mirror of
https://github.com/element-hq/element-android
synced 2024-11-24 18:35:40 +03:00
Rework Crypto using Try
This commit is contained in:
parent
25b0cd0e4b
commit
87dec337d8
18 changed files with 308 additions and 406 deletions
|
@ -38,7 +38,7 @@ sealed class Failure(cause: Throwable? = null) : Throwable(cause = cause) {
|
||||||
|
|
||||||
data class RegistrationFlowError(val registrationFlowResponse: RegistrationFlowResponse) : Failure(RuntimeException(registrationFlowResponse.toString()))
|
data class RegistrationFlowError(val registrationFlowResponse: RegistrationFlowResponse) : Failure(RuntimeException(registrationFlowResponse.toString()))
|
||||||
|
|
||||||
data class CryptoError(val error: MXCryptoError) : Failure(RuntimeException(error.toString()))
|
data class CryptoError(val error: MXCryptoError) : Failure(error)
|
||||||
|
|
||||||
abstract class FeatureFailure : Failure()
|
abstract class FeatureFailure : Failure()
|
||||||
|
|
||||||
|
|
|
@ -98,9 +98,9 @@ interface CryptoService {
|
||||||
roomId: String,
|
roomId: String,
|
||||||
callback: MatrixCallback<MXEncryptEventContentResult>)
|
callback: MatrixCallback<MXEncryptEventContentResult>)
|
||||||
|
|
||||||
fun decryptEvent(event: Event, timeline: String): MXEventDecryptionResult?
|
fun decryptEvent(event: Event, timeline: String): MXEventDecryptionResult
|
||||||
|
|
||||||
fun decryptEventAsync(event: Event, timeline: String, callback: MatrixCallback<MXEventDecryptionResult?>)
|
fun decryptEventAsync(event: Event, timeline: String, callback: MatrixCallback<MXEventDecryptionResult>)
|
||||||
|
|
||||||
fun getEncryptionAlgorithm(roomId: String): String?
|
fun getEncryptionAlgorithm(roomId: String): String?
|
||||||
|
|
||||||
|
|
|
@ -18,72 +18,28 @@
|
||||||
|
|
||||||
package im.vector.matrix.android.api.session.crypto
|
package im.vector.matrix.android.api.session.crypto
|
||||||
|
|
||||||
import android.text.TextUtils
|
import im.vector.matrix.android.internal.crypto.model.MXDeviceInfo
|
||||||
|
import im.vector.matrix.android.internal.crypto.model.MXUsersDevicesMap
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Represents a crypto error response.
|
* Represents a crypto error response.
|
||||||
*/
|
*/
|
||||||
class MXCryptoError(var code: String,
|
sealed class MXCryptoError : Throwable() {
|
||||||
var message: String) {
|
|
||||||
|
|
||||||
/**
|
// TODO Create data class for all cases, and remove error code
|
||||||
* Describe the error with more details
|
data class Base(val code: String,
|
||||||
*/
|
val _message: String,
|
||||||
private var mDetailedErrorDescription: String? = null
|
/**
|
||||||
|
* Describe the error with more details
|
||||||
|
*/
|
||||||
|
val detailedErrorDescription: String? = null) : MXCryptoError()
|
||||||
|
|
||||||
/**
|
data class UnknownDevice(val deviceList: MXUsersDevicesMap<MXDeviceInfo>) : MXCryptoError()
|
||||||
* Data exception.
|
|
||||||
* Some exceptions provide some data to describe the exception
|
|
||||||
*/
|
|
||||||
var mExceptionData: Any? = null
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @return true if the current error is an olm one.
|
|
||||||
*/
|
|
||||||
val isOlmError: Boolean
|
|
||||||
get() = OLM_ERROR_CODE == code
|
|
||||||
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @return the detailed error description
|
|
||||||
*/
|
|
||||||
val detailedErrorDescription: String?
|
|
||||||
get() = if (TextUtils.isEmpty(mDetailedErrorDescription)) {
|
|
||||||
message
|
|
||||||
} else mDetailedErrorDescription
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Create a crypto error
|
|
||||||
*
|
|
||||||
* @param code the error code (see XX_ERROR_CODE)
|
|
||||||
* @param shortErrorDescription the short error description
|
|
||||||
* @param detailedErrorDescription the detailed error description
|
|
||||||
*/
|
|
||||||
constructor(code: String, shortErrorDescription: String, detailedErrorDescription: String?) : this(code, shortErrorDescription) {
|
|
||||||
mDetailedErrorDescription = detailedErrorDescription
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Create a crypto error
|
|
||||||
*
|
|
||||||
* @param code the error code (see XX_ERROR_CODE)
|
|
||||||
* @param shortErrorDescription the short error description
|
|
||||||
* @param detailedErrorDescription the detailed error description
|
|
||||||
* @param exceptionData the exception data
|
|
||||||
*/
|
|
||||||
constructor(code: String, shortErrorDescription: String, detailedErrorDescription: String?, exceptionData: Any) : this(code, shortErrorDescription) {
|
|
||||||
mDetailedErrorDescription = detailedErrorDescription
|
|
||||||
mExceptionData = exceptionData
|
|
||||||
}
|
|
||||||
|
|
||||||
companion object {
|
companion object {
|
||||||
|
|
||||||
// TODO Create sealed class
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Error codes
|
* Error codes
|
||||||
*/
|
*/
|
||||||
const val UNKNOWN_ERROR_CODE = "UNKNOWN_ERROR_CODE"
|
|
||||||
const val ENCRYPTING_NOT_ENABLED_ERROR_CODE = "ENCRYPTING_NOT_ENABLED"
|
const val ENCRYPTING_NOT_ENABLED_ERROR_CODE = "ENCRYPTING_NOT_ENABLED"
|
||||||
const val UNABLE_TO_ENCRYPT_ERROR_CODE = "UNABLE_TO_ENCRYPT"
|
const val UNABLE_TO_ENCRYPT_ERROR_CODE = "UNABLE_TO_ENCRYPT"
|
||||||
const val UNABLE_TO_DECRYPT_ERROR_CODE = "UNABLE_TO_DECRYPT"
|
const val UNABLE_TO_DECRYPT_ERROR_CODE = "UNABLE_TO_DECRYPT"
|
||||||
|
@ -138,4 +94,4 @@ class MXCryptoError(var code: String,
|
||||||
const val UNKNOWN_DEVICES_REASON = "This room contains unknown devices which have not been verified.\n" + "We strongly recommend you verify them before continuing."
|
const val UNKNOWN_DEVICES_REASON = "This room contains unknown devices which have not been verified.\n" + "We strongly recommend you verify them before continuing."
|
||||||
const val NO_MORE_ALGORITHM_REASON = "Room was previously configured to use encryption, but is no longer." + " Perhaps the homeserver is hiding the configuration event."
|
const val NO_MORE_ALGORITHM_REASON = "Room was previously configured to use encryption, but is no longer." + " Perhaps the homeserver is hiding the configuration event."
|
||||||
}
|
}
|
||||||
}
|
}
|
|
@ -140,37 +140,32 @@ data class Event(
|
||||||
*
|
*
|
||||||
* @param decryptionResult the decryption result, including the plaintext and some key info.
|
* @param decryptionResult the decryption result, including the plaintext and some key info.
|
||||||
*/
|
*/
|
||||||
internal fun setClearData(decryptionResult: MXEventDecryptionResult?) {
|
internal fun setClearData(decryptionResult: MXEventDecryptionResult) {
|
||||||
mClearEvent = null
|
mClearEvent = null
|
||||||
if (decryptionResult != null) {
|
mCryptoError = null
|
||||||
if (decryptionResult.clearEvent != null) {
|
|
||||||
val adapter = MoshiProvider.providesMoshi().adapter(Event::class.java)
|
|
||||||
mClearEvent = adapter.fromJsonValue(decryptionResult.clearEvent)
|
|
||||||
|
|
||||||
if (mClearEvent != null) {
|
val adapter = MoshiProvider.providesMoshi().adapter(Event::class.java)
|
||||||
mSenderCurve25519Key = decryptionResult.senderCurve25519Key
|
mClearEvent = adapter.fromJsonValue(decryptionResult.clearEvent)
|
||||||
mClaimedEd25519Key = decryptionResult.claimedEd25519Key
|
|
||||||
mForwardingCurve25519KeyChain = decryptionResult.forwardingCurve25519KeyChain
|
|
||||||
|
|
||||||
// For encrypted events with relation, the m.relates_to is kept in clear, so we need to put it back
|
if (mClearEvent != null) {
|
||||||
// in the clear event
|
mSenderCurve25519Key = decryptionResult.senderCurve25519Key
|
||||||
try {
|
mClaimedEd25519Key = decryptionResult.claimedEd25519Key
|
||||||
content?.get("m.relates_to")?.let { clearRelates ->
|
mForwardingCurve25519KeyChain = decryptionResult.forwardingCurve25519KeyChain
|
||||||
mClearEvent = mClearEvent?.copy(
|
|
||||||
content = HashMap(mClearEvent!!.content).apply {
|
// For encrypted events with relation, the m.relates_to is kept in clear, so we need to put it back
|
||||||
this["m.relates_to"] = clearRelates
|
// in the clear event
|
||||||
}
|
try {
|
||||||
)
|
content?.get("m.relates_to")?.let { clearRelates ->
|
||||||
}
|
mClearEvent = mClearEvent?.copy(
|
||||||
} catch (e: Exception) {
|
content = HashMap(mClearEvent!!.content).apply {
|
||||||
Timber.e(e, "Unable to restore 'm.relates_to' the clear event")
|
this["m.relates_to"] = clearRelates
|
||||||
}
|
}
|
||||||
|
)
|
||||||
}
|
}
|
||||||
|
} catch (e: Exception) {
|
||||||
|
Timber.e(e, "Unable to restore 'm.relates_to' the clear event")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
mCryptoError = null
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -569,8 +569,7 @@ internal class CryptoManager @Inject constructor(
|
||||||
val reason = String.format(MXCryptoError.UNABLE_TO_ENCRYPT_REASON,
|
val reason = String.format(MXCryptoError.UNABLE_TO_ENCRYPT_REASON,
|
||||||
algorithm ?: MXCryptoError.NO_MORE_ALGORITHM_REASON)
|
algorithm ?: MXCryptoError.NO_MORE_ALGORITHM_REASON)
|
||||||
Timber.e("## encryptEventContent() : $reason")
|
Timber.e("## encryptEventContent() : $reason")
|
||||||
callback.onFailure(Failure.CryptoError(MXCryptoError(MXCryptoError.UNABLE_TO_ENCRYPT_ERROR_CODE,
|
callback.onFailure(Failure.CryptoError(MXCryptoError.Base(MXCryptoError.UNABLE_TO_ENCRYPT_ERROR_CODE, reason)))
|
||||||
MXCryptoError.UNABLE_TO_ENCRYPT, reason)))
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -580,10 +579,10 @@ internal class CryptoManager @Inject constructor(
|
||||||
*
|
*
|
||||||
* @param event the raw event.
|
* @param event the raw event.
|
||||||
* @param timeline the id of the timeline where the event is decrypted. It is used to prevent replay attack.
