crypto: Zeroize and remove the session key copies for forwarded room keys.
parent
4662ca2e32
commit
c5bece2d58
|
@ -34,10 +34,11 @@ use matrix_sdk_common::{
|
|||
events::{
|
||||
forwarded_room_key::ForwardedRoomKeyEventContent,
|
||||
room_key_request::{Action, RequestedKeyInfo, RoomKeyRequestEventContent},
|
||||
EventType, ToDeviceEvent,
|
||||
AnyToDeviceEvent, EventType, ToDeviceEvent,
|
||||
},
|
||||
identifiers::{DeviceIdBox, EventEncryptionAlgorithm, RoomId, UserId},
|
||||
uuid::Uuid,
|
||||
Raw,
|
||||
};
|
||||
|
||||
use crate::{
|
||||
|
@ -284,11 +285,11 @@ impl KeyRequestMachine {
|
|||
&self,
|
||||
sender_key: &str,
|
||||
event: &mut ToDeviceEvent<ForwardedRoomKeyEventContent>,
|
||||
) -> Result<(), CryptoStoreError> {
|
||||
) -> Result<Option<Raw<AnyToDeviceEvent>>, CryptoStoreError> {
|
||||
let key_info = self.get_key_info(&event.content).await?;
|
||||
|
||||
if let Some(info) = key_info {
|
||||
let session = InboundGroupSession::from_forwarded_key(sender_key, &event.content)?;
|
||||
let session = InboundGroupSession::from_forwarded_key(sender_key, &mut event.content)?;
|
||||
|
||||
let old_session = self
|
||||
.store
|
||||
|
@ -312,14 +313,17 @@ impl KeyRequestMachine {
|
|||
} else {
|
||||
self.save_session(info, session).await?;
|
||||
}
|
||||
|
||||
Ok(Some(Raw::from(AnyToDeviceEvent::ForwardedRoomKey(
|
||||
event.clone(),
|
||||
))))
|
||||
} else {
|
||||
info!(
|
||||
"Received a forwarded room key from {}, but no key info was found.",
|
||||
event.sender,
|
||||
);
|
||||
Ok(None)
|
||||
}
|
||||
|
||||
Ok(())
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -1019,13 +1019,10 @@ impl OlmMachine {
|
|||
AnyToDeviceEvent::RoomKey(mut e) => {
|
||||
Ok(self.add_room_key(sender_key, signing_key, &mut e).await?)
|
||||
}
|
||||
AnyToDeviceEvent::ForwardedRoomKey(mut e) => {
|
||||
// TODO do the mem take dance to remove the key.
|
||||
self.key_request_machine
|
||||
AnyToDeviceEvent::ForwardedRoomKey(mut e) => Ok(self
|
||||
.key_request_machine
|
||||
.receive_forwarded_room_key(sender_key, &mut e)
|
||||
.await?;
|
||||
Ok(None)
|
||||
}
|
||||
.await?),
|
||||
_ => {
|
||||
warn!("Received a unexpected encrypted to-device event");
|
||||
Ok(None)
|
||||
|
|
|
@ -15,10 +15,23 @@
|
|||
use std::{
|
||||
collections::BTreeMap,
|
||||
convert::{TryFrom, TryInto},
|
||||
fmt,
|
||||
fmt, mem,
|
||||
sync::Arc,
|
||||
};
|
||||
|
||||
use olm_rs::{
|
||||
errors::OlmGroupSessionError, inbound_group_session::OlmInboundGroupSession, PicklingMode,
|
||||
};
|
||||
use serde::{Deserialize, Serialize};
|
||||
use serde_json::Value;
|
||||
use zeroize::Zeroizing;
|
||||
|
||||
pub use olm_rs::{
|
||||
account::IdentityKeys,
|
||||
session::{OlmMessage, PreKeyMessage},
|
||||
utility::OlmUtility,
|
||||
};
|
||||
|
||||
use matrix_sdk_common::{
|
||||
events::{
|
||||
forwarded_room_key::ForwardedRoomKeyEventContent, room::encrypted::EncryptedEventContent,
|
||||
|
@ -28,17 +41,6 @@ use matrix_sdk_common::{
|
|||
locks::Mutex,
|
||||
Raw,
|
||||
};
|
||||
use olm_rs::{
|
||||
errors::OlmGroupSessionError, inbound_group_session::OlmInboundGroupSession, PicklingMode,
|
||||
};
|
||||
use serde::{Deserialize, Serialize};
|
||||
use serde_json::Value;
|
||||
|
||||
pub use olm_rs::{
|
||||
account::IdentityKeys,
|
||||
session::{OlmMessage, PreKeyMessage},
|
||||
utility::OlmUtility,
|
||||
};
|
||||
|
||||
use super::{ExportedGroupSessionKey, ExportedRoomKey, GroupSessionKey};
|
||||
use crate::error::{EventError, MegolmResult};
|
||||
|
@ -127,9 +129,11 @@ impl InboundGroupSession {
|
|||
/// to create the `InboundGroupSession`.
|
||||
pub(crate) fn from_forwarded_key(
|
||||
sender_key: &str,
|
||||
content: &ForwardedRoomKeyEventContent,
|
||||
content: &mut ForwardedRoomKeyEventContent,
|
||||
) -> Result<Self, OlmGroupSessionError> {
|
||||
let session = OlmInboundGroupSession::import(&content.session_key)?;
|
||||
let key = Zeroizing::from(mem::take(&mut content.session_key));
|
||||
|
||||
let session = OlmInboundGroupSession::import(&key)?;
|
||||
let mut forwarding_chains = content.forwarding_curve25519_key_chain.clone();
|
||||
forwarding_chains.push(sender_key.to_owned());
|
||||
|
||||
|
|
Loading…
Reference in New Issue