crypto: Zeroize and remove the session key copies for forwarded room keys.

master
Damir Jelić 2020-09-24 11:18:01 +02:00
parent 4662ca2e32
commit c5bece2d58
3 changed files with 31 additions and 26 deletions

View File

@ -34,10 +34,11 @@ use matrix_sdk_common::{
events::{ events::{
forwarded_room_key::ForwardedRoomKeyEventContent, forwarded_room_key::ForwardedRoomKeyEventContent,
room_key_request::{Action, RequestedKeyInfo, RoomKeyRequestEventContent}, room_key_request::{Action, RequestedKeyInfo, RoomKeyRequestEventContent},
EventType, ToDeviceEvent, AnyToDeviceEvent, EventType, ToDeviceEvent,
}, },
identifiers::{DeviceIdBox, EventEncryptionAlgorithm, RoomId, UserId}, identifiers::{DeviceIdBox, EventEncryptionAlgorithm, RoomId, UserId},
uuid::Uuid, uuid::Uuid,
Raw,
}; };
use crate::{ use crate::{
@ -284,11 +285,11 @@ impl KeyRequestMachine {
&self, &self,
sender_key: &str, sender_key: &str,
event: &mut ToDeviceEvent<ForwardedRoomKeyEventContent>, event: &mut ToDeviceEvent<ForwardedRoomKeyEventContent>,
) -> Result<(), CryptoStoreError> { ) -> Result<Option<Raw<AnyToDeviceEvent>>, CryptoStoreError> {
let key_info = self.get_key_info(&event.content).await?; let key_info = self.get_key_info(&event.content).await?;
if let Some(info) = key_info { if let Some(info) = key_info {
let session = InboundGroupSession::from_forwarded_key(sender_key, &event.content)?; let session = InboundGroupSession::from_forwarded_key(sender_key, &mut event.content)?;
let old_session = self let old_session = self
.store .store
@ -312,14 +313,17 @@ impl KeyRequestMachine {
} else { } else {
self.save_session(info, session).await?; self.save_session(info, session).await?;
} }
Ok(Some(Raw::from(AnyToDeviceEvent::ForwardedRoomKey(
event.clone(),
))))
} else { } else {
info!( info!(
"Received a forwarded room key from {}, but no key info was found.", "Received a forwarded room key from {}, but no key info was found.",
event.sender, event.sender,
); );
Ok(None)
} }
Ok(())
} }
} }

View File

@ -1019,13 +1019,10 @@ impl OlmMachine {
AnyToDeviceEvent::RoomKey(mut e) => { AnyToDeviceEvent::RoomKey(mut e) => {
Ok(self.add_room_key(sender_key, signing_key, &mut e).await?) Ok(self.add_room_key(sender_key, signing_key, &mut e).await?)
} }
AnyToDeviceEvent::ForwardedRoomKey(mut e) => { AnyToDeviceEvent::ForwardedRoomKey(mut e) => Ok(self
// TODO do the mem take dance to remove the key. .key_request_machine
self.key_request_machine
.receive_forwarded_room_key(sender_key, &mut e) .receive_forwarded_room_key(sender_key, &mut e)
.await?; .await?),
Ok(None)
}
_ => { _ => {
warn!("Received a unexpected encrypted to-device event"); warn!("Received a unexpected encrypted to-device event");
Ok(None) Ok(None)

View File

@ -15,10 +15,23 @@
use std::{ use std::{
collections::BTreeMap, collections::BTreeMap,
convert::{TryFrom, TryInto}, convert::{TryFrom, TryInto},
fmt, fmt, mem,
sync::Arc, sync::Arc,
}; };
use olm_rs::{
errors::OlmGroupSessionError, inbound_group_session::OlmInboundGroupSession, PicklingMode,
};
use serde::{Deserialize, Serialize};
use serde_json::Value;
use zeroize::Zeroizing;
pub use olm_rs::{
account::IdentityKeys,
session::{OlmMessage, PreKeyMessage},
utility::OlmUtility,
};
use matrix_sdk_common::{ use matrix_sdk_common::{
events::{ events::{
forwarded_room_key::ForwardedRoomKeyEventContent, room::encrypted::EncryptedEventContent, forwarded_room_key::ForwardedRoomKeyEventContent, room::encrypted::EncryptedEventContent,
@ -28,17 +41,6 @@ use matrix_sdk_common::{
locks::Mutex, locks::Mutex,
Raw, Raw,
}; };
use olm_rs::{
errors::OlmGroupSessionError, inbound_group_session::OlmInboundGroupSession, PicklingMode,
};
use serde::{Deserialize, Serialize};
use serde_json::Value;
pub use olm_rs::{
account::IdentityKeys,
session::{OlmMessage, PreKeyMessage},
utility::OlmUtility,
};
use super::{ExportedGroupSessionKey, ExportedRoomKey, GroupSessionKey}; use super::{ExportedGroupSessionKey, ExportedRoomKey, GroupSessionKey};
use crate::error::{EventError, MegolmResult}; use crate::error::{EventError, MegolmResult};
@ -127,9 +129,11 @@ impl InboundGroupSession {
/// to create the `InboundGroupSession`. /// to create the `InboundGroupSession`.
pub(crate) fn from_forwarded_key( pub(crate) fn from_forwarded_key(
sender_key: &str, sender_key: &str,
content: &ForwardedRoomKeyEventContent, content: &mut ForwardedRoomKeyEventContent,
) -> Result<Self, OlmGroupSessionError> { ) -> Result<Self, OlmGroupSessionError> {
let session = OlmInboundGroupSession::import(&content.session_key)?; let key = Zeroizing::from(mem::take(&mut content.session_key));
let session = OlmInboundGroupSession::import(&key)?;
let mut forwarding_chains = content.forwarding_curve25519_key_chain.clone(); let mut forwarding_chains = content.forwarding_curve25519_key_chain.clone();
forwarding_chains.push(sender_key.to_owned()); forwarding_chains.push(sender_key.to_owned());