Newer
Older
// SPDX-FileCopyrightText: 2021 Nheko Contributors
//
// SPDX-License-Identifier: GPL-3.0-or-later
#include "DeviceVerificationFlow.h"
#include "MatrixClient.h"
namespace {
auto client_ = std::make_unique<mtx::crypto::OlmClient>();
std::map<std::string, std::string> request_id_to_secret_name;
const std::string STORAGE_SECRET_KEY("secret");
constexpr auto MEGOLM_ALGO = "m.megolm.v1.aes-sha2";
}
namespace olm {
void
from_json(const nlohmann::json &obj, OlmMessage &msg)
{
if (obj.at("type") != "m.room.encrypted")
throw std::invalid_argument("invalid type for olm message");
if (obj.at("content").at("algorithm") != OLM_ALGO)
throw std::invalid_argument("invalid algorithm for olm message");
msg.sender = obj.at("sender");
msg.sender_key = obj.at("content").at("sender_key");
msg.ciphertext = obj.at("content")
.at("ciphertext")
.get<std::map<std::string, mtx::events::msg::OlmCipherContent>>();
}
mtx::crypto::OlmClient *
client()
{
return client_.get();
}
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
static void
handle_secret_request(const mtx::events::DeviceEvent<mtx::events::msg::SecretRequest> *e,
const std::string &sender)
{
using namespace mtx::events;
if (e->content.action != mtx::events::msg::RequestAction::Request)
return;
auto local_user = http::client()->user_id();
if (sender != local_user.to_string())
return;
auto verificationStatus = cache::verificationStatus(local_user.to_string());
if (!verificationStatus)
return;
auto deviceKeys = cache::userKeys(local_user.to_string());
if (!deviceKeys)
return;
if (std::find(verificationStatus->verified_devices.begin(),
verificationStatus->verified_devices.end(),
e->content.requesting_device_id) ==
verificationStatus->verified_devices.end())
return;
// this is a verified device
mtx::events::DeviceEvent<mtx::events::msg::SecretSend> secretSend;
secretSend.type = EventType::SecretSend;
secretSend.content.request_id = e->content.request_id;
auto secret = cache::client()->secret(e->content.name);
if (!secret)
return;
secretSend.content.secret = secret.value();
send_encrypted_to_device_messages(
{{local_user.to_string(), {{e->content.requesting_device_id}}}}, secretSend);
nhlog::net()->info("Sent secret '{}' to ({},{})",
e->content.name,
local_user.to_string(),
e->content.requesting_device_id);
}
handle_to_device_messages(const std::vector<mtx::events::collections::DeviceEvents> &msgs)
{
if (msgs.empty())
return;
Konstantinos Sideris
committed
nhlog::crypto()->info("received {} to_device messages", msgs.size());
for (const auto &msg : msgs) {
j_msg = std::visit([](auto &e) { return json(e); }, std::move(msg));
nhlog::crypto()->warn("received message with no type field: {}",
if (msg_type == to_string(mtx::events::EventType::RoomEncrypted)) {
try {
cache::client()->query_keys(
olm_msg.sender,
[olm_msg](const UserKeyCache &userKeys, mtx::http::RequestErr e) {
if (e) {
nhlog::crypto()->error(
"Failed to query user keys, dropping olm "
"message");
return;
}
handle_olm_message(std::move(olm_msg), userKeys);
});
} catch (const nlohmann::json::exception &e) {
nhlog::crypto()->warn(
"parsing error for olm message: {} {}", e.what(), j_msg.dump(2));
} catch (const std::invalid_argument &e) {
nhlog::crypto()->warn("validation error for olm message: {} {}",
e.what(),
j_msg.dump(2));
} else if (msg_type == to_string(mtx::events::EventType::RoomKeyRequest)) {
nhlog::crypto()->warn("handling key request event: {}", j_msg.dump(2));
mtx::events::DeviceEvent<mtx::events::msg::KeyRequest> req = j_msg;
if (req.content.action == mtx::events::msg::RequestAction::Request)
handle_key_request_message(req);
else
nhlog::crypto()->warn(
"ignore key request (unhandled action): {}",
} catch (const nlohmann::json::exception &e) {
nhlog::crypto()->warn(
"parsing error for key_request message: {} {}",
e.what(),
} else if (msg_type == to_string(mtx::events::EventType::KeyVerificationAccept)) {
auto message = std::get<
mtx::events::DeviceEvent<mtx::events::msg::KeyVerificationAccept>>(msg);
ChatPage::instance()->receivedDeviceVerificationAccept(message.content);
} else if (msg_type == to_string(mtx::events::EventType::KeyVerificationRequest)) {
auto message = std::get<
mtx::events::DeviceEvent<mtx::events::msg::KeyVerificationRequest>>(msg);
ChatPage::instance()->receivedDeviceVerificationRequest(message.content,
} else if (msg_type == to_string(mtx::events::EventType::KeyVerificationCancel)) {
auto message = std::get<
mtx::events::DeviceEvent<mtx::events::msg::KeyVerificationCancel>>(msg);
ChatPage::instance()->receivedDeviceVerificationCancel(message.content);
} else if (msg_type == to_string(mtx::events::EventType::KeyVerificationKey)) {
auto message =
std::get<mtx::events::DeviceEvent<mtx::events::msg::KeyVerificationKey>>(
msg);
ChatPage::instance()->receivedDeviceVerificationKey(message.content);
} else if (msg_type == to_string(mtx::events::EventType::KeyVerificationMac)) {
auto message =
std::get<mtx::events::DeviceEvent<mtx::events::msg::KeyVerificationMac>>(
msg);
ChatPage::instance()->receivedDeviceVerificationMac(message.content);
} else if (msg_type == to_string(mtx::events::EventType::KeyVerificationStart)) {
auto message = std::get<
mtx::events::DeviceEvent<mtx::events::msg::KeyVerificationStart>>(msg);
ChatPage::instance()->receivedDeviceVerificationStart(message.content,
} else if (msg_type == to_string(mtx::events::EventType::KeyVerificationReady)) {
auto message = std::get<
mtx::events::DeviceEvent<mtx::events::msg::KeyVerificationReady>>(msg);
ChatPage::instance()->receivedDeviceVerificationReady(message.content);
} else if (msg_type == to_string(mtx::events::EventType::KeyVerificationDone)) {
auto message =
std::get<mtx::events::DeviceEvent<mtx::events::msg::KeyVerificationDone>>(
msg);
ChatPage::instance()->receivedDeviceVerificationDone(message.content);
} else if (auto e =
std::get_if<mtx::events::DeviceEvent<mtx::events::msg::SecretRequest>>(
&msg)) {
handle_secret_request(e, e->sender);
nhlog::crypto()->warn("unhandled event: {}", j_msg.dump(2));
}
}
}
void
handle_olm_message(const OlmMessage &msg, const UserKeyCache &otherUserDeviceKeys)
Konstantinos Sideris
committed
nhlog::crypto()->info("sender : {}", msg.sender);
nhlog::crypto()->info("sender_key: {}", msg.sender_key);
const auto my_key = olm::client()->identity_keys().curve25519;
for (const auto &cipher : msg.ciphertext) {
// We skip messages not meant for the current device.
if (cipher.first != my_key) {
nhlog::crypto()->debug(
"Skipping message for {} since we are {}.", cipher.first, my_key);
const auto type = cipher.second.type;
Konstantinos Sideris
committed
nhlog::crypto()->info("type: {}", type == 0 ? "OLM_PRE_KEY" : "OLM_MESSAGE");
auto payload = try_olm_decryption(msg.sender_key, cipher.second);
if (payload.is_null()) {
// Check for PRE_KEY message
if (cipher.second.type == 0) {
payload = handle_pre_key_olm_message(
msg.sender, msg.sender_key, cipher.second);
} else {
nhlog::crypto()->error("Undecryptable olm message!");
if (!payload.is_null()) {
mtx::events::collections::DeviceEvents device_event;
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
// Other properties are included in order to prevent an attacker from
// publishing someone else's curve25519 keys as their own and subsequently
// claiming to have sent messages which they didn't. sender must correspond
// to the user who sent the event, recipient to the local user, and
// recipient_keys to the local ed25519 key.
std::string receiver_ed25519 = payload["recipient_keys"]["ed25519"];
if (receiver_ed25519.empty() ||
receiver_ed25519 != olm::client()->identity_keys().ed25519) {
nhlog::crypto()->warn(
"Decrypted event doesn't include our ed25519: {}",
payload.dump());
return;
}
std::string receiver = payload["recipient"];
if (receiver.empty() || receiver != http::client()->user_id().to_string()) {
nhlog::crypto()->warn(
"Decrypted event doesn't include our user_id: {}",
payload.dump());
return;
}
// Clients must confirm that the sender_key and the ed25519 field value
// under the keys property match the keys returned by /keys/query for the
// given user, and must also verify the signature of the payload. Without
// this check, a client cannot be sure that the sender device owns the
// private part of the ed25519 key it claims to have in the Olm payload.
// This is crucial when the ed25519 key corresponds to a verified device.
std::string sender_ed25519 = payload["keys"]["ed25519"];
if (sender_ed25519.empty()) {
nhlog::crypto()->warn(
"Decrypted event doesn't include sender ed25519: {}",
payload.dump());
return;
}
bool from_their_device = false;
for (auto [device_id, key] : otherUserDeviceKeys.device_keys) {
if (key.keys.at("curve25519:" + device_id) == msg.sender_key) {
if (key.keys.at("ed25519:" + device_id) == sender_ed25519) {
from_their_device = true;
break;
}
}
}
if (!from_their_device) {
nhlog::crypto()->warn("Decrypted event isn't sent from a device "
"listed by that user! {}",
payload.dump());
return;
}
{
std::string msg_type = payload["type"];
json event_array = json::array();
event_array.push_back(payload);
std::vector<mtx::events::collections::DeviceEvents> temp_events;
mtx::responses::utils::parse_device_events(event_array,
temp_events);
if (temp_events.empty()) {
nhlog::crypto()->warn("Decrypted unknown event: {}",
payload.dump());
}
device_event = temp_events.at(0);
std::get_if<DeviceEvent<msg::KeyVerificationAccept>>(&device_event)) {
ChatPage::instance()->receivedDeviceVerificationAccept(e1->content);
} else if (auto e2 = std::get_if<DeviceEvent<msg::KeyVerificationRequest>>(
ChatPage::instance()->receivedDeviceVerificationRequest(e2->content,
e2->sender);
} else if (auto e3 = std::get_if<DeviceEvent<msg::KeyVerificationCancel>>(
ChatPage::instance()->receivedDeviceVerificationCancel(e3->content);
} else if (auto e4 = std::get_if<DeviceEvent<msg::KeyVerificationKey>>(
ChatPage::instance()->receivedDeviceVerificationKey(e4->content);
} else if (auto e5 = std::get_if<DeviceEvent<msg::KeyVerificationMac>>(
ChatPage::instance()->receivedDeviceVerificationMac(e5->content);
} else if (auto e6 = std::get_if<DeviceEvent<msg::KeyVerificationStart>>(
ChatPage::instance()->receivedDeviceVerificationStart(e6->content,
e6->sender);
} else if (auto e7 = std::get_if<DeviceEvent<msg::KeyVerificationReady>>(
ChatPage::instance()->receivedDeviceVerificationReady(e7->content);
} else if (auto e8 = std::get_if<DeviceEvent<msg::KeyVerificationDone>>(
ChatPage::instance()->receivedDeviceVerificationDone(e8->content);
} else if (auto roomKey =
std::get_if<DeviceEvent<msg::RoomKey>>(&device_event)) {
create_inbound_megolm_session(
*roomKey, msg.sender_key, sender_ed25519);
} else if (auto forwardedRoomKey =
std::get_if<DeviceEvent<msg::ForwardedRoomKey>>(
&device_event)) {
forwardedRoomKey->content.forwarding_curve25519_key_chain.push_back(
msg.sender_key);
import_inbound_megolm_session(*forwardedRoomKey);
} else if (auto e =
std::get_if<DeviceEvent<msg::SecretSend>>(&device_event)) {
auto local_user = http::client()->user_id();
if (msg.sender != local_user.to_string())
auto secret_name =
request_id_to_secret_name.find(e->content.request_id);
if (secret_name != request_id_to_secret_name.end()) {
nhlog::crypto()->info("Received secret: {}",
secret_name->second);
mtx::events::msg::SecretRequest secretRequest{};
secretRequest.action =
mtx::events::msg::RequestAction::Cancellation;
secretRequest.requesting_device_id =
http::client()->device_id();
secretRequest.request_id = e->content.request_id;
auto verificationStatus =
cache::verificationStatus(local_user.to_string());
if (!verificationStatus)
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
auto deviceKeys = cache::userKeys(local_user.to_string());
std::string sender_device_id;
if (deviceKeys) {
for (auto &[dev, key] : deviceKeys->device_keys) {
if (key.keys["curve25519:" + dev] ==
msg.sender_key) {
sender_device_id = dev;
break;
}
}
}
std::map<
mtx::identifiers::User,
std::map<std::string, mtx::events::msg::SecretRequest>>
body;
for (const auto &dev :
verificationStatus->verified_devices) {
if (dev != secretRequest.requesting_device_id &&
dev != sender_device_id)
body[local_user][dev] = secretRequest;
}
http::client()
->send_to_device<mtx::events::msg::SecretRequest>(
http::client()->generate_txn_id(),
body,
[name =
secret_name->second](mtx::http::RequestErr err) {
if (err) {
nhlog::net()->error(
"Failed to send request cancellation "
"for secrect "
"'{}'",
name);
}
});
cache::client()->storeSecret(secret_name->second,
e->content.secret);
request_id_to_secret_name.erase(secret_name);
}
std::get_if<DeviceEvent<msg::SecretRequest>>(&device_event)) {
if (failed_decryption) {
try {
std::map<std::string, std::vector<std::string>> targets;
for (auto [device_id, key] : otherUserDeviceKeys.device_keys) {
if (key.keys.at("curve25519:" + device_id) == msg.sender_key)
targets[msg.sender].push_back(device_id);
}
send_encrypted_to_device_messages(
targets, mtx::events::DeviceEvent<mtx::events::msg::Dummy>{}, true);
nhlog::crypto()->info("Recovering from broken olm channel with {}:{}",
msg.sender,
msg.sender_key);
} catch (std::exception &e) {
nhlog::crypto()->error("Failed to recover from broken olm sessions: {}",
e.what());
}
handle_pre_key_olm_message(const std::string &sender,
const std::string &sender_key,
const mtx::events::msg::OlmCipherContent &content)
Konstantinos Sideris
committed
nhlog::crypto()->info("opening olm session with {}", sender);
mtx::crypto::OlmSessionPtr inbound_session = nullptr;
inbound_session =
olm::client()->create_inbound_session_from(sender_key, content.body);
// We also remove the one time key used to establish that
// session so we'll have to update our copy of the account object.
cache::saveOlmAccount(olm::client()->save("secret"));
Konstantinos Sideris
committed
nhlog::crypto()->critical(
"failed to create inbound session with {}: {}", sender, e.what());
if (!mtx::crypto::matches_inbound_session_from(
inbound_session.get(), sender_key, content.body)) {
Konstantinos Sideris
committed
nhlog::crypto()->warn("inbound olm session doesn't match sender's key ({})",
sender);
}
mtx::crypto::BinaryBuf output;
try {
output =
olm::client()->decrypt_message(inbound_session.get(), content.type, content.body);
Konstantinos Sideris
committed
nhlog::crypto()->critical(
"failed to decrypt olm message {}: {}", content.body, e.what());
}
auto plaintext = json::parse(std::string((char *)output.data(), output.size()));
nhlog::crypto()->debug("decrypted message: \n {}", plaintext.dump(2));
nhlog::crypto()->debug("New olm session: {}",
mtx::crypto::session_id(inbound_session.get()));
cache::saveOlmSession(
sender_key, std::move(inbound_session), QDateTime::currentMSecsSinceEpoch());
} catch (const lmdb::error &e) {
nhlog::db()->warn(
"failed to save inbound olm session from {}: {}", sender, e.what());
mtx::events::msg::Encrypted
encrypt_group_message(const std::string &room_id, const std::string &device_id, nlohmann::json body)
{
using namespace mtx::events;
using namespace mtx::identifiers;
auto own_user_id = http::client()->user_id().to_string();
auto members = cache::client()->getMembersWithKeys(room_id);
std::map<std::string, std::vector<std::string>> sendSessionTo;
mtx::crypto::OutboundGroupSessionPtr session = nullptr;
GroupSessionData group_session_data;
if (cache::outboundMegolmSessionExists(room_id)) {
auto res = cache::getOutboundMegolmSession(room_id);
auto encryptionSettings = cache::client()->roomEncryptionSettings(room_id);
mtx::events::state::Encryption defaultSettings;
// rotate if we crossed the limits for this key
if (res.data.message_index <
encryptionSettings.value_or(defaultSettings).rotation_period_msgs &&
(QDateTime::currentMSecsSinceEpoch() - res.data.timestamp) <
encryptionSettings.value_or(defaultSettings).rotation_period_ms) {
auto member_it = members.begin();
auto session_member_it = res.data.currently.keys.begin();
auto session_member_it_end = res.data.currently.keys.end();
while (member_it != members.end() ||
session_member_it != session_member_it_end) {
if (member_it == members.end()) {
// a member left, purge session!
nhlog::crypto()->debug(
"Rotating megolm session because of left member");
break;
}
if (session_member_it == session_member_it_end) {
// share with all remaining members
while (member_it != members.end()) {
sendSessionTo[member_it->first] = {};
if (member_it->second)
for (const auto &dev :
member_it->second->device_keys)
if (member_it->first !=
own_user_id ||
dev.first != device_id)
sendSessionTo[member_it
->first]
.push_back(dev.first);
++member_it;
}
session = std::move(res.session);
break;
}
if (member_it->first > session_member_it->first) {
// a member left, purge session
nhlog::crypto()->debug(
"Rotating megolm session because of left member");
break;
} else if (member_it->first < session_member_it->first) {
// new member, send them the session at this index
sendSessionTo[member_it->first] = {};
for (const auto &dev :
member_it->second->device_keys)
if (member_it->first != own_user_id ||
dev.first != device_id)
sendSessionTo[member_it->first]
.push_back(dev.first);
++member_it;
} else {
// compare devices
bool device_removed = false;
for (const auto &dev :
session_member_it->second.deviceids) {
if (!member_it->second ||
!member_it->second->device_keys.count(
dev.first)) {
device_removed = true;
break;
}
}
if (device_removed) {
// device removed, rotate session!
nhlog::crypto()->debug(
"Rotating megolm session because of removed "
"device of {}",
member_it->first);
break;
}
// check for new devices to share with
if (member_it->second)
for (const auto &dev :
member_it->second->device_keys)
if (!session_member_it->second.deviceids
.count(dev.first) &&
(member_it->first != own_user_id ||
dev.first != device_id))
sendSessionTo[member_it->first]
.push_back(dev.first);
++member_it;
++session_member_it;
if (member_it == members.end() &&
session_member_it == session_member_it_end) {
// all devices match or are newly added
session = std::move(res.session);
}
}
}
}
group_session_data = std::move(res.data);
}
if (!session) {
nhlog::ui()->debug("creating new outbound megolm session");
// Create a new outbound megolm session.
session = olm::client()->init_outbound_group_session();
const auto session_id = mtx::crypto::session_id(session.get());
const auto session_key = mtx::crypto::session_key(session.get());
// Saving the new megolm session.
