-
-
Notifications
You must be signed in to change notification settings - Fork 585
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add getKeysProved and getKeysClaimed methods to MatrixEvent. #206
Conversation
These list the keys that sender of the event must have ownership of and the keys of that the sender claims ownership of. All olm and megolm messages prove ownership of a curve25519 key. All new olm and megolm message will now claim ownership of a ed25519 key. This allows us to detect if an attacker claims ownership of a curve25519 key they don't own when advertising their device keys, because when we receive an event from the original user it will have a different ed25519 key to the attackers.
@matrixbot retest this please |
This should allow us to fix element-hq/element-web#2215 |
looks plausible |
@@ -569,7 +571,12 @@ OlmDevice.prototype._getInboundGroupSession = function( | |||
var session = new Olm.InboundGroupSession(); | |||
try { | |||
session.unpickle(this._pickleKey, r.session); | |||
return {sessionExists: true, result: func(session)}; | |||
return { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The jsdoc is now a lie.
* @param {string} sessionId | ||
* @param {Olm.InboundGroupSession} session | ||
* @param {object} keysClaimed Other keys the sender claims. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- It's a shame that this doesn't specify the format of the object. But that doesn't matter too much, because it's a private method.
- It does't appear to be set by either
addInboundGroupSession
ordecryptGroupMessage
.
@@ -200,7 +211,13 @@ OlmDecryption.prototype.decryptEvent = function(event) { | |||
// TODO: Check the sender user id matches the sender key. | |||
// TODO: check the room_id and fingerprint | |||
if (payloadString !== null) { | |||
return {result: JSON.parse(payloadString), sessionExists: true}; | |||
var payload = JSON.parse(payloadString); | |||
return { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
again, the jsdoc is now a lie
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(see also algorithms/base.js which has yet another copy of the jsdoc. sorry.)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm sorry about the grumbling about jsdoc, but I'm really not happy with this stuff going in with the jsdoc being incomplete or inaccurate. It makes future work on this code harder and more prone to cock-ups.
if (r.sessionExists) { | ||
return r.result; | ||
return payload; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
jsdoc needs an update
@@ -233,12 +233,28 @@ module.exports.MatrixEvent.prototype = { | |||
return Boolean(this._clearEvent.type); | |||
}, | |||
|
|||
/** | |||
* The curve25519 key that sent this event | |||
* @return {string} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
s/string/string?/
* @return {object} | ||
*/ | ||
getKeysProved: function() { | ||
return this._clearEvent.keysProved || {}; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not happy with messing about with the contents of _clearEvent
. It's supposed to be exactly what was sent on the wire. keysProved and keysClaimed should be in different properties.
These list the keys that sender of the event must have ownership
of and the keys of that the sender claims ownership of.
All olm and megolm messages prove ownership of a curve25519 key.
All new olm and megolm message will now claim ownership of a
ed25519 key.
This allows us to detect if an attacker claims ownership of a curve25519
key they don't own when advertising their device keys, because when we
receive an event from the original user it will have a different ed25519 key
to the attackers.