search

element-hq / element-ios

A glossy Matrix collaboration client for iOS
https://element.io
Apache License 2.0
1.72k stars 480 forks source link

NSE process can encrypt events which can cause UTDs due to key reuse #7751

Open kegsay opened 4 months ago

kegsay commented 4 months ago

Steps to reproduce

It is possible for the NSE process to encrypt events in response to key share requests as shown in the log line below (redacted):

2024-01-02 10:53:06.653 RiotNSE[646:107755] [MXCryptoSDK] TRACE receive_sync_changes:handle_supported_key_request{user_id=@xxxx:matrix.org device_id=XXX room_id=!xxxx:matrix.org}:encrypt{recipient=@xxxx:matrix.org recipient_device=XXX recipient_key=Some("curve25519:xxx") session=Session { session_id: "xxx", sending_chain_index: None, receiving_chains: [ReceiverChain { chain_index: 2, skipped_message_keys: [], .. }], config: SessionConfig { version: V1 }, .. }}: matrix_sdk_crypto::identities::device: Successfully encrypted an event

This is bad for the same reason it's bad for the ShareExtension. It corrupts the ratchet position, causing unable to decrypt (UTD) errors.

Outcome

Users see UTDs for messages sent from EI devices.

Your phone model

iPad Air 5th Gen (WiFi)

Operating system version

iPadOS 17.2

Application version

v1.11.5 #20231128120740 with Rust Crypto SDK 0.6.0 (Vodozemac 0.4.0)

Homeserver

matrix.org

Will you send logs?

No