From d993c6aada7c82c8af95f0e55ce51835ce8c32d7 Mon Sep 17 00:00:00 2001 From: Hubert Chathi Date: Thu, 4 Jul 2024 18:48:59 -0400 Subject: [PATCH 1/7] update Rust SDK to latest version --- Cargo.lock | 26 ++++++++++---------- src/encryption.rs | 53 +++++++++++++++++++++++++++++++++++++---- src/libolm_migration.rs | 17 ++++++------- 3 files changed, 69 insertions(+), 27 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 2a4449e18..029f73f29 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -436,9 +436,9 @@ checksum = "5443807d6dff69373d433ab9ef5378ad8df50ca6298caf15de6e52e24aaf54d5" [[package]] name = "eyeball" -version = "0.8.7" +version = "0.8.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "42482893d982111055ce4b24234d6250396d3785767c6b04cedd84612a0b80fb" +checksum = "d93bd0ebf93d61d6332d3c09a96e97975968a44e19a64c947bde06e6baff383f" dependencies = [ "futures-core", "readlock", @@ -845,7 +845,7 @@ dependencies = [ [[package]] name = "matrix-sdk-common" version = "0.7.0" -source = "git+https://github.com/matrix-org/matrix-rust-sdk#7b25a1c2f02ea6abd74e6772b0326a98fb4e184f" +source = "git+https://github.com/matrix-org/matrix-rust-sdk#d6300bbda771e1afdc2ea86cd2a8cc19475edae7" dependencies = [ "async-trait", "futures-core", @@ -867,7 +867,7 @@ dependencies = [ [[package]] name = "matrix-sdk-crypto" version = "0.7.1" -source = "git+https://github.com/matrix-org/matrix-rust-sdk#7b25a1c2f02ea6abd74e6772b0326a98fb4e184f" +source = "git+https://github.com/matrix-org/matrix-rust-sdk#d6300bbda771e1afdc2ea86cd2a8cc19475edae7" dependencies = [ "aes", "as_variant", @@ -934,7 +934,7 @@ dependencies = [ [[package]] name = "matrix-sdk-indexeddb" version = "0.7.0" -source = "git+https://github.com/matrix-org/matrix-rust-sdk#7b25a1c2f02ea6abd74e6772b0326a98fb4e184f" +source = "git+https://github.com/matrix-org/matrix-rust-sdk#d6300bbda771e1afdc2ea86cd2a8cc19475edae7" dependencies = [ "anyhow", "async-trait", @@ -962,7 +962,7 @@ dependencies = [ [[package]] name = "matrix-sdk-qrcode" version = "0.7.0" -source = "git+https://github.com/matrix-org/matrix-rust-sdk#7b25a1c2f02ea6abd74e6772b0326a98fb4e184f" +source = "git+https://github.com/matrix-org/matrix-rust-sdk#d6300bbda771e1afdc2ea86cd2a8cc19475edae7" dependencies = [ "byteorder", "qrcode", @@ -974,7 +974,7 @@ dependencies = [ [[package]] name = "matrix-sdk-store-encryption" version = "0.7.0" -source = "git+https://github.com/matrix-org/matrix-rust-sdk#7b25a1c2f02ea6abd74e6772b0326a98fb4e184f" +source = "git+https://github.com/matrix-org/matrix-rust-sdk#d6300bbda771e1afdc2ea86cd2a8cc19475edae7" dependencies = [ "base64", "blake3", @@ -1313,7 +1313,7 @@ dependencies = [ [[package]] name = "ruma" version = "0.10.1" -source = "git+https://github.com/ruma/ruma?rev=c21817436979acbe66d43064498920a6d289b562#c21817436979acbe66d43064498920a6d289b562" +source = "git+https://github.com/ruma/ruma?rev=e5a370f7e5fcebb0da6e4945e51c5fafba9aa5f0#e5a370f7e5fcebb0da6e4945e51c5fafba9aa5f0" dependencies = [ "assign", "js_int", @@ -1327,7 +1327,7 @@ dependencies = [ [[package]] name = "ruma-client-api" version = "0.18.0" -source = "git+https://github.com/ruma/ruma?rev=c21817436979acbe66d43064498920a6d289b562#c21817436979acbe66d43064498920a6d289b562" +source = "git+https://github.com/ruma/ruma?rev=e5a370f7e5fcebb0da6e4945e51c5fafba9aa5f0#e5a370f7e5fcebb0da6e4945e51c5fafba9aa5f0" dependencies = [ "as_variant", "assign", @@ -1350,7 +1350,7 @@ dependencies = [ [[package]] name = "ruma-common" version = "0.13.0" -source = "git+https://github.com/ruma/ruma?rev=c21817436979acbe66d43064498920a6d289b562#c21817436979acbe66d43064498920a6d289b562" +source = "git+https://github.com/ruma/ruma?rev=e5a370f7e5fcebb0da6e4945e51c5fafba9aa5f0#e5a370f7e5fcebb0da6e4945e51c5fafba9aa5f0" dependencies = [ "as_variant", "base64", @@ -1382,7 +1382,7 @@ dependencies = [ [[package]] name = "ruma-events" version = "0.28.1" -source = "git+https://github.com/ruma/ruma?rev=c21817436979acbe66d43064498920a6d289b562#c21817436979acbe66d43064498920a6d289b562" +source = "git+https://github.com/ruma/ruma?rev=e5a370f7e5fcebb0da6e4945e51c5fafba9aa5f0#e5a370f7e5fcebb0da6e4945e51c5fafba9aa5f0" dependencies = [ "as_variant", "indexmap", @@ -1404,7 +1404,7 @@ dependencies = [ [[package]] name = "ruma-identifiers-validation" version = "0.9.5" -source = "git+https://github.com/ruma/ruma?rev=c21817436979acbe66d43064498920a6d289b562#c21817436979acbe66d43064498920a6d289b562" +source = "git+https://github.com/ruma/ruma?rev=e5a370f7e5fcebb0da6e4945e51c5fafba9aa5f0#e5a370f7e5fcebb0da6e4945e51c5fafba9aa5f0" dependencies = [ "js_int", "thiserror", @@ -1413,7 +1413,7 @@ dependencies = [ [[package]] name = "ruma-macros" version = "0.13.0" -source = "git+https://github.com/ruma/ruma?rev=c21817436979acbe66d43064498920a6d289b562#c21817436979acbe66d43064498920a6d289b562" +source = "git+https://github.com/ruma/ruma?rev=e5a370f7e5fcebb0da6e4945e51c5fafba9aa5f0#e5a370f7e5fcebb0da6e4945e51c5fafba9aa5f0" dependencies = [ "once_cell", "proc-macro-crate", diff --git a/src/encryption.rs b/src/encryption.rs index bbd9f37e8..ab3797d10 100644 --- a/src/encryption.rs +++ b/src/encryption.rs @@ -33,8 +33,8 @@ pub struct EncryptionSettings { /// Should untrusted devices receive the room key, or should they be /// excluded from the conversation. - #[wasm_bindgen(js_name = "onlyAllowTrustedDevices")] - pub only_allow_trusted_devices: bool, + #[wasm_bindgen(js_name = "sharingStrategy")] + pub sharing_strategy: CollectStrategy, } impl Default for EncryptionSettings { @@ -46,7 +46,7 @@ impl Default for EncryptionSettings { rotation_period: default.rotation_period.as_micros().try_into().unwrap(), rotation_period_messages: default.rotation_period_msgs, history_visibility: default.history_visibility.into(), - only_allow_trusted_devices: default.only_allow_trusted_devices, + sharing_strategy: default.sharing_strategy.into(), } } } @@ -69,7 +69,7 @@ impl From<&EncryptionSettings> for matrix_sdk_crypto::olm::EncryptionSettings { rotation_period: Duration::from_micros(value.rotation_period), rotation_period_msgs: value.rotation_period_messages, history_visibility: value.history_visibility.clone().into(), - only_allow_trusted_devices: value.only_allow_trusted_devices, + sharing_strategy: value.sharing_strategy.clone().into(), } } } @@ -116,6 +116,51 @@ impl From for EncryptionAlgo } } +#[wasm_bindgen()] +#[derive(Debug, Clone, PartialEq, Eq)] +/// Strategy to collect the devices that should receive room keys for the +/// current discussion. +/// +/// See matrix_sdk_crypto::CollectStrategy +pub enum CollectStrategy { + /// Device based sharing strategy, excluding devices that are not trusted. + DeviceBasedStrategyOnlyTrustedDevices, + /// Device based sharing strategy, including all devices. + DeviceBasedStrategyAllDevices, + /// Only distribute to devices signed by their owner. + IdentityBasedStrategy, +} + +impl From for matrix_sdk_crypto::CollectStrategy { + fn from(value: CollectStrategy) -> Self { + match value { + CollectStrategy::DeviceBasedStrategyOnlyTrustedDevices => { + Self::DeviceBasedStrategy { only_allow_trusted_devices: true } + } + CollectStrategy::DeviceBasedStrategyAllDevices => { + Self::DeviceBasedStrategy { only_allow_trusted_devices: false } + } + CollectStrategy::IdentityBasedStrategy => Self::IdentityBasedStrategy, + } + } +} + +impl From for CollectStrategy { + fn from(value: matrix_sdk_crypto::CollectStrategy) -> Self { + match value { + matrix_sdk_crypto::CollectStrategy::DeviceBasedStrategy { + only_allow_trusted_devices: true, + } => Self::DeviceBasedStrategyOnlyTrustedDevices, + matrix_sdk_crypto::CollectStrategy::DeviceBasedStrategy { + only_allow_trusted_devices: false, + } => Self::DeviceBasedStrategyAllDevices, + matrix_sdk_crypto::CollectStrategy::IdentityBasedStrategy => { + Self::IdentityBasedStrategy + } + } + } +} + /// Take a look at [`matrix_sdk_common::deserialized_responses::ShieldState`] /// for more info. #[wasm_bindgen] diff --git a/src/libolm_migration.rs b/src/libolm_migration.rs index bc5344243..7127a23e9 100644 --- a/src/libolm_migration.rs +++ b/src/libolm_migration.rs @@ -300,19 +300,15 @@ async fn import_olm_sessions_to_store( .await? .context("Base data must be imported before calling `migrateOlmSessions`")?; - let user_id = account.user_id(); - let device_id = account.device_id(); - let identity_keys = &account.identity_keys; - let sessions = pickled_sessions .into_iter() .map(|pickled_session| { - Session::from_pickle( - user_id.to_owned(), - device_id.to_owned(), - identity_keys.clone(), - pickled_session, - ) + // Session::from_pickle normally needs the device keys from storage + // (which will include cross-signing signatures), for embedding the + // key in outgoing messages. But in this case, it is just getting + // stored, so we can use the device keys generated by the account. + Session::from_pickle(account.device_keys(), pickled_session) + .expect("The account is invalid") }) .collect(); @@ -441,6 +437,7 @@ fn libolm_pickled_megolm_session_to_rust_pickled_session( pickle, sender_key, signing_key: sender_signing_keys, + sender_data: Default::default(), room_id: libolm_session .room_id .clone() From 872ef74713252c1f97791eb9c4316b6c041f447a Mon Sep 17 00:00:00 2001 From: Hubert Chathi Date: Fri, 5 Jul 2024 11:16:43 -0400 Subject: [PATCH 2/7] update Rust SDK again to get indexeddb fixes --- Cargo.lock | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 029f73f29..974cc6d7a 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -845,7 +845,7 @@ dependencies = [ [[package]] name = "matrix-sdk-common" version = "0.7.0" -source = "git+https://github.com/matrix-org/matrix-rust-sdk#d6300bbda771e1afdc2ea86cd2a8cc19475edae7" +source = "git+https://github.com/matrix-org/matrix-rust-sdk#11cbf849ccc99a9da57f582046114252896f8998" dependencies = [ "async-trait", "futures-core", @@ -867,7 +867,7 @@ dependencies = [ [[package]] name = "matrix-sdk-crypto" version = "0.7.1" -source = "git+https://github.com/matrix-org/matrix-rust-sdk#d6300bbda771e1afdc2ea86cd2a8cc19475edae7" +source = "git+https://github.com/matrix-org/matrix-rust-sdk#11cbf849ccc99a9da57f582046114252896f8998" dependencies = [ "aes", "as_variant", @@ -934,7 +934,7 @@ dependencies = [ [[package]] name = "matrix-sdk-indexeddb" version = "0.7.0" -source = "git+https://github.com/matrix-org/matrix-rust-sdk#d6300bbda771e1afdc2ea86cd2a8cc19475edae7" +source = "git+https://github.com/matrix-org/matrix-rust-sdk#11cbf849ccc99a9da57f582046114252896f8998" dependencies = [ "anyhow", "async-trait", @@ -962,7 +962,7 @@ dependencies = [ [[package]] name = "matrix-sdk-qrcode" version = "0.7.0" -source = "git+https://github.com/matrix-org/matrix-rust-sdk#d6300bbda771e1afdc2ea86cd2a8cc19475edae7" +source = "git+https://github.com/matrix-org/matrix-rust-sdk#11cbf849ccc99a9da57f582046114252896f8998" dependencies = [ "byteorder", "qrcode", @@ -974,7 +974,7 @@ dependencies = [ [[package]] name = "matrix-sdk-store-encryption" version = "0.7.0" -source = "git+https://github.com/matrix-org/matrix-rust-sdk#d6300bbda771e1afdc2ea86cd2a8cc19475edae7" +source = "git+https://github.com/matrix-org/matrix-rust-sdk#11cbf849ccc99a9da57f582046114252896f8998" dependencies = [ "base64", "blake3", From 1d2c73c92e9976af3dca54074678787bf170d502 Mon Sep 17 00:00:00 2001 From: Hubert Chathi Date: Mon, 8 Jul 2024 13:18:23 -0400 Subject: [PATCH 3/7] add changelog and a test --- CHANGELOG.md | 10 ++++++++++ tests/encryption.test.js | 13 ++++++++++++- 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 151ab7ad3..c2e26580e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,15 @@ # UNRELEASED +**BREAKING CHANGES** + +- `EncryptionSettings.onlyAllowTrustedDevices` has been replaced with + `EncryptionSettings.sharingStrategy`, which adds the ability to share only + with cross-signed devices. + +- Update matrix-rust-sdk to `11cbf849c`, which includes: + + - refactor(sdk-crypto): Room key sharing, introduce extensible strategy ([#3605](https://github.com/matrix-org/matrix-rust-sdk/pull/3605)) + # matrix-sdk-crypto-wasm v6.2.1 - Update matrix-rust-sdk to `7b25a1c2f`, which includes fixes to bugs introduced in v6.2.0. diff --git a/tests/encryption.test.js b/tests/encryption.test.js index b7fd11f9b..7d450ecba 100644 --- a/tests/encryption.test.js +++ b/tests/encryption.test.js @@ -1,4 +1,4 @@ -const { EncryptionAlgorithm, EncryptionSettings, HistoryVisibility, VerificationState } = require("../pkg"); +const { CollectStrategy, EncryptionAlgorithm, EncryptionSettings, HistoryVisibility, VerificationState } = require("../pkg"); describe("EncryptionAlgorithm", () => { test("has the correct variant values", () => { @@ -27,4 +27,15 @@ describe(EncryptionSettings.name, () => { es.historyVisibility = 42; }).toThrow(); }); + + test("checks the sharing strategy values", () => { + const es = new EncryptionSettings(); + + es.sharingStrategy = CollectStrategy.DeviceBasedStrategyAllDevices; + + expect(es.sharingStrategy).toStrictEqual(CollectStrategy.DeviceBasedStrategyAllDevices); + expect(() => { + es.historyVisibility = 42; + }).toThrow(); + }); }); From 4e27f0147a6737b31122e25f30353f0603d0331a Mon Sep 17 00:00:00 2001 From: Hubert Chathi Date: Mon, 8 Jul 2024 14:26:46 -0400 Subject: [PATCH 4/7] fix comments --- src/encryption.rs | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/src/encryption.rs b/src/encryption.rs index ab3797d10..5e096a2ca 100644 --- a/src/encryption.rs +++ b/src/encryption.rs @@ -116,18 +116,24 @@ impl From for EncryptionAlgo } } -#[wasm_bindgen()] -#[derive(Debug, Clone, PartialEq, Eq)] /// Strategy to collect the devices that should receive room keys for the /// current discussion. -/// -/// See matrix_sdk_crypto::CollectStrategy +#[wasm_bindgen()] +#[derive(Debug, Clone, PartialEq, Eq)] pub enum CollectStrategy { /// Device based sharing strategy, excluding devices that are not trusted. + /// A device is trusted if any of the following is true: + /// - It was manually marked as trusted. + /// - It was marked as verified via interactive verification. + /// - It is signed by its owner identity, and this identity has been + /// trusted via interactive verification. + /// - It is the current own device of the user. DeviceBasedStrategyOnlyTrustedDevices, /// Device based sharing strategy, including all devices. DeviceBasedStrategyAllDevices, - /// Only distribute to devices signed by their owner. + /// Share based on identity. Only distribute to devices signed by their + /// owner. If a user has no published identity he will not receive + /// any room keys. IdentityBasedStrategy, } From 0578fa918261af8bceeddfe3b91438bfc42a8fe7 Mon Sep 17 00:00:00 2001 From: Hubert Chathi Date: Mon, 8 Jul 2024 15:16:41 -0400 Subject: [PATCH 5/7] prettier --- tests/encryption.test.js | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/tests/encryption.test.js b/tests/encryption.test.js index 7d450ecba..7d77b5c97 100644 --- a/tests/encryption.test.js +++ b/tests/encryption.test.js @@ -1,4 +1,10 @@ -const { CollectStrategy, EncryptionAlgorithm, EncryptionSettings, HistoryVisibility, VerificationState } = require("../pkg"); +const { + CollectStrategy, + EncryptionAlgorithm, + EncryptionSettings, + HistoryVisibility, + VerificationState, +} = require("../pkg"); describe("EncryptionAlgorithm", () => { test("has the correct variant values", () => { From 2d947eb260581f23df29cfbb118738df05bdc350 Mon Sep 17 00:00:00 2001 From: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> Date: Tue, 9 Jul 2024 16:47:02 +0100 Subject: [PATCH 6/7] Update CHANGELOG.md --- CHANGELOG.md | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c2e26580e..c3eaab074 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,9 +6,19 @@ `EncryptionSettings.sharingStrategy`, which adds the ability to share only with cross-signed devices. +**Other changes** + - Update matrix-rust-sdk to `11cbf849c`, which includes: - - refactor(sdk-crypto): Room key sharing, introduce extensible strategy ([#3605](https://github.com/matrix-org/matrix-rust-sdk/pull/3605)) + - refactor(sdk-crypto): Room key sharing, introduce extensible strategy + ([#3605](https://github.com/matrix-org/matrix-rust-sdk/pull/3605)) + + - Log the content of received `m.room_key.withheld` to-device events. + ([#3591](https://github.com/matrix-org/matrix-rust-sdk/pull/3591)) + + - Attempt to decrypt bundled events (reactions and the latest thread reply) if they are found in the unsigned part of an event. + ([#3468](https://github.com/matrix-org/matrix-rust-sdk/pull/3468)) + # matrix-sdk-crypto-wasm v6.2.1 From 7a32504306c6d55ed500f4d2b7b082b527eaccfb Mon Sep 17 00:00:00 2001 From: Richard van der Hoff Date: Tue, 9 Jul 2024 16:48:17 +0100 Subject: [PATCH 7/7] prettier --- CHANGELOG.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c3eaab074..34fcc37a3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,14 +12,13 @@ - refactor(sdk-crypto): Room key sharing, introduce extensible strategy ([#3605](https://github.com/matrix-org/matrix-rust-sdk/pull/3605)) - + - Log the content of received `m.room_key.withheld` to-device events. ([#3591](https://github.com/matrix-org/matrix-rust-sdk/pull/3591)) - Attempt to decrypt bundled events (reactions and the latest thread reply) if they are found in the unsigned part of an event. ([#3468](https://github.com/matrix-org/matrix-rust-sdk/pull/3468)) - # matrix-sdk-crypto-wasm v6.2.1 - Update matrix-rust-sdk to `7b25a1c2f`, which includes fixes to bugs introduced in v6.2.0.