char
/
matrix-rust-sdk
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

crypto: Cancel the verification if we find a MAC mismatch.

master
Damir Jelić 2020-08-04 12:31:56 +02:00
parent 408fe5da4b
commit be01ee2de0
2 changed files with 11 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
matrix_sdk_crypto/src/verification/sas/helpers.rs
View File

@ -8,7 +8,8 @@ use matrix_sdk_common::{
to_device::{send_event_to_device::Request as ToDeviceRequest, DeviceIdOrAllDevices}, to_device::{send_event_to_device::Request as ToDeviceRequest, DeviceIdOrAllDevices},
}, },
events::{ events::{
key::verification::mac::MacEventContent, AnyToDeviceEventContent, EventType, ToDeviceEvent, key::verification::{cancel::CancelCode, mac::MacEventContent},
AnyToDeviceEventContent, EventType, ToDeviceEvent,
}, },
identifiers::{DeviceId, UserId}, identifiers::{DeviceId, UserId},
uuid::Uuid, uuid::Uuid,
@ -142,8 +143,7 @@ pub fn receive_mac_event(
ids: &SasIds, ids: &SasIds,
flow_id: &str, flow_id: &str,
event: &ToDeviceEvent<MacEventContent>, event: &ToDeviceEvent<MacEventContent>,
) -> (Vec<Device>, Vec<String>) { ) -> Result<(Vec<Device>, Vec<String>), CancelCode> {
// TODO check the event and cancel if it isn't ok (sender, transaction id)
let mut verified_devices = Vec::new(); let mut verified_devices = Vec::new();
let info = extra_mac_info_receive(&ids, flow_id); let info = extra_mac_info_receive(&ids, flow_id);
@ -155,7 +155,7 @@ pub fn receive_mac_event(
.expect("Can't calculate SAS MAC"); .expect("Can't calculate SAS MAC");
if keys != event.content.keys { if keys != event.content.keys {
panic!("Keys mac mismatch") return Err(CancelCode::KeyMismatch);
} }
for (key_id, key_mac) in &event.content.mac { for (key_id, key_mac) in &event.content.mac {
@ -182,13 +182,13 @@ pub fn receive_mac_event(
{ {
verified_devices.push(ids.other_device.clone()); verified_devices.push(ids.other_device.clone());
} else { } else {
// TODO cancel here return Err(CancelCode::KeyMismatch);
} }
} }
// TODO add an else branch for the master key here // TODO add an else branch for the master key here
} }
(verified_devices, vec![]) Ok((verified_devices, vec![]))
} }
/// Get the extra info that will be used when we generate a MAC and need to send /// Get the extra info that will be used when we generate a MAC and need to send

7
matrix_sdk_crypto/src/verification/sas/sas_state.rs
View File

@ -562,7 +562,8 @@ impl SasState<KeyReceived> {
&self.ids, &self.ids,
&self.verification_flow_id, &self.verification_flow_id,
event, event,
); )
.map_err(|c| self.clone().cancel(c))?;
Ok(SasState { Ok(SasState {
inner: self.inner, inner: self.inner,
@ -606,12 +607,14 @@ impl SasState<Confirmed> {
) -> Result<SasState<Done>, SasState<Canceled>> { ) -> Result<SasState<Done>, SasState<Canceled>> {
self.check_sender_and_txid(&event.sender, &event.content.transaction_id) self.check_sender_and_txid(&event.sender, &event.content.transaction_id)
.map_err(|c| self.clone().cancel(c))?; .map_err(|c| self.clone().cancel(c))?;
let (devices, master_keys) = receive_mac_event( let (devices, master_keys) = receive_mac_event(
&self.inner.lock().unwrap(), &self.inner.lock().unwrap(),
&self.ids, &self.ids,
&self.verification_flow_id, &self.verification_flow_id,
event, event,
); )
.map_err(|c| self.clone().cancel(c))?;
Ok(SasState { Ok(SasState {
inner: self.inner, inner: self.inner,