diff --git a/package.json b/package.json index 25b0f9353..fbef0c861 100644 --- a/package.json +++ b/package.json @@ -78,7 +78,7 @@ "@babel/preset-env": "^7.12.11", "@babel/preset-typescript": "^7.12.7", "@babel/register": "^7.12.10", - "@matrix-org/olm": "https://gitlab.matrix.org/api/v4/projects/27/packages/npm/@matrix-org/olm/-/@matrix-org/olm-3.2.8.tgz", + "@matrix-org/olm": "https://gitlab.matrix.org/api/v4/projects/27/packages/npm/@matrix-org/olm/-/@matrix-org/olm-3.2.12.tgz", "@types/bs58": "^4.0.1", "@types/content-type": "^1.1.5", "@types/jest": "^28.0.0", diff --git a/spec/unit/crypto/verification/sas.spec.js b/spec/unit/crypto/verification/sas.spec.js index 0a57e55a3..7344c0379 100644 --- a/spec/unit/crypto/verification/sas.spec.js +++ b/spec/unit/crypto/verification/sas.spec.js @@ -218,7 +218,7 @@ describe("SAS verification", function() { ]); // make sure that it uses the preferred method - expect(macMethod).toBe("hkdf-hmac-sha256"); + expect(macMethod).toBe("org.matrix.msc3783.hkdf-hmac-sha256"); expect(keyAgreement).toBe("curve25519-hkdf-sha256"); // make sure Alice and Bob verified each other @@ -230,6 +230,62 @@ describe("SAS verification", function() { expect(aliceDevice.isVerified()).toBeTruthy(); }); + it("should be able to verify using the old base64", async () => { + // pretend that Alice can only understand the old (incorrect) base64 + // encoding, and make sure that she can still verify with Bob + let macMethod; + const aliceOrigSendToDevice = alice.client.sendToDevice.bind(alice.client); + alice.client.sendToDevice = (type, map) => { + if (type === "m.key.verification.start") { + // Note: this modifies not only the message that Bob + // receives, but also the copy of the message that Alice + // has, since it is the same object. If this does not + // happen, the verification will fail due to a hash + // commitment mismatch. + map[bob.client.getUserId()][bob.client.deviceId] + .message_authentication_codes = ['hkdf-hmac-sha256']; + } + return aliceOrigSendToDevice(type, map); + }; + const bobOrigSendToDevice = bob.client.sendToDevice.bind(bob.client); + bob.client.sendToDevice = (type, map) => { + if (type === "m.key.verification.accept") { + macMethod = map[alice.client.getUserId()][alice.client.deviceId] + .message_authentication_code; + } + return bobOrigSendToDevice(type, map); + }; + + alice.httpBackend.when('POST', '/keys/query').respond(200, { + failures: {}, + device_keys: { + "@bob:example.com": BOB_DEVICES, + }, + }); + bob.httpBackend.when('POST', '/keys/query').respond(200, { + failures: {}, + device_keys: { + "@alice:example.com": ALICE_DEVICES, + }, + }); + + await Promise.all([ + aliceVerifier.verify(), + bobPromise.then((verifier) => verifier.verify()), + alice.httpBackend.flush(), + bob.httpBackend.flush(), + ]); + + expect(macMethod).toBe("hkdf-hmac-sha256"); + + const bobDevice + = await alice.client.getStoredDevice("@bob:example.com", "Dynabook"); + expect(bobDevice.isVerified()).toBeTruthy(); + const aliceDevice + = await bob.client.getStoredDevice("@alice:example.com", "Osborne2"); + expect(aliceDevice.isVerified()).toBeTruthy(); + }); + it("should be able to verify using the old MAC", async () => { // pretend that Alice can only understand the old (incorrect) MAC, // and make sure that she can still verify with Bob diff --git a/src/crypto/verification/SAS.ts b/src/crypto/verification/SAS.ts index a909ce742..9e68e70ca 100644 --- a/src/crypto/verification/SAS.ts +++ b/src/crypto/verification/SAS.ts @@ -180,6 +180,7 @@ function generateSas(sasBytes: number[], methods: string[]): IGeneratedSas { const macMethods = { "hkdf-hmac-sha256": "calculate_mac", + "org.matrix.msc3783.hkdf-hmac-sha256": "calculate_mac_fixed_base64", "hmac-sha256": "calculate_mac_long_kdf", }; @@ -221,7 +222,7 @@ const calculateKeyAgreement = { */ const KEY_AGREEMENT_LIST = ["curve25519-hkdf-sha256", "curve25519"]; const HASHES_LIST = ["sha256"]; -const MAC_LIST = ["hkdf-hmac-sha256", "hmac-sha256"]; +const MAC_LIST = ["org.matrix.msc3783.hkdf-hmac-sha256", "hkdf-hmac-sha256", "hmac-sha256"]; const SAS_LIST = Object.keys(sasGenerators); const KEY_AGREEMENT_SET = new Set(KEY_AGREEMENT_LIST); diff --git a/yarn.lock b/yarn.lock index 44451b0e6..286ec2699 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1307,10 +1307,9 @@ "@jridgewell/resolve-uri" "^3.0.3" "@jridgewell/sourcemap-codec" "^1.4.10" -"@matrix-org/olm@https://gitlab.matrix.org/api/v4/projects/27/packages/npm/@matrix-org/olm/-/@matrix-org/olm-3.2.8.tgz": - version "3.2.8" - uid "8d53636d045e1776e2a2ec6613e57330dd9ce856" - resolved "https://gitlab.matrix.org/api/v4/projects/27/packages/npm/@matrix-org/olm/-/@matrix-org/olm-3.2.8.tgz#8d53636d045e1776e2a2ec6613e57330dd9ce856" +"@matrix-org/olm@https://gitlab.matrix.org/api/v4/projects/27/packages/npm/@matrix-org/olm/-/@matrix-org/olm-3.2.12.tgz": + version "3.2.12" + resolved "https://gitlab.matrix.org/api/v4/projects/27/packages/npm/@matrix-org/olm/-/@matrix-org/olm-3.2.12.tgz#0bce3c86f9d36a4984d3c3e07df1c3fb4c679bd9" "@nicolo-ribaudo/chokidar-2@2.1.8-no-fsevents.3": version "2.1.8-no-fsevents.3"