diff options
| -rw-r--r-- | autotests/testolmaccount.cpp | 2 | ||||
| -rw-r--r-- | lib/connection.cpp | 22 |
2 files changed, 15 insertions, 9 deletions
diff --git a/autotests/testolmaccount.cpp b/autotests/testolmaccount.cpp index 60f4ab38..4b32393d 100644 --- a/autotests/testolmaccount.cpp +++ b/autotests/testolmaccount.cpp @@ -404,7 +404,7 @@ void TestOlmAccount::claimKeys() claimKeysJob->oneTimeKeys().value(userId).value(deviceId); for (auto it = oneTimeKeys.begin(); it != oneTimeKeys.end(); ++it) { if (it.key().startsWith(SignedCurve25519Key) - && it.value().isObject()) + && std::holds_alternative<SignedOneTimeKey>(it.value())) return; } QFAIL("The claimed one time key is not in /claim response"); diff --git a/lib/connection.cpp b/lib/connection.cpp index 102fb16d..7885718f 100644 --- a/lib/connection.cpp +++ b/lib/connection.cpp @@ -376,7 +376,7 @@ public: const QByteArray& message) const; bool createOlmSession(const QString& targetUserId, const QString& targetDeviceId, - const QJsonObject& oneTimeKeyObject); + const OneTimeKeys &oneTimeKeyObject); QString curveKeyForUserDevice(const QString& userId, const QString& device) const; QString edKeyForUserDevice(const QString& userId, @@ -2306,7 +2306,7 @@ std::pair<QOlmMessage::Type, QByteArray> Connection::Private::olmEncryptMessage( bool Connection::Private::createOlmSession(const QString& targetUserId, const QString& targetDeviceId, - const QJsonObject& oneTimeKeyObject) + const OneTimeKeys& oneTimeKeyObject) { static QOlmUtility verifier; qDebug(E2EE) << "Creating a new session for" << targetUserId @@ -2316,17 +2316,23 @@ bool Connection::Private::createOlmSession(const QString& targetUserId, << targetDeviceId; return false; } - auto signedOneTimeKey = oneTimeKeyObject.constBegin()->toObject(); + auto* signedOneTimeKey = + std::get_if<SignedOneTimeKey>(&*oneTimeKeyObject.begin()); + if (!signedOneTimeKey) { + qWarning(E2EE) << "No signed one time key for" << targetUserId + << targetDeviceId; + return false; + } // Verify contents of signedOneTimeKey - for that, drop `signatures` and // `unsigned` and then verify the object against the respective signature const auto signature = - signedOneTimeKey.take("signatures"_ls)[targetUserId]["ed25519:"_ls % targetDeviceId] - .toString() + signedOneTimeKey + ->signatures[targetUserId]["ed25519:"_ls % targetDeviceId] .toLatin1(); - signedOneTimeKey.remove("unsigned"_ls); if (!verifier.ed25519Verify( edKeyForUserDevice(targetUserId, targetDeviceId).toLatin1(), - QJsonDocument(signedOneTimeKey).toJson(QJsonDocument::Compact), + QJsonDocument(toJson(SignedOneTimeKey { signedOneTimeKey->key, {} })) + .toJson(QJsonDocument::Compact), signature)) { qWarning(E2EE) << "Failed to verify one-time-key signature for" << targetUserId << targetDeviceId << ". Skipping this device."; @@ -2336,7 +2342,7 @@ bool Connection::Private::createOlmSession(const QString& targetUserId, curveKeyForUserDevice(targetUserId, targetDeviceId); auto session = QOlmSession::createOutboundSession(olmAccount.get(), recipientCurveKey, - signedOneTimeKey["key"].toString()); + signedOneTimeKey->key); if (!session) { qCWarning(E2EE) << "Failed to create olm session for " << recipientCurveKey << session.error(); |