Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add getKeysProved and getKeysClaimed methods to MatrixEvent. #206

Merged
merged 4 commits into from
Sep 15, 2016
Merged

Add getKeysProved and getKeysClaimed methods to MatrixEvent. #206

merged 4 commits into from
Sep 15, 2016

Conversation

NegativeMjark
Copy link
Contributor

These list the keys that sender of the event must have ownership
of and the keys of that the sender claims ownership of.

All olm and megolm messages prove ownership of a curve25519 key.
All new olm and megolm message will now claim ownership of a
ed25519 key.

This allows us to detect if an attacker claims ownership of a curve25519
key they don't own when advertising their device keys, because when we
receive an event from the original user it will have a different ed25519 key
to the attackers.

@NegativeMjark
Add getKeysProved and getKeysClaimed methods to MatrixEvent.
bde6a17 
These list the keys that sender of the event must have ownership
of and the keys of that the sender claims ownership of.

All olm and megolm messages prove ownership of a curve25519 key.
All new olm and megolm message will now claim ownership of a
ed25519 key.

This allows us to detect if an attacker claims ownership of a curve25519
key they don't own when advertising their device keys, because when we
receive an event from the original user it will have a different ed25519 key
to the attackers.
@NegativeMjark
Copy link
Contributor Author

@matrixbot retest this please

@NegativeMjark NegativeMjark assigned ara4n and unassigned AmandineLP Sep 15, 2016
@NegativeMjark
Copy link
Contributor Author

This should allow us to fix element-hq/element-web#2215

@ara4n
Copy link
Member

ara4n commented Sep 15, 2016

looks plausible

@NegativeMjark NegativeMjark merged commit 1863af1 into develop Sep 15, 2016
richvdh
richvdh reviewed Sep 16, 2016
View reviewed changes
lib/crypto/OlmDevice.js
@@ -569,7 +571,12 @@ OlmDevice.prototype._getInboundGroupSession = function(
var session = new Olm.InboundGroupSession();
try {
session.unpickle(this._pickleKey, r.session);
return {sessionExists: true, result: func(session)};
return {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The jsdoc is now a lie.

richvdh
richvdh reviewed Sep 16, 2016
View reviewed changes
lib/crypto/OlmDevice.js
* @param {string} sessionId
* @param {Olm.InboundGroupSession} session
* @param {object} keysClaimed Other keys the sender claims.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  1. It's a shame that this doesn't specify the format of the object. But that doesn't matter too much, because it's a private method.
  2. It does't appear to be set by either addInboundGroupSession or decryptGroupMessage.

lib/crypto/algorithms/olm.js
@@ -200,7 +211,13 @@ OlmDecryption.prototype.decryptEvent = function(event) {
// TODO: Check the sender user id matches the sender key.
// TODO: check the room_id and fingerprint
if (payloadString !== null) {
return {result: JSON.parse(payloadString), sessionExists: true};
var payload = JSON.parse(payloadString);
return {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

again, the jsdoc is now a lie

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(see also algorithms/base.js which has yet another copy of the jsdoc. sorry.)

richvdh
richvdh reviewed Sep 16, 2016
View reviewed changes
Copy link
Member

@richvdh richvdh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm sorry about the grumbling about jsdoc, but I'm really not happy with this stuff going in with the jsdoc being incomplete or inaccurate. It makes future work on this code harder and more prone to cock-ups.

lib/crypto/index.js
if (r.sessionExists) {
return r.result;
return payload;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

jsdoc needs an update

lib/models/event.js
@@ -233,12 +233,28 @@ module.exports.MatrixEvent.prototype = {
return Boolean(this._clearEvent.type);
},

/**
* The curve25519 key that sent this event
* @return {string}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

s/string/string?/

lib/models/event.js
* @return {object}
*/
getKeysProved: function() {
return this._clearEvent.keysProved || {};
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not happy with messing about with the contents of _clearEvent. It's supposed to be exactly what was sent on the wire. keysProved and keysClaimed should be in different properties.

This was referenced Sep 19, 2016
Closed
Merged
@t3chguy t3chguy deleted the markjh/ed25519 branch May 10, 2022 14:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@richvdh richvdh richvdh left review comments

Assignees

@ara4n ara4n

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@NegativeMjark @ara4n @richvdh @AmandineLP