From e7aaf12299076c755c51d49a4ef463ab93ea772c Mon Sep 17 00:00:00 2001 From: Benoit Marty Date: Wed, 13 Apr 2022 15:34:24 +0200 Subject: [PATCH 001/433] Add a paragraph about the target branch, and a word about `develop` branch content. --- docs/pull_request.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/docs/pull_request.md b/docs/pull_request.md index b4dd0bd209..1aa034c6ce 100644 --- a/docs/pull_request.md +++ b/docs/pull_request.md @@ -30,6 +30,17 @@ In any case, it is better to explicitly declare in the description why the PR is Also, draft PR should not stay indefinitely in this state. It may be removed if it is the case and the submitter does not update it after a few days. +##### Base branch + +The `develop` branch is generally the base branch for every PRs. + +Exceptions can occur: + +- if a feature implementation is split into multiple PRs. We can have a chain of PRs in this case. PR can be merged one by one on develop, and GitHub change the target branch to `develop` for the next PR automatically. +- we want to merge a PR from the community, but there is still work to do, and the PR is not updated by the submitter. In this case, we can create a new branch, push it, and change the target branch of the PR to this new branch. The PR can then be merged, and we can add more commits to fix the issues. After that a new PR can be created with `develop` as a target branch. + +**Important notice:** Releases are created from the `develop` branch. So `develop` branch should always contain a "releasable" source code. So when a feature is being implemented with several PRs, it has to be disabled by default, until the feature is fully implemented. A last PR to enable the feature can then be created. + ##### PR Review Assignment We use automatic assignment for PR reviews. A PR is automatically routed by GitHub to a team member using the round robin algorithm. The process is the following: From 773b9b7764364acaf889e93a31ec2765c0fd73d3 Mon Sep 17 00:00:00 2001 From: Benoit Marty Date: Wed, 13 Apr 2022 15:42:36 +0200 Subject: [PATCH 002/433] Add a notice about database migration --- docs/pull_request.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/pull_request.md b/docs/pull_request.md index 1aa034c6ce..e5c3e910f4 100644 --- a/docs/pull_request.md +++ b/docs/pull_request.md @@ -39,7 +39,9 @@ Exceptions can occur: - if a feature implementation is split into multiple PRs. We can have a chain of PRs in this case. PR can be merged one by one on develop, and GitHub change the target branch to `develop` for the next PR automatically. - we want to merge a PR from the community, but there is still work to do, and the PR is not updated by the submitter. In this case, we can create a new branch, push it, and change the target branch of the PR to this new branch. The PR can then be merged, and we can add more commits to fix the issues. After that a new PR can be created with `develop` as a target branch. -**Important notice:** Releases are created from the `develop` branch. So `develop` branch should always contain a "releasable" source code. So when a feature is being implemented with several PRs, it has to be disabled by default, until the feature is fully implemented. A last PR to enable the feature can then be created. +**Important notice 1:** Releases are created from the `develop` branch. So `develop` branch should always contain a "releasable" source code. So when a feature is being implemented with several PRs, it has to be disabled by default, until the feature is fully implemented. A last PR to enable the feature can then be created. + +**Important notice 2:** Database migration: some developers and some people from the community are using the nightly build from `develop`. Multiple database migrations should be properly handled for them. This is OK to have multiple migrations between 2 releases, this is not OK to add steps to the pending database migration on `develop`. So for instance `develop` users will migrate from version 11 to version 12, then 13, then 14, and `main` users will do all those steps after they get the app upgrade. ##### PR Review Assignment From 7939ecaedce33c93833bfaa954ece0b9a8871be8 Mon Sep 17 00:00:00 2001 From: Onuray Sahin Date: Fri, 22 Apr 2022 15:50:40 +0300 Subject: [PATCH 003/433] Try to start streaming screen capture. --- .../app/features/call/VectorCallActivity.kt | 35 +++++++++++++++---- .../features/call/VectorCallViewActions.kt | 3 +- .../app/features/call/VectorCallViewModel.kt | 2 +- .../webrtc/ScreenCaptureServiceConnection.kt | 10 +++++- .../app/features/call/webrtc/WebRtcCall.kt | 24 +++++++++++-- 5 files changed, 62 insertions(+), 12 deletions(-) diff --git a/vector/src/main/java/im/vector/app/features/call/VectorCallActivity.kt b/vector/src/main/java/im/vector/app/features/call/VectorCallActivity.kt index ea9adcde85..1ab423d541 100644 --- a/vector/src/main/java/im/vector/app/features/call/VectorCallActivity.kt +++ b/vector/src/main/java/im/vector/app/features/call/VectorCallActivity.kt @@ -24,6 +24,7 @@ import android.content.Intent import android.content.Intent.FLAG_ACTIVITY_CLEAR_TOP import android.content.res.Configuration import android.graphics.Color +import android.media.projection.MediaProjection import android.media.projection.MediaProjectionManager import android.os.Build import android.os.Bundle @@ -32,6 +33,7 @@ import android.util.Rational import android.view.MenuItem import android.view.View import android.view.WindowManager +import androidx.activity.result.ActivityResult import androidx.annotation.StringRes import androidx.core.content.ContextCompat import androidx.core.content.getSystemService @@ -76,6 +78,7 @@ import org.matrix.android.sdk.api.session.call.TurnServerResponse import org.matrix.android.sdk.api.session.room.model.call.EndCallReason import org.webrtc.EglBase import org.webrtc.RendererCommon +import org.webrtc.ScreenCapturerAndroid import timber.log.Timber import javax.inject.Inject @@ -636,18 +639,36 @@ class VectorCallActivity : VectorBaseActivity(), CallContro private val screenSharingPermissionActivityResultLauncher = registerStartForActivityResult { activityResult -> if (activityResult.resultCode == Activity.RESULT_OK) { - callViewModel.handle(VectorCallViewActions.StartScreenSharing) - // We need to start a foreground service with a sticky notification during screen sharing if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.Q) { - ContextCompat.startForegroundService( - this, - Intent(this, ScreenCaptureService::class.java) - ) - screenCaptureServiceConnection.bind() + // We need to start a foreground service with a sticky notification during screen sharing + startScreenSharingService(activityResult) + } else { + startScreenSharing(activityResult) } } } + private fun startScreenSharing(activityResult: ActivityResult) { + val videoCapturer = ScreenCapturerAndroid(activityResult.data, object : MediaProjection.Callback() { + override fun onStop() { + Timber.v("User revoked the screen capturing permission") + } + }) + callViewModel.handle(VectorCallViewActions.StartScreenSharing(videoCapturer)) + } + + private fun startScreenSharingService(activityResult: ActivityResult) { + ContextCompat.startForegroundService( + this, + Intent(this, ScreenCaptureService::class.java) + ) + screenCaptureServiceConnection.bind(object : ScreenCaptureServiceConnection.Callback { + override fun onServiceConnected() { + startScreenSharingService(activityResult) + } + }) + } + private fun handleShowScreenSharingPermissionDialog() { getSystemService()?.let { navigator.openScreenSharingPermissionDialog(it.createScreenCaptureIntent(), screenSharingPermissionActivityResultLauncher) diff --git a/vector/src/main/java/im/vector/app/features/call/VectorCallViewActions.kt b/vector/src/main/java/im/vector/app/features/call/VectorCallViewActions.kt index c84f733b9a..cec118f296 100644 --- a/vector/src/main/java/im/vector/app/features/call/VectorCallViewActions.kt +++ b/vector/src/main/java/im/vector/app/features/call/VectorCallViewActions.kt @@ -19,6 +19,7 @@ package im.vector.app.features.call import im.vector.app.core.platform.VectorViewModelAction import im.vector.app.features.call.audio.CallAudioManager import im.vector.app.features.call.transfer.CallTransferResult +import org.webrtc.VideoCapturer sealed class VectorCallViewActions : VectorViewModelAction { object EndCall : VectorCallViewActions() @@ -41,5 +42,5 @@ sealed class VectorCallViewActions : VectorViewModelAction { data class CallTransferSelectionResult(val callTransferResult: CallTransferResult) : VectorCallViewActions() object TransferCall : VectorCallViewActions() object ToggleScreenSharing : VectorCallViewActions() - object StartScreenSharing : VectorCallViewActions() + data class StartScreenSharing(val videoCapturer: VideoCapturer) : VectorCallViewActions() } diff --git a/vector/src/main/java/im/vector/app/features/call/VectorCallViewModel.kt b/vector/src/main/java/im/vector/app/features/call/VectorCallViewModel.kt index 3b7baef155..3b6ff9997b 100644 --- a/vector/src/main/java/im/vector/app/features/call/VectorCallViewModel.kt +++ b/vector/src/main/java/im/vector/app/features/call/VectorCallViewModel.kt @@ -348,7 +348,7 @@ class VectorCallViewModel @AssistedInject constructor( handleToggleScreenSharing(state.isSharingScreen) } is VectorCallViewActions.StartScreenSharing -> { - call?.startSharingScreen() + call?.startSharingScreen(action.videoCapturer) setState { copy(isSharingScreen = true) } diff --git a/vector/src/main/java/im/vector/app/features/call/webrtc/ScreenCaptureServiceConnection.kt b/vector/src/main/java/im/vector/app/features/call/webrtc/ScreenCaptureServiceConnection.kt index 922e9676a8..b8d28791b5 100644 --- a/vector/src/main/java/im/vector/app/features/call/webrtc/ScreenCaptureServiceConnection.kt +++ b/vector/src/main/java/im/vector/app/features/call/webrtc/ScreenCaptureServiceConnection.kt @@ -27,10 +27,17 @@ class ScreenCaptureServiceConnection @Inject constructor( private val context: Context ) : ServiceConnection { + interface Callback { + fun onServiceConnected() + } + private var isBound = false private var screenCaptureService: ScreenCaptureService? = null + private var callback: Callback? = null + + fun bind(callback: Callback) { + this.callback = callback - fun bind() { if (!isBound) { Intent(context, ScreenCaptureService::class.java).also { intent -> context.bindService(intent, this, 0) @@ -45,6 +52,7 @@ class ScreenCaptureServiceConnection @Inject constructor( override fun onServiceConnected(className: ComponentName, binder: IBinder) { screenCaptureService = (binder as ScreenCaptureService.LocalBinder).getService() isBound = true + callback?.onServiceConnected() } override fun onServiceDisconnected(className: ComponentName) { diff --git a/vector/src/main/java/im/vector/app/features/call/webrtc/WebRtcCall.kt b/vector/src/main/java/im/vector/app/features/call/webrtc/WebRtcCall.kt index bc8ae51a88..aac5ecc962 100644 --- a/vector/src/main/java/im/vector/app/features/call/webrtc/WebRtcCall.kt +++ b/vector/src/main/java/im/vector/app/features/call/webrtc/WebRtcCall.kt @@ -84,6 +84,7 @@ import org.webrtc.RtpTransceiver import org.webrtc.SessionDescription import org.webrtc.SurfaceTextureHelper import org.webrtc.SurfaceViewRenderer +import org.webrtc.VideoCapturer import org.webrtc.VideoSource import org.webrtc.VideoTrack import timber.log.Timber @@ -770,8 +771,27 @@ class WebRtcCall( return currentCaptureFormat } - fun startSharingScreen() { - // TODO. Will be handled within the next PR. + fun startSharingScreen(videoCapturer: VideoCapturer) { + val factory = peerConnectionFactoryProvider.get() ?: return + val videoSource = factory.createVideoSource(true) + val audioSource = factory.createAudioSource(DEFAULT_AUDIO_CONSTRAINTS) + val surfaceTextureHelper = SurfaceTextureHelper.create("CaptureThread", rootEglBase!!.eglBaseContext) + videoCapturer.initialize(surfaceTextureHelper, context, videoSource.capturerObserver) + videoCapturer.startCapture(currentCaptureFormat.width, currentCaptureFormat.height, currentCaptureFormat.fps) + + val videoTrack = factory.createVideoTrack("ARDAMSv0", videoSource).apply { setEnabled(true) } + val audioTrack = factory.createAudioTrack("ARDAMSa0", audioSource).apply { setEnabled(true) } + + val localMediaStream = factory.createLocalMediaStream("ARDAMS") + peerConnection?.addTrack(videoTrack) + peerConnection?.addTrack(audioTrack) + localMediaStream.addTrack(videoTrack) + localMediaStream.addTrack(audioTrack) + + localAudioSource = audioSource + localVideoSource = videoSource + localAudioTrack = audioTrack + localVideoTrack = videoTrack } fun stopSharingScreen() { From e4b853035657deb4971f0d858f640c9f9560a8d1 Mon Sep 17 00:00:00 2001 From: Henry Jackson Date: Sun, 24 Apr 2022 19:26:55 +0100 Subject: [PATCH 004/433] Updated copy and moved override in profile screen - Used display name instead of nick to match other strings in the app. - Reordered member profile to show DM above changing nick colour. Fixes #5825 Signed-off-by: Henry Jackson --- changelog.d/5825.bugfix | 1 + .../RoomMemberProfileController.kt | 18 ++++++++++-------- .../RoomMemberProfileFragment.kt | 2 +- vector/src/main/res/values/strings.xml | 2 +- 4 files changed, 13 insertions(+), 10 deletions(-) create mode 100644 changelog.d/5825.bugfix diff --git a/changelog.d/5825.bugfix b/changelog.d/5825.bugfix new file mode 100644 index 0000000000..77560027ba --- /dev/null +++ b/changelog.d/5825.bugfix @@ -0,0 +1 @@ +Changed copy and list order in member profile screen. \ No newline at end of file diff --git a/vector/src/main/java/im/vector/app/features/roommemberprofile/RoomMemberProfileController.kt b/vector/src/main/java/im/vector/app/features/roommemberprofile/RoomMemberProfileController.kt index 545e9f7190..6d9f798543 100644 --- a/vector/src/main/java/im/vector/app/features/roommemberprofile/RoomMemberProfileController.kt +++ b/vector/src/main/java/im/vector/app/features/roommemberprofile/RoomMemberProfileController.kt @@ -182,10 +182,19 @@ class RoomMemberProfileController @Inject constructor( // More buildProfileSection(stringProvider.getString(R.string.room_profile_section_more)) + if (!state.isMine) { + buildProfileAction( + id = "direct", + editable = false, + title = stringProvider.getString(R.string.room_member_open_or_create_dm), + action = { callback?.onOpenDmClicked() } + ) + } + buildProfileAction( id = "overrideColor", editable = false, - title = stringProvider.getString(R.string.room_member_override_nick_color), + title = stringProvider.getString(R.string.room_member_override_display_name_colour), subtitle = state.userColorOverride, divider = !state.isMine, action = { callback?.onOverrideColorClicked() } @@ -194,13 +203,6 @@ class RoomMemberProfileController @Inject constructor( if (!state.isMine) { val membership = state.asyncMembership() ?: return - buildProfileAction( - id = "direct", - editable = false, - title = stringProvider.getString(R.string.room_member_open_or_create_dm), - action = { callback?.onOpenDmClicked() } - ) - if (!state.isSpace && state.hasReadReceipt) { buildProfileAction( id = "read_receipt", diff --git a/vector/src/main/java/im/vector/app/features/roommemberprofile/RoomMemberProfileFragment.kt b/vector/src/main/java/im/vector/app/features/roommemberprofile/RoomMemberProfileFragment.kt index 760bbe9353..5d82cd855f 100644 --- a/vector/src/main/java/im/vector/app/features/roommemberprofile/RoomMemberProfileFragment.kt +++ b/vector/src/main/java/im/vector/app/features/roommemberprofile/RoomMemberProfileFragment.kt @@ -345,7 +345,7 @@ class RoomMemberProfileFragment @Inject constructor( views.editText.hint = "#000000" MaterialAlertDialogBuilder(requireContext()) - .setTitle(R.string.room_member_override_nick_color) + .setTitle(R.string.room_member_override_display_name_colour) .setView(layout) .setPositiveButton(R.string.ok) { _, _ -> val newColor = views.editText.text.toString() diff --git a/vector/src/main/res/values/strings.xml b/vector/src/main/res/values/strings.xml index e5b784b7ea..f882fdf162 100644 --- a/vector/src/main/res/values/strings.xml +++ b/vector/src/main/res/values/strings.xml @@ -2177,7 +2177,7 @@ Leave "Leaving the room…" - Override nick color + Override display name colour Admins Moderators From 9177cb11d5901e0f565b10b910067e34c022a42e Mon Sep 17 00:00:00 2001 From: Valere Date: Mon, 14 Mar 2022 14:39:04 +0100 Subject: [PATCH 005/433] Refactor key and secret request managers use megolm backup before sending key request --- .../android/sdk/common/CryptoTestHelper.kt | 63 +++ .../sdk/internal/crypto/E2eeSanityTests.kt | 286 ++++++++--- .../sdk/internal/crypto/PreShareKeysTest.kt | 31 +- .../crypto/gossiping/KeyShareTests.kt | 7 +- .../sdk/api/session/crypto/CryptoService.kt | 14 +- .../model/OutgoingGossipingRequestState.kt | 17 +- .../crypto/model/OutgoingRoomKeyRequest.kt | 55 -- .../model/content/RoomKeyWithHeldContent.kt | 8 +- .../SharedSecretStorageService.kt | 2 +- .../crypto/CancelGossipRequestWorker.kt | 121 ----- .../internal/crypto/DefaultCryptoService.kt | 192 +++---- .../internal/crypto/GossipingWorkManager.kt | 57 --- .../crypto/IncomingGossipingRequestManager.kt | 472 ------------------ .../crypto/IncomingKeyRequestManager.kt | 364 ++++++++++++++ .../sdk/internal/crypto/MXOlmDevice.kt | 17 +- .../crypto/OutgoingGossipingRequest.kt | 10 +- .../crypto/OutgoingGossipingRequestManager.kt | 392 +++++++++++---- .../sdk/internal/crypto/OutgoingKeyRequest.kt | 58 +++ .../internal/crypto/OutgoingSecretRequest.kt | 4 +- .../PerSessionBackupQueryRateLimiter.kt | 131 +++++ .../internal/crypto/RoomEncryptorsStore.kt | 23 +- .../sdk/internal/crypto/SecretShareManager.kt | 274 ++++++++++ .../crypto/SendGossipRequestWorker.kt | 151 ------ .../sdk/internal/crypto/SendGossipWorker.kt | 168 ------- .../actions/MegolmSessionDataImporter.kt | 23 +- .../crypto/algorithms/IMXWithHeldExtension.kt | 23 - .../algorithms/megolm/MXMegolmDecryption.kt | 43 +- .../algorithms/megolm/MXMegolmEncryption.kt | 16 +- .../keysbackup/DefaultKeysBackupService.kt | 8 +- .../sdk/internal/crypto/model/AuditTrail.kt | 75 +++ .../DefaultSharedSecretStorageService.kt | 11 +- .../internal/crypto/store/IMXCryptoStore.kt | 62 ++- .../crypto/store/db/RealmCryptoStore.kt | 352 ++++++++++--- .../store/db/RealmCryptoStoreMigration.kt | 4 +- .../crypto/store/db/RealmCryptoStoreModule.kt | 10 +- .../store/db/migration/MigrateCryptoTo016.kt | 61 +++ .../store/db/model/AuditTrailEntity.kt} | 22 +- .../crypto/store/db/model/AuditTrailMapper.kt | 85 ++++ .../store/db/model/GossipingEventEntity.kt | 2 + .../model/IncomingGossipingRequestEntity.kt | 1 + .../store/db/model/KeyRequestReplyEntity.kt | 35 ++ .../model/OutgoingGossipingRequestEntity.kt | 106 +--- .../db/model/OutgoingKeyRequestEntity.kt | 136 +++++ .../internal/crypto/tasks/SendEventTask.kt | 5 +- ...comingSASDefaultVerificationTransaction.kt | 6 +- ...tgoingSASDefaultVerificationTransaction.kt | 6 +- .../DefaultVerificationService.kt | 30 +- .../DefaultVerificationTransaction.kt | 6 +- .../SASDefaultVerificationTransaction.kt | 6 +- .../DefaultQrCodeVerificationTransaction.kt | 6 +- .../sdk/internal/session/SessionComponent.kt | 9 - .../internal/worker/MatrixWorkerFactory.kt | 9 - .../recover/BackupToQuadSMigrationTask.kt | 12 +- .../VerificationBottomSheetViewModel.kt | 23 +- .../GossipingEventsPaperTrailFragment.kt | 28 +- .../GossipingEventsPaperTrailViewModel.kt | 4 +- .../devtools/GossipingEventsSerializer.kt | 67 +-- .../GossipingTrailPagedEpoxyController.kt | 130 ++--- .../devtools/KeyRequestListViewModel.kt | 4 +- .../OutgoingKeyRequestPagedController.kt | 6 +- .../fakes/FakeSharedSecretStorageService.kt | 2 +- 61 files changed, 2499 insertions(+), 1852 deletions(-) delete mode 100755 matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/model/OutgoingRoomKeyRequest.kt delete mode 100644 matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/CancelGossipRequestWorker.kt delete mode 100644 matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/GossipingWorkManager.kt delete mode 100644 matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/IncomingGossipingRequestManager.kt create mode 100644 matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/IncomingKeyRequestManager.kt