matrix/matrix-js-sdk
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-js-sdk.git synced 2025-08-12 08:42:46 +03:00
Code Activity
1,336 Commits 249 Branches 494 Tags
b5c7c700d5dba15d77126c82e6d085816f99fff7
Commit Graph

10 Commits

Author SHA1 Message Date
Richard van der Hoff
b5c7c700d5 Check recipient and sender in Olm messages 
Embed the sender, recipient, and recipient keys in the plaintext of Olm
messages, and check those fields on receipt.

Fixes https://github.com/vector-im/vector-web/issues/2483
 2016-10-19 11:24:59 +01:00
Richard van der Hoff
832559926f Fix the ed25519 key checking 
Finish plumbing in the Ed25519 key checks. Make sure we store the claimed key
correctly in the megolm sessions, and keep them as a separate field in
MatrixEvent rather than stuffing them into _clearEvent
 2016-09-20 20:42:08 +01:00
Richard van der Hoff
59411353b1 Add 'keys' to *all* olm messages 
(including ones which just carry megolm keys)
 2016-09-20 20:39:40 +01:00
Richard van der Hoff
83bd420cd5 Return null from decryptEvent if session is unknown 
This just makes the shape of the API a bit saner.
 2016-09-20 20:39:40 +01:00
Richard van der Hoff
cd0b19f93f Crypto: improve console logs 
Attempt to make the console logs more helpful by reducing noise and adding
helpful debug info.
 2016-09-18 21:55:38 +01:00
Matthew Hodgson
a30c816cb6 typo 2016-09-17 15:44:55 +01:00
Mark Haines
bde6a171f6 Add getKeysProved and getKeysClaimed methods to MatrixEvent. 
These list the keys that sender of the event must have ownership
of and the keys of that the sender claims ownership of.

All olm and megolm messages prove ownership of a curve25519 key.
All new olm and megolm message will now claim ownership of a
ed25519 key.

This allows us to detect if an attacker claims ownership of a curve25519
key they don't own when advertising their device keys, because when we
receive an event from the original user it will have a different ed25519 key
to the attackers.
 2016-09-15 16:26:43 +01:00
Mark Haines
72a4b92022 Send a 'm.new_device' when we get a message for an unknown group session 
This should reduce the risk of a device getting permenantly stuck unable
to receive encrypted group messages.
 2016-09-14 19:16:24 +01:00
Richard van der Hoff
72b4f270ff Show warnings on to-device decryption fail 
If we can't decrypt a to-device message, show a warning about it, rather than
swallowing the error.
 2016-09-09 12:37:02 +01:00
Richard van der Hoff
71c33420f6 Move crypto bits into a subdirectory 
It was getting a bit sprawly; this should help keep things together.
 2016-09-08 09:50:31 +01:00