otrv4 / pidgin-otrng Goto Github PK
View Code? Open in Web Editor NEWFork of https://bugs.otr.im/plugins/pidgin-otr. This is a mirror of https://bugs.otr.im/otrv4/pidgin-otrng
License: GNU General Public License v2.0
pidgin-otrng's Issues
Document the functions
Fix some memory leaks
This memory leaks show up:
==23601== 16 bytes in 1 blocks are possibly lost in loss record 3,524 of 16,930
==23601== at 0x4C2EBAB: malloc (vg_replace_malloc.c:299)
==23601== by 0x20A28580: otrl_mem_malloc (mem.c:60)
==23601== by 0x1046CD79: do_malloc (global.c:945)
==23601== by 0x1046E4E9: _gcry_malloc_secure_core (global.c:979)
==23601== by 0x1046E4E9: _gcry_xmalloc_secure (global.c:1178)
==23601== by 0x1046E5C5: _gcry_xcalloc_secure (global.c:1223)
==23601== by 0x10533982: _gcry_mpi_resize (mpiutil.c:187)
==23601== by 0x10531586: mpi_fromstr (mpicoder.c:134)
==23601== by 0x10531586: _gcry_mpi_scan (mpicoder.c:602)
==23601== by 0x10469D7C: gcry_mpi_scan (visibility.c:357)
==23601== by 0x21E91584: otrng_dh_init (dh.c:89)
==23601== by 0x21C5F65B: __otrng_init_plugin (otrng-plugin.c:94)
==23601== by 0x21C5F6D2: purple_init_plugin (otrng-plugin.c:109)
==23601== by 0x7E28129: purple_plugin_probe (in /usr/lib64/libpurple.so.0.13.0)
==23601== 240 bytes in 2 blocks are definitely lost in loss record 15,484 of 16,930
==23601== at 0x4C2EBAB: malloc (vg_replace_malloc.c:299)
==23601== by 0xAB5E03E: getdelim (in /usr/lib64/libc-2.27.so)
==23601== by 0x21C61184: protocol_and_account_to_purple_conversation (plugin-all.c:186)
==23601== by 0x21E967A8: otrng_user_state_private_key_v4_read_FILEp (messaging.c:253)
==23601== by 0x21C611E7: otrng_plugin_read_private_keys (plugin-all.c:202)
==23601== by 0x21C658F1: otrng_plugin_init_userstate (plugin-all.c:2026)
==23601== by 0x21C66014: otrng_plugin_load (plugin-all.c:2249)
==23601== by 0x7E27592: purple_plugin_load (in /usr/lib64/libpurple.so.0.13.0)
==23601== by 0x7E28696: purple_plugins_load_saved (in /usr/lib64/libpurple.so.0.13.0)
==23601== by 0x143832: main (gtkmain.c:852)
==23601== 240 bytes in 2 blocks are definitely lost in loss record 15,485 of 16,930
==23601== at 0x4C2EBAB: malloc (vg_replace_malloc.c:299)
==23601== by 0xAB5E03E: getdelim (in /usr/lib64/libc-2.27.so)
==23601== by 0x21C61184: protocol_and_account_to_purple_conversation (plugin-all.c:186)
==23601== by 0x21E96830: otrng_user_state_client_profile_read_FILEp (messaging.c:276)
==23601== by 0x21C6129D: otrng_plugin_read_client_profile (plugin-all.c:212)
==23601== by 0x21C658FD: otrng_plugin_init_userstate (plugin-all.c:2029)
==23601== by 0x21C66014: otrng_plugin_load (plugin-all.c:2249)
==23601== by 0x7E27592: purple_plugin_load (in /usr/lib64/libpurple.so.0.13.0)
==23601== by 0x7E28696: purple_plugins_load_saved (in /usr/lib64/libpurple.so.0.13.0)
==23601== by 0x143832: main (gtkmain.c:852)
==23601== 1,012 bytes in 2 blocks are possibly lost in loss record 16,374 of 16,930
