File 0001-Add-a-verification-key-that-s-displayed-wh... of Package kdeconnect-kde.16873

Overview Repositories Revisions Requests Users Attributes Meta

File 0001-Add-a-verification-key-that-s-displayed-when-pairing.patch of Package kdeconnect-kde.16873

From 76075427cd5f735627eb3cc16e7340e865ab9ed9 Mon Sep 17 00:00:00 2001
From: Luca Beltrame <lbeltrame@kde.org>
Date: Tue, 22 Dec 2020 17:13:00 +0100
Subject: [PATCH] Add a verification key that's displayed when pairing

The key is a sha256 of both devices' certificates. Both should generate the
same key, so hey user can check they are pairing against the right device.

diff --git a/core/backends/devicelink.h b/core/backends/devicelink.h
index c11c2796..c874a905 100644
--- a/core/backends/devicelink.h
+++ b/core/backends/devicelink.h
@@ -29,6 +29,7 @@ class PairingHandler;
 class NetworkPacket;
 class LinkProvider;
 class Device;
+class QSslCertificate;

class DeviceLink
     : public QObject
@@ -58,6 +59,8 @@ public:
     //The daemon will periodically destroy unpaired links if this returns false
     virtual bool linkShouldBeKeptAlive() { return false; }

+    virtual QSslCertificate certificate() const = 0;
+
 Q_SIGNALS:
     void pairingRequest(PairingHandler* handler);
     void pairingRequestExpired(PairingHandler* handler);
diff --git a/core/backends/lan/landevicelink.cpp b/core/backends/lan/landevicelink.cpp
index 41af6f0e..d31aecc7 100644
--- a/core/backends/lan/landevicelink.cpp
+++ b/core/backends/lan/landevicelink.cpp
@@ -178,8 +178,7 @@ void LanDeviceLink::setPairStatus(PairStatus status)
     DeviceLink::setPairStatus(status);
     if (status == Paired) {
         Q_ASSERT(KdeConnectConfig::instance().trustedDevices().contains(deviceId()));
-        Q_ASSERT(!m_socketLineReader->peerCertificate().isNull());
-        KdeConnectConfig::instance().setDeviceProperty(deviceId(), QStringLiteral("certificate"), QString::fromLatin1(m_socketLineReader->peerCertificate().toPem().data()));
+        KdeConnectConfig::instance().setDeviceProperty(deviceId(), QStringLiteral("certificate"), QString::fromLatin1(certificate().toPem()));
     }
 }

diff --git a/core/backends/lan/landevicelink.h b/core/backends/lan/landevicelink.h
index 485c58b5..f218d063 100644
--- a/core/backends/lan/landevicelink.h
+++ b/core/backends/lan/landevicelink.h
@@ -56,7 +56,7 @@ public:
     bool linkShouldBeKeptAlive() override;

QHostAddress hostAddress() const;
-    QSslCertificate certificate() const;
+    QSslCertificate certificate() const override;

private Q_SLOTS:
     void dataReceived();
diff --git a/core/backends/loopback/loopbackdevicelink.h b/core/backends/loopback/loopbackdevicelink.h
index 54b016a7..444d7c4e 100644
--- a/core/backends/loopback/loopbackdevicelink.h
+++ b/core/backends/loopback/loopbackdevicelink.h
@@ -22,6 +22,7 @@
 #define LOOPBACKDEVICELINK_H

#include "../devicelink.h"
+#include <QSslCertificate>

class LoopbackLinkProvider;

@@ -37,6 +38,8 @@ public:

void userRequestsPair() override { setPairStatus(Paired); }
     void userRequestsUnpair() override { setPairStatus(NotPaired); }
+
+    QSslCertificate certificate() const override { return QSslCertificate(); }
 };

#endif
diff --git a/core/device.cpp b/core/device.cpp
index 32e20179..c30cebd5 100644
--- a/core/device.cpp
+++ b/core/device.cpp
@@ -23,6 +23,7 @@
 #include <QVector>
 #include <QSet>
 #include <QSslCertificate>
+#include <QSslKey>

#include <KSharedConfig>
 #include <KConfigGroup>
@@ -540,25 +541,47 @@ bool Device::isPluginEnabled(const QString& pluginName) const
 QString Device::encryptionInfo() const
 {
 QString result;
- QCryptographicHash::Algorithm digestAlgorithm = QCryptographicHash::Algorithm::Sha1;
+ const QCryptographicHash::Algorithm digestAlgorithm = QCryptographicHash::Algorithm::Sha256;

