diff --git a/services/commtest/src/identity/device.rs b/services/commtest/src/identity/device.rs --- a/services/commtest/src/identity/device.rs +++ b/services/commtest/src/identity/device.rs @@ -2,6 +2,7 @@ use grpc_clients::identity::{get_auth_client, get_unauthenticated_client}; use rand::{distributions::Alphanumeric, Rng}; +use crate::identity::olm_account_infos::generate_random_olm_key; use crate::identity::olm_account_infos::{ ClientPublicKeys, DEFAULT_CLIENT_KEYS, }; @@ -69,11 +70,11 @@ payload_signature: "foo".to_string(), }), content_upload: Some(Prekey { - prekey: "content_prekey".to_string(), + prekey: generate_random_olm_key(), prekey_signature: "content_prekey_sig".to_string(), }), notif_upload: Some(Prekey { - prekey: "notif_prekey".to_string(), + prekey: generate_random_olm_key(), prekey_signature: "notif_prekey_sig".to_string(), }), one_time_content_prekeys: Vec::new(), @@ -151,11 +152,11 @@ payload_signature: "foo".to_string(), }), content_upload: Some(Prekey { - prekey: "content_prekey".to_string(), + prekey: generate_random_olm_key(), prekey_signature: "content_prekey_sig".to_string(), }), notif_upload: Some(Prekey { - prekey: "notif_prekey".to_string(), + prekey: generate_random_olm_key(), prekey_signature: "notif_prekey_sig".to_string(), }), one_time_content_prekeys: Vec::new(), diff --git a/services/commtest/src/identity/olm_account_infos.rs b/services/commtest/src/identity/olm_account_infos.rs --- a/services/commtest/src/identity/olm_account_infos.rs +++ b/services/commtest/src/identity/olm_account_infos.rs @@ -48,7 +48,7 @@ }; } -pub fn get_random_otk() -> String { +pub fn generate_random_olm_key() -> String { rand::thread_rng() .sample_iter(&Alphanumeric) .take(43) diff --git a/services/commtest/tests/identity_keyserver_tests.rs b/services/commtest/tests/identity_keyserver_tests.rs --- a/services/commtest/tests/identity_keyserver_tests.rs +++ b/services/commtest/tests/identity_keyserver_tests.rs @@ -1,7 +1,7 @@ use commtest::identity::device::{ register_user_device, DEVICE_TYPE, PLACEHOLDER_CODE_VERSION, }; -use commtest::identity::olm_account_infos::get_random_otk; +use commtest::identity::olm_account_infos::generate_random_olm_key; use commtest::service_addr; use grpc_clients::identity::{ get_auth_client, @@ -26,8 +26,8 @@ .await .expect("Couldn't connect to identity service"); - let content_one_time_prekey = get_random_otk(); - let notif_one_time_prekey = get_random_otk(); + let content_one_time_prekey = generate_random_olm_key(); + let notif_one_time_prekey = generate_random_olm_key(); let upload_request = UploadOneTimeKeysRequest { content_one_time_prekeys: vec![content_one_time_prekey.clone()], diff --git a/services/commtest/tests/identity_one_time_key_tests.rs b/services/commtest/tests/identity_one_time_key_tests.rs --- a/services/commtest/tests/identity_one_time_key_tests.rs +++ b/services/commtest/tests/identity_one_time_key_tests.rs @@ -1,7 +1,7 @@ use commtest::identity::device::{ register_user_device, DEVICE_TYPE, PLACEHOLDER_CODE_VERSION, }; -use commtest::identity::olm_account_infos::get_random_otk; +use commtest::identity::olm_account_infos::generate_random_olm_key; use commtest::service_addr; use grpc_clients::identity::{ get_auth_client, protos::authenticated::UploadOneTimeKeysRequest, @@ -23,8 +23,14 @@ .expect("Couldn't connect to identity service"); let upload_request = UploadOneTimeKeysRequest { - content_one_time_prekeys: vec![get_random_otk(), get_random_otk()], - notif_one_time_prekeys: vec![get_random_otk(), get_random_otk()], + content_one_time_prekeys: vec![ + generate_random_olm_key(), + generate_random_olm_key(), + ], + notif_one_time_prekeys: vec![ + generate_random_olm_key(), + generate_random_olm_key(), + ], }; identity_client diff --git a/services/commtest/tests/identity_tunnelbroker_tests.rs b/services/commtest/tests/identity_tunnelbroker_tests.rs --- a/services/commtest/tests/identity_tunnelbroker_tests.rs +++ b/services/commtest/tests/identity_tunnelbroker_tests.rs @@ -1,7 +1,7 @@ use commtest::identity::device::{ register_user_device, DEVICE_TYPE, PLACEHOLDER_CODE_VERSION, }; -use commtest::identity::olm_account_infos::get_random_otk; +use commtest::identity::olm_account_infos::generate_random_olm_key; use commtest::service_addr; use commtest::tunnelbroker::socket::{create_socket, receive_message}; use futures_util::StreamExt; @@ -48,8 +48,8 @@ .await .expect("Couldn't connect to identity service"); - let content_one_time_prekeys = vec![get_random_otk()]; - let notif_one_time_prekeys = vec![get_random_otk()]; + let content_one_time_prekeys = vec![generate_random_olm_key()]; + let notif_one_time_prekeys = vec![generate_random_olm_key()]; let upload_request = UploadOneTimeKeysRequest { content_one_time_prekeys, notif_one_time_prekeys, diff --git a/services/identity/src/database/device_list.rs b/services/identity/src/database/device_list.rs --- a/services/identity/src/database/device_list.rs +++ b/services/identity/src/database/device_list.rs @@ -26,6 +26,7 @@ error::{DeviceListError, Error}, grpc_services::protos::{self, unauth::DeviceType}, grpc_utils::DeviceKeysInfo, + olm::is_valid_olm_key, }; use super::DatabaseClient; @@ -80,8 +81,14 @@ upload: FlattenedDeviceKeyUpload, code_version: u64, login_time: DateTime, - ) -> Self { - Self { + ) -> Result { + if !is_valid_olm_key(&upload.content_prekey) + || !is_valid_olm_key(&upload.notif_prekey) + { + error!("Invalid prekey format"); + return Err(Error::InvalidFormat); + } + let device_row = Self { user_id: user_id.into(), device_id: upload.device_id_key, device_type: DeviceType::from_str_name(upload.device_type.as_str_name()) @@ -100,7 +107,8 @@ }, code_version, login_time, - } + }; + Ok(device_row) } } @@ -503,6 +511,12 @@ content_prekey: Prekey, notif_prekey: Prekey, ) -> Result<(), Error> { + if !is_valid_olm_key(&content_prekey.prekey) + || !is_valid_olm_key(¬if_prekey.prekey) + { + error!("Invalid prekey format"); + return Err(Error::InvalidFormat); + } self .client .update_item() @@ -691,7 +705,7 @@ device_key_upload, code_version, login_time, - ); + )?; let device_id = new_device.device_id.clone(); self @@ -735,7 +749,7 @@ device_key_upload, code_version, login_time, - ); + )?; if device_ids.iter().any(|id| &new_device.device_id == id) { warn!(