fix: Allow empty OMEMO messages to bypass trust
This commit is contained in:
parent
fa16f97113
commit
cb43bbb112
@ -224,8 +224,11 @@ class OmemoSessionManager {
|
|||||||
// We assume that the user already checked if the session exists
|
// We assume that the user already checked if the session exists
|
||||||
for (final jid in jids) {
|
for (final jid in jids) {
|
||||||
for (final deviceId in _deviceMap[jid]!) {
|
for (final deviceId in _deviceMap[jid]!) {
|
||||||
|
// Empty OMEMO messages are allowed to bypass trust
|
||||||
|
if (plaintext != null) {
|
||||||
// Only encrypt to devices that are trusted
|
// Only encrypt to devices that are trusted
|
||||||
if (!(await _trustManager.isTrusted(jid, deviceId))) continue;
|
if (!(await _trustManager.isTrusted(jid, deviceId))) continue;
|
||||||
|
}
|
||||||
|
|
||||||
final ratchetKey = RatchetMapKey(jid, deviceId);
|
final ratchetKey = RatchetMapKey(jid, deviceId);
|
||||||
final ratchet = _ratchetMap[ratchetKey]!;
|
final ratchet = _ratchetMap[ratchetKey]!;
|
||||||
|
14
lib/src/trust/never.dart
Normal file
14
lib/src/trust/never.dart
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
import 'package:meta/meta.dart';
|
||||||
|
import 'package:omemo_dart/src/trust/base.dart';
|
||||||
|
|
||||||
|
/// Only use for testing!
|
||||||
|
/// An implementation of TrustManager that never trusts any device and thus
|
||||||
|
/// has no internal state.
|
||||||
|
@visibleForTesting
|
||||||
|
class NeverTrustingTrustManager extends TrustManager {
|
||||||
|
@override
|
||||||
|
Future<bool> isTrusted(String jid, int deviceId) async => false;
|
||||||
|
|
||||||
|
@override
|
||||||
|
Future<void> onNewSession(String jid, int deviceId) async {}
|
||||||
|
}
|
@ -1,5 +1,6 @@
|
|||||||
import 'package:omemo_dart/omemo_dart.dart';
|
import 'package:omemo_dart/omemo_dart.dart';
|
||||||
import 'package:omemo_dart/src/trust/always.dart';
|
import 'package:omemo_dart/src/trust/always.dart';
|
||||||
|
import 'package:omemo_dart/src/trust/never.dart';
|
||||||
import 'package:test/test.dart';
|
import 'package:test/test.dart';
|
||||||
|
|
||||||
void main() {
|
void main() {
|
||||||
@ -336,4 +337,34 @@ void main() {
|
|||||||
);
|
);
|
||||||
expect(messagePlaintext, bobMessage);
|
expect(messagePlaintext, bobMessage);
|
||||||
});
|
});
|
||||||
|
|
||||||
|
test('Test trust bypassing with empty OMEMO messages', () async {
|
||||||
|
const aliceJid = 'alice@server.example';
|
||||||
|
const bobJid = 'bob@other.server.example';
|
||||||
|
|
||||||
|
// Alice and Bob generate their sessions
|
||||||
|
final aliceSession = await OmemoSessionManager.generateNewIdentity(
|
||||||
|
aliceJid,
|
||||||
|
NeverTrustingTrustManager(),
|
||||||
|
opkAmount: 1,
|
||||||
|
);
|
||||||
|
final bobSession = await OmemoSessionManager.generateNewIdentity(
|
||||||
|
bobJid,
|
||||||
|
NeverTrustingTrustManager(),
|
||||||
|
opkAmount: 1,
|
||||||
|
);
|
||||||
|
|
||||||
|
// Alice encrypts an empty message for Bob
|
||||||
|
final aliceMessage = await aliceSession.encryptToJid(
|
||||||
|
bobJid,
|
||||||
|
null,
|
||||||
|
newSessions: [
|
||||||
|
await (await bobSession.getDevice()).toBundle(),
|
||||||
|
],
|
||||||
|
);
|
||||||
|
|
||||||
|
// Despite Alice not trusting Bob's device, we should have encrypted it for his
|
||||||
|
// untrusted device.
|
||||||
|
expect(aliceMessage.encryptedKeys.length, 1);
|
||||||
|
});
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user