Rotate session keys properly

This commit is contained in:
Nicolas Werner 2021-03-15 16:24:01 +01:00
parent 61c5dffffd
commit 569ea5b5f4
No known key found for this signature in database
GPG key ID: C8D75E610773F2D9
6 changed files with 121 additions and 70 deletions

View file

@ -358,7 +358,7 @@ if(USE_BUNDLED_MTXCLIENT)
FetchContent_Declare(
MatrixClient
GIT_REPOSITORY https://github.com/Nheko-Reborn/mtxclient.git
GIT_TAG b1b1ef9ad088f9666582f46d81b75a80c6b2b1c0
GIT_TAG 7194b4f058406b1c10d3741d83abcf2d8963d849
)
set(BUILD_LIB_EXAMPLES OFF CACHE INTERNAL "")
set(BUILD_LIB_TESTS OFF CACHE INTERNAL "")

View file

@ -220,7 +220,7 @@
"name": "mtxclient",
"sources": [
{
"commit": "b1b1ef9ad088f9666582f46d81b75a80c6b2b1c0",
"commit": "7194b4f058406b1c10d3741d83abcf2d8963d849",
"type": "git",
"url": "https://github.com/Nheko-Reborn/mtxclient.git"
}

View file

@ -261,6 +261,36 @@ Cache::isRoomEncrypted(const std::string &room_id)
return res;
}
std::optional<mtx::events::state::Encryption>
Cache::roomEncryptionSettings(const std::string &room_id)
{
using namespace mtx::events;
using namespace mtx::events::state;
try {
auto txn = lmdb::txn::begin(env_, nullptr, MDB_RDONLY);
auto statesdb = getStatesDb(txn, room_id);
std::string_view event;
bool res =
statesdb.get(txn, to_string(mtx::events::EventType::RoomEncryption), event);
if (res) {
try {
StateEvent<Encryption> msg = json::parse(event);
return msg.content;
} catch (const json::exception &e) {
nhlog::db()->warn("failed to parse m.room.encryption event: {}",
e.what());
return Encryption{};
}
}
} catch (lmdb::error &) {
}
return std::nullopt;
}
mtx::crypto::ExportedSessionKeys
Cache::exportSessionKeys()
{
@ -3893,6 +3923,7 @@ to_json(nlohmann::json &obj, const OutboundGroupSessionData &msg)
obj["session_id"] = msg.session_id;
obj["session_key"] = msg.session_key;
obj["message_index"] = msg.message_index;
obj["ts"] = msg.timestamp;
obj["initially"] = msg.initially;
obj["currently"] = msg.currently;
@ -3904,6 +3935,7 @@ from_json(const nlohmann::json &obj, OutboundGroupSessionData &msg)
msg.session_id = obj.at("session_id");
msg.session_key = obj.at("session_key");
msg.message_index = obj.at("message_index");
msg.timestamp = obj.value("ts", 0ULL);
msg.initially = obj.value("initially", SharedWithUsers{});
msg.currently = obj.value("currently", SharedWithUsers{});

View file

@ -28,6 +28,7 @@ struct OutboundGroupSessionData
std::string session_id;
std::string session_key;
uint64_t message_index = 0;
uint64_t timestamp = 0;
// who has access to this session.
// Rotate, when a user leaves the room and share, when a user gets added.

View file

@ -221,6 +221,8 @@ public:
//! Mark a room that uses e2e encryption.
void setEncryptedRoom(lmdb::txn &txn, const std::string &room_id);
bool isRoomEncrypted(const std::string &room_id);
std::optional<mtx::events::state::Encryption> roomEncryptionSettings(
const std::string &room_id);
//! Check if a user is a member of the room.
bool isRoomMember(const std::string &user_id, const std::string &room_id);

View file

@ -431,12 +431,20 @@ encrypt_group_message(const std::string &room_id, const std::string &device_id,
if (cache::outboundMegolmSessionExists(room_id)) {
auto res = cache::getOutboundMegolmSession(room_id);
auto encryptionSettings = cache::client()->roomEncryptionSettings(room_id);
mtx::events::state::Encryption defaultSettings;
// rotate if we crossed the limits for this key
if (res.data.message_index <
encryptionSettings.value_or(defaultSettings).rotation_period_msgs &&
(QDateTime::currentMSecsSinceEpoch() - res.data.timestamp) <
encryptionSettings.value_or(defaultSettings).rotation_period_ms) {
auto member_it = members.begin();
auto session_member_it = res.data.currently.keys.begin();
auto session_member_it_end = res.data.currently.keys.end();
while (member_it != members.end() || session_member_it != session_member_it_end) {
while (member_it != members.end() ||
session_member_it != session_member_it_end) {
if (member_it == members.end()) {
// a member left, purge session!
nhlog::crypto()->debug(
@ -452,9 +460,11 @@ encrypt_group_message(const std::string &room_id, const std::string &device_id,
if (member_it->second)
for (const auto &dev :
member_it->second->device_keys)
if (member_it->first != own_user_id ||
if (member_it->first !=
own_user_id ||
dev.first != device_id)
sendSessionTo[member_it->first]
sendSessionTo[member_it
->first]
.push_back(dev.first);
++member_it;
@ -474,11 +484,12 @@ encrypt_group_message(const std::string &room_id, const std::string &device_id,
sendSessionTo[member_it->first] = {};
if (member_it->second) {
for (const auto &dev : member_it->second->device_keys)
for (const auto &dev :
member_it->second->device_keys)
if (member_it->first != own_user_id ||
dev.first != device_id)
sendSessionTo[member_it->first].push_back(
dev.first);
sendSessionTo[member_it->first]
.push_back(dev.first);
}
++member_it;
@ -487,7 +498,8 @@ encrypt_group_message(const std::string &room_id, const std::string &device_id,
bool device_removed = false;
for (const auto &dev : session_member_it->second.devices) {
if (!member_it->second ||
!member_it->second->device_keys.count(dev.first)) {
!member_it->second->device_keys.count(
dev.first)) {
device_removed = true;
break;
}
@ -496,20 +508,22 @@ encrypt_group_message(const std::string &room_id, const std::string &device_id,
if (device_removed) {
// device removed, rotate session!
nhlog::crypto()->debug(
"Rotating megolm session because of removed device of {}",
"Rotating megolm session because of removed "
"device of {}",
member_it->first);
break;
}
// check for new devices to share with
if (member_it->second)
for (const auto &dev : member_it->second->device_keys)
if (!session_member_it->second.devices.count(
dev.first) &&
for (const auto &dev :
member_it->second->device_keys)
if (!session_member_it->second.devices
.count(dev.first) &&
(member_it->first != own_user_id ||
dev.first != device_id))
sendSessionTo[member_it->first].push_back(
dev.first);
sendSessionTo[member_it->first]
.push_back(dev.first);
++member_it;
++session_member_it;
@ -520,6 +534,7 @@ encrypt_group_message(const std::string &room_id, const std::string &device_id,
}
}
}
}
group_session_data = std::move(res.data);
}
@ -537,6 +552,7 @@ encrypt_group_message(const std::string &room_id, const std::string &device_id,
session_data.session_id = mtx::crypto::session_id(session.get());
session_data.session_key = mtx::crypto::session_key(session.get());
session_data.message_index = 0;
session_data.timestamp = QDateTime::currentMSecsSinceEpoch();
sendSessionTo.clear();