matrix/matrix-js-sdk
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-js-sdk.git synced 2025-08-13 19:42:25 +03:00
Code Activity
1,336 Commits 250 Branches 494 Tags
b5c7c700d5dba15d77126c82e6d085816f99fff7
Commit Graph

37 Commits

Author SHA1 Message Date
Richard van der Hoff
b5c7c700d5 Check recipient and sender in Olm messages 
Embed the sender, recipient, and recipient keys in the plaintext of Olm
messages, and check those fields on receipt.

Fixes https://github.com/vector-im/vector-web/issues/2483
 2016-10-19 11:24:59 +01:00
Richard van der Hoff
faff057592 crypto: remove duplicate code 
Only call SessionStore.storeEndToEndDevicesForUser once per user, rather than
once per device.

(Probably also fixes a bug where, when a user removes all devices, the store
isn't updated)
 2016-09-30 09:17:54 +01:00
Richard van der Hoff
1a3ee28d01 Log when we get an oh_hai message 2016-09-21 17:07:40 +01:00
Richard van der Hoff
669aecf4e6 E2E: Fix NPE in getEventSenderDeviceInfo 2016-09-21 15:05:27 +01:00
Richard van der Hoff
832559926f Fix the ed25519 key checking 
Finish plumbing in the Ed25519 key checks. Make sure we store the claimed key
correctly in the megolm sessions, and keep them as a separate field in
MatrixEvent rather than stuffing them into _clearEvent
 2016-09-20 20:42:08 +01:00
Richard van der Hoff
83bd420cd5 Return null from decryptEvent if session is unknown 
This just makes the shape of the API a bit saner.
 2016-09-20 20:39:40 +01:00
Richard van der Hoff
78a0aa5d47 Add MatrixClient.getEventSenderDeviceInfo() 
- a function to get information about the device which sent an event
 2016-09-20 20:39:16 +01:00
Matthew Hodgson
9e57a9352a Merge pull request #212 from matrix-org/rav/get_devicelist_on_join 
Pull user device list on join
 2016-09-17 19:21:17 +01:00
Richard van der Hoff
f2e10e030d Unknown sessions: send oh_hai to all devices if device_id is unknown 2016-09-17 19:07:03 +01:00
Richard van der Hoff
266b7afc72 Fix sending of oh_hais on bad sessions 
Fix a bunch of bugs in the code which tried to send an oh_hai message when we
got a message with an unknown megolm session.
 2016-09-17 18:30:12 +01:00
Richard van der Hoff
a15dffbb3a Pull user device list on join 
When a new user joins a room, make sure we download their device list if we
don't already have it.

This should fix at least one cause of
https://github.com/vector-im/vector-web/issues/2249.
 2016-09-17 17:44:15 +01:00
Matthew Hodgson
425f862cf8 Merge pull request #205 from matrix-org/markjh/megolm 
Update the olm library version to 1.3.0
 2016-09-16 17:30:26 +01:00
Mark Haines
5d6256bede Merge pull request #209 from matrix-org/markjh/comment_upload_key 
Comment what the logic in uploadKeys does
 2016-09-16 16:34:37 +01:00
Mark Haines
ff5b923e6f Spelling: s/cliamed/claimed/ 2016-09-16 16:31:00 +01:00
Mark Haines
af7a9a68b8 Merge pull request #210 from matrix-org/markjh/echo_keys_proved 
Include keysProved and keysClaimed in the local echo for events we send.
 2016-09-16 15:45:22 +01:00
Mark Haines
3bc56cf3f8 More comments on the local echo 2016-09-16 15:36:56 +01:00
Mark Haines
c2a40572a5 Include keysProved and keysClaimed in the local echo for events we send. 2016-09-16 15:30:22 +01:00
Mark Haines
ee7d4d0521 Explain what happens to the old keys in olm 2016-09-16 14:43:22 +01:00
Mark Haines
6ab410ef6a Comment what the logic in uploadKeys does 2016-09-16 14:38:26 +01:00
Mark Haines
460f20a4ce Merge pull request #207 from matrix-org/markjh/variable_scoping 
Reset oneTimeKey to null on each loop iteration.
 2016-09-16 11:23:58 +01:00
Mark Haines
9a98c3991a Reset onTimeKey to null on each loop iteration. 
Otherwise we will use a value from a previous iteration of the loop.
 2016-09-16 10:44:25 +01:00
Matthew Hodgson
2765720b76 unbreak NPE where megolm's decryptEvent doesn't return a result 2016-09-15 20:09:41 +01:00
Mark Haines
71f23ffce1 Merge branch 'develop' into markjh/megolm 
Conflicts:
	lib/crypto/algorithms/megolm.js
 2016-09-15 17:10:02 +01:00
Mark Haines
bde6a171f6 Add getKeysProved and getKeysClaimed methods to MatrixEvent. 
These list the keys that sender of the event must have ownership
of and the keys of that the sender claims ownership of.

All olm and megolm messages prove ownership of a curve25519 key.
All new olm and megolm message will now claim ownership of a
ed25519 key.

This allows us to detect if an attacker claims ownership of a curve25519
key they don't own when advertising their device keys, because when we
receive an event from the original user it will have a different ed25519 key
to the attackers.
 2016-09-15 16:26:43 +01:00
Mark Haines
2fbef8638f Fix grammar 2016-09-15 14:43:23 +01:00
Mark Haines
355b728a57 Remove unnecessary semicolon; 2016-09-15 14:23:30 +01:00
Mark Haines
35d99564c1 Rate limit the oh hai pings 2016-09-15 14:07:40 +01:00
Mark Haines
d02c205910 Rename the "content" variable to avoid shadowing 2016-09-15 11:46:49 +01:00
Mark Haines
38681202dc Add olm version to client. Add semicolons. 2016-09-14 20:03:31 +01:00
Mark Haines
0d20a0acf0 Add a test to check that we have the right version of Olm 2016-09-14 19:59:32 +01:00
Mark Haines
72a4b92022 Send a 'm.new_device' when we get a message for an unknown group session 
This should reduce the risk of a device getting permenantly stuck unable
to receive encrypted group messages.
 2016-09-14 19:16:24 +01:00
Mark Haines
f0274f3f26 Wrap the crypto event handlers in try/catch blocks 2016-09-12 11:44:31 +01:00
Richard van der Hoff
946539e32d s/Displayname/DisplayName/ 2016-09-09 11:32:57 +01:00
Richard van der Hoff
1da633e28a Handle new device announcements 
When we see a new device, download its keys, and then add it to the list of
things waiting for a keyshare.
 2016-09-08 14:35:13 +01:00
Richard van der Hoff
879da47f0e Send an "oh hai" message to other e2e users 
When we first complete an initial sync on a new device, send out an
m.new_device message for each user we share an e2e room with
 2016-09-08 14:34:08 +01:00
Richard van der Hoff
cacafb461d Share the current ratchet with new members 
When a new member joins the room, we don't need to reset the megolm session;
instead we can just share the current state with the new user.
 2016-09-08 14:20:54 +01:00
Richard van der Hoff
71c33420f6 Move crypto bits into a subdirectory 
It was getting a bit sprawly; this should help keep things together.
 2016-09-08 09:50:31 +01:00