mirror of
https://github.com/Nheko-Reborn/nheko.git
synced 2024-11-29 14:18:49 +03:00
Don't send encrypted olm messages to ourselves
This commit is contained in:
parent
f4e670d8d5
commit
8444683271
1 changed files with 25 additions and 5 deletions
30
src/Olm.cpp
30
src/Olm.cpp
|
@ -212,6 +212,11 @@ handle_olm_message(const OlmMessage &msg, const UserKeyCache &otherUserDeviceKey
|
||||||
nhlog::crypto()->info("sender : {}", msg.sender);
|
nhlog::crypto()->info("sender : {}", msg.sender);
|
||||||
nhlog::crypto()->info("sender_key: {}", msg.sender_key);
|
nhlog::crypto()->info("sender_key: {}", msg.sender_key);
|
||||||
|
|
||||||
|
if (msg.sender_key == olm::client()->identity_keys().ed25519) {
|
||||||
|
nhlog::crypto()->warn("Ignoring olm message from ourselves!");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
const auto my_key = olm::client()->identity_keys().curve25519;
|
const auto my_key = olm::client()->identity_keys().curve25519;
|
||||||
|
|
||||||
bool failed_decryption = false;
|
bool failed_decryption = false;
|
||||||
|
@ -1089,6 +1094,8 @@ send_encrypted_to_device_messages(const std::map<std::string, std::vector<std::s
|
||||||
messages;
|
messages;
|
||||||
std::map<std::string, std::map<std::string, DevicePublicKeys>> pks;
|
std::map<std::string, std::map<std::string, DevicePublicKeys>> pks;
|
||||||
|
|
||||||
|
auto our_curve = olm::client()->identity_keys().curve25519;
|
||||||
|
|
||||||
for (const auto &[user, devices] : targets) {
|
for (const auto &[user, devices] : targets) {
|
||||||
auto deviceKeys = cache::client()->userKeys(user);
|
auto deviceKeys = cache::client()->userKeys(user);
|
||||||
|
|
||||||
|
@ -1122,8 +1129,14 @@ send_encrypted_to_device_messages(const std::map<std::string, std::vector<std::s
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
auto session =
|
auto device_curve = d.keys.at("curve25519:" + device);
|
||||||
cache::getLatestOlmSession(d.keys.at("curve25519:" + device));
|
if (device_curve == our_curve) {
|
||||||
|
nhlog::crypto()->warn("Skipping our own device, since sending "
|
||||||
|
"ourselves olm messages makes no sense.");
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
|
auto session = cache::getLatestOlmSession(device_curve);
|
||||||
if (!session || force_new_session) {
|
if (!session || force_new_session) {
|
||||||
claims.one_time_keys[user][device] = mtx::crypto::SIGNED_CURVE25519;
|
claims.one_time_keys[user][device] = mtx::crypto::SIGNED_CURVE25519;
|
||||||
pks[user][device].ed25519 = d.keys.at("ed25519:" + device);
|
pks[user][device].ed25519 = d.keys.at("ed25519:" + device);
|
||||||
|
@ -1137,7 +1150,7 @@ send_encrypted_to_device_messages(const std::map<std::string, std::vector<std::s
|
||||||
ev_json,
|
ev_json,
|
||||||
UserId(user),
|
UserId(user),
|
||||||
d.keys.at("ed25519:" + device),
|
d.keys.at("ed25519:" + device),
|
||||||
d.keys.at("curve25519:" + device))
|
device_curve)
|
||||||
.get<mtx::events::msg::OlmEncrypted>();
|
.get<mtx::events::msg::OlmEncrypted>();
|
||||||
|
|
||||||
try {
|
try {
|
||||||
|
@ -1256,8 +1269,8 @@ send_encrypted_to_device_messages(const std::map<std::string, std::vector<std::s
|
||||||
req.device_keys = keysToQuery;
|
req.device_keys = keysToQuery;
|
||||||
http::client()->query_keys(
|
http::client()->query_keys(
|
||||||
req,
|
req,
|
||||||
[ev_json, BindPks](const mtx::responses::QueryKeys &res,
|
[ev_json, BindPks, our_curve](const mtx::responses::QueryKeys &res,
|
||||||
mtx::http::RequestErr err) {
|
mtx::http::RequestErr err) {
|
||||||
if (err) {
|
if (err) {
|
||||||
nhlog::net()->warn("failed to query device keys: {} {}",
|
nhlog::net()->warn("failed to query device keys: {} {}",
|
||||||
err->matrix_error.error,
|
err->matrix_error.error,
|
||||||
|
@ -1299,6 +1312,13 @@ send_encrypted_to_device_messages(const std::map<std::string, std::vector<std::s
|
||||||
pks.ed25519 = device_keys.at(edKey);
|
pks.ed25519 = device_keys.at(edKey);
|
||||||
pks.curve25519 = device_keys.at(curveKey);
|
pks.curve25519 = device_keys.at(curveKey);
|
||||||
|
|
||||||
|
if (pks.curve25519 == our_curve) {
|
||||||
|
nhlog::crypto()->warn(
|
||||||
|
"Skipping our own device, since sending "
|
||||||
|
"ourselves olm messages makes no sense.");
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
if (!mtx::crypto::verify_identity_signature(
|
if (!mtx::crypto::verify_identity_signature(
|
||||||
dev.second, device_id, user_id)) {
|
dev.second, device_id, user_id)) {
|
||||||
|
|
Loading…
Reference in a new issue