2020-08-28 14:35:47 +02:00
|
|
|
/*
|
|
|
|
Copyright 2020 The Matrix.org Foundation C.I.C.
|
|
|
|
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
you may not use this file except in compliance with the License.
|
|
|
|
You may obtain a copy of the License at
|
|
|
|
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
See the License for the specific language governing permissions and
|
|
|
|
limitations under the License.
|
|
|
|
*/
|
|
|
|
|
2021-10-05 17:51:10 +02:00
|
|
|
import anotherjson from "another-json";
|
2020-09-10 12:09:17 +02:00
|
|
|
|
2023-02-27 18:13:53 +01:00
|
|
|
import type {UnsentStateEvent} from "../room/common";
|
|
|
|
import type {ILogItem} from "../../logging/types";
|
|
|
|
import type * as OlmNamespace from "@matrix-org/olm";
|
|
|
|
type Olm = typeof OlmNamespace;
|
|
|
|
|
|
|
|
export enum DecryptionSource {
|
|
|
|
Sync, Timeline, Retry
|
|
|
|
};
|
2020-09-02 17:37:48 +02:00
|
|
|
|
2020-08-28 14:35:47 +02:00
|
|
|
// use common prefix so it's easy to clear properties that are not e2ee related during session clear
|
2021-09-29 11:49:58 +02:00
|
|
|
export const SESSION_E2EE_KEY_PREFIX = "e2ee:";
|
2020-08-28 14:35:47 +02:00
|
|
|
export const OLM_ALGORITHM = "m.olm.v1.curve25519-aes-sha2";
|
|
|
|
export const MEGOLM_ALGORITHM = "m.megolm.v1.aes-sha2";
|
2020-09-01 17:59:39 +02:00
|
|
|
|
|
|
|
export class DecryptionError extends Error {
|
2023-02-27 18:13:53 +01:00
|
|
|
constructor(private readonly code: string, private readonly event: object, private readonly detailsObj?: object) {
|
2020-09-01 17:59:39 +02:00
|
|
|
super(`Decryption error ${code}${detailsObj ? ": "+JSON.stringify(detailsObj) : ""}`);
|
|
|
|
}
|
|
|
|
}
|
2020-09-02 17:37:48 +02:00
|
|
|
|
|
|
|
export const SIGNATURE_ALGORITHM = "ed25519";
|
|
|
|
|
2023-02-27 18:13:53 +01:00
|
|
|
export type SignedValue = {
|
2023-03-02 15:02:42 +01:00
|
|
|
signatures?: {[userId: string]: {[keyId: string]: string}}
|
2023-02-27 18:13:53 +01:00
|
|
|
unsigned?: object
|
|
|
|
}
|
|
|
|
|
|
|
|
// we store device keys (and cross-signing) in the format we get them from the server
|
|
|
|
// as that is what the signature is calculated on, so to verify and sign, we need
|
|
|
|
// it in this format anyway.
|
|
|
|
export type DeviceKey = SignedValue & {
|
|
|
|
readonly user_id: string;
|
|
|
|
readonly device_id: string;
|
|
|
|
readonly algorithms: ReadonlyArray<string>;
|
|
|
|
readonly keys: {[keyId: string]: string};
|
|
|
|
readonly unsigned: {
|
|
|
|
device_display_name?: string
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
export function getDeviceEd25519Key(deviceKey: DeviceKey): string {
|
|
|
|
return deviceKey.keys[`ed25519:${deviceKey.device_id}`];
|
|
|
|
}
|
|
|
|
|
|
|
|
export function getDeviceCurve25519Key(deviceKey: DeviceKey): string {
|
|
|
|
return deviceKey.keys[`curve25519:${deviceKey.device_id}`];
|
|
|
|
}
|
|
|
|
|
2023-03-02 15:02:42 +01:00
|
|
|
export function getEd25519Signature(signedValue: SignedValue, userId: string, deviceOrKeyId: string): string | undefined {
|
2023-02-24 17:45:56 +01:00
|
|
|
return signedValue?.signatures?.[userId]?.[`${SIGNATURE_ALGORITHM}:${deviceOrKeyId}`];
|
|
|
|
}
|
|
|
|
|
2023-02-27 18:13:53 +01:00
|
|
|
export function verifyEd25519Signature(olmUtil: Olm.Utility, userId: string, deviceOrKeyId: string, ed25519Key: string, value: SignedValue, log?: ILogItem) {
|
2023-02-24 17:45:56 +01:00
|
|
|
const signature = getEd25519Signature(value, userId, deviceOrKeyId);
|
|
|
|
if (!signature) {
|
|
|
|
log?.set("no_signature", true);
|
|
|
|
return false;
|
|
|
|
}
|
2023-02-27 18:13:53 +01:00
|
|
|
const clone = Object.assign({}, value) as object;
|
|
|
|
delete clone["unsigned"];
|
|
|
|
delete clone["signatures"];
|
2020-09-02 17:37:48 +02:00
|
|
|
const canonicalJson = anotherjson.stringify(clone);
|
|
|
|
try {
|
|
|
|
// throws when signature is invalid
|
2020-09-03 15:27:40 +02:00
|
|
|
olmUtil.ed25519_verify(ed25519Key, canonicalJson, signature);
|
2020-09-02 17:37:48 +02:00
|
|
|
return true;
|
|
|
|
} catch (err) {
|
2021-11-15 15:27:57 +01:00
|
|
|
if (log) {
|
|
|
|
const logItem = log.log({l: "Invalid signature, ignoring.", ed25519Key, canonicalJson, signature});
|
|
|
|
logItem.error = err;
|
|
|
|
logItem.logLevel = log.level.Warn;
|
|
|
|
}
|
2020-09-02 17:37:48 +02:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
2022-02-02 10:19:49 +01:00
|
|
|
|
2023-02-27 18:13:53 +01:00
|
|
|
export function createRoomEncryptionEvent(): UnsentStateEvent {
|
2022-02-02 10:19:49 +01:00
|
|
|
return {
|
|
|
|
"type": "m.room.encryption",
|
|
|
|
"state_key": "",
|
|
|
|
"content": {
|
|
|
|
"algorithm": MEGOLM_ALGORITHM,
|
|
|
|
"rotation_period_ms": 604800000,
|
|
|
|
"rotation_period_msgs": 100
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2022-07-22 17:46:53 +02:00
|
|
|
|
2023-02-27 18:13:53 +01:00
|
|
|
export enum HistoryVisibility {
|
|
|
|
Joined = "joined",
|
|
|
|
Invited = "invited",
|
|
|
|
WorldReadable = "world_readable",
|
|
|
|
Shared = "shared",
|
|
|
|
};
|
2022-07-22 17:46:53 +02:00
|
|
|
|
2023-02-27 18:13:53 +01:00
|
|
|
export function shouldShareKey(membership: string, historyVisibility: HistoryVisibility) {
|
2022-07-22 17:46:53 +02:00
|
|
|
switch (historyVisibility) {
|
|
|
|
case HistoryVisibility.WorldReadable:
|
|
|
|
return true;
|
|
|
|
case HistoryVisibility.Shared:
|
|
|
|
// was part of room at some time
|
|
|
|
return membership !== undefined;
|
|
|
|
case HistoryVisibility.Joined:
|
|
|
|
return membership === "join";
|
|
|
|
case HistoryVisibility.Invited:
|
|
|
|
return membership === "invite" || membership === "join";
|
|
|
|
default:
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|