@ BelleSipLimeManager::BelleSipLimeManager (const string &dbAccess, belle_http_pro
LimeV2::LimeV2 (const std::string &dbAccess, belle_http_provider_t *prov, LinphoneCore *lc) {
engineType = EncryptionEngineListener::EngineType::LimeV2;
curve = lime::CurveId::c25519; // c448
x3dhServerUrl = linphone_config_get_string(linphone_core_get_config(lc), "misc", "x3dh_server_url", "");
x3dhServerUrl = linphone_config_get_string(linphone_core_get_config(lc), "encryption", "x3dh_server_url", "");
_dbAccess = dbAccess;
belleSipLimeManager = unique_ptr<BelleSipLimeManager>(new BelleSipLimeManager(dbAccess, prov, lc));
lastLimeUpdate = linphone_config_get_int(lc->config, "misc", "last_lime_update_time", 0);
lastLimeUpdate = linphone_config_get_int(lc->config, "encryption", "last_lime_update_time", 0);
}
string LimeV2::getX3dhServerUrl () const {
......@@ -228,7 +228,7 @@ ChatMessageModifier::Result LimeV2::processOutgoingMessage (const shared_ptr<Cha
}
}, lime::EncryptionPolicy::cipherMessage);
} catch (const exception &e) {
lError() << "test" << " while encrypting message";
lError() << e.what() << " while encrypting message";
*result = ChatMessageModifier::Result::Error;
}
......@@ -361,7 +361,7 @@ ChatMessageModifier::Result LimeV2::processIncomingMessage (const shared_ptr<Cha
void LimeV2::update (LinphoneConfig *lpconfig) {
lime::limeCallback callback = setLimeCallback("Keys update");
belleSipLimeManager->update(callback);
lp_config_set_int(lpconfig, "misc", "last_lime_update_time", (int)lastLimeUpdate);
lp_config_set_int(lpconfig, "encryption", "last_lime_update_time", (int)lastLimeUpdate);
}
bool LimeV2::encryptionEnabledForFileTransfer (const shared_ptr<AbstractChatRoom> &chatRoom) {
......@@ -495,18 +495,18 @@ void LimeV2::onRegistrationStateChanged (LinphoneProxyConfig *cfg, LinphoneRegis
lime::limeCallback callback = setLimeCallback(operation.str());
LinphoneConfig *lpconfig = linphone_core_get_config(linphone_proxy_config_get_core(cfg));
lastLimeUpdate = linphone_config_get_int(lpconfig, "misc", "last_lime_update_time", -1); // TODO should be done by the tester
lastLimeUpdate = linphone_config_get_int(lpconfig, "encryption", "last_lime_update_time", -1); // TODO should be done by the tester
try {
// create user if not exist
belleSipLimeManager->create_user(localDeviceId, x3dhServerUrl, curve, callback);
lastLimeUpdate = ms_time(NULL);
lp_config_set_int(lpconfig, "misc", "last_lime_update_time", (int)lastLimeUpdate);
lp_config_set_int(lpconfig, "encryption", "last_lime_update_time", (int)lastLimeUpdate);
} catch (const exception &e) {
lInfo() << e.what() << " while creating lime user";
// update keys if necessary
int limeUpdateThreshold = lp_config_get_int(lpconfig, "misc", "lime_update_threshold", 86400);
int limeUpdateThreshold = lp_config_get_int(lpconfig, "encryption", "lime_update_threshold", 86400);
if (ms_time(NULL) - lastLimeUpdate > limeUpdateThreshold) { // 24 hours = 86400 ms
update(lpconfig);
lastLimeUpdate = ms_time(NULL);
......
......@@ -3503,14 +3503,14 @@ void MediaSessionPrivate::propagateEncryptionChanged () {
vector<uint8_t> remoteIkB64_vector = vector<uint8_t>(remoteIkB64_string.begin(), remoteIkB64_string.end());
vector<uint8_t> remoteIk_vector = decodeBase64(remoteIkB64_vector);
// get proxy config
// Get proxy config
LinphoneProxyConfig *proxy = nullptr;
if (destProxy)
proxy = destProxy;
else
proxy = linphone_core_get_default_proxy_config(q->getCore()->getCCore());
// get LIMEv2 context
// Get LIMEv2 context
LimeV2 *limeV2Engine;
if (proxy && linphone_core_lime_v2_enabled(linphone_proxy_config_get_core(proxy))) {
limeV2Engine = static_cast<LimeV2*>(q->getCore()->getEncryptionEngine());
......@@ -3518,16 +3518,16 @@ void MediaSessionPrivate::propagateEncryptionChanged () {
lWarning() << "LIMEv2 disabled or proxy config unavailable, unable to set peer identity verified status";
}
// get peer's GRUU
// Get peer's GRUU
const SalAddress *remoteAddress = getOp()->getRemoteContactAddress();
char *peerDeviceId = sal_address_as_string_uri_only(remoteAddress);
// TODO if mismatch = 0 set this peer as trusted with this Ik
// TODO if mismatch = 1 it means that the stored Ik was corrupted (identity theft)
// TODO If mismatch = 0 set this peer as trusted with this Ik
// TODO If mismatch = 1 it means that the stored Ik was corrupted (identity theft)
if (ms_zrtp_getAuxiliarySharedSecretMismatch(audioStream->ms.sessions.zrtp_context) == 0) {
if (limeV2Engine) {
try {
// if SAS verified lime peer is trusted, untrusted otherwise
// If SAS verified lime peer is trusted, untrusted otherwise
limeV2Engine->getLimeManager()->set_peerIdentityVerifiedStatus(peerDeviceId, remoteIk_vector, authTokenVerified);
lInfo() << "LIMEv2 peer device " << peerDeviceId << " is now trusted";
} catch (const exception &e) {
......
......@@ -217,7 +217,7 @@ void Core::enableLimeV2 (bool enable) {
LimeV2 *limeV2Engine;
if (d->imee == nullptr) {
LinphoneConfig *lpconfig = linphone_core_get_config(getCCore());
string filename = lp_config_get_string(lpconfig, "misc", "x3dh_db_path", "x3dh.c25519.sqlite3");
string filename = lp_config_get_string(lpconfig, "encryption", "x3dh_db_path", "x3dh.c25519.sqlite3");
string dbAccess = getDataPath() + filename;
belle_http_provider_t *prov = linphone_core_get_http_provider(getCCore());
......
[misc]
xmlrpc_server_url=http://subscribe.example.org/flexisip-account-manager/xmlrpc.php
[encryption]
x3dh_server_url=http://x3dh.linphone.org/flexisip-account-manager/x3dh-25519.php
x3dh_db_path=chloe.x3dh.sqlite3
lime_update_threshold=86400
......
[misc]
xmlrpc_server_url=http://subscribe.example.org/flexisip-account-manager/xmlrpc.php
[encryption]
x3dh_server_url=http://x3dh.linphone.org/flexisip-account-manager/x3dh-25519.php
x3dh_db_path=laure.x3dh.sqlite3
lime_update_threshold=86400
......
......@@ -2,6 +2,8 @@
enable_basic_to_client_group_chat_room_migration=1
basic_to_client_group_chat_room_migration_timer=180
xmlrpc_server_url=http://subscribe.example.org/flexisip-account-manager/xmlrpc.php
[encryption]
x3dh_server_url=http://x3dh.linphone.org/flexisip-account-manager/x3dh-25519.php
x3dh_db_path=marie.x3dh.sqlite3
lime_update_threshold=86400
......
[misc]
xmlrpc_server_url=http://subscribe.example.org/flexisip-account-manager/xmlrpc.php
[encryption]
x3dh_server_url=http://x3dh.linphone.org/flexisip-account-manager/x3dh-25519.php
x3dh_db_path=pauline.x3dh.sqlite3
lime_update_threshold=86400
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment