diff options
| author | Nicolas Werner <nicolas.werner@hotmail.de> | 2021-07-25 13:51:21 +0200 |
|---|---|---|
| committer | Nicolas Werner <nicolas.werner@hotmail.de> | 2021-07-25 13:51:21 +0200 |
| commit | 84446832719bb8775bb8160fe1101843933a3320 (patch) | |
| tree | ce998cad42c119e48debfd6280916299d50161d7 | |
| parent | Fix SSSS unlock without a password set (diff) | |
| download | nheko-84446832719bb8775bb8160fe1101843933a3320.tar.xz | |
Don't send encrypted olm messages to ourselves
| -rw-r--r-- | src/Olm.cpp | 30 |
1 files changed, 25 insertions, 5 deletions
diff --git a/src/Olm.cpp b/src/Olm.cpp index 69503e6e..db4d771f 100644 --- a/src/Olm.cpp +++ b/src/Olm.cpp @@ -212,6 +212,11 @@ handle_olm_message(const OlmMessage &msg, const UserKeyCache &otherUserDeviceKey nhlog::crypto()->info("sender : {}", msg.sender); nhlog::crypto()->info("sender_key: {}", msg.sender_key); + if (msg.sender_key == olm::client()->identity_keys().ed25519) { + nhlog::crypto()->warn("Ignoring olm message from ourselves!"); + return; + } + const auto my_key = olm::client()->identity_keys().curve25519; bool failed_decryption = false; @@ -1089,6 +1094,8 @@ send_encrypted_to_device_messages(const std::map<std::string, std::vector<std::s messages; std::map<std::string, std::map<std::string, DevicePublicKeys>> pks; + auto our_curve = olm::client()->identity_keys().curve25519; + for (const auto &[user, devices] : targets) { auto deviceKeys = cache::client()->userKeys(user); @@ -1122,8 +1129,14 @@ send_encrypted_to_device_messages(const std::map<std::string, std::vector<std::s continue; } - auto session = - cache::getLatestOlmSession(d.keys.at("curve25519:" + device)); + auto device_curve = d.keys.at("curve25519:" + device); + if (device_curve == our_curve) { + nhlog::crypto()->warn("Skipping our own device, since sending " + "ourselves olm messages makes no sense."); + continue; + } + + auto session = cache::getLatestOlmSession(device_curve); if (!session || force_new_session) { claims.one_time_keys[user][device] = mtx::crypto::SIGNED_CURVE25519; pks[user][device].ed25519 = d.keys.at("ed25519:" + device); @@ -1137,7 +1150,7 @@ send_encrypted_to_device_messages(const std::map<std::string, std::vector<std::s ev_json, UserId(user), d.keys.at("ed25519:" + device), - d.keys.at("curve25519:" + device)) + device_curve) .get<mtx::events::msg::OlmEncrypted>(); try { @@ -1256,8 +1269,8 @@ send_encrypted_to_device_messages(const std::map<std::string, std::vector<std::s req.device_keys = keysToQuery; http::client()->query_keys( req, - [ev_json, BindPks](const mtx::responses::QueryKeys &res, - mtx::http::RequestErr err) { + [ev_json, BindPks, our_curve](const mtx::responses::QueryKeys &res, + mtx::http::RequestErr err) { if (err) { nhlog::net()->warn("failed to query device keys: {} {}", err->matrix_error.error, @@ -1299,6 +1312,13 @@ send_encrypted_to_device_messages(const std::map<std::string, std::vector<std::s pks.ed25519 = device_keys.at(edKey); pks.curve25519 = device_keys.at(curveKey); + if (pks.curve25519 == our_curve) { + nhlog::crypto()->warn( + "Skipping our own device, since sending " + "ourselves olm messages makes no sense."); + continue; + } + try { if (!mtx::crypto::verify_identity_signature( dev.second, device_id, user_id)) { |