Send one claim request per user that includes all devices

Add missing megolm algorithm field that was causing
the "unknown algorithm" error.
This commit is contained in:
Konstantinos Sideris 2018-06-25 17:19:52 +03:00
parent 794b9ceb1b
commit 9802ea8809
3 changed files with 96 additions and 49 deletions

View file

@ -195,10 +195,9 @@ private:
const mtx::events::EncryptedEvent<mtx::events::msg::Encrypted> &e); const mtx::events::EncryptedEvent<mtx::events::msg::Encrypted> &e);
void handleClaimedKeys(std::shared_ptr<StateKeeper> keeper, void handleClaimedKeys(std::shared_ptr<StateKeeper> keeper,
const std::string &room_key, const std::map<std::string, std::string> &room_key,
const DevicePublicKeys &pks, const std::map<std::string, DevicePublicKeys> &pks,
const std::string &user_id, const std::string &user_id,
const std::string &device_id,
const mtx::responses::ClaimKeys &res, const mtx::responses::ClaimKeys &res,
mtx::http::RequestErr err); mtx::http::RequestErr err);

View file

@ -6,6 +6,7 @@
using namespace mtx::crypto; using namespace mtx::crypto;
static const std::string STORAGE_SECRET_KEY("secret"); static const std::string STORAGE_SECRET_KEY("secret");
constexpr auto MEGOLM_ALGO = "m.megolm.v1.aes-sha2";
namespace { namespace {
auto client_ = std::make_unique<mtx::crypto::OlmClient>(); auto client_ = std::make_unique<mtx::crypto::OlmClient>();
@ -142,6 +143,7 @@ encrypt_group_message(const std::string &room_id,
data.sender_key = olm::client()->identity_keys().curve25519; data.sender_key = olm::client()->identity_keys().curve25519;
data.session_id = res.data.session_id; data.session_id = res.data.session_id;
data.device_id = device_id; data.device_id = device_id;
data.algorithm = MEGOLM_ALGO;
auto message_index = olm_outbound_group_session_message_index(res.session); auto message_index = olm_outbound_group_session_message_index(res.session);
nhlog::crypto()->info("next message_index {}", message_index); nhlog::crypto()->info("next message_index {}", message_index);

View file

@ -185,7 +185,6 @@ TimelineView::sliderMoved(int position)
// Prevent user from moving up when there is pagination in // Prevent user from moving up when there is pagination in
// progress. // progress.
// TODO: Keep a map of the event ids to filter out duplicates.
if (isPaginationInProgress_) if (isPaginationInProgress_)
return; return;
@ -1278,12 +1277,18 @@ TimelineView::prepareEncryptedMessage(const PendingMessage &msg)
} }
for (const auto &user : res.device_keys) { for (const auto &user : res.device_keys) {
// Mapping from a device_id with valid identity keys to the
// generated room_key event used for sharing the megolm session.
std::map<std::string, std::string> room_key_msgs;
std::map<std::string, DevicePublicKeys> deviceKeys;
room_key_msgs.clear();
deviceKeys.clear();
for (const auto &dev : user.second) { for (const auto &dev : user.second) {
const auto user_id = UserId(dev.second.user_id); const auto user_id = UserId(dev.second.user_id);
const auto device_id = DeviceId(dev.second.device_id); const auto device_id = DeviceId(dev.second.device_id);
nhlog::net()->info("device_id {}", device_id.get());
const auto device_keys = dev.second.keys; const auto device_keys = dev.second.keys;
const auto curveKey = "curve25519:" + device_id.get(); const auto curveKey = "curve25519:" + device_id.get();
const auto edKey = "ed25519:" + device_id.get(); const auto edKey = "ed25519:" + device_id.get();
@ -1300,12 +1305,6 @@ TimelineView::prepareEncryptedMessage(const PendingMessage &msg)
pks.ed25519 = device_keys.at(edKey); pks.ed25519 = device_keys.at(edKey);
pks.curve25519 = device_keys.at(curveKey); pks.curve25519 = device_keys.at(curveKey);
// Validate signatures
for (const auto &algo : dev.second.keys) {
nhlog::net()->info(
"dev keys {} {}", algo.first, algo.second);
}
try { try {
if (!mtx::crypto::verify_identity_signature( if (!mtx::crypto::verify_identity_signature(
json(dev.second), device_id, user_id)) { json(dev.second), device_id, user_id)) {
@ -1319,6 +1318,11 @@ TimelineView::prepareEncryptedMessage(const PendingMessage &msg)
"failed to parse device key json: {}", "failed to parse device key json: {}",
e.what()); e.what());
continue; continue;
} catch (const mtx::crypto::olm_exception &e) {
nhlog::crypto()->warn(
"failed to verify device key json: {}",
e.what());
continue;
} }
auto room_key = olm::client() auto room_key = olm::client()
@ -1326,19 +1330,41 @@ TimelineView::prepareEncryptedMessage(const PendingMessage &msg)
user_id, pks.ed25519, megolm_payload) user_id, pks.ed25519, megolm_payload)
.dump(); .dump();
http::v2::client()->claim_keys( room_key_msgs.emplace(device_id, room_key);
user_id, deviceKeys.emplace(device_id, pks);
{device_id},
std::bind(&TimelineView::handleClaimedKeys,
this,
keeper,
room_key,
pks,
user_id,
device_id,
std::placeholders::_1,
std::placeholders::_2));
} }
std::vector<std::string> valid_devices;
valid_devices.reserve(room_key_msgs.size());
for (auto const &d : room_key_msgs) {
valid_devices.push_back(d.first);
nhlog::net()->info("{}", d.first);
nhlog::net()->info(" curve25519 {}",
deviceKeys.at(d.first).curve25519);
nhlog::net()->info(" ed25519 {}",
deviceKeys.at(d.first).ed25519);
}
nhlog::net()->info(
"sending claim request for user {} with {} devices",
user.first,
valid_devices.size());
http::v2::client()->claim_keys(
user.first,
valid_devices,
std::bind(&TimelineView::handleClaimedKeys,
this,
keeper,
room_key_msgs,
deviceKeys,
user.first,
std::placeholders::_1,
std::placeholders::_2));
// TODO: Wait before sending the next batch of requests.
std::this_thread::sleep_for(std::chrono::milliseconds(500));
} }
}); });
@ -1354,44 +1380,62 @@ TimelineView::prepareEncryptedMessage(const PendingMessage &msg)
void void
TimelineView::handleClaimedKeys(std::shared_ptr<StateKeeper> keeper, TimelineView::handleClaimedKeys(std::shared_ptr<StateKeeper> keeper,
const std::string &room_key, const std::map<std::string, std::string> &room_keys,
const DevicePublicKeys &pks, const std::map<std::string, DevicePublicKeys> &pks,
const std::string &user_id, const std::string &user_id,
const std::string &device_id,
const mtx::responses::ClaimKeys &res, const mtx::responses::ClaimKeys &res,
mtx::http::RequestErr err) mtx::http::RequestErr err)
{ {
if (err) { if (err) {
nhlog::net()->warn("claim keys error: {}", err->matrix_error.error); nhlog::net()->warn("claim keys error: {} {} {}",
err->matrix_error.error,
err->parse_error,
static_cast<int>(err->status_code));
return; return;
} }
nhlog::net()->info("claimed keys for {} - {}", user_id, device_id); nhlog::net()->info("claimed keys for {}", user_id);
if (res.one_time_keys.size() == 0) { if (res.one_time_keys.size() == 0) {
nhlog::net()->info("no one-time keys found for device_id: {}", device_id); nhlog::net()->info("no one-time keys found for user_id: {}", user_id);
return; return;
} }
if (res.one_time_keys.find(user_id) == res.one_time_keys.end()) { if (res.one_time_keys.find(user_id) == res.one_time_keys.end()) {
nhlog::net()->info( nhlog::net()->info("no one-time keys found for user_id: {}", user_id);
"no one-time keys found in device_id {} for the user {}", device_id, user_id);
return; return;
} }
auto retrieved_devices = res.one_time_keys.at(user_id); auto retrieved_devices = res.one_time_keys.at(user_id);
// Payload with all the to_device message to be sent.
json body;
body["messages"][user_id] = json::object();
for (const auto &rd : retrieved_devices) { for (const auto &rd : retrieved_devices) {
nhlog::net()->info("{} : \n {}", rd.first, rd.second.dump(2)); const auto device_id = rd.first;
nhlog::net()->info("{} : \n {}", device_id, rd.second.dump(2));
// TODO: Verify signatures // TODO: Verify signatures
auto otk = rd.second.begin()->at("key"); auto otk = rd.second.begin()->at("key");
auto id_key = pks.curve25519;
auto s = olm::client()->create_outbound_session(id_key, otk); if (pks.find(device_id) == pks.end()) {
nhlog::net()->critical("couldn't find public key for device: {}",
device_id);
continue;
}
auto device_msg = auto id_key = pks.at(device_id).curve25519;
olm::client()->create_olm_encrypted_content(s.get(), room_key, pks.curve25519); auto s = olm::client()->create_outbound_session(id_key, otk);
if (room_keys.find(device_id) == room_keys.end()) {
nhlog::net()->critical("couldn't find m.room_key for device: {}",
device_id);
continue;
}
auto device_msg = olm::client()->create_olm_encrypted_content(
s.get(), room_keys.at(device_id), pks.at(device_id).curve25519);
try { try {
cache::client()->saveOlmSession(id_key, std::move(s)); cache::client()->saveOlmSession(id_key, std::move(s));
@ -1402,16 +1446,18 @@ TimelineView::handleClaimedKeys(std::shared_ptr<StateKeeper> keeper,
e.what()); e.what());
} }
json body{{"messages", {{user_id, {{device_id, device_msg}}}}}}; body["messages"][user_id][device_id] = device_msg;
http::v2::client()->send_to_device(
"m.room.encrypted", body, [keeper](mtx::http::RequestErr err) {
if (err) {
nhlog::net()->warn("failed to send "
"send_to_device "
"message: {}",
err->matrix_error.error);
}
});
} }
nhlog::net()->info("send_to_device: {}", user_id);
http::v2::client()->send_to_device(
"m.room.encrypted", body, [keeper](mtx::http::RequestErr err) {
if (err) {
nhlog::net()->warn("failed to send "
"send_to_device "
"message: {}",
err->matrix_error.error);
}
});
} }