crypto: Handle decrypted to-device events as well

Usually only room keys and forwarded room keys are sent as encrypted
to-device events, those are specially handled to avoid accepting room
keys coming in unencrypted.

Some clients might send out other events encrypted which might lower
metadata leakage and the spec doesn't disallow it.

This patch handles decrypted events the same way as non-encrypted ones,
we're still special casing the decryption handling to avoid decryption
loops/bombs (i.e. events that are encrypted multiple times).
This commit is contained in:
Damir Jelić 2021-05-13 11:08:13 +02:00
parent 4f7902d6f0
commit ec55258be9

View file

@ -781,6 +781,29 @@ impl OlmMachine {
self.account.update_uploaded_key_count(key_count).await;
}
async fn handle_to_device_evnet(&self, event: &AnyToDeviceEvent) {
match event {
AnyToDeviceEvent::RoomKeyRequest(e) => {
self.key_request_machine.receive_incoming_key_request(&e)
}
AnyToDeviceEvent::KeyVerificationAccept(..)
| AnyToDeviceEvent::KeyVerificationCancel(..)
| AnyToDeviceEvent::KeyVerificationKey(..)
| AnyToDeviceEvent::KeyVerificationMac(..)
| AnyToDeviceEvent::KeyVerificationRequest(..)
| AnyToDeviceEvent::KeyVerificationReady(..)
| AnyToDeviceEvent::KeyVerificationDone(..)
| AnyToDeviceEvent::KeyVerificationStart(..) => {
self.handle_verification_event(&event).await;
}
AnyToDeviceEvent::Dummy(_) => {}
AnyToDeviceEvent::RoomKey(_) => {}
AnyToDeviceEvent::ForwardedRoomKey(_) => {}
AnyToDeviceEvent::RoomEncrypted(_) => {}
AnyToDeviceEvent::Custom(_) => {}
}
}
/// Handle a to-device and one-time key counts from a sync response.
///
/// This will decrypt and handle to-device events returning the decrypted
@ -885,20 +908,13 @@ impl OlmMachine {
changes.inbound_group_sessions.push(group_session);
}
if let Some(event) = decrypted.deserialized_event {
self.handle_to_device_evnet(&event).await;
}
raw_event = decrypted.event;
}
AnyToDeviceEvent::RoomKeyRequest(e) => {
self.key_request_machine.receive_incoming_key_request(&e)
}
AnyToDeviceEvent::KeyVerificationAccept(..)
| AnyToDeviceEvent::KeyVerificationCancel(..)
| AnyToDeviceEvent::KeyVerificationKey(..)
| AnyToDeviceEvent::KeyVerificationMac(..)
| AnyToDeviceEvent::KeyVerificationRequest(..)
| AnyToDeviceEvent::KeyVerificationStart(..) => {
self.handle_verification_event(&event).await;
}
_ => continue,
e => self.handle_to_device_evnet(&e).await,
}
events.push(raw_event);