encryption: Disallow sending messages until the devices are verified.

2018-05-17 14:34:34 +02:00 · 2018-05-17 14:34:34 +02:00 · c8fb416f88
commit c8fb416f88
parent bb06293031
2 changed files with 44 additions and 18 deletions
--- a/matrix/encryption.py
+++ b/matrix/encryption.py
@ -59,6 +59,10 @@ class ParseError(Exception):
    pass


+class OlmTrustError(Exception):
+    pass
+
+
 class WeechatArgParse(argparse.ArgumentParser):
    def print_usage(self, file):
        pass
@ -470,6 +474,7 @@ class Olm():
        self.session_path = session_path
        self.database = database
        self.device_keys = {}
+        self.shared_sessions = []

        if not database:
            db_file = "{}_{}.db".format(user, device_id)
@ -615,7 +620,12 @@ class Olm():

        if room_id not in self.outbound_group_sessions:
            self.create_outbound_group_session(room_id)
+
+        if self.outbound_group_sessions[room_id].id not in self.shared_sessions:
            to_device_dict = self.share_group_session(room_id, own_id, users)
+            self.shared_sessions.append(
+                self.outbound_group_sessions[room_id].id
+            )

        session = self.outbound_group_sessions[room_id]

@ -681,6 +691,9 @@ class Olm():
                if not self.sessions[user][key.device_id]:
                    continue

+                if not self.trust_db.check(key):
+                    raise OlmTrustError
+
                device_payload_dict = payload_dict.copy()
                # TODO sort the sessions
                session = self.sessions[user][key.device_id][0]
--- a/matrix/server.py
+++ b/matrix/server.py
@ -44,7 +44,12 @@ from matrix.api import (
    MatrixKeyClaimMessage
 )

-from matrix.encryption import Olm, EncryptionError, encrypt_enabled
+from matrix.encryption import (
+    Olm,
+    EncryptionError,
+    OlmTrustError,
+    encrypt_enabled
+)

 try:
    FileNotFoundError
@ -518,26 +523,34 @@ class MatrixServer:

        W.prnt("", "matrix: Encrypting message")

-        payload_dict, to_device_dict = self.olm.group_encrypt(
-            room_id,
-            plaintext_dict,
-            self.user_id,
-            room.users.keys()
-        )
+        try:
+            payload_dict, to_device_dict = self.olm.group_encrypt(
+                room_id,
+                plaintext_dict,
+                self.user_id,
+                room.users.keys()
+            )
+
+            if to_device_dict:
+                W.prnt("", "matrix: Megolm session missing for room.")
+                message = MatrixToDeviceMessage(self.client, to_device_dict)
+                self.send_queue.append(message)
+
+            message = MatrixEncryptedMessage(
+                self.client,
+                room_id,
+                formatted_data,
+                payload_dict
+            )

-        if to_device_dict:
-            W.prnt("", "matrix: Megolm session missing for room.")
-            message = MatrixToDeviceMessage(self.client, to_device_dict)
            self.send_queue.append(message)

-        message = MatrixEncryptedMessage(
-            self.client,
-            room_id,
-            formatted_data,
-            payload_dict
-        )
-
-        self.send_queue.append(message)
+        except OlmTrustError:
+            m = ("{prefix}matrix: Untrusted devices found in room, "
+                 "verification is needed before sending a message").format(
+                    prefix=W.prefix("error"))
+            W.prnt(self.server_buffer, m)
+            return

    @encrypt_enabled
    def upload_keys(self, device_keys=False, one_time_keys=False):