d3v1l/matrixion
1
0
Fork 0
mirror of https://github.com/Nheko-Reborn/nheko.git synced 2024-11-26 04:58:49 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

Don't send encrypted olm messages to ourselves

Browse source
This commit is contained in:
Nicolas Werner 2021-07-25 13:51:21 +02:00
parent f4e670d8d5
commit 8444683271
No known key found for this signature in database
GPG key ID: C8D75E610773F2D9
1 changed files with 25 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

30
src/Olm.cpp
View file

@ -212,6 +212,11 @@ handle_olm_message(const OlmMessage &msg, const UserKeyCache &otherUserDeviceKey
nhlog::crypto()->info("sender : {}", msg.sender); nhlog::crypto()->info("sender : {}", msg.sender);
nhlog::crypto()->info("sender_key: {}", msg.sender_key); nhlog::crypto()->info("sender_key: {}", msg.sender_key);
if (msg.sender_key == olm::client()->identity_keys().ed25519) {
nhlog::crypto()->warn("Ignoring olm message from ourselves!");
return;
}
const auto my_key = olm::client()->identity_keys().curve25519; const auto my_key = olm::client()->identity_keys().curve25519;
bool failed_decryption = false; bool failed_decryption = false;
@ -1089,6 +1094,8 @@ send_encrypted_to_device_messages(const std::map<std::string, std::vector<std::s
messages; messages;
std::map<std::string, std::map<std::string, DevicePublicKeys>> pks; std::map<std::string, std::map<std::string, DevicePublicKeys>> pks;
auto our_curve = olm::client()->identity_keys().curve25519;
for (const auto &[user, devices] : targets) { for (const auto &[user, devices] : targets) {
auto deviceKeys = cache::client()->userKeys(user); auto deviceKeys = cache::client()->userKeys(user);
@ -1122,8 +1129,14 @@ send_encrypted_to_device_messages(const std::map<std::string, std::vector<std::s
continue; continue;
} }
auto session = auto device_curve = d.keys.at("curve25519:" + device);
cache::getLatestOlmSession(d.keys.at("curve25519:" + device)); if (device_curve == our_curve) {
nhlog::crypto()->warn("Skipping our own device, since sending "
"ourselves olm messages makes no sense.");
continue;
}
auto session = cache::getLatestOlmSession(device_curve);
if (!session || force_new_session) { if (!session || force_new_session) {
claims.one_time_keys[user][device] = mtx::crypto::SIGNED_CURVE25519; claims.one_time_keys[user][device] = mtx::crypto::SIGNED_CURVE25519;
pks[user][device].ed25519 = d.keys.at("ed25519:" + device); pks[user][device].ed25519 = d.keys.at("ed25519:" + device);
@ -1137,7 +1150,7 @@ send_encrypted_to_device_messages(const std::map<std::string, std::vector<std::s
ev_json, ev_json,
UserId(user), UserId(user),
d.keys.at("ed25519:" + device), d.keys.at("ed25519:" + device),
d.keys.at("curve25519:" + device)) device_curve)
.get<mtx::events::msg::OlmEncrypted>(); .get<mtx::events::msg::OlmEncrypted>();
try { try {
@ -1256,8 +1269,8 @@ send_encrypted_to_device_messages(const std::map<std::string, std::vector<std::s
req.device_keys = keysToQuery; req.device_keys = keysToQuery;
http::client()->query_keys( http::client()->query_keys(
req, req,
[ev_json, BindPks](const mtx::responses::QueryKeys &res, [ev_json, BindPks, our_curve](const mtx::responses::QueryKeys &res,
mtx::http::RequestErr err) { mtx::http::RequestErr err) {
if (err) { if (err) {
nhlog::net()->warn("failed to query device keys: {} {}", nhlog::net()->warn("failed to query device keys: {} {}",
err->matrix_error.error, err->matrix_error.error,
@ -1299,6 +1312,13 @@ send_encrypted_to_device_messages(const std::map<std::string, std::vector<std::s
pks.ed25519 = device_keys.at(edKey); pks.ed25519 = device_keys.at(edKey);
pks.curve25519 = device_keys.at(curveKey); pks.curve25519 = device_keys.at(curveKey);
if (pks.curve25519 == our_curve) {
nhlog::crypto()->warn(
"Skipping our own device, since sending "
"ourselves olm messages makes no sense.");
continue;
}
try { try {
if (!mtx::crypto::verify_identity_signature( if (!mtx::crypto::verify_identity_signature(
dev.second, device_id, user_id)) { dev.second, device_id, user_id)) {