Delete database as panic response even when signed out
The method `runOnDbThread()` depends on an executor
that's created by roboguice at startup.
It requires to be signed in, so use a different thread instead.
Closes#215
See merge request !60
The method `runOnDbThread()` depends on an executor
that's created by roboguice at startup.
It requires to be signed in, so use a different thread instead.
Add tests for metadata encoder and parser as well as UTF-8 tests for BDF reader and writer
This also includes a commit to fix issues found in the metadata encoder and parser.
See merge request !58
Use @Test annotation to test for exceptions being thrown (#213)
Please note that this commit only uses the @Test annotation
where exceptions are thrown at the end of the test,
because otherwise the test would not be executed completely.
Examples for this are in DatabaseComponentImplTest where many exceptions
are thrown in close succession or in ConnectionRegistryImplTest where an
exception is thrown in the middle of the test.
Closes#213
See merge request !57
Support for Destructive Panic Actions
This MR is based on and requires !52.
More details are available in the commit message.
All known issues have now been fixed by new upstream releases.
See merge request !54
Initial Support For PanicKit
This MR adds support for the PanicKit libary. It supports the basic default panic response (signing out) which does not require user interaction to work. For destructive panic responses, the user needs to "connect" the panic trigger app (e.g. Ripple) with Briar first. To secure this connection further, TrustedIntents have been added. Gradle Witness is being used to guarantee the integrity of external libraries.
Otherwise, this MR is pretty isolated and should not interfere with other parts of Briar. So merging it should be safe. However, the panic functionality still has rough edges and should not be relied on just now. It will mature along the the PanicKit library and the Ripple app.
Closes#204
See merge request !52
Please note that this commit only uses the @Test annotation
where exceptions are thrown at the end of the test,
because otherwise the test would not be executed completely.
Examples for this are in DatabaseComponentImplTest where many exceptions
are thrown in close succession or in ConnectionRegistryImplTest where an
exception is thrown in the middle of the test.
PanicKit does distinguish between two kinds of panic responses:
* default responses such as logging out which are non-destructive and
do not require user interaction, so that the basics work without
configuration
* destructive responses such as deleting user data. These require
some sort of authentication to make sure they are not triggered
by malicious apps
The second type of responses is implemented with this commit.
Authentication is done by comparing the package name
which is very weak. It requires the user to opt-in to
destructive responses and to configure from which app
to receive those (since there might be many different panic
trigger apps).
While possible to uninstall an app and install one with the same
package name afterwards, this always triggers notifications to
the user (if the attacker does not have root access).
Still that is no sufficient security for Briar's requirements,
so that TrustedIntents are used as well to make sure that the
app sending the destructive trigger is signed by a signing key
that we specified before. Currently, that is the one from the
GuardianProject and from IilabEngineering who does the Amnesty
International Panic App.
The responsibility of checking that the panic TRIGGER is
legitimate lies with the app responding to the trigger, so Briar
in this case. This commit checks whether the TRIGGER comes from
a trusted app before performing destructive actions,
but does perform the default action even when triggered from
untrusted apps.
Closes#210
Structured metadata. #112
Task #112 involves defining an interface between the sync protocol and its clients. To avoid the need for clients to keep their own databases, which could get out of step with the sync protocol's database, we're giving clients that ability to store metadata in the sync protocol's database.
Metadata can be associated with any message, channel, or client. Each metadata object is a simple map from strings to byte arrays. We'll provide a simple query interface to retrieve metadata and/or data by specifying a set of metadata keys. Basically we're building a shitty NoSQL database... erm, I mean, an enterprise-grade key-value store.
The basic metadata object is kind of Spartan, so this patch provides an encoder and parser for storing structured metadata. This gives clients an easy way to associate structured data with messages and channels, while leaving them the option of using their own encoding if they prefer.
This MR depends on !49.
See merge request !50
BdfList and BdfDictionary are no longer thread-safe, they require external locking. Metadata (which is the class that will be passed across API boundaries) is still thread-safe.
Transport properties manager facade, key manager refactoring. #112
Refactoring for #112: decouple the invitation and plugin code from the database with a TransportPropertiesManager facade (which will become a BSP client), and move some key management logic from the invitation code to the KeyManager. Update the integration tests to use the new FooManager facades.
See merge request !49
Final crypto changes for BTPv2. #111
This patch brings the implementation into line with the BTPv2 spec. Changes:
* Use BLAKE2s to generate tags
* KDF arguments for key rotation
* Frame IV format
Closes#111.
See merge request !48
Improve PasswordActivity
* removing screen border visible on small screens
* showing noticeable error message on wrong password input
* showing keyboard again after entering wrong password
* making lost password link easier to recognize as link
* renaming keyboard toggle method from 'hide' to 'toggle'
See merge request !53
* removing screen border visible on small screens
* showing noticeable error message on wrong password input
* showing keyboard again after entering wrong password
* making lost password link easier to recognize as link
* renaming keyboard toggle method from 'hide' to 'toggle'
Use new BriarRecyclerView in ConversationView
This now handles progress bar and empty view itself.
With this commit, it also scrolls down on layout changes like when
keyboard is opened.
See merge request !46
Fix contacts duplicating itself when pressing back button in conversation view.
Normally, this should be handled by the `SortedList` in the `RecyclerView`, but it isn't for some reason. Instead of spending way too much time on finding out why, I am clearing the adapter instead (on each `activity.onResume()`) as it was done before.
Closes#200
See merge request !42
Use BLAKE2s for hashing, key derivation and signatures
SHA-256 is still used for password-based key derivation (will be replaced with Argon2) and Fortuna.
See merge request !47
This is done by update existing items rather than just adding them,
because different timestamps in added items change the sorting criteria
and cause duplicates in the SortedList.
Closes#200
BLAKE2s implementation
Implementation is based on the BLAKE2b implementation from BouncyCastle, and is
therefore licensed under the BouncyCastle license (which will make future
upstreaming of the code easier).
Closes#189.
See merge request !39
Implementation is based on the BLAKE2b implementation from BouncyCastle, and is
therefore licensed under the BouncyCastle license (which will make future
upstreaming of the code easier).
Fix SetupActivity warnings for API 10
Closes#176.
The manual setting of the error message color also (strangely) stops the message from disappearing every second character. I'm not complaining ^_^
I guessed that the text color problem probably stopped occurring from API 14 (at the big 4.0 overhaul), but it would be great if someone could confirm.
See merge request !40
