Add support for forwarding room keys to megolm

when we receive a m.forwarded_room_key, add it to the crypto store, but remember who forwarded it to us, so we can decide whether to trust them separately.
2025-11-26 17:03:12 +03:00 · 2017-06-20 12:39:36 +01:00
parent cfa871c076
commit 1f86dbd12f
4 changed files with 153 additions and 25 deletions
--- a/src/crypto/algorithms/megolm.js
+++ b/src/crypto/algorithms/megolm.js
@@ -250,7 +250,7 @@ MegolmEncryption.prototype._prepareNewSession = function() {
    const key = this._olmDevice.getOutboundGroupSessionKey(sessionId);

    this._olmDevice.addInboundGroupSession(
-        this._roomId, this._olmDevice.deviceCurve25519Key, sessionId,
+        this._roomId, this._olmDevice.deviceCurve25519Key, [], sessionId,
        key.key, {ed25519: this._olmDevice.deviceEd25519Key},
    );

@@ -595,7 +595,8 @@ MegolmDecryption.prototype._decryptEvent = function(event, requestKeysOnFail) {
        );
    }

-    event.setClearData(payload, res.senderKey, res.keysClaimed.ed25519);
+    event.setClearData(payload, res.senderKey, res.keysClaimed.ed25519,
+        res.forwardingCurve25519KeyChain);
 };

 MegolmDecryption.prototype._requestKeysForEvent = function(event) {
@@ -645,8 +646,11 @@ MegolmDecryption.prototype._addEventToPendingList = function(event) {
 */
 MegolmDecryption.prototype.onRoomKeyEvent = function(event) {
    const content = event.getContent();
-    const senderKey = event.getSenderKey();
    const sessionId = content.session_id;
+    let senderKey = event.getSenderKey();
+    let forwardingKeyChain = [];
+    let exportFormat = false;
+    let keysClaimed;

    if (!content.room_id ||
        !sessionId ||
@@ -655,15 +659,49 @@ MegolmDecryption.prototype.onRoomKeyEvent = function(event) {
        console.error("key event is missing fields");
        return;
    }
+
    if (!senderKey) {
        console.error("key event has no sender key (not encrypted?)");
        return;
    }

+    if (event.getType() == "m.forwarded_room_key") {
+        exportFormat = true;
+        forwardingKeyChain = content.forwarding_curve25519_key_chain;
+        if (!utils.isArray(forwardingKeyChain)) {
+            forwardingKeyChain = [];
+        }
+
+        // copy content before we modify it
+        forwardingKeyChain = forwardingKeyChain.slice();
+        forwardingKeyChain.push(senderKey);
+
+        senderKey = content.sender_key;
+        if (!senderKey) {
+            console.error("forwarded_room_key event is missing sender_key field");
+            return;
+        }
+
+        const ed25519Key = content.sender_claimed_ed25519_key;
+        if (!ed25519Key) {
+            console.error(
+                `forwarded_room_key_event is missing sender_claimed_ed25519_key field`,
+            );
+            return;
+        }
+
+        keysClaimed = {
+            ed25519: ed25519Key,
+        };
+    } else {
+        keysClaimed = event.getKeysClaimed();
+    }
+
    console.log(`Adding key for megolm session ${senderKey}|${sessionId}`);
    this._olmDevice.addInboundGroupSession(
-        content.room_id, senderKey, sessionId,
-        content.session_key, event.getKeysClaimed(),
+        content.room_id, senderKey, forwardingKeyChain, sessionId,
+        content.session_key, keysClaimed,
+        exportFormat,
    );

    // cancel any outstanding room key requests for this session
@@ -722,22 +760,10 @@ MegolmDecryption.prototype.shareKeysWithDevice = function(keyRequest) {
            + userId + ":" + deviceId,
        );

-        const key = this._olmDevice.getInboundGroupSessionKey(
+        const payload = this._buildKeyForwardingMessage(
            body.room_id, body.sender_key, body.session_id,
        );

-        const payload = {
-            type: "m.forwarded_room_key",
-            content: {
-                algorithm: olmlib.MEGOLM_ALGORITHM,
-                room_id: body.room_id,
-                sender_key: body.sender_key,
-                session_id: body.session_id,
-                session_key: key.key,
-                chain_index: key.chain_index,
-            },
-        };
-
        const encryptedContent = {
            algorithm: olmlib.OLM_ALGORITHM,
            sender_key: this._olmDevice.deviceCurve25519Key,
@@ -765,6 +791,27 @@ MegolmDecryption.prototype.shareKeysWithDevice = function(keyRequest) {
    }).done();
 };

+MegolmDecryption.prototype._buildKeyForwardingMessage = function(
+    roomId, senderKey, sessionId,
+) {
+    const key = this._olmDevice.getInboundGroupSessionKey(
+        roomId, senderKey, sessionId,
+    );
+
+    return {
+        type: "m.forwarded_room_key",
+        content: {
+            algorithm: olmlib.MEGOLM_ALGORITHM,
+            room_id: roomId,
+            sender_key: senderKey,
+            sender_claimed_ed25519_key: key.sender_claimed_ed25519_key,
+            session_id: sessionId,
+            session_key: key.key,
+            chain_index: key.chain_index,
+            forwarding_curve25519_key_chain: key.forwarding_curve25519_key_chain,
+        },
+    };
+};

 /**
 * @inheritdoc