==23601== at 0x4C2EBAB: malloc (vg_replace_malloc.c:299)
==23601== by 0x20A28580: otrl_mem_malloc (mem.c:60)
==23601== by 0x1046CD79: do_malloc (global.c:945)
==23601== by 0x1046D589: _gcry_malloc (global.c:969)
==23601== by 0x10470B83: _gcry_sexp_find_token (sexp.c:486)
==23601== by 0x20A23EAB: otrl_privkey_read_FILEp (privkey.c:266)
==23601== by 0x21E964AF: otrng_user_state_private_key_v3_read_FILEp (messaging.c:144)
==23601== by 0x21C61200: otrng_plugin_read_private_keys (plugin-all.c:204)
==23601== by 0x21C658F1: otrng_plugin_init_userstate (plugin-all.c:2026)
==23601== by 0x21C66014: otrng_plugin_load (plugin-all.c:2249)
==23601== by 0x7E27592: purple_plugin_load (in /usr/lib64/libpurple.so.0.13.0)
==23601== by 0x7E28696: purple_plugins_load_saved (in /usr/lib64/libpurple.so.0.13.0)
==23247== 75 (32 direct, 43 indirect) bytes in 1 blocks are definitely lost in loss record 11,977 of 17,344
==23247== at 0x4C2EBAB: malloc (vg_replace_malloc.c:299)
==23247== by 0x21C63424: otrng_plugin_conversation_new (plugin-all.c:1029)
==23247== by 0x21C635C3: purple_conversation_to_plugin_conversation (plugin-all.c:1068)
==23247== by 0x21C7083F: build_otr_menu (gtk-dialog.c:2114)
==23247== by 0x21C72ED5: otrng_gtk_dialog_new_purple_conv (gtk-dialog.c:2963)
==23247== by 0x21C72620: conversation_switched (gtk-dialog.c:2760)
==23247== by 0x7E3BCF1: purple_signal_emit_vargs (in /usr/lib64/libpurple.so.0.13.0)
==23247== by 0x7E3BE61: purple_signal_emit (in /usr/lib64/libpurple.so.0.13.0)
==23247== by 0x995BADC: g_closure_invoke (gclosure.c:804)
==23247== by 0x996EA3D: signal_emit_unlocked_R (gsignal.c:3705)
==23247== by 0x9978069: g_signal_emit_valist (gsignal.c:3391)
==23247== by 0x9978662: g_signal_emit (gsignal.c:3447)
==23247== 96 bytes in 6 blocks are possibly lost in loss record 14,761 of 17,344
==23247== at 0x997EE83: g_type_create_instance (gtype.c:1845)
==23247== by 0x99616C7: g_object_new_internal (gobject.c:1799)
==23247== by 0x9962E14: g_object_new_with_properties (gobject.c:1967)
==23247== by 0x99639D0: g_object_new (gobject.c:1639)
==23247== by 0x21C73CE2: tooltip_menu_init (tooltipmenu.c:139)
==23247== by 0x997EF39: g_type_create_instance (gtype.c:1866)
==23247== by 0x99616C7: g_object_new_internal (gobject.c:1799)
==23247== by 0x9962E14: g_object_new_with_properties (gobject.c:1967)
==23247== by 0x99639D0: g_object_new (gobject.c:1639)
==23247== by 0x21C73DF7: tooltip_menu_new (tooltipmenu.c:172)
==23247== by 0x21C71FF1: otr_add_buddy_top_menu (gtk-dialog.c:2595)
==23247== by 0x21C723D4: otr_add_buddy_top_menus (gtk-dialog.c:2697)
==23247== 184 (88 direct, 96 indirect) bytes in 1 blocks are definitely lost in loss record 15,861 of 17,344
==23247== at 0x4C2EBAB: malloc (vg_replace_malloc.c:299)
==23247== by 0x9BF03C5: g_malloc (gmem.c:99)
==23247== by 0x9C07FF6: g_slice_alloc (gslice.c:1025)
==23247== by 0x9BD89E1: g_hash_table_new_full (ghash.c:717)
==23247== by 0x21C612F5: otrng_plugin_fingerprint_store_create (plugin-all.c:218)