|
* @param timeline the id of the timeline where the event is decrypted. It is used to prevent replay attack.
|
||||||
* @return the MXEventDecryptionResult data, or null in case of error
|
* @return the MXEventDecryptionResult data, or throw in case of error
|
||||||
*/
|
*/
|
||||||
@Throws(MXDecryptionException::class)
|
@Throws(MXCryptoError::class)
|
||||||
override fun decryptEvent(event: Event, timeline: String): MXEventDecryptionResult? {
|
override fun decryptEvent(event: Event, timeline: String): MXEventDecryptionResult {
|
||||||
return runBlocking {
|
return runBlocking {
|
||||||
internalDecryptEvent(event, timeline).fold(
|
internalDecryptEvent(event, timeline).fold(
|
||||||
{ throw it },
|
{ throw it },
|
||||||
|
@ -599,7 +598,7 @@ internal class CryptoManager @Inject constructor(
|
||||||
* @param timeline the id of the timeline where the event is decrypted. It is used to prevent replay attack.
|
* @param timeline the id of the timeline where the event is decrypted. It is used to prevent replay attack.
|
||||||
* @param callback the callback to return data or null
|
* @param callback the callback to return data or null
|
||||||
*/
|
*/
|
||||||
override fun decryptEventAsync(event: Event, timeline: String, callback: MatrixCallback<MXEventDecryptionResult?>) {
|
override fun decryptEventAsync(event: Event, timeline: String, callback: MatrixCallback<MXEventDecryptionResult>) {
|
||||||
GlobalScope.launch(EmptyCoroutineContext) {
|
GlobalScope.launch(EmptyCoroutineContext) {
|
||||||
val result = withContext(coroutineDispatchers.crypto) {
|
val result = withContext(coroutineDispatchers.crypto) {
|
||||||
internalDecryptEvent(event, timeline)
|
internalDecryptEvent(event, timeline)
|
||||||
|
@ -616,18 +615,17 @@ internal class CryptoManager @Inject constructor(
|
||||||
* @return the MXEventDecryptionResult data, or null in case of error wrapped into [Try]
|
* @return the MXEventDecryptionResult data, or null in case of error wrapped into [Try]
|
||||||
*/
|
*/
|
||||||
private suspend fun internalDecryptEvent(event: Event, timeline: String): Try<MXEventDecryptionResult> {
|
private suspend fun internalDecryptEvent(event: Event, timeline: String): Try<MXEventDecryptionResult> {
|
||||||
return Try {
|
val eventContent = event.content
|
||||||
val eventContent = event.content
|
return if (eventContent == null) {
|
||||||
if (eventContent == null) {
|
Timber.e("## decryptEvent : empty event content")
|
||||||
Timber.e("## decryptEvent : empty event content")
|
Try.Failure(MXCryptoError.Base(MXCryptoError.BAD_ENCRYPTED_MESSAGE_ERROR_CODE, MXCryptoError.BAD_ENCRYPTED_MESSAGE_REASON))
|
||||||
throw MXDecryptionException(MXCryptoError(MXCryptoError.UNKNOWN_ERROR_CODE, MXCryptoError.UNKNOWN_ERROR_CODE))
|
} else {
|
||||||
}
|
|
||||||
val algorithm = eventContent["algorithm"]?.toString()
|
val algorithm = eventContent["algorithm"]?.toString()
|
||||||
val alg = roomDecryptorProvider.getOrCreateRoomDecryptor(event.roomId, algorithm)
|
val alg = roomDecryptorProvider.getOrCreateRoomDecryptor(event.roomId, algorithm)
|
||||||
if (alg == null) {
|
if (alg == null) {
|
||||||
val reason = String.format(MXCryptoError.UNABLE_TO_DECRYPT_REASON, event.eventId, algorithm)
|
val reason = String.format(MXCryptoError.UNABLE_TO_DECRYPT_REASON, event.eventId, algorithm)
|
||||||
Timber.e("## decryptEvent() : $reason")
|
Timber.e("## decryptEvent() : $reason")
|
||||||
throw MXDecryptionException(MXCryptoError(MXCryptoError.UNABLE_TO_DECRYPT_ERROR_CODE, MXCryptoError.UNABLE_TO_DECRYPT, reason))
|
Try.Failure(MXCryptoError.Base(MXCryptoError.UNABLE_TO_DECRYPT_ERROR_CODE, reason))
|
||||||
} else {
|
} else {
|
||||||
alg.decryptEvent(event, timeline)
|
alg.decryptEvent(event, timeline)
|
||||||
}
|
}
|
||||||
|
@ -872,7 +870,7 @@ internal class CryptoManager @Inject constructor(
|
||||||
/**
|
/**
|
||||||
* Check if the user ids list have some unknown devices.
|
* Check if the user ids list have some unknown devices.
|
||||||
* A success means there is no unknown devices.
|
* A success means there is no unknown devices.
|
||||||
* If there are some unknown devices, a MXCryptoError.UNKNOWN_DEVICES_CODE exception is triggered.
|
* If there are some unknown devices, a MXCryptoError.UnknownDevice exception is triggered.
|
||||||
*
|
*
|
||||||
* @param userIds the user ids list
|
* @param userIds the user ids list
|
||||||
* @param callback the asynchronous callback.
|
* @param callback the asynchronous callback.
|
||||||
|
@ -890,9 +888,7 @@ internal class CryptoManager @Inject constructor(
|
||||||
callback.onSuccess(Unit)
|
callback.onSuccess(Unit)
|
||||||
} else {
|
} else {
|
||||||
// trigger an an unknown devices exception
|
// trigger an an unknown devices exception
|
||||||
callback.onFailure(
|
callback.onFailure(Failure.CryptoError(MXCryptoError.UnknownDevice(unknownDevices)))
|
||||||
Failure.CryptoError(MXCryptoError(MXCryptoError.UNKNOWN_DEVICES_CODE,
|
|
||||||
MXCryptoError.UNABLE_TO_ENCRYPT, MXCryptoError.UNKNOWN_DEVICES_REASON, unknownDevices)))
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
|
|
|
@ -1,39 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright 2016 OpenMarket Ltd
|
|
||||||
* Copyright 2017 Vector Creations Ltd
|
|
||||||
*
|
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
* you may not use this file except in compliance with the License.
|
|
||||||
* You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing, software
|
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
* See the License for the specific language governing permissions and
|
|
||||||
* limitations under the License.
|
|
||||||
*/
|
|
||||||
|
|
||||||
package im.vector.matrix.android.internal.crypto
|
|
||||||
|
|
||||||
import im.vector.matrix.android.api.session.crypto.MXCryptoError
|
|
||||||
|
|
||||||
/**
|
|
||||||
* This class represents a decryption exception
|
|
||||||
*/
|
|
||||||
class MXDecryptionException
|
|
||||||
(
|
|
||||||
/**
|
|
||||||
* the linked crypto error
|
|
||||||
*/
|
|
||||||
val cryptoError: MXCryptoError?
|
|
||||||
) : Exception() {
|
|
||||||
|
|
||||||
override val message: String?
|
|
||||||
get() = cryptoError?.message ?: super.message
|
|
||||||
|
|
||||||
override fun getLocalizedMessage(): String {
|
|
||||||
return cryptoError?.message ?: super.getLocalizedMessage()
|
|
||||||
}
|
|
||||||
}
|
|
10
matrix-sdk-android/src/main/java/im/vector/matrix/android/internal/crypto/MXEventDecryptionResult.kt
Normal file → Executable file
10
matrix-sdk-android/src/main/java/im/vector/matrix/android/internal/crypto/MXEventDecryptionResult.kt
Normal file → Executable file
|
@ -1,6 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2016 OpenMarket Ltd
|
* Copyright 2016 OpenMarket Ltd
|
||||||
* Copyright 2017 Vector Creations Ltd
|
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -18,7 +17,6 @@
|
||||||
package im.vector.matrix.android.internal.crypto
|
package im.vector.matrix.android.internal.crypto
|
||||||
|
|
||||||
import im.vector.matrix.android.api.util.JsonDict
|
import im.vector.matrix.android.api.util.JsonDict
|
||||||
import java.util.*
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The result of a (successful) call to decryptEvent.
|
* The result of a (successful) call to decryptEvent.
|
||||||
|
@ -28,23 +26,23 @@ data class MXEventDecryptionResult(
|
||||||
/**
|
/**
|
||||||
* The plaintext payload for the event (typically containing "type" and "content" fields).
|
* The plaintext payload for the event (typically containing "type" and "content" fields).
|
||||||
*/
|
*/
|
||||||
var clearEvent: JsonDict? = null,
|
val clearEvent: JsonDict,
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Key owned by the sender of this event.
|
* Key owned by the sender of this event.
|
||||||
* See MXEvent.senderKey.
|
* See MXEvent.senderKey.
|
||||||
*/
|
*/
|
||||||
var senderCurve25519Key: String? = null,
|
val senderCurve25519Key: String? = null,
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Ed25519 key claimed by the sender of this event.
|
* Ed25519 key claimed by the sender of this event.
|
||||||
* See MXEvent.claimedEd25519Key.
|
* See MXEvent.claimedEd25519Key.
|
||||||
*/
|
*/
|
||||||
var claimedEd25519Key: String? = null,
|
val claimedEd25519Key: String? = null,
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* List of curve25519 keys involved in telling us about the senderCurve25519Key and
|
* List of curve25519 keys involved in telling us about the senderCurve25519Key and
|
||||||
* claimedEd25519Key. See MXEvent.forwardingCurve25519KeyChain.
|
* claimedEd25519Key. See MXEvent.forwardingCurve25519KeyChain.
|
||||||
*/
|
*/
|
||||||
var forwardingCurve25519KeyChain: List<String> = ArrayList()
|
val forwardingCurve25519KeyChain: List<String> = emptyList()
|
||||||
)
|
)
|
||||||
|
|
|
@ -18,10 +18,11 @@
|
||||||
package im.vector.matrix.android.internal.crypto
|
package im.vector.matrix.android.internal.crypto
|
||||||
|
|
||||||
import android.text.TextUtils
|
import android.text.TextUtils
|
||||||
|
import arrow.core.Try
|
||||||
import im.vector.matrix.android.api.session.crypto.MXCryptoError
|
import im.vector.matrix.android.api.session.crypto.MXCryptoError
|
||||||
import im.vector.matrix.android.api.util.JSON_DICT_PARAMETERIZED_TYPE
|
import im.vector.matrix.android.api.util.JSON_DICT_PARAMETERIZED_TYPE
|
||||||
import im.vector.matrix.android.api.util.JsonDict
|
import im.vector.matrix.android.api.util.JsonDict
|
||||||
import im.vector.matrix.android.internal.crypto.algorithms.MXDecryptionResult
|
import im.vector.matrix.android.internal.crypto.algorithms.olm.OlmDecryptionResult
|
||||||
import im.vector.matrix.android.internal.crypto.model.OlmInboundGroupSessionWrapper
|
import im.vector.matrix.android.internal.crypto.model.OlmInboundGroupSessionWrapper
|
||||||
import im.vector.matrix.android.internal.crypto.model.OlmSessionWrapper
|
import im.vector.matrix.android.internal.crypto.model.OlmSessionWrapper
|
||||||
import im.vector.matrix.android.internal.crypto.store.IMXCryptoStore
|
import im.vector.matrix.android.internal.crypto.store.IMXCryptoStore
|
||||||
|
@ -81,11 +82,6 @@ internal class MXOlmDevice @Inject constructor(
|
||||||
// Values are true.
|
// Values are true.
|
||||||
private val inboundGroupSessionMessageIndexes: MutableMap<String, MutableMap<String, Boolean>> = HashMap()
|
private val inboundGroupSessionMessageIndexes: MutableMap<String, MutableMap<String, Boolean>> = HashMap()
|
||||||
|
|
||||||
/**
|
|
||||||
* inboundGroupSessionWithId error
|
|
||||||
*/
|
|
||||||
private var inboundGroupSessionWithIdError: MXCryptoError? = null
|
|
||||||
|
|
||||||
init {
|
init {
|
||||||
// Retrieve the account from the store
|
// Retrieve the account from the store
|
||||||
olmAccount = store.getAccount()
|
olmAccount = store.getAccount()
|
||||||
|
@ -508,22 +504,26 @@ internal class MXOlmDevice @Inject constructor(
|
||||||
forwardingCurve25519KeyChain: List<String>,
|
forwardingCurve25519KeyChain: List<String>,
|
||||||
keysClaimed: Map<String, String>,
|
keysClaimed: Map<String, String>,
|
||||||
exportFormat: Boolean): Boolean {
|
exportFormat: Boolean): Boolean {
|
||||||
val existingInboundSession = getInboundGroupSession(sessionId, senderKey, roomId)
|
|
||||||
val session = OlmInboundGroupSessionWrapper(sessionKey, exportFormat)
|
val session = OlmInboundGroupSessionWrapper(sessionKey, exportFormat)
|
||||||
|
|
||||||
if (null != existingInboundSession) {
|
getInboundGroupSession(sessionId, senderKey, roomId).fold(
|
||||||
// If we already have this session, consider updating it
|
{
|
||||||
Timber.e("## addInboundGroupSession() : Update for megolm session $senderKey/$sessionId")
|
// Nothing to do in case of error
|
||||||
|
},
|
||||||
|
{
|
||||||
|
// If we already have this session, consider updating it
|
||||||
|
Timber.e("## addInboundGroupSession() : Update for megolm session $senderKey/$sessionId")
|
||||||
|
|
||||||
val existingFirstKnown = existingInboundSession.firstKnownIndex!!
|
val existingFirstKnown = it.firstKnownIndex!!
|
||||||
val newKnownFirstIndex = session.firstKnownIndex!!
|
val newKnownFirstIndex = session.firstKnownIndex
|
||||||
|
|
||||||
//If our existing session is better we keep it
|
//If our existing session is better we keep it
|
||||||
if (newKnownFirstIndex != null && existingFirstKnown <= newKnownFirstIndex) {
|
if (newKnownFirstIndex != null && existingFirstKnown <= newKnownFirstIndex) {
|
||||||
session.olmInboundGroupSession?.releaseSession()
|
session.olmInboundGroupSession?.releaseSession()
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
)
|
||||||
|
|
||||||
// sanity check
|
// sanity check
|
||||||
if (null == session.olmInboundGroupSession) {
|
if (null == session.olmInboundGroupSession) {
|
||||||
|
@ -594,20 +594,26 @@ internal class MXOlmDevice @Inject constructor(
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
val existingOlmSession = getInboundGroupSession(sessionId, senderKey, roomId)
|
getInboundGroupSession(sessionId, senderKey, roomId)
|
||||||
if (null != existingOlmSession) {
|
.fold(
|
||||||
// If we already have this session, consider updating it
|
{
|
||||||
Timber.e("## importInboundGroupSession() : Update for megolm session $senderKey/$sessionId")
|
// Session does not already exist, add it
|
||||||
|
sessions.add(session)
|
||||||
|
},
|
||||||
|
{
|
||||||
|
// If we already have this session, consider updating it
|
||||||
|
Timber.e("## importInboundGroupSession() : Update for megolm session $senderKey/$sessionId")
|
||||||
|
|
||||||
// For now we just ignore updates. TODO: implement something here
|
// For now we just ignore updates. TODO: implement something here
|
||||||
if (existingOlmSession.firstKnownIndex!! <= session.firstKnownIndex!!) {
|
if (it.firstKnownIndex!! <= session.firstKnownIndex!!) {
|
||||||
//Ignore this, keep existing
|
//Ignore this, keep existing
|
||||||
session.olmInboundGroupSession!!.releaseSession()
|
session.olmInboundGroupSession!!.releaseSession()
|
||||||
continue
|
} else {
|
||||||
}
|
sessions.add(session)
|
||||||
}
|
}
|
||||||
|
Unit
|
||||||
sessions.add(session)
|
}
|
||||||
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
store.storeInboundGroupSessions(sessions)
|
store.storeInboundGroupSessions(sessions)
|
||||||
|
@ -637,81 +643,70 @@ internal class MXOlmDevice @Inject constructor(
|
||||||
* @param senderKey the base64-encoded curve25519 key of the sender.
|
* @param senderKey the base64-encoded curve25519 key of the sender.
|
||||||
* @return the decrypting result. Nil if the sessionId is unknown.
|
* @return the decrypting result. Nil if the sessionId is unknown.
|
||||||
*/
|
*/
|
||||||
@Throws(MXDecryptionException::class)
|
|
||||||
fun decryptGroupMessage(body: String,
|
fun decryptGroupMessage(body: String,
|
||||||
roomId: String,
|
roomId: String,
|
||||||
timeline: String?,
|
timeline: String?,
|
||||||
sessionId: String,
|
sessionId: String,
|
||||||
senderKey: String): MXDecryptionResult? {
|
senderKey: String): Try<OlmDecryptionResult> {
|
||||||
val result = MXDecryptionResult()
|
return getInboundGroupSession(sessionId, senderKey, roomId)
|
||||||
val session = getInboundGroupSession(sessionId, senderKey, roomId)
|
.flatMap { session ->
|
||||||
|
// Check that the room id matches the original one for the session. This stops
|
||||||
if (null != session) {
|
// the HS pretending a message was targeting a different room.
|
||||||
// Check that the room id matches the original one for the session. This stops
|
if (roomId == session.roomId) {
|
||||||
// the HS pretending a message was targeting a different room.
|
var errorMessage = ""
|
||||||
if (TextUtils.equals(roomId, session.roomId)) {
|
var decryptResult: OlmInboundGroupSession.DecryptMessageResult? = null
|
||||||
var errorMessage = ""
|
try {
|
||||||
var decryptResult: OlmInboundGroupSession.DecryptMessageResult? = null
|
decryptResult = session.olmInboundGroupSession!!.decryptMessage(body)
|
||||||
try {
|
} catch (e: Exception) {
|
||||||
decryptResult = session.olmInboundGroupSession!!.decryptMessage(body)
|
Timber.e(e, "## decryptGroupMessage () : decryptMessage failed")
|
||||||
} catch (e: Exception) {
|
errorMessage = e.message ?: ""
|
||||||
Timber.e(e, "## decryptGroupMessage () : decryptMessage failed")
|
|
||||||
errorMessage = e.message ?: ""
|
|
||||||
}
|
|
||||||
|
|
||||||
if (null != decryptResult) {
|
|
||||||
if (null != timeline) {
|
|
||||||
if (!inboundGroupSessionMessageIndexes.containsKey(timeline)) {
|
|
||||||
inboundGroupSessionMessageIndexes[timeline] = HashMap()
|
|
||||||
}
|
}
|
||||||
|
|
||||||
val messageIndexKey = senderKey + "|" + sessionId + "|" + decryptResult.mIndex
|
if (null != decryptResult) {
|
||||||
|
if (null != timeline) {
|
||||||
|
if (!inboundGroupSessionMessageIndexes.containsKey(timeline)) {
|
||||||
|
inboundGroupSessionMessageIndexes[timeline] = HashMap()
|
||||||
|
}
|
||||||
|
|
||||||
if (inboundGroupSessionMessageIndexes[timeline]?.get(messageIndexKey) != null) {
|
val messageIndexKey = senderKey + "|" + sessionId + "|" + decryptResult.mIndex
|
||||||
val reason = String.format(MXCryptoError.DUPLICATE_MESSAGE_INDEX_REASON, decryptResult.mIndex)
|
|
||||||
Timber.e("## decryptGroupMessage() : $reason")
|
if (inboundGroupSessionMessageIndexes[timeline]?.get(messageIndexKey) != null) {
|
||||||
throw MXDecryptionException(MXCryptoError(MXCryptoError.DUPLICATED_MESSAGE_INDEX_ERROR_CODE,
|
val reason = String.format(MXCryptoError.DUPLICATE_MESSAGE_INDEX_REASON, decryptResult.mIndex)
|
||||||
MXCryptoError.UNABLE_TO_DECRYPT, reason))
|
Timber.e("## decryptGroupMessage() : $reason")
|
||||||
|
return@flatMap Try.Failure(MXCryptoError.Base(MXCryptoError.DUPLICATED_MESSAGE_INDEX_ERROR_CODE, reason))
|
||||||
|
}
|
||||||
|
|
||||||
|
inboundGroupSessionMessageIndexes[timeline]!!.put(messageIndexKey, true)
|
||||||
|
}
|
||||||
|
|
||||||
|
store.storeInboundGroupSessions(listOf(session))
|
||||||
|
val payload = try {
|
||||||
|
val adapter = MoshiProvider.providesMoshi().adapter<JsonDict>(JSON_DICT_PARAMETERIZED_TYPE)
|
||||||
|
val payloadString = convertFromUTF8(decryptResult.mDecryptedMessage)
|
||||||
|
adapter.fromJson(payloadString)
|
||||||
|
} catch (e: Exception) {
|
||||||
|
Timber.e("## decryptGroupMessage() : fails to parse the payload")
|
||||||
|
return@flatMap Try.Failure(MXCryptoError.Base(MXCryptoError.BAD_DECRYPTED_FORMAT_ERROR_CODE, MXCryptoError.BAD_DECRYPTED_FORMAT_TEXT_REASON))
|
||||||
|
}
|
||||||
|
|
||||||
|
return@flatMap Try.just(
|
||||||
|
OlmDecryptionResult(
|
||||||
|
payload,
|
||||||
|
session.keysClaimed,
|
||||||
|
senderKey,
|
||||||
|
session.forwardingCurve25519KeyChain
|
||||||
|
)
|
||||||
|
)
|
||||||
|
} else {
|
||||||
|
Timber.e("## decryptGroupMessage() : failed to decode the message")
|
||||||
|
return@flatMap Try.Failure(MXCryptoError.Base(MXCryptoError.OLM_ERROR_CODE, errorMessage))
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
inboundGroupSessionMessageIndexes[timeline]!!.put(messageIndexKey, true)
|
val reason = String.format(MXCryptoError.INBOUND_SESSION_MISMATCH_ROOM_ID_REASON, roomId, session.roomId)
|
||||||
|
Timber.e("## decryptGroupMessage() : $reason")
|
||||||
|
return@flatMap Try.Failure(MXCryptoError.Base(MXCryptoError.INBOUND_SESSION_MISMATCH_ROOM_ID_ERROR_CODE, reason))
|
||||||
}
|
}
|
||||||
|
|
||||||
store.storeInboundGroupSessions(listOf(session))
|
|
||||||
try {
|
|
||||||
val adapter = MoshiProvider.providesMoshi().adapter<JsonDict>(JSON_DICT_PARAMETERIZED_TYPE)
|
|
||||||
val payloadString = convertFromUTF8(decryptResult.mDecryptedMessage)
|
|
||||||
val payload = adapter.fromJson(payloadString)
|
|
||||||
result.payload = payload
|
|
||||||
} catch (e: Exception) {
|
|
||||||
Timber.e(e, "## decryptGroupMessage() : RLEncoder.encode failed " + e.message)
|
|
||||||
return null
|
|
||||||
}
|
|
||||||
|
|
||||||
if (null == result.payload) {
|
|
||||||
Timber.e("## decryptGroupMessage() : fails to parse the payload")
|
|
||||||
return null
|
|
||||||
}
|
|
||||||
|
|
||||||
result.keysClaimed = session.keysClaimed
|
|
||||||
result.senderKey = senderKey
|
|
||||||
result.forwardingCurve25519KeyChain = session.forwardingCurve25519KeyChain
|
|
||||||
} else {
|
|
||||||
Timber.e("## decryptGroupMessage() : failed to decode the message")
|
|
||||||
throw MXDecryptionException(MXCryptoError(MXCryptoError.OLM_ERROR_CODE, errorMessage, null))
|
|
||||||
}
|
}
|
||||||
} else {
|
|
||||||
val reason = String.format(MXCryptoError.INBOUND_SESSION_MISMATCH_ROOM_ID_REASON, roomId, session.roomId)
|
|
||||||
Timber.e("## decryptGroupMessage() : $reason")
|
|
||||||
throw MXDecryptionException(MXCryptoError(MXCryptoError.INBOUND_SESSION_MISMATCH_ROOM_ID_ERROR_CODE,
|
|
||||||
MXCryptoError.UNABLE_TO_DECRYPT, reason))
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
Timber.e("## decryptGroupMessage() : Cannot retrieve inbound group session $sessionId")
|
|
||||||
throw MXDecryptionException(inboundGroupSessionWithIdError)
|
|
||||||
}
|
|
||||||
|
|
||||||
return result
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -725,7 +720,7 @@ internal class MXOlmDevice @Inject constructor(
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Utilities
|
// Utilities
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Verify an ed25519 signature on a JSON object.
|
* Verify an ed25519 signature on a JSON object.
|
||||||
|
@ -775,27 +770,27 @@ internal class MXOlmDevice @Inject constructor(
|
||||||
* @param senderKey the base64-encoded curve25519 key of the sender.
|
* @param senderKey the base64-encoded curve25519 key of the sender.
|
||||||
* @return the inbound group session.
|
* @return the inbound group session.
|
||||||
*/
|
*/
|
||||||
fun getInboundGroupSession(sessionId: String?, senderKey: String?, roomId: String?): OlmInboundGroupSessionWrapper? {
|
fun getInboundGroupSession(sessionId: String?, senderKey: String?, roomId: String?): Try<OlmInboundGroupSessionWrapper> {
|
||||||
inboundGroupSessionWithIdError = null
|
if (sessionId.isNullOrBlank() || senderKey.isNullOrBlank()) {
|
||||||
|
return Try.Failure(MXCryptoError.Base(MXCryptoError.MISSING_SENDER_KEY_ERROR_CODE, MXCryptoError.ERROR_MISSING_PROPERTY_REASON))
|
||||||
|
}
|
||||||
|
|
||||||
if (sessionId.isNullOrBlank() || senderKey.isNullOrBlank()) return null
|
|
||||||
val session = store.getInboundGroupSession(sessionId, senderKey)
|
val session = store.getInboundGroupSession(sessionId, senderKey)
|
||||||
|
|
||||||
if (null != session) {
|
return if (null != session) {
|
||||||
// Check that the room id matches the original one for the session. This stops
|
// Check that the room id matches the original one for the session. This stops
|
||||||
// the HS pretending a message was targeting a different room.
|
// the HS pretending a message was targeting a different room.
|
||||||
if (!TextUtils.equals(roomId, session.roomId)) {
|
if (!TextUtils.equals(roomId, session.roomId)) {
|
||||||
val errorDescription = String.format(MXCryptoError.INBOUND_SESSION_MISMATCH_ROOM_ID_REASON, roomId, session.roomId)
|
val errorDescription = String.format(MXCryptoError.INBOUND_SESSION_MISMATCH_ROOM_ID_REASON, roomId, session.roomId)
|
||||||
Timber.e("## getInboundGroupSession() : $errorDescription")
|
Timber.e("## getInboundGroupSession() : $errorDescription")
|
||||||
inboundGroupSessionWithIdError = MXCryptoError(MXCryptoError.INBOUND_SESSION_MISMATCH_ROOM_ID_ERROR_CODE,
|
Try.Failure(MXCryptoError.Base(MXCryptoError.INBOUND_SESSION_MISMATCH_ROOM_ID_ERROR_CODE, errorDescription))
|
||||||
MXCryptoError.UNABLE_TO_DECRYPT, errorDescription)
|
} else {
|
||||||
|
Try.just(session)
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
Timber.e("## getInboundGroupSession() : Cannot retrieve inbound group session $sessionId")
|
Timber.e("## getInboundGroupSession() : Cannot retrieve inbound group session $sessionId")
|
||||||
inboundGroupSessionWithIdError = MXCryptoError(MXCryptoError.UNKNOWN_INBOUND_SESSION_ID_ERROR_CODE,
|
Try.Failure(MXCryptoError.Base(MXCryptoError.UNKNOWN_INBOUND_SESSION_ID_ERROR_CODE, MXCryptoError.UNKNOWN_INBOUND_SESSION_ID_REASON))
|
||||||
MXCryptoError.UNKNOWN_INBOUND_SESSION_ID_REASON, null)
|
|
||||||
}
|
}
|
||||||
return session
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -807,6 +802,6 @@ internal class MXOlmDevice @Inject constructor(
|
||||||
* @return true if the unbound session keys are known.
|
* @return true if the unbound session keys are known.
|
||||||
*/
|
*/
|
||||||
fun hasInboundSessionKeys(roomId: String, senderKey: String, sessionId: String): Boolean {
|
fun hasInboundSessionKeys(roomId: String, senderKey: String, sessionId: String): Boolean {
|
||||||
return null != getInboundGroupSession(sessionId, senderKey, roomId)
|
return getInboundGroupSession(sessionId, senderKey, roomId).isSuccess()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -17,9 +17,9 @@
|
||||||
|
|
||||||
package im.vector.matrix.android.internal.crypto.algorithms
|
package im.vector.matrix.android.internal.crypto.algorithms
|
||||||
|
|
||||||
|
import arrow.core.Try
|
||||||
import im.vector.matrix.android.api.session.events.model.Event
|
import im.vector.matrix.android.api.session.events.model.Event
|
||||||
import im.vector.matrix.android.internal.crypto.IncomingRoomKeyRequest
|
import im.vector.matrix.android.internal.crypto.IncomingRoomKeyRequest
|
||||||
import im.vector.matrix.android.internal.crypto.MXDecryptionException
|
|
||||||
import im.vector.matrix.android.internal.crypto.MXEventDecryptionResult
|
import im.vector.matrix.android.internal.crypto.MXEventDecryptionResult
|
||||||
import im.vector.matrix.android.internal.crypto.keysbackup.KeysBackup
|
import im.vector.matrix.android.internal.crypto.keysbackup.KeysBackup
|
||||||
|
|
||||||
|
@ -33,11 +33,9 @@ internal interface IMXDecrypting {
|
||||||
*
|
*
|
||||||
* @param event the raw event.
|
* @param event the raw event.
|
||||||
* @param timeline the id of the timeline where the event is decrypted. It is used to prevent replay attack.
|
* @param timeline the id of the timeline where the event is decrypted. It is used to prevent replay attack.
|
||||||
* @return the decryption information, or null in case of error
|
* @return the decryption information, or an error
|
||||||
* @throws MXDecryptionException the decryption failure reason
|
|
||||||
*/
|
*/
|
||||||
@Throws(MXDecryptionException::class)
|
suspend fun decryptEvent(event: Event, timeline: String): Try<MXEventDecryptionResult>
|
||||||
suspend fun decryptEvent(event: Event, timeline: String): MXEventDecryptionResult
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Handle a key event.
|
* Handle a key event.
|
||||||
|
|
|
@ -18,7 +18,6 @@
|
||||||
package im.vector.matrix.android.internal.crypto.algorithms
|
package im.vector.matrix.android.internal.crypto.algorithms
|
||||||
|
|
||||||
import arrow.core.Try
|
import arrow.core.Try
|
||||||
import im.vector.matrix.android.api.MatrixCallback
|
|
||||||
import im.vector.matrix.android.api.session.events.model.Content
|
import im.vector.matrix.android.api.session.events.model.Content
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -28,7 +28,6 @@ import im.vector.matrix.android.internal.crypto.*
|
||||||
import im.vector.matrix.android.internal.crypto.actions.EnsureOlmSessionsForDevicesAction
|
import im.vector.matrix.android.internal.crypto.actions.EnsureOlmSessionsForDevicesAction
|
||||||
import im.vector.matrix.android.internal.crypto.actions.MessageEncrypter
|
import im.vector.matrix.android.internal.crypto.actions.MessageEncrypter
|
||||||
import im.vector.matrix.android.internal.crypto.algorithms.IMXDecrypting
|
import im.vector.matrix.android.internal.crypto.algorithms.IMXDecrypting
|
||||||
import im.vector.matrix.android.internal.crypto.algorithms.MXDecryptionResult
|
|
||||||
import im.vector.matrix.android.internal.crypto.keysbackup.KeysBackup
|
import im.vector.matrix.android.internal.crypto.keysbackup.KeysBackup
|
||||||
import im.vector.matrix.android.internal.crypto.model.MXDeviceInfo
|
import im.vector.matrix.android.internal.crypto.model.MXDeviceInfo
|
||||||
import im.vector.matrix.android.internal.crypto.model.MXUsersDevicesMap
|
import im.vector.matrix.android.internal.crypto.model.MXUsersDevicesMap
|
||||||
|
@ -64,66 +63,65 @@ internal class MXMegolmDecryption(private val credentials: Credentials,
|
||||||
*/
|
*/
|
||||||
private var pendingEvents: MutableMap<String /* senderKey|sessionId */, MutableMap<String /* timelineId */, MutableList<Event>>> = HashMap()
|
private var pendingEvents: MutableMap<String /* senderKey|sessionId */, MutableMap<String /* timelineId */, MutableList<Event>>> = HashMap()
|
||||||
|
|
||||||
@Throws(MXDecryptionException::class)
|
override suspend fun decryptEvent(event: Event, timeline: String): Try<MXEventDecryptionResult> {
|
||||||
override suspend fun decryptEvent(event: Event, timeline: String): MXEventDecryptionResult {
|
|
||||||
return decryptEvent(event, timeline, true)
|
return decryptEvent(event, timeline, true)
|
||||||
}
|
}
|
||||||
|
|
||||||
@Throws(MXDecryptionException::class)
|
private fun decryptEvent(event: Event, timeline: String, requestKeysOnFail: Boolean): Try<MXEventDecryptionResult> {
|
||||||
private fun decryptEvent(event: Event, timeline: String, requestKeysOnFail: Boolean): MXEventDecryptionResult {
|
val encryptedEventContent = event.content.toModel<EncryptedEventContent>()
|
||||||
val encryptedEventContent = event.content.toModel<EncryptedEventContent>()!!
|
?: throw MXCryptoError.Base(MXCryptoError.MISSING_FIELDS_ERROR_CODE, MXCryptoError.MISSING_FIELDS_REASON)
|
||||||
if (TextUtils.isEmpty(encryptedEventContent.senderKey) || TextUtils.isEmpty(encryptedEventContent.sessionId) || TextUtils.isEmpty(encryptedEventContent.ciphertext)) {
|
|
||||||
throw MXDecryptionException(MXCryptoError(MXCryptoError.MISSING_FIELDS_ERROR_CODE,
|
if (TextUtils.isEmpty(encryptedEventContent.senderKey)
|
||||||
MXCryptoError.UNABLE_TO_DECRYPT, MXCryptoError.MISSING_FIELDS_REASON))
|
|| TextUtils.isEmpty(encryptedEventContent.sessionId)
|
||||||
|
|| TextUtils.isEmpty(encryptedEventContent.ciphertext)) {
|
||||||
|
throw MXCryptoError.Base(MXCryptoError.MISSING_FIELDS_ERROR_CODE, MXCryptoError.MISSING_FIELDS_REASON)
|
||||||
}
|
}
|
||||||
|
|
||||||
var cryptoError: MXCryptoError? = null
|
return olmDevice.decryptGroupMessage(encryptedEventContent.ciphertext!!, event.roomId!!, timeline, encryptedEventContent.sessionId!!, encryptedEventContent.senderKey!!)
|
||||||
var decryptGroupMessageResult: MXDecryptionResult? = null
|
.fold(
|
||||||
|
{ throwable ->
|
||||||
|
if (throwable is MXCryptoError.Base) {
|
||||||
|
if (throwable.code == MXCryptoError.OLM_ERROR_CODE) {
|
||||||
|
if (MXCryptoError.UNKNOWN_MESSAGE_INDEX == throwable._message) {
|
||||||
|
addEventToPendingList(event, timeline)
|
||||||
|
if (requestKeysOnFail) {
|
||||||
|
requestKeysForEvent(event)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
try {
|
val reason = String.format(MXCryptoError.OLM_REASON, throwable._message)
|
||||||
decryptGroupMessageResult = olmDevice.decryptGroupMessage(encryptedEventContent.ciphertext!!, event.roomId!!, timeline, encryptedEventContent.sessionId!!, encryptedEventContent.senderKey!!)
|
val detailedReason = String.format(MXCryptoError.DETAILLED_OLM_REASON, encryptedEventContent.ciphertext, throwable._message)
|
||||||
} catch (e: MXDecryptionException) {
|
|
||||||
cryptoError = e.cryptoError
|
|
||||||
}
|
|
||||||
// the decryption succeeds
|
|
||||||
if (decryptGroupMessageResult?.payload != null) {
|
|
||||||
val eventDecryptionResult = MXEventDecryptionResult()
|
|
||||||
|
|
||||||
eventDecryptionResult.clearEvent = decryptGroupMessageResult.payload
|
throw MXCryptoError.Base(
|
||||||
eventDecryptionResult.senderCurve25519Key = decryptGroupMessageResult.senderKey
|
MXCryptoError.OLM_ERROR_CODE,
|
||||||
|
reason,
|
||||||
|
detailedReason)
|
||||||
|
} else if (throwable.code == MXCryptoError.UNKNOWN_INBOUND_SESSION_ID_ERROR_CODE) {
|
||||||
|
addEventToPendingList(event, timeline)
|
||||||
|
if (requestKeysOnFail) {
|
||||||
|
requestKeysForEvent(event)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if (null != decryptGroupMessageResult.keysClaimed) {
|
throw throwable
|
||||||
eventDecryptionResult.claimedEd25519Key = decryptGroupMessageResult.keysClaimed?.get("ed25519")
|
},
|
||||||
}
|
{ decryptionResult ->
|
||||||
|
// the decryption succeeds
|
||||||
eventDecryptionResult.forwardingCurve25519KeyChain = decryptGroupMessageResult.forwardingCurve25519KeyChain
|
if (decryptionResult.payload != null) {
|
||||||
?: emptyList()
|
return Try.just(
|
||||||
return eventDecryptionResult
|
MXEventDecryptionResult(
|
||||||
} else if (cryptoError != null) {
|
clearEvent = decryptionResult.payload,
|
||||||
if (cryptoError.isOlmError) {
|
senderCurve25519Key = decryptionResult.senderKey,
|
||||||
if (MXCryptoError.UNKNOWN_MESSAGE_INDEX == cryptoError.message) {
|
claimedEd25519Key = decryptionResult.keysClaimed?.get("ed25519"),
|
||||||
addEventToPendingList(event, timeline)
|
forwardingCurve25519KeyChain = decryptionResult.forwardingCurve25519KeyChain ?: emptyList()
|
||||||
if (requestKeysOnFail) {
|
)
|
||||||
requestKeysForEvent(event)
|
)
|
||||||
}
|
} else {
|
||||||
}
|
throw MXCryptoError.Base(MXCryptoError.MISSING_FIELDS_ERROR_CODE, MXCryptoError.MISSING_FIELDS_REASON)
|
||||||
|
}
|
||||||
val reason = String.format(MXCryptoError.OLM_REASON, cryptoError.message)
|
}
|
||||||
val detailedReason = String.format(MXCryptoError.DETAILLED_OLM_REASON, encryptedEventContent.ciphertext, cryptoError.message)
|
)
|
||||||
|
|
||||||
throw MXDecryptionException(MXCryptoError(
|
|
||||||
MXCryptoError.OLM_ERROR_CODE,
|
|
||||||
reason,
|
|
||||||
detailedReason))
|
|
||||||
} else if (TextUtils.equals(cryptoError.code, MXCryptoError.UNKNOWN_INBOUND_SESSION_ID_ERROR_CODE)) {
|
|
||||||
addEventToPendingList(event, timeline)
|
|
||||||
if (requestKeysOnFail) {
|
|
||||||
requestKeysForEvent(event)
|
|
||||||
}
|
|
||||||
throw MXDecryptionException(cryptoError)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
throw MXDecryptionException(MXCryptoError(MXCryptoError.UNKNOWN_ERROR_CODE, MXCryptoError.UNKNOWN_ERROR_CODE))
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -319,11 +317,20 @@ internal class MXMegolmDecryption(private val credentials: Credentials,
|
||||||
Try.just(Unit)
|
Try.just(Unit)
|
||||||
}
|
}
|
||||||
Timber.v("""## shareKeysWithDevice() : sharing keys for session ${body?.senderKey}|${body?.sessionId} with device $userId:$deviceId""")
|
Timber.v("""## shareKeysWithDevice() : sharing keys for session ${body?.senderKey}|${body?.sessionId} with device $userId:$deviceId""")
|
||||||
val inboundGroupSession = olmDevice.getInboundGroupSession(body?.sessionId, body?.senderKey, body?.roomId)
|
|
||||||
|
|
||||||
val payloadJson = HashMap<String, Any>()
|
val payloadJson = HashMap<String, Any>()
|
||||||
payloadJson["type"] = EventType.FORWARDED_ROOM_KEY
|
payloadJson["type"] = EventType.FORWARDED_ROOM_KEY
|
||||||
payloadJson["content"] = inboundGroupSession!!.exportKeys()!!
|
|
||||||
|
olmDevice.getInboundGroupSession(body?.sessionId, body?.senderKey, body?.roomId)
|
||||||
|
.fold(
|
||||||
|
{
|
||||||
|
// TODO
|
||||||
|
},
|
||||||
|
{
|
||||||
|
// TODO
|
||||||
|
payloadJson["content"] = it.exportKeys() ?: ""
|
||||||
|
}
|
||||||
|
)
|
||||||
|
|
||||||
val encodedPayload = messageEncrypter.encryptMessage(payloadJson, Arrays.asList(deviceInfo))
|
val encodedPayload = messageEncrypter.encryptMessage(payloadJson, Arrays.asList(deviceInfo))
|
||||||
val sendToDeviceMap = MXUsersDevicesMap<Any>()
|
val sendToDeviceMap = MXUsersDevicesMap<Any>()
|
||||||
|
@ -332,8 +339,6 @@ internal class MXMegolmDecryption(private val credentials: Credentials,
|
||||||
val sendToDeviceParams = SendToDeviceTask.Params(EventType.ENCRYPTED, sendToDeviceMap)
|
val sendToDeviceParams = SendToDeviceTask.Params(EventType.ENCRYPTED, sendToDeviceMap)
|
||||||
sendToDeviceTask.execute(sendToDeviceParams)
|
sendToDeviceTask.execute(sendToDeviceParams)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -21,7 +21,6 @@ package im.vector.matrix.android.internal.crypto.algorithms.megolm
|
||||||
import android.text.TextUtils
|
import android.text.TextUtils
|
||||||
import arrow.core.Try
|
import arrow.core.Try
|
||||||
import im.vector.matrix.android.api.auth.data.Credentials
|
import im.vector.matrix.android.api.auth.data.Credentials
|
||||||
import im.vector.matrix.android.api.failure.Failure
|
|
||||||
import im.vector.matrix.android.api.session.crypto.MXCryptoError
|
import im.vector.matrix.android.api.session.crypto.MXCryptoError
|
||||||
import im.vector.matrix.android.api.session.events.model.Content
|
import im.vector.matrix.android.api.session.events.model.Content
|
||||||
import im.vector.matrix.android.api.session.events.model.EventType
|
import im.vector.matrix.android.api.session.events.model.EventType
|
||||||
|
@ -254,29 +253,31 @@ internal class MXMegolmEncryption(
|
||||||
/**
|
/**
|
||||||
* process the pending encryptions
|
* process the pending encryptions
|
||||||
*/
|
*/
|
||||||
private suspend fun encryptContent(session: MXOutboundSessionInfo, eventType: String, eventContent: Content) = Try<Content> {
|
private fun encryptContent(session: MXOutboundSessionInfo, eventType: String, eventContent: Content): Try<Content> {
|
||||||
// Everything is in place, encrypt all pending events
|
return Try<Content> {
|
||||||
val payloadJson = HashMap<String, Any>()
|
// Everything is in place, encrypt all pending events
|
||||||
payloadJson["room_id"] = roomId
|
val payloadJson = HashMap<String, Any>()
|
||||||
payloadJson["type"] = eventType
|
payloadJson["room_id"] = roomId
|
||||||
payloadJson["content"] = eventContent
|
payloadJson["type"] = eventType
|
||||||
|
payloadJson["content"] = eventContent
|
||||||
|
|
||||||
// Get canonical Json from
|
// Get canonical Json from
|
||||||
|
|
||||||
val payloadString = convertToUTF8(MoshiProvider.getCanonicalJson(Map::class.java, payloadJson))
|
val payloadString = convertToUTF8(MoshiProvider.getCanonicalJson(Map::class.java, payloadJson))
|
||||||
val ciphertext = olmDevice.encryptGroupMessage(session.sessionId, payloadString!!)
|
val ciphertext = olmDevice.encryptGroupMessage(session.sessionId, payloadString!!)
|
||||||
|
|
||||||
val map = HashMap<String, Any>()
|
val map = HashMap<String, Any>()
|
||||||
map["algorithm"] = MXCRYPTO_ALGORITHM_MEGOLM
|
map["algorithm"] = MXCRYPTO_ALGORITHM_MEGOLM
|
||||||
map["sender_key"] = olmDevice.deviceCurve25519Key!!
|
map["sender_key"] = olmDevice.deviceCurve25519Key!!
|
||||||
map["ciphertext"] = ciphertext!!
|
map["ciphertext"] = ciphertext!!
|
||||||
map["session_id"] = session.sessionId
|
map["session_id"] = session.sessionId
|
||||||
|
|
||||||
// Include our device ID so that recipients can send us a
|
// Include our device ID so that recipients can send us a
|
||||||
// m.new_device message if they don't have our session key.
|
// m.new_device message if they don't have our session key.
|
||||||
map["device_id"] = credentials.deviceId!!
|
map["device_id"] = credentials.deviceId!!
|
||||||
session.useCount++
|
session.useCount++
|
||||||
map
|
map
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -328,9 +329,7 @@ internal class MXMegolmEncryption(
|
||||||
if (unknownDevices.isEmpty) {
|
if (unknownDevices.isEmpty) {
|
||||||
Try.just(devicesInRoom)
|
Try.just(devicesInRoom)
|
||||||
} else {
|
} else {
|
||||||
val cryptoError = MXCryptoError(MXCryptoError.UNKNOWN_DEVICES_CODE,
|
Try.Failure(MXCryptoError.UnknownDevice(unknownDevices))
|
||||||
MXCryptoError.UNABLE_TO_ENCRYPT, MXCryptoError.UNKNOWN_DEVICES_REASON, unknownDevices)
|
|
||||||
Try.Failure(Failure.CryptoError(cryptoError))
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -17,13 +17,13 @@
|
||||||
|
|
||||||
package im.vector.matrix.android.internal.crypto.algorithms.olm
|
package im.vector.matrix.android.internal.crypto.algorithms.olm
|
||||||
|
|
||||||
|
import arrow.core.Try
|
||||||
import im.vector.matrix.android.api.auth.data.Credentials
|
import im.vector.matrix.android.api.auth.data.Credentials
|
||||||
import im.vector.matrix.android.api.session.crypto.MXCryptoError
|
import im.vector.matrix.android.api.session.crypto.MXCryptoError
|
||||||
import im.vector.matrix.android.api.session.events.model.Event
|
import im.vector.matrix.android.api.session.events.model.Event
|
||||||
import im.vector.matrix.android.api.session.events.model.toModel
|
import im.vector.matrix.android.api.session.events.model.toModel
|
||||||
import im.vector.matrix.android.api.util.JSON_DICT_PARAMETERIZED_TYPE
|
import im.vector.matrix.android.api.util.JSON_DICT_PARAMETERIZED_TYPE
|
||||||
import im.vector.matrix.android.api.util.JsonDict
|
import im.vector.matrix.android.api.util.JsonDict
|
||||||
import im.vector.matrix.android.internal.crypto.MXDecryptionException
|
|
||||||
import im.vector.matrix.android.internal.crypto.MXEventDecryptionResult
|
import im.vector.matrix.android.internal.crypto.MXEventDecryptionResult
|
||||||
import im.vector.matrix.android.internal.crypto.MXOlmDevice
|
import im.vector.matrix.android.internal.crypto.MXOlmDevice
|
||||||
import im.vector.matrix.android.internal.crypto.algorithms.IMXDecrypting
|
import im.vector.matrix.android.internal.crypto.algorithms.IMXDecrypting
|
||||||
|
@ -41,30 +41,29 @@ internal class MXOlmDecryption(
|
||||||
private val credentials: Credentials)
|
private val credentials: Credentials)
|
||||||
: IMXDecrypting {
|
: IMXDecrypting {
|
||||||
|
|
||||||
@Throws(MXDecryptionException::class)
|
override suspend fun decryptEvent(event: Event, timeline: String): Try<MXEventDecryptionResult> {
|
||||||
override suspend fun decryptEvent(event: Event, timeline: String): MXEventDecryptionResult {
|
|
||||||
val olmEventContent = event.content.toModel<OlmEventContent>() ?: run {
|
val olmEventContent = event.content.toModel<OlmEventContent>() ?: run {
|
||||||
Timber.e("## decryptEvent() : bad event format")
|
Timber.e("## decryptEvent() : bad event format")
|
||||||
throw MXDecryptionException(MXCryptoError(MXCryptoError.BAD_EVENT_FORMAT_ERROR_CODE,
|
return Try.Failure(MXCryptoError.Base(MXCryptoError.BAD_EVENT_FORMAT_ERROR_CODE,
|
||||||
MXCryptoError.UNABLE_TO_DECRYPT, MXCryptoError.BAD_EVENT_FORMAT_TEXT_REASON))
|
MXCryptoError.BAD_EVENT_FORMAT_TEXT_REASON))
|
||||||
}
|
}
|
||||||
|
|
||||||
val cipherText = olmEventContent.ciphertext ?: run {
|
val cipherText = olmEventContent.ciphertext ?: run {
|
||||||
Timber.e("## decryptEvent() : missing cipher text")
|
Timber.e("## decryptEvent() : missing cipher text")
|
||||||
throw MXDecryptionException(MXCryptoError(MXCryptoError.MISSING_CIPHER_TEXT_ERROR_CODE,
|
return Try.Failure(MXCryptoError.Base(MXCryptoError.MISSING_CIPHER_TEXT_ERROR_CODE,
|
||||||
MXCryptoError.UNABLE_TO_DECRYPT, MXCryptoError.MISSING_CIPHER_TEXT_REASON))
|
MXCryptoError.MISSING_CIPHER_TEXT_REASON))
|
||||||
}
|
}
|
||||||
|
|
||||||
val senderKey = olmEventContent.senderKey ?: run {
|
val senderKey = olmEventContent.senderKey ?: run {
|
||||||
Timber.e("## decryptEvent() : missing sender key")
|
Timber.e("## decryptEvent() : missing sender key")
|
||||||
throw MXDecryptionException(MXCryptoError(MXCryptoError.MISSING_SENDER_KEY_ERROR_CODE,
|
return Try.Failure(MXCryptoError.Base(MXCryptoError.MISSING_SENDER_KEY_ERROR_CODE,
|
||||||
MXCryptoError.UNABLE_TO_DECRYPT, MXCryptoError.MISSING_SENDER_KEY_TEXT_REASON))
|
MXCryptoError.MISSING_SENDER_KEY_TEXT_REASON))
|
||||||
}
|
}
|
||||||
|
|
||||||
val messageAny = cipherText[olmDevice.deviceCurve25519Key] ?: run {
|
val messageAny = cipherText[olmDevice.deviceCurve25519Key] ?: run {
|
||||||
Timber.e("## decryptEvent() : our device ${olmDevice.deviceCurve25519Key} is not included in recipients")
|
Timber.e("## decryptEvent() : our device ${olmDevice.deviceCurve25519Key} is not included in recipients")
|
||||||
throw MXDecryptionException(MXCryptoError(MXCryptoError.NOT_INCLUDE_IN_RECIPIENTS_ERROR_CODE,
|
return Try.Failure(MXCryptoError.Base(MXCryptoError.NOT_INCLUDE_IN_RECIPIENTS_ERROR_CODE,
|
||||||
MXCryptoError.UNABLE_TO_DECRYPT, MXCryptoError.NOT_INCLUDED_IN_RECIPIENT_REASON))
|
MXCryptoError.NOT_INCLUDED_IN_RECIPIENT_REASON))
|
||||||
}
|
}
|
||||||
|
|
||||||
// The message for myUser
|
// The message for myUser
|
||||||
|
@ -74,14 +73,14 @@ internal class MXOlmDecryption(
|
||||||
|
|
||||||
if (decryptedPayload == null) {
|
if (decryptedPayload == null) {
|
||||||
Timber.e("## decryptEvent() Failed to decrypt Olm event (id= ${event.eventId} from $senderKey")
|
Timber.e("## decryptEvent() Failed to decrypt Olm event (id= ${event.eventId} from $senderKey")
|
||||||
throw MXDecryptionException(MXCryptoError(MXCryptoError.BAD_ENCRYPTED_MESSAGE_ERROR_CODE,
|
return Try.Failure(MXCryptoError.Base(MXCryptoError.BAD_ENCRYPTED_MESSAGE_ERROR_CODE,
|
||||||
MXCryptoError.UNABLE_TO_DECRYPT, MXCryptoError.BAD_ENCRYPTED_MESSAGE_REASON))
|
MXCryptoError.BAD_ENCRYPTED_MESSAGE_REASON))
|
||||||
}
|
}
|
||||||
val payloadString = convertFromUTF8(decryptedPayload)
|
val payloadString = convertFromUTF8(decryptedPayload)
|
||||||
if (payloadString == null) {
|
if (payloadString == null) {
|
||||||
Timber.e("## decryptEvent() Failed to decrypt Olm event (id= ${event.eventId} from $senderKey")
|
Timber.e("## decryptEvent() Failed to decrypt Olm event (id= ${event.eventId} from $senderKey")
|
||||||
throw MXDecryptionException(MXCryptoError(MXCryptoError.BAD_ENCRYPTED_MESSAGE_ERROR_CODE,
|
return Try.Failure(MXCryptoError.Base(MXCryptoError.BAD_ENCRYPTED_MESSAGE_ERROR_CODE,
|
||||||
MXCryptoError.UNABLE_TO_DECRYPT, MXCryptoError.BAD_ENCRYPTED_MESSAGE_REASON))
|
MXCryptoError.BAD_ENCRYPTED_MESSAGE_REASON))
|
||||||
}
|
}
|
||||||
|
|
||||||
val adapter = MoshiProvider.providesMoshi().adapter<JsonDict>(JSON_DICT_PARAMETERIZED_TYPE)
|
val adapter = MoshiProvider.providesMoshi().adapter<JsonDict>(JSON_DICT_PARAMETERIZED_TYPE)
|
||||||
|
@ -89,73 +88,72 @@ internal class MXOlmDecryption(
|
||||||
|
|
||||||
if (payload == null) {
|
if (payload == null) {
|
||||||
Timber.e("## decryptEvent failed : null payload")
|
Timber.e("## decryptEvent failed : null payload")
|
||||||
throw MXDecryptionException(MXCryptoError(MXCryptoError.UNABLE_TO_DECRYPT_ERROR_CODE,
|
return Try.Failure(MXCryptoError.Base(MXCryptoError.UNABLE_TO_DECRYPT_ERROR_CODE,
|
||||||
MXCryptoError.UNABLE_TO_DECRYPT, MXCryptoError.MISSING_CIPHER_TEXT_REASON))
|
MXCryptoError.MISSING_CIPHER_TEXT_REASON))
|
||||||
}
|
}
|
||||||
|
|
||||||
val olmPayloadContent = OlmPayloadContent.fromJsonString(payloadString) ?: run {
|
val olmPayloadContent = OlmPayloadContent.fromJsonString(payloadString) ?: run {
|
||||||
Timber.e("## decryptEvent() : bad olmPayloadContent format")
|
Timber.e("## decryptEvent() : bad olmPayloadContent format")
|
||||||
throw MXDecryptionException(MXCryptoError(MXCryptoError.BAD_DECRYPTED_FORMAT_ERROR_CODE,
|
return Try.Failure(MXCryptoError.Base(MXCryptoError.BAD_DECRYPTED_FORMAT_ERROR_CODE,
|
||||||
MXCryptoError.UNABLE_TO_DECRYPT, MXCryptoError.BAD_DECRYPTED_FORMAT_TEXT_REASON))
|
MXCryptoError.BAD_DECRYPTED_FORMAT_TEXT_REASON))
|
||||||
}
|
}
|
||||||
|
|
||||||
if (olmPayloadContent.recipient.isNullOrBlank()) {
|
if (olmPayloadContent.recipient.isNullOrBlank()) {
|
||||||
val reason = String.format(MXCryptoError.ERROR_MISSING_PROPERTY_REASON, "recipient")
|
val reason = String.format(MXCryptoError.ERROR_MISSING_PROPERTY_REASON, "recipient")
|
||||||
Timber.e("## decryptEvent() : $reason")
|
Timber.e("## decryptEvent() : $reason")
|
||||||
throw MXDecryptionException(MXCryptoError(MXCryptoError.MISSING_PROPERTY_ERROR_CODE,
|
return Try.Failure(MXCryptoError.Base(MXCryptoError.MISSING_PROPERTY_ERROR_CODE,
|
||||||
MXCryptoError.UNABLE_TO_DECRYPT, reason))
|
reason))
|
||||||
}
|
}
|
||||||
|
|
||||||
if (olmPayloadContent.recipient != credentials.userId) {
|
if (olmPayloadContent.recipient != credentials.userId) {
|
||||||
Timber.e("## decryptEvent() : Event ${event.eventId}: Intended recipient ${olmPayloadContent.recipient} does not match our id ${credentials.userId}")
|
Timber.e("## decryptEvent() : Event ${event.eventId}: Intended recipient ${olmPayloadContent.recipient} does not match our id ${credentials.userId}")
|
||||||
throw MXDecryptionException(MXCryptoError(MXCryptoError.BAD_RECIPIENT_ERROR_CODE,
|
return Try.Failure(MXCryptoError.Base(MXCryptoError.BAD_RECIPIENT_ERROR_CODE,
|
||||||
MXCryptoError.UNABLE_TO_DECRYPT, String.format(MXCryptoError.BAD_RECIPIENT_REASON, olmPayloadContent.recipient)))
|
String.format(MXCryptoError.BAD_RECIPIENT_REASON, olmPayloadContent.recipient)))
|
||||||
}
|
}
|
||||||
|
|
||||||
val recipientKeys = olmPayloadContent.recipient_keys ?: run {
|
val recipientKeys = olmPayloadContent.recipient_keys ?: run {
|
||||||
Timber.e("## decryptEvent() : Olm event (id=${event.eventId}) contains no 'recipient_keys' property; cannot prevent unknown-key attack")
|
Timber.e("## decryptEvent() : Olm event (id=${event.eventId}) contains no 'recipient_keys' property; cannot prevent unknown-key attack")
|
||||||
throw MXDecryptionException(MXCryptoError(MXCryptoError.MISSING_PROPERTY_ERROR_CODE,
|
return Try.Failure(MXCryptoError.Base(MXCryptoError.MISSING_PROPERTY_ERROR_CODE,
|
||||||
MXCryptoError.UNABLE_TO_DECRYPT, String.format(MXCryptoError.ERROR_MISSING_PROPERTY_REASON, "recipient_keys")))
|
String.format(MXCryptoError.ERROR_MISSING_PROPERTY_REASON, "recipient_keys")))
|
||||||
}
|
}
|
||||||
|
|
||||||
val ed25519 = recipientKeys["ed25519"]
|
val ed25519 = recipientKeys["ed25519"]
|
||||||
|
|
||||||
if (ed25519 != olmDevice.deviceEd25519Key) {
|
if (ed25519 != olmDevice.deviceEd25519Key) {
|
||||||
Timber.e("## decryptEvent() : Event ${event.eventId}: Intended recipient ed25519 key $ed25519 did not match ours")
|
Timber.e("## decryptEvent() : Event ${event.eventId}: Intended recipient ed25519 key $ed25519 did not match ours")
|
||||||
throw MXDecryptionException(MXCryptoError(MXCryptoError.BAD_RECIPIENT_KEY_ERROR_CODE,
|
return Try.Failure(MXCryptoError.Base(MXCryptoError.BAD_RECIPIENT_KEY_ERROR_CODE,
|
||||||
MXCryptoError.UNABLE_TO_DECRYPT, MXCryptoError.BAD_RECIPIENT_KEY_REASON))
|
MXCryptoError.BAD_RECIPIENT_KEY_REASON))
|
||||||
}
|
}
|
||||||
|
|
||||||
if (olmPayloadContent.sender.isNullOrBlank()) {
|
if (olmPayloadContent.sender.isNullOrBlank()) {
|
||||||
Timber.e("## decryptEvent() : Olm event (id=${event.eventId}) contains no 'sender' property; cannot prevent unknown-key attack")
|
Timber.e("## decryptEvent() : Olm event (id=${event.eventId}) contains no 'sender' property; cannot prevent unknown-key attack")
|
||||||
throw MXDecryptionException(MXCryptoError(MXCryptoError.MISSING_PROPERTY_ERROR_CODE,
|
return Try.Failure(MXCryptoError.Base(MXCryptoError.MISSING_PROPERTY_ERROR_CODE,
|
||||||
MXCryptoError.UNABLE_TO_DECRYPT, String.format(MXCryptoError.ERROR_MISSING_PROPERTY_REASON, "sender")))
|
String.format(MXCryptoError.ERROR_MISSING_PROPERTY_REASON, "sender")))
|
||||||
}
|
}
|
||||||
|
|
||||||
if (olmPayloadContent.sender != event.senderId) {
|
if (olmPayloadContent.sender != event.senderId) {
|
||||||
Timber.e("Event ${event.eventId}: original sender ${olmPayloadContent.sender} does not match reported sender ${event.senderId}")
|
Timber.e("Event ${event.eventId}: original sender ${olmPayloadContent.sender} does not match reported sender ${event.senderId}")
|
||||||
throw MXDecryptionException(MXCryptoError(MXCryptoError.FORWARDED_MESSAGE_ERROR_CODE,
|
return Try.Failure(MXCryptoError.Base(MXCryptoError.FORWARDED_MESSAGE_ERROR_CODE,
|
||||||
MXCryptoError.UNABLE_TO_DECRYPT, String.format(MXCryptoError.FORWARDED_MESSAGE_REASON, olmPayloadContent.sender)))
|
String.format(MXCryptoError.FORWARDED_MESSAGE_REASON, olmPayloadContent.sender)))
|
||||||
}
|
}
|
||||||
|
|
||||||
if (olmPayloadContent.room_id != event.roomId) {
|
if (olmPayloadContent.room_id != event.roomId) {
|
||||||
Timber.e("## decryptEvent() : Event ${event.eventId}: original room ${olmPayloadContent.room_id} does not match reported room ${event.roomId}")
|
Timber.e("## decryptEvent() : Event ${event.eventId}: original room ${olmPayloadContent.room_id} does not match reported room ${event.roomId}")
|
||||||
throw MXDecryptionException(MXCryptoError(MXCryptoError.BAD_ROOM_ERROR_CODE,
|
return Try.Failure(MXCryptoError.Base(MXCryptoError.BAD_ROOM_ERROR_CODE,
|
||||||
MXCryptoError.UNABLE_TO_DECRYPT, String.format(MXCryptoError.BAD_ROOM_REASON, olmPayloadContent.room_id)))
|
String.format(MXCryptoError.BAD_ROOM_REASON, olmPayloadContent.room_id)))
|
||||||
}
|
}
|
||||||
|
|
||||||
val keys = olmPayloadContent.keys ?: run {
|
val keys = olmPayloadContent.keys ?: run {
|
||||||
Timber.e("## decryptEvent failed : null keys")
|
Timber.e("## decryptEvent failed : null keys")
|
||||||
throw MXDecryptionException(MXCryptoError(MXCryptoError.UNABLE_TO_DECRYPT_ERROR_CODE,
|
return Try.Failure(MXCryptoError.Base(MXCryptoError.UNABLE_TO_DECRYPT_ERROR_CODE,
|
||||||
MXCryptoError.UNABLE_TO_DECRYPT, MXCryptoError.MISSING_CIPHER_TEXT_REASON))
|
MXCryptoError.MISSING_CIPHER_TEXT_REASON))
|
||||||
}
|
}
|
||||||
|
|
||||||
val result = MXEventDecryptionResult()
|
return Try.just(MXEventDecryptionResult(
|
||||||
result.clearEvent = payload
|
clearEvent = payload,
|
||||||
result.senderCurve25519Key = senderKey
|
senderCurve25519Key = senderKey,
|
||||||
result.claimedEd25519Key = keys["ed25519"]
|
claimedEd25519Key = keys["ed25519"]
|
||||||
|
))
|
||||||
return result
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -14,32 +14,32 @@
|
||||||
* limitations under the License.
|
* limitations under the License.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
package im.vector.matrix.android.internal.crypto.algorithms
|
package im.vector.matrix.android.internal.crypto.algorithms.olm
|
||||||
|
|
||||||
import im.vector.matrix.android.api.util.JsonDict
|
import im.vector.matrix.android.api.util.JsonDict
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* This class represents the decryption result.
|
* This class represents the decryption result.
|
||||||
*/
|
*/
|
||||||
data class MXDecryptionResult(
|
data class OlmDecryptionResult(
|
||||||
/**
|
/**
|
||||||
* The decrypted payload (with properties 'type', 'content')
|
* The decrypted payload (with properties 'type', 'content')
|
||||||
*/
|
*/
|
||||||
var payload: JsonDict? = null,
|
val payload: JsonDict? = null,
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* keys that the sender of the event claims ownership of:
|
* keys that the sender of the event claims ownership of:
|
||||||
* map from key type to base64-encoded key.
|
* map from key type to base64-encoded key.
|
||||||
*/
|
*/
|
||||||
var keysClaimed: Map<String, String>? = null,
|
val keysClaimed: Map<String, String>? = null,
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The curve25519 key that the sender of the event is known to have ownership of.
|
* The curve25519 key that the sender of the event is known to have ownership of.
|
||||||
*/
|
*/
|
||||||
var senderKey: String? = null,
|
val senderKey: String? = null,
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Devices which forwarded this session to us (normally empty).
|
* Devices which forwarded this session to us (normally empty).
|
||||||
*/
|
*/
|
||||||
var forwardingCurve25519KeyChain: List<String>? = null
|
val forwardingCurve25519KeyChain: List<String>? = null
|
||||||
)
|
)
|
|
@ -20,7 +20,7 @@ import im.vector.matrix.android.api.session.events.model.Content
|
||||||
|
|
||||||
data class MXEncryptEventContentResult(
|
data class MXEncryptEventContentResult(
|
||||||
/**
|
/**
|
||||||
* The event content
|
* The encrypted event content
|
||||||
*/
|
*/
|
||||||
val eventContent: Content,
|
val eventContent: Content,
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -16,12 +16,12 @@
|
||||||
|
|
||||||
package im.vector.matrix.android.internal.session.room.timeline
|
package im.vector.matrix.android.internal.session.room.timeline
|
||||||
|
|
||||||
|
import im.vector.matrix.android.api.failure.Failure
|
||||||
import im.vector.matrix.android.api.session.crypto.CryptoService
|
import im.vector.matrix.android.api.session.crypto.CryptoService
|
||||||
import im.vector.matrix.android.api.session.events.model.Event
|
import im.vector.matrix.android.api.session.events.model.Event
|
||||||
import im.vector.matrix.android.api.session.events.model.EventType
|
import im.vector.matrix.android.api.session.events.model.EventType
|
||||||
import im.vector.matrix.android.api.session.room.timeline.TimelineEvent
|
import im.vector.matrix.android.api.session.room.timeline.TimelineEvent
|
||||||
import im.vector.matrix.android.api.session.room.timeline.TimelineService
|
import im.vector.matrix.android.api.session.room.timeline.TimelineService
|
||||||
import im.vector.matrix.android.internal.crypto.MXDecryptionException
|
|
||||||
import im.vector.matrix.android.internal.crypto.MXEventDecryptionResult
|
import im.vector.matrix.android.internal.crypto.MXEventDecryptionResult
|
||||||
import im.vector.matrix.android.internal.database.mapper.asDomain
|
import im.vector.matrix.android.internal.database.mapper.asDomain
|
||||||
import im.vector.matrix.android.internal.database.model.EventEntity
|
import im.vector.matrix.android.internal.database.model.EventEntity
|
||||||
|
@ -81,8 +81,8 @@ internal class SimpleTimelineEventFactory @Inject constructor(private val roomMe
|
||||||
event.setClearData(result)
|
event.setClearData(result)
|
||||||
} catch (failure: Throwable) {
|
} catch (failure: Throwable) {
|
||||||
Timber.e("Encrypted event: decryption failed")
|
Timber.e("Encrypted event: decryption failed")
|
||||||
if (failure is MXDecryptionException) {
|
if (failure is Failure.CryptoError) {
|
||||||
event.setCryptoError(failure.cryptoError)
|
event.setCryptoError(failure.error)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -135,14 +135,12 @@ internal class InMemoryTimelineEventFactory @Inject constructor(private val room
|
||||||
} else {
|
} else {
|
||||||
try {
|
try {
|
||||||
val result = cryptoService.decryptEvent(event, timelineId)
|
val result = cryptoService.decryptEvent(event, timelineId)
|
||||||
if (result != null) {
|
decryptionCache[cacheKey] = result
|
||||||
decryptionCache[cacheKey] = result
|
|
||||||
}
|
|
||||||
event.setClearData(result)
|
event.setClearData(result)
|
||||||
} catch (failure: Throwable) {
|
} catch (failure: Throwable) {
|
||||||
Timber.e("Encrypted event: decryption failed ${failure.localizedMessage}")
|
Timber.e("Encrypted event: decryption failed ${failure.localizedMessage}")
|
||||||
if (failure is MXDecryptionException) {
|
if (failure is Failure.CryptoError) {
|
||||||
event.setCryptoError(failure.cryptoError)
|
event.setCryptoError(failure.error)
|
||||||
} else {
|
} else {
|
||||||
// Other error
|
// Other error
|
||||||
Timber.e("Other error, should be handled")
|
Timber.e("Other error, should be handled")
|
||||||
|
|
|
@ -17,15 +17,14 @@
|
||||||
package im.vector.matrix.android.internal.session.sync
|
package im.vector.matrix.android.internal.session.sync
|
||||||
|
|
||||||
import android.text.TextUtils
|
import android.text.TextUtils
|
||||||
|
import im.vector.matrix.android.api.session.crypto.MXCryptoError
|
||||||
import im.vector.matrix.android.api.session.events.model.Event
|
import im.vector.matrix.android.api.session.events.model.Event
|
||||||
import im.vector.matrix.android.api.session.events.model.EventType
|
import im.vector.matrix.android.api.session.events.model.EventType
|
||||||
import im.vector.matrix.android.api.session.events.model.toModel
|
import im.vector.matrix.android.api.session.events.model.toModel
|
||||||
import im.vector.matrix.android.api.session.room.model.message.MessageContent
|
import im.vector.matrix.android.api.session.room.model.message.MessageContent
|
||||||
import im.vector.matrix.android.internal.crypto.CryptoManager
|
import im.vector.matrix.android.internal.crypto.CryptoManager
|
||||||
import im.vector.matrix.android.internal.crypto.MXDecryptionException
|
|
||||||
import im.vector.matrix.android.internal.crypto.MXEventDecryptionResult
|
import im.vector.matrix.android.internal.crypto.MXEventDecryptionResult
|
||||||
import im.vector.matrix.android.internal.crypto.verification.DefaultSasVerificationService
|
import im.vector.matrix.android.internal.crypto.verification.DefaultSasVerificationService
|
||||||
import im.vector.matrix.android.internal.session.SessionScope
|
|
||||||
import im.vector.matrix.android.internal.session.sync.model.SyncResponse
|
import im.vector.matrix.android.internal.session.sync.model.SyncResponse
|
||||||
import im.vector.matrix.android.internal.session.sync.model.ToDeviceSyncResponse
|
import im.vector.matrix.android.internal.session.sync.model.ToDeviceSyncResponse
|
||||||
import timber.log.Timber
|
import timber.log.Timber
|
||||||
|
@ -40,7 +39,7 @@ internal class CryptoSyncHandler @Inject constructor(private val cryptoManager:
|
||||||
// Decrypt event if necessary
|
// Decrypt event if necessary
|
||||||
decryptEvent(event, null)
|
decryptEvent(event, null)
|
||||||
if (TextUtils.equals(event.getClearType(), EventType.MESSAGE)
|
if (TextUtils.equals(event.getClearType(), EventType.MESSAGE)
|
||||||
&& event.mClearEvent?.content?.toModel<MessageContent>()?.type == "m.bad.encrypted") {
|
&& event.mClearEvent?.content?.toModel<MessageContent>()?.type == "m.bad.encrypted") {
|
||||||
Timber.e("## handleToDeviceEvent() : Warning: Unable to decrypt to-device event : " + event.content)
|
Timber.e("## handleToDeviceEvent() : Warning: Unable to decrypt to-device event : " + event.content)
|
||||||
} else {
|
} else {
|
||||||
sasVerificationService.onToDeviceEvent(event)
|
sasVerificationService.onToDeviceEvent(event)
|
||||||
|
@ -66,8 +65,8 @@ internal class CryptoSyncHandler @Inject constructor(private val cryptoManager:
|
||||||
var result: MXEventDecryptionResult? = null
|
var result: MXEventDecryptionResult? = null
|
||||||
try {
|
try {
|
||||||
result = cryptoManager.decryptEvent(event, timelineId ?: "")
|
result = cryptoManager.decryptEvent(event, timelineId ?: "")
|
||||||
} catch (exception: MXDecryptionException) {
|
} catch (exception: MXCryptoError) {
|
||||||
event.setCryptoError(exception.cryptoError)
|
event.setCryptoError(exception)
|
||||||
}
|
}
|
||||||
|
|
||||||
if (null != result) {
|
if (null != result) {
|
||||||
|
|
|
@ -28,7 +28,6 @@ import im.vector.riotx.core.utils.DebouncedClickListener
|
||||||
import im.vector.riotx.features.home.AvatarRenderer
|
import im.vector.riotx.features.home.AvatarRenderer
|
||||||
import im.vector.riotx.features.home.room.detail.timeline.TimelineEventController
|
import im.vector.riotx.features.home.room.detail.timeline.TimelineEventController
|
||||||
import im.vector.riotx.features.home.room.detail.timeline.item.MessageTextItem_
|
import im.vector.riotx.features.home.room.detail.timeline.item.MessageTextItem_
|
||||||
import im.vector.riotx.features.home.room.detail.timeline.item.NoticeItem_
|
|
||||||
import im.vector.riotx.features.home.room.detail.timeline.util.MessageInformationDataFactory
|
import im.vector.riotx.features.home.room.detail.timeline.util.MessageInformationDataFactory
|
||||||
import me.gujun.android.span.span
|
import me.gujun.android.span.span
|
||||||
import javax.inject.Inject
|
import javax.inject.Inject
|
||||||
|
@ -49,10 +48,16 @@ class EncryptedItemFactory @Inject constructor(private val messageInformationDat
|
||||||
EventType.ENCRYPTED == event.root.getClearType() -> {
|
EventType.ENCRYPTED == event.root.getClearType() -> {
|
||||||
val cryptoError = event.root.mCryptoError
|
val cryptoError = event.root.mCryptoError
|
||||||
val errorDescription =
|
val errorDescription =
|
||||||
if (cryptoError?.code == MXCryptoError.UNKNOWN_INBOUND_SESSION_ID_ERROR_CODE) {
|
if (cryptoError is MXCryptoError.Base) {
|
||||||
stringProvider.getString(R.string.notice_crypto_error_unkwown_inbound_session_id)
|
if (cryptoError.code == MXCryptoError.UNKNOWN_INBOUND_SESSION_ID_ERROR_CODE) {
|
||||||
|
stringProvider.getString(R.string.notice_crypto_error_unkwown_inbound_session_id)
|
||||||
|
} else {
|
||||||
|
// TODO i18n
|
||||||
|
cryptoError._message
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
cryptoError?.message
|
// Cannot happen (for now)
|
||||||
|
"Other error"
|
||||||
}
|
}
|
||||||
|
|
||||||
val message = stringProvider.getString(R.string.notice_crypto_unable_to_decrypt, errorDescription)
|
val message = stringProvider.getString(R.string.notice_crypto_unable_to_decrypt, errorDescription)
|
||||||
|
@ -77,7 +82,7 @@ class EncryptedItemFactory @Inject constructor(private val messageInformationDat
|
||||||
}))
|
}))
|
||||||
.longClickListener { view ->
|
.longClickListener { view ->
|
||||||
return@longClickListener callback?.onEventLongClicked(informationData, null, view)
|
return@longClickListener callback?.onEventLongClicked(informationData, null, view)
|
||||||
?: false
|
?: false
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else -> null
|
else -> null
|
||||||
|
|
Loading…
Reference in a new issue