Page MenuHomePhabricator

[keyserver] modify createPickledOlmSession
ClosedPublic

Authored by varun on Aug 23 2023, 8:17 AM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Jun 22, 11:30 PM
Unknown Object (File)
Wed, Jun 19, 7:14 PM
Unknown Object (File)
Wed, Jun 19, 7:14 PM
Unknown Object (File)
Wed, Jun 19, 7:14 PM
Unknown Object (File)
Sat, Jun 15, 11:47 PM
Unknown Object (File)
Thu, Jun 13, 11:08 PM
Unknown Object (File)
Mon, Jun 10, 7:24 PM
Unknown Object (File)
May 23 2024, 8:40 PM
Subscribers

Details

Summary

if the other party's curve25519 olm identity key and one-time key are available, call create_inbound_from instead of create_inbound

Test Plan

tested in subsequent diff

Diff Detail

Repository
rCOMM Comm
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

varun requested review of this revision.Aug 23 2023, 8:36 AM

Skipping request changes to avoid blocking this diff while I'm out

keyserver/src/utils/olm-utils.js
59 ↗(On Diff #30260)

The third param here should be the initialEncryptedMessage, not the oneTimeKey. You probably got confused by seeing oneTimeKeyMessage in the API... this is poorly-named by the Olm authors. It's the first message received from the "outbound" user, both for create_inbound and create_inbound_from

The "inbound" side never needs a oneTimKey – this is only necessary for the "outbound" side

marcin requested changes to this revision.Aug 24 2023, 2:47 AM
marcin added inline comments.
keyserver/src/utils/olm-utils.js
59 ↗(On Diff #30260)

Thanks for catching this @ashoat!. This is a serious issue. we should call it with initialEncryptedMessage and remove oneTimeKeys from argument list.

Additionally I think the reason we use create_inbound_from instead of create_inbound is that the former is more secure. Therefore it should be our preferred way so theirCurve25519Key should not be an optional parameter. However it might take some serious refactor of notification encryption work so you can just leave it optional and create high priority task for me to make it required parameter.

This revision now requires changes to proceed.Aug 24 2023, 2:47 AM

remove oneTimeKey and correct create_inbound_from args

This revision is now accepted and ready to land.Sep 18 2023, 2:47 AM
This revision was automatically updated to reflect the committed changes.