6.4.18-b1 (#1554)

IOS_ONLY - Fixed broken video calls by fixing bug in Mozilla's
webrtc-sdp library
- Reworked complete OMEMO trust management
- Fixed spurious "new OMEMO device found" notifications and status
messages
- Introduced some new OMEMO expert settings
- Improved UI responsiveness in some rare cases
- Made sure to periodically advance the OMEMO DH-ratchet even on devices
only used for receiving messages, not sending
- Made sure to remove old OMEMO devices not seen for more than 90 days
from own devicelist

Author: tmolitor-stud-tu

Monal/Classes/ActiveChatsViewController.m

@@ -313,6 +313,8 @@ -(void) viewDidLoad
     self.chatListTable.emptyDataSetSource = self;
     self.chatListTable.emptyDataSetDelegate = self;
 
+    [self refresh];
+    
     //has to be done here to not always prepend intro screens onto our view queue
     //once a fullscreen view is dismissed (or the app is switched to foreground)
     [self segueToIntroScreensIfNeeded];
@@ -355,13 +357,15 @@ -(void) refreshDisplay
         }
     };
 
-    dispatch_async(dispatch_get_main_queue(), ^{
+    [HelperTools dispatchAsync:YES reentrantOnQueue:dispatch_get_main_queue() withBlock:^{
         size_t unpinnedConCntBefore = self.unpinnedContacts.count;
         size_t pinnedConCntBefore = self.pinnedContacts.count;
         NSMutableArray<MLContact*>* newUnpinnedContacts = [[DataLayer sharedInstance] activeContactsWithPinned:NO];
         NSMutableArray<MLContact*>* newPinnedContacts = [[DataLayer sharedInstance] activeContactsWithPinned:YES];
-        if(!newUnpinnedContacts || ! newPinnedContacts)
-            return;
+        if(!newUnpinnedContacts)
+            newUnpinnedContacts = [NSMutableArray new];
+        if(!newPinnedContacts)
+            newPinnedContacts = [NSMutableArray new];
 
         int unpinnedCntDiff = (int)unpinnedConCntBefore - (int)newUnpinnedContacts.count;
         int pinnedCntDiff = (int)pinnedConCntBefore - (int)newPinnedContacts.count;
@@ -380,8 +384,8 @@ -(void) refreshDisplay
                 [self presentChatWithContact:nil];
         }
 
-        if(self.chatListTable.hasUncommittedUpdates)
-            return;
+//         if(self.chatListTable.hasUncommittedUpdates)
+//             return;
         [CATransaction begin];
         [UIView performWithoutAnimation:^{
             [self.chatListTable beginUpdates];
@@ -398,7 +402,7 @@ -(void) refreshDisplay
 
         MonalAppDelegate* appDelegate = (MonalAppDelegate*)[UIApplication sharedApplication].delegate;
         [appDelegate updateUnread];
-    });
+    }];
 }
 
 -(void) refreshContact:(NSNotification*) notification
@@ -566,9 +570,7 @@ -(void) insertOrMoveContact:(MLContact*) contact completion:(void (^ _Nullable)(
                 [self.chatListTable insertRowsAtIndexPaths:@[insertAtPath] withRowAnimation:UITableViewRowAnimationRight];
                 //make sure to fully refresh to remove the empty dataset (yes this will trigger on first chat pinning, too, but that does no harm)
                 if(oldCount == 0)
-                    dispatch_async(dispatch_get_main_queue(), ^{
-                        [self refreshDisplay];
-                    });
+                    [self refreshDisplay];
             }
         } completion:^(BOOL finished) {
             if(completion) completion(finished);
@@ -594,7 +596,6 @@ -(void) viewDidAppear:(BOOL) animated
 {
     DDLogDebug(@"active chats view did appear");
     [super viewDidAppear:animated];
-    
     [self refresh];
 }
 
@@ -605,10 +606,10 @@ -(void) sheetDismissed
 
 -(void) refresh
 {
-    dispatch_async(dispatch_get_main_queue(), ^{
+    [HelperTools dispatchAsync:YES reentrantOnQueue:dispatch_get_main_queue() withBlock:^{
         [self refreshDisplay];      // load contacts
         [self processViewQueue];
-    });
+    }];
 }
 
