diff options
| author | Konstantinos Sideris <sideris.konstantin@gmail.com> | 2018-06-15 01:35:31 +0300 |
|---|---|---|
| committer | Konstantinos Sideris <sideris.konstantin@gmail.com> | 2018-06-15 01:35:31 +0300 |
| commit | 9102a141f3f169c39b4fe87839e646eb68fd4b55 (patch) | |
| tree | 8e1edb2f73544c428e3c20a6402f801134a302d1 /src | |
| parent | 7fc010fc4f96d6a4cdec04558a7b053604e0cb39 (diff) | |
Handle OLM_MESSAGE type of messages properly
Diffstat (limited to 'src')
| -rw-r--r-- | src/Cache.cc | 82 | ||||
| -rw-r--r-- | src/Olm.cpp | 144 | ||||
| -rw-r--r-- | src/timeline/TimelineView.cc | 13 |
3 files changed, 159 insertions, 80 deletions
diff --git a/src/Cache.cc b/src/Cache.cc index 20572ece..41a759ab 100644 --- a/src/Cache.cc +++ b/src/Cache.cc @@ -62,11 +62,10 @@ constexpr auto DEVICE_KEYS_DB("device_keys"); //! room_ids that have encryption enabled. constexpr auto ENCRYPTED_ROOMS_DB("encrypted_rooms"); -//! MegolmSessionIndex -> pickled OlmInboundGroupSession +//! room_id -> pickled OlmInboundGroupSession constexpr auto INBOUND_MEGOLM_SESSIONS_DB("inbound_megolm_sessions"); //! MegolmSessionIndex -> pickled OlmOutboundGroupSession constexpr auto OUTBOUND_MEGOLM_SESSIONS_DB("outbound_megolm_sessions"); -constexpr auto OUTBOUND_OLM_SESSIONS_DB("outbound_olm_sessions"); using CachedReceipts = std::multimap<uint64_t, std::string, std::greater<uint64_t>>; using Receipts = std::map<std::string, std::map<std::string, uint64_t>>; @@ -110,7 +109,6 @@ Cache::Cache(const QString &userId, QObject *parent) , deviceKeysDb_{0} , inboundMegolmSessionDb_{0} , outboundMegolmSessionDb_{0} - , outboundOlmSessionDb_{0} , localUserId_{userId} { setup(); @@ -180,7 +178,6 @@ Cache::setup() // Session management inboundMegolmSessionDb_ = lmdb::dbi::open(txn, INBOUND_MEGOLM_SESSIONS_DB, MDB_CREATE); outboundMegolmSessionDb_ = lmdb::dbi::open(txn, OUTBOUND_MEGOLM_SESSIONS_DB, MDB_CREATE); - outboundOlmSessionDb_ = lmdb::dbi::open(txn, OUTBOUND_OLM_SESSIONS_DB, MDB_CREATE); txn.commit(); } @@ -321,35 +318,66 @@ Cache::getOutboundMegolmSession(const std::string &room_id) session_storage.group_outbound_session_data[room_id]}; } +// +// OLM sessions. +// + void -Cache::saveOutboundOlmSession(const std::string &curve25519, mtx::crypto::OlmSessionPtr session) +Cache::saveOlmSession(const std::string &curve25519, mtx::crypto::OlmSessionPtr session) { using namespace mtx::crypto; - const auto pickled = pickle<SessionObject>(session.get(), SECRET); auto txn = lmdb::txn::begin(env_); - lmdb::dbi_put(txn, outboundOlmSessionDb_, lmdb::val(curve25519), lmdb::val(pickled)); - txn.commit(); + auto db = getOlmSessionsDb(txn, curve25519); - { - std::unique_lock<std::mutex> lock(session_storage.outbound_mtx); - session_storage.outbound_sessions[curve25519] = std::move(session); - } + const auto pickled = pickle<SessionObject>(session.get(), SECRET); + const auto session_id = mtx::crypto::session_id(session.get()); + + lmdb::dbi_put(txn, db, lmdb::val(session_id), lmdb::val(pickled)); + + txn.commit(); } -bool -Cache::outboundOlmSessionsExists(const std::string &curve25519) noexcept +boost::optional<mtx::crypto::OlmSessionPtr> +Cache::getOlmSession(const std::string &curve25519, const std::string &session_id) { - std::unique_lock<std::mutex> lock(session_storage.outbound_mtx); - return session_storage.outbound_sessions.find(curve25519) != - session_storage.outbound_sessions.end(); + using namespace mtx::crypto; + + auto txn = lmdb::txn::begin(env_); + auto db = getOlmSessionsDb(txn, curve25519); + + lmdb::val pickled; + bool found = lmdb::dbi_get(txn, db, lmdb::val(session_id), pickled); + + txn.commit(); + + if (found) { + auto data = std::string(pickled.data(), pickled.size()); + return unpickle<SessionObject>(data, SECRET); + } + + return boost::none; } -OlmSession * -Cache::getOutboundOlmSession(const std::string &curve25519) +std::vector<std::string> +Cache::getOlmSessions(const std::string &curve25519) { - std::unique_lock<std::mutex> lock(session_storage.outbound_mtx); - return session_storage.outbound_sessions.at(curve25519).get(); + using namespace mtx::crypto; + + auto txn = lmdb::txn::begin(env_); + auto db = getOlmSessionsDb(txn, curve25519); + + std::string session_id, unused; + std::vector<std::string> res; + + auto cursor = lmdb::cursor::open(txn, db); + while (cursor.get(session_id, unused, MDB_NEXT)) + res.emplace_back(session_id); + cursor.close(); + + txn.commit(); + + return res; } void @@ -405,18 +433,6 @@ Cache::restoreSessions() cursor.close(); } - // - // Outbound Olm Sessions - // - { - auto cursor = lmdb::cursor::open(txn, outboundOlmSessionDb_); - while (cursor.get(key, value, MDB_NEXT)) { - auto session = unpickle<SessionObject>(value, SECRET); - session_storage.outbound_sessions[key] = std::move(session); - } - cursor.close(); - } - txn.commit(); nhlog::db()->info("sessions restored"); diff --git a/src/Olm.cpp b/src/Olm.cpp index f39554f0..814fce18 100644 --- a/src/Olm.cpp +++ b/src/Olm.cpp @@ -55,10 +55,21 @@ handle_olm_message(const OlmMessage &msg) const auto type = cipher.second.type; nhlog::crypto()->info("type: {}", type == 0 ? "OLM_PRE_KEY" : "OLM_MESSAGE"); - if (type == OLM_MESSAGE_TYPE_PRE_KEY) - handle_pre_key_olm_message(msg.sender, msg.sender_key, cipher.second); - else - handle_olm_normal_message(msg.sender, msg.sender_key, cipher.second); + auto payload = try_olm_decryption(msg.sender_key, cipher.second); + + if (payload) { + nhlog::crypto()->info("decrypted olm payload: {}", payload.value().dump(2)); + create_inbound_megolm_session(msg.sender, msg.sender_key, payload.value()); + return; + } + + // Not a PRE_KEY message + if (cipher.second.type != 0) { + // TODO: log that it should have matched something + return; + } + + handle_pre_key_olm_message(msg.sender, msg.sender_key, cipher.second); } } @@ -72,6 +83,10 @@ handle_pre_key_olm_message(const std::string &sender, OlmSessionPtr inbound_session = nullptr; try { inbound_session = olm::client()->create_inbound_session(content.body); + + // We also remove the one time key used to establish that + // session so we'll have to update our copy of the account object. + cache::client()->saveOlmAccount(olm::client()->save("secret")); } catch (const olm_exception &e) { nhlog::crypto()->critical( "failed to create inbound session with {}: {}", sender, e.what()); @@ -86,8 +101,8 @@ handle_pre_key_olm_message(const std::string &sender, mtx::crypto::BinaryBuf output; try { - output = olm::client()->decrypt_message( - inbound_session.get(), OLM_MESSAGE_TYPE_PRE_KEY, content.body); + output = + olm::client()->decrypt_message(inbound_session.get(), content.type, content.body); } catch (const olm_exception &e) { nhlog::crypto()->critical( "failed to decrypt olm message {}: {}", content.body, e.what()); @@ -97,45 +112,14 @@ handle_pre_key_olm_message(const std::string &sender, auto plaintext = json::parse(std::string((char *)output.data(), output.size())); nhlog::crypto()->info("decrypted message: \n {}", plaintext.dump(2)); - std::string room_id, session_id, session_key; try { - room_id = plaintext.at("content").at("room_id"); - session_id = plaintext.at("content").at("session_id"); - session_key = plaintext.at("content").at("session_key"); - } catch (const nlohmann::json::exception &e) { - nhlog::crypto()->critical( - "failed to parse plaintext olm message: {} {}", e.what(), plaintext.dump(2)); - return; - } - - MegolmSessionIndex index; - index.room_id = room_id; - index.session_id = session_id; - index.sender_key = sender_key; - - if (!cache::client()->inboundMegolmSessionExists(index)) { - auto megolm_session = olm::client()->init_inbound_group_session(session_key); - - try { - cache::client()->saveInboundMegolmSession(index, std::move(megolm_session)); - } catch (const lmdb::error &e) { - nhlog::crypto()->critical("failed to save inbound megolm session: {}", - e.what()); - return; - } - - nhlog::crypto()->info( - "established inbound megolm session ({}, {})", room_id, sender); - } else { - nhlog::crypto()->warn( - "inbound megolm session already exists ({}, {})", room_id, sender); + cache::client()->saveOlmSession(sender_key, std::move(inbound_session)); + } catch (const lmdb::error &e) { + nhlog::db()->warn( + "failed to save inbound olm session from {}: {}", sender, e.what()); } -} -void -handle_olm_normal_message(const std::string &, const std::string &, const OlmCipherContent &) -{ - nhlog::crypto()->warn("olm(1) not implemeted yet"); + create_inbound_megolm_session(sender, sender_key, plaintext); } mtx::events::msg::Encrypted @@ -165,4 +149,80 @@ encrypt_group_message(const std::string &room_id, return data; } +boost::optional<json> +try_olm_decryption(const std::string &sender_key, const OlmCipherContent &msg) +{ + auto session_ids = cache::client()->getOlmSessions(sender_key); + + for (const auto &id : session_ids) { + auto session = cache::client()->getOlmSession(sender_key, id); + + if (!session) + continue; + + mtx::crypto::BinaryBuf text; + + try { + text = olm::client()->decrypt_message(session->get(), msg.type, msg.body); + cache::client()->saveOlmSession(id, std::move(session.value())); + + } catch (const olm_exception &e) { + nhlog::crypto()->info("failed to decrypt olm message ({}, {}) with {}: {}", + msg.type, + sender_key, + id, + e.what()); + continue; + } catch (const lmdb::error &e) { + nhlog::crypto()->critical("failed to save session: {}", e.what()); + return {}; + } + + try { + return json::parse(std::string((char *)text.data(), text.size())); + } catch (const json::exception &e) { + nhlog::crypto()->critical("failed to parse the decrypted session msg: {}", + e.what()); + } + } + + return {}; +} + +void +create_inbound_megolm_session(const std::string &sender, + const std::string &sender_key, + const nlohmann::json &payload) +{ + std::string room_id, session_id, session_key; + + try { + room_id = payload.at("content").at("room_id"); + session_id = payload.at("content").at("session_id"); + session_key = payload.at("content").at("session_key"); + } catch (const nlohmann::json::exception &e) { + nhlog::crypto()->critical( + "failed to parse plaintext olm message: {} {}", e.what(), payload.dump(2)); + return; + } + + MegolmSessionIndex index; + index.room_id = room_id; + index.session_id = session_id; + index.sender_key = sender_key; + + try { + auto megolm_session = olm::client()->init_inbound_group_session(session_key); + cache::client()->saveInboundMegolmSession(index, std::move(megolm_session)); + } catch (const lmdb::error &e) { + nhlog::crypto()->critical("failed to save inbound megolm session: {}", e.what()); + return; + } catch (const olm_exception &e) { + nhlog::crypto()->critical("failed to create inbound megolm session: {}", e.what()); + return; + } + + nhlog::crypto()->info("established inbound megolm session ({}, {})", room_id, sender); +} + } // namespace olm diff --git a/src/timeline/TimelineView.cc b/src/timeline/TimelineView.cc index 8f3ad1a7..5841ebce 100644 --- a/src/timeline/TimelineView.cc +++ b/src/timeline/TimelineView.cc @@ -1329,18 +1329,21 @@ TimelineView::prepareEncryptedMessage(const PendingMessage &msg) auto otk = rd.second.begin()->at("key"); auto id_key = pks.curve25519; - auto session = - olm::client() - ->create_outbound_session(id_key, - otk); + auto s = olm::client() + ->create_outbound_session( + id_key, otk); auto device_msg = olm::client() ->create_olm_encrypted_content( - session.get(), + s.get(), room_key, pks.curve25519); + // TODO: Handle exception + cache::client()->saveOlmSession( + id_key, std::move(s)); + json body{ {"messages", {{user_id, |