==23247== by 0x21C65907: otrng_plugin_init_userstate (plugin-all.c:2032)
==23247== by 0x21C66014: otrng_plugin_load (plugin-all.c:2249)
==23247== by 0x7E27592: purple_plugin_load (in /usr/lib64/libpurple.so.0.13.0)
==23247== by 0x7E28696: purple_plugins_load_saved (in /usr/lib64/libpurple.so.0.13.0)
==23247== by 0x143832: main (gtkmain.c:852)
==23247== 384 bytes in 6 blocks are possibly lost in loss record 16,436 of 17,344
==23247== at 0x4C2EBAB: malloc (vg_replace_malloc.c:299)
==23247== by 0x9BF03C5: g_malloc (gmem.c:99)
==23247== by 0x9C09D6F: g_memdup (gstrfuncs.c:391)
==23247== by 0x9BD8334: g_hash_table_insert_node (ghash.c:970)
==23247== by 0x9BD893C: g_hash_table_insert_internal (ghash.c:1235)
==23247== by 0x5EA7268: gtk_tooltips_set_tip (gtktooltips.c:270)
==23247== by 0x21C7422D: tooltip_menu_set_tooltip (tooltipmenu.c:231)
==23247== by 0x21C7406F: tooltip_menu_add (tooltipmenu.c:193)
==23247== by 0x21C74196: tooltip_menu_prepend (tooltipmenu.c:209)
==23247== by 0x21C720C9: otr_add_buddy_top_menu (gtk-dialog.c:2603)
==23247== by 0x21C723D4: otr_add_buddy_top_menus (gtk-dialog.c:2697)
==23247== by 0x21C6E400: dialog_update_label_conv (gtk-dialog.c:1299)
==23247== 672 (304 direct, 368 indirect) bytes in 1 blocks are definitely lost in loss record 16,693 of 17,344
==23247== at 0x997EE17: g_type_create_instance (gtype.c:1845)
==23247== by 0x99616C7: g_object_new_internal (gobject.c:1799)
==23247== by 0x9962E14: g_object_new_with_properties (gobject.c:1967)
==23247== by 0x99639D0: g_object_new (gobject.c:1639)
==23247== by 0x21C72E3D: otrng_gtk_dialog_new_purple_conv (gtk-dialog.c:2956)
==23247== by 0x21C72620: conversation_switched (gtk-dialog.c:2760)
==23247== by 0x7E3BCF1: purple_signal_emit_vargs (in /usr/lib64/libpurple.so.0.13.0)
==23247== by 0x7E3BE61: purple_signal_emit (in /usr/lib64/libpurple.so.0.13.0)
==23247== by 0x995BADC: g_closure_invoke (gclosure.c:804)
==23247== by 0x996EA3D: signal_emit_unlocked_R (gsignal.c:3705)
==23247== by 0x9978069: g_signal_emit_valist (gsignal.c:3391)
==23247== by 0x9978662: g_signal_emit (gsignal.c:3447)
Check SMP
It seems like it is not working.
When pidgin-otrng plugin is enabled, OTRv3 plugin crashes
Change buttons on conversation window
Remove the duplicated button in the bottom of the chat, leaving only the status of the private conversation always showing.
Review the OTR text
Queue plaintext messages until there's an OTR conversation
See: otrv4/libotr-ng#79
Fingerprint verification not showing the correct information
Fingerprints seem to be correct (obscured in the image); but the account is wrong (it is repeated). See:
Unable to refresh conversations
Define which README to translate and which information goes to each one
Check how the restarting happens after TLV Disconnected
Decide how to implement polices and modes
See issues otrv4/libotr-ng#66 and otrv4/libotr-ng#14 of libotr-ng.
