if the other party's curve25519 olm identity key and one-time key are available, call create_inbound_from instead of create_inbound
Details
- Reviewers
marcin ashoat - Commits
- rCOMM14fd52f4f194: [keyserver] modify createPickledOlmSession
tested in subsequent diff
Diff Detail
- Repository
- rCOMM Comm
- Branch
- new-responder (branched from master)
- Lint
No Lint Coverage - Unit
No Test Coverage
Event Timeline
Skipping request changes to avoid blocking this diff while I'm out
keyserver/src/utils/olm-utils.js | ||
---|---|---|
59 | The third param here should be the initialEncryptedMessage, not the oneTimeKey. You probably got confused by seeing oneTimeKeyMessage in the API... this is poorly-named by the Olm authors. It's the first message received from the "outbound" user, both for create_inbound and create_inbound_from The "inbound" side never needs a oneTimKey – this is only necessary for the "outbound" side |
keyserver/src/utils/olm-utils.js | ||
---|---|---|
59 | Thanks for catching this @ashoat!. This is a serious issue. we should call it with initialEncryptedMessage and remove oneTimeKeys from argument list. Additionally I think the reason we use create_inbound_from instead of create_inbound is that the former is more secure. Therefore it should be our preferred way so theirCurve25519Key should not be an optional parameter. However it might take some serious refactor of notification encryption work so you can just leave it optional and create high priority task for me to make it required parameter. |