rnhmjoj/nheko
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Properly verify OTK signature

Browse Source
This commit is contained in:
Nicolas Werner 2021-07-25 14:10:38 +02:00
parent 8444683271
commit 8b3d0c14d0
No known key found for this signature in database
GPG Key ID: C8D75E610773F2D9
1 changed files with 26 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
src/Olm.cpp
View File

@ -1208,22 +1208,40 @@ send_encrypted_to_device_messages(const std::map<std::string, std::vector<std::s
continue;
}
// TODO: Verify signatures
auto otk = rd.second.begin()->at("key");
auto id_key = pks.at(user_id).at(device_id).curve25519;
auto sign_key = pks.at(user_id).at(device_id).ed25519;
auto id_key = pks.at(user_id).at(device_id).curve25519;
// Verify signature
{
auto signedKey = *rd.second.begin();
std::string signature =
signedKey["signatures"][user_id].value(
"ed25519:" + device_id, "");
if (signature.empty() ||
!mtx::crypto::ed25519_verify_signature(
sign_key, signedKey, signature)) {
nhlog::net()->warn(
"Skipping device {} as its one time key "
"has an invalid signature.",
device_id);
continue;
}
}
auto session =
olm::client()->create_outbound_session(id_key, otk);
messages[mtx::identifiers::parse<mtx::identifiers::User>(
user_id)][device_id] =
olm::client()
->create_olm_encrypted_content(
session.get(),
ev_json,
UserId(user_id),
pks.at(user_id).at(device_id).ed25519,
id_key)
->create_olm_encrypted_content(session.get(),
ev_json,
UserId(user_id),
sign_key,
id_key)
.get<mtx::events::msg::OlmEncrypted>();
try {