/* Copyright 2016 OpenMarket Ltd Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. */ /** * @module olmlib * * Utilities common to olm encryption algorithms */ var utils = require("../utils"); /** * matrix algorithm tag for olm */ module.exports.OLM_ALGORITHM = "m.olm.v1.curve25519-aes-sha2"; /** * matrix algorithm tag for megolm */ module.exports.MEGOLM_ALGORITHM = "m.megolm.v1.aes-sha2"; /** * Encrypt an event payload for an Olm device * * @param {Object} resultsObject The `ciphertext` property * of the m.room.encrypted event to which to add our result * * @param {string} ourUserId * @param {string} ourDeviceId * @param {module:crypto/OlmDevice} olmDevice olm.js wrapper * @param {string} recipientUserId * @param {module:crypto/deviceinfo} recipientDevice * @param {object} payloadFields fields to include in the encrypted payload */ module.exports.encryptMessageForDevice = function( resultsObject, ourUserId, ourDeviceId, olmDevice, recipientUserId, recipientDevice, payloadFields ) { var deviceKey = recipientDevice.getIdentityKey(); var sessionId = olmDevice.getSessionIdForDevice(deviceKey); if (sessionId === null) { // If we don't have a session for a device then // we can't encrypt a message for it. return; } console.log( "Using sessionid " + sessionId + " for device " + recipientUserId + ":" + recipientDevice.deviceId ); var payload = { sender: ourUserId, sender_device: ourDeviceId, // Include the Ed25519 key so that the recipient knows what // device this message came from. // We don't need to include the curve25519 key since the // recipient will already know this from the olm headers. // When combined with the device keys retrieved from the // homeserver signed by the ed25519 key this proves that // the curve25519 key and the ed25519 key are owned by // the same device. keys: { "ed25519": olmDevice.deviceEd25519Key, }, // include the recipient device details in the payload, // to avoid unknown key attacks, per // https://github.com/vector-im/vector-web/issues/2483 recipient: recipientUserId, recipient_keys: { "ed25519": recipientDevice.getFingerprint(), }, }; // TODO: technically, a bunch of that stuff only needs to be included for // pre-key messages: after that, both sides know exactly which devices are // involved in the session. If we're looking to reduce data transfer in the // future, we could elide them for subsequent messages. utils.extend(payload, payloadFields); resultsObject[deviceKey] = olmDevice.encryptMessage( deviceKey, sessionId, JSON.stringify(payload) ); };