crypto: Remove the session key in room key events again.

master
Damir Jelić 2020-05-06 12:15:15 +02:00
parent e0477fa053
commit 39e59792d2
1 changed files with 39 additions and 18 deletions

View File

@ -984,7 +984,7 @@ impl OlmMachine {
.map_err(|_| EventError::UnsupportedOlmType)?; .map_err(|_| EventError::UnsupportedOlmType)?;
// Decrypt the OlmMessage and get a Ruma event out of it. // Decrypt the OlmMessage and get a Ruma event out of it.
let (mut decrypted_event, signing_key) = self let (decrypted_event, signing_key) = self
.decrypt_olm_message(&event.sender, &content.sender_key, message) .decrypt_olm_message(&event.sender, &content.sender_key, message)
.await?; .await?;
@ -992,14 +992,23 @@ impl OlmMachine {
// Handle the decrypted event, e.g. fetch out Megolm sessions out of // Handle the decrypted event, e.g. fetch out Megolm sessions out of
// the event. // the event.
self.handle_decrypted_to_device_event( if let Some(event) = self
.handle_decrypted_to_device_event(
&content.sender_key, &content.sender_key,
&signing_key, &signing_key,
&mut decrypted_event, &decrypted_event,
) )
.await?; .await?
{
// Some events may have sensitive data e.g. private keys, while we
// wan't to notify our users that a private key was received we
// don't want them to be able to do silly things with it. Handling
// events modifies them and returns a modified one, so replace it
// here if we get one.
Ok(event)
} else {
Ok(decrypted_event) Ok(decrypted_event)
}
} else { } else {
warn!("Olm event doesn't contain a ciphertext for our key"); warn!("Olm event doesn't contain a ciphertext for our key");
Err(EventError::MissingCiphertext.into()) Err(EventError::MissingCiphertext.into())
@ -1012,7 +1021,7 @@ impl OlmMachine {
sender_key: &str, sender_key: &str,
signing_key: &str, signing_key: &str,
event: &mut ToDeviceRoomKey, event: &mut ToDeviceRoomKey,
) -> OlmResult<()> { ) -> OlmResult<Option<EventJson<ToDeviceEvent>>> {
match event.content.algorithm { match event.content.algorithm {
Algorithm::MegolmV1AesSha2 => { Algorithm::MegolmV1AesSha2 => {
let session_key = GroupSessionKey(mem::take(&mut event.content.session_key)); let session_key = GroupSessionKey(mem::take(&mut event.content.session_key));
@ -1024,14 +1033,24 @@ impl OlmMachine {
session_key, session_key,
)?; )?;
let _ = self.store.save_inbound_group_session(session).await?; let _ = self.store.save_inbound_group_session(session).await?;
Ok(()) // TODO ideally we would rewrap the event again just like so
// let event = EventJson::from(ToDeviceEvent::RoomKey(event.clone()));
// This saidly lacks a type once it's serialized again, fix
// this in Ruma.
let mut json = serde_json::to_value(event.clone())?;
json.as_object_mut()
.unwrap()
.insert("type".to_owned(), Value::String("m.room_key".to_owned()));
let event = serde_json::from_value::<EventJson<ToDeviceEvent>>(json)?;
Ok(Some(event))
} }
_ => { _ => {
warn!( warn!(
"Received room key with unsupported key algorithm {}", "Received room key with unsupported key algorithm {}",
event.content.algorithm event.content.algorithm
); );
Ok(()) Ok(None)
} }
} }
} }
@ -1330,25 +1349,26 @@ impl OlmMachine {
&mut self, &mut self,
sender_key: &str, sender_key: &str,
signing_key: &str, signing_key: &str,
event: &mut EventJson<ToDeviceEvent>, event: &EventJson<ToDeviceEvent>,
) -> OlmResult<()> { ) -> OlmResult<Option<EventJson<ToDeviceEvent>>> {
let event = if let Ok(e) = event.deserialize() { let event = if let Ok(e) = event.deserialize() {
e e
} else { } else {
warn!("Decrypted to-device event failed to be parsed correctly"); warn!("Decrypted to-device event failed to be parsed correctly");
return Ok(()); return Ok(None);
}; };
match event { match event {
ToDeviceEvent::RoomKey(mut e) => { ToDeviceEvent::RoomKey(mut e) => {
self.add_room_key(sender_key, signing_key, &mut e).await Ok(self.add_room_key(sender_key, signing_key, &mut e).await?)
} }
ToDeviceEvent::ForwardedRoomKey(e) => { ToDeviceEvent::ForwardedRoomKey(e) => {
self.add_forwarded_room_key(sender_key, signing_key, &e) self.add_forwarded_room_key(sender_key, signing_key, &e)?;
Ok(None)
} }
_ => { _ => {
warn!("Received a unexpected encrypted to-device event"); warn!("Received a unexpected encrypted to-device event");
Ok(()) Ok(None)
} }
} }
} }
@ -2011,6 +2031,7 @@ mod test {
if let AnyToDeviceEvent::RoomKey(e) = event.deserialize().unwrap() { if let AnyToDeviceEvent::RoomKey(e) = event.deserialize().unwrap() {
assert_eq!(e.sender, alice.user_id); assert_eq!(e.sender, alice.user_id);
assert!(e.content.session_key.is_empty())
} else { } else {
panic!("Event had the wrong type"); panic!("Event had the wrong type");
} }