Various changes to src/crypto files for correctness (#2137)

* make various changes for correctness * apply some review feedback * Address some review feedback * add some more correctness * refactor ensureOutboundSession to fit types better * change variable naming slightly to prevent confusion * some wording around exception-catching * Tidy test * Simplify * Add tests * Add more test coverage * Apply suggestions from code review Co-authored-by: Travis Ralston <travpc@gmail.com> * Update crypto.spec.js * Update spec/unit/crypto.spec.js Co-authored-by: Faye Duxovni <duxovni@duxovni.org> Co-authored-by: Michael Telatynski <7t3chguy@gmail.com> Co-authored-by: Travis Ralston <travpc@gmail.com> Co-authored-by: Faye Duxovni <duxovni@duxovni.org>
matrix-org · Jun 13, 2022 · 78db74d · 78db74d
1 parent 4897bcc
commit 78db74d
Show file tree

Hide file tree

Showing 7 changed files with 460 additions and 368 deletions.
diff --git a/spec/unit/crypto.spec.js b/spec/unit/crypto.spec.js
@@ -17,6 +17,43 @@ import { logger } from '../../src/logger';
 
 const Olm = global.Olm;
 
+function awaitEvent(emitter, event) {
+    return new Promise((resolve, reject) => {
+        emitter.once(event, (result) => {
+            resolve(result);
+        });
+    });
+}
+
+async function keyshareEventForEvent(client, event, index) {
+    const roomId = event.getRoomId();
+    const eventContent = event.getWireContent();
+    const key = await client.crypto.olmDevice.getInboundGroupSessionKey(
+        roomId,
+        eventContent.sender_key,
+        eventContent.session_id,
+        index,
+    );
+    const ksEvent = new MatrixEvent({
+        type: "m.forwarded_room_key",
+        sender: client.getUserId(),
+        content: {
+            algorithm: olmlib.MEGOLM_ALGORITHM,
+            room_id: roomId,
+            sender_key: eventContent.sender_key,
+            sender_claimed_ed25519_key: key.sender_claimed_ed25519_key,
+            session_id: eventContent.session_id,
+            session_key: key.key,
+            chain_index: key.chain_index,
+            forwarding_curve25519_key_chain:
+            key.forwarding_curve_key_chain,
+        },
+    });
+    // make onRoomKeyEvent think this was an encrypted event
+    ksEvent.senderCurve25519Key = "akey";
+    return ksEvent;
+}
+
 describe("Crypto", function() {
     if (!CRYPTO_ENABLED) {
         return;
@@ -203,136 +240,141 @@ describe("Crypto", function() {
             bobClient.stopClient();
         });
 
-        it(
-            "does not cancel keyshare requests if some messages are not decrypted",
-            async function() {
-                function awaitEvent(emitter, event) {
-                    return new Promise((resolve, reject) => {
-                        emitter.once(event, (result) => {
-                            resolve(result);
-                        });
-                    });
+        it("does not cancel keyshare requests if some messages are not decrypted", async function() {
+            const encryptionCfg = {
+                "algorithm": "m.megolm.v1.aes-sha2",
+            };
+            const roomId = "!someroom";
+            const aliceRoom = new Room(roomId, aliceClient, "@alice:example.com", {});
+            const bobRoom = new Room(roomId, bobClient, "@bob:example.com", {});
+            aliceClient.store.storeRoom(aliceRoom);
+            bobClient.store.storeRoom(bobRoom);
+            await aliceClient.setRoomEncryption(roomId, encryptionCfg);
+            await bobClient.setRoomEncryption(roomId, encryptionCfg);
+            const events = [
+                new MatrixEvent({
+                    type: "m.room.message",
+                    sender: "@alice:example.com",
+                    room_id: roomId,
+                    event_id: "$1",
+                    content: {
+                        msgtype: "m.text",
+                        body: "1",
+                    },
+                }),
+                new MatrixEvent({
+                    type: "m.room.message",
+                    sender: "@alice:example.com",
+                    room_id: roomId,
+                    event_id: "$2",
+                    content: {
+                        msgtype: "m.text",
+                        body: "2",
+                    },
+                }),
+            ];
+            await Promise.all(events.map(async (event) => {
+                // alice encrypts each event, and then bob tries to decrypt
+                // them without any keys, so that they'll be in pending
+                await aliceClient.crypto.encryptEvent(event, aliceRoom);
+                event.clearEvent = undefined;
+                event.senderCurve25519Key = null;
+                event.claimedEd25519Key = null;
+                try {
+                    await bobClient.crypto.decryptEvent(event);
+                } catch (e) {
+                    // we expect this to fail because we don't have the
+                    // decryption keys yet
                 }
+            }));
 
-                async function keyshareEventForEvent(event, index) {
-                    const eventContent = event.getWireContent();
-                    const key = await aliceClient.crypto.olmDevice
-                        .getInboundGroupSessionKey(
-                            roomId, eventContent.sender_key, eventContent.session_id,
-                            index,
-                        );
-                    const ksEvent = new MatrixEvent({
-                        type: "m.forwarded_room_key",
-                        sender: "@alice:example.com",
-                        content: {
-                            algorithm: olmlib.MEGOLM_ALGORITHM,
-                            room_id: roomId,
-                            sender_key: eventContent.sender_key,
-                            sender_claimed_ed25519_key: key.sender_claimed_ed25519_key,
-                            session_id: eventContent.session_id,
-                            session_key: key.key,
-                            chain_index: key.chain_index,
-                            forwarding_curve25519_key_chain:
-                            key.forwarding_curve_key_chain,
-                        },
-                    });
-                    // make onRoomKeyEvent think this was an encrypted event
-                    ksEvent.senderCurve25519Key = "akey";
-                    return ksEvent;
-                }
+            const bobDecryptor = bobClient.crypto.getRoomDecryptor(
+                roomId, olmlib.MEGOLM_ALGORITHM,
+            );
 
-                const encryptionCfg = {
-                    "algorithm": "m.megolm.v1.aes-sha2",
-                };
-                const roomId = "!someroom";
-                const aliceRoom = new Room(roomId, aliceClient, "@alice:example.com", {});
-                const bobRoom = new Room(roomId, bobClient, "@bob:example.com", {});
-                aliceClient.store.storeRoom(aliceRoom);
-                bobClient.store.storeRoom(bobRoom);
-                await aliceClient.setRoomEncryption(roomId, encryptionCfg);
-                await bobClient.setRoomEncryption(roomId, encryptionCfg);
-                const events = [
-                    new MatrixEvent({
-                        type: "m.room.message",
-                        sender: "@alice:example.com",
-                        room_id: roomId,
-                        event_id: "$1",
-                        content: {
-                            msgtype: "m.text",
-                            body: "1",
-                        },
-                    }),
-                    new MatrixEvent({
-                        type: "m.room.message",
-                        sender: "@alice:example.com",
-                        room_id: roomId,
-                        event_id: "$2",
-                        content: {
-                            msgtype: "m.text",
-                            body: "2",
-                        },
-                    }),
-                ];
-                await Promise.all(events.map(async (event) => {
-                    // alice encrypts each event, and then bob tries to decrypt
-                    // them without any keys, so that they'll be in pending
-                    await aliceClient.crypto.encryptEvent(event, aliceRoom);
-                    event.clearEvent = undefined;
-                    event.senderCurve25519Key = null;
-                    event.claimedEd25519Key = null;
-                    try {
-                        await bobClient.crypto.decryptEvent(event);
-                    } catch (e) {
-                        // we expect this to fail because we don't have the
-                        // decryption keys yet
-                    }
-                }));
-
-                const bobDecryptor = bobClient.crypto.getRoomDecryptor(
-                    roomId, olmlib.MEGOLM_ALGORITHM,
-                );
-
-                let eventPromise = Promise.all(events.map((ev) => {
-                    return awaitEvent(ev, "Event.decrypted");
-                }));
-
-                // keyshare the session key starting at the second message, so
-                // the first message can't be decrypted yet, but the second one
-                // can
-                let ksEvent = await keyshareEventForEvent(events[1], 1);
-                await bobDecryptor.onRoomKeyEvent(ksEvent);
-                await eventPromise;
-                expect(events[0].getContent().msgtype).toBe("m.bad.encrypted");
-                expect(events[1].getContent().msgtype).not.toBe("m.bad.encrypted");
-
-                const cryptoStore = bobClient.cryptoStore;
-                const eventContent = events[0].getWireContent();
-                const senderKey = eventContent.sender_key;
-                const sessionId = eventContent.session_id;
-                const roomKeyRequestBody = {
-                    algorithm: olmlib.MEGOLM_ALGORITHM,
-                    room_id: roomId,
-                    sender_key: senderKey,
-                    session_id: sessionId,
-                };
-                // the room key request should still be there, since we haven't
-                // decrypted everything
-                expect(await cryptoStore.getOutgoingRoomKeyRequest(roomKeyRequestBody))
-                    .toBeDefined();
-
-                // keyshare the session key starting at the first message, so
-                // that it can now be decrypted
-                eventPromise = awaitEvent(events[0], "Event.decrypted");
-                ksEvent = await keyshareEventForEvent(events[0], 0);
-                await bobDecryptor.onRoomKeyEvent(ksEvent);
-                await eventPromise;
-                expect(events[0].getContent().msgtype).not.toBe("m.bad.encrypted");
-                await sleep(1);
-                // the room key request should be gone since we've now decrypted everything
-                expect(await cryptoStore.getOutgoingRoomKeyRequest(roomKeyRequestBody))
-                    .toBeFalsy();
-            },
-        );
+            let eventPromise = Promise.all(events.map((ev) => {
+                return awaitEvent(ev, "Event.decrypted");
+            }));
+
+            // keyshare the session key starting at the second message, so
+            // the first message can't be decrypted yet, but the second one
+            // can
+            let ksEvent = await keyshareEventForEvent(aliceClient, events[1], 1);
+            await bobDecryptor.onRoomKeyEvent(ksEvent);
+            await eventPromise;
+            expect(events[0].getContent().msgtype).toBe("m.bad.encrypted");
+            expect(events[1].getContent().msgtype).not.toBe("m.bad.encrypted");
+
+            const cryptoStore = bobClient.cryptoStore;
+            const eventContent = events[0].getWireContent();
+            const senderKey = eventContent.sender_key;
+            const sessionId = eventContent.session_id;
+            const roomKeyRequestBody = {
+                algorithm: olmlib.MEGOLM_ALGORITHM,
+                room_id: roomId,
+                sender_key: senderKey,
+                session_id: sessionId,
+            };
+            // the room key request should still be there, since we haven't
+            // decrypted everything
+            expect(await cryptoStore.getOutgoingRoomKeyRequest(roomKeyRequestBody)).toBeDefined();
+
+            // keyshare the session key starting at the first message, so
+            // that it can now be decrypted
+            eventPromise = awaitEvent(events[0], "Event.decrypted");
+            ksEvent = await keyshareEventForEvent(aliceClient, events[0], 0);
+            await bobDecryptor.onRoomKeyEvent(ksEvent);
+            await eventPromise;
+            expect(events[0].getContent().msgtype).not.toBe("m.bad.encrypted");
+            await sleep(1);
+            // the room key request should be gone since we've now decrypted everything
+            expect(await cryptoStore.getOutgoingRoomKeyRequest(roomKeyRequestBody)).toBeFalsy();
+        });
+
+        it("should error if a forwarded room key lacks a content.sender_key", async function() {
+            const encryptionCfg = {
+                "algorithm": "m.megolm.v1.aes-sha2",
+            };
+            const roomId = "!someroom";
+            const aliceRoom = new Room(roomId, aliceClient, "@alice:example.com", {});
+            const bobRoom = new Room(roomId, bobClient, "@bob:example.com", {});
+            aliceClient.store.storeRoom(aliceRoom);
+            bobClient.store.storeRoom(bobRoom);
+            await aliceClient.setRoomEncryption(roomId, encryptionCfg);
+            await bobClient.setRoomEncryption(roomId, encryptionCfg);
+            const event = new MatrixEvent({
+                type: "m.room.message",
+                sender: "@alice:example.com",
+                room_id: roomId,
+                event_id: "$1",
+                content: {
+                    msgtype: "m.text",
+                    body: "1",
+                },
+            });
+            // alice encrypts each event, and then bob tries to decrypt
+            // them without any keys, so that they'll be in pending
+            await aliceClient.crypto.encryptEvent(event, aliceRoom);
+            event.clearEvent = undefined;
+            event.senderCurve25519Key = null;
+            event.claimedEd25519Key = null;
+            try {
+                await bobClient.crypto.decryptEvent(event);
+            } catch (e) {
+                // we expect this to fail because we don't have the
+                // decryption keys yet
+            }
+
+            const bobDecryptor = bobClient.crypto.getRoomDecryptor(
+                roomId, olmlib.MEGOLM_ALGORITHM,
+            );
+
+            const ksEvent = await keyshareEventForEvent(aliceClient, event, 1);
+            ksEvent.getContent().sender_key = undefined; // test
+            bobClient.crypto.addInboundGroupSession = jest.fn();
+            await bobDecryptor.onRoomKeyEvent(ksEvent);
+            expect(bobClient.crypto.addInboundGroupSession).not.toHaveBeenCalled();
+        });
 
         it("creates a new keyshare request if we request a keyshare", async function() {
             // make sure that cancelAndResend... creates a new keyshare request

diff --git a/spec/unit/crypto/algorithms/megolm.spec.js b/spec/unit/crypto/algorithms/megolm.spec.js
@@ -257,6 +257,8 @@ describe("MegolmDecryption", function() {
         });
 
         describe("session reuse and key reshares", () => {
+            const rotationPeriodMs = 999 * 24 * 60 * 60 * 1000; // 999 days, so we don't have to deal with it
+
             let megolmEncryption;
             let aliceDeviceInfo;
             let mockRoom;
@@ -318,7 +320,7 @@ describe("MegolmDecryption", function() {
                     baseApis: mockBaseApis,
                     roomId: ROOM_ID,
                     config: {
-                        rotation_period_ms: 9999999999999,
+                        rotation_period_ms: rotationPeriodMs,
                     },
                 });
                 mockRoom = {
@@ -329,6 +331,31 @@ describe("MegolmDecryption", function() {
                 };
             });
 
+            it("should use larger otkTimeout when preparing to encrypt room", async () => {
+                megolmEncryption.prepareToEncrypt(mockRoom);
+                await megolmEncryption.encryptMessage(mockRoom, "a.fake.type", {
+                    body: "Some text",
+                });
+                expect(mockRoom.getEncryptionTargetMembers).toHaveBeenCalled();
+
+                expect(mockBaseApis.claimOneTimeKeys).toHaveBeenCalledWith(
+                    [['@alice:home.server', 'aliceDevice']], 'signed_curve25519', 10000,
+                );
+            });
+
+            it("should generate a new session if this one needs rotation", async () => {
+                const session = await megolmEncryption.prepareNewSession(false);
+                session.creationTime -= rotationPeriodMs + 10000; // a smidge over the rotation time
+                // Inject expired session which needs rotation
+                megolmEncryption.setupPromise = Promise.resolve(session);
+
+                const prepareNewSessionSpy = jest.spyOn(megolmEncryption, "prepareNewSession");
+                await megolmEncryption.encryptMessage(mockRoom, "a.fake.type", {
+                    body: "Some text",
+                });
+                expect(prepareNewSessionSpy).toHaveBeenCalledTimes(1);
+            });
+
             it("re-uses sessions for sequential messages", async function() {
                 const ct1 = await megolmEncryption.encryptMessage(mockRoom, "a.fake.type", {
                     body: "Some text",

diff --git a/src/crypto/algorithms/base.ts b/src/crypto/algorithms/base.ts
@@ -179,7 +179,7 @@ export abstract class DecryptionAlgorithm {
      *
      * @param {module:models/event.MatrixEvent} params event key event
      */
-    public onRoomKeyEvent(params: MatrixEvent): void {
+    public async onRoomKeyEvent(params: MatrixEvent): Promise<void> {
         // ignore by default
     }