mirror of
https://github.com/Nheko-Reborn/nheko.git
synced 2024-11-26 04:58:49 +03:00
Merge pull request #305 from Nheko-Reborn/encrypted_device_messages
Encrypted device messages
This commit is contained in:
commit
b977c1e621
18 changed files with 560 additions and 421 deletions
|
@ -340,7 +340,7 @@ if(USE_BUNDLED_MTXCLIENT)
|
|||
FetchContent_Declare(
|
||||
MatrixClient
|
||||
GIT_REPOSITORY https://github.com/Nheko-Reborn/mtxclient.git
|
||||
GIT_TAG ad5575bc24089dc385e97d9ace026414b618775c
|
||||
GIT_TAG 6432e89a3465e58ed838dd2abdcb0f91bd4f05b0
|
||||
)
|
||||
FetchContent_MakeAvailable(MatrixClient)
|
||||
else()
|
||||
|
|
|
@ -146,7 +146,7 @@
|
|||
"name": "mtxclient",
|
||||
"sources": [
|
||||
{
|
||||
"commit": "ad5575bc24089dc385e97d9ace026414b618775c",
|
||||
"commit": "6432e89a3465e58ed838dd2abdcb0f91bd4f05b0",
|
||||
"type": "git",
|
||||
"url": "https://github.com/Nheko-Reborn/mtxclient.git"
|
||||
}
|
||||
|
|
|
@ -159,6 +159,7 @@ Page {
|
|||
}
|
||||
|
||||
ColumnLayout {
|
||||
visible: TimelineManager.timeline != null
|
||||
anchors.fill: parent
|
||||
|
||||
Rectangle {
|
||||
|
@ -287,7 +288,6 @@ Page {
|
|||
|
||||
property int delegateMaxWidth: (Settings.timelineMaxWidth > 100 && (parent.width - Settings.timelineMaxWidth) > scrollbar.width * 2) ? Settings.timelineMaxWidth : (parent.width - scrollbar.width * 2)
|
||||
|
||||
visible: TimelineManager.timeline != null
|
||||
cacheBuffer: 400
|
||||
Layout.fillWidth: true
|
||||
Layout.fillHeight: true
|
||||
|
|
|
@ -32,6 +32,7 @@ Item {
|
|||
|
||||
MouseArea {
|
||||
id: mouseArea
|
||||
|
||||
enabled: model.data.type == MtxEvent.ImageMessage && img.status == Image.Ready
|
||||
hoverEnabled: true
|
||||
anchors.fill: parent
|
||||
|
@ -65,6 +66,9 @@ Item {
|
|||
text: model.data.filename ? model.data.filename : model.data.body
|
||||
color: colors.text
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
|
145
src/Cache.cpp
145
src/Cache.cpp
|
@ -40,7 +40,7 @@
|
|||
|
||||
//! Should be changed when a breaking change occurs in the cache format.
|
||||
//! This will reset client's data.
|
||||
static const std::string CURRENT_CACHE_FORMAT_VERSION("2020.07.05");
|
||||
static const std::string CURRENT_CACHE_FORMAT_VERSION("2020.10.20");
|
||||
static const std::string SECRET("secret");
|
||||
|
||||
static lmdb::val NEXT_BATCH_KEY("next_batch");
|
||||
|
@ -437,7 +437,9 @@ Cache::getOutboundMegolmSession(const std::string &room_id)
|
|||
//
|
||||
|
||||
void
|
||||
Cache::saveOlmSession(const std::string &curve25519, mtx::crypto::OlmSessionPtr session)
|
||||
Cache::saveOlmSession(const std::string &curve25519,
|
||||
mtx::crypto::OlmSessionPtr session,
|
||||
uint64_t timestamp)
|
||||
{
|
||||
using namespace mtx::crypto;
|
||||
|
||||
|
@ -447,7 +449,11 @@ Cache::saveOlmSession(const std::string &curve25519, mtx::crypto::OlmSessionPtr
|
|||
const auto pickled = pickle<SessionObject>(session.get(), SECRET);
|
||||
const auto session_id = mtx::crypto::session_id(session.get());
|
||||
|
||||
lmdb::dbi_put(txn, db, lmdb::val(session_id), lmdb::val(pickled));
|
||||
StoredOlmSession stored_session;
|
||||
stored_session.pickled_session = pickled;
|
||||
stored_session.last_message_ts = timestamp;
|
||||
|
||||
lmdb::dbi_put(txn, db, lmdb::val(session_id), lmdb::val(json(stored_session).dump()));
|
||||
|
||||
txn.commit();
|
||||
}
|
||||
|
@ -466,13 +472,44 @@ Cache::getOlmSession(const std::string &curve25519, const std::string &session_i
|
|||
txn.commit();
|
||||
|
||||
if (found) {
|
||||
auto data = std::string(pickled.data(), pickled.size());
|
||||
return unpickle<SessionObject>(data, SECRET);
|
||||
std::string_view raw(pickled.data(), pickled.size());
|
||||
auto data = json::parse(raw).get<StoredOlmSession>();
|
||||
return unpickle<SessionObject>(data.pickled_session, SECRET);
|
||||
}
|
||||
|
||||
return std::nullopt;
|
||||
}
|
||||
|
||||
std::optional<mtx::crypto::OlmSessionPtr>
|
||||
Cache::getLatestOlmSession(const std::string &curve25519)
|
||||
{
|
||||
using namespace mtx::crypto;
|
||||
|
||||
auto txn = lmdb::txn::begin(env_);
|
||||
auto db = getOlmSessionsDb(txn, curve25519);
|
||||
|
||||
std::string session_id, pickled_session;
|
||||
std::vector<std::string> res;
|
||||
|
||||
std::optional<StoredOlmSession> currentNewest;
|
||||
|
||||
auto cursor = lmdb::cursor::open(txn, db);
|
||||
while (cursor.get(session_id, pickled_session, MDB_NEXT)) {
|
||||
auto data =
|
||||
json::parse(std::string_view(pickled_session.data(), pickled_session.size()))
|
||||
.get<StoredOlmSession>();
|
||||
if (!currentNewest || currentNewest->last_message_ts < data.last_message_ts)
|
||||
currentNewest = data;
|
||||
}
|
||||
cursor.close();
|
||||
|
||||
txn.commit();
|
||||
|
||||
return currentNewest
|
||||
? std::optional(unpickle<SessionObject>(currentNewest->pickled_session, SECRET))
|
||||
: std::nullopt;
|
||||
}
|
||||
|
||||
std::vector<std::string>
|
||||
Cache::getOlmSessions(const std::string &curve25519)
|
||||
{
|
||||
|
@ -828,6 +865,80 @@ Cache::runMigrations()
|
|||
nhlog::db()->info("Successfully deleted pending receipts database.");
|
||||
return true;
|
||||
}},
|
||||
{"2020.10.20",
|
||||
[this]() {
|
||||
try {
|
||||
using namespace mtx::crypto;
|
||||
|
||||
auto txn = lmdb::txn::begin(env_);
|
||||
|
||||
auto mainDb = lmdb::dbi::open(txn, nullptr);
|
||||
|
||||
std::string dbName, ignored;
|
||||
auto olmDbCursor = lmdb::cursor::open(txn, mainDb);
|
||||
while (olmDbCursor.get(dbName, ignored, MDB_NEXT)) {
|
||||
// skip every db but olm session dbs
|
||||
nhlog::db()->debug("Db {}", dbName);
|
||||
if (dbName.find("olm_sessions/") != 0)
|
||||
continue;
|
||||
|
||||
nhlog::db()->debug("Migrating {}", dbName);
|
||||
|
||||
auto olmDb = lmdb::dbi::open(txn, dbName.c_str());
|
||||
|
||||
std::string session_id, session_value;
|
||||
|
||||
std::vector<std::pair<std::string, StoredOlmSession>> sessions;
|
||||
|
||||
auto cursor = lmdb::cursor::open(txn, olmDb);
|
||||
while (cursor.get(session_id, session_value, MDB_NEXT)) {
|
||||
nhlog::db()->debug("session_id {}, session_value {}",
|
||||
session_id,
|
||||
session_value);
|
||||
StoredOlmSession session;
|
||||
bool invalid = false;
|
||||
for (auto c : session_value)
|
||||
if (!isprint(c)) {
|
||||
invalid = true;
|
||||
break;
|
||||
}
|
||||
if (invalid)
|
||||
continue;
|
||||
|
||||
nhlog::db()->debug("Not skipped");
|
||||
|
||||
session.pickled_session = session_value;
|
||||
sessions.emplace_back(session_id, session);
|
||||
}
|
||||
cursor.close();
|
||||
|
||||
olmDb.drop(txn, true);
|
||||
|
||||
auto newDbName = dbName;
|
||||
newDbName.erase(0, sizeof("olm_sessions") - 1);
|
||||
newDbName = "olm_sessions.v2" + newDbName;
|
||||
|
||||
auto newDb = lmdb::dbi::open(txn, newDbName.c_str(), MDB_CREATE);
|
||||
|
||||
for (const auto &[key, value] : sessions) {
|
||||
nhlog::db()->debug("{}\n{}", key, json(value).dump());
|
||||
lmdb::dbi_put(txn,
|
||||
newDb,
|
||||
lmdb::val(key),
|
||||
lmdb::val(json(value).dump()));
|
||||
}
|
||||
}
|
||||
olmDbCursor.close();
|
||||
|
||||
txn.commit();
|
||||
} catch (const lmdb::error &) {
|
||||
nhlog::db()->critical("Failed to migrate olm sessions,");
|
||||
return false;
|
||||
}
|
||||
|
||||
nhlog::db()->info("Successfully migrated olm sessions.");
|
||||
return true;
|
||||
}},
|
||||
};
|
||||
|
||||
nhlog::db()->info("Running migrations, this may take a while!");
|
||||
|
@ -3629,6 +3740,19 @@ from_json(const nlohmann::json &obj, MegolmSessionIndex &msg)
|
|||
msg.sender_key = obj.at("sender_key");
|
||||
}
|
||||
|
||||
void
|
||||
to_json(nlohmann::json &obj, const StoredOlmSession &msg)
|
||||
{
|
||||
obj["ts"] = msg.last_message_ts;
|
||||
obj["s"] = msg.pickled_session;
|
||||
}
|
||||
void
|
||||
from_json(const nlohmann::json &obj, StoredOlmSession &msg)
|
||||
{
|
||||
msg.last_message_ts = obj.at("ts").get<uint64_t>();
|
||||
msg.pickled_session = obj.at("s").get<std::string>();
|
||||
}
|
||||
|
||||
namespace cache {
|
||||
void
|
||||
init(const QString &user_id)
|
||||
|
@ -4114,9 +4238,11 @@ inboundMegolmSessionExists(const MegolmSessionIndex &index)
|
|||
// Olm Sessions
|
||||
//
|
||||
void
|
||||
saveOlmSession(const std::string &curve25519, mtx::crypto::OlmSessionPtr session)
|
||||
saveOlmSession(const std::string &curve25519,
|
||||
mtx::crypto::OlmSessionPtr session,
|
||||
uint64_t timestamp)
|
||||
{
|
||||
instance_->saveOlmSession(curve25519, std::move(session));
|
||||
instance_->saveOlmSession(curve25519, std::move(session), timestamp);
|
||||
}
|
||||
std::vector<std::string>
|
||||
getOlmSessions(const std::string &curve25519)
|
||||
|
@ -4128,6 +4254,11 @@ getOlmSession(const std::string &curve25519, const std::string &session_id)
|
|||
{
|
||||
return instance_->getOlmSession(curve25519, session_id);
|
||||
}
|
||||
std::optional<mtx::crypto::OlmSessionPtr>
|
||||
getLatestOlmSession(const std::string &curve25519)
|
||||
{
|
||||
return instance_->getLatestOlmSession(curve25519);
|
||||
}
|
||||
|
||||
void
|
||||
saveOlmAccount(const std::string &pickled)
|
||||
|
|
|
@ -292,11 +292,15 @@ inboundMegolmSessionExists(const MegolmSessionIndex &index);
|
|||
// Olm Sessions
|
||||
//
|
||||
void
|
||||
saveOlmSession(const std::string &curve25519, mtx::crypto::OlmSessionPtr session);
|
||||
saveOlmSession(const std::string &curve25519,
|
||||
mtx::crypto::OlmSessionPtr session,
|
||||
uint64_t timestamp);
|
||||
std::vector<std::string>
|
||||
getOlmSessions(const std::string &curve25519);
|
||||
std::optional<mtx::crypto::OlmSessionPtr>
|
||||
getOlmSession(const std::string &curve25519, const std::string &session_id);
|
||||
std::optional<mtx::crypto::OlmSessionPtr>
|
||||
getLatestOlmSession(const std::string &curve25519);
|
||||
|
||||
void
|
||||
saveOlmAccount(const std::string &pickled);
|
||||
|
|
|
@ -66,6 +66,16 @@ struct OlmSessionStorage
|
|||
std::mutex group_inbound_mtx;
|
||||
};
|
||||
|
||||
struct StoredOlmSession
|
||||
{
|
||||
std::uint64_t last_message_ts = 0;
|
||||
std::string pickled_session;
|
||||
};
|
||||
void
|
||||
to_json(nlohmann::json &obj, const StoredOlmSession &msg);
|
||||
void
|
||||
from_json(const nlohmann::json &obj, StoredOlmSession &msg);
|
||||
|
||||
//! Verification status of a single user
|
||||
struct VerificationStatus
|
||||
{
|
||||
|
|
|
@ -266,10 +266,14 @@ public:
|
|||
//
|
||||
// Olm Sessions
|
||||
//
|
||||
void saveOlmSession(const std::string &curve25519, mtx::crypto::OlmSessionPtr session);
|
||||
void saveOlmSession(const std::string &curve25519,
|
||||
mtx::crypto::OlmSessionPtr session,
|
||||
uint64_t timestamp);
|
||||
std::vector<std::string> getOlmSessions(const std::string &curve25519);
|
||||
std::optional<mtx::crypto::OlmSessionPtr> getOlmSession(const std::string &curve25519,
|
||||
const std::string &session_id);
|
||||
std::optional<mtx::crypto::OlmSessionPtr> getLatestOlmSession(
|
||||
const std::string &curve25519);
|
||||
|
||||
void saveOlmAccount(const std::string &pickled);
|
||||
std::string restoreOlmAccount();
|
||||
|
@ -565,7 +569,7 @@ private:
|
|||
lmdb::dbi getOlmSessionsDb(lmdb::txn &txn, const std::string &curve25519_key)
|
||||
{
|
||||
return lmdb::dbi::open(
|
||||
txn, std::string("olm_sessions/" + curve25519_key).c_str(), MDB_CREATE);
|
||||
txn, std::string("olm_sessions.v2/" + curve25519_key).c_str(), MDB_CREATE);
|
||||
}
|
||||
|
||||
QString getDisplayName(const mtx::events::StateEvent<mtx::events::state::Member> &event)
|
||||
|
|
|
@ -1249,6 +1249,12 @@ ChatPage::unbanUser(QString userid, QString reason)
|
|||
reason.trimmed().toStdString());
|
||||
}
|
||||
|
||||
void
|
||||
ChatPage::receivedSessionKey(const std::string &room_id, const std::string &session_id)
|
||||
{
|
||||
view_manager_->receivedSessionKey(room_id, session_id);
|
||||
}
|
||||
|
||||
void
|
||||
ChatPage::sendTypingNotifications()
|
||||
{
|
||||
|
|
|
@ -107,6 +107,8 @@ public slots:
|
|||
void banUser(QString userid, QString reason);
|
||||
void unbanUser(QString userid, QString reason);
|
||||
|
||||
void receivedSessionKey(const std::string &room_id, const std::string &session_id);
|
||||
|
||||
signals:
|
||||
void connectionLost();
|
||||
void connectionRestored();
|
||||
|
|
463
src/Olm.cpp
463
src/Olm.cpp
|
@ -47,7 +47,7 @@ handle_to_device_messages(const std::vector<mtx::events::collections::DeviceEven
|
|||
|
||||
if (msg_type == to_string(mtx::events::EventType::RoomEncrypted)) {
|
||||
try {
|
||||
OlmMessage olm_msg = j_msg;
|
||||
olm::OlmMessage olm_msg = j_msg;
|
||||
handle_olm_message(std::move(olm_msg));
|
||||
} catch (const nlohmann::json::exception &e) {
|
||||
nhlog::crypto()->warn(
|
||||
|
@ -56,10 +56,6 @@ handle_to_device_messages(const std::vector<mtx::events::collections::DeviceEven
|
|||
nhlog::crypto()->warn("validation error for olm message: {} {}",
|
||||
e.what(),
|
||||
j_msg.dump(2));
|
||||
|
||||
nhlog::crypto()->warn("validation error for olm message: {} {}",
|
||||
e.what(),
|
||||
j_msg.dump(2));
|
||||
}
|
||||
|
||||
} else if (msg_type == to_string(mtx::events::EventType::RoomKeyRequest)) {
|
||||
|
@ -250,7 +246,10 @@ handle_pre_key_olm_message(const std::string &sender,
|
|||
nhlog::crypto()->debug("decrypted message: \n {}", plaintext.dump(2));
|
||||
|
||||
try {
|
||||
cache::saveOlmSession(sender_key, std::move(inbound_session));
|
||||
nhlog::crypto()->debug("New olm session: {}",
|
||||
mtx::crypto::session_id(inbound_session.get()));
|
||||
cache::saveOlmSession(
|
||||
sender_key, std::move(inbound_session), QDateTime::currentMSecsSinceEpoch());
|
||||
} catch (const lmdb::error &e) {
|
||||
nhlog::db()->warn(
|
||||
"failed to save inbound olm session from {}: {}", sender, e.what());
|
||||
|
@ -318,7 +317,10 @@ try_olm_decryption(const std::string &sender_key, const mtx::events::msg::OlmCip
|
|||
|
||||
try {
|
||||
text = olm::client()->decrypt_message(session->get(), msg.type, msg.body);
|
||||
cache::saveOlmSession(id, std::move(session.value()));
|
||||
nhlog::crypto()->debug("Updated olm session: {}",
|
||||
mtx::crypto::session_id(session->get()));
|
||||
cache::saveOlmSession(
|
||||
id, std::move(session.value()), QDateTime::currentMSecsSinceEpoch());
|
||||
} catch (const mtx::crypto::olm_exception &e) {
|
||||
nhlog::crypto()->debug("failed to decrypt olm message ({}, {}) with {}: {}",
|
||||
msg.type,
|
||||
|
@ -390,9 +392,10 @@ import_inbound_megolm_session(
|
|||
return;
|
||||
}
|
||||
|
||||
// TODO(Nico): Reload messages encrypted with this key.
|
||||
nhlog::crypto()->info(
|
||||
"established inbound megolm session ({}, {})", roomKey.content.room_id, roomKey.sender);
|
||||
|
||||
ChatPage::instance()->receivedSessionKey(index.room_id, index.session_id);
|
||||
}
|
||||
|
||||
void
|
||||
|
@ -403,48 +406,24 @@ mark_keys_as_published()
|
|||
}
|
||||
|
||||
void
|
||||
request_keys(const std::string &room_id, const std::string &event_id)
|
||||
{
|
||||
nhlog::crypto()->info("requesting keys for event {} at {}", event_id, room_id);
|
||||
|
||||
http::client()->get_event(
|
||||
room_id,
|
||||
event_id,
|
||||
[event_id, room_id](const mtx::events::collections::TimelineEvents &res,
|
||||
mtx::http::RequestErr err) {
|
||||
using namespace mtx::events;
|
||||
|
||||
if (err) {
|
||||
nhlog::net()->warn(
|
||||
"failed to retrieve event {} from {}", event_id, room_id);
|
||||
return;
|
||||
}
|
||||
|
||||
if (!std::holds_alternative<EncryptedEvent<msg::Encrypted>>(res)) {
|
||||
nhlog::net()->info(
|
||||
"retrieved event is not encrypted: {} from {}", event_id, room_id);
|
||||
return;
|
||||
}
|
||||
|
||||
olm::send_key_request_for(room_id, std::get<EncryptedEvent<msg::Encrypted>>(res));
|
||||
});
|
||||
}
|
||||
|
||||
void
|
||||
send_key_request_for(const std::string &room_id,
|
||||
const mtx::events::EncryptedEvent<mtx::events::msg::Encrypted> &e)
|
||||
send_key_request_for(mtx::events::EncryptedEvent<mtx::events::msg::Encrypted> e,
|
||||
const std::string &request_id,
|
||||
bool cancel)
|
||||
{
|
||||
using namespace mtx::events;
|
||||
|
||||
nhlog::crypto()->debug("sending key request: {}", json(e).dump(2));
|
||||
nhlog::crypto()->debug("sending key request: sender_key {}, session_id {}",
|
||||
e.content.sender_key,
|
||||
e.content.session_id);
|
||||
|
||||
mtx::events::msg::KeyRequest request;
|
||||
request.action = mtx::events::msg::RequestAction::Request;
|
||||
request.action = !cancel ? mtx::events::msg::RequestAction::Request
|
||||
: mtx::events::msg::RequestAction::Cancellation;
|
||||
request.algorithm = MEGOLM_ALGO;
|
||||
request.room_id = room_id;
|
||||
request.room_id = e.room_id;
|
||||
request.sender_key = e.content.sender_key;
|
||||
request.session_id = e.content.session_id;
|
||||
request.request_id = "key_request." + http::client()->generate_txn_id();
|
||||
request.request_id = request_id;
|
||||
request.requesting_device_id = http::client()->device_id();
|
||||
|
||||
nhlog::crypto()->debug("m.room_key_request: {}", json(request).dump(2));
|
||||
|
@ -560,147 +539,13 @@ send_megolm_key_to_device(const std::string &user_id,
|
|||
const std::string &device_id,
|
||||
const mtx::events::msg::ForwardedRoomKey &payload)
|
||||
{
|
||||
mtx::requests::QueryKeys req;
|
||||
req.device_keys[user_id] = {device_id};
|
||||
mtx::events::DeviceEvent<mtx::events::msg::ForwardedRoomKey> room_key;
|
||||
room_key.content = payload;
|
||||
room_key.type = mtx::events::EventType::ForwardedRoomKey;
|
||||
|
||||
http::client()->query_keys(
|
||||
req,
|
||||
[payload, user_id, device_id](const mtx::responses::QueryKeys &res,
|
||||
mtx::http::RequestErr err) {
|
||||
if (err) {
|
||||
nhlog::net()->warn("failed to query device keys: {} {}",
|
||||
err->matrix_error.error,
|
||||
static_cast<int>(err->status_code));
|
||||
return;
|
||||
}
|
||||
|
||||
nhlog::net()->warn("retrieved device keys from {}, {}", user_id, device_id);
|
||||
|
||||
if (res.device_keys.empty()) {
|
||||
nhlog::net()->warn("no devices retrieved {}", user_id);
|
||||
return;
|
||||
}
|
||||
|
||||
auto device = res.device_keys.begin()->second;
|
||||
if (device.empty()) {
|
||||
nhlog::net()->warn("no keys retrieved from user, device {}", user_id);
|
||||
return;
|
||||
}
|
||||
|
||||
const auto device_keys = device.begin()->second.keys;
|
||||
const auto curveKey = "curve25519:" + device_id;
|
||||
const auto edKey = "ed25519:" + device_id;
|
||||
|
||||
if ((device_keys.find(curveKey) == device_keys.end()) ||
|
||||
(device_keys.find(edKey) == device_keys.end())) {
|
||||
nhlog::net()->debug("ignoring malformed keys for device {}", device_id);
|
||||
return;
|
||||
}
|
||||
|
||||
DevicePublicKeys pks;
|
||||
pks.ed25519 = device_keys.at(edKey);
|
||||
pks.curve25519 = device_keys.at(curveKey);
|
||||
|
||||
try {
|
||||
if (!mtx::crypto::verify_identity_signature(json(device.begin()->second),
|
||||
DeviceId(device_id),
|
||||
UserId(user_id))) {
|
||||
nhlog::crypto()->warn("failed to verify identity keys: {}",
|
||||
json(device).dump(2));
|
||||
return;
|
||||
}
|
||||
} catch (const json::exception &e) {
|
||||
nhlog::crypto()->warn("failed to parse device key json: {}", e.what());
|
||||
return;
|
||||
} catch (const mtx::crypto::olm_exception &e) {
|
||||
nhlog::crypto()->warn("failed to verify device key json: {}", e.what());
|
||||
return;
|
||||
}
|
||||
|
||||
mtx::requests::ClaimKeys claim_keys;
|
||||
claim_keys.one_time_keys[user_id][device_id] = mtx::crypto::SIGNED_CURVE25519;
|
||||
|
||||
http::client()->claim_keys(
|
||||
claim_keys,
|
||||
[payload, user_id, device_id, pks](const mtx::responses::ClaimKeys &res,
|
||||
mtx::http::RequestErr err) {
|
||||
if (err) {
|
||||
nhlog::net()->warn("claim keys error: {} {} {}",
|
||||
err->matrix_error.error,
|
||||
err->parse_error,
|
||||
static_cast<int>(err->status_code));
|
||||
return;
|
||||
}
|
||||
|
||||
nhlog::net()->info("claimed keys for {}", user_id);
|
||||
|
||||
if (res.one_time_keys.size() == 0) {
|
||||
nhlog::net()->info("no one-time keys found for user_id: {}",
|
||||
user_id);
|
||||
return;
|
||||
}
|
||||
|
||||
if (res.one_time_keys.find(user_id) == res.one_time_keys.end()) {
|
||||
nhlog::net()->info("no one-time keys found for user_id: {}",
|
||||
user_id);
|
||||
return;
|
||||
}
|
||||
|
||||
auto retrieved_devices = res.one_time_keys.at(user_id);
|
||||
if (retrieved_devices.empty()) {
|
||||
nhlog::net()->info("claiming keys for {}: no retrieved devices",
|
||||
device_id);
|
||||
return;
|
||||
}
|
||||
|
||||
json body;
|
||||
body["messages"][user_id] = json::object();
|
||||
|
||||
auto device = retrieved_devices.begin()->second;
|
||||
nhlog::net()->debug("{} : \n {}", device_id, device.dump(2));
|
||||
|
||||
json device_msg;
|
||||
|
||||
try {
|
||||
auto olm_session = olm::client()->create_outbound_session(
|
||||
pks.curve25519, device.begin()->at("key"));
|
||||
|
||||
mtx::events::DeviceEvent<mtx::events::msg::ForwardedRoomKey>
|
||||
room_key;
|
||||
room_key.content = payload;
|
||||
room_key.type = mtx::events::EventType::ForwardedRoomKey;
|
||||
device_msg = olm::client()->create_olm_encrypted_content(
|
||||
olm_session.get(), json(room_key).dump(), pks.curve25519);
|
||||
|
||||
cache::saveOlmSession(pks.curve25519, std::move(olm_session));
|
||||
} catch (const json::exception &e) {
|
||||
nhlog::crypto()->warn("creating outbound session: {}",
|
||||
e.what());
|
||||
return;
|
||||
} catch (const mtx::crypto::olm_exception &e) {
|
||||
nhlog::crypto()->warn("creating outbound session: {}",
|
||||
e.what());
|
||||
return;
|
||||
}
|
||||
|
||||
body["messages"][user_id][device_id] = device_msg;
|
||||
|
||||
nhlog::net()->info(
|
||||
"sending m.forwarded_room_key event to {}:{}", user_id, device_id);
|
||||
http::client()->send_to_device(
|
||||
"m.room.encrypted", body, [user_id](mtx::http::RequestErr err) {
|
||||
if (err) {
|
||||
nhlog::net()->warn("failed to send "
|
||||
"send_to_device "
|
||||
"message: {}",
|
||||
err->matrix_error.error);
|
||||
}
|
||||
|
||||
nhlog::net()->info("m.forwarded_room_key send to {}",
|
||||
user_id);
|
||||
});
|
||||
});
|
||||
});
|
||||
std::map<std::string, std::vector<std::string>> targets;
|
||||
targets[user_id] = {device_id};
|
||||
send_encrypted_to_device_messages(targets, room_key);
|
||||
}
|
||||
|
||||
DecryptionResult
|
||||
|
@ -749,4 +594,258 @@ decryptEvent(const MegolmSessionIndex &index,
|
|||
|
||||
return {std::nullopt, std::nullopt, std::move(te.data)};
|
||||
}
|
||||
|
||||
//! Send encrypted to device messages, targets is a map from userid to device ids or {} for all
|
||||
//! devices
|
||||
void
|
||||
send_encrypted_to_device_messages(const std::map<std::string, std::vector<std::string>> targets,
|
||||
const mtx::events::collections::DeviceEvents &event,
|
||||
bool force_new_session)
|
||||
{
|
||||
nlohmann::json ev_json = std::visit([](const auto &e) { return json(e); }, event);
|
||||
|
||||
std::map<std::string, std::vector<std::string>> keysToQuery;
|
||||
mtx::requests::ClaimKeys claims;
|
||||
std::map<mtx::identifiers::User, std::map<std::string, mtx::events::msg::OlmEncrypted>>
|
||||
messages;
|
||||
std::map<std::string, std::map<std::string, DevicePublicKeys>> pks;
|
||||
|
||||
for (const auto &[user, devices] : targets) {
|
||||
auto deviceKeys = cache::client()->userKeys(user);
|
||||
|
||||
// no keys for user, query them
|
||||
if (!deviceKeys) {
|
||||
keysToQuery[user] = devices;
|
||||
continue;
|
||||
}
|
||||
|
||||
auto deviceTargets = devices;
|
||||
if (devices.empty()) {
|
||||
deviceTargets.clear();
|
||||
for (const auto &[device, keys] : deviceKeys->device_keys) {
|
||||
(void)keys;
|
||||
deviceTargets.push_back(device);
|
||||
}
|
||||
}
|
||||
|
||||
for (const auto &device : deviceTargets) {
|
||||
if (!deviceKeys->device_keys.count(device)) {
|
||||
keysToQuery[user] = {};
|
||||
break;
|
||||
}
|
||||
|
||||
auto d = deviceKeys->device_keys.at(device);
|
||||
|
||||
auto session =
|
||||
cache::getLatestOlmSession(d.keys.at("curve25519:" + device));
|
||||
if (!session || force_new_session) {
|
||||
claims.one_time_keys[user][device] = mtx::crypto::SIGNED_CURVE25519;
|
||||
pks[user][device].ed25519 = d.keys.at("ed25519:" + device);
|
||||
pks[user][device].curve25519 = d.keys.at("curve25519:" + device);
|
||||
continue;
|
||||
}
|
||||
|
||||
messages[mtx::identifiers::parse<mtx::identifiers::User>(user)][device] =
|
||||
olm::client()
|
||||
->create_olm_encrypted_content(session->get(),
|
||||
ev_json,
|
||||
UserId(user),
|
||||
d.keys.at("ed25519:" + device),
|
||||
d.keys.at("curve25519:" + device))
|
||||
.get<mtx::events::msg::OlmEncrypted>();
|
||||
|
||||
try {
|
||||
nhlog::crypto()->debug("Updated olm session: {}",
|
||||
mtx::crypto::session_id(session->get()));
|
||||
cache::saveOlmSession(d.keys.at("curve25519:" + device),
|
||||
std::move(*session),
|
||||