- QString localSha1 = QString::fromLatin1(KdeConnectConfig::instance().certificate().digest(digestAlgorithm).toHex());
- for (int i = 2; i<localSha1.size(); i += 3) {
- localSha1.insert(i, QStringLiteral(":")); // Improve readability
+ QString localChecksum = QString::fromLatin1(KdeConnectConfig::instance().certificate().digest(digestAlgorithm).toHex());
+ for (int i = 2; i<localChecksum.size(); i += 3) {
+ localChecksum.insert(i, QStringLiteral(":")); // Improve readability
 }
- result += i18n("SHA1 fingerprint of your device certificate is: %1\n", localSha1);
+ result += i18n("SHA256 fingerprint of your device certificate is: %1\n", localChecksum);

std::string remotePem = KdeConnectConfig::instance().getDeviceProperty(id(), QStringLiteral("certificate")).toStdString();
 QSslCertificate remoteCertificate = QSslCertificate(QByteArray(remotePem.c_str(), (int)remotePem.size()));
- QString remoteSha1 = QString::fromLatin1(remoteCertificate.digest(digestAlgorithm).toHex());
- for (int i = 2; i < remoteSha1.size(); i += 3) {
- remoteSha1.insert(i, QStringLiteral(":")); // Improve readability
+ QString remoteChecksum = QString::fromLatin1(remoteCertificate.digest(digestAlgorithm).toHex());
+ for (int i = 2; i < remoteChecksum.size(); i += 3) {
+ remoteChecksum.insert(i, QStringLiteral(":")); // Improve readability
 }
- result += i18n("SHA1 fingerprint of remote device certificate is: %1\n", remoteSha1);
+ result += i18n("SHA256 fingerprint of remote device certificate is: %1\n", remoteChecksum);

return result;
 }

+QSslCertificate Device::certificate() const
+{
+ if (!d->m_deviceLinks.isEmpty()) {
+ return d->m_deviceLinks[0]->certificate();
+ }
+ return QSslCertificate();
+}
+
+QByteArray Device::verificationKey() const
+{
+ auto a = KdeConnectConfig::instance().certificate().publicKey().toDer();
+ auto b = certificate().publicKey().toDer();
+ if (a < b) {
+ std::swap(a, b);
+ }
+
+ QCryptographicHash hash(QCryptographicHash::Sha256);
+ hash.addData(a);
+ hash.addData(b);
+ return hash.result().toHex();
+}
+
 QString Device::pluginIconName(const QString& pluginName)
 {
 if (hasPlugin(pluginName)) {
diff --git a/core/device.h b/core/device.h
index 9b6dd9bc..66fc0965 100644
--- a/core/device.h
+++ b/core/device.h
@@ -78,6 +78,7 @@ public:
 QString type() const;
 QString iconName() const;
 QString statusIconName() const;
+ Q_SCRIPTABLE QByteArray verificationKey() const;
 Q_SCRIPTABLE QString encryptionInfo() const;

//Add and remove links
@@ -144,6 +145,7 @@ private: //Methods

void setName(const QString& name);
     QString iconForStatus(bool reachable, bool paired) const;
+    QSslCertificate certificate() const;

private:
 class DevicePrivate;
diff --git a/daemon/kdeconnectd.cpp b/daemon/kdeconnectd.cpp
index a81ec3fd..a94eb0e4 100644
--- a/daemon/kdeconnectd.cpp
+++ b/daemon/kdeconnectd.cpp
@@ -62,14 +62,17 @@ public:
 notification->setIconName(QStringLiteral("dialog-information"));
 notification->setComponentName(QStringLiteral("kdeconnect"));
 notification->setTitle(QStringLiteral("KDE Connect"));
- notification->setText(i18n("Pairing request from %1", device->name().toHtmlEscaped()));
+ notification->setText(i18n("Pairing request from %1\n Key: %2...", device->name().toHtmlEscaped(), QString::fromUtf8(device->verificationKey().left(8))));
 notification->setDefaultAction(i18n("Open"));
- notification->setActions(QStringList() << i18n("Accept") << i18n("Reject"));
+ notification->setActions(QStringList() << i18n("Accept") << i18n("Reject") << i18n("View key"));
 connect(notification, &KNotification::action1Activated, device, &Device::acceptPairing);
 connect(notification, &KNotification::action2Activated, device, &Device::rejectPairing);
- connect(notification, QOverload<>::of(&KNotification::activated), this, []{
- QProcess::startDetached(QStringLiteral("kdeconnect-settings"));
- });
+ QString deviceId = device->id();
+ auto openSettings = [this, deviceId] {
+ QProcess::startDetached(QStringLiteral("kdeconnect-settings"), QStringList() << QStringLiteral("--args") << deviceId);
+ };
+ connect(notification, &KNotification::action3Activated, openSettings);
+ connect(notification, QOverload<>::of(&KNotification::activated), openSettings);
 notification->sendEvent();
 }

