#16537: TextSecure libpurple support

classic Classic list List threaded Threaded
19 messages Options
Reply | Threaded
Open this post in threaded view
|

#16537: TextSecure libpurple support

Pidgin
#16537: TextSecure libpurple support
---------------------+--------------------------
 Reporter:  onny     |      Owner:  EionRobb
     Type:  defect   |     Status:  new
Milestone:           |  Component:  unclassified
  Version:  2.10.11  |   Keywords:
---------------------+--------------------------
 Hey,
 somone is working on a Go library for the WhisperSystem TextSecure secure
 mobile messaging protocol https://github.com/janimo/textsecure
 The original Android program can be found here
 https://github.com/WhisperSystems/TextSecure

 So someone with good C skills could now easily write a libpurple protocol,
 right?

 I might give it a try but I'm not that good in such things ...

 Best regards,
 Jonas

--
Ticket URL: <https://developer.pidgin.im/ticket/16537>
Pidgin <https://pidgin.im>
Pidgin
_______________________________________________
Tracker mailing list
[hidden email]
https://pidgin.im/cgi-bin/mailman/listinfo/tracker
Reply | Threaded
Open this post in threaded view
|

Re: #16537: TextSecure libpurple support

Pidgin
#16537: TextSecure libpurple support
---------------------+---------------------------
 Reporter:  onny     |       Owner:  EionRobb
     Type:  defect   |      Status:  new
Milestone:           |   Component:  unclassified
  Version:  2.10.11  |  Resolution:
 Keywords:           |
---------------------+---------------------------

Comment (by EionRobb):

 Probably worth having a link to the protocol docs for reference
 https://github.com/WhisperSystems/TextSecure/wiki/ProtocolV2

--
Ticket URL: <https://developer.pidgin.im/ticket/16537#comment:1>
Pidgin <https://pidgin.im>
Pidgin
_______________________________________________
Tracker mailing list
[hidden email]
https://pidgin.im/cgi-bin/mailman/listinfo/tracker
Reply | Threaded
Open this post in threaded view
|

Re: #16537: TextSecure libpurple support

Pidgin
In reply to this post by Pidgin
#16537: TextSecure libpurple support
----------------------------+-----------------------
 Reporter:  onny            |       Owner:  EionRobb
     Type:  plugin request  |      Status:  new
Milestone:                  |   Component:  plugins
  Version:  2.10.11         |  Resolution:
 Keywords:                  |
----------------------------+-----------------------
Changes (by salinasv):

 * component:  unclassified => plugins
 * type:  defect => plugin request


--
Ticket URL: <https://developer.pidgin.im/ticket/16537#comment:2>
Pidgin <https://pidgin.im>
Pidgin
_______________________________________________
Tracker mailing list
[hidden email]
https://pidgin.im/cgi-bin/mailman/listinfo/tracker
Reply | Threaded
Open this post in threaded view
|

Re: #16537: TextSecure libpurple support

Pidgin
In reply to this post by Pidgin
#16537: TextSecure libpurple support
----------------------------+-----------------------
 Reporter:  onny            |       Owner:  EionRobb
     Type:  plugin request  |      Status:  new
Milestone:                  |   Component:  plugins
  Version:  2.10.11         |  Resolution:
 Keywords:                  |
----------------------------+-----------------------

Comment (by calestyo):

 Anything new on this?

 TextSecure (the protocol, not the way the app uses it) seems to be
 superior over OTR...so it would be great to have it in pidgin.

--
Ticket URL: <https://developer.pidgin.im/ticket/16537#comment:3>
Pidgin <https://pidgin.im>
Pidgin
_______________________________________________
Tracker mailing list
[hidden email]
https://pidgin.im/cgi-bin/mailman/listinfo/tracker
Reply | Threaded
Open this post in threaded view
|

Re: #16537: TextSecure libpurple support

Pidgin
In reply to this post by Pidgin
#16537: TextSecure libpurple support
----------------------------+-----------------------
 Reporter:  onny            |       Owner:  EionRobb
     Type:  plugin request  |      Status:  new
Milestone:                  |   Component:  plugins
  Version:  2.10.11         |  Resolution:
 Keywords:                  |
----------------------------+-----------------------

Comment (by mmcco):

 The protocol is known as Axolotl. There's a link to its specification
 above.

 It's superior to OTR in the sense that it's a self-contained protocol
 rather than a protocol-agnostic layer. This makes things like file and
 media transfer easier. OTR is generally considered pretty bulletproof in
 terms of pure security, though. I think the difference between the two
 might be less than you think because Text^^Secure offers lots of nice
 features that no common OTR-supporting client does.