create mode 100644 matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingKeyRequest.kt create mode 100644 matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/PerSessionBackupQueryRateLimiter.kt create mode 100644 matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/SecretShareManager.kt delete mode 100644 matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/SendGossipRequestWorker.kt delete mode 100644 matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/SendGossipWorker.kt delete mode 100644 matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/algorithms/IMXWithHeldExtension.kt create mode 100644 matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/model/AuditTrail.kt create mode 100644 matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/migration/MigrateCryptoTo016.kt rename matrix-sdk-android/src/main/java/org/matrix/android/sdk/{api/session/crypto/model/GossipingRequestState.kt => internal/crypto/store/db/model/AuditTrailEntity.kt} (63%) create mode 100644 matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/AuditTrailMapper.kt create mode 100644 matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/KeyRequestReplyEntity.kt create mode 100644 matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/OutgoingKeyRequestEntity.kt diff --git a/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/common/CryptoTestHelper.kt b/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/common/CryptoTestHelper.kt index ecb279cdc2..5916bf2fab 100644 --- a/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/common/CryptoTestHelper.kt +++ b/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/common/CryptoTestHelper.kt @@ -31,8 +31,14 @@ import org.matrix.android.sdk.api.crypto.MXCRYPTO_ALGORITHM_MEGOLM import org.matrix.android.sdk.api.crypto.MXCRYPTO_ALGORITHM_MEGOLM_BACKUP import org.matrix.android.sdk.api.extensions.orFalse import org.matrix.android.sdk.api.session.Session +import org.matrix.android.sdk.api.session.crypto.crosssigning.KEYBACKUP_SECRET_SSSS_NAME +import org.matrix.android.sdk.api.session.crypto.crosssigning.MASTER_KEY_SSSS_NAME +import org.matrix.android.sdk.api.session.crypto.crosssigning.SELF_SIGNING_KEY_SSSS_NAME +import org.matrix.android.sdk.api.session.crypto.crosssigning.USER_SIGNING_KEY_SSSS_NAME +import org.matrix.android.sdk.api.session.crypto.keysbackup.KeysVersion import org.matrix.android.sdk.api.session.crypto.keysbackup.MegolmBackupAuthData import org.matrix.android.sdk.api.session.crypto.keysbackup.MegolmBackupCreationInfo +import org.matrix.android.sdk.api.session.crypto.keysbackup.extractCurveKeyFromRecoveryKey import org.matrix.android.sdk.api.session.crypto.verification.IncomingSasVerificationTransaction import org.matrix.android.sdk.api.session.crypto.verification.OutgoingSasVerificationTransaction import org.matrix.android.sdk.api.session.crypto.verification.VerificationMethod @@ -46,7 +52,11 @@ import org.matrix.android.sdk.api.session.room.model.Membership import org.matrix.android.sdk.api.session.room.model.RoomSummary import org.matrix.android.sdk.api.session.room.model.create.CreateRoomParams import org.matrix.android.sdk.api.session.room.roomSummaryQueryParams +import org.matrix.android.sdk.api.session.securestorage.EmptyKeySigner +import org.matrix.android.sdk.api.session.securestorage.SharedSecretStorageService import org.matrix.android.sdk.api.util.Optional +import org.matrix.android.sdk.api.util.awaitCallback +import org.matrix.android.sdk.api.util.toBase64NoPadding import java.util.UUID import kotlin.coroutines.Continuation import kotlin.coroutines.resume @@ -293,6 +303,59 @@ class CryptoTestHelper(private val testHelper: CommonTestHelper) { } } + /** + * Initialize cross-signing, set up megolm backup and save all in 4S + */ + fun bootstrapSecurity(session: Session) { + initializeCrossSigning(session) + val ssssService = session.sharedSecretStorageService + testHelper.runBlockingTest { + val keyInfo = ssssService.generateKey( + UUID.randomUUID().toString(), + null, + "ssss_key", + EmptyKeySigner() + ) + ssssService.setDefaultKey(keyInfo.keyId) + + ssssService.storeSecret( + MASTER_KEY_SSSS_NAME, + session.cryptoService().crossSigningService().getCrossSigningPrivateKeys()!!.master!!, + listOf(SharedSecretStorageService.KeyRef(keyInfo.keyId, keyInfo.keySpec)) + ) + + ssssService.storeSecret( + SELF_SIGNING_KEY_SSSS_NAME, + session.cryptoService().crossSigningService().getCrossSigningPrivateKeys()!!.selfSigned!!, + listOf(SharedSecretStorageService.KeyRef(keyInfo.keyId, keyInfo.keySpec)) + ) + + ssssService.storeSecret( + USER_SIGNING_KEY_SSSS_NAME, + session.cryptoService().crossSigningService().getCrossSigningPrivateKeys()!!.user!!, + listOf(SharedSecretStorageService.KeyRef(keyInfo.keyId, keyInfo.keySpec)) + ) + + // set up megolm backup + val creationInfo = awaitCallback { + session.cryptoService().keysBackupService().prepareKeysBackupVersion(null, null, it) + } + val version = awaitCallback { + session.cryptoService().keysBackupService().createKeysBackupVersion(creationInfo, it) + } + // Save it for gossiping + session.cryptoService().keysBackupService().saveBackupRecoveryKey(creationInfo.recoveryKey, version = version.version) + + extractCurveKeyFromRecoveryKey(creationInfo.recoveryKey)?.toBase64NoPadding()?.let { secret -> + ssssService.storeSecret( + KEYBACKUP_SECRET_SSSS_NAME, + secret, + listOf(SharedSecretStorageService.KeyRef(keyInfo.keyId, keyInfo.keySpec)) + ) + } + } + } + fun verifySASCrossSign(alice: Session, bob: Session, roomId: String) { assertTrue(alice.cryptoService().crossSigningService().canCrossSign()) assertTrue(bob.cryptoService().crossSigningService().canCrossSign()) diff --git a/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/E2eeSanityTests.kt b/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/E2eeSanityTests.kt index fbd0905261..fbbb82843b 100644 --- a/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/E2eeSanityTests.kt +++ b/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/E2eeSanityTests.kt @@ -35,6 +35,12 @@ import org.matrix.android.sdk.api.session.crypto.keysbackup.KeysVersionResult import org.matrix.android.sdk.api.session.crypto.keysbackup.MegolmBackupCreationInfo import org.matrix.android.sdk.api.session.crypto.model.ImportRoomKeysResult import org.matrix.android.sdk.api.session.crypto.model.OlmDecryptionResult +import org.matrix.android.sdk.api.session.crypto.verification.IncomingSasVerificationTransaction +import org.matrix.android.sdk.api.session.crypto.verification.OutgoingSasVerificationTransaction +import org.matrix.android.sdk.api.session.crypto.verification.PendingVerificationRequest +import org.matrix.android.sdk.api.session.crypto.verification.VerificationMethod +import org.matrix.android.sdk.api.session.crypto.verification.VerificationService +import org.matrix.android.sdk.api.session.crypto.verification.VerificationTransaction import org.matrix.android.sdk.api.session.events.model.EventType import org.matrix.android.sdk.api.session.events.model.content.EncryptedEventContent import org.matrix.android.sdk.api.session.events.model.toModel @@ -49,8 +55,10 @@ import org.matrix.android.sdk.api.session.room.timeline.TimelineSettings import org.matrix.android.sdk.common.CommonTestHelper import org.matrix.android.sdk.common.CryptoTestHelper import org.matrix.android.sdk.common.SessionTestParams -import org.matrix.android.sdk.common.TestConstants import org.matrix.android.sdk.common.TestMatrixCallback +import org.matrix.android.sdk.api.session.crypto.model.CryptoDeviceInfo +import org.matrix.android.sdk.api.session.events.model.content.WithHeldCode +import java.util.concurrent.CountDownLatch @RunWith(JUnit4::class) @FixMethodOrder(MethodSorters.JVM) @@ -113,10 +121,10 @@ class E2eeSanityTests : InstrumentedTest { otherAccounts.forEach { otherSession -> testHelper.waitWithLatch { latch -> testHelper.retryPeriodicallyWithLatch(latch) { - val timelineEvent = otherSession.getRoom(e2eRoomID)?.getTimelineEvent(sentEventId!!) - timelineEvent != null && - timelineEvent.isEncrypted() && - timelineEvent.root.getClearType() == EventType.MESSAGE + val timeLineEvent = otherSession.getRoom(e2eRoomID)?.getTimelineEvent(sentEventId!!) + timeLineEvent != null && + timeLineEvent.isEncrypted() && + timeLineEvent.root.getClearType() == EventType.MESSAGE } } } @@ -232,10 +240,10 @@ class E2eeSanityTests : InstrumentedTest { testHelper.waitWithLatch { latch -> testHelper.retryPeriodicallyWithLatch(latch) { - val timelineEvent = bobSession.getRoom(e2eRoomID)?.getTimelineEvent(sentEventId) - timelineEvent != null && - timelineEvent.isEncrypted() && - timelineEvent.root.getClearType() == EventType.MESSAGE + val timeLineEvent = bobSession.getRoom(e2eRoomID)?.getTimelineEvent(sentEventId) + timeLineEvent != null && + timeLineEvent.isEncrypted() && + timeLineEvent.root.getClearType() == EventType.MESSAGE } } // we want more so let's discard the session @@ -292,13 +300,13 @@ class E2eeSanityTests : InstrumentedTest { // Let's now import keys from backup - newBobSession.cryptoService().keysBackupService().let { keysBackupService -> + newBobSession.cryptoService().keysBackupService().let { kbs -> val keyVersionResult = testHelper.doSync { - keysBackupService.getVersion(version.version, it) + kbs.getVersion(version.version, it) } val importedResult = testHelper.doSync { - keysBackupService.restoreKeyBackupWithPassword(keyVersionResult!!, + kbs.restoreKeyBackupWithPassword(keyVersionResult!!, keyBackupPassword, null, null, @@ -341,10 +349,10 @@ class E2eeSanityTests : InstrumentedTest { testHelper.waitWithLatch { latch -> testHelper.retryPeriodicallyWithLatch(latch) { - val timelineEvent = bobSession.getRoom(e2eRoomID)?.getTimelineEvent(sentEventId) - timelineEvent != null && - timelineEvent.isEncrypted() && - timelineEvent.root.getClearType() == EventType.MESSAGE + val timeLineEvent = bobSession.getRoom(e2eRoomID)?.getTimelineEvent(sentEventId) + timeLineEvent != null && + timeLineEvent.isEncrypted() && + timeLineEvent.root.getClearType() == EventType.MESSAGE } } } @@ -360,7 +368,11 @@ class E2eeSanityTests : InstrumentedTest { // check that new bob can't currently decrypt Log.v("#E2E TEST", "check that new bob can't currently decrypt") - ensureCannotDecrypt(sentEventIds, newBobSession, e2eRoomID, MXCryptoError.ErrorType.UNKNOWN_INBOUND_SESSION_ID) + ensureCannotDecrypt(sentEventIds, newBobSession, e2eRoomID, null) +// newBobSession.cryptoService().getOutgoingRoomKeyRequests() +// .firstOrNull { +// it.sessionId == +// } // Try to request sentEventIds.forEach { sentEventId -> @@ -369,12 +381,34 @@ class E2eeSanityTests : InstrumentedTest { } // wait a bit - testHelper.runBlockingTest { - delay(10_000) - } + // we need to wait a couple of syncs to let sharing occurs +// testHelper.waitFewSyncs(newBobSession, 6) // Ensure that new bob still can't decrypt (keys must have been withheld) - ensureCannotDecrypt(sentEventIds, newBobSession, e2eRoomID, MXCryptoError.ErrorType.KEYS_WITHHELD) + sentEventIds.forEach { sentEventId -> + val megolmSessionId = newBobSession.getRoom(e2eRoomID)!! + .getTimelineEvent(sentEventId)!! + .root.content.toModel()!!.sessionId + testHelper.waitWithLatch { latch -> + testHelper.retryPeriodicallyWithLatch(latch) { + val aliceReply = newBobSession.cryptoService().getOutgoingRoomKeyRequests() + .first { + it.sessionId == megolmSessionId && + it.roomId == e2eRoomID + } + .results.also { + Log.w("##TEST", "result list is $it") + } + .firstOrNull { it.userId == aliceSession.myUserId } + ?.result + aliceReply != null && + aliceReply is RequestResult.Failure && + WithHeldCode.UNAUTHORISED == aliceReply.code + } + } + } + + ensureCannotDecrypt(sentEventIds, newBobSession, e2eRoomID, null) // Now mark new bob session as verified @@ -387,11 +421,6 @@ class E2eeSanityTests : InstrumentedTest { newBobSession.cryptoService().reRequestRoomKeyForEvent(event) } - // wait a bit - testHelper.runBlockingTest { - delay(10_000) - } - ensureCanDecrypt(sentEventIds, newBobSession, e2eRoomID, messagesText) cryptoTestData.cleanUp(testHelper) @@ -422,10 +451,10 @@ class E2eeSanityTests : InstrumentedTest { testHelper.waitWithLatch { latch -> testHelper.retryPeriodicallyWithLatch(latch) { - val timelineEvent = bobSessionWithBetterKey.getRoom(e2eRoomID)?.getTimelineEvent(firstEventId) - timelineEvent != null && - timelineEvent.isEncrypted() && - timelineEvent.root.getClearType() == EventType.MESSAGE + val timeLineEvent = bobSessionWithBetterKey.getRoom(e2eRoomID)?.getTimelineEvent(firstEventId) + timeLineEvent != null && + timeLineEvent.isEncrypted() && + timeLineEvent.root.getClearType() == EventType.MESSAGE } } } @@ -450,10 +479,10 @@ class E2eeSanityTests : InstrumentedTest { testHelper.waitWithLatch { latch -> testHelper.retryPeriodicallyWithLatch(latch) { - val timelineEvent = newBobSession.getRoom(e2eRoomID)?.getTimelineEvent(secondEventId) - timelineEvent != null && - timelineEvent.isEncrypted() && - timelineEvent.root.getClearType() == EventType.MESSAGE + val timeLineEvent = newBobSession.getRoom(e2eRoomID)?.getTimelineEvent(secondEventId) + timeLineEvent != null && + timeLineEvent.isEncrypted() && + timeLineEvent.root.getClearType() == EventType.MESSAGE } } } @@ -498,25 +527,29 @@ class E2eeSanityTests : InstrumentedTest { // now let new session request newBobSession.cryptoService().requestRoomKeyForEvent(firstEventNewBobPov.root) - // wait a bit - testHelper.runBlockingTest { - delay(10_000) - } + // We need to wait for the key request to be sent out and then a reply to be received // old session should have shared the key at earliest known index now // we should be able to decrypt both - testHelper.runBlockingTest { - try { - newBobSession.cryptoService().decryptEvent(firstEventNewBobPov.root, "") - } catch (error: MXCryptoError) { - fail("Should be able to decrypt first event now $error") - } - } - testHelper.runBlockingTest { - try { - newBobSession.cryptoService().decryptEvent(secondEventNewBobPov.root, "") - } catch (error: MXCryptoError) { - fail("Should be able to decrypt event $error") + testHelper.waitWithLatch { + testHelper.retryPeriodicallyWithLatch(it) { + val canDecryptFirst = try { + testHelper.runBlockingTest { + newBobSession.cryptoService().decryptEvent(firstEventNewBobPov.root, "") + } + true + } catch (error: MXCryptoError) { + false + } + val canDecryptSecond = try { + testHelper.runBlockingTest { + newBobSession.cryptoService().decryptEvent(secondEventNewBobPov.root, "") + } + true + } catch (error: MXCryptoError) { + false + } + canDecryptFirst && canDecryptSecond } } @@ -527,7 +560,7 @@ class E2eeSanityTests : InstrumentedTest { private fun sendMessageInRoom(aliceRoomPOV: Room, text: String): String? { aliceRoomPOV.sendTextMessage(text) var sentEventId: String? = null - testHelper.waitWithLatch(4 * TestConstants.timeOutMillis) { latch -> + testHelper.waitWithLatch(4 * 60_000L) { latch -> val timeline = aliceRoomPOV.createTimeline(null, TimelineSettings(60)) timeline.start() @@ -549,6 +582,147 @@ class E2eeSanityTests : InstrumentedTest { return sentEventId } + /** + * Test that if a better key is forwared (lower index, it is then used) + */ + @Test + fun testSelfInteractiveVerificationAndGossip() { + val aliceSession = testHelper.createAccount("alice", SessionTestParams(true)) + cryptoTestHelper.bootstrapSecurity(aliceSession) + + // now let's create a new login from alice + + val aliceNewSession = testHelper.logIntoAccount(aliceSession.myUserId, SessionTestParams(true)) + + val oldCompleteLatch = CountDownLatch(1) + lateinit var oldCode: String + aliceSession.cryptoService().verificationService().addListener(object : VerificationService.Listener { + + override fun verificationRequestUpdated(pr: PendingVerificationRequest) { + val readyInfo = pr.readyInfo + if (readyInfo != null) { + aliceSession.cryptoService().verificationService().beginKeyVerification( + VerificationMethod.SAS, + aliceSession.myUserId, + readyInfo.fromDevice, + readyInfo.transactionId + + ) + } + } + + override fun transactionUpdated(tx: VerificationTransaction) { + Log.d("##TEST", "exitsingPov: $tx") + val sasTx = tx as OutgoingSasVerificationTransaction + when (sasTx.uxState) { + OutgoingSasVerificationTransaction.UxState.SHOW_SAS -> { + // for the test we just accept? + oldCode = sasTx.getDecimalCodeRepresentation() + sasTx.userHasVerifiedShortCode() + } + OutgoingSasVerificationTransaction.UxState.VERIFIED -> { + // we can release this latch? + oldCompleteLatch.countDown() + } + else -> Unit + } + } + }) + + val newCompleteLatch = CountDownLatch(1) + lateinit var newCode: String + aliceNewSession.cryptoService().verificationService().addListener(object : VerificationService.Listener { + + override fun verificationRequestCreated(pr: PendingVerificationRequest) { + // let's ready + aliceNewSession.cryptoService().verificationService().readyPendingVerification( + listOf(VerificationMethod.SAS, VerificationMethod.QR_CODE_SCAN, VerificationMethod.QR_CODE_SHOW), + aliceSession.myUserId, + pr.transactionId!! + ) + } + + var matchOnce = true + override fun transactionUpdated(tx: VerificationTransaction) { + Log.d("##TEST", "newPov: $tx") + + val sasTx = tx as IncomingSasVerificationTransaction + when (sasTx.uxState) { + IncomingSasVerificationTransaction.UxState.SHOW_ACCEPT -> { + // no need to accept as there was a request first it will auto accept + } + IncomingSasVerificationTransaction.UxState.SHOW_SAS -> { + if (matchOnce) { + sasTx.userHasVerifiedShortCode() + newCode = sasTx.getDecimalCodeRepresentation() + matchOnce = false + } + } + IncomingSasVerificationTransaction.UxState.VERIFIED -> { + newCompleteLatch.countDown() + } + else -> Unit + } + } + }) + + // initiate self verification + aliceSession.cryptoService().verificationService().requestKeyVerification( + listOf(VerificationMethod.SAS, VerificationMethod.QR_CODE_SCAN, VerificationMethod.QR_CODE_SHOW), + aliceNewSession.myUserId, + listOf(aliceNewSession.sessionParams.deviceId!!) + ) + testHelper.await(oldCompleteLatch) + testHelper.await(newCompleteLatch) + assertEquals("Decimal code should have matched", oldCode, newCode) + + // Assert that devices are verified + val newDeviceFromOldPov: CryptoDeviceInfo? = aliceSession.cryptoService().getDeviceInfo(aliceSession.myUserId, aliceNewSession.sessionParams.deviceId) + val oldDeviceFromNewPov: CryptoDeviceInfo? = aliceSession.cryptoService().getDeviceInfo(aliceSession.myUserId, aliceSession.sessionParams.deviceId) + + Assert.assertTrue("new device should be verified from old point of view", newDeviceFromOldPov!!.isVerified) + Assert.assertTrue("old device should be verified from new point of view", oldDeviceFromNewPov!!.isVerified) + + // wait for secret gossiping to happen + testHelper.waitWithLatch { latch -> + testHelper.retryPeriodicallyWithLatch(latch) { + aliceNewSession.cryptoService().crossSigningService().allPrivateKeysKnown() && + aliceNewSession.cryptoService().keysBackupService().getKeyBackupRecoveryKeyInfo() != null + } + } + + assertEquals( + "MSK Private parts should be the same", + aliceSession.cryptoService().crossSigningService().getCrossSigningPrivateKeys()!!.master, + aliceNewSession.cryptoService().crossSigningService().getCrossSigningPrivateKeys()!!.master + ) + assertEquals( + "USK Private parts should be the same", + aliceSession.cryptoService().crossSigningService().getCrossSigningPrivateKeys()!!.user, + aliceNewSession.cryptoService().crossSigningService().getCrossSigningPrivateKeys()!!.user) + + assertEquals( + "SSK Private parts should be the same", + aliceSession.cryptoService().crossSigningService().getCrossSigningPrivateKeys()!!.selfSigned, + aliceNewSession.cryptoService().crossSigningService().getCrossSigningPrivateKeys()!!.selfSigned + ) + + // Let's check that we have the megolm backup key + assertEquals( + "Megolm key should be the same", + aliceSession.cryptoService().keysBackupService().getKeyBackupRecoveryKeyInfo()!!.recoveryKey, + aliceNewSession.cryptoService().keysBackupService().getKeyBackupRecoveryKeyInfo()!!.recoveryKey + ) + assertEquals( + "Megolm version should be the same", + aliceSession.cryptoService().keysBackupService().getKeyBackupRecoveryKeyInfo()!!.version, + aliceNewSession.cryptoService().keysBackupService().getKeyBackupRecoveryKeyInfo()!!.version + ) + + testHelper.signOutAndClose(aliceSession) + testHelper.signOutAndClose(aliceNewSession) + } + private fun ensureMembersHaveJoined(aliceSession: Session, otherAccounts: List, e2eRoomID: String) { testHelper.waitWithLatch { latch -> testHelper.retryPeriodicallyWithLatch(latch) { @@ -621,10 +795,10 @@ class E2eeSanityTests : InstrumentedTest { testHelper.waitWithLatch { latch -> sentEventIds.forEach { sentEventId -> testHelper.retryPeriodicallyWithLatch(latch) { - val timelineEvent = session.getRoom(e2eRoomID)?.getTimelineEvent(sentEventId) - timelineEvent != null && - timelineEvent.isEncrypted() && - timelineEvent.root.getClearType() == EventType.MESSAGE + val timeLineEvent = session.getRoom(e2eRoomID)?.getTimelineEvent(sentEventId) + timeLineEvent != null && + timeLineEvent.isEncrypted() && + timeLineEvent.root.getClearType() == EventType.MESSAGE } } } @@ -642,7 +816,7 @@ class E2eeSanityTests : InstrumentedTest { if (expectedError == null) { Assert.assertNotNull(errorType) } else { - assertEquals(expectedError, errorType, "Message expected to be UISI") + assertEquals(expectedError, errorType, "Unexpected reason") } } } diff --git a/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/PreShareKeysTest.kt b/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/PreShareKeysTest.kt index f8ce7ae357..d4f9d01c4a 100644 --- a/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/PreShareKeysTest.kt +++ b/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/PreShareKeysTest.kt @@ -50,10 +50,7 @@ class PreShareKeysTest : InstrumentedTest { // clear any outbound session aliceSession.cryptoService().discardOutboundSession(e2eRoomID) - val preShareCount = bobSession.cryptoService().getGossipingEvents().count { - it.senderId == aliceSession.myUserId && - it.getClearType() == EventType.ROOM_KEY - } + val preShareCount = bobSession.cryptoService().keysBackupService().getTotalNumbersOfKeys() assertEquals("Bob should not have receive any key from alice at this point", 0, preShareCount) Log.d("#Test", "Room Key Received from alice $preShareCount") @@ -65,23 +62,23 @@ class PreShareKeysTest : InstrumentedTest { testHelper.waitWithLatch { latch -> testHelper.retryPeriodicallyWithLatch(latch) { - val newGossipCount = bobSession.cryptoService().getGossipingEvents().count { - it.senderId == aliceSession.myUserId && - it.getClearType() == EventType.ROOM_KEY - } - newGossipCount > preShareCount + val newKeysCount = bobSession.cryptoService().keysBackupService().getTotalNumbersOfKeys() + newKeysCount > preShareCount } } - val latest = bobSession.cryptoService().getGossipingEvents().lastOrNull { - it.senderId == aliceSession.myUserId && - it.getClearType() == EventType.ROOM_KEY - } + val aliceCryptoStore = (aliceSession.cryptoService() as DefaultCryptoService).cryptoStoreForTesting + val aliceOutboundSessionInRoom = aliceCryptoStore.getCurrentOutboundGroupSessionForRoom(e2eRoomID)!!.outboundGroupSession.sessionIdentifier() - val content = latest?.getClearContent().toModel() - assertNotNull("Bob should have received and decrypted a room key event from alice", content) - assertEquals("Wrong room", e2eRoomID, content!!.roomId) - val megolmSessionId = content.sessionId!! + val bobCryptoStore = (bobSession.cryptoService() as DefaultCryptoService).cryptoStoreForTesting + val aliceDeviceBobPov = bobCryptoStore.getUserDevice(aliceSession.myUserId, aliceSession.sessionParams.deviceId!!)!! + val bobInboundForAlice = bobCryptoStore.getInboundGroupSession(aliceOutboundSessionInRoom, aliceDeviceBobPov.identityKey()!!) + assertNotNull("Bob should have received and decrypted a room key event from alice", bobInboundForAlice) + assertEquals("Wrong room", e2eRoomID, bobInboundForAlice!!.roomId) + + val megolmSessionId = bobInboundForAlice.olmInboundGroupSession!!.sessionIdentifier() + + assertEquals("Wrong session", aliceOutboundSessionInRoom, megolmSessionId) val sharedIndex = aliceSession.cryptoService().getSharedWithInfo(e2eRoomID, megolmSessionId) .getObject(bobSession.myUserId, bobSession.sessionParams.deviceId) diff --git a/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/gossiping/KeyShareTests.kt b/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/gossiping/KeyShareTests.kt index ed30691175..a05dd721a0 100644 --- a/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/gossiping/KeyShareTests.kt +++ b/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/gossiping/KeyShareTests.kt @@ -41,7 +41,6 @@ import org.matrix.android.sdk.api.session.crypto.keysbackup.MegolmBackupCreation import org.matrix.android.sdk.api.session.crypto.model.CryptoDeviceInfo import org.matrix.android.sdk.api.session.crypto.model.GossipingRequestState import org.matrix.android.sdk.api.session.crypto.model.MXUsersDevicesMap -import org.matrix.android.sdk.api.session.crypto.model.OutgoingGossipingRequestState import org.matrix.android.sdk.api.session.crypto.verification.IncomingSasVerificationTransaction import org.matrix.android.sdk.api.session.crypto.verification.SasVerificationTransaction import org.matrix.android.sdk.api.session.crypto.verification.VerificationMethod @@ -187,9 +186,9 @@ class KeyShareTests : InstrumentedTest { Thread.sleep(6_000) commonTestHelper.waitWithLatch { latch -> commonTestHelper.retryPeriodicallyWithLatch(latch) { - aliceSession2.cryptoService().getOutgoingRoomKeyRequests().let { - it.any { it.requestBody?.sessionId == eventMegolmSessionId && it.state == OutgoingGossipingRequestState.CANCELLED } - } + // It should have been deleted from store + val outgoingRoomKeyRequests = aliceSession2.cryptoService().getOutgoingRoomKeyRequests() + outgoingRoomKeyRequests.isEmpty() } } diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/CryptoService.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/CryptoService.kt index d6d1248de7..015b0c75be 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/CryptoService.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/CryptoService.kt @@ -35,12 +35,12 @@ import org.matrix.android.sdk.api.session.crypto.model.MXDeviceInfo import org.matrix.android.sdk.api.session.crypto.model.MXEncryptEventContentResult import org.matrix.android.sdk.api.session.crypto.model.MXEventDecryptionResult import org.matrix.android.sdk.api.session.crypto.model.MXUsersDevicesMap -import org.matrix.android.sdk.api.session.crypto.model.OutgoingRoomKeyRequest -import org.matrix.android.sdk.api.session.crypto.model.RoomKeyRequestBody import org.matrix.android.sdk.api.session.crypto.verification.VerificationService import org.matrix.android.sdk.api.session.events.model.Content import org.matrix.android.sdk.api.session.events.model.Event import org.matrix.android.sdk.api.session.events.model.content.RoomKeyWithHeldContent +import org.matrix.android.sdk.internal.crypto.OutgoingKeyRequest +import org.matrix.android.sdk.internal.crypto.model.AuditTrail interface CryptoService { @@ -94,8 +94,6 @@ interface CryptoService { fun reRequestRoomKeyForEvent(event: Event) - fun cancelRoomKeyRequest(requestBody: RoomKeyRequestBody) - fun addRoomKeysRequestListener(listener: GossipingRequestListener) fun removeRoomKeysRequestListener(listener: GossipingRequestListener) @@ -142,14 +140,14 @@ interface CryptoService { fun addNewSessionListener(newSessionListener: NewSessionListener) fun removeSessionListener(listener: NewSessionListener) - fun getOutgoingRoomKeyRequests(): List - fun getOutgoingRoomKeyRequestsPaged(): LiveData> + fun getOutgoingRoomKeyRequests(): List + fun getOutgoingRoomKeyRequestsPaged(): LiveData> fun getIncomingRoomKeyRequests(): List fun getIncomingRoomKeyRequestsPaged(): LiveData> - fun getGossipingEventsTrail(): LiveData> - fun getGossipingEvents(): List + fun getGossipingEventsTrail(): LiveData> + fun getGossipingEvents(): List // For testing shared session fun getSharedWithInfo(roomId: String?, sessionId: String): MXUsersDevicesMap diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/model/OutgoingGossipingRequestState.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/model/OutgoingGossipingRequestState.kt index 8c1bdf6768..99c3c37773 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/model/OutgoingGossipingRequestState.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/model/OutgoingGossipingRequestState.kt @@ -16,12 +16,17 @@ package org.matrix.android.sdk.api.session.crypto.model -enum class OutgoingGossipingRequestState { +enum class OutgoingRoomKeyRequestState { UNSENT, - SENDING, SENT, - CANCELLING, - CANCELLED, - FAILED_TO_SEND, - FAILED_TO_CANCEL + CANCELLATION_PENDING, + CANCELLATION_PENDING_AND_WILL_RESEND; + + companion object { + fun pendingStates() = setOf( + UNSENT, + CANCELLATION_PENDING_AND_WILL_RESEND, + CANCELLATION_PENDING + ) + } } diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/model/OutgoingRoomKeyRequest.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/model/OutgoingRoomKeyRequest.kt deleted file mode 100755 index 5f35cc908f..0000000000 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/model/OutgoingRoomKeyRequest.kt +++ /dev/null @@ -1,55 +0,0 @@ -/* - * Copyright 2020 The Matrix.org Foundation C.I.C. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.matrix.android.sdk.api.session.crypto.model - -import com.squareup.moshi.JsonClass -import org.matrix.android.sdk.internal.crypto.OutgoingGossipingRequest - -/** - * Represents an outgoing room key request - */ -@JsonClass(generateAdapter = true) -data class OutgoingRoomKeyRequest( - // RequestBody - val requestBody: RoomKeyRequestBody?, - // list of recipients for the request - override val recipients: Map>, - // Unique id for this request. Used for both - // an id within the request for later pairing with a cancellation, and for - // the transaction id when sending the to_device messages to our local - override val requestId: String, // current state of this request - override val state: OutgoingGossipingRequestState - // transaction id for the cancellation, if any - // override var cancellationTxnId: String? = null -) : OutgoingGossipingRequest { - - /** - * Used only for log. - * - * @return the room id. - */ - val roomId: String? - get() = requestBody?.roomId - - /** - * Used only for log. - * - * @return the session id - */ - val sessionId: String? - get() = requestBody?.sessionId -} diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/events/model/content/RoomKeyWithHeldContent.