diff --git a/kcm/kcm.cpp b/kcm/kcm.cpp
index 721a5166..b21d98ad 100644
--- a/kcm/kcm.cpp
+++ b/kcm/kcm.cpp
@@ -235,6 +235,7 @@ void KdeConnectKcm::resetDeviceView()
     delete kcmUi->pluginSelector;
     kcmUi->pluginSelector = new KPluginSelector(this);
     kcmUi->deviceInfo_layout->addWidget(kcmUi->pluginSelector);
+    kcmUi->verificationKey->setText(i18n("Key: %1", QString::fromUtf8(currentDevice->verificationKey())));

kcmUi->pluginSelector->setConfigurationArguments(QStringList(currentDevice->id()));

diff --git a/kcm/kcm.ui b/kcm/kcm.ui
index 706f106b..08ea0812 100644
--- a/kcm/kcm.ui
+++ b/kcm/kcm.ui
@@ -6,7 +6,7 @@
 <rect>
 <x>0</x>
 <y>0</y>
- <width>965</width>
+ <width>1198</width>
 <height>528</height>
 </rect>
 </property>
@@ -143,34 +143,85 @@
 <enum>QLayout::SetMaximumSize</enum>
 </property>
 <item>
- <widget class="QLabel" name="name_label">
- <property name="font">
- 
- <pointsize>10</pointsize>
- <weight>75</weight>
- <bold>true</bold>
- 
- </property>
- <property name="text">
- <string>Device</string>
- </property>
- <property name="textFormat">
- <enum>Qt::PlainText</enum>
- </property>
- </widget>
- </item>
- <item>
- <widget class="QLabel" name="status_label">
- <property name="sizePolicy">
- <sizepolicy hsizetype="Preferred" vsizetype="Preferred">
- <horstretch>0</horstretch>
- <verstretch>0</verstretch>
- </sizepolicy>
- </property>
- <property name="text">
- <string>(status)</string>
- </property>
- </widget>
+ <layout class="QVBoxLayout" name="verticalLayout_2">
+ <item>
+ <widget class="QWidget" name="deviceAndStatus" native="true">
+ <property name="sizePolicy">
+ <sizepolicy hsizetype="Minimum" vsizetype="Preferred">
+ <horstretch>0</horstretch>
+ <verstretch>0</verstretch>
+ </sizepolicy>
+ </property>
+ <layout class="QHBoxLayout" name="deviceAndStatus_layout">
+ <property name="spacing">
+ <number>6</number>
+ </property>
+ <property name="leftMargin">
+ <number>0</number>
+ </property>
+ <property name="topMargin">
+ <number>0</number>
+ </property>
+ <property name="rightMargin">
+ <number>0</number>
+ </property>
+ <property name="bottomMargin">
+ <number>0</number>
+ </property>
+ <item>
+ <widget class="QLabel" name="name_label">
+ <property name="font">
+ 
+ <pointsize>10</pointsize>
+ <weight>75</weight>
+ <bold>true</bold>
+ 
+ </property>
+ <property name="text">
+ <string>Device</string>
+ </property>
+ <property name="textFormat">
+ <enum>Qt::PlainText</enum>
+ </property>
+ </widget>
+ </item>
+ <item>
+ <widget class="QLabel" name="status_label">
+ <property name="sizePolicy">
+ <sizepolicy hsizetype="Preferred" vsizetype="Preferred">
+ <horstretch>0</horstretch>
+ <verstretch>0</verstretch>
+ </sizepolicy>
+ </property>
+ <property name="text">
+ <string>(status)</string>
+ </property>
+ </widget>
+ </item>
+ <item>
+ <spacer name="horizontalSpacer_3">
+ <property name="orientation">
+ <enum>Qt::Horizontal</enum>
+ </property>
+ <property name="sizeHint" stdset="0">
+ <size>
+ <width>40</width>
+ <height>20</height>
+ </size>
+ </property>
+ </spacer>
+ </item>
+ </layout>
+ </widget>
+ </item>
+ <item>
+ <widget class="QLabel" name="verificationKey">
+ <property name="text">
+ <string>🔑 abababab</string>
+ </property>
+ </widget>
+ </item>
+ </layout>
 </item>
 <item>
 <spacer name="horizontalSpacer">
--
2.29.2

Places

File 0001-Add-a-verification-key-that-s-displayed-when-pairing.patch of Package kdeconnect-kde.16873

Places