 My main question is how much the Pidgin version would be able to interact
 with Text^^Secure proper. With the official client you need to register
 your phone number with SMS verification, right? Where would people be
 getting their accounts, and who could they chat with?

 I agree that it would be interesting, but I don't think anyone's working
 on it. If there's an appropriately licensed and stable C library for
 Axolotl, it might be easy. If you have any ideas, please share.

--
Ticket URL: <https://developer.pidgin.im/ticket/16537#comment:4>
Pidgin <https://pidgin.im>
Pidgin
_______________________________________________
Tracker mailing list
[hidden email]
https://pidgin.im/cgi-bin/mailman/listinfo/tracker
Reply | Threaded
Open this post in threaded view
|

Re: #16537: TextSecure libpurple support

Pidgin
In reply to this post by Pidgin
#16537: TextSecure libpurple support
----------------------------+-----------------------
 Reporter:  onny            |       Owner:  EionRobb
     Type:  plugin request  |      Status:  new
Milestone:                  |   Component:  plugins
  Version:  2.10.11         |  Resolution:
 Keywords:                  |
----------------------------+-----------------------

Comment (by guillaume):

 There's a python library for Axolotl:

 "Python port of libaxolotl-android, originally written by Moxie
 Marlinspik"

 On python.org: https://pypi.python.org/pypi/python-axolotl/0.1.6
 On debian.org: https://packages.debian.org/stretch/python-axolotl

--
Ticket URL: <https://developer.pidgin.im/ticket/16537#comment:5>
Pidgin <https://pidgin.im>
Pidgin
_______________________________________________
Tracker mailing list
[hidden email]
https://pidgin.im/cgi-bin/mailman/listinfo/tracker
Reply | Threaded
Open this post in threaded view
|

Re: #16537: TextSecure libpurple support

Pidgin
In reply to this post by Pidgin
#16537: TextSecure libpurple support
----------------------------+-----------------------
 Reporter:  onny            |       Owner:  EionRobb
     Type:  plugin request  |      Status:  new
Milestone:                  |   Component:  plugins
  Version:  2.10.11         |  Resolution:
 Keywords:                  |
----------------------------+-----------------------

Comment (by mmcco):

 IIUC, we wouldn't be able to use a Python implementation (or any non-C
 implementation) until GObjectification (#35) is complete. There's also a
 Golang implementation, which I'd be more apt to trust because static
 languages are generally far safer for crypto. My two cents.

--
Ticket URL: <https://developer.pidgin.im/ticket/16537#comment:6>
Pidgin <https://pidgin.im>
Pidgin
_______________________________________________
Tracker mailing list
[hidden email]
https://pidgin.im/cgi-bin/mailman/listinfo/tracker
Reply | Threaded
Open this post in threaded view
|

Re: #16537: TextSecure libpurple support

Pidgin
In reply to this post by Pidgin
#16537: TextSecure libpurple support
----------------------------+-----------------------
 Reporter:  onny            |       Owner:  EionRobb
     Type:  plugin request  |      Status:  new
Milestone:                  |   Component:  plugins
  Version:  2.10.11         |  Resolution:
 Keywords:                  |
----------------------------+-----------------------

Comment (by EionRobb):

 A C library of axolotl is available at
 https://github.com/WhisperSystems/libaxolotl-c but it uses (the currently
 GPL incompatible) OpenSSL

--
Ticket URL: <https://developer.pidgin.im/ticket/16537#comment:7>
Pidgin <https://pidgin.im>
Pidgin
_______________________________________________
Tracker mailing list
[hidden email]
https://pidgin.im/cgi-bin/mailman/listinfo/tracker
Reply | Threaded
Open this post in threaded view
|

Re: #16537: TextSecure libpurple support

Pidgin
In reply to this post by Pidgin
#16537: TextSecure libpurple support
----------------------------+-----------------------
 Reporter:  onny            |       Owner:  EionRobb
     Type:  plugin request  |      Status:  new
Milestone:                  |   Component:  plugins
  Version:  2.10.11         |  Resolution:
 Keywords:                  |
----------------------------+-----------------------

Comment (by mmcco):

 It could presumably work with LibreSSL as well. That may not be GPL-
 compatible either due to 4-clause BSD licensed parts. However, maybe the
 fact that it's dependent on a multiply implemented API (OpenSSL's) rather
 than a specific library changes things.

