diff options
| author | Nicolas Werner <nicolas.werner@hotmail.de> | 2020-10-20 18:10:09 +0200 |
|---|---|---|
| committer | Nicolas Werner <nicolas.werner@hotmail.de> | 2020-10-20 18:10:09 +0200 |
| commit | 983690c94f1577c439cb41f0a5c77b64cfb4adee (patch) | |
| tree | 9f331ceccb15e74ce3f8b226fc65517eb9da350a /src | |
| parent | Store timestamp with olm sessions (diff) | |
| download | nheko-983690c94f1577c439cb41f0a5c77b64cfb4adee.tar.xz | |
Share code for sending encrypted olm messages
Diffstat (limited to 'src')
| -rw-r--r-- | src/Olm.cpp | 395 | ||||
| -rw-r--r-- | src/Olm.h | 6 | ||||
| -rw-r--r-- | src/timeline/TimelineModel.cpp | 223 | ||||
| -rw-r--r-- | src/timeline/TimelineModel.h | 6 |
4 files changed, 278 insertions, 352 deletions
diff --git a/src/Olm.cpp b/src/Olm.cpp index e3b0de27..730a3ea5 100644 --- a/src/Olm.cpp +++ b/src/Olm.cpp @@ -558,149 +558,13 @@ send_megolm_key_to_device(const std::string &user_id, const std::string &device_id, const mtx::events::msg::ForwardedRoomKey &payload) { - mtx::requests::QueryKeys req; - req.device_keys[user_id] = {device_id}; + mtx::events::DeviceEvent<mtx::events::msg::ForwardedRoomKey> room_key; + room_key.content = payload; + room_key.type = mtx::events::EventType::ForwardedRoomKey; - http::client()->query_keys( - req, - [payload, user_id, device_id](const mtx::responses::QueryKeys &res, - mtx::http::RequestErr err) { - if (err) { - nhlog::net()->warn("failed to query device keys: {} {}", - err->matrix_error.error, - static_cast<int>(err->status_code)); - return; - } - - nhlog::net()->warn("retrieved device keys from {}, {}", user_id, device_id); - - if (res.device_keys.empty()) { - nhlog::net()->warn("no devices retrieved {}", user_id); - return; - } - - auto device = res.device_keys.begin()->second; - if (device.empty()) { - nhlog::net()->warn("no keys retrieved from user, device {}", user_id); - return; - } - - const auto device_keys = device.begin()->second.keys; - const auto curveKey = "curve25519:" + device_id; - const auto edKey = "ed25519:" + device_id; - - if ((device_keys.find(curveKey) == device_keys.end()) || - (device_keys.find(edKey) == device_keys.end())) { - nhlog::net()->debug("ignoring malformed keys for device {}", device_id); - return; - } - - DevicePublicKeys pks; - pks.ed25519 = device_keys.at(edKey); - pks.curve25519 = device_keys.at(curveKey); - - try { - if (!mtx::crypto::verify_identity_signature(json(device.begin()->second), - DeviceId(device_id), - UserId(user_id))) { - nhlog::crypto()->warn("failed to verify identity keys: {}", - json(device).dump(2)); - return; - } - } catch (const json::exception &e) { - nhlog::crypto()->warn("failed to parse device key json: {}", e.what()); - return; - } catch (const mtx::crypto::olm_exception &e) { - nhlog::crypto()->warn("failed to verify device key json: {}", e.what()); - return; - } - - mtx::requests::ClaimKeys claim_keys; - claim_keys.one_time_keys[user_id][device_id] = mtx::crypto::SIGNED_CURVE25519; - - http::client()->claim_keys( - claim_keys, - [payload, user_id, device_id, pks](const mtx::responses::ClaimKeys &res, - mtx::http::RequestErr err) { - if (err) { - nhlog::net()->warn("claim keys error: {} {} {}", - err->matrix_error.error, - err->parse_error, - static_cast<int>(err->status_code)); - return; - } - - nhlog::net()->info("claimed keys for {}", user_id); - - if (res.one_time_keys.size() == 0) { - nhlog::net()->info("no one-time keys found for user_id: {}", - user_id); - return; - } - - if (res.one_time_keys.find(user_id) == res.one_time_keys.end()) { - nhlog::net()->info("no one-time keys found for user_id: {}", - user_id); - return; - } - - auto retrieved_devices = res.one_time_keys.at(user_id); - if (retrieved_devices.empty()) { - nhlog::net()->info("claiming keys for {}: no retrieved devices", - device_id); - return; - } - - json body; - body["messages"][user_id] = json::object(); - - auto device = retrieved_devices.begin()->second; - nhlog::net()->debug("{} : \n {}", device_id, device.dump(2)); - - json device_msg; - - try { - auto olm_session = olm::client()->create_outbound_session( - pks.curve25519, device.begin()->at("key")); - - mtx::events::DeviceEvent<mtx::events::msg::ForwardedRoomKey> - room_key; - room_key.content = payload; - room_key.type = mtx::events::EventType::ForwardedRoomKey; - device_msg = olm::client()->create_olm_encrypted_content( - olm_session.get(), json(room_key).dump(), pks.curve25519); - - cache::saveOlmSession(pks.curve25519, - std::move(olm_session), - QDateTime::currentMSecsSinceEpoch()); - } catch (const json::exception &e) { - nhlog::crypto()->warn("creating outbound session: {}", - e.what()); - return; - } catch (const mtx::crypto::olm_exception &e) { - nhlog::crypto()->warn("creating outbound session: {}", - e.what()); - return; - } - - body["messages"][user_id][device_id] = device_msg; - - nhlog::net()->info( - "sending m.forwarded_room_key event to {}:{}", user_id, device_id); - http::client()->send_to_device( - "m.room.encrypted", body, [user_id](mtx::http::RequestErr err) { - if (err) { - nhlog::net()->warn("failed to send " - "send_to_device " - "message: {}", - err->matrix_error.error); - } - - nhlog::net()->info("m.forwarded_room_key send to {}", - user_id); - }); - }); - }); + std::map<std::string, std::vector<std::string>> targets; + targets[user_id] = {device_id}; + send_encrypted_to_device_messages(targets, room_key); } DecryptionResult @@ -750,13 +614,252 @@ decryptEvent(const MegolmSessionIndex &index, return {std::nullopt, std::nullopt, std::move(te.data)}; } -//! Send encrypted to device messages, targets is a map from userid to device ids or "*" +//! Send encrypted to device messages, targets is a map from userid to device ids or {} for all +//! devices void send_encrypted_to_device_messages(const std::map<std::string, std::vector<std::string>> targets, - const mtx::events::collections::DeviceEvents &event) + const mtx::events::collections::DeviceEvents &event, + bool force_new_session) { - (void)targets; - (void)event; + nlohmann::json ev_json = std::visit([](const auto &e) { return json(e); }, event); + + std::map<std::string, std::vector<std::string>> keysToQuery; + mtx::requests::ClaimKeys claims; + std::map<mtx::identifiers::User, std::map<std::string, mtx::events::msg::OlmEncrypted>> + messages; + std::map<std::string, std::map<std::string, DevicePublicKeys>> pks; + + for (const auto &[user, devices] : targets) { + auto deviceKeys = cache::client()->userKeys(user); + + // no keys for user, query them + if (!deviceKeys) { + keysToQuery[user] = devices; + continue; + } + + auto deviceTargets = devices; + if (devices.empty()) { + deviceTargets.clear(); + for (const auto &[device, keys] : deviceKeys->device_keys) { + (void)keys; + deviceTargets.push_back(device); + } + } + + for (const auto &device : deviceTargets) { + if (!deviceKeys->device_keys.count(device)) { + keysToQuery[user] = {}; + break; + } + + auto d = deviceKeys->device_keys.at(device); + + auto session = + cache::getLatestOlmSession(d.keys.at("curve25519:" + device)); + if (!session || force_new_session) { + claims.one_time_keys[user][device] = mtx::crypto::SIGNED_CURVE25519; + pks[user][device].ed25519 = d.keys.at("ed25519:" + device); + pks[user][device].curve25519 = d.keys.at("curve25519:" + device); + continue; + } + + messages[mtx::identifiers::parse<mtx::identifiers::User>(user)][device] = + olm::client() + ->create_olm_encrypted_content(session->get(), + ev_json, + UserId(user), + d.keys.at("ed25519:" + device), + d.keys.at("curve25519:" + device)) + .get<mtx::events::msg::OlmEncrypted>(); + + try { + cache::saveOlmSession(d.keys.at("curve25519:" + device), + std::move(*session), + QDateTime::currentMSecsSinceEpoch()); + } catch (const lmdb::error &e) { + nhlog::db()->critical("failed to save outbound olm session: {}", + e.what()); + } catch (const mtx::crypto::olm_exception &e) { + nhlog::crypto()->critical( + "failed to pickle outbound olm session: {}", e.what()); + } + } + } + + if (!messages.empty()) + http::client()->send_to_device<mtx::events::msg::OlmEncrypted>( + http::client()->generate_txn_id(), messages, [](mtx::http::RequestErr err) { + if (err) { + nhlog::net()->warn("failed to send " + "send_to_device " + "message: {}", + err->matrix_error.error); + } + }); + + auto BindPks = [ev_json](decltype(pks) pks_temp) { + return [pks = pks_temp, ev_json](const mtx::responses::ClaimKeys &res, + mtx::http::RequestErr) { + std::map<mtx::identifiers::User, + std::map<std::string, mtx::events::msg::OlmEncrypted>> + messages; + for (const auto &[user_id, retrieved_devices] : res.one_time_keys) { + nhlog::net()->debug("claimed keys for {}", user_id); + if (retrieved_devices.size() == 0) { + nhlog::net()->debug( + "no one-time keys found for user_id: {}", user_id); + continue; + } + + for (const auto &rd : retrieved_devices) { + const auto device_id = rd.first; + + nhlog::net()->debug( + "{} : \n {}", device_id, rd.second.dump(2)); + + if (rd.second.empty() || + !rd.second.begin()->contains("key")) { + nhlog::net()->warn( + "Skipping device {} as it has no key.", + device_id); + continue; + } + + // TODO: Verify signatures + auto otk = rd.second.begin()->at("key"); + + auto id_key = pks.at(user_id).at(device_id).curve25519; + auto session = + olm::client()->create_outbound_session(id_key, otk); + + messages[mtx::identifiers::parse<mtx::identifiers::User>( + user_id)][device_id] = + olm::client() + ->create_olm_encrypted_content( + session.get(), + ev_json, + UserId(user_id), + pks.at(user_id).at(device_id).ed25519, + id_key) + .get<mtx::events::msg::OlmEncrypted>(); + + try { + cache::saveOlmSession( + id_key, + std::move(session), + QDateTime::currentMSecsSinceEpoch()); + } catch (const lmdb::error &e) { + nhlog::db()->critical( + "failed to save outbound olm session: {}", + e.what()); + } catch (const mtx::crypto::olm_exception &e) { + nhlog::crypto()->critical( + "failed to pickle outbound olm session: {}", + e.what()); + } + } + nhlog::net()->info("send_to_device: {}", user_id); + } + + if (!messages.empty()) + http::client()->send_to_device<mtx::events::msg::OlmEncrypted>( + http::client()->generate_txn_id(), + messages, + [](mtx::http::RequestErr err) { + if (err) { + nhlog::net()->warn("failed to send " + "send_to_device " + "message: {}", + err->matrix_error.error); + } + }); + }; + }; + + http::client()->claim_keys(claims, BindPks(pks)); + + if (!keysToQuery.empty()) { + mtx::requests::QueryKeys req; + req.device_keys = keysToQuery; + http::client()->query_keys( + req, + [ev_json, BindPks](const mtx::responses::QueryKeys &res, + mtx::http::RequestErr err) { + if (err) { + nhlog::net()->warn("failed to query device keys: {} {}", + err->matrix_error.error, + static_cast<int>(err->status_code)); + return; + } + + nhlog::net()->info("queried keys"); + + cache::client()->updateUserKeys(cache::nextBatchToken(), res); + + mtx::requests::ClaimKeys claim_keys; + + std::map<std::string, std::map<std::string, DevicePublicKeys>> deviceKeys; + + for (const auto &user : res.device_keys) { + for (const auto &dev : user.second) { + const auto user_id = ::UserId(dev.second.user_id); + const auto device_id = DeviceId(dev.second.device_id); + + if (user_id.get() == + http::client()->user_id().to_string() && + device_id.get() == http::client()->device_id()) + continue; + + const auto device_keys = dev.second.keys; + const auto curveKey = "curve25519:" + device_id.get(); + const auto edKey = "ed25519:" + device_id.get(); + + if ((device_keys.find(curveKey) == device_keys.end()) || + (device_keys.find(edKey) == device_keys.end())) { + nhlog::net()->debug( + "ignoring malformed keys for device {}", + device_id.get()); + continue; + } + + DevicePublicKeys pks; + pks.ed25519 = device_keys.at(edKey); + pks.curve25519 = device_keys.at(curveKey); + + try { + if (!mtx::crypto::verify_identity_signature( + dev.second, device_id, user_id)) { + nhlog::crypto()->warn( + "failed to verify identity keys: {}", + json(dev.second).dump(2)); + continue; + } + } catch (const json::exception &e) { + nhlog::crypto()->warn( + "failed to parse device key json: {}", + e.what()); + continue; + } catch (const mtx::crypto::olm_exception &e) { + nhlog::crypto()->warn( + "failed to verify device key json: {}", + e.what()); + continue; + } + + deviceKeys[user_id].emplace(device_id, pks); + claim_keys.one_time_keys[user.first][device_id] = + mtx::crypto::SIGNED_CURVE25519; + + nhlog::net()->info("{}", device_id.get()); + nhlog::net()->info(" curve25519 {}", pks.curve25519); + nhlog::net()->info(" ed25519 {}", pks.ed25519); + } + } + + http::client()->claim_keys(claim_keys, BindPks(deviceKeys)); + }); + } } } // namespace olm diff --git a/src/Olm.h b/src/Olm.h index 2556a22d..ce362e26 100644 --- a/src/Olm.h +++ b/src/Olm.h @@ -110,9 +110,11 @@ send_megolm_key_to_device(const std::string &user_id, const std::string &device_id, const mtx::events::msg::ForwardedRoomKey &payload); -//! Send encrypted to device messages, targets is a map from userid to device ids or "*" +//! Send encrypted to device messages, targets is a map from userid to device ids or {} for all +//! devices void send_encrypted_to_device_messages(const std::map<std::string, std::vector<std::string>> targets, - const mtx::events::collections::DeviceEvents &event); + const mtx::events::collections::DeviceEvents &event, + bool force_new_session = false); } // namespace olm diff --git a/src/timeline/TimelineModel.cpp b/src/timeline/TimelineModel.cpp index 5db6aa00..8b80ea51 100644 --- a/src/timeline/TimelineModel.cpp +++ b/src/timeline/TimelineModel.cpp @@ -930,11 +930,12 @@ TimelineModel::sendEncryptedMessage(mtx::events::RoomEvent<T> msg, mtx::events:: const auto session_id = mtx::crypto::session_id(outbound_session.get()); const auto session_key = mtx::crypto::session_key(outbound_session.get()); - // TODO: needs to be moved in the lib. - auto megolm_payload = json{{"algorithm", "m.megolm.v1.aes-sha2"}, - {"room_id", room_id}, - {"session_id", session_id}, - {"session_key", session_key}}; + mtx::events::DeviceEvent<mtx::events::msg::RoomKey> megolm_payload; + megolm_payload.content.algorithm = "m.megolm.v1.aes-sha2"; + megolm_payload.content.room_id = room_id; + megolm_payload.content.session_id = session_id; + megolm_payload.content.session_key = session_key; + megolm_payload.type = mtx::events::EventType::RoomKey; // Saving the new megolm session. // TODO: Maybe it's too early to save. @@ -958,122 +959,29 @@ TimelineModel::sendEncryptedMessage(mtx::events::RoomEvent<T> msg, mtx::events:: const auto members = cache::roomMembers(room_id); nhlog::ui()->info("retrieved {} members for {}", members.size(), room_id); - auto keeper = - std::make_shared<StateKeeper>([room_id, doc, txn_id = msg.event_id, this]() { - try { - mtx::events::EncryptedEvent<mtx::events::msg::Encrypted> event; - event.content = olm::encrypt_group_message( - room_id, http::client()->device_id(), doc); - event.event_id = txn_id; - event.room_id = room_id; - event.sender = http::client()->user_id().to_string(); - event.type = mtx::events::EventType::RoomEncrypted; - event.origin_server_ts = QDateTime::currentMSecsSinceEpoch(); - - emit this->addPendingMessageToStore(event); - } catch (const lmdb::error &e) { - nhlog::db()->critical( - "failed to save megolm outbound session: {}", e.what()); - emit ChatPage::instance()->showNotification( - tr("Failed to encrypt event, sending aborted!")); - } - }); - - mtx::requests::QueryKeys req; + std::map<std::string, std::vector<std::string>> targets; for (const auto &member : members) - req.device_keys[member] = {}; + targets[member] = {}; - http::client()->query_keys( - req, - [keeper = std::move(keeper), megolm_payload, txn_id = msg.event_id, this]( - const mtx::responses::QueryKeys &res, mtx::http::RequestErr err) { - if (err) { - nhlog::net()->warn("failed to query device keys: {} {}", - err->matrix_error.error, - static_cast<int>(err->status_code)); - emit ChatPage::instance()->showNotification( - tr("Failed to encrypt event, sending aborted!")); - return; - } + olm::send_encrypted_to_device_messages(targets, megolm_payload); - mtx::requests::ClaimKeys claim_keys; - - // Mapping from user id to a device_id with valid identity keys to the - // generated room_key event used for sharing the megolm session. - std::map<std::string, std::map<std::string, std::string>> room_key_msgs; - std::map<std::string, std::map<std::string, DevicePublicKeys>> deviceKeys; - - for (const auto &user : res.device_keys) { - for (const auto &dev : user.second) { - const auto user_id = ::UserId(dev.second.user_id); - const auto device_id = DeviceId(dev.second.device_id); - - if (user_id.get() == - http::client()->user_id().to_string() && - device_id.get() == http::client()->device_id()) - continue; - - const auto device_keys = dev.second.keys; - const auto curveKey = "curve25519:" + device_id.get(); - const auto edKey = "ed25519:" + device_id.get(); - - if ((device_keys.find(curveKey) == device_keys.end()) || - (device_keys.find(edKey) == device_keys.end())) { - nhlog::net()->debug( - "ignoring malformed keys for device {}", - device_id.get()); - continue; - } - - DevicePublicKeys pks; - pks.ed25519 = device_keys.at(edKey); - pks.curve25519 = device_keys.at(curveKey); - - try { - if (!mtx::crypto::verify_identity_signature( - dev.second, device_id, user_id)) { - nhlog::crypto()->warn( - "failed to verify identity keys: {}", - json(dev.second).dump(2)); - continue; - } - } catch (const json::exception &e) { - nhlog::crypto()->warn( - "failed to parse device key json: {}", - e.what()); - continue; - } catch (const mtx::crypto::olm_exception &e) { - nhlog::crypto()->warn( - "failed to verify device key json: {}", - e.what()); - continue; - } - - auto room_key = olm::client() - ->create_room_key_event( - user_id, pks.ed25519, megolm_payload) - .dump(); - - room_key_msgs[user_id].emplace(device_id, room_key); - deviceKeys[user_id].emplace(device_id, pks); - claim_keys.one_time_keys[user.first][device_id] = - mtx::crypto::SIGNED_CURVE25519; - - nhlog::net()->info("{}", device_id.get()); - nhlog::net()->info(" curve25519 {}", pks.curve25519); - nhlog::net()->info(" ed25519 {}", pks.ed25519); - } - } + try { + mtx::events::EncryptedEvent<mtx::events::msg::Encrypted> event; + event.content = + olm::encrypt_group_message(room_id, http::client()->device_id(), doc); + event.event_id = msg.event_id; + event.room_id = room_id; + event.sender = http::client()->user_id().to_string(); + event.type = mtx::events::EventType::RoomEncrypted; + event.origin_server_ts = QDateTime::currentMSecsSinceEpoch(); - http::client()->claim_keys(claim_keys, - std::bind(&TimelineModel::handleClaimedKeys, - this, - keeper, - room_key_msgs, - deviceKeys, - std::placeholders::_1, - std::placeholders::_2)); - }); + emit this->addPendingMessageToStore(event); + } catch (const lmdb::error &e) { + nhlog::db()->critical("failed to save megolm outbound session: {}", + e.what()); + emit ChatPage::instance()->showNotification( + tr("Failed to encrypt event, sending aborted!")); + } // TODO: Let the user know about the errors. } catch (const lmdb::error &e) { @@ -1089,87 +997,6 @@ TimelineModel::sendEncryptedMessage(mtx::events::RoomEvent<T> msg, mtx::events:: } } -void -TimelineModel::handleClaimedKeys( - std::shared_ptr<StateKeeper> keeper, - const std::map<std::string, std::map<std::string, std::string>> &room_keys, - const std::map<std::string, std::map<std::string, DevicePublicKeys>> &pks, - const mtx::responses::ClaimKeys &res, - mtx::http::RequestErr err) -{ - if (err) { - nhlog::net()->warn("claim keys error: {} {} {}", - err->matrix_error.error, - err->parse_error, - static_cast<int>(err->status_code)); - return; - } - - // Payload with all the to_device message to be sent. - nlohmann::json body; - - for (const auto &[user_id, retrieved_devices] : res.one_time_keys) { - nhlog::net()->debug("claimed keys for {}", user_id); - if (retrieved_devices.size() == 0) { - nhlog::net()->debug("no one-time keys found for user_id: {}", user_id); - return; - } - - for (const auto &rd : retrieved_devices) { - const auto device_id = rd.first; - - nhlog::net()->debug("{} : \n {}", device_id, rd.second.dump(2)); - - if (rd.second.empty() || !rd.second.begin()->contains("key")) { - nhlog::net()->warn("Skipping device {} as it has no key.", - device_id); - continue; - } - - // TODO: Verify signatures - auto otk = rd.second.begin()->at("key"); - - auto id_key = pks.at(user_id).at(device_id).curve25519; - auto s = olm::client()->create_outbound_session(id_key, otk); - - auto device_msg = olm::client()->create_olm_encrypted_content( - s.get(), - room_keys.at(user_id).at(device_id), - pks.at(user_id).at(device_id).curve25519); - - try { - cache::saveOlmSession( - id_key, std::move(s), QDateTime::currentMSecsSinceEpoch()); - } catch (const lmdb::error &e) { - nhlog::db()->critical("failed to save outbound olm session: {}", - e.what()); - } catch (const mtx::crypto::olm_exception &e) { - nhlog::crypto()->critical( - "failed to pickle outbound olm session: {}", e.what()); - } - - body["messages"][user_id][device_id] = device_msg; - } - - nhlog::net()->info("send_to_device: {}", user_id); - } - - http::client()->send_to_device( - mtx::events::to_string(mtx::events::EventType::RoomEncrypted), - http::client()->generate_txn_id(), - body, - [keeper](mtx::http::RequestErr err) { - if (err) { - nhlog::net()->warn("failed to send " - "send_to_device " - "message: {}", - err->matrix_error.error); - } - - (void)keeper; - }); -} - struct SendMessageVisitor { explicit SendMessageVisitor(TimelineModel *model) diff --git a/src/timeline/TimelineModel.h b/src/timeline/TimelineModel.h index 3234a20c..9f250b33 100644 --- a/src/timeline/TimelineModel.h +++ b/src/timeline/TimelineModel.h @@ -297,12 +297,6 @@ signals: private: template<typename T> void sendEncryptedMessage(mtx::events::RoomEvent<T> msg, mtx::events::EventType eventType); - void handleClaimedKeys( - std::shared_ptr<StateKeeper> keeper, - const std::map<std::string, std::map<std::string, std::string>> &room_keys, - const std::map<std::string, std::map<std::string, DevicePublicKeys>> &pks, - const mtx::responses::ClaimKeys &res, - mtx::http::RequestErr err); void readEvent(const std::string &id); void setPaginationInProgress(const bool paginationInProgress); |