crypto: Zeroize and remove the session key copies for forwarded room keys.
Damir Jelić
parent
4662ca2e32
commit
c5bece2d58
|
|
@ -34,10 +34,11 @@ use matrix_sdk_common::{
|
||||||
events::{
|
events::{
|
||||||
forwarded_room_key::ForwardedRoomKeyEventContent,
|
forwarded_room_key::ForwardedRoomKeyEventContent,
|
||||||
room_key_request::{Action, RequestedKeyInfo, RoomKeyRequestEventContent},
|
room_key_request::{Action, RequestedKeyInfo, RoomKeyRequestEventContent},
|
||||||
EventType, ToDeviceEvent,
|
AnyToDeviceEvent, EventType, ToDeviceEvent,
|
||||||
},
|
},
|
||||||
identifiers::{DeviceIdBox, EventEncryptionAlgorithm, RoomId, UserId},
|
identifiers::{DeviceIdBox, EventEncryptionAlgorithm, RoomId, UserId},
|
||||||
uuid::Uuid,
|
uuid::Uuid,
|
||||||
|
Raw,
|
||||||
};
|
};
|
||||||
|
|
||||||
use crate::{
|
use crate::{
|
||||||
|
|
@ -284,11 +285,11 @@ impl KeyRequestMachine {
|
||||||
&self,
|
&self,
|
||||||
sender_key: &str,
|
sender_key: &str,
|
||||||
event: &mut ToDeviceEvent<ForwardedRoomKeyEventContent>,
|
event: &mut ToDeviceEvent<ForwardedRoomKeyEventContent>,
|
||||||
) -> Result<(), CryptoStoreError> {
|
) -> Result<Option<Raw<AnyToDeviceEvent>>, CryptoStoreError> {
|
||||||
let key_info = self.get_key_info(&event.content).await?;
|
let key_info = self.get_key_info(&event.content).await?;
|
||||||
|
|
||||||
if let Some(info) = key_info {
|
if let Some(info) = key_info {
|
||||||
let session = InboundGroupSession::from_forwarded_key(sender_key, &event.content)?;
|
let session = InboundGroupSession::from_forwarded_key(sender_key, &mut event.content)?;
|
||||||
|
|
||||||
let old_session = self
|
let old_session = self
|
||||||
.store
|
.store
|
||||||
|
|
@ -312,14 +313,17 @@ impl KeyRequestMachine {
|
||||||
} else {
|
} else {
|
||||||
self.save_session(info, session).await?;
|
self.save_session(info, session).await?;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Ok(Some(Raw::from(AnyToDeviceEvent::ForwardedRoomKey(
|
||||||
|
event.clone(),
|
||||||
|
))))
|
||||||
} else {
|
} else {
|
||||||
info!(
|
info!(
|
||||||
"Received a forwarded room key from {}, but no key info was found.",
|
"Received a forwarded room key from {}, but no key info was found.",
|
||||||
event.sender,
|
event.sender,
|
||||||
);
|
);
|
||||||
|
Ok(None)
|
||||||
}
|
}
|
||||||
|
|
||||||
Ok(())
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1019,13 +1019,10 @@ impl OlmMachine {
|
||||||
AnyToDeviceEvent::RoomKey(mut e) => {
|
AnyToDeviceEvent::RoomKey(mut e) => {
|
||||||
Ok(self.add_room_key(sender_key, signing_key, &mut e).await?)
|
Ok(self.add_room_key(sender_key, signing_key, &mut e).await?)
|
||||||
}
|
}
|
||||||
AnyToDeviceEvent::ForwardedRoomKey(mut e) => {
|
AnyToDeviceEvent::ForwardedRoomKey(mut e) => Ok(self
|
||||||
// TODO do the mem take dance to remove the key.
|
.key_request_machine
|
||||||
self.key_request_machine
|
.receive_forwarded_room_key(sender_key, &mut e)
|
||||||
.receive_forwarded_room_key(sender_key, &mut e)
|
.await?),
|
||||||
.await?;
|
|
||||||
Ok(None)
|
|
||||||
}
|
|
||||||
_ => {
|
_ => {
|
||||||
warn!("Received a unexpected encrypted to-device event");
|
warn!("Received a unexpected encrypted to-device event");
|
||||||
Ok(None)
|
Ok(None)
|
||||||
|
|
|
||||||
|
|
@ -15,10 +15,23 @@
|
||||||
use std::{
|
use std::{
|
||||||
collections::BTreeMap,
|
collections::BTreeMap,
|
||||||
convert::{TryFrom, TryInto},
|
convert::{TryFrom, TryInto},
|
||||||
fmt,
|
fmt, mem,
|
||||||
sync::Arc,
|
sync::Arc,
|
||||||
};
|
};
|
||||||
|
|
||||||
|
use olm_rs::{
|
||||||
|
errors::OlmGroupSessionError, inbound_group_session::OlmInboundGroupSession, PicklingMode,
|
||||||
|
};
|
||||||
|
use serde::{Deserialize, Serialize};
|
||||||
|
use serde_json::Value;
|
||||||
|
use zeroize::Zeroizing;
|
||||||
|
|
||||||
|
pub use olm_rs::{
|
||||||
|
account::IdentityKeys,
|
||||||
|
session::{OlmMessage, PreKeyMessage},
|
||||||
|
utility::OlmUtility,
|
||||||
|
};
|
||||||
|
|
||||||
use matrix_sdk_common::{
|
use matrix_sdk_common::{
|
||||||
events::{
|
events::{
|
||||||
forwarded_room_key::ForwardedRoomKeyEventContent, room::encrypted::EncryptedEventContent,
|
forwarded_room_key::ForwardedRoomKeyEventContent, room::encrypted::EncryptedEventContent,
|
||||||
|
|
@ -28,17 +41,6 @@ use matrix_sdk_common::{
|
||||||
locks::Mutex,
|
locks::Mutex,
|
||||||
Raw,
|
Raw,
|
||||||
};
|
};
|
||||||
use olm_rs::{
|
|
||||||
errors::OlmGroupSessionError, inbound_group_session::OlmInboundGroupSession, PicklingMode,
|
|
||||||
};
|
|
||||||
use serde::{Deserialize, Serialize};
|
|
||||||
use serde_json::Value;
|
|
||||||
|
|
||||||
pub use olm_rs::{
|
|
||||||
account::IdentityKeys,
|
|
||||||
session::{OlmMessage, PreKeyMessage},
|
|
||||||
utility::OlmUtility,
|
|
||||||
};
|
|
||||||
|
|
||||||
use super::{ExportedGroupSessionKey, ExportedRoomKey, GroupSessionKey};
|
use super::{ExportedGroupSessionKey, ExportedRoomKey, GroupSessionKey};
|
||||||
use crate::error::{EventError, MegolmResult};
|
use crate::error::{EventError, MegolmResult};
|
||||||
|
|
@ -127,9 +129,11 @@ impl InboundGroupSession {
|
||||||
/// to create the `InboundGroupSession`.
|
/// to create the `InboundGroupSession`.
|
||||||
pub(crate) fn from_forwarded_key(
|
pub(crate) fn from_forwarded_key(
|
||||||
sender_key: &str,
|
sender_key: &str,
|
||||||
content: &ForwardedRoomKeyEventContent,
|
content: &mut ForwardedRoomKeyEventContent,
|
||||||
) -> Result<Self, OlmGroupSessionError> {
|
) -> Result<Self, OlmGroupSessionError> {
|
||||||
let session = OlmInboundGroupSession::import(&content.session_key)?;
|
let key = Zeroizing::from(mem::take(&mut content.session_key));
|
||||||
|
|
||||||
|
let session = OlmInboundGroupSession::import(&key)?;
|
||||||
let mut forwarding_chains = content.forwarding_curve25519_key_chain.clone();
|
let mut forwarding_chains = content.forwarding_curve25519_key_chain.clone();
|
||||||
forwarding_chains.push(sender_key.to_owned());
|
forwarding_chains.push(sender_key.to_owned());
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue