Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

encryptAndSendKeysToDevices assumes device IDs are globally unique #2135

Closed
ShadowJonathan opened this issue Jan 26, 2022 · 1 comment · Fixed by #2136
Closed

encryptAndSendKeysToDevices assumes device IDs are globally unique #2135

ShadowJonathan opened this issue Jan 26, 2022 · 1 comment · Fixed by #2136

Comments

@ShadowJonathan
Copy link
Contributor

encryptAndSendKeysToDevices uses two different mappings for devices and user+devices;

const contentMap: Record<string, Record<string, IEncryptedContent>> = {};
const deviceInfoByDeviceId = new Map<string, DeviceInfo>();

These two are filled independently, with the latter being queried in this spot at the end of the function;

 return this.baseApis.sendToDevice("m.room.encrypted", contentMap).then(() => {
    // store that we successfully uploaded the keys of the current slice
    for (const userId of Object.keys(contentMap)) {
        for (const deviceId of Object.keys(contentMap[userId])) {
            session.markSharedWithDevice(
                userId,
                deviceId,
                deviceInfoByDeviceId.get(deviceId).getIdentityKey(),
                chainIndex,
            );
        }
    }
});

This assumes that no two users share a device with the same deviceID, though that is possible given a large enough room and a large enough time for users to keep generating deviceIDs.

AFAIK, this does not expose a security vulnerability, worst this could do is junk up the message ratchet for either of the two users' specific devices in that particular room, making messages undecryptable.
@ShadowJonathan ShadowJonathan mentioned this issue Jan 26, 2022
Merged
@aaronraimist
Copy link
Contributor

Device IDs are not necessarily even unique per user matrix-org/synapse#6616

dkasak added a commit to dkasak/matrix-js-sdk that referenced this issue Apr 15, 2022
@dkasak
Segment recorded device info by user ID when tracking key shares.
ea6bd5d 
Fixes matrix-org#2135.
t3chguy added a commit that referenced this issue Jun 6, 2022
@ShadowJonathan @dkasak @t3chguy
Assume per-user deviceID uniqueness in encryptAndSendKeysToDevices (#…
aa94d5d 
…2136)

* Segment recorded device info by user ID when tracking key shares.

Fixes #2135.

* address review feedback

* fix userIdDeviceInfo

Co-authored-by: Denis Kasak <[email protected]>
Co-authored-by: Michael Telatynski <[email protected]>
su-ex added a commit to SchildiChat/matrix-js-sdk that referenced this issue Jul 7, 2022
@su-ex
Merge tag 'v19.0.0' into sc
2a6db46 
* Remove unused sessionStore ([\matrix-org#2455](matrix-org#2455)).
* Implement MSC3827: Filtering of `/publicRooms` by room type ([\matrix-org#2469](matrix-org#2469)).
* expose latestLocationEvent on beacon model ([\matrix-org#2467](matrix-org#2467)). Contributed by @kerryarchibald.
* Live location share - add start time leniency ([\matrix-org#2465](matrix-org#2465)). Contributed by @kerryarchibald.
* Log real errors and not just their messages, traces are useful ([\matrix-org#2464](matrix-org#2464)).
* Various changes to `src/crypto` files for correctness ([\matrix-org#2137](matrix-org#2137)). Contributed by @ShadowJonathan.
* Update MSC3786 implementation: Check the `state_key` ([\matrix-org#2429](matrix-org#2429)).
* Timeline needs to refresh when we see a MSC2716 marker event  ([\matrix-org#2299](matrix-org#2299)). Contributed by @MadLittleMods.
* Try to load keys from key backup when a message fails to decrypt ([\matrix-org#2373](matrix-org#2373)). Fixes element-hq/element-web#21026. Contributed by @duxovni.
* Send call version `1` as a string ([\matrix-org#2471](matrix-org#2471)). Fixes element-hq/element-web#22629.
* Fix issue with `getEventTimeline` returning undefined for thread roots in main timeline ([\matrix-org#2454](matrix-org#2454)). Fixes element-hq/element-web#22539.
* Add missing `type` property on `IAuthData` ([\matrix-org#2463](matrix-org#2463)).
* Clearly indicate that `lastReply` on a Thread can return falsy ([\matrix-org#2462](matrix-org#2462)).
* Fix issues with getEventTimeline and thread roots ([\matrix-org#2444](matrix-org#2444)). Fixes element-hq/element-web#21613.
* Live location sharing - monitor liveness of beacons yet to start ([\matrix-org#2437](matrix-org#2437)). Contributed by @kerryarchibald.
* Refactor Relations to not be per-EventTimelineSet ([\matrix-org#2412](matrix-org#2412)). Fixes matrix-org#2399 and element-hq/element-web#22298.
* Add tests for sendEvent threadId handling ([\matrix-org#2435](matrix-org#2435)). Fixes element-hq/element-web#22433.
* Make sure `encryptAndSendKeysToDevices` assumes devices are unique per-user. ([\matrix-org#2136](matrix-org#2136)). Fixes matrix-org#2135. Contributed by @ShadowJonathan.
* Don't bug the user while re-checking key backups after decryption failures ([\matrix-org#2430](matrix-org#2430)). Fixes element-hq/element-web#22416. Contributed by @duxovni.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Assume per-user deviceID uniqueness in encryptAndSendKeysToDevices ShadowJonathan/matrix-js-sdk
2 participants
@aaronraimist @ShadowJonathan