Newer
Older
#include "DeviceVerificationFlow.h"
#include "MatrixClient.h"
namespace {
auto client_ = std::make_unique<mtx::crypto::OlmClient>();
std::map<std::string, std::string> request_id_to_secret_name;
const std::string STORAGE_SECRET_KEY("secret");
constexpr auto MEGOLM_ALGO = "m.megolm.v1.aes-sha2";
}
namespace olm {
void
from_json(const nlohmann::json &obj, OlmMessage &msg)
{
if (obj.at("type") != "m.room.encrypted")
throw std::invalid_argument("invalid type for olm message");
if (obj.at("content").at("algorithm") != OLM_ALGO)
throw std::invalid_argument("invalid algorithm for olm message");
msg.sender = obj.at("sender");
msg.sender_key = obj.at("content").at("sender_key");
msg.ciphertext = obj.at("content")
.at("ciphertext")
.get<std::map<std::string, mtx::events::msg::OlmCipherContent>>();
}
mtx::crypto::OlmClient *
client()
{
return client_.get();
}
void
handle_to_device_messages(const std::vector<mtx::events::collections::DeviceEvents> &msgs)
{
if (msgs.empty())
return;
Konstantinos Sideris
committed
nhlog::crypto()->info("received {} to_device messages", msgs.size());
for (const auto &msg : msgs) {
j_msg = std::visit([](auto &e) { return json(e); }, std::move(msg));
nhlog::crypto()->warn("received message with no type field: {}",
if (msg_type == to_string(mtx::events::EventType::RoomEncrypted)) {
try {
handle_olm_message(std::move(olm_msg));
} catch (const nlohmann::json::exception &e) {
nhlog::crypto()->warn(
"parsing error for olm message: {} {}", e.what(), j_msg.dump(2));
} catch (const std::invalid_argument &e) {
nhlog::crypto()->warn("validation error for olm message: {} {}",
e.what(),
j_msg.dump(2));
} else if (msg_type == to_string(mtx::events::EventType::RoomKeyRequest)) {
nhlog::crypto()->warn("handling key request event: {}", j_msg.dump(2));
mtx::events::DeviceEvent<mtx::events::msg::KeyRequest> req = j_msg;
if (req.content.action == mtx::events::msg::RequestAction::Request)
handle_key_request_message(req);
else
nhlog::crypto()->warn(
"ignore key request (unhandled action): {}",
} catch (const nlohmann::json::exception &e) {
nhlog::crypto()->warn(
"parsing error for key_request message: {} {}",
e.what(),
} else if (msg_type == to_string(mtx::events::EventType::KeyVerificationAccept)) {
auto message = std::get<
mtx::events::DeviceEvent<mtx::events::msg::KeyVerificationAccept>>(msg);
ChatPage::instance()->receivedDeviceVerificationAccept(message.content);
} else if (msg_type == to_string(mtx::events::EventType::KeyVerificationRequest)) {
auto message = std::get<
mtx::events::DeviceEvent<mtx::events::msg::KeyVerificationRequest>>(msg);
ChatPage::instance()->receivedDeviceVerificationRequest(message.content,
} else if (msg_type == to_string(mtx::events::EventType::KeyVerificationCancel)) {
auto message = std::get<
mtx::events::DeviceEvent<mtx::events::msg::KeyVerificationCancel>>(msg);
ChatPage::instance()->receivedDeviceVerificationCancel(message.content);
} else if (msg_type == to_string(mtx::events::EventType::KeyVerificationKey)) {
auto message =
std::get<mtx::events::DeviceEvent<mtx::events::msg::KeyVerificationKey>>(
msg);
ChatPage::instance()->receivedDeviceVerificationKey(message.content);
} else if (msg_type == to_string(mtx::events::EventType::KeyVerificationMac)) {
auto message =
std::get<mtx::events::DeviceEvent<mtx::events::msg::KeyVerificationMac>>(
msg);
ChatPage::instance()->receivedDeviceVerificationMac(message.content);
} else if (msg_type == to_string(mtx::events::EventType::KeyVerificationStart)) {
auto message = std::get<
mtx::events::DeviceEvent<mtx::events::msg::KeyVerificationStart>>(msg);
ChatPage::instance()->receivedDeviceVerificationStart(message.content,
} else if (msg_type == to_string(mtx::events::EventType::KeyVerificationReady)) {
auto message = std::get<
mtx::events::DeviceEvent<mtx::events::msg::KeyVerificationReady>>(msg);
ChatPage::instance()->receivedDeviceVerificationReady(message.content);
} else if (msg_type == to_string(mtx::events::EventType::KeyVerificationDone)) {
auto message =
std::get<mtx::events::DeviceEvent<mtx::events::msg::KeyVerificationDone>>(
msg);
ChatPage::instance()->receivedDeviceVerificationDone(message.content);
nhlog::crypto()->warn("unhandled event: {}", j_msg.dump(2));
}
}
}
void
handle_olm_message(const OlmMessage &msg)
{
Konstantinos Sideris
committed
nhlog::crypto()->info("sender : {}", msg.sender);
nhlog::crypto()->info("sender_key: {}", msg.sender_key);
const auto my_key = olm::client()->identity_keys().curve25519;
for (const auto &cipher : msg.ciphertext) {
// We skip messages not meant for the current device.
if (cipher.first != my_key)
continue;
const auto type = cipher.second.type;
Konstantinos Sideris
committed
nhlog::crypto()->info("type: {}", type == 0 ? "OLM_PRE_KEY" : "OLM_MESSAGE");
auto payload = try_olm_decryption(msg.sender_key, cipher.second);
if (payload.is_null()) {
// Check for PRE_KEY message
if (cipher.second.type == 0) {
payload = handle_pre_key_olm_message(
msg.sender, msg.sender_key, cipher.second);
} else {
nhlog::crypto()->error("Undecryptable olm message!");
continue;
}
}
if (!payload.is_null()) {
mtx::events::collections::DeviceEvents device_event;
{
std::string msg_type = payload["type"];
json event_array = json::array();
event_array.push_back(payload);
std::vector<mtx::events::collections::DeviceEvents> temp_events;
mtx::responses::utils::parse_device_events(event_array,
temp_events);
if (temp_events.empty()) {
nhlog::crypto()->warn("Decrypted unknown event: {}",
payload.dump());
continue;
}
device_event = temp_events.at(0);
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
using namespace mtx::events;
if (auto e =
std::get_if<DeviceEvent<msg::KeyVerificationAccept>>(&device_event)) {
ChatPage::instance()->receivedDeviceVerificationAccept(e->content);
} else if (auto e = std::get_if<DeviceEvent<msg::KeyVerificationRequest>>(
&device_event)) {
ChatPage::instance()->receivedDeviceVerificationRequest(e->content,
e->sender);
} else if (auto e = std::get_if<DeviceEvent<msg::KeyVerificationCancel>>(
&device_event)) {
ChatPage::instance()->receivedDeviceVerificationCancel(e->content);
} else if (auto e = std::get_if<DeviceEvent<msg::KeyVerificationKey>>(
&device_event)) {
ChatPage::instance()->receivedDeviceVerificationKey(e->content);
} else if (auto e = std::get_if<DeviceEvent<msg::KeyVerificationMac>>(
&device_event)) {
ChatPage::instance()->receivedDeviceVerificationMac(e->content);
} else if (auto e = std::get_if<DeviceEvent<msg::KeyVerificationStart>>(
&device_event)) {
ChatPage::instance()->receivedDeviceVerificationStart(e->content,
e->sender);
} else if (auto e = std::get_if<DeviceEvent<msg::KeyVerificationReady>>(
&device_event)) {
ChatPage::instance()->receivedDeviceVerificationReady(e->content);
} else if (auto e = std::get_if<DeviceEvent<msg::KeyVerificationDone>>(
&device_event)) {
ChatPage::instance()->receivedDeviceVerificationDone(e->content);
} else if (auto roomKey =
std::get_if<DeviceEvent<msg::RoomKey>>(&device_event)) {
create_inbound_megolm_session(*roomKey, msg.sender_key);
} else if (auto roomKey = std::get_if<DeviceEvent<msg::ForwardedRoomKey>>(
&device_event)) {
import_inbound_megolm_session(*roomKey);
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
} else if (auto e =
std::get_if<DeviceEvent<msg::SecretSend>>(&device_event)) {
auto local_user = http::client()->user_id();
if (msg.sender != local_user.to_string())
continue;
auto secret_name =
request_id_to_secret_name.find(e->content.request_id);
if (secret_name != request_id_to_secret_name.end()) {
nhlog::crypto()->info("Received secret: {}",
secret_name->second);
mtx::events::msg::SecretRequest secretRequest{};
secretRequest.action =
mtx::events::msg::RequestAction::Cancellation;
secretRequest.requesting_device_id =
http::client()->device_id();
secretRequest.request_id = e->content.request_id;
auto verificationStatus =
cache::verificationStatus(local_user.to_string());
if (!verificationStatus)
continue;
auto deviceKeys = cache::userKeys(local_user.to_string());
std::string sender_device_id;
if (deviceKeys) {
for (auto &[dev, key] : deviceKeys->device_keys) {
if (key.keys["curve25519:" + dev] ==
msg.sender_key) {
sender_device_id = dev;
break;
}
}
}
std::map<
mtx::identifiers::User,
std::map<std::string, mtx::events::msg::SecretRequest>>
body;
for (const auto &dev :
verificationStatus->verified_devices) {
if (dev != secretRequest.requesting_device_id &&
dev != sender_device_id)
body[local_user][dev] = secretRequest;
}
http::client()
->send_to_device<mtx::events::msg::SecretRequest>(
http::client()->generate_txn_id(),
body,
[name =
secret_name->second](mtx::http::RequestErr err) {
if (err) {
nhlog::net()->error(
"Failed to send request cancellation "
"for secrect "
"'{}'",
name);
return;
}
});
cache::client()->storeSecret(secret_name->second,
e->content.secret);
request_id_to_secret_name.erase(secret_name);
}
} else if (auto e =
std::get_if<DeviceEvent<msg::SecretRequest>>(&device_event)) {
if (e->content.action != mtx::events::msg::RequestAction::Request)
continue;
auto local_user = http::client()->user_id();
if (msg.sender != local_user.to_string())
continue;
auto verificationStatus =
cache::verificationStatus(local_user.to_string());
if (!verificationStatus)
continue;
auto deviceKeys = cache::userKeys(local_user.to_string());
if (!deviceKeys)
continue;
for (auto &[dev, key] : deviceKeys->device_keys) {
if (key.keys["curve25519:" + dev] == msg.sender_key) {
if (std::find(
verificationStatus->verified_devices.begin(),
verificationStatus->verified_devices.end(),
dev) ==
verificationStatus->verified_devices.end())
break;
// this is a verified device
mtx::events::DeviceEvent<
mtx::events::msg::SecretSend>
secretSend;
secretSend.type = EventType::SecretSend;
secretSend.content.request_id =
e->content.request_id;
auto secret =
cache::client()->secret(e->content.name);
if (!secret)
break;
secretSend.content.secret = secret.value();
send_encrypted_to_device_messages(
{{local_user.to_string(), {{dev}}}}, secretSend);
nhlog::net()->info("Sent secret to ({},{})",
local_user.to_string(),
dev);
break;
}
}
handle_pre_key_olm_message(const std::string &sender,
const std::string &sender_key,
const mtx::events::msg::OlmCipherContent &content)
Konstantinos Sideris
committed
nhlog::crypto()->info("opening olm session with {}", sender);
mtx::crypto::OlmSessionPtr inbound_session = nullptr;
inbound_session =
olm::client()->create_inbound_session_from(sender_key, content.body);
// We also remove the one time key used to establish that
// session so we'll have to update our copy of the account object.
