matrix/matrix-js-sdk
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-js-sdk.git synced 2025-11-28 05:03:59 +03:00
Code Activity

Verify target device key on reshare

Browse Source
This commit is contained in:
RiotRobot
2021-09-13 12:34:48 +01:00
parent f8186add92
commit 894c24880d
1 changed files with 29 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
src/crypto/algorithms/megolm.ts
View File

@@ -101,6 +101,13 @@ interface IPayload extends Partial<IMessage> {
} }
/* eslint-enable camelcase */ /* eslint-enable camelcase */
interface SharedWithData {
// The identity key of the device we shared with
deviceKey: string;
// The message index of the ratchet we shared with that device
messageIndex: number;
}
/** /**
* @private * @private
* @constructor * @constructor
@@ -115,12 +122,12 @@ interface IPayload extends Partial<IMessage> {
* *
* @property {object} sharedWithDevices * @property {object} sharedWithDevices
* devices with which we have shared the session key * devices with which we have shared the session key
* userId -> {deviceId -> msgindex} * userId -> {deviceId -> SharedWithData}
*/ */
class OutboundSessionInfo { class OutboundSessionInfo {
public useCount = 0; public useCount = 0;
public creationTime: number; public creationTime: number;
public sharedWithDevices: Record<string, Record<string, number>> = {}; public sharedWithDevices: Record<string, Record<string, SharedWithData>> = {};
public blockedDevicesNotified: Record<string, Record<string, boolean>> = {}; public blockedDevicesNotified: Record<string, Record<string, boolean>> = {};
constructor(public readonly sessionId: string, public readonly sharedHistory = false) { constructor(public readonly sessionId: string, public readonly sharedHistory = false) {
@@ -150,11 +157,11 @@ class OutboundSessionInfo {
return false; return false;
} }
public markSharedWithDevice(userId: string, deviceId: string, chainIndex: number): void { public markSharedWithDevice(userId: string, deviceId: string, deviceKey: string, chainIndex: number): void {
if (!this.sharedWithDevices[userId]) { if (!this.sharedWithDevices[userId]) {
this.sharedWithDevices[userId] = {}; this.sharedWithDevices[userId] = {};
} }
this.sharedWithDevices[userId][deviceId] = chainIndex; this.sharedWithDevices[userId][deviceId] = { deviceKey, messageIndex: chainIndex };
} }
public markNotifiedBlockedDevice(userId: string, deviceId: string): void { public markNotifiedBlockedDevice(userId: string, deviceId: string): void {
@@ -572,6 +579,7 @@ class MegolmEncryption extends EncryptionAlgorithm {
payload: IPayload, payload: IPayload,
): Promise<void> { ): Promise<void> {
const contentMap = {}; const contentMap = {};
const deviceInfoByDeviceId = new Map<string, DeviceInfo>();
const promises = []; const promises = [];
for (let i = 0; i < userDeviceMap.length; i++) { for (let i = 0; i < userDeviceMap.length; i++) {
@@ -584,6 +592,7 @@ class MegolmEncryption extends EncryptionAlgorithm {
const userId = val.userId; const userId = val.userId;
const deviceInfo = val.deviceInfo; const deviceInfo = val.deviceInfo;
const deviceId = deviceInfo.deviceId; const deviceId = deviceInfo.deviceId;
deviceInfoByDeviceId.set(deviceId, deviceInfo);
if (!contentMap[userId]) { if (!contentMap[userId]) {
contentMap[userId] = {}; contentMap[userId] = {};
@@ -636,7 +645,10 @@ class MegolmEncryption extends EncryptionAlgorithm {
for (const userId of Object.keys(contentMap)) { for (const userId of Object.keys(contentMap)) {
for (const deviceId of Object.keys(contentMap[userId])) { for (const deviceId of Object.keys(contentMap[userId])) {
session.markSharedWithDevice( session.markSharedWithDevice(
userId, deviceId, chainIndex, userId,
deviceId,
deviceInfoByDeviceId.get(deviceId).getIdentityKey(),
chainIndex,
); );
} }
} }
@@ -719,8 +731,8 @@ class MegolmEncryption extends EncryptionAlgorithm {
logger.debug(`megolm session ${sessionId} never shared with user ${userId}`); logger.debug(`megolm session ${sessionId} never shared with user ${userId}`);
return; return;
} }
const sentChainIndex = obSessionInfo.sharedWithDevices[userId][device.deviceId]; const sessionSharedData = obSessionInfo.sharedWithDevices[userId][device.deviceId];
if (sentChainIndex === undefined) { if (sessionSharedData === undefined) {
logger.debug( logger.debug(
"megolm session ID " + sessionId + " never shared with device " + "megolm session ID " + sessionId + " never shared with device " +
userId + ":" + device.deviceId, userId + ":" + device.deviceId,
@@ -728,10 +740,18 @@ class MegolmEncryption extends EncryptionAlgorithm {
return; return;
} }
if (sessionSharedData.deviceKey !== device.getIdentityKey()) {
logger.warn(
`Session has been shared with device ${device.deviceId} but with identity ` +
`key ${sessionSharedData.deviceKey}. Key is now ${device.getIdentityKey()}!`,
);
return;
}
// get the key from the inbound session: the outbound one will already // get the key from the inbound session: the outbound one will already
// have been ratcheted to the next chain index. // have been ratcheted to the next chain index.
const key = await this.olmDevice.getInboundGroupSessionKey( const key = await this.olmDevice.getInboundGroupSessionKey(
this.roomId, senderKey, sessionId, sentChainIndex, this.roomId, senderKey, sessionId, sessionSharedData.messageIndex,
); );
if (!key) { if (!key) {
@@ -882,7 +902,7 @@ class MegolmEncryption extends EncryptionAlgorithm {
const deviceId = deviceInfo.deviceId; const deviceId = deviceInfo.deviceId;
session.markSharedWithDevice( session.markSharedWithDevice(
userId, deviceId, key.chain_index, userId, deviceId, deviceInfo.getIdentityKey(), key.chain_index,
); );
} }