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/events/model/content/RoomKeyWithHeldContent.kt index a577daf9e4..1eac1d6b2d 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/events/model/content/RoomKeyWithHeldContent.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/events/model/content/RoomKeyWithHeldContent.kt @@ -52,7 +52,13 @@ data class RoomKeyWithHeldContent( /** * A human-readable reason for why the key was not sent. The receiving client should only use this string if it does not understand the code. */ - @Json(name = "reason") val reason: String? = null + @Json(name = "reason") val reason: String? = null, + + /** + * the device ID of the device sending the m.room_key.withheld message + * MSC3735 + */ + @Json(name = "from_device") val fromDevice: String? = null ) { val code: WithHeldCode? diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/securestorage/SharedSecretStorageService.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/securestorage/SharedSecretStorageService.kt index 721a2bc8af..3bb8fad810 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/securestorage/SharedSecretStorageService.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/securestorage/SharedSecretStorageService.kt @@ -131,7 +131,7 @@ interface SharedSecretStorageService { fun checkShouldBeAbleToAccessSecrets(secretNames: List, keyId: String?): IntegrityResult - fun requestSecret(name: String, myOtherDeviceId: String) + suspend fun requestSecret(name: String, myOtherDeviceId: String) data class KeyRef( val keyId: String?, diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/CancelGossipRequestWorker.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/CancelGossipRequestWorker.kt deleted file mode 100644 index 4380e31bff..0000000000 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/CancelGossipRequestWorker.kt +++ /dev/null @@ -1,121 +0,0 @@ -/* - * Copyright 2020 The Matrix.org Foundation C.I.C. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.matrix.android.sdk.internal.crypto - -import android.content.Context -import androidx.work.WorkerParameters -import com.squareup.moshi.JsonClass -import org.matrix.android.sdk.api.auth.data.Credentials -import org.matrix.android.sdk.api.failure.shouldBeRetried -import org.matrix.android.sdk.api.session.crypto.model.MXUsersDevicesMap -import org.matrix.android.sdk.api.session.crypto.model.OutgoingGossipingRequestState -import org.matrix.android.sdk.api.session.events.model.Event -import org.matrix.android.sdk.api.session.events.model.EventType -import org.matrix.android.sdk.api.session.events.model.toContent -import org.matrix.android.sdk.internal.SessionManager -import org.matrix.android.sdk.internal.crypto.model.rest.ShareRequestCancellation -import org.matrix.android.sdk.internal.crypto.store.IMXCryptoStore -import org.matrix.android.sdk.internal.crypto.tasks.SendToDeviceTask -import org.matrix.android.sdk.internal.crypto.tasks.createUniqueTxnId -import org.matrix.android.sdk.internal.session.SessionComponent -import org.matrix.android.sdk.internal.worker.SessionSafeCoroutineWorker -import org.matrix.android.sdk.internal.worker.SessionWorkerParams -import javax.inject.Inject - -internal class CancelGossipRequestWorker(context: Context, params: WorkerParameters, sessionManager: SessionManager) : - SessionSafeCoroutineWorker(context, params, sessionManager, Params::class.java) { - - @JsonClass(generateAdapter = true) - internal data class Params( - override val sessionId: String, - val requestId: String, - val recipients: Map>, - // The txnId for the sendToDevice request. Nullable for compatibility reasons, but MUST always be provided - // to use the same value if this worker is retried. - val txnId: String? = null, - override val lastFailureMessage: String? = null - ) : SessionWorkerParams { - companion object { - fun fromRequest(sessionId: String, request: OutgoingGossipingRequest): Params { - return Params( - sessionId = sessionId, - requestId = request.requestId, - recipients = request.recipients, - txnId = createUniqueTxnId(), - lastFailureMessage = null - ) - } - } - } - - @Inject lateinit var sendToDeviceTask: SendToDeviceTask - @Inject lateinit var cryptoStore: IMXCryptoStore - @Inject lateinit var credentials: Credentials - - override fun injectWith(injector: SessionComponent) { - injector.inject(this) - } - - override suspend fun doSafeWork(params: Params): Result { - // params.txnId should be provided in all cases now. But Params can be deserialized by - // the WorkManager from data serialized in a previous version of the application, so without the txnId field. - // So if not present, we create a txnId - val txnId = params.txnId ?: createUniqueTxnId() - val contentMap = MXUsersDevicesMap() - val toDeviceContent = ShareRequestCancellation( - requestingDeviceId = credentials.deviceId, - requestId = params.requestId - ) - cryptoStore.saveGossipingEvent(Event( - type = EventType.ROOM_KEY_REQUEST, - content = toDeviceContent.toContent(), - senderId = credentials.userId - ).also { - it.ageLocalTs = System.currentTimeMillis() - }) - - params.recipients.forEach { userToDeviceMap -> - userToDeviceMap.value.forEach { deviceId -> - contentMap.setObject(userToDeviceMap.key, deviceId, toDeviceContent) - } - } - - try { - cryptoStore.updateOutgoingGossipingRequestState(params.requestId, OutgoingGossipingRequestState.CANCELLING) - sendToDeviceTask.execute( - SendToDeviceTask.Params( - eventType = EventType.ROOM_KEY_REQUEST, - contentMap = contentMap, - transactionId = txnId - ) - ) - cryptoStore.updateOutgoingGossipingRequestState(params.requestId, OutgoingGossipingRequestState.CANCELLED) - return Result.success() - } catch (throwable: Throwable) { - return if (throwable.shouldBeRetried()) { - Result.retry() - } else { - cryptoStore.updateOutgoingGossipingRequestState(params.requestId, OutgoingGossipingRequestState.FAILED_TO_CANCEL) - buildErrorResult(params, throwable.localizedMessage ?: "error") - } - } - } - - override fun buildErrorParams(params: Params, message: String): Params { - return params.copy(lastFailureMessage = params.lastFailureMessage ?: message) - } -} diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/DefaultCryptoService.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/DefaultCryptoService.kt index 6a57d94677..ee0b208cbb 100755 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/DefaultCryptoService.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/DefaultCryptoService.kt @@ -57,15 +57,14 @@ import org.matrix.android.sdk.api.session.crypto.model.MXDeviceInfo import org.matrix.android.sdk.api.session.crypto.model.MXEncryptEventContentResult import org.matrix.android.sdk.api.session.crypto.model.MXEventDecryptionResult import org.matrix.android.sdk.api.session.crypto.model.MXUsersDevicesMap -import org.matrix.android.sdk.api.session.crypto.model.OutgoingRoomKeyRequest import org.matrix.android.sdk.api.session.crypto.model.RoomKeyRequestBody +import org.matrix.android.sdk.api.session.crypto.model.RoomKeyShareRequest import org.matrix.android.sdk.api.session.events.model.Content import org.matrix.android.sdk.api.session.events.model.Event import org.matrix.android.sdk.api.session.events.model.EventType import org.matrix.android.sdk.api.session.events.model.content.EncryptedEventContent import org.matrix.android.sdk.api.session.events.model.content.RoomKeyContent import org.matrix.android.sdk.api.session.events.model.content.RoomKeyWithHeldContent -import org.matrix.android.sdk.api.session.events.model.content.SecretSendEventContent import org.matrix.android.sdk.api.session.events.model.toModel import org.matrix.android.sdk.api.session.room.model.Membership import org.matrix.android.sdk.api.session.room.model.RoomHistoryVisibility @@ -76,11 +75,11 @@ import org.matrix.android.sdk.internal.crypto.actions.MegolmSessionDataImporter import org.matrix.android.sdk.internal.crypto.actions.SetDeviceVerificationAction import org.matrix.android.sdk.internal.crypto.algorithms.IMXEncrypting import org.matrix.android.sdk.internal.crypto.algorithms.IMXGroupEncryption -import org.matrix.android.sdk.internal.crypto.algorithms.IMXWithHeldExtension import org.matrix.android.sdk.internal.crypto.algorithms.megolm.MXMegolmEncryptionFactory import org.matrix.android.sdk.internal.crypto.algorithms.olm.MXOlmEncryptionFactory import org.matrix.android.sdk.internal.crypto.crosssigning.DefaultCrossSigningService import org.matrix.android.sdk.internal.crypto.keysbackup.DefaultKeysBackupService +import org.matrix.android.sdk.internal.crypto.model.AuditTrail import org.matrix.android.sdk.internal.crypto.model.MXKey.Companion.KEY_SIGNED_CURVE_25519_TYPE import org.matrix.android.sdk.internal.crypto.model.toRest import org.matrix.android.sdk.internal.crypto.repository.WarnOnUnknownDeviceRepository @@ -154,7 +153,8 @@ internal class DefaultCryptoService @Inject constructor( private val crossSigningService: DefaultCrossSigningService, // - private val incomingGossipingRequestManager: IncomingGossipingRequestManager, + private val incomingKeyRequestManager: IncomingKeyRequestManager, + private val secretShareManager: SecretShareManager, // private val outgoingGossipingRequestManager: OutgoingGossipingRequestManager, // Actions @@ -201,7 +201,7 @@ internal class DefaultCryptoService @Inject constructor( } } - val gossipingBuffer = mutableListOf() +// val gossipingBuffer = mutableListOf() override fun setDeviceName(deviceId: String, deviceName: String, callback: MatrixCallback) { setDeviceNameTask @@ -377,27 +377,8 @@ internal class DefaultCryptoService @Inject constructor( // Open the store cryptoStore.open() - runCatching { -// if (isInitialSync) { -// // refresh the devices list for each known room members -// deviceListManager.invalidateAllDeviceLists() -// deviceListManager.refreshOutdatedDeviceLists() -// } else { - - // Why would we do that? it will be called at end of syn - incomingGossipingRequestManager.processReceivedGossipingRequests() -// } - }.fold( - { - isStarting.set(false) - isStarted.set(true) - }, - { - isStarting.set(false) - isStarted.set(false) - Timber.tag(loggerTag.value).e(it, "Start failed") - } - ) + isStarting.set(false) + isStarted.set(true) } /** @@ -405,7 +386,8 @@ internal class DefaultCryptoService @Inject constructor( */ fun close() = runBlocking(coroutineDispatchers.crypto) { cryptoCoroutineScope.coroutineContext.cancelChildren(CancellationException("Closing crypto module")) - incomingGossipingRequestManager.close() + incomingKeyRequestManager.close() + outgoingGossipingRequestManager.close() olmDevice.release() cryptoStore.close() } @@ -470,15 +452,28 @@ internal class DefaultCryptoService @Inject constructor( } oneTimeKeysUploader.maybeUploadOneTimeKeys() - incomingGossipingRequestManager.processReceivedGossipingRequests() } - } - tryOrNull { - gossipingBuffer.toList().let { - cryptoStore.saveGossipingEvents(it) + // Process pending key requests + try { + if (toDevices.isEmpty()) { + // this is not blocking + outgoingGossipingRequestManager.requireProcessAllPendingKeyRequests() + } else { + Timber.tag(loggerTag.value) + .w("Don't process key requests yet as their might be more to_device to catchup") + } + } catch (failure: Throwable) { + // just for safety but should not throw + Timber.tag(loggerTag.value).w("failed to process pending request") + } + + try { + incomingKeyRequestManager.processIncomingRequests() + } catch (failure: Throwable) { + // just for safety but should not throw + Timber.tag(loggerTag.value).w("failed to process incoming room key requests") } - gossipingBuffer.clear() } } } @@ -592,7 +587,7 @@ internal class DefaultCryptoService @Inject constructor( // (for now at least. Maybe we should alert the user somehow?) val existingAlgorithm = cryptoStore.getRoomAlgorithm(roomId) - if (existingAlgorithm == algorithm && roomEncryptorsStore.get(roomId) != null) { + if (existingAlgorithm == algorithm) { // ignore Timber.tag(loggerTag.value).e("setEncryptionInRoom() : Ignoring m.room.encryption for same alg ($algorithm) in $roomId") return false @@ -783,19 +778,26 @@ internal class DefaultCryptoService @Inject constructor( cryptoCoroutineScope.launch(coroutineDispatchers.crypto) { when (event.getClearType()) { EventType.ROOM_KEY, EventType.FORWARDED_ROOM_KEY -> { - gossipingBuffer.add(event) +// gossipingBuffer.add(event) // Keys are imported directly, not waiting for end of sync onRoomKeyEvent(event) } - EventType.REQUEST_SECRET, + EventType.REQUEST_SECRET -> { + secretShareManager.handleSecretRequest(event) +// incomingGossipingRequestManager.onGossipingRequestEvent(event) + } EventType.ROOM_KEY_REQUEST -> { + Timber.w("VALR: key request ${event.getClearContent()}") // save audit trail - gossipingBuffer.add(event) +// gossipingBuffer.add(event) // Requests are stacked, and will be handled one by one at the end of the sync (onSyncComplete) - incomingGossipingRequestManager.onGossipingRequestEvent(event) + Timber.w("VALR: sender Id is ${event.senderId} full ev $event") + event.getClearContent().toModel()?.let { req -> + event.senderId?.let { incomingKeyRequestManager.addNewIncomingRequest(it, req) } + } } EventType.SEND_SECRET -> { - gossipingBuffer.add(event) +// gossipingBuffer.add(event) onSecretSendReceived(event) } EventType.ROOM_KEY_WITHHELD -> { @@ -833,50 +835,46 @@ internal class DefaultCryptoService @Inject constructor( val withHeldContent = event.getClearContent().toModel() ?: return Unit.also { Timber.tag(loggerTag.value).i("Malformed onKeyWithHeldReceived() : missing fields") } - Timber.tag(loggerTag.value).i("onKeyWithHeldReceived() received from:${event.senderId}, content <$withHeldContent>") - val alg = roomDecryptorProvider.getOrCreateRoomDecryptor(withHeldContent.roomId, withHeldContent.algorithm) - if (alg is IMXWithHeldExtension) { - alg.onRoomKeyWithHeldEvent(withHeldContent) - } else { - Timber.tag(loggerTag.value).e("onKeyWithHeldReceived() from:${event.senderId}: Unable to handle WithHeldContent for ${withHeldContent.algorithm}") - return + val senderId = event.senderId ?: return Unit.also { + Timber.tag(loggerTag.value).i("Malformed onKeyWithHeldReceived() : missing fields") } + withHeldContent.sessionId ?: return + withHeldContent.algorithm ?: return + withHeldContent.roomId ?: return + withHeldContent.senderKey ?: return + outgoingGossipingRequestManager.onRoomKeyWithHeld( + sessionId = withHeldContent.sessionId, + algorithm = withHeldContent.algorithm, + roomId = withHeldContent.roomId, + senderKey = withHeldContent.senderKey, + fromDevice = withHeldContent.fromDevice, + event = Event( + type = EventType.ROOM_KEY_WITHHELD, + senderId = senderId, + content = event.getClearContent() + ) + ) +// Timber.tag(loggerTag.value).i("onKeyWithHeldReceived() received from:${event.senderId}, content <$withHeldContent>") +// val alg = roomDecryptorProvider.getOrCreateRoomDecryptor(withHeldContent.roomId, withHeldContent.algorithm) +// if (alg is IMXWithHeldExtension) { +// alg.onRoomKeyWithHeldEvent(senderId, withHeldContent) +// } else { +// Timber.tag(loggerTag.value).e("onKeyWithHeldReceived() from:${event.senderId}: Unable to handle WithHeldContent for ${withHeldContent.algorithm}") +// return +// } } - private fun onSecretSendReceived(event: Event) { - Timber.tag(loggerTag.value).i("GOSSIP onSecretSend() from ${event.senderId} : onSecretSendReceived ${event.content?.get("sender_key")}") - if (!event.isEncrypted()) { - // secret send messages must be encrypted - Timber.tag(loggerTag.value).e("GOSSIP onSecretSend() :Received unencrypted secret send event") - return - } - - // Was that sent by us? - if (event.senderId != userId) { - Timber.tag(loggerTag.value).e("GOSSIP onSecretSend() : Ignore secret from other user ${event.senderId}") - return - } - - val secretContent = event.getClearContent().toModel() ?: return - - val existingRequest = cryptoStore - .getOutgoingSecretKeyRequests().firstOrNull { it.requestId == secretContent.requestId } - - if (existingRequest == null) { - Timber.tag(loggerTag.value).i("GOSSIP onSecretSend() : Ignore secret that was not requested: ${secretContent.requestId}") - return - } - - if (!handleSDKLevelGossip(existingRequest.secretName, secretContent.secretValue)) { - // TODO Ask to application layer? - Timber.tag(loggerTag.value).v("onSecretSend() : secret not handled by SDK") + private suspend fun onSecretSendReceived(event: Event) { + secretShareManager.onSecretSendReceived(event) { secretName, secretValue -> + handleSDKLevelGossip(secretName, secretValue) } } /** * Returns true if handled by SDK, otherwise should be sent to application layer */ - private fun handleSDKLevelGossip(secretName: String?, secretValue: String): Boolean { + private fun handleSDKLevelGossip(secretName: String?, + secretValue: String): Boolean { return when (secretName) { MASTER_KEY_SSSS_NAME -> { crossSigningService.onSecretMSKGossip(secretValue) @@ -1154,26 +1152,32 @@ internal class DefaultCryptoService @Inject constructor( setRoomBlacklistUnverifiedDevices(roomId, false) } -// TODO Check if this method is still necessary - /** - * Cancel any earlier room key request - * - * @param requestBody requestBody - */ - override fun cancelRoomKeyRequest(requestBody: RoomKeyRequestBody) { - outgoingGossipingRequestManager.cancelRoomKeyRequest(requestBody) - } - /** * Re request the encryption keys required to decrypt an event. * * @param event the event to decrypt again. */ override fun reRequestRoomKeyForEvent(event: Event) { + val sender = event.senderId ?: return val wireContent = event.content.toModel() ?: return Unit.also { Timber.tag(loggerTag.value).e("reRequestRoomKeyForEvent Failed to re-request key, null content") } + val recipients = if (event.senderId == userId) { + mapOf( + userId to listOf("*") + ) + } else { + // for the case where you share the key with a device that has a broken olm session + // The other user might Re-shares a megolm session key with devices if the key has already been + // sent to them. + mapOf( + userId to listOf("*"), + // TODO we might not have deviceId in the future due to https://github.com/matrix-org/matrix-spec-proposals/pull/3700 + // so in this case query to all + sender to listOf(wireContent.deviceId ?: "*") + ) + } val requestBody = RoomKeyRequestBody( algorithm = wireContent.algorithm, roomId = event.roomId, @@ -1181,7 +1185,7 @@ internal class DefaultCryptoService @Inject constructor( sessionId = wireContent.sessionId ) - outgoingGossipingRequestManager.resendRoomKeyRequest(requestBody) + outgoingGossipingRequestManager.postRoomKeyRequest(requestBody, recipients, true) } override fun requestRoomKeyForEvent(event: Event) { @@ -1208,7 +1212,8 @@ internal class DefaultCryptoService @Inject constructor( * @param listener listener */ override fun addRoomKeysRequestListener(listener: GossipingRequestListener) { - incomingGossipingRequestManager.addRoomKeysRequestListener(listener) + incomingKeyRequestManager.addRoomKeysRequestListener(listener) + // TODO same for secret manager } /** @@ -1217,7 +1222,8 @@ internal class DefaultCryptoService @Inject constructor( * @param listener listener */ override fun removeRoomKeysRequestListener(listener: GossipingRequestListener) { - incomingGossipingRequestManager.removeRoomKeysRequestListener(listener) + incomingKeyRequestManager.removeRoomKeysRequestListener(listener) + // TODO same for secret manager } // private fun markOlmSessionForUnwedging(senderId: String, deviceInfo: CryptoDeviceInfo) { @@ -1298,11 +1304,11 @@ internal class DefaultCryptoService @Inject constructor( return "DefaultCryptoService of $userId ($deviceId)" } - override fun getOutgoingRoomKeyRequests(): List { + override fun getOutgoingRoomKeyRequests(): List { return cryptoStore.getOutgoingRoomKeyRequests() } - override fun getOutgoingRoomKeyRequestsPaged(): LiveData> { + override fun getOutgoingRoomKeyRequestsPaged(): LiveData> { return cryptoStore.getOutgoingRoomKeyRequestsPaged() } @@ -1314,11 +1320,11 @@ internal class DefaultCryptoService @Inject constructor( return cryptoStore.getIncomingRoomKeyRequests() } - override fun getGossipingEventsTrail(): LiveData> { + override fun getGossipingEventsTrail(): LiveData> { return cryptoStore.getGossipingEventsTrail() } - override fun getGossipingEvents(): List { + override fun getGossipingEvents(): List { return cryptoStore.getGossipingEvents() } @@ -1342,8 +1348,8 @@ internal class DefaultCryptoService @Inject constructor( loadRoomMembersTask.execute(LoadRoomMembersTask.Params(roomId)) } catch (failure: Throwable) { Timber.tag(loggerTag.value).e("prepareToEncrypt() : Failed to load room members") - callback.onFailure(failure) - return@launch +// callback.onFailure(failure) +// return@launch } val userIds = getRoomUserIds(roomId) diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/GossipingWorkManager.