Multiple "OTR" menus in the Conversation window
I remember I had done the following:
- Started pidgin with pidgin-otrng enabled.
- Had a OTRv4 conversation.
- Finished the OTRv4 conversation.
- Disable pidgin-otrng, enabled pidgin-otr.
- Receive a query message from the other participant and started a OTRv3 conversation.
Implement the whole non-interactive path
How should we communicate v3 + v4 long-term keys (and fingerprints) to the user?
Question from @juniorz : The OTRv4 long-term (public) key is published together with a user profile that's signed with the OTRv3 long-term (private) key.
Can we make use of this and simplify the UI? Can we omit OTRv4 fingerprint when there's a profile signed by a trusted OTRv3 key?
@olabini : No, I don't think we should omit the OTRv4 fingerprint, since then we reduce the security of the connection to the security of the OTRv3 key - and the whole point of updating to modern algorithms and sizes is that the old OTRv3 signing is not strong enough anymore.
Not clear 2 websites, gitlab, github
Hello,
There are some problems for OTR:
It is possible to redirect the old website (and all pages) to http://otr.im/ and add missing parts if there are?
See for the gitlab "bugs.otr.im".
It will be nice to update the old github and inform to move it.
https://github.com/off-the-record/
Archive too? and redirect?
Check compatibility with libotr (OTRv3 conversations)
See: otrv4/libotr-ng#32
- Implement all OTR3 callbacks on the plugin: create instance tag, create key, etc.
Static compilation does not work
It fails with:
$ make -f Makefile.static LIBOTRDIR=/usr/lib/x86_64-linux-gnu/ LIBGCRYPTDIR=/usr/lib/x86_64-linux-gnu/ LIBOTRNGDIR=/usr/local/lib/
[...]
ld -r .libs/otrng-plugin.o \
.libs/plugin-all.o \
.libs/ui.o \
.libs/dialogs.o \
.libs/gtk-ui.o \
.libs/gtk-dialog.o \
.libs/tooltipmenu.o \
.libs/otrng-client.o \
/usr/lib/x86_64-linux-gnu//libotr.a \
/usr/lib/libotr-ng.a \
/usr/lib/x86_64-linux-gnu/libgcrypt.a \
/usr/lib/x86_64-linux-gnu/libgpg-error.a \
-o .libs/pidgin-otr-shared.o
# Make all the libgcrypt references local to that .o file
objcopy -w -L '*gcry*' .libs/pidgin-otr-shared.o \
.libs/pidgin-otr-static.o
# Turn the .o into a .so
gcc -shared .libs/pidgin-otr-static.o -Wl,-soname -Wl,pidgin-otr.so \
-o .libs/pidgin-otr.so
/usr/bin/x86_64-linux-gnu-ld: .libs/pidgin-otr-static.o: relocation R_X86_64_32S against `.rodata.cst4' can not be used when making a shared object; recompile with -fPIC
/usr/bin/x86_64-linux-gnu-ld: final link failed: Nonrepresentable section on output
collect2: error: ld returned 1 exit status
Makefile.static:8: recipe for target '.libs/pidgin-otrng.so' failed
make: *** [.libs/pidgin-otrng.so] Error 1
We should use libtool to build both the static and dynamic library.
Manage the Prekey Profile
See where it will be published, if the serialization is ok, how it will be published and retrieved.
Tasks
- Create and publish a prekey profile if there's none
- Create a new prekey profile and publish after expiration
- Update and publish the existing prekey profile if one of the values changes
- Update and publish if the corresponding client profile is updated
Read and Write persistent state
We are missing to read/write from/to a file:
- Client profile
- Prekey profile
- Shared prekey
- Prekey messages
See: otrng_plugin_init_userstate()
Revise design of configuration panel
-
If there's a fingerprint for v3 and v4, show another column so we can have both fingerprints side by
-
Remove the option for 'hiding the OTR button' in the chat.