GroupSessionData session_data{};
session_data.message_index = 0;
session_data.timestamp = QDateTime::currentMSecsSinceEpoch();
session_data.sender_claimed_ed25519_key = olm::client()->identity_keys().ed25519;
sendSessionTo.clear();
for (const auto &[user, devices] : members) {
sendSessionTo[user] = {};
session_data.currently.keys[user] = {};
if (devices) {
for (const auto &[device_id_, key] : devices->device_keys) {
(void)key;
if (device_id != device_id_ || user != own_user_id) {
sendSessionTo[user].push_back(device_id_);
session_data.currently.keys[user]
.deviceids[device_id_] = 0;
}
}
}
}
{
MegolmSessionIndex index;
index.room_id = room_id;
index.session_id = session_id;
index.sender_key = olm::client()->identity_keys().curve25519;
auto megolm_session =
olm::client()->init_inbound_group_session(session_key);
cache::saveInboundMegolmSession(
index, std::move(megolm_session), session_data);
cache::saveOutboundMegolmSession(room_id, session_data, session);
group_session_data = std::move(session_data);
}
mtx::events::DeviceEvent<mtx::events::msg::RoomKey> megolm_payload{};
megolm_payload.content.algorithm = MEGOLM_ALGO;
megolm_payload.content.room_id = room_id;
megolm_payload.content.session_id = mtx::crypto::session_id(session.get());
megolm_payload.content.session_key = mtx::crypto::session_key(session.get());
megolm_payload.type = mtx::events::EventType::RoomKey;
if (!sendSessionTo.empty())
olm::send_encrypted_to_device_messages(sendSessionTo, megolm_payload);
// relations shouldn't be encrypted...
mtx::common::Relations relations = mtx::common::parse_relations(body["content"]);
auto payload = olm::client()->encrypt_group_message(session.get(), body.dump());
// Prepare the m.room.encrypted event.
msg::Encrypted data;
data.ciphertext = std::string((char *)payload.data(), payload.size());
data.sender_key = olm::client()->identity_keys().curve25519;
data.session_id = mtx::crypto::session_id(session.get());
data.device_id = device_id;
data.algorithm = MEGOLM_ALGO;
data.relations = relations;
group_session_data.message_index = olm_outbound_group_session_message_index(session.get());
nhlog::crypto()->debug("next message_index {}", group_session_data.message_index);
// update current set of members for the session with the new members and that message_index
for (const auto &[user, devices] : sendSessionTo) {
if (!group_session_data.currently.keys.count(user))
group_session_data.currently.keys[user] = {};
if (!group_session_data.currently.keys[user].deviceids.count(device_id_))
group_session_data.currently.keys[user].deviceids[device_id_] =
group_session_data.message_index;
}
}
// We need to re-pickle the session after we send a message to save the new message_index.
