From 50b8f13037f1029b52f7f22978077cff89532b18 Mon Sep 17 00:00:00 2001 From: Richard van der Hoff Date: Tue, 6 Sep 2016 16:38:16 +0100 Subject: [PATCH] Fix sender verification for megolm messages Turns out all we need to do is to make sure we use the Olm device table when we look up megolm senders. --- lib/crypto.js | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/lib/crypto.js b/lib/crypto.js index 38d655ad0..bea890db2 100644 --- a/lib/crypto.js +++ b/lib/crypto.js @@ -412,7 +412,10 @@ Crypto.prototype.listDeviceKeys = function(userId) { * @return {module:crypto-deviceinfo?} */ Crypto.prototype.getDeviceByIdentityKey = function(userId, algorithm, sender_key) { - if (algorithm !== olmlib.OLM_ALGORITHM) { + if ( + algorithm !== olmlib.OLM_ALGORITHM && + algorithm !== olmlib.MEGOLM_ALGORITHM + ) { // we only deal in olm keys return null; } @@ -528,6 +531,19 @@ Crypto.prototype.getOlmSessionsForUser = function(userId) { * @return {boolean} true if the device is verified */ Crypto.prototype.isSenderKeyVerified = function(userId, algorithm, sender_key) { + + // sender_key is the curve25519 public key of the device, that the event + // purports to have been sent from. It's assumed that, by the time we get here, + // we have already checked that the event was, in fact, sent by that device. + // + // In the case of both olm and megolm, that is achieved primarily by the + // fact that sessions are indexed by the curve25519 key of the device that + // created the session, and we assume that only that device has the keys + // necessary to create valid messages in that session. + // + // So, all we need to do here is look up the device by sender and + // curve25519 key and determine the state of the verification flag. + var device = this.getDeviceByIdentityKey(userId, algorithm, sender_key); if (!device) { return false;