Package for most OS
Check the configuration and OTR-related dialogs
Include new UI for:
- Communicating when there are no prekey ensembles and the offline conversation cannot be started.
- Communicating the security properties of online and offline conversations.
User test the plugin
For the moment we need to:
- Define which users will we test with
- Recruit these (5) users to test
- Map the hypothesis we want to validate with them
- Develop an script for the interviews
Following steps are:
- Apply the interviews and collect feedback
- Analyse results and share points of improvement
- Implement improvements
Allow config view and generate of long-term public keys for v4 and v3 independently
See issue otrv4/libotr-ng#26 of libotr-ng.
Check the interactive path
Correctly see that is working and add everything that needs to.
Check that the callbacks, heartbeat messages, padding, shared session state are working with the plugin.
Check how errors are shown
Check the text shown to the user.
Test fragmentation is configured by the plugin
Refactor the code
See issue otrv4/libotr-ng#16 of the libotr-ng library.
Communicate over the UI the fingerprints
How should we communicate the fingerprints? See issue otrv4/libotr-ng#27 of libtro-ng
Turning off OTR for a peer causes bad behavior
If you inside of Pidgin says that OTR is turned off for ONE peer, you get weird behavior, primarily that someone starting an OTR conversation from the other side, still seems able to do it.
Warning on plugin
Description
When I compile the plugin on my machine I see the following warnings:
make all-recursive
make[1]: Entering directory '/home/denis/projects/pidgin-otrng'
Making all in po
make[2]: Entering directory '/home/denis/projects/pidgin-otrng/po'
make[2]: Nothing to be done for 'all'.
make[2]: Leaving directory '/home/denis/projects/pidgin-otrng/po'
Making all in test
make[2]: Entering directory '/home/denis/projects/pidgin-otrng/test'
make[2]: Nothing to be done for 'all'.
make[2]: Leaving directory '/home/denis/projects/pidgin-otrng/test'
make[2]: Entering directory '/home/denis/projects/pidgin-otrng'
CC otrng-plugin.lo
CC prekey-plugin.lo
CC prekey-discovery.lo
CC prekey-discovery-jabber.lo
CC plugin-all.lo
plugin-all.c: In function ‘smp_update_v4’:
plugin-all.c:1914:5: warning: this statement may fall through [-Wimplicit-fallthrough=]
otrng_plugin_abort_smp(conv); // fallthrough intended
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
plugin-all.c:1915:3: note: here
case OTRNG_SMP_EVENT_ABORT:
^~~~
CC ui.lo
CC dialogs.lo
CC gtk-ui.lo
CC gtk-dialog.lo
gtk-dialog.c: In function ‘otr_icon’:
gtk-dialog.c:208:3: warning: ‘gdk_pixbuf_new_from_inline’ is deprecated [-Wdeprecated-declarations]
pixbuf = gdk_pixbuf_new_from_inline(-1, data, FALSE, NULL);
^~~~~~
In file included from /usr/include/gdk-pixbuf-2.0/gdk-pixbuf/gdk-pixbuf.h:34:0,
from /usr/include/gtk-2.0/gdk/gdkpixbuf.h:37,
from /usr/include/gtk-2.0/gdk/gdkcairo.h:28,
from /usr/include/gtk-2.0/gdk/gdk.h:33,
from /usr/include/gtk-2.0/gtk/gtk.h:32,
from gtk-dialog.c:28:
/usr/include/gdk-pixbuf-2.0/gdk-pixbuf/gdk-pixbuf-core.h:362:12: note: declared here
GdkPixbuf* gdk_pixbuf_new_from_inline (gint data_length,
^~~~~~~~~~~~~~~~~~~~~~~~~~
gtk-dialog.c: In function ‘start_or_continue_smp’:
gtk-dialog.c:316:45: warning: pointer targets in passing argument 2 of ‘otrng_plugin_start_smp’ differ in signedness [-Wpointer-sign]
otrng_plugin_start_smp(smppair->conv, user_question, 0,