cache::updateOutboundMegolmSession(room_id, group_session_data, session);
return data;
}
try_olm_decryption(const std::string &sender_key, const mtx::events::msg::OlmCipherContent &msg)
auto session_ids = cache::getOlmSessions(sender_key);
nhlog::crypto()->info("attempt to decrypt message with {} known session_ids",
session_ids.size());
for (const auto &id : session_ids) {
auto session = cache::getOlmSession(sender_key, id);
if (!session) {
nhlog::crypto()->warn("Unknown olm session: {}:{}", sender_key, id);
mtx::crypto::BinaryBuf text;
try {
text = olm::client()->decrypt_message(session->get(), msg.type, msg.body);
nhlog::crypto()->debug("Updated olm session: {}",
mtx::crypto::session_id(session->get()));
cache::saveOlmSession(
id, std::move(session.value()), QDateTime::currentMSecsSinceEpoch());
nhlog::crypto()->debug("failed to decrypt olm message ({}, {}) with {}: {}",
msg.type,
sender_key,
id,
e.what());
continue;
} catch (const lmdb::error &e) {
nhlog::crypto()->critical("failed to save session: {}", e.what());
return {};
}
try {
return json::parse(std::string_view((char *)text.data(), text.size()));
} catch (const json::exception &e) {
nhlog::crypto()->critical(
"failed to parse the decrypted session msg: {} {}",
e.what(),
std::string_view((char *)text.data(), text.size()));
}
}
return {};
}
void
create_inbound_megolm_session(const mtx::events::DeviceEvent<mtx::events::msg::RoomKey> &roomKey,
const std::string &sender_key,
const std::string &sender_ed25519)
MegolmSessionIndex index;
index.room_id = roomKey.content.room_id;
index.session_id = roomKey.content.session_id;
index.sender_key = sender_key;
GroupSessionData data{};
data.forwarding_curve25519_key_chain = {sender_key};
data.sender_claimed_ed25519_key = sender_ed25519;
auto megolm_session =
olm::client()->init_inbound_group_session(roomKey.content.session_key);
cache::saveInboundMegolmSession(index, std::move(megolm_session), data);
} catch (const lmdb::error &e) {
nhlog::crypto()->critical("failed to save inbound megolm session: {}", e.what());
return;
} catch (const mtx::crypto::olm_exception &e) {
nhlog::crypto()->critical("failed to create inbound megolm session: {}", e.what());
nhlog::crypto()->info(
"established inbound megolm session ({}, {})", roomKey.content.room_id, roomKey.sender);
ChatPage::instance()->receivedSessionKey(index.room_id, index.session_id);
}
void
import_inbound_megolm_session(
const mtx::events::DeviceEvent<mtx::events::msg::ForwardedRoomKey> &roomKey)
{
MegolmSessionIndex index;
index.room_id = roomKey.content.room_id;
index.session_id = roomKey.content.session_id;
index.sender_key = roomKey.content.sender_key;
auto megolm_session =
olm::client()->import_inbound_group_session(roomKey.content.session_key);
GroupSessionData data{};
data.forwarding_curve25519_key_chain =
roomKey.content.forwarding_curve25519_key_chain;
data.sender_claimed_ed25519_key = roomKey.content.sender_claimed_ed25519_key;
cache::saveInboundMegolmSession(index, std::move(megolm_session), data);
} catch (const lmdb::error &e) {
nhlog::crypto()->critical("failed to save inbound megolm session: {}", e.what());
return;
nhlog::crypto()->critical("failed to import inbound megolm session: {}", e.what());
nhlog::crypto()->info(
"established inbound megolm session ({}, {})", roomKey.content.room_id, roomKey.sender);
ChatPage::instance()->receivedSessionKey(index.room_id, index.session_id);
void
mark_keys_as_published()
{
olm::client()->mark_keys_as_published();
cache::saveOlmAccount(olm::client()->save(STORAGE_SECRET_KEY));
send_key_request_for(mtx::events::EncryptedEvent<mtx::events::msg::Encrypted> e,
const std::string &request_id,
bool cancel)
{
using namespace mtx::events;
nhlog::crypto()->debug("sending key request: sender_key {}, session_id {}",
e.content.sender_key,
e.content.session_id);
mtx::events::msg::KeyRequest request;
request.action = cancel ? mtx::events::msg::RequestAction::Cancellation
: mtx::events::msg::RequestAction::Request;
request.sender_key = e.content.sender_key;
request.session_id = e.content.session_id;
request.requesting_device_id = http::client()->device_id();
nhlog::crypto()->debug("m.room_key_request: {}", json(request).dump(2));
std::map<mtx::identifiers::User, std::map<std::string, decltype(request)>> body;
body[mtx::identifiers::parse<mtx::identifiers::User>(e.sender)][e.content.device_id] =
request;
body[http::client()->user_id()]["*"] = request;
http::client()->send_to_device(
http::client()->generate_txn_id(), body, [e](mtx::http::RequestErr err) {
if (err) {
nhlog::net()->warn("failed to send "
"send_to_device "
"message: {}",
err->matrix_error.error);
}
nhlog::net()->info("m.room_key_request sent to {}:{} and your own devices",
e.sender,
e.content.device_id);
});
}
void
handle_key_request_message(const mtx::events::DeviceEvent<mtx::events::msg::KeyRequest> &req)
nhlog::crypto()->debug("ignoring key request {} with invalid algorithm: {}",
return;
}
// Check if we were the sender of the session being requested (unless it is actually us
// requesting the session).
if (req.sender != http::client()->user_id().to_string() &&
req.content.sender_key != olm::client()->identity_keys().curve25519) {
nhlog::crypto()->debug(
"ignoring key request {} because we did not create the requested session: "
"\nrequested({}) ours({})",
req.content.request_id,
req.content.sender_key,
olm::client()->identity_keys().curve25519);
return;
}
// Check that the requested session_id and the one we have saved match.
MegolmSessionIndex index{};
index.room_id = req.content.room_id;
index.session_id = req.content.session_id;
index.sender_key = req.content.sender_key;
// Check if we have the keys for the requested session.
auto sessionData = cache::getMegolmSessionData(index);
if (!sessionData) {
nhlog::crypto()->warn("requested session not found in room: {}",
req.content.room_id);
return;
}
const auto session = cache::getInboundMegolmSession(index);
if (!session) {
nhlog::crypto()->warn("No session with id {} in db", req.content.session_id);
return;
}
if (!cache::isRoomMember(req.sender, req.content.room_id)) {
nhlog::crypto()->warn(
"user {} that requested the session key is not member of the room {}",
req.sender,
return;
}
// check if device is verified
auto verificationStatus = cache::verificationStatus(req.sender);
bool verifiedDevice = false;
if (verificationStatus &&
Nicolas Werner
committed
// Share keys, if the option to share with trusted users is enabled or with yourself
(ChatPage::instance()->userSettings()->shareKeysWithTrustedUsers() ||
req.sender == http::client()->user_id().to_string())) {
for (const auto &dev : verificationStatus->verified_devices) {
if (dev == req.content.requesting_device_id) {
verifiedDevice = true;
nhlog::crypto()->debug("Verified device: {}", dev);
Nicolas Werner
committed
bool shouldSeeKeys = false;
uint64_t minimumIndex = -1;
if (sessionData->currently.keys.count(req.sender)) {
if (sessionData->currently.keys.at(req.sender)
.deviceids.count(req.content.requesting_device_id)) {
Nicolas Werner
committed
shouldSeeKeys = true;
minimumIndex = sessionData->currently.keys.at(req.sender)
.deviceids.at(req.content.requesting_device_id);
Nicolas Werner
committed
}
}
if (!verifiedDevice && !shouldSeeKeys &&
!utils::respondsToKeyRequests(req.content.room_id)) {
nhlog::crypto()->debug("ignoring key request for room {}", req.content.room_id);
Nicolas Werner
committed
if (verifiedDevice || utils::respondsToKeyRequests(req.content.room_id)) {
// share the minimum index we have
minimumIndex = -1;
}
try {
auto session_key = mtx::crypto::export_session(session.get(), minimumIndex);
//
// Prepare the m.room_key event.
//
mtx::events::msg::ForwardedRoomKey forward_key{};
forward_key.algorithm = MEGOLM_ALGO;
forward_key.room_id = index.room_id;
forward_key.session_id = index.session_id;
forward_key.session_key = session_key;
forward_key.sender_key = index.sender_key;
// TODO(Nico): Figure out if this is correct
forward_key.sender_claimed_ed25519_key = sessionData->sender_claimed_ed25519_key;
forward_key.forwarding_curve25519_key_chain =
sessionData->forwarding_curve25519_key_chain;
Nicolas Werner
committed
send_megolm_key_to_device(
req.sender, req.content.requesting_device_id, forward_key);
} catch (std::exception &e) {
nhlog::crypto()->error("Failed to forward session key: {}", e.what());
}