--
Ticket URL: <https://developer.pidgin.im/ticket/16537#comment:8>
Pidgin <https://pidgin.im>
Pidgin
_______________________________________________
Tracker mailing list
[hidden email]
https://pidgin.im/cgi-bin/mailman/listinfo/tracker
Reply | Threaded
Open this post in threaded view
|

Re: #16537: TextSecure libpurple support

Pidgin
In reply to this post by Pidgin
#16537: TextSecure libpurple support
----------------------------+-----------------------
 Reporter:  onny            |       Owner:  EionRobb
     Type:  plugin request  |      Status:  new
Milestone:                  |   Component:  plugins
  Version:  2.10.11         |  Resolution:
 Keywords:                  |
----------------------------+-----------------------

Comment (by Alex71):

 +1

--
Ticket URL: <https://developer.pidgin.im/ticket/16537#comment:9>
Pidgin <https://pidgin.im>
Pidgin
_______________________________________________
Tracker mailing list
[hidden email]
https://pidgin.im/cgi-bin/mailman/listinfo/tracker
Reply | Threaded
Open this post in threaded view
|

Re: #16537: TextSecure libpurple support

Pidgin
In reply to this post by Pidgin
#16537: TextSecure libpurple support
----------------------------+-----------------------
 Reporter:  onny            |       Owner:  EionRobb
     Type:  plugin request  |      Status:  new
Milestone:                  |   Component:  plugins
  Version:  2.10.11         |  Resolution:
 Keywords:                  |
----------------------------+-----------------------

Comment (by doctorlard):

 The README indicates that libaxolotl-c only requires OpenSSL for its unit
 tests, not when integrating libaxolotl.

--
Ticket URL: <https://developer.pidgin.im/ticket/16537#comment:10>
Pidgin <https://pidgin.im>
Pidgin
_______________________________________________
Tracker mailing list
[hidden email]
https://pidgin.im/cgi-bin/mailman/listinfo/tracker
Reply | Threaded
Open this post in threaded view
|

Re: #16537: TextSecure libpurple support

Pidgin
In reply to this post by Pidgin
#16537: TextSecure libpurple support
----------------------------+-----------------------
 Reporter:  onny            |       Owner:  EionRobb
     Type:  plugin request  |      Status:  new
Milestone:                  |   Component:  plugins
  Version:  2.10.11         |  Resolution:
 Keywords:                  |
----------------------------+-----------------------

Comment (by doctorlard):

 Venn Diagram moment: There also may be some overlap with implementing
 OMEMO in Pidgin, which uses Axolotl over XEP-0163 Personal Eventing
 Protocol. See ticket #16801.

--
Ticket URL: <https://developer.pidgin.im/ticket/16537#comment:11>
Pidgin <https://pidgin.im>
Pidgin
_______________________________________________
Tracker mailing list
[hidden email]
https://pidgin.im/cgi-bin/mailman/listinfo/tracker
Reply | Threaded
Open this post in threaded view
|

Re: #16537: TextSecure libpurple support

Pidgin
In reply to this post by Pidgin
#16537: TextSecure libpurple support
----------------------------+-----------------------
 Reporter:  onny            |       Owner:  EionRobb
     Type:  plugin request  |      Status:  new
Milestone:                  |   Component:  plugins
  Version:  2.10.11         |  Resolution:
 Keywords:                  |
----------------------------+-----------------------

Comment (by EionRobb):

 looks like libaxolotl-c has a ssl layer in it (struct
 axolotl_crypto_provider) to be able to specify ssl implementations, so
 that it doesn't have to rely on one crypto lib (libpurple has a similar
 thing with ssl backends)

 Unfortunately, it requires implementations of hmac-sha256, sha512 and aes,
 of which libpurple only has ciphers for hmac-sha256

 still, more good news about not needing openssl

--
Ticket URL: <https://developer.pidgin.im/ticket/16537#comment:12>
Pidgin <https://pidgin.im>
Pidgin
_______________________________________________
Tracker mailing list
[hidden email]
https://pidgin.im/cgi-bin/mailman/listinfo/tracker
Reply | Threaded
Open this post in threaded view
|

Re: #16537: TextSecure libpurple support

Pidgin
In reply to this post by Pidgin
#16537: TextSecure libpurple support
----------------------------+-----------------------
 Reporter:  onny            |       Owner:  EionRobb
     Type:  plugin request  |      Status:  new
Milestone:                  |   Component:  plugins
  Version:  2.10.11         |  Resolution:
 Keywords:                  |
----------------------------+-----------------------

Comment (by EionRobb):

 https://github.com/WhisperSystems/TextSecure-Server/wiki/API-Protocol
 (thanks dx)

--
Ticket URL: <https://developer.pidgin.im/ticket/16537#comment:13>
Pidgin <https://pidgin.im>
Pidgin
_______________________________________________
Tracker mailing list
[hidden email]
https://pidgin.im/cgi-bin/mailman/listinfo/tracker
Reply | Threaded
Open this post in threaded view
|