 -(void) didReceiveMemoryWarning

Monal/Classes/AddContactMenu.swift

@@ -156,7 +156,7 @@ struct AddContactMenu: View {
                     self.newContact = MLContact.createContact(fromJid: jid, andAccountNo: account.accountNo)
                     successAlert(title: Text("Success!"), message: Text("Successfully joined group/channel \(jid)!"))
                 }.catch { error in
-                    errorAlert(title: Text("Error entering group/channel!"), message: Text("\(String(describing:error))"))
+                    errorAlert(title: Text("Error entering group/channel!"), message: Text(error.localizedDescription))
                 }
             }
         }.catch { error in

Monal/Classes/ContactDetails.swift

@@ -582,7 +582,7 @@ struct ContactDetails: View {
                                                 }
                                                 successAlert(title: Text("Success"), message: contact.mucType == "group" ? Text("Successfully destroyed group.") : Text("Successfully destroyed channel."))
                                             }.catch { error in
-                                                errorAlert(title: Text("Error destroying group!"), message: Text("\(String(describing:error))"))
+                                                errorAlert(title: Text("Error destroying group!"), message: Text(error.localizedDescription))
                                             }
                                         }
                                     )

Monal/Classes/DataLayerMigrations.m

@@ -1091,6 +1091,11 @@ FOREIGN KEY('account_id') REFERENCES 'account'('account_id') ON DELETE CASCADE \
             [db executeNonQuery:@"ALTER TABLE account DROP COLUMN 'supports_sasl2';"];
         }];
 
+        //make sure all omemo devices have a "last used" timestamp
+        [self updateDB:db withDataLayer:dataLayer toVersion:6.407 withBlock:^{
+            [db executeNonQuery:@"UPDATE signalContactIdentity SET lastReceivedMsg=CURRENT_TIMESTAMP WHERE lastReceivedMsg IS NULL;"];
+        }];
+
 
         //check if device id changed and invalidate state, if so
         //but do so only for non-sandbox (e.g. non-development) installs

Monal/Classes/GeneralSettings.swift

@@ -59,6 +59,12 @@ class GeneralSettingsDefaultsDB: ObservableObject {
     @defaultsDB("OMEMODefaultOn") 
     var omemoDefaultOn:Bool
 
+    @defaultsDB("allowMixedTrustInGroups")
+    var allowMixedTrustInGroups: Bool
+    
+    @defaultsDB("allowUnverifiedCalls")
+    var allowUnverifiedCalls: Bool
+    
     @defaultsDB("AutodeleteInterval")
     var AutodeleteInterval: Int
 
@@ -287,9 +293,43 @@ struct SecuritySettings: View {
             Section(header: Text("Encryption")) {
                 SettingsToggle(isOn: $generalSettingsDefaultsDB.omemoDefaultOn) {
                     Text("Enable encryption by default for new chats")
-                    Text("Every new contact will have encryption enabled, but already known contacts will preserve their encryption settings.")
+                    Text(
+"""
+Every new contact will have encryption enabled, but already known contacts will preserve their encryption settings.
+Generally this should never be turned off by members of high risk groups like journalists, activists etc.
+"""
+                    )
                 }
 
+                SettingsToggle(isOn: $generalSettingsDefaultsDB.allowUnverifiedCalls) {
+                    Text("Allow unverified calls in encrypted chats")
+                    Text(
+"""
+Allow calls not being OMEMO-verified in OMEMO encrypted chats.
+If you turn this off, you won't be able to place or receive calls to/from contacts not using a client implementing [http://gultsch.de/xmpp/drafts/omemo/dlts-srtp-verification](https://gist.github.com/iNPUTmice/aa4fc0aeea6ce5fb0e0fe04baca842cd).
+This should be turned off by members of high risk groups like journalists, activists etc.
+"""
+                    )
+                }
+                
+                SettingsToggle(isOn: $generalSettingsDefaultsDB.allowMixedTrustInGroups) {
+                    Text("Allow BTBV-only participants in verified encrypted groups")
+                    Text(
+"""
+If this is off, you won't send encrypted messages to members of a group not having any explicitly trusted device once you explicitly trusted/distrusted at least one single device of another member of this group.
+Use with care, because this means you'll have to explicitly trust at least one device of *all* members of a group once you started manually changing the trust of one device of a member of this group (even if you did this in an 1:1 chat with one of the members)!
+Generally this should only be turned off by members of high risk groups like journalists, activists etc.
+"""
+                    )
+                }
+            }
+
+            Section(header: Text("Networking")) {
+                SettingsToggle(isOn: $generalSettingsDefaultsDB.webrtcAllowP2P) {
+                    Text("Calls: Allow P2P sessions")
+                    Text("Allow your device to establish a direct network connection to the remote party. This might leak your IP address to the caller/callee.")
+                }
+
                 if #available(iOS 16.0, macCatalyst 16.0, *) {
                     SettingsToggle(isOn: $generalSettingsDefaultsDB.useDnssecForAllConnections) {
                         Text("Use DNSSEC validation for all connections")
@@ -303,11 +343,6 @@ like hotel wifi, ugly mobile carriers etc.
                         )
                     }
                 }
-                
-                SettingsToggle(isOn: $generalSettingsDefaultsDB.webrtcAllowP2P) {
-                    Text("Calls: Allow P2P sessions")
-                    Text("Allow your device to establish a direct network connection to the remote party. This might leak your IP address to the caller/callee.")
-                }
             }
 
