From 3f5e2af09343c415870beb174c168239479744ee Mon Sep 17 00:00:00 2001 From: RMidhunSuresh Date: Thu, 30 Mar 2023 15:47:25 +0530 Subject: [PATCH 1/3] Abort SAS when disposing vm --- .../session/verification/DeviceVerificationViewModel.ts | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/domain/session/verification/DeviceVerificationViewModel.ts b/src/domain/session/verification/DeviceVerificationViewModel.ts index 76dab1a5..3257c784 100644 --- a/src/domain/session/verification/DeviceVerificationViewModel.ts +++ b/src/domain/session/verification/DeviceVerificationViewModel.ts @@ -90,6 +90,13 @@ export class DeviceVerificationViewModel extends ErrorReportViewModel {/** ignore */}); + } + super.dispose(); + } + get currentStageViewModel() { return this._currentStageViewModel; } From 244d56b60fe974d0562d48167e37acd32c9e7943 Mon Sep 17 00:00:00 2001 From: RMidhunSuresh Date: Thu, 30 Mar 2023 16:09:30 +0530 Subject: [PATCH 2/3] Fix broken tests --- src/matrix/verification/SAS/SASVerification.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/matrix/verification/SAS/SASVerification.ts b/src/matrix/verification/SAS/SASVerification.ts index ba2dc713..fff697f2 100644 --- a/src/matrix/verification/SAS/SASVerification.ts +++ b/src/matrix/verification/SAS/SASVerification.ts @@ -142,7 +142,7 @@ export function tests() { await olm.init(); const olmUtil = new Olm.Utility(); const e2eeAccount = { - getDeviceKeysToSignWithCrossSigning: () => { + getUnsignedDeviceKey: () => { return { keys: { [`ed25519:${ourDeviceId}`]: From b8e282377e338c71eaf213de3d3bf848d23d3440 Mon Sep 17 00:00:00 2001 From: RMidhunSuresh Date: Thu, 30 Mar 2023 16:09:46 +0530 Subject: [PATCH 3/3] Log mac method --- .../verification/SAS/channel/MockChannel.ts | 51 ++++++++++--------- src/matrix/verification/SAS/mac.ts | 9 ++-- .../verification/SAS/stages/SendMacStage.ts | 8 +-- .../verification/SAS/stages/VerifyMacStage.ts | 6 +-- 4 files changed, 40 insertions(+), 34 deletions(-) diff --git a/src/matrix/verification/SAS/channel/MockChannel.ts b/src/matrix/verification/SAS/channel/MockChannel.ts index 64ae1456..cb990138 100644 --- a/src/matrix/verification/SAS/channel/MockChannel.ts +++ b/src/matrix/verification/SAS/channel/MockChannel.ts @@ -6,6 +6,7 @@ import {CancelReason, VerificationEventType} from "./types"; import {getKeyEd25519Key} from "../../CrossSigning"; import {getDeviceEd25519Key} from "../../../e2ee/common"; import anotherjson from "another-json"; +import {NullLogger} from "../../../../logging/NullLogger"; interface ITestChannel extends IChannel { setOlmSas(olmSas): void; @@ -82,31 +83,33 @@ export class MockChannel implements ITestChannel { private async recalculateMAC() { // We need to replace the mac with calculated mac - const baseInfo = - "MATRIX_KEY_VERIFICATION_MAC" + - this.otherUserId + - this.otherUserDeviceId + - this.ourUserId + - this.ourUserDeviceId + - this.id; - const { content: macContent } = this.receivedMessages.get(VerificationEventType.Mac); - const macMethod = this.acceptMessage.content.message_authentication_code; - const calculateMac = createCalculateMAC(this.olmSas, macMethod); - const input = Object.keys(macContent.mac).sort().join(","); - const properMac = calculateMac(input, baseInfo + "KEY_IDS"); - macContent.keys = properMac; - for (const keyId of Object.keys(macContent.mac)) { - const deviceId = keyId.split(":", 2)[1]; - const device = await this.deviceTracker.deviceForId(this.otherUserDeviceId, deviceId); - if (device) { - macContent.mac[keyId] = calculateMac(getDeviceEd25519Key(device), baseInfo + keyId); + await new NullLogger().run("log", async (log) => { + const baseInfo = + "MATRIX_KEY_VERIFICATION_MAC" + + this.otherUserId + + this.otherUserDeviceId + + this.ourUserId + + this.ourUserDeviceId + + this.id; + const { content: macContent } = this.receivedMessages.get(VerificationEventType.Mac); + const macMethod = this.acceptMessage.content.message_authentication_code; + const calculateMac = createCalculateMAC(this.olmSas, macMethod); + const input = Object.keys(macContent.mac).sort().join(","); + const properMac = calculateMac(input, baseInfo + "KEY_IDS", log); + macContent.keys = properMac; + for (const keyId of Object.keys(macContent.mac)) { + const deviceId = keyId.split(":", 2)[1]; + const device = await this.deviceTracker.deviceForId(this.otherUserDeviceId, deviceId); + if (device) { + macContent.mac[keyId] = calculateMac(getDeviceEd25519Key(device), baseInfo + keyId, log); + } + else { + const key = await this.deviceTracker.getCrossSigningKeyForUser(this.otherUserId); + const masterKey = getKeyEd25519Key(key)!; + macContent.mac[keyId] = calculateMac(masterKey, baseInfo + keyId, log); + } } - else { - const key = await this.deviceTracker.getCrossSigningKeyForUser(this.otherUserId); - const masterKey = getKeyEd25519Key(key)!; - macContent.mac[keyId] = calculateMac(masterKey, baseInfo + keyId); - } - } + }); } setStartMessage(event: any): void { diff --git a/src/matrix/verification/SAS/mac.ts b/src/matrix/verification/SAS/mac.ts index e52e8c2c..54e1c1e7 100644 --- a/src/matrix/verification/SAS/mac.ts +++ b/src/matrix/verification/SAS/mac.ts @@ -13,6 +13,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. */ +import type {ILogItem} from "../../../logging/types"; import type {MacMethod} from "./stages/constants"; const macMethods: Record = { @@ -23,8 +24,10 @@ const macMethods: Record = { }; export function createCalculateMAC(olmSAS: Olm.SAS, method: MacMethod) { - return function (input: string, info: string): string { - const mac = olmSAS[macMethods[method]](input, info); - return mac; + return function (input: string, info: string, log: ILogItem): string { + return log.wrap({ l: "calculate MAC", method}, () => { + const mac = olmSAS[macMethods[method]](input, info); + return mac; + }); }; } diff --git a/src/matrix/verification/SAS/stages/SendMacStage.ts b/src/matrix/verification/SAS/stages/SendMacStage.ts index 30a45e6e..5f8fe872 100644 --- a/src/matrix/verification/SAS/stages/SendMacStage.ts +++ b/src/matrix/verification/SAS/stages/SendMacStage.ts @@ -32,7 +32,7 @@ export class SendMacStage extends BaseSASVerificationStage { }); } - private async sendMAC(calculateMAC: (input: string, info: string) => string, log: ILogItem): Promise { + private async sendMAC(calculateMAC: (input: string, info: string, log: ILogItem) => string, log: ILogItem): Promise { const mac: Record = {}; const keyList: string[] = []; const baseInfo = @@ -45,7 +45,7 @@ export class SendMacStage extends BaseSASVerificationStage { const deviceKeyId = `ed25519:${this.ourUserDeviceId}`; const deviceKeys = this.e2eeAccount.getUnsignedDeviceKey(); - mac[deviceKeyId] = calculateMAC(deviceKeys.keys[deviceKeyId], baseInfo + deviceKeyId); + mac[deviceKeyId] = calculateMAC(deviceKeys.keys[deviceKeyId], baseInfo + deviceKeyId, log); keyList.push(deviceKeyId); const key = await this.deviceTracker.getCrossSigningKeyForUser(this.ourUserId, KeyUsage.Master, this.hsApi, log); @@ -56,11 +56,11 @@ export class SendMacStage extends BaseSASVerificationStage { const crossSigningKey = getKeyEd25519Key(key); if (crossSigningKey) { const crossSigningKeyId = `ed25519:${crossSigningKey}`; - mac[crossSigningKeyId] = calculateMAC(crossSigningKey, baseInfo + crossSigningKeyId); + mac[crossSigningKeyId] = calculateMAC(crossSigningKey, baseInfo + crossSigningKeyId, log); keyList.push(crossSigningKeyId); } - const keys = calculateMAC(keyList.sort().join(","), baseInfo + "KEY_IDS"); + const keys = calculateMAC(keyList.sort().join(","), baseInfo + "KEY_IDS", log); await this.channel.send(VerificationEventType.Mac, { mac, keys }, log); } } diff --git a/src/matrix/verification/SAS/stages/VerifyMacStage.ts b/src/matrix/verification/SAS/stages/VerifyMacStage.ts index 40e908c6..6d635cce 100644 --- a/src/matrix/verification/SAS/stages/VerifyMacStage.ts +++ b/src/matrix/verification/SAS/stages/VerifyMacStage.ts @@ -35,7 +35,7 @@ export class VerifyMacStage extends BaseSASVerificationStage { }); } - private async checkMAC(calculateMAC: (input: string, info: string) => string, log: ILogItem): Promise { + private async checkMAC(calculateMAC: (input: string, info: string, log: ILogItem) => string, log: ILogItem): Promise { const {content} = this.channel.getReceivedMessage(VerificationEventType.Mac); const baseInfo = "MATRIX_KEY_VERIFICATION_MAC" + @@ -45,7 +45,7 @@ export class VerifyMacStage extends BaseSASVerificationStage { this.ourUserDeviceId + this.channel.id; - const calculatedMAC = calculateMAC(Object.keys(content.mac).sort().join(","), baseInfo + "KEY_IDS"); + const calculatedMAC = calculateMAC(Object.keys(content.mac).sort().join(","), baseInfo + "KEY_IDS", log); if (content.keys !== calculatedMAC) { log.log({ l: "MAC verification failed for keys field", keys: content.keys, calculated: calculatedMAC }); this.channel.cancelVerification(CancelReason.KeyMismatch); @@ -53,7 +53,7 @@ export class VerifyMacStage extends BaseSASVerificationStage { } await this.verifyKeys(content.mac, (keyId, key, keyInfo) => { - const calculatedMAC = calculateMAC(key, baseInfo + keyId); + const calculatedMAC = calculateMAC(key, baseInfo + keyId, log); if (keyInfo !== calculatedMAC) { log.log({ l: "Mac verification failed for key", keyMac: keyInfo, calculatedMAC, keyId, key }); this.channel.cancelVerification(CancelReason.KeyMismatch);