Apply unknown-keyshare mitigations

Now that the mobile clients have been updated to send the right fields, enforce their correctness on the recipient side.
2025-12-19 10:22:30 +03:00 · 2016-11-16 22:39:08 +00:00
parent 749f53a22b
commit f6830992ea
1 changed files with 3 additions and 19 deletions
--- a/lib/crypto/algorithms/olm.js
+++ b/lib/crypto/algorithms/olm.js
@@ -186,13 +186,7 @@ OlmDecryption.prototype.decryptEvent = function(event) {

    // check that we were the intended recipient, to avoid unknown-key attack
    // https://github.com/vector-im/vector-web/issues/2483
-    if (payload.recipient === undefined) {
-        // older versions of riot did not set this field, so we cannot make
-        // this check. TODO: kill this off once our users have updated
-        console.warn(
-            "Olm event (id=" + event.getId() + ") contains no 'recipient' " +
-             "property; cannot prevent unknown-key attack");
-    } else if (payload.recipient != this._userId) {
+    if (payload.recipient != this._userId) {
        console.warn(
            "Event " + event.getId() + ": Intended recipient " +
            payload.recipient + " does not match our id " + this._userId
@@ -202,12 +196,7 @@ OlmDecryption.prototype.decryptEvent = function(event) {
        );
    }

-    if (payload.recipient_keys === undefined) {
-        // ditto
-        console.warn(
-            "Olm event (id=" + event.getId() + ") contains no " +
-            "'recipient_keys' property; cannot prevent unknown-key attack");
-    } else if (payload.recipient_keys.ed25519 !=
+    if (payload.recipient_keys.ed25519 !=
               this._olmDevice.deviceEd25519Key) {
        console.warn(
            "Event " + event.getId() + ": Intended recipient ed25519 key " +
@@ -220,12 +209,7 @@ OlmDecryption.prototype.decryptEvent = function(event) {
    // avoid people masquerading as others.
    // (this check is also provided via the sender's embedded ed25519 key,
    // which is checked elsewhere).
-    if (payload.sender === undefined) {
-        // ditto
-        console.warn(
-            "Olm event (id=" + event.getId() + ") contains no " +
-            "'sender' property; cannot prevent unknown-key attack");
-    } else if (payload.sender != event.getSender()) {
+    if (payload.sender != event.getSender()) {
        console.warn(
            "Event " + event.getId() + ": original sender " + payload.sender +
            " does not match reported sender " + event.getSender()