^~~~~~~~~~~~~
In file included from ./dialogs.h:33:0,
from gtk-dialog.h:25,
from gtk-dialog.c:65:
./plugin-all.h:105:6: note: expected ‘const unsigned char *’ but argument is of type ‘const char *’
void otrng_plugin_start_smp(otrng_plugin_conversation *conv,
^~~~~~~~~~~~~~~~~~~~~~
gtk-dialog.c:319:45: warning: pointer targets in passing argument 2 of ‘otrng_plugin_start_smp’ differ in signedness [-Wpointer-sign]
otrng_plugin_start_smp(smppair->conv, user_question,
^~~~~~~~~~~~~
In file included from ./dialogs.h:33:0,
from gtk-dialog.h:25,
from gtk-dialog.c:65:
./plugin-all.h:105:6: note: expected ‘const unsigned char *’ but argument is of type ‘const char *’
void otrng_plugin_start_smp(otrng_plugin_conversation *conv,
^~~~~~~~~~~~~~~~~~~~~~
gtk-dialog.c: In function ‘otrng_gtk_dialog_clicked_connect’:
gtk-dialog.c:1829:18: warning: unused variable ‘account’ [-Wunused-variable]
PurpleAccount *account = purple_conversation_get_account(conv);
^~~~~~~
gtk-dialog.c: In function ‘check_incoming_instance_change’:
gtk-dialog.c:3137:16: warning: variable ‘current_out’ set but not used [-Wunused-but-set-variable]
ConnContext *current_out = NULL;
^~~~~~~~~~~
CC tooltipmenu.lo
CC otrng-client.lo
CCLD pidgin-otrng.la
make[2]: Leaving directory '/home/denis/projects/pidgin-otrng'
make[1]: Leaving directory '/home/denis/projects/pidgin-otrng'
Test heartbeats are sent periodically
Evaluate the architecture of the plugin
See issue otrv4/libotr-ng#114 of libotr-ng.
Manage the Client Profile
See where it will be published, if the serialization is ok, how it will be published and retrieved.
See issue otrv4/libotr-ng#108 of libotr-ng.
Tasks
- Create and publish a client profile if there's none
- Create a new client profile and publish after expiration
- Update and publish the existing client profile if one of the values changes
Clarify logs: pidgin or otr
Have tests.
The test suite was introduced in fedd7a9 . We should have actual tests now.
Correctly manage instance tags
Check issue otrv4/libotr-ng#18 of the libotr-ng library.
Keep in mind that as noted by @juniorz , this will make some transitions between otrv4 and otrv3 state machine more easily.
Add callback to create instance tag
On the library:
- Add the callback to 'client_callbacks_s'.
- Invoke it from 'maybe_create_keys' and 'op_create_instag'.
- Add test
On the plugin
- Extract its implementation from 'create_privkey_v4'.
- Add test?
Add help windows
With the context of the help folder.
Should we use the same license of libotr-ng?
Allow different buttons for OTR plugins
The label of the plugins should not be OTR and OTR.
Add a testing infrastructure
Interact with a prekey server
Make the plugin build
Prekey publication message submission sometimes fails
As reported by @olabini , sometimes the prekey publication message MAC is wrong, and the flow fails. I have been unable to reproduce, but it is there :)
Always refer as 'OTR nextgen'
Since the the v3 plugin is called v4 and the v4 is called nextgen, let's always talk about 'OTR'(when in reference to v3) and 'OTR nextgen' (when in reference to v4).
Not processing the received non-interactive auth and dake dake message
The non-interactive auth and the dake data message get send. However, they are received but not processed.
Make the offline path discover prekey server
Do not show a smiley face on authentication error
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.