QDateTime::currentMSecsSinceEpoch());
|
||||
} catch (const lmdb::error &e) {
|
||||
nhlog::db()->critical("failed to save outbound olm session: {}",
|
||||
e.what());
|
||||
} catch (const mtx::crypto::olm_exception &e) {
|
||||
nhlog::crypto()->critical(
|
||||
"failed to pickle outbound olm session: {}", e.what());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (!messages.empty())
|
||||
http::client()->send_to_device<mtx::events::msg::OlmEncrypted>(
|
||||
http::client()->generate_txn_id(), messages, [](mtx::http::RequestErr err) {
|
||||
if (err) {
|
||||
nhlog::net()->warn("failed to send "
|
||||
"send_to_device "
|
||||
"message: {}",
|
||||
err->matrix_error.error);
|
||||
}
|
||||
});
|
||||
|
||||
auto BindPks = [ev_json](decltype(pks) pks_temp) {
|
||||
return [pks = pks_temp, ev_json](const mtx::responses::ClaimKeys &res,
|
||||
mtx::http::RequestErr) {
|
||||
std::map<mtx::identifiers::User,
|
||||
std::map<std::string, mtx::events::msg::OlmEncrypted>>
|
||||
messages;
|
||||
for (const auto &[user_id, retrieved_devices] : res.one_time_keys) {
|
||||
nhlog::net()->debug("claimed keys for {}", user_id);
|
||||
if (retrieved_devices.size() == 0) {
|
||||
nhlog::net()->debug(
|
||||
"no one-time keys found for user_id: {}", user_id);
|
||||
continue;
|
||||
}
|
||||
|
||||
for (const auto &rd : retrieved_devices) {
|
||||
const auto device_id = rd.first;
|
||||
|
||||
nhlog::net()->debug(
|
||||
"{} : \n {}", device_id, rd.second.dump(2));
|
||||
|
||||
if (rd.second.empty() ||
|
||||
!rd.second.begin()->contains("key")) {
|
||||
nhlog::net()->warn(
|
||||
"Skipping device {} as it has no key.",
|
||||
device_id);
|
||||
continue;
|
||||
}
|
||||
|
||||
// TODO: Verify signatures
|
||||
auto otk = rd.second.begin()->at("key");
|
||||
|
||||
auto id_key = pks.at(user_id).at(device_id).curve25519;
|
||||
auto session =
|
||||
olm::client()->create_outbound_session(id_key, otk);
|
||||
|
||||
messages[mtx::identifiers::parse<mtx::identifiers::User>(
|
||||
user_id)][device_id] =
|
||||
olm::client()
|
||||
->create_olm_encrypted_content(
|
||||
session.get(),
|
||||
ev_json,
|
||||
UserId(user_id),
|
||||
pks.at(user_id).at(device_id).ed25519,
|
||||
id_key)
|
||||
.get<mtx::events::msg::OlmEncrypted>();
|
||||
|
||||
try {
|
||||
nhlog::crypto()->debug(
|
||||
"Updated olm session: {}",
|
||||
mtx::crypto::session_id(session.get()));
|
||||
cache::saveOlmSession(
|
||||
id_key,
|
||||
std::move(session),
|
||||
QDateTime::currentMSecsSinceEpoch());
|
||||
} catch (const lmdb::error &e) {
|
||||
nhlog::db()->critical(
|
||||
"failed to save outbound olm session: {}",
|
||||
e.what());
|
||||
} catch (const mtx::crypto::olm_exception &e) {
|
||||
nhlog::crypto()->critical(
|
||||
"failed to pickle outbound olm session: {}",
|
||||
e.what());
|
||||
}
|
||||
}
|
||||
nhlog::net()->info("send_to_device: {}", user_id);
|
||||
}
|
||||
|
||||
if (!messages.empty())
|
||||
http::client()->send_to_device<mtx::events::msg::OlmEncrypted>(
|
||||
http::client()->generate_txn_id(),
|
||||
messages,
|
||||
[](mtx::http::RequestErr err) {
|
||||
if (err) {
|
||||
nhlog::net()->warn("failed to send "
|
||||
"send_to_device "
|
||||
"message: {}",
|
||||
err->matrix_error.error);
|
||||
}
|
||||
});
|
||||
};
|
||||
};
|
||||
|
||||
http::client()->claim_keys(claims, BindPks(pks));
|
||||
|
||||
if (!keysToQuery.empty()) {
|
||||
mtx::requests::QueryKeys req;
|
||||
req.device_keys = keysToQuery;
|
||||
http::client()->query_keys(
|
||||
req,
|
||||
[ev_json, BindPks](const mtx::responses::QueryKeys &res,
|
||||
mtx::http::RequestErr err) {
|
||||
if (err) {
|
||||
nhlog::net()->warn("failed to query device keys: {} {}",
|
||||
err->matrix_error.error,
|
||||
static_cast<int>(err->status_code));
|
||||
return;
|
||||
}
|
||||
|
||||
nhlog::net()->info("queried keys");
|
||||
|
||||
cache::client()->updateUserKeys(cache::nextBatchToken(), res);
|
||||
|
||||
mtx::requests::ClaimKeys claim_keys;
|
||||
|
||||
std::map<std::string, std::map<std::string, DevicePublicKeys>> deviceKeys;
|
||||
|
||||
for (const auto &user : res.device_keys) {
|
||||
for (const auto &dev : user.second) {
|
||||
const auto user_id = ::UserId(dev.second.user_id);
|
||||
const auto device_id = DeviceId(dev.second.device_id);
|
||||
|
||||
if (user_id.get() ==
|
||||
http::client()->user_id().to_string() &&
|
||||
device_id.get() == http::client()->device_id())
|
||||
continue;
|
||||
|
||||
const auto device_keys = dev.second.keys;
|
||||
const auto curveKey = "curve25519:" + device_id.get();
|
||||
const auto edKey = "ed25519:" + device_id.get();
|
||||
|
||||
if ((device_keys.find(curveKey) == device_keys.end()) ||
|
||||
(device_keys.find(edKey) == device_keys.end())) {
|
||||
nhlog::net()->debug(
|
||||
"ignoring malformed keys for device {}",
|
||||
device_id.get());
|
||||
continue;
|
||||
}
|
||||
|
||||
DevicePublicKeys pks;
|
||||
pks.ed25519 = device_keys.at(edKey);
|
||||
pks.curve25519 = device_keys.at(curveKey);
|
||||
|
||||
try {
|
||||
if (!mtx::crypto::verify_identity_signature(
|
||||
dev.second, device_id, user_id)) {
|
||||
nhlog::crypto()->warn(
|
||||
"failed to verify identity keys: {}",
|
||||
json(dev.second).dump(2));
|
||||
continue;
|
||||
}
|
||||
} catch (const json::exception &e) {
|
||||
nhlog::crypto()->warn(
|
||||
"failed to parse device key json: {}",
|
||||
e.what());
|
||||
continue;
|
||||
} catch (const mtx::crypto::olm_exception &e) {
|
||||
nhlog::crypto()->warn(
|
||||
"failed to verify device key json: {}",
|
||||
e.what());
|
||||
continue;
|
||||
}
|
||||
|
||||
deviceKeys[user_id].emplace(device_id, pks);
|
||||
claim_keys.one_time_keys[user.first][device_id] =
|
||||
mtx::crypto::SIGNED_CURVE25519;
|
||||
|
||||
nhlog::net()->info("{}", device_id.get());
|
||||
nhlog::net()->info(" curve25519 {}", pks.curve25519);
|
||||
nhlog::net()->info(" ed25519 {}", pks.ed25519);
|
||||
}
|
||||
}
|
||||
|
||||
http::client()->claim_keys(claim_keys, BindPks(deviceKeys));
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
} // namespace olm
|
||||
|
|
15
src/Olm.h
15
src/Olm.h
|
@ -96,11 +96,9 @@ mark_keys_as_published();
|
|||
|
||||
//! Request the encryption keys from sender's device for the given event.
|
||||
void
|
||||
request_keys(const std::string &room_id, const std::string &event_id);
|
||||
|
||||
void
|
||||
send_key_request_for(const std::string &room_id,
|
||||
const mtx::events::EncryptedEvent<mtx::events::msg::Encrypted> &);
|
||||
send_key_request_for(mtx::events::EncryptedEvent<mtx::events::msg::Encrypted> e,
|
||||
const std::string &request_id,
|
||||
bool cancel = false);
|
||||
|
||||
void
|
||||
handle_key_request_message(const mtx::events::DeviceEvent<mtx::events::msg::KeyRequest> &);
|
||||
|
@ -110,4 +108,11 @@ send_megolm_key_to_device(const std::string &user_id,
|
|||
const std::string &device_id,
|
||||
const mtx::events::msg::ForwardedRoomKey &payload);
|
||||
|
||||
//! Send encrypted to device messages, targets is a map from userid to device ids or {} for all
|
||||
//! devices
|
||||
void
|
||||
send_encrypted_to_device_messages(const std::map<std::string, std::vector<std::string>> targets,
|
||||
const mtx::events::collections::DeviceEvents &event,
|
||||
bool force_new_session = false);
|
||||
|
||||
} // namespace olm
|
||||
|
|
|
@ -54,6 +54,9 @@ EventStore::EventStore(std::string room_id, QObject *)
|
|||
&EventStore::oldMessagesRetrieved,
|
||||
this,
|
||||
[this](const mtx::responses::Messages &res) {
|
||||
if (cache::client()->previousBatchToken(room_id_) == res.end)
|
||||
noMoreMessages = true;
|
||||
|
||||
uint64_t newFirst = cache::client()->saveOldMessages(room_id_, res);
|
||||
if (newFirst == first)
|
||||
fetchMore();
|
||||
|
@ -209,6 +212,28 @@ EventStore::clearTimeline()
|
|||
emit endResetModel();
|
||||
}
|
||||
|
||||
void
|
||||
EventStore::receivedSessionKey(const std::string &session_id)
|
||||
{
|
||||
if (!pending_key_requests.count(session_id))
|
||||
return;
|
||||
|
||||
auto request = pending_key_requests.at(session_id);
|
||||
pending_key_requests.erase(session_id);
|
||||
|
||||
olm::send_key_request_for(request.events.front(), request.request_id, true);
|
||||
|
||||
for (const auto &e : request.events) {
|
||||
auto idx = idToIndex(e.event_id);
|
||||
if (idx) {
|
||||
decryptedEvents_.remove({room_id_, e.event_id});
|
||||
events_by_id_.remove({room_id_, e.event_id});
|
||||
events_.remove({room_id_, toInternalIdx(*idx)});
|
||||
emit dataChanged(*idx, *idx);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
void
|
||||
EventStore::handleSync(const mtx::responses::Timeline &events)
|
||||
{
|
||||
|
@ -291,18 +316,6 @@ EventStore::handleSync(const mtx::responses::Timeline &events)
|
|||
*d_event)) {
|
||||
handle_room_verification(*d_event);
|
||||
}
|
||||
// else {
|
||||
// // only the key.verification.ready sent by localuser's other
|
||||
// device
|
||||
// // is of significance as it is used for detecting accepted request
|
||||
// if (std::get_if<mtx::events::RoomEvent<
|
||||
// mtx::events::msg::KeyVerificationReady>>(d_event)) {
|
||||
// auto msg = std::get_if<mtx::events::RoomEvent<
|
||||
// mtx::events::msg::KeyVerificationReady>>(d_event);
|
||||
// ChatPage::instance()->receivedDeviceVerificationReady(
|
||||
// msg->content);
|
||||
// }
|
||||
//}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -498,7 +511,7 @@ EventStore::decryptEvent(const IdIndex &idx,
|
|||
|
||||
if (decryptionResult.error) {
|
||||
switch (*decryptionResult.error) {
|
||||
case olm::DecryptionErrorCode::MissingSession:
|
||||
case olm::DecryptionErrorCode::MissingSession: {
|
||||
dummy.content.body =
|
||||
tr("-- Encrypted Event (No keys found for decryption) --",
|
||||
"Placeholder, when the message was not decrypted yet or can't be "
|
||||
|
@ -509,8 +522,21 @@ EventStore::decryptEvent(const IdIndex &idx,
|
|||
index.session_id,
|
||||
e.sender);
|
||||
// TODO: Check if this actually works and look in key backup
|
||||
olm::send_key_request_for(room_id_, e);
|
||||
auto copy = e;
|
||||
copy.room_id = room_id_;
|
||||
if (pending_key_requests.count(e.content.session_id)) {
|
||||
pending_key_requests.at(e.content.session_id)
|
||||
.events.push_back(copy);
|
||||
} else {
|
||||
PendingKeyRequests request;
|
||||
request.request_id =
|
||||
"key_request." + http::client()->generate_txn_id();
|
||||
request.events.push_back(copy);
|
||||
olm::send_key_request_for(copy, request.request_id);
|
||||
pending_key_requests[e.content.session_id] = request;
|
||||
}
|
||||
break;
|
||||
}
|
||||
case olm::DecryptionErrorCode::DbError:
|
||||
nhlog::db()->critical(
|
||||
"failed to retrieve megolm session with index ({}, {}, {})",
|
||||
|
@ -687,6 +713,9 @@ EventStore::get(std::string_view id, std::string_view related_to, bool decrypt)
|
|||
void
|
||||
EventStore::fetchMore()
|
||||
{
|
||||
if (noMoreMessages)
|
||||
return;
|
||||
|
||||
mtx::http::MessagesOpts opts;
|
||||
opts.room_id = room_id_;
|
||||
opts.from = cache::client()->previousBatchToken(room_id_);
|
||||
|
|
|
@ -104,6 +104,7 @@ signals:
|
|||
|
||||
public slots:
|
||||
void addPending(mtx::events::collections::TimelineEvents event);
|
||||
void receivedSessionKey(const std::string &session_id);
|
||||
void clearTimeline();
|
||||
|
||||
private:
|
||||
|
@ -121,6 +122,14 @@ private:
|
|||
static QCache<Index, mtx::events::collections::TimelineEvents> events_;
|
||||
static QCache<IdIndex, mtx::events::collections::TimelineEvents> events_by_id_;
|
||||
|
||||
struct PendingKeyRequests
|
||||
{
|
||||
std::string request_id;
|
||||
std::vector<mtx::events::EncryptedEvent<mtx::events::msg::Encrypted>> events;
|
||||
};
|
||||
std::map<std::string, PendingKeyRequests> pending_key_requests;
|
||||
|
||||
std::string current_txn;
|
||||
int current_txn_error_count = 0;
|
||||
bool noMoreMessages = false;
|
||||
};
|
||||
|
|
|
@ -930,11 +930,12 @@ TimelineModel::sendEncryptedMessage(mtx::events::RoomEvent<T> msg, mtx::events::
|
|||
const auto session_id = mtx::crypto::session_id(outbound_session.get());
|
||||
const auto session_key = mtx::crypto::session_key(outbound_session.get());
|
||||
|
||||
// TODO: needs to be moved in the lib.
|
||||
auto megolm_payload = json{{"algorithm", "m.megolm.v1.aes-sha2"},
|
||||
{"room_id", room_id},
|
||||
{"session_id", session_id},
|
||||
{"session_key", session_key}};
|
||||
mtx::events::DeviceEvent<mtx::events::msg::RoomKey> megolm_payload;
|
||||
megolm_payload.content.algorithm = "m.megolm.v1.aes-sha2";
|
||||
megolm_payload.content.room_id = room_id;
|
||||
megolm_payload.content.session_id = session_id;
|
||||
megolm_payload.content.session_key = session_key;
|
||||
megolm_payload.type = mtx::events::EventType::RoomKey;
|
||||
|
||||
// Saving the new megolm session.
|
||||
// TODO: Maybe it's too early to save.
|
||||
|
@ -958,122 +959,29 @@ TimelineModel::sendEncryptedMessage(mtx::events::RoomEvent<T> msg, mtx::events::
|
|||
const auto members = cache::roomMembers(room_id);
|
||||
nhlog::ui()->info("retrieved {} members for {}", members.size(), room_id);
|
||||
|
||||
auto keeper =
|
||||
std::make_shared<StateKeeper>([room_id, doc, txn_id = msg.event_id, this]() {
|
||||
try {
|
||||
mtx::events::EncryptedEvent<mtx::events::msg::Encrypted> event;
|
||||
event.content = olm::encrypt_group_message(
|
||||
room_id, http::client()->device_id(), doc);
|
||||
event.event_id = txn_id;
|
||||
event.room_id = room_id;
|
||||
event.sender = http::client()->user_id().to_string();
|
||||
event.type = mtx::events::EventType::RoomEncrypted;
|
||||
event.origin_server_ts = QDateTime::currentMSecsSinceEpoch();
|
||||
|
||||
emit this->addPendingMessageToStore(event);
|
||||
} catch (const lmdb::error &e) {
|
||||
nhlog::db()->critical(
|
||||
"failed to save megolm outbound session: {}", e.what());
|
||||
emit ChatPage::instance()->showNotification(
|
||||
tr("Failed to encrypt event, sending aborted!"));
|
||||
}
|
||||
});
|
||||
|
||||
mtx::requests::QueryKeys req;
|
||||
std::map<std::string, std::vector<std::string>> targets;
|
||||
for (const auto &member : members)
|
||||
req.device_keys[member] = {};
|
||||
targets[member] = {};
|
||||
|
||||
http::client()->query_keys(
|
||||
req,
|
||||
[keeper = std::move(keeper), megolm_payload, txn_id = msg.event_id, this](
|
||||
const mtx::responses::QueryKeys &res, mtx::http::RequestErr err) {
|
||||
if (err) {
|
||||
nhlog::net()->warn("failed to query device keys: {} {}",
|
||||
err->matrix_error.error,
|
||||
static_cast<int>(err->status_code));
|
||||
emit ChatPage::instance()->showNotification(
|
||||
tr("Failed to encrypt event, sending aborted!"));
|
||||
return;
|
||||
}
|
||||
olm::send_encrypted_to_device_messages(targets, megolm_payload);
|
||||
|
||||
mtx::requests::ClaimKeys claim_keys;
|
||||
try {
|
||||
mtx::events::EncryptedEvent<mtx::events::msg::Encrypted> event;
|
||||
event.content =
|
||||
olm::encrypt_group_message(room_id, http::client()->device_id(), doc);
|
||||
event.event_id = msg.event_id;
|
||||
event.room_id = room_id;
|
||||
event.sender = http::client()->user_id().to_string();
|
||||
event.type = mtx::events::EventType::RoomEncrypted;
|
||||
event.origin_server_ts = QDateTime::currentMSecsSinceEpoch();
|
||||
|
||||
// Mapping from user id to a device_id with valid identity keys to the
|
||||
// generated room_key event used for sharing the megolm session.
|
||||
std::map<std::string, std::map<std::string, std::string>> room_key_msgs;
|
||||
std::map<std::string, std::map<std::string, DevicePublicKeys>> deviceKeys;
|
||||
|
||||
for (const auto &user : res.device_keys) {
|
||||
for (const auto &dev : user.second) {
|
||||
const auto user_id = ::UserId(dev.second.user_id);
|
||||
const auto device_id = DeviceId(dev.second.device_id);
|
||||
|
||||
if (user_id.get() ==
|
||||
http::client()->user_id().to_string() &&
|
||||
device_id.get() == http::client()->device_id())
|
||||
continue;
|
||||
|
||||
const auto device_keys = dev.second.keys;
|
||||
const auto curveKey = "curve25519:" + device_id.get();
|
||||
const auto edKey = "ed25519:" + device_id.get();
|
||||
|
||||
if ((device_keys.find(curveKey) == device_keys.end()) ||
|
||||
(device_keys.find(edKey) == device_keys.end())) {
|
||||
nhlog::net()->debug(
|
||||
"ignoring malformed keys for device {}",
|
||||
device_id.get());
|
||||
continue;
|
||||
}
|
||||
|
||||
DevicePublicKeys pks;
|
||||
pks.ed25519 = device_keys.at(edKey);
|
||||
pks.curve25519 = device_keys.at(curveKey);
|
||||
|
||||
try {
|
||||
if (!mtx::crypto::verify_identity_signature(
|
||||
dev.second, device_id, user_id)) {
|
||||
nhlog::crypto()->warn(
|
||||
"failed to verify identity keys: {}",
|
||||
json(dev.second).dump(2));
|
||||
continue;
|
||||
}
|
||||
} catch (const json::exception &e) {
|
||||
nhlog::crypto()->warn(
|
||||
"failed to parse device key json: {}",
|
||||
e.what());
|
||||
continue;
|
||||
} catch (const mtx::crypto::olm_exception &e) {
|
||||
nhlog::crypto()->warn(
|
||||
"failed to verify device key json: {}",
|
||||
e.what());
|
||||
continue;
|
||||
}
|
||||
|
||||
auto room_key = olm::client()
|
||||
->create_room_key_event(
|
||||
user_id, pks.ed25519, megolm_payload)
|
||||
.dump();
|
||||
|
||||
room_key_msgs[user_id].emplace(device_id, room_key);
|
||||
deviceKeys[user_id].emplace(device_id, pks);
|
||||
claim_keys.one_time_keys[user.first][device_id] =
|
||||
mtx::crypto::SIGNED_CURVE25519;
|
||||
|
||||
nhlog::net()->info("{}", device_id.get());
|
||||
nhlog::net()->info(" curve25519 {}", pks.curve25519);
|
||||
nhlog::net()->info(" ed25519 {}", pks.ed25519);
|
||||
}
|
||||
}
|
||||
|
||||
http::client()->claim_keys(claim_keys,
|
||||
std::bind(&TimelineModel::handleClaimedKeys,
|
||||
this,
|
||||
keeper,
|
||||
room_key_msgs,
|
||||
deviceKeys,
|
||||
std::placeholders::_1,
|
||||
std::placeholders::_2));
|
||||
});
|
||||
emit this->addPendingMessageToStore(event);
|
||||
} catch (const lmdb::error &e) {
|
||||
nhlog::db()->critical("failed to save megolm outbound session: {}",
|
||||
e.what());
|
||||
emit ChatPage::instance()->showNotification(
|
||||
tr("Failed to encrypt event, sending aborted!"));
|
||||
}
|
||||
|
||||
// TODO: Let the user know about the errors.
|
||||
} catch (const lmdb::error &e) {
|
||||
|
@ -1089,86 +997,6 @@ TimelineModel::sendEncryptedMessage(mtx::events::RoomEvent<T> msg, mtx::events::
|
|||
}
|
||||
}
|
||||
|
||||
void
|
||||
TimelineModel::handleClaimedKeys(
|
||||
std::shared_ptr<StateKeeper> keeper,
|
||||
const std::map<std::string, std::map<std::string, std::string>> &room_keys,
|
||||
const std::map<std::string, std::map<std::string, DevicePublicKeys>> &pks,
|
||||
const mtx::responses::ClaimKeys &res,
|
||||
mtx::http::RequestErr err)
|
||||
{
|
||||
if (err) {
|
||||
nhlog::net()->warn("claim keys error: {} {} {}",
|
||||
err->matrix_error.error,
|
||||
err->parse_error,
|
||||
static_cast<int>(err->status_code));
|
||||
return;
|
||||
}
|
||||
|
||||
// Payload with all the to_device message to be sent.
|
||||
nlohmann::json body;
|
||||
|
||||
for (const auto &[user_id, retrieved_devices] : res.one_time_keys) {
|
||||
nhlog::net()->debug("claimed keys for {}", user_id);
|
||||
if (retrieved_devices.size() == 0) {
|
||||
nhlog::net()->debug("no one-time keys found for user_id: {}", user_id);
|
||||
return;
|
||||
}
|
||||
|
||||
for (const auto &rd : retrieved_devices) {
|
||||
const auto device_id = rd.first;
|
||||
|
||||
nhlog::net()->debug("{} : \n {}", device_id, rd.second.dump(2));
|
||||
|
||||
if (rd.second.empty() || !rd.second.begin()->contains("key")) {
|
||||
nhlog::net()->warn("Skipping device {} as it has no key.",
|
||||
device_id);
|
||||
continue;
|
||||
}
|
||||
|
||||
// TODO: Verify signatures
|
||||
auto otk = rd.second.begin()->at("key");
|
||||
|
||||
auto id_key = pks.at(user_id).at(device_id).curve25519;
|
||||
auto s = olm::client()->create_outbound_session(id_key, otk);
|
||||
|
||||
auto device_msg = olm::client()->create_olm_encrypted_content(
|
||||
s.get(),
|
||||
room_keys.at(user_id).at(device_id),
|
||||
pks.at(user_id).at(device_id).curve25519);
|
||||
|
||||
try {
|
||||
cache::saveOlmSession(id_key, std::move(s));
|
||||
} catch (const lmdb::error &e) {
|
||||
nhlog::db()->critical("failed to save outbound olm session: {}",
|
||||
e.what());
|
||||
} catch (const mtx::crypto::olm_exception &e) {
|
||||
nhlog::crypto()->critical(
|
||||
"failed to pickle outbound olm session: {}", e.what());
|
||||
}
|
||||
|
||||
body["messages"][user_id][device_id] = device_msg;
|
||||
}
|
||||
|
||||
nhlog::net()->info("send_to_device: {}", user_id);
|
||||
}
|
||||
|
||||
http::client()->send_to_device(
|
||||
mtx::events::to_string(mtx::events::EventType::RoomEncrypted),
|
||||
http::client()->generate_txn_id(),
|
||||
body,
|
||||
[keeper](mtx::http::RequestErr err) {
|
||||
if (err) {
|
||||
nhlog::net()->warn("failed to send "
|
||||
"send_to_device "
|
||||
"message: {}",
|
||||
err->matrix_error.error);
|
||||
}
|
||||
|
||||
(void)keeper;
|
||||
});
|
||||
}
|
||||
|
||||
struct SendMessageVisitor
|
||||
{
|
||||
explicit SendMessageVisitor(TimelineModel *model)
|
||||
|
|
|
@ -264,6 +264,10 @@ public slots:
|
|||
}
|
||||
void setDecryptDescription(bool decrypt) { decryptDescription = decrypt; }
|
||||
void clearTimeline() { events.clearTimeline(); }
|
||||
void receivedSessionKey(const std::string &session_key)
|
||||
{
|
||||
events.receivedSessionKey(session_key);
|
||||
}
|
||||
|
||||
QString roomName() const;
|
||||
QString roomTopic() const;
|
||||
|
@ -297,12 +301,6 @@ signals:
|
|||
private:
|
||||
template<typename T>
|
||||
void sendEncryptedMessage(mtx::events::RoomEvent<T> msg, mtx::events::EventType eventType);
|
||||
void handleClaimedKeys(
|
||||
std::shared_ptr<StateKeeper> keeper,
|
||||
const std::map<std::string, std::map<std::string, std::string>> &room_keys,
|
||||
const std::map<std::string, std::map<std::string, DevicePublicKeys>> &pks,
|
||||
const mtx::responses::ClaimKeys &res,
|
||||
mtx::http::RequestErr err);
|
||||
void readEvent(const std::string &id);
|
||||
|
||||
void setPaginationInProgress(const bool paginationInProgress);
|
||||
|
|
|
@ -440,6 +440,15 @@ TimelineViewManager::updateReadReceipts(const QString &room_id,
|
|||
}
|
||||
}
|
||||
|
||||
void
|
||||
TimelineViewManager::receivedSessionKey(const std::string &room_id, const std::string &session_id)
|
||||
{
|
||||
auto room = models.find(QString::fromStdString(room_id));
|
||||
if (room != models.end()) {
|
||||
room.value()->receivedSessionKey(session_id);
|
||||
}
|
||||
}
|
||||
|
||||
void
|
||||
TimelineViewManager::initWithMessages(const std::map<QString, mtx::responses::Timeline> &msgs)
|
||||
{
|
||||
|
|
|
@ -92,6 +92,7 @@ signals:
|
|||
|
||||
public slots:
|
||||
void updateReadReceipts(const QString &room_id, const std::vector<QString> &event_ids);
|
||||
void receivedSessionKey(const std::string &room_id, const std::string &session_id);
|
||||
void initWithMessages(const std::map<QString, mtx::responses::Timeline> &msgs);
|
||||
|
||||
void setHistoryView(const QString &room_id);
|
||||
|
|
Loading…
Reference in a new issue