librelist archives

« back to archive

OTR

OTR

From:
Elkom
Date:
2014-10-06 @ 21:08
Hi

OTR works correctly with Pidgin pnly. I use Pidgin as an "office side"
of the Converse.JS. I tried Xabber and CryptoChat on Android without
success. On the PC I tried all other clients and the result is the same.
Base64 encoded ?OTR?........ in a text window instead of silent key
exchange.
Pidgin is OK but there must be something wrong. A setting somewhere? It
looks like the negotiation headers are not compatible. Other Jabber
clients don't recognize what converse.js is sending. Only Pidgin
understands it.

---
This email is free from viruses and malware because avast! Antivirus 
protection is active.
http://www.avast.com

Re: [conversejs] OTR

From:
Jc Brand
Date:
2014-10-07 @ 07:42
On Mon, Oct 06, 2014 at 11:08:21PM +0200, ELKOM wrote:
> Hi
> 
> OTR works correctly with Pidgin pnly. I use Pidgin as an "office side"
> of the Converse.JS. I tried Xabber and CryptoChat on Android without
> success. On the PC I tried all other clients and the result is the same.
> Base64 encoded ?OTR?........ in a text window instead of silent key
> exchange.
> Pidgin is OK but there must be something wrong. A setting somewhere? It
> looks like the negotiation headers are not compatible. Other Jabber
> clients don't recognize what converse.js is sending. Only Pidgin
> understands it.

If the bug is in converse.js, and not in otr.js (which sounds likely), then the
first place I would look is in the receiveMessage method:


https://github.com/jcbrand/converse.js/blob/72753e209ce19282b2d22d0b3d4cbe0f40f9dc3d/converse.js#L969

I'm guessing that the other OTR-enabled clients initiate OTR slightly
differently than Pidgin, and that the regex on line 969 doesn't match it.

Re: [conversejs] OTR

From:
Elkom
Date:
2014-10-07 @ 11:41
> If the bug is in converse.js, and not in otr.js (which sounds likely), then the
> first place I would look is in the receiveMessage method:
> 
> 
https://github.com/jcbrand/converse.js/blob/72753e209ce19282b2d22d0b3d4cbe0f40f9dc3d/converse.js#L969
> 
> I'm guessing that the other OTR-enabled clients initiate OTR slightly
> differently than Pidgin, and that the regex on line 969 doesn't match it.

Converse sends it:
?OTR,1,2,?OTR:AAIKAAAA
?OTR,2,2,tIBhCn6yr
Only Pidgin understands it.
All other clients simply receive it as a text message.

You have in your code this:
if (text.match(/^\?OTRv23?/)) {


---
This email is free from viruses and malware because avast! Antivirus 
protection is active.
http://www.avast.com

Re: [conversejs] OTR

From:
Elkom
Date:
2014-10-07 @ 12:01
Again:-)

This is Converse'es job:
?OTR,1,2,?OTR:AAIKAAAA
?OTR,2,2,tIBhCn6yr

Converse starts transmitting it when OTR is being initiated on the
website. I only receive it passively.

For a certain reason most Jabber clients do NOT understand it. Only
Pidgin understands it. All others interpret it as a normal unencrypted
message.
This is initial sequence initiated by the Converse.


---
This email is free from viruses and malware because avast! Antivirus 
protection is active.
http://www.avast.com

Re: [conversejs] OTR

From:
Jc Brand
Date:
2014-10-07 @ 14:22
On Tue, Oct 07, 2014 at 02:01:57PM +0200, ELKOM wrote:
> Again:-)
> 
> This is Converse'es job:
> ?OTR,1,2,?OTR:AAIKAAAA
> ?OTR,2,2,tIBhCn6yr
> 
> Converse starts transmitting it when OTR is being initiated on the
> website. I only receive it passively.
> 
> For a certain reason most Jabber clients do NOT understand it. Only
> Pidgin understands it. All others interpret it as a normal unencrypted
> message.
> This is initial sequence initiated by the Converse.

Looking at the code, it appears as if that query is created by otr.js in 
the sendQueryMsg method:

https://github.com/arlolra/otr/blob/be50ec34ebe14b5d22180928c4df651c0ff95b34/build/otr.js#L2419

Looking at the OTR spec, the query message they specify in the spec looks slightly
different than what you wrote above.

See OTR Query Messages, here:  https://otr.cypherpunks.ca/Protocol-v3-4.0.0.html

Arlo Breault, who wrote otr.js might be able to tell you why.

Re: [conversejs] OTR

From:
Elkom
Date:
2014-10-07 @ 14:50
> See OTR Query Messages, here:  https://otr.cypherpunks.ca/Protocol-v3-4.0.0.html
> 
> Arlo Breault, who wrote otr.js might be able to tell you why.

How to contact him? Does he read this list?



---
This email is free from viruses and malware because avast! Antivirus 
protection is active.
http://www.avast.com

Re: [conversejs] OTR

From:
Jc Brand
Date:
2014-10-07 @ 15:24
On Tue, Oct 07, 2014 at 04:50:49PM +0200, ELKOM wrote:
> > See OTR Query Messages, here:  
https://otr.cypherpunks.ca/Protocol-v3-4.0.0.html
> > 
> > Arlo Breault, who wrote otr.js might be able to tell you why.
> 
> How to contact him? Does he read this list?

His email address is on his github page.