Store a flag indicating if the sender key is verified
This commit is contained in:
Richard van der Hoff
parent
a2f0c93a93
commit
fc72c732fd
1 changed files with 36 additions and 7 deletions
|
|
@ -30,7 +30,7 @@
|
||||||
|
|
||||||
#define OLM_PROTOCOL_VERSION 3
|
#define OLM_PROTOCOL_VERSION 3
|
||||||
#define GROUP_SESSION_ID_LENGTH ED25519_PUBLIC_KEY_LENGTH
|
#define GROUP_SESSION_ID_LENGTH ED25519_PUBLIC_KEY_LENGTH
|
||||||
#define PICKLE_VERSION 1
|
#define PICKLE_VERSION 2
|
||||||
#define SESSION_KEY_VERSION 2
|
#define SESSION_KEY_VERSION 2
|
||||||
#define SESSION_EXPORT_VERSION 1
|
#define SESSION_EXPORT_VERSION 1
|
||||||
|
|
||||||
|
|
@ -44,6 +44,17 @@ struct OlmInboundGroupSession {
|
||||||
/** The ed25519 signing key */
|
/** The ed25519 signing key */
|
||||||
struct _olm_ed25519_public_key signing_key;
|
struct _olm_ed25519_public_key signing_key;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Have we ever seen any evidence that this is a valid session?
|
||||||
|
* (either because the original session share was signed, or because we
|
||||||
|
* have subsequently successfully decrypted a message?)
|
||||||
|
*
|
||||||
|
* (We don't do anything with this currently, but we may want to bear it in
|
||||||
|
* mind when we consider handling key-shares for sessions we already know
|
||||||
|
* about.)
|
||||||
|
*/
|
||||||
|
int signing_key_verified;
|
||||||
|
|
||||||
enum OlmErrorCode last_error;
|
enum OlmErrorCode last_error;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
@ -109,12 +120,16 @@ static size_t _init_group_session_keys(
|
||||||
);
|
);
|
||||||
ptr += ED25519_PUBLIC_KEY_LENGTH;
|
ptr += ED25519_PUBLIC_KEY_LENGTH;
|
||||||
|
|
||||||
if (!export_format && !_olm_crypto_ed25519_verify(
|
if (!export_format) {
|
||||||
&session->signing_key, key_buf, ptr - key_buf, ptr
|
if (!_olm_crypto_ed25519_verify(&session->signing_key, key_buf,
|
||||||
)) {
|
ptr - key_buf, ptr)) {
|
||||||
session->last_error = OLM_BAD_SIGNATURE;
|
session->last_error = OLM_BAD_SIGNATURE;
|
||||||
return (size_t)-1;
|
return (size_t)-1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* signed keyshare */
|
||||||
|
session->signing_key_verified = 1;
|
||||||
|
}
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -174,6 +189,7 @@ static size_t raw_pickle_length(
|
||||||
length += megolm_pickle_length(&session->initial_ratchet);
|
length += megolm_pickle_length(&session->initial_ratchet);
|
||||||
length += megolm_pickle_length(&session->latest_ratchet);
|
length += megolm_pickle_length(&session->latest_ratchet);
|
||||||
length += _olm_pickle_ed25519_public_key_length(&session->signing_key);
|
length += _olm_pickle_ed25519_public_key_length(&session->signing_key);
|
||||||
|
length += _olm_pickle_bool_length(session->signing_key_verified);
|
||||||
return length;
|
return length;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -201,6 +217,7 @@ size_t olm_pickle_inbound_group_session(
|
||||||
pos = megolm_pickle(&session->initial_ratchet, pos);
|
pos = megolm_pickle(&session->initial_ratchet, pos);
|
||||||
pos = megolm_pickle(&session->latest_ratchet, pos);
|
pos = megolm_pickle(&session->latest_ratchet, pos);
|
||||||
pos = _olm_pickle_ed25519_public_key(pos, &session->signing_key);
|
pos = _olm_pickle_ed25519_public_key(pos, &session->signing_key);
|
||||||
|
pos = _olm_pickle_bool(pos, session->signing_key_verified);
|
||||||
|
|
||||||
return _olm_enc_output(key, key_length, pickled, raw_length);
|
return _olm_enc_output(key, key_length, pickled, raw_length);
|
||||||
}
|
}
|
||||||
|
|
@ -224,7 +241,7 @@ size_t olm_unpickle_inbound_group_session(
|
||||||
pos = pickled;
|
pos = pickled;
|
||||||
end = pos + raw_length;
|
end = pos + raw_length;
|
||||||
pos = _olm_unpickle_uint32(pos, end, &pickle_version);
|
pos = _olm_unpickle_uint32(pos, end, &pickle_version);
|
||||||
if (pickle_version != PICKLE_VERSION) {
|
if (pickle_version < 1 || pickle_version > PICKLE_VERSION) {
|
||||||
session->last_error = OLM_UNKNOWN_PICKLE_VERSION;
|
session->last_error = OLM_UNKNOWN_PICKLE_VERSION;
|
||||||
return (size_t)-1;
|
return (size_t)-1;
|
||||||
}
|
}
|
||||||
|
|
@ -232,6 +249,14 @@ size_t olm_unpickle_inbound_group_session(
|
||||||
pos = megolm_unpickle(&session->latest_ratchet, pos, end);
|
pos = megolm_unpickle(&session->latest_ratchet, pos, end);
|
||||||
pos = _olm_unpickle_ed25519_public_key(pos, end, &session->signing_key);
|
pos = _olm_unpickle_ed25519_public_key(pos, end, &session->signing_key);
|
||||||
|
|
||||||
|
if (pickle_version == 1) {
|
||||||
|
/* pickle v1 had no signing_key_verified field (all keyshares were
|
||||||
|
* verified at import time) */
|
||||||
|
session->signing_key_verified = 1;
|
||||||
|
} else {
|
||||||
|
pos = _olm_unpickle_bool(pos, end, &(session->signing_key_verified));
|
||||||
|
}
|
||||||
|
|
||||||
if (end != pos) {
|
if (end != pos) {
|
||||||
/* We had the wrong number of bytes in the input. */
|
/* We had the wrong number of bytes in the input. */
|
||||||
session->last_error = OLM_CORRUPTED_PICKLE;
|
session->last_error = OLM_CORRUPTED_PICKLE;
|
||||||
|
|
@ -391,6 +416,10 @@ static size_t _decrypt(
|
||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* once we have successfully decrypted a message, set a flag to say the
|
||||||
|
* session appears valid. */
|
||||||
|
session->signing_key_verified = 1;
|
||||||
|
|
||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue