deblan-mirror/mautrix-go
1
0
Fork 0
mirror of https://mau.dev/mautrix/go.git synced 2026-03-14 14:25:53 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

crypto/decryptmegolm: allow device key mismatches, but mark as untrusted
Some checks are pending
Go / Lint (latest) (push) Waiting to run
Details
Go / Build (old, libolm) (push) Waiting to run
Details
Go / Build (latest, libolm) (push) Waiting to run
Details
Go / Build (old, goolm) (push) Waiting to run
Details
Go / Build (latest, goolm) (push) Waiting to run
Details

Browse source
This commit is contained in:
Tulir Asokan 2026-02-19 14:10:20 +02:00
commit 974f7dc544
2 changed files with 13 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

8
crypto/decryptmegolm.go
View file

@ -124,7 +124,13 @@ func (mach *OlmMachine) DecryptMegolmEvent(ctx context.Context, evt *event.Event
Msg("Couldn't resolve trust level of session: sent by unknown device")
trustLevel = id.TrustStateUnknownDevice
} else if device.SigningKey != sess.SigningKey || device.IdentityKey != sess.SenderKey {
return nil, ErrDeviceKeyMismatch
log.Debug().
Stringer("session_sender_key", sess.SenderKey).
Stringer("device_sender_key", device.IdentityKey).
Stringer("session_signing_key", sess.SigningKey).
Stringer("device_signing_key", device.SigningKey).
Msg("Device keys don't match keys in session, marking as untrusted")
trustLevel = id.TrustStateDeviceKeyMismatch
} else {
trustLevel, err = mach.ResolveTrustContext(ctx, device)
if err != nil {

7
id/trust.go
View file

@ -16,6 +16,7 @@ type TrustState int
const (
TrustStateBlacklisted TrustState = -100
TrustStateDeviceKeyMismatch TrustState = -5
TrustStateUnset TrustState = 0
TrustStateUnknownDevice TrustState = 10
TrustStateForwarded TrustState = 20
@ -23,7 +24,7 @@ const (
TrustStateCrossSignedTOFU TrustState = 100
TrustStateCrossSignedVerified TrustState = 200
TrustStateVerified TrustState = 300
TrustStateInvalid TrustState = (1 << 31) - 1
TrustStateInvalid TrustState = -2147483647
)
func (ts *TrustState) UnmarshalText(data []byte) error {
@ -44,6 +45,8 @@ func ParseTrustState(val string) TrustState {
switch strings.ToLower(val) {
case "blacklisted":
return TrustStateBlacklisted
case "device-key-mismatch":
return TrustStateDeviceKeyMismatch
case "unverified":
return TrustStateUnset
case "cross-signed-untrusted":
@ -67,6 +70,8 @@ func (ts TrustState) String() string {
switch ts {
case TrustStateBlacklisted:
return "blacklisted"
case TrustStateDeviceKeyMismatch:
return "device-key-mismatch"
case TrustStateUnset:
return "unverified"
case TrustStateCrossSignedUntrusted: