Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Receiving two Olm messages in the same sync can cause the second to be undecryptable #18443

Open
turt2live opened this issue Aug 7, 2021 · 2 comments
Open

Receiving two Olm messages in the same sync can cause the second to be undecryptable #18443

turt2live opened this issue Aug 7, 2021 · 2 comments
Labels
A-E2EE O-Uncommon Most users are unlikely to come across this or unexpected workflow S-Major Severely degrades major functionality or product features, with no satisfactory workaround T-Defect Z-Legacy-Crypto Issues affecting the legacy crypto stack

Comments

@turt2live
Copy link
Member

In my test case, sending a dummy event followed by a room key causes the room key to be undecryptable, thus UISI.
@SimonBrandner SimonBrandner added A-E2EE S-Major Severely degrades major functionality or product features, with no satisfactory workaround T-Defect labels Aug 7, 2021
@germain-gg
Copy link
Contributor

Could you provide some reproducible steps so that someone look into this in the future?
Maybe sharing your test case could help

@turt2live
Copy link
Member Author

A test case is a bit difficult to provide as it means setting up 3/4s of encryption, but the summary was:

  1. Create Olm session
  2. Notify Element Web of that session with an m.dummy
  3. Prepare an outbound group session and notify Element Web of that with an m.room_key
  4. Watch when Element Web fails to decrypt due to bad MAC on the room_key (it seems to get as far as knowing it's a room_key, but not as far as actually using it).

There might be some timing issues at play here, where in my case the Element Web happened to receive both in the same /sync request but it's entirely possible that the server wakes the sync loop between the messages. However, considering I managed to get it to reliably be an issue on a localhost server using a regular Element Web, I'm not convinced it'll fall to the "safe" side of 2 syncs very often.

@ShadowJonathan ShadowJonathan mentioned this issue Jan 22, 2022
Closed
@turt2live turt2live added O-Uncommon Most users are unlikely to come across this or unexpected workflow Team: Crypto labels Jun 14, 2022
@richvdh richvdh added Z-Legacy-Crypto Issues affecting the legacy crypto stack and removed Team: Crypto labels Nov 7, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-E2EE O-Uncommon Most users are unlikely to come across this or unexpected workflow S-Major Severely degrades major functionality or product features, with no satisfactory workaround T-Defect Z-Legacy-Crypto Issues affecting the legacy crypto stack
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@germain-gg @turt2live @richvdh @SimonBrandner