Re: #16537: TextSecure libpurple support

Pidgin
In reply to this post by Pidgin
#16537: TextSecure libpurple support
----------------------------+-----------------------
 Reporter:  onny            |       Owner:  EionRobb
     Type:  plugin request  |      Status:  new
Milestone:                  |   Component:  plugins
  Version:  2.10.11         |  Resolution:
 Keywords:                  |
----------------------------+-----------------------

Comment (by salinasv):

 Glib have hmac and checksums

 https://developer.gnome.org/glib/stable/glib-Data-Checksums.htm
 https://developer.gnome.org/glib/stable/glib-Data-HMACs.html

 It is true, this is only for glib 2.30 and 2.42... but.. you know, we can
 always bump or do a compatibility layer. ;-)

--
Ticket URL: <https://developer.pidgin.im/ticket/16537#comment:14>
Pidgin <https://pidgin.im>
Pidgin
_______________________________________________
Tracker mailing list
[hidden email]
https://pidgin.im/cgi-bin/mailman/listinfo/tracker
Reply | Threaded
Open this post in threaded view
|

Re: #16537: TextSecure libpurple support

Pidgin
In reply to this post by Pidgin
#16537: TextSecure libpurple support
----------------------------+-----------------------
 Reporter:  onny            |       Owner:  EionRobb
     Type:  plugin request  |      Status:  new
Milestone:                  |   Component:  plugins
  Version:  2.10.11         |  Resolution:
 Keywords:                  |
----------------------------+-----------------------

Comment (by herbsmn):

 Would it be wise to merge this ticket with
 https://developer.pidgin.im/ticket/16801 ?

--
Ticket URL: <https://developer.pidgin.im/ticket/16537#comment:15>
Pidgin <https://pidgin.im>
Pidgin
_______________________________________________
Tracker mailing list
[hidden email]
https://pidgin.im/cgi-bin/mailman/listinfo/tracker
Reply | Threaded
Open this post in threaded view
|

Re: #16537: TextSecure libpurple support

Pidgin
In reply to this post by Pidgin
#16537: TextSecure libpurple support
----------------------------+-----------------------
 Reporter:  onny            |       Owner:  EionRobb
     Type:  plugin request  |      Status:  new
Milestone:                  |   Component:  plugins
  Version:  2.10.11         |  Resolution:
 Keywords:                  |
----------------------------+-----------------------

Comment (by EionRobb):

 Replying to [comment:15 herbsmn]:
 > Would it be wise to merge this ticket with
 https://developer.pidgin.im/ticket/16801 ?

 It would be unwise to merge.  That ticket is about adding OMEMO support to
 XMPP whereas this ticket is about adding a new protocol.

 They do coincidentally require the same libaxolotl backend though.

--
Ticket URL: <https://developer.pidgin.im/ticket/16537#comment:16>
Pidgin <https://pidgin.im>
Pidgin
_______________________________________________
Tracker mailing list
[hidden email]
https://pidgin.im/cgi-bin/mailman/listinfo/tracker
Reply | Threaded
Open this post in threaded view
|

Re: #16537: TextSecure libpurple support

Pidgin
In reply to this post by Pidgin
#16537: TextSecure libpurple support
----------------------------+-----------------------
 Reporter:  onny            |       Owner:  EionRobb
     Type:  plugin request  |      Status:  new
Milestone:                  |   Component:  plugins
  Version:  2.10.11         |  Resolution:
 Keywords:                  |
----------------------------+-----------------------

Comment (by kaptoxic):

 +1

--
Ticket URL: <https://developer.pidgin.im/ticket/16537#comment:17>
Pidgin <https://pidgin.im>
Pidgin
_______________________________________________
Tracker mailing list
[hidden email]
https://pidgin.im/cgi-bin/mailman/listinfo/tracker
Reply | Threaded
Open this post in threaded view
|

Re: #16537: TextSecure libpurple support

Pidgin
In reply to this post by Pidgin
#16537: TextSecure libpurple support
----------------------------+-----------------------
 Reporter:  onny            |       Owner:  EionRobb
     Type:  plugin request  |      Status:  new
Milestone:                  |   Component:  plugins
  Version:  2.10.11         |  Resolution:
 Keywords:                  |
----------------------------+-----------------------

Comment (by ampere):

 I would make use of this if it existed. Are there any technical
 limitations or is the only lacking ingredient a person to do the coding?

--
Ticket URL: <https://developer.pidgin.im/ticket/16537#comment:18>
Pidgin <https://pidgin.im>
Pidgin
_______________________________________________
Tracker mailing list
[hidden email]
https://pidgin.im/cgi-bin/mailman/listinfo/tracker