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/GossipingWorkManager.kt deleted file mode 100644 index 0013c31eea..0000000000 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/GossipingWorkManager.kt +++ /dev/null @@ -1,57 +0,0 @@ -/* - * Copyright 2020 The Matrix.org Foundation C.I.C. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.matrix.android.sdk.internal.crypto - -import androidx.work.BackoffPolicy -import androidx.work.Data -import androidx.work.ExistingWorkPolicy -import androidx.work.ListenableWorker -import androidx.work.OneTimeWorkRequest -import org.matrix.android.sdk.api.util.Cancelable -import org.matrix.android.sdk.internal.di.WorkManagerProvider -import org.matrix.android.sdk.internal.session.SessionScope -import org.matrix.android.sdk.internal.util.CancelableWork -import org.matrix.android.sdk.internal.worker.startChain -import java.util.concurrent.TimeUnit -import javax.inject.Inject - -@SessionScope -internal class GossipingWorkManager @Inject constructor( - private val workManagerProvider: WorkManagerProvider -) { - - inline fun createWork(data: Data, startChain: Boolean): OneTimeWorkRequest { - return workManagerProvider.matrixOneTimeWorkRequestBuilder() - .setConstraints(WorkManagerProvider.workConstraints) - .startChain(startChain) - .setInputData(data) - .setBackoffCriteria(BackoffPolicy.LINEAR, WorkManagerProvider.BACKOFF_DELAY_MILLIS, TimeUnit.MILLISECONDS) - .build() - } - - // Prevent sending queue to stay broken after app restart - // The unique queue id will stay the same as long as this object is instanciated - val queueSuffixApp = System.currentTimeMillis() - - fun postWork(workRequest: OneTimeWorkRequest, policy: ExistingWorkPolicy = ExistingWorkPolicy.APPEND): Cancelable { - workManagerProvider.workManager - .beginUniqueWork(this::class.java.name + "_$queueSuffixApp", policy, workRequest) - .enqueue() - - return CancelableWork(workManagerProvider.workManager, workRequest.id) - } -} diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/IncomingGossipingRequestManager.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/IncomingGossipingRequestManager.kt deleted file mode 100644 index b907b57f82..0000000000 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/IncomingGossipingRequestManager.kt +++ /dev/null @@ -1,472 +0,0 @@ -/* - * Copyright 2020 The Matrix.org Foundation C.I.C. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.matrix.android.sdk.internal.crypto - -import kotlinx.coroutines.CoroutineScope -import kotlinx.coroutines.launch -import org.matrix.android.sdk.api.MatrixCoroutineDispatchers -import org.matrix.android.sdk.api.auth.data.Credentials -import org.matrix.android.sdk.api.crypto.MXCRYPTO_ALGORITHM_MEGOLM -import org.matrix.android.sdk.api.crypto.MXCryptoConfig -import org.matrix.android.sdk.api.session.crypto.crosssigning.KEYBACKUP_SECRET_SSSS_NAME -import org.matrix.android.sdk.api.session.crypto.crosssigning.MASTER_KEY_SSSS_NAME -import org.matrix.android.sdk.api.session.crypto.crosssigning.SELF_SIGNING_KEY_SSSS_NAME -import org.matrix.android.sdk.api.session.crypto.crosssigning.USER_SIGNING_KEY_SSSS_NAME -import org.matrix.android.sdk.api.session.crypto.keysbackup.extractCurveKeyFromRecoveryKey -import org.matrix.android.sdk.api.session.crypto.keyshare.GossipingRequestListener -import org.matrix.android.sdk.api.session.crypto.model.GossipingRequestState -import org.matrix.android.sdk.api.session.crypto.model.GossipingToDeviceObject -import org.matrix.android.sdk.api.session.crypto.model.IncomingRequestCancellation -import org.matrix.android.sdk.api.session.crypto.model.IncomingRoomKeyRequest -import org.matrix.android.sdk.api.session.crypto.model.IncomingSecretShareRequest -import org.matrix.android.sdk.api.session.crypto.model.RoomKeyRequestBody -import org.matrix.android.sdk.api.session.events.model.Event -import org.matrix.android.sdk.api.session.events.model.EventType -import org.matrix.android.sdk.api.session.events.model.toModel -import org.matrix.android.sdk.api.util.toBase64NoPadding -import org.matrix.android.sdk.internal.crypto.algorithms.IMXGroupEncryption -import org.matrix.android.sdk.internal.crypto.model.rest.GossipingDefaultContent -import org.matrix.android.sdk.internal.crypto.store.IMXCryptoStore -import org.matrix.android.sdk.internal.crypto.tasks.createUniqueTxnId -import org.matrix.android.sdk.internal.di.SessionId -import org.matrix.android.sdk.internal.session.SessionScope -import org.matrix.android.sdk.internal.worker.WorkerParamsFactory -import timber.log.Timber -import java.util.concurrent.Executors -import javax.inject.Inject - -@SessionScope -internal class IncomingGossipingRequestManager @Inject constructor( - @SessionId private val sessionId: String, - private val credentials: Credentials, - private val cryptoStore: IMXCryptoStore, - private val cryptoConfig: MXCryptoConfig, - private val gossipingWorkManager: GossipingWorkManager, - private val roomEncryptorsStore: RoomEncryptorsStore, - private val roomDecryptorProvider: RoomDecryptorProvider, - private val coroutineDispatchers: MatrixCoroutineDispatchers, - private val cryptoCoroutineScope: CoroutineScope) { - - private val executor = Executors.newSingleThreadExecutor() - - // list of IncomingRoomKeyRequests/IncomingRoomKeyRequestCancellations - // we received in the current sync. - private val receivedGossipingRequests = ArrayList() - private val receivedRequestCancellations = ArrayList() - - // the listeners - private val gossipingRequestListeners: MutableSet = HashSet() - - init { - receivedGossipingRequests.addAll(cryptoStore.getPendingIncomingGossipingRequests()) - } - - fun close() { - executor.shutdownNow() - } - - // Recently verified devices (map of deviceId and timestamp) - private val recentlyVerifiedDevices = HashMap() - - /** - * Called when a session has been verified. - * This information can be used by the manager to decide whether or not to fullfil gossiping requests - */ - fun onVerificationCompleteForDevice(deviceId: String) { - // For now we just keep an in memory cache - synchronized(recentlyVerifiedDevices) { - recentlyVerifiedDevices[deviceId] = System.currentTimeMillis() - } - } - - private fun hasBeenVerifiedLessThanFiveMinutesFromNow(deviceId: String): Boolean { - val verifTimestamp: Long? - synchronized(recentlyVerifiedDevices) { - verifTimestamp = recentlyVerifiedDevices[deviceId] - } - if (verifTimestamp == null) return false - - val age = System.currentTimeMillis() - verifTimestamp - - return age < FIVE_MINUTES_IN_MILLIS - } - - /** - * Called when we get an m.room_key_request event - * It must be called on CryptoThread - * - * @param event the announcement event. - */ - fun onGossipingRequestEvent(event: Event) { - val roomKeyShare = event.getClearContent().toModel() - Timber.i("## CRYPTO | GOSSIP onGossipingRequestEvent received type ${event.type} from user:${event.senderId}, content:$roomKeyShare") - // val ageLocalTs = event.unsignedData?.age?.let { System.currentTimeMillis() - it } - when (roomKeyShare?.action) { - GossipingToDeviceObject.ACTION_SHARE_REQUEST -> { - if (event.getClearType() == EventType.REQUEST_SECRET) { - IncomingSecretShareRequest.fromEvent(event)?.let { - if (event.senderId == credentials.userId && it.deviceId == credentials.deviceId) { - // ignore, it was sent by me as * - Timber.v("## GOSSIP onGossipingRequestEvent type ${event.type} ignore remote echo") - } else { -// // save in DB -// cryptoStore.storeIncomingGossipingRequest(it, ageLocalTs) - receivedGossipingRequests.add(it) - } - } - } else if (event.getClearType() == EventType.ROOM_KEY_REQUEST) { - IncomingRoomKeyRequest.fromEvent(event)?.let { - if (event.senderId == credentials.userId && it.deviceId == credentials.deviceId) { - // ignore, it was sent by me as * - Timber.v("## GOSSIP onGossipingRequestEvent type ${event.type} ignore remote echo") - } else { -// cryptoStore.storeIncomingGossipingRequest(it, ageLocalTs) - receivedGossipingRequests.add(it) - } - } - } - } - GossipingToDeviceObject.ACTION_SHARE_CANCELLATION -> { - IncomingRequestCancellation.fromEvent(event)?.let { - receivedRequestCancellations.add(it) - } - } - else -> { - Timber.e("## GOSSIP onGossipingRequestEvent() : unsupported action ${roomKeyShare?.action}") - } - } - } - - /** - * Process any m.room_key_request or m.secret.request events which were queued up during the - * current sync. - * It must be called on CryptoThread - */ - fun processReceivedGossipingRequests() { - val roomKeyRequestsToProcess = receivedGossipingRequests.toList() - receivedGossipingRequests.clear() - - Timber.v("## CRYPTO | GOSSIP processReceivedGossipingRequests() : ${roomKeyRequestsToProcess.size} request to process") - - var receivedRequestCancellations: List? = null - - synchronized(this.receivedRequestCancellations) { - if (this.receivedRequestCancellations.isNotEmpty()) { - receivedRequestCancellations = this.receivedRequestCancellations.toList() - this.receivedRequestCancellations.clear() - } - } - - executor.execute { - cryptoStore.storeIncomingGossipingRequests(roomKeyRequestsToProcess) - for (request in roomKeyRequestsToProcess) { - if (request is IncomingRoomKeyRequest) { - processIncomingRoomKeyRequest(request) - } else if (request is IