crypto: Zeroize and remove the session key copies for forwarded room keys.

master
Damir Jelić 2020-09-24 11:18:01 +02:00
parent 4662ca2e32
commit c5bece2d58
3 changed files with 31 additions and 26 deletions

View File

@ -34,10 +34,11 @@ use matrix_sdk_common::{
events::{
forwarded_room_key::ForwardedRoomKeyEventContent,
room_key_request::{Action, RequestedKeyInfo, RoomKeyRequestEventContent},
EventType, ToDeviceEvent,
AnyToDeviceEvent, EventType, ToDeviceEvent,
},
identifiers::{DeviceIdBox, EventEncryptionAlgorithm, RoomId, UserId},
uuid::Uuid,
Raw,
};
use crate::{
@ -284,11 +285,11 @@ impl KeyRequestMachine {
&self,
sender_key: &str,
event: &mut ToDeviceEvent<ForwardedRoomKeyEventContent>,
) -> Result<(), CryptoStoreError> {
) -> Result<Option<Raw<AnyToDeviceEvent>>, CryptoStoreError> {
let key_info = self.get_key_info(&event.content).await?;
if let Some(info) = key_info {
let session = InboundGroupSession::from_forwarded_key(sender_key, &event.content)?;
let session = InboundGroupSession::from_forwarded_key(sender_key, &mut event.content)?;
let old_session = self
.store
@ -312,14 +313,17 @@ impl KeyRequestMachine {
} else {
self.save_session(info, session).await?;
}
Ok(Some(Raw::from(AnyToDeviceEvent::ForwardedRoomKey(
event.clone(),
))))
} else {
info!(
"Received a forwarded room key from {}, but no key info was found.",
event.sender,
);
Ok(None)
}
Ok(())
}
}

View File

@ -1019,13 +1019,10 @@ impl OlmMachine {
AnyToDeviceEvent::RoomKey(mut e) => {
Ok(self.add_room_key(sender_key, signing_key, &mut e).await?)
}
AnyToDeviceEvent::ForwardedRoomKey(mut e) => {
// TODO do the mem take dance to remove the key.
self.key_request_machine
AnyToDeviceEvent::ForwardedRoomKey(mut e) => Ok(self
.key_request_machine
.receive_forwarded_room_key(sender_key, &mut e)
.await?;
Ok(None)
}
.await?),
_ => {
warn!("Received a unexpected encrypted to-device event");
Ok(None)

View File

@ -15,10 +15,23 @@
use std::{
collections::BTreeMap,
convert::{TryFrom, TryInto},
fmt,
fmt, mem,
sync::Arc,
};
use olm_rs::{
errors::OlmGroupSessionError, inbound_group_session::OlmInboundGroupSession, PicklingMode,
};
use serde::{Deserialize, Serialize};
use serde_json::Value;
use zeroize::Zeroizing;
pub use olm_rs::{
account::IdentityKeys,
session::{OlmMessage, PreKeyMessage},
utility::OlmUtility,
};
use matrix_sdk_common::{
events::{
forwarded_room_key::ForwardedRoomKeyEventContent, room::encrypted::EncryptedEventContent,
@ -28,17 +41,6 @@ use matrix_sdk_common::{
locks::Mutex,
Raw,
};
use olm_rs::{
errors::OlmGroupSessionError, inbound_group_session::OlmInboundGroupSession, PicklingMode,
};
use serde::{Deserialize, Serialize};
use serde_json::Value;
pub use olm_rs::{
account::IdentityKeys,
session::{OlmMessage, PreKeyMessage},
utility::OlmUtility,
};
use super::{ExportedGroupSessionKey, ExportedRoomKey, GroupSessionKey};
use crate::error::{EventError, MegolmResult};
@ -127,9 +129,11 @@ impl InboundGroupSession {
/// to create the `InboundGroupSession`.
pub(crate) fn from_forwarded_key(
sender_key: &str,
content: &ForwardedRoomKeyEventContent,
content: &mut ForwardedRoomKeyEventContent,
) -> Result<Self, OlmGroupSessionError> {
let session = OlmInboundGroupSession::import(&content.session_key)?;
let key = Zeroizing::from(mem::take(&mut content.session_key));
let session = OlmInboundGroupSession::import(&key)?;
let mut forwarding_chains = content.forwarding_curve25519_key_chain.clone();
forwarding_chains.push(sender_key.to_owned());