From 14008caaa4d2348067efec1e1de0e6d441db4d31 Mon Sep 17 00:00:00 2001
From: Brad Murray <brad@beeper.com>
Date: Thu, 13 Feb 2025 15:52:34 -0500
Subject: [PATCH] crypto/ssss: only accept secret shares from verified devices
 (#352)

Co-authored-by: Tulir Asokan <tulir@maunium.net>
---
 crypto/sharing.go | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/crypto/sharing.go b/crypto/sharing.go
index c0f3e209..10e37ccc 100644
--- a/crypto/sharing.go
+++ b/crypto/sharing.go
@@ -173,6 +173,19 @@ func (mach *OlmMachine) receiveSecret(ctx context.Context, evt *DecryptedOlmEven
 		return
 	}
 
+	// https://spec.matrix.org/v1.10/client-server-api/#msecretsend
+	// "The recipient must ensure... that the device is a verified device owned by the recipient"
+	if senderDevice, err := mach.GetOrFetchDevice(ctx, evt.Sender, evt.SenderDevice); err != nil {
+		log.Err(err).Msg("Failed to get or fetch sender device, rejecting secret")
+		return
+	} else if senderDevice == nil {
+		log.Warn().Msg("Unknown sender device, rejecting secret")
+		return
+	} else if !mach.IsDeviceTrusted(ctx, senderDevice) {
+		log.Warn().Msg("Sender device is not verified, rejecting secret")
+		return
+	}
+
 	mach.secretLock.Lock()
 	secretChan := mach.secretListeners[content.RequestID]
 	mach.secretLock.Unlock()