cache::saveOlmAccount(olm::client()->save("secret"));
Konstantinos Sideris
committed
nhlog::crypto()->critical(
"failed to create inbound session with {}: {}", sender, e.what());
if (!mtx::crypto::matches_inbound_session_from(
inbound_session.get(), sender_key, content.body)) {
Konstantinos Sideris
committed
nhlog::crypto()->warn("inbound olm session doesn't match sender's key ({})",
sender);
}
mtx::crypto::BinaryBuf output;
try {
output =
olm::client()->decrypt_message(inbound_session.get(), content.type, content.body);
Konstantinos Sideris
committed
nhlog::crypto()->critical(
"failed to decrypt olm message {}: {}", content.body, e.what());
}
auto plaintext = json::parse(std::string((char *)output.data(), output.size()));
nhlog::crypto()->debug("decrypted message: \n {}", plaintext.dump(2));
nhlog::crypto()->debug("New olm session: {}",
mtx::crypto::session_id(inbound_session.get()));
cache::saveOlmSession(
sender_key, std::move(inbound_session), QDateTime::currentMSecsSinceEpoch());
} catch (const lmdb::error &e) {
nhlog::db()->warn(
"failed to save inbound olm session from {}: {}", sender, e.what());
mtx::events::msg::Encrypted
encrypt_group_message(const std::string &room_id, const std::string &device_id, nlohmann::json body)
{
using namespace mtx::events;
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
using namespace mtx::identifiers;
auto own_user_id = http::client()->user_id().to_string();
auto members = cache::client()->getMembersWithKeys(room_id);
std::map<std::string, std::vector<std::string>> sendSessionTo;
mtx::crypto::OutboundGroupSessionPtr session = nullptr;
OutboundGroupSessionData group_session_data;
if (cache::outboundMegolmSessionExists(room_id)) {
auto res = cache::getOutboundMegolmSession(room_id);
auto member_it = members.begin();
auto session_member_it = res.data.currently.keys.begin();
auto session_member_it_end = res.data.currently.keys.end();
while (member_it != members.end() || session_member_it != session_member_it_end) {
if (member_it == members.end()) {
// a member left, purge session!
nhlog::crypto()->debug(
"Rotating megolm session because of left member");
break;
}
if (session_member_it == session_member_it_end) {
// share with all remaining members
while (member_it != members.end()) {
sendSessionTo[member_it->first] = {};
if (member_it->second)
for (const auto &dev :
member_it->second->device_keys)
if (member_it->first != own_user_id ||
dev.first != device_id)
sendSessionTo[member_it->first]
.push_back(dev.first);
++member_it;
}
session = std::move(res.session);
break;
}
if (member_it->first > session_member_it->first) {
// a member left, purge session
nhlog::crypto()->debug(
"Rotating megolm session because of left member");
break;
} else if (member_it->first < session_member_it->first) {
// new member, send them the session at this index
sendSessionTo[member_it->first] = {};
if (member_it->second) {
for (const auto &dev : member_it->second->device_keys)
if (member_it->first != own_user_id ||
dev.first != device_id)
sendSessionTo[member_it->first].push_back(
dev.first);
}
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
++member_it;
} else {
// compare devices
bool device_removed = false;
for (const auto &dev : session_member_it->second.devices) {
if (!member_it->second ||
!member_it->second->device_keys.count(dev.first)) {
device_removed = true;
break;
}
}
if (device_removed) {
// device removed, rotate session!
nhlog::crypto()->debug(
"Rotating megolm session because of removed device of {}",
member_it->first);
break;
}
// check for new devices to share with
if (member_it->second)
for (const auto &dev : member_it->second->device_keys)
if (!session_member_it->second.devices.count(
dev.first) &&
(member_it->first != own_user_id ||
dev.first != device_id))
sendSessionTo[member_it->first].push_back(
dev.first);
++member_it;
++session_member_it;
if (member_it == members.end() &&
session_member_it == session_member_it_end) {
// all devices match or are newly added
session = std::move(res.session);
}
}
}
group_session_data = std::move(res.data);
}
if (!session) {
nhlog::ui()->debug("creating new outbound megolm session");
// Create a new outbound megolm session.
session = olm::client()->init_outbound_group_session();
const auto session_id = mtx::crypto::session_id(session.get());
const auto session_key = mtx::crypto::session_key(session.get());
// Saving the new megolm session.
OutboundGroupSessionData session_data{};
session_data.session_id = mtx::crypto::session_id(session.get());
session_data.session_key = mtx::crypto::session_key(session.get());
session_data.message_index = 0;
sendSessionTo.clear();
for (const auto &[user, devices] : members) {
sendSessionTo[user] = {};
session_data.initially.keys[user] = {};
if (devices) {
for (const auto &[device_id_, key] : devices->device_keys) {
(void)key;
if (device_id != device_id_ || user != own_user_id) {
sendSessionTo[user].push_back(device_id_);
session_data.initially.keys[user]
.devices[device_id_] = 0;
}
}
}
}
cache::saveOutboundMegolmSession(room_id, session_data, session);
group_session_data = std::move(session_data);
{
MegolmSessionIndex index;
index.room_id = room_id;
index.session_id = session_id;
index.sender_key = olm::client()->identity_keys().curve25519;
auto megolm_session =
olm::client()->init_inbound_group_session(session_key);
cache::saveInboundMegolmSession(index, std::move(megolm_session));
}
}
mtx::events::DeviceEvent<mtx::events::msg::RoomKey> megolm_payload{};
megolm_payload.content.algorithm = MEGOLM_ALGO;
megolm_payload.content.room_id = room_id;
megolm_payload.content.session_id = mtx::crypto::session_id(session.get());
megolm_payload.content.session_key = mtx::crypto::session_key(session.get());
megolm_payload.type = mtx::events::EventType::RoomKey;
if (!sendSessionTo.empty())
olm::send_encrypted_to_device_messages(sendSessionTo, megolm_payload);
mtx::common::RelatesTo r_relation;
// relations shouldn't be encrypted...
if (body["content"].contains("m.relates_to") &&
body["content"]["m.relates_to"].contains("m.in_reply_to")) {
relation = body["content"]["m.relates_to"];
body["content"].erase("m.relates_to");
} else if (body["content"]["m.relates_to"].contains("event_id")) {
r_relation = body["content"]["m.relates_to"];
body["content"].erase("m.relates_to");
auto payload = olm::client()->encrypt_group_message(session.get(), body.dump());
// Prepare the m.room.encrypted event.
msg::Encrypted data;
data.ciphertext = std::string((char *)payload.data(), payload.size());
data.sender_key = olm::client()->identity_keys().curve25519;
data.session_id = mtx::crypto::session_id(session.get());
data.device_id = device_id;
data.algorithm = MEGOLM_ALGO;
data.relates_to = relation;
data.r_relates_to = r_relation;
group_session_data.message_index = olm_outbound_group_session_message_index(session.get());
nhlog::crypto()->debug("next message_index {}", group_session_data.message_index);
// update current set of members for the session with the new members and that message_index
for (const auto &[user, devices] : sendSessionTo) {
if (!group_session_data.currently.keys.count(user))
group_session_data.currently.keys[user] = {};
for (const auto &device_id_ : devices) {
if (!group_session_data.currently.keys[user].devices.count(device_id_))
group_session_data.currently.keys[user].devices[device_id_] =
group_session_data.message_index;
}
}
// We need to re-pickle the session after we send a message to save the new message_index.
cache::updateOutboundMegolmSession(room_id, group_session_data, session);
return data;
}
try_olm_decryption(const std::string &sender_key, const mtx::events::msg::OlmCipherContent &msg)
auto session_ids = cache::getOlmSessions(sender_key);
nhlog::crypto()->info("attempt to decrypt message with {} known session_ids",
session_ids.size());
for (const auto &id : session_ids) {
auto session = cache::getOlmSession(sender_key, id);
if (!session)
continue;
mtx::crypto::BinaryBuf text;
try {
text = olm::client()->decrypt_message(session->get(), msg.type, msg.body);
nhlog::crypto()->debug("Updated olm session: {}",
mtx::crypto::session_id(session->get()));
cache::saveOlmSession(
id, std::move(session.value()), QDateTime::currentMSecsSinceEpoch());
nhlog::crypto()->debug("failed to decrypt olm message ({}, {}) with {}: {}",
msg.type,
sender_key,
id,
e.what());
continue;
} catch (const lmdb::error &e) {
nhlog::crypto()->critical("failed to save session: {}", e.what());
return {};
}
try {
return json::parse(std::string_view((char *)text.data(), text.size()));
} catch (const json::exception &e) {
nhlog::crypto()->critical(
"failed to parse the decrypted session msg: {} {}",
e.what(),
std::string_view((char *)text.data(), text.size()));
}
}
return {};
}
void
create_inbound_megolm_session(const mtx::events::DeviceEvent<mtx::events::msg::RoomKey> &roomKey,
const std::string &sender_key)
MegolmSessionIndex index;
index.room_id = roomKey.content.room_id;
index.session_id = roomKey.content.session_id;
index.sender_key = sender_key;
auto megolm_session =
olm::client()->init_inbound_group_session(roomKey.content.session_key);
cache::saveInboundMegolmSession(index, std::move(megolm_session));
} catch (const lmdb::error &e) {
nhlog::crypto()->critical("failed to save inbound megolm session: {}", e.what());
return;
} catch (const mtx::crypto::olm_exception &e) {
nhlog::crypto()->critical("failed to create inbound megolm session: {}", e.what());
nhlog::crypto()->info(
"established inbound megolm session ({}, {})", roomKey.content.room_id, roomKey.sender);
ChatPage::instance()->receivedSessionKey(index.room_id, index.session_id);
}
void
import_inbound_megolm_session(
const mtx::events::DeviceEvent<mtx::events::msg::ForwardedRoomKey> &roomKey)
{
MegolmSessionIndex index;
index.room_id = roomKey.content.room_id;
index.session_id = roomKey.content.session_id;
index.sender_key = roomKey.content.sender_key;
auto megolm_session =
olm::client()->import_inbound_group_session(roomKey.content.session_key);
cache::saveInboundMegolmSession(index, std::move(megolm_session));
} catch (const lmdb::error &e) {
nhlog::crypto()->critical("failed to save inbound megolm session: {}", e.what());
return;
nhlog::crypto()->critical("failed to import inbound megolm session: {}", e.what());
nhlog::crypto()->info(
"established inbound megolm session ({}, {})", roomKey.content.room_id, roomKey.sender);
ChatPage::instance()->receivedSessionKey(index.room_id, index.session_id);
void
mark_keys_as_published()
{
olm::client()->mark_keys_as_published();
cache::saveOlmAccount(olm::client()->save(STORAGE_SECRET_KEY));
send_key_request_for(mtx::events::EncryptedEvent<mtx::events::msg::Encrypted> e,
const std::string &request_id,
bool cancel)
{
using namespace mtx::events;
nhlog::crypto()->debug("sending key request: sender_key {}, session_id {}",
e.content.sender_key,
e.content.session_id);
mtx::events::msg::KeyRequest request;
request.action = cancel ? mtx::events::msg::RequestAction::Cancellation
: mtx::events::msg::RequestAction::Request;
request.sender_key = e.content.sender_key;
request.session_id = e.content.session_id;
request.requesting_device_id = http::client()->device_id();
nhlog::crypto()->debug("m.room_key_request: {}", json(request).dump(2));
std::map<mtx::identifiers::User, std::map<std::string, decltype(request)>> body;
body[mtx::identifiers::parse<mtx::identifiers::User>(e.sender)][e.content.device_id] =
request;
body[http::client()->user_id()]["*"] = request;
http::client()->send_to_device(
http::client()->generate_txn_id(), body, [e](mtx::http::RequestErr err) {
if (err) {
nhlog::net()->warn("failed to send "
"send_to_device "
"message: {}",
err->matrix_error.error);
}
nhlog::net()->info("m.room_key_request sent to {}:{} and your own devices",
e.sender,
e.content.device_id);
});
}
void
handle_key_request_message(const mtx::events::DeviceEvent<mtx::events::msg::KeyRequest> &req)
nhlog::crypto()->debug("ignoring key request {} with invalid algorithm: {}",
return;
}
// Check if we were the sender of the session being requested.
