Skip to content

[E2E] Device verification #263

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 54 commits into from
Closed

[E2E] Device verification #263

wants to merge 54 commits into from

Conversation

@Zil0
Copy link
Contributor

@Zil0 Zil0 commented Jul 30, 2018

Penultimate missing feature.

This was unexpectedly complicated to implement, as it required small changes everywhere and as the logic behind the few checks that get added is not trivial.

Some notes about the design:
- Since the SDK is mainly used by bots, device verification is disabled by default (enabling it is as painless as passing verify_devices=True when instantiating MatrixClient, though).
- Unlike in the JS SDK, there is no Event class. This means that one cannot use something like event.isVerified() after getting an event from the SDK in order to know if they should treat an event as trusted.
It could be tempting to infer that an event is trusted from the fact that it is sent in an encrypted room and that it comes from a verified device. However this would be broken because, as the decryption of events is transparent, an event received in a encrypted room could very well be unencrypted, thus not trusted.
There are a lot of possible tricks to work around this limitation. The less hacky one felt like adding a VerifiedEvent dict subclass. In order to check if an event is verified, one has to import it from matrix_client.crypto.verified_event, and add the check if isinstance(event, VerifiedEvent): .... Not perfect, but at least readable.

In order to verify or blacklist a device, it is possible to do one of the following:
- From a User object, use the devices property to get a map from device ID to Device object. Then, display the ed25519 property (the fingerprint) of a device, and turn on the blacklisted or verified property accordingly.
- When sending a message in an encrypted room where device verification in enabled, the exception E2EUnknownDevices defined in errors.py will be raised if there are new unknown devices. One can inspect the user_devices property of this exception, and will find a map from user ID to a list of Device objects. For each of those device, one of the previous properties should be set in order to be able to successfully send the message. Note that there is also an ignored property of a Device object that can be turned on, in order to send a message anyway to unverified devices.

Currently, it is impossible to verify the devices of a user if we do not share an encrypted room with them.

Signed-off-by: Valentin Deniaud <valentin.deniaud@inpt.fr>

Zil0 added 30 commits October 18, 2018 21:59
@Zil0
track the device list of users and download keys
b0fa2a6 
Use a thread to allow downloading the keys in a non-blocking way.
Implement sort of a queue of users who need updating, which should be
efficient (request is fired as soon as possible with as much data as
possible) and avoid races (we always have only one download in
progress).
@Zil0
add device tracking tests
c8496d3
@Zil0
track devices of users in encrypted rooms
69d300e 
This has the effect of tracking the device lists of users proactively.
@Zil0
build doc for crypto.device_list
9aadf1b
@Zil0
add olm encryption, decryption and session
165d4f4
@Zil0
add olm tests
c689ec1
@Zil0
add olm_ensure_sessions
eb43d6c
@Zil0
add megolm outbound session support
d3896b4
@Zil0
delete outbound sessions on leave
f18f9b2
@Zil0
send encrypted group messages
de73b9d
@Zil0
automatically send encrypted messages in encrypted rooms
c07ee43
@Zil0
add megolm outbound tests
24b5a40
@Zil0
handle m.room.encryption properties
4ce7cdf
@Zil0
build doc for crypto.megolm_outbound_session
71e8c52
@Zil0
pass rotation parameters when enabling encryption
2515d57
@Zil0
add megolm inbound session support
e649a23
@Zil0
automatically decrypt encrypted events
a28b29d
@Zil0
add megolm inbound tests
a377517
@Zil0
persist olm account
ca08e86
@Zil0
build doc for crypto.crypto_store
16ed294
@Zil0
add account persistence tests
55e8e09
@Zil0
prevent tests from using database
9e0ad6f
@Zil0
persist olm sessions
05823ea
@Zil0
add olm persistence tests
33a06d8
@Zil0
persist megolm inbound sessions
f8487bd
@Zil0
add megolm inbound persistence tests
4bc2473
@Zil0
persist megolm outbound sessions
93f408a
@Zil0
add outbound sessions persistence tests
0ed22c1
@Zil0
add device keys persistence
46405db 
Since device tracking is done in a separate thread, we need to be
careful not to use the same connection object between threads (in
fact the problem existed since the first persistence commit when using
MatrixClient.start_listener_thread).
@Zil0
add device keys persistence tests
64134d7
Zil0 added 24 commits October 18, 2018 22:08
@Zil0
ignore optional dependency appdirs when building doc
1804f7a
@Zil0
general improvement to CryptoStore
41e35d1 
Nicer sqlite practices and better docstrings.
@Zil0
better primary keys in crypto store
2d7b271
@Zil0
restore device ID from user ID in CryptoStore
cddd13a 
A side-effect is that this removes the ability to store E2E data
for different devices of the same user in the DB. It shouldn't
be much of a problem as it is easy to use multiple DB files
for different instances of MatrixClient.

Signed-off-by: Valentin Deniaud <valentin.deniaud@inpt.fr>
@Zil0
turn on SQLite secure_delete
bb10897
@Zil0
add m.file missing required key
9567772
@Zil0
add encrypted attachments dependencies
77d36f4
@Zil0
encrypted attachments support
db8f378
@Zil0
plug-in encrypted attachments
b236ea2
@Zil0
automatically send encrypted m.file messages
8d4f284
@Zil0
add Device class
656005b
@Zil0
add devices attribute to User
6bce7b4
@Zil0
make OlmDevice subclass Device
0c76655
@Zil0
better device keys handling
f2b25e8
@Zil0
remember signing key when establishing Megolm Inbound Session
b27dfa8
@Zil0
configure device verification
6d31cce
@Zil0
persist verification info
c1c8aca
@Zil0
alert of unknown devices when sending encrypted messages
e4f417f
@Zil0
add device verification checks
b5e1b7a
@Zil0
persist device upon verification
0492e95
@Zil0
add Device class docstring
ba0950a
@Zil0
add Device class tests
93d7b0e
@Zil0
add get_fingerprint method to client
cdffc9f
@Zil0
fixup! add devices attribute to User
0fdfdd6
@non-Jedi non-Jedi closed this Dec 16, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Zil0 @non-Jedi