             Section(header: Text("On this device")) {

Monal/Classes/MLCall.m

@@ -223,17 +223,10 @@ -(BOOL) muted
 -(void) setSpeaker:(BOOL) speaker
 {
     @synchronized(self) {
-        DDLogError(@"*** setSpeaker:%@ called...", bool2str(speaker));
         if(self.webRTCClient == nil || self.audioSession == nil)
-        {
-            DDLogError(@"*** setSpeaker: not ready: %@, %@", self.webRTCClient, self.audioSession);
             return;
-        }
         if(_speaker == speaker)
-        {
-            DDLogError(@"*** setSpeaker: called but identical...");
             return;
-        }
         _speaker = speaker;
         if(_speaker)
             [self.webRTCClient speakerOn];
@@ -484,7 +477,7 @@ -(void) didActivateAudioSession:(AVAudioSession*) audioSession
     [[RTCAudioSession sharedInstance] unlockForConfiguration];
     if(self.callType == MLCallTypeVideo)
     {
-        DDLogError(@"*** Activating speaker...");
+        DDLogInfo(@"*** Video call detected, activating speaker...");
         self.speaker = YES;
     }
 }
@@ -883,7 +876,7 @@ -(void) offerSDP
         DDLogDebug(@"WebRTC reported local SDP '%@', sending to '%@': %@", [RTCSessionDescription stringForType:sdp.type], self.fullRemoteJid, sdp.sdp);
 
         NSArray<MLXMLNode*>* children = [HelperTools sdp2xml:sdp.sdp withInitiator:YES];
-        if(children.count == 0)
+        if(children == nil || children.count == 0)
         {
             DDLogError(@"Could not serialize local SDP to XML!");
             [self handleEndCallActionWithReason:MLCallFinishReasonError];
@@ -1568,6 +1561,14 @@ -(void) processIncomingSDP:(NSNotification*) notification
                     return;
                 }
             }
+            
+            //all calls in encrypted chats eventually reach this point (either as session-initiate or as session-accept)
+            //--> check if we allow unverified calls and abort if the call is unverified and this isn't allowed
+            if(![[HelperTools defaultsDB] boolForKey:@"allowUnverifiedCalls"] && self.encryptionState == MLCallEncryptionStateClear)
+            {
+                [self handleEndCallActionWithReason:MLCallFinishReasonSecurityError];
+                return;
+            }
         }
         else
             self.encryptionState = MLCallEncryptionStateClear;
@@ -1765,15 +1766,22 @@ -(void) handleAudioRouteChangeNotification:(NSNotification*) notification
 
 -(MLCallEncryptionState) encryptionTypeForDeviceid:(NSNumber* _Nonnull) deviceid
 {
+    //problem is: an attacking server could simply strip out the omemo deviceid from the <proceed> to downgrade us to a non-verified call
+    //dropping calls from a device not trusted but known, would not improve security because the attacker using that device could simply
+    //strip off the omemo deviceid from the <proceed>
+    //--> simply report those calls as unverified (MLCallEncryptionStateClear)
+    //if configured to not allow unverified calls, we drop all MLCallEncryptionStateClear calls in processIncomingSDP
+    
     NSNumber* trustLevel = [self.account.omemo getTrustLevelForJid:self.contact.contactJid andDeviceId:deviceid];
+    DDLogVerbose(@"Trust level: %@", trustLevel);
+    
     if(trustLevel == nil)
         return MLCallEncryptionStateClear;
-    switch(trustLevel.intValue)
-    {
-        case MLOmemoTrusted: return MLCallEncryptionStateTrusted;
-        case MLOmemoToFU: return MLCallEncryptionStateToFU;
-        default: return MLCallEncryptionStateClear;
-    }
+    else if([MLSignalStore acceptedTrustLevel:trustLevel.intValue withTofu:NO andOutgoing:(self.direction == MLCallDirectionOutgoing)])
+        return MLCallEncryptionStateTrusted;
+    else if([MLSignalStore acceptedTrustLevel:trustLevel.intValue withTofu:YES andOutgoing:(self.direction == MLCallDirectionOutgoing)])
+        return MLCallEncryptionStateToFU;
+    return MLCallEncryptionStateClear;
 }
 
 -(BOOL) encryptFingerprintsInChildren:(NSArray<MLXMLNode*>*) children
@@ -1820,7 +1828,7 @@ -(BOOL) decryptFingerprintsInIqNode:(XMPPIQ*) iqNode
             DDLogWarn(@"More than one OMEMO envelope found!");
             return NO;
         }
-        NSString* decryptedFingerprint = [self.account.omemo decryptOmemoEnvelope:[fingerprintNode findFirst:@"{eu.siacs.conversations.axolotl}encrypted"] forSenderJid:self.contact.contactJid andReturnErrorString:NO];
+        NSString* decryptedFingerprint = [self.account.omemo decryptOmemoEnvelope:[fingerprintNode findFirst:@"{eu.siacs.conversations.axolotl}encrypted"] forSenderJid:self.contact.contactJid inMuc:nil andReturnErrorString:NO];
         if(decryptedFingerprint == nil)
         {
             DDLogWarn(@"Could not decrypt OMEMO encrypted fingerprint!");

Monal/Classes/MLIQProcessor.m

@@ -204,6 +204,7 @@ +(void) processErrorIq:(XMPPIQ*) iqNode forAccount:(xmpp*) account
         }
         return;
     }
+    //we need to check for the rsm/last element because of a weird ejabberd bug sending complete=false, but no rsm last element
     if(![[iqNode findFirst:@"{urn:xmpp:mam:2}fin@complete|bool"] boolValue] && [iqNode check:@"{urn:xmpp:mam:2}fin/{http://jabber.org/protocol/rsm}set/last#"])
     {
         DDLogVerbose(@"Paging through mam catchup results at %@ with after: %@", account.connectionProperties.identity.jid, [iqNode findFirst:@"{urn:xmpp:mam:2}fin/{http://jabber.org/protocol/rsm}set/last#"]);
@@ -212,7 +213,7 @@ +(void) processErrorIq:(XMPPIQ*) iqNode forAccount:(xmpp*) account
         [pageQuery setMAMQueryAfter:[iqNode findFirst:@"{urn:xmpp:mam:2}fin/{http://jabber.org/protocol/rsm}set/last#"]];
         [account sendIq:pageQuery withHandler:$newHandler(self, handleCatchup, $BOOL(secondTry, NO))];
     }
-    else if([[iqNode findFirst:@"{urn:xmpp:mam:2}fin@complete|bool"] boolValue])
+    else
     {
         DDLogVerbose(@"Mam catchup finished for %@", account.connectionProperties.identity.jid);
         [account mamFinishedFor:account.connectionProperties.identity.jid];

Monal/Classes/MLOMEMO.h

@@ -32,7 +32,7 @@ NS_ASSUME_NONNULL_BEGIN
  */
 -(MLXMLNode* _Nullable) encryptString:(NSString* _Nullable) message toDeviceids:(NSDictionary<NSString*, NSSet<NSNumber*>*>*) contactDeviceMap;
 -(void) encryptMessage:(XMPPMessage*) messageNode withMessage:(NSString* _Nullable) message toContact:(NSString*) toContact;
--(NSString* _Nullable) decryptOmemoEnvelope:(MLXMLNode*) envelope forSenderJid:(NSString*) senderJid andReturnErrorString:(BOOL) returnErrorString;
+-(NSString* _Nullable) decryptOmemoEnvelope:(MLXMLNode*) envelope forSenderJid:(NSString*) senderJid inMuc:(NSString* _Nullable) mucJid andReturnErrorString:(BOOL) returnErrorString;
 -(NSString* _Nullable) decryptMessage:(XMPPMessage*) messageNode withMucParticipantJid:(NSString* _Nullable) mucParticipantJid;
 
 -(NSSet<NSNumber*>*) knownDevicesForAddressName:(NSString*) addressName;