if (req.content.sender_key != olm::client()->identity_keys().curve25519) {
nhlog::crypto()->debug("ignoring key request {} because we were not the sender: "
"\nrequested({}) ours({})",
return;
}
// Check if we have the keys for the requested session.
if (!cache::outboundMegolmSessionExists(req.content.room_id)) {
nhlog::crypto()->warn("requested session not found in room: {}",
req.content.room_id);
return;
}
// Check that the requested session_id and the one we have saved match.
MegolmSessionIndex index{};
index.room_id = req.content.room_id;
index.session_id = req.content.session_id;
index.sender_key = olm::client()->identity_keys().curve25519;
const auto session = cache::getInboundMegolmSession(index);
if (!session) {
nhlog::crypto()->warn("No session with id {} in db", req.content.session_id);
return;
}
if (!cache::isRoomMember(req.sender, req.content.room_id)) {
nhlog::crypto()->warn(
"user {} that requested the session key is not member of the room {}",
req.sender,
return;
}
// check if device is verified
auto verificationStatus = cache::verificationStatus(req.sender);
bool verifiedDevice = false;
if (verificationStatus &&
ChatPage::instance()->userSettings()->shareKeysWithTrustedUsers()) {
for (const auto &dev : verificationStatus->verified_devices) {
if (dev == req.content.requesting_device_id) {
verifiedDevice = true;
nhlog::crypto()->debug("Verified device: {}", dev);
break;
}
}
}
if (!utils::respondsToKeyRequests(req.content.room_id) && !verifiedDevice) {
nhlog::crypto()->debug("ignoring all key requests for room {}",
req.content.room_id);
auto session_key = mtx::crypto::export_session(session.get());
//
// Prepare the m.room_key event.
//
mtx::events::msg::ForwardedRoomKey forward_key{};
forward_key.algorithm = MEGOLM_ALGO;
forward_key.room_id = index.room_id;
forward_key.session_id = index.session_id;
forward_key.session_key = session_key;
forward_key.sender_key = index.sender_key;
// TODO(Nico): Figure out if this is correct
forward_key.sender_claimed_ed25519_key = olm::client()->identity_keys().ed25519;
forward_key.forwarding_curve25519_key_chain = {};
send_megolm_key_to_device(req.sender, req.content.requesting_device_id, forward_key);
}
void
send_megolm_key_to_device(const std::string &user_id,
const std::string &device_id,
const mtx::events::msg::ForwardedRoomKey &payload)
mtx::events::DeviceEvent<mtx::events::msg::ForwardedRoomKey> room_key;
room_key.content = payload;
room_key.type = mtx::events::EventType::ForwardedRoomKey;
std::map<std::string, std::vector<std::string>> targets;
targets[user_id] = {device_id};
send_encrypted_to_device_messages(targets, room_key);
DecryptionResult
decryptEvent(const MegolmSessionIndex &index,
const mtx::events::EncryptedEvent<mtx::events::msg::Encrypted> &event)
{
try {
if (!cache::client()->inboundMegolmSessionExists(index)) {
return {DecryptionErrorCode::MissingSession, std::nullopt, std::nullopt};
}
} catch (const lmdb::error &e) {
return {DecryptionErrorCode::DbError, e.what(), std::nullopt};
}
// TODO: Lookup index,event_id,origin_server_ts tuple for replay attack errors
// TODO: Verify sender_key
std::string msg_str;
try {
auto session = cache::client()->getInboundMegolmSession(index);
auto res =
olm::client()->decrypt_group_message(session.get(), event.content.ciphertext);
msg_str = std::string((char *)res.data.data(), res.data.size());
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
} catch (const lmdb::error &e) {
return {DecryptionErrorCode::DbError, e.what(), std::nullopt};
} catch (const mtx::crypto::olm_exception &e) {
return {DecryptionErrorCode::DecryptionFailed, e.what(), std::nullopt};
}
// Add missing fields for the event.
json body = json::parse(msg_str);
body["event_id"] = event.event_id;
body["sender"] = event.sender;
body["origin_server_ts"] = event.origin_server_ts;
body["unsigned"] = event.unsigned_data;
// relations are unencrypted in content...
if (json old_ev = event; old_ev["content"].count("m.relates_to") != 0)
body["content"]["m.relates_to"] = old_ev["content"]["m.relates_to"];
mtx::events::collections::TimelineEvent te;
try {
mtx::events::collections::from_json(body, te);
} catch (std::exception &e) {
return {DecryptionErrorCode::ParsingFailed, e.what(), std::nullopt};
}
return {std::nullopt, std::nullopt, std::move(te.data)};
}
//! Send encrypted to device messages, targets is a map from userid to device ids or {} for all
//! devices
void
send_encrypted_to_device_messages(const std::map<std::string, std::vector<std::string>> targets,
const mtx::events::collections::DeviceEvents &event,
bool force_new_session)
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
nlohmann::json ev_json = std::visit([](const auto &e) { return json(e); }, event);
std::map<std::string, std::vector<std::string>> keysToQuery;
mtx::requests::ClaimKeys claims;
std::map<mtx::identifiers::User, std::map<std::string, mtx::events::msg::OlmEncrypted>>
messages;
std::map<std::string, std::map<std::string, DevicePublicKeys>> pks;
for (const auto &[user, devices] : targets) {
auto deviceKeys = cache::client()->userKeys(user);
// no keys for user, query them
if (!deviceKeys) {
keysToQuery[user] = devices;
continue;
}
auto deviceTargets = devices;
if (devices.empty()) {
deviceTargets.clear();
for (const auto &[device, keys] : deviceKeys->device_keys) {
(void)keys;
deviceTargets.push_back(device);
}
}
for (const auto &device : deviceTargets) {
if (!deviceKeys->device_keys.count(device)) {
keysToQuery[user] = {};
break;
}
auto d = deviceKeys->device_keys.at(device);
auto session =
cache::getLatestOlmSession(d.keys.at("curve25519:" + device));
if (!session || force_new_session) {
claims.one_time_keys[user][device] = mtx::crypto::SIGNED_CURVE25519;
pks[user][device].ed25519 = d.keys.at("ed25519:" + device);
pks[user][device].curve25519 = d.keys.at("curve25519:" + device);
continue;
}
messages[mtx::identifiers::parse<mtx::identifiers::User>(user)][device] =
olm::client()
->create_olm_encrypted_content(session->get(),
ev_json,
UserId(user),
d.keys.at("ed25519:" + device),
d.keys.at("curve25519:" + device))
.get<mtx::events::msg::OlmEncrypted>();
try {
nhlog::crypto()->debug("Updated olm session: {}",
mtx::crypto::session_id(session->get()));
cache::saveOlmSession(d.keys.at("curve25519:" + device),
std::move(*session),
QDateTime::currentMSecsSinceEpoch());
} catch (const lmdb::error &e) {
nhlog::db()->critical("failed to save outbound olm session: {}",
e.what());
} catch (const mtx::crypto::olm_exception &e) {
nhlog::crypto()->critical(
"failed to pickle outbound olm session: {}", e.what());
}
}
}
if (!messages.empty())
http::client()->send_to_device<mtx::events::msg::OlmEncrypted>(
http::client()->generate_txn_id(), messages, [](mtx::http::RequestErr err) {
if (err) {