1518172 - Port the ctypes-otr code ( js-ctypes wrapper for libotr) to Thunderbird

Status: RESOLVED FIXED

(Chat Core :: Security: OTR, enhancement)

Description

[Kai Engert [:KaiE:]]

https://github.com/arlolra/ctypes-otr is MPL licensed code that implemented OTR application bindings for the Instantbird and the Tor Messenger projects (both projects now halted).

The suggestion is to modify that code to be compatible with Thunderbird (port it), and import all required parts directly into the comm-central tree (no longer as add-on code).

I anticipate that multiple development cycles will be required until this feature gets accepted as being ready. For example, the user interface will have to be implemented differently than it was in the old applications, and we'll probably have to go through some iterations.

It would be helpful to import an initial stage of the ported code into Thunderbird, but preffed off. From there, we'd then work on further improvements with smaller patches, while allowing developers and testers to manually enable the code by enabling the pref.

In other words, the suggestion is to start with an initial import, with minimal expectations for its functionality, and keep the code disabled (by keeping the pref disabled) until there's agreement that the feature is ready to get exposed to testers/users by default.

Comment 1

[Kai Engert [:KaiE:]]

In order to use the OTR JS code, the binaries of certain libraries are required, as tracked in bug 1518166. It may take us a while to solve that in a native Thunderbird build, see also bug 1518164 and bug 1518091 for background.

To allow us to work on the OTR JS code in parallel to the above, it should be possible to obtain those libraries from another source, and install them manually.

On Linux systems, the distribution's package manager can be used to install the required libraries, for example on Debian systems you can use: apt-get install libotr5 libgcrypt20

For Windows and OSX, I found that https://archive.torproject.org/ contains installers of the old beta of Tor Messenger. I've extracted the required library from the beta version 0.5.0b1 archives. The archives for Windows and OSX contain the OTR library. Apparently the gcrypt and gpg-error libraries are embedded inside the OTR library, so only a single library file will have to be manually installed for testing. I've uploaded copies of the extracted libraries on my server. Although I have verified the signatures of the Tor Messenger archives I had used, please use these files at your own risk, because the extraction didn't happen in a fully secure environment.

OSX
https://kuix.de/mozilla/otr/libotr.dylib
c2511baa0d76865e14f9a4e732147480d8dcf2f33e57e547356374a530185ddb libotr.dylib

Win32
https://kuix.de/mozilla/otr/otr.dll
ae761f96ee4bc74c3c28719568ec5cb44cb61bc651f984b32362cf2ad2b56130 otr.dll

I'll provide more detailed instructions on how to use these files at a later time, once we have something ready for testing.

Comment 2

[Kai Engert [:KaiE:]]

Attachment: Port the ctypes-otr code ( js-ctypes wrapper for libotr) to Thunderbird

Comment 3

[Kai Engert [:KaiE:]]

I've added a dependency on bug 1532967. Without working notifications in the chat code it's not possible to port/test the OTR notifications.

Comment 5

[Kai Engert [:KaiE:]]

Dear Arlolra,
thanks a lot for your great work in https://github.com/arlolra/ctypes-otr and licensing it as MPL, which we're reusing and porting here.

Do you remember why you had disabled the V3 protocol version?
https://github.com/arlolra/ctypes-otr/blob/master/chrome/content/libotr.js#L385

I just enabled it and my first impression is that it seems to work.

Enabling V3 has a positive side effect.
If only V2 is enabled, I can always reproduce bug 1536108.
With V3 enabled, the failure described in bug 1536108 doesn't happen.

As an additional question, you had also disabled OTRL_POLICY_ERROR_START_AKE.
If you have any past memory on why you did, I'd appreciate it a lot!

Comment 6

[arlolra]

Do you remember why you had disabled the V3 protocol version?

This commit,
https://github.com/arlolra/ctypes-otr/commit/1c15b8393e805f844c8f1763c2124ed638c3c99c

points to,
https://github.com/arlolra/ctypes-otr/issues/45#issuecomment-99142846

Hopefully the explanation there is clear. It was mainly because of missing UI support for conversations with multiple sessions, as in https://otr.cypherpunks.ca/help/4.0.1/sessions.php?lang=en

Note the differences between v2 and v2 of the protocol here,
https://otr.cypherpunks.ca/Protocol-v3-4.0.0.html

If only V2 is enabled, I can always reproduce bug 1536108.

Initiating a conversation by sending the query message (3 and 4 in the bug) was something that worked fine in the extension. Can you try downloading an older copy of Instantbird and confirming that it works for you?

As an additional question, you had also disabled OTRL_POLICY_ERROR_START_AKE.

This commit,
https://github.com/arlolra/ctypes-otr/commit/6308c4f29a1f7cfacfb0fa36e348e06bd4116a24

points to,
https://github.com/arlolra/ctypes-otr/issues/55

which describes a potential MITM issue.

Comment 7

[Kai Engert [:KaiE:]]

(In reply to arlolra from comment #6)

If only V2 is enabled, I can always reproduce bug 1536108.

Initiating a conversation by sending the query message (3 and 4 in the bug) was something that worked fine in the extension. Can you try downloading an older copy of Instantbird and confirming that it works for you?

I have a working Tor Messenger 0.5.0b1 (based on Instantbird 1.6a1pre). (I made it work by copying a recent tor executable into its directory.)
I don't know if that version has OTR v3 enabled or disabled.

I also use coyim messenger as a peer to test with.

Test 1:
Chat between Tor Messenger and coyim.
In Tor Messenger, I open conv window, click OTR button and press start.
Tor Messenger shows:

• attempting to start
• private conv started
  In coyim, window doesn't open automatically, but if I open it manually, it says "unverified conv started".
  In other words, it's working.

Test 2:
Chat between Thunderbird and coyim.
In Thunderbird, after clicking "start", nothing else happens.

Comment 8

[Kai Engert [:KaiE:]]

(In reply to Kai Engert (:kaie:) from comment #7)

Test 2:
Chat between Thunderbird and coyim.
In Thunderbird, after clicking "start", nothing else happens.

except "attempting to start" shown in Thunderbird conv window.

Comment 9

[Kai Engert [:KaiE:]]

I found out that Tor Messenger uses OTR v2, only. (By looking at the console output on the receiving side in Thunderbird.)

With some more testing, I see that bug 1536108 only occurs when the remote side is the coyim messenger. If the remote side is either Tor Messenger or pidgin-otr, it works fine.

Let's move this conversation to bug 1536108, where I'll also mention these test results.

Given this result, it might seem reasonable to keep our initial Thunderbird implementation at v2 only.

Comment 10

[Kai Engert [:KaiE:]]

Arlo, thanks a lot for your comment 6. I have filed bug 1550474 to track potential future consideration of v3.

Regarding OTRL_POLICY_ERROR_START_AKE I'll add a source comment that points to the MITM issue 55 you quoted, so future maintainers can find it.

Comment 11

[Kai Engert [:KaiE:]]

Attachment: otr-incremental-20190516.patch

incremental patch to help reviewers

Comment 12

[Kai Engert [:KaiE:]]

Attachment: otr-inc-eslint.patch

We got r+ from Florian in phabricator, and I intend to commit very soon.

A try run showed minor ESlint issues, which this small bustage fix changes. I had messed up function getTrustLevel() a while ago, when addressing ESlint complaints earlier. Variable best_level is no longer required, we had removed it, and I double checked this change is aligned with the expectations of the old code.

Comment 13

[Pulsebot]

Pushed by kaie@kuix.de:
https://hg.mozilla.org/comm-central/rev/88f230af325e
Import ctypes-otr, updated by kaie/aleca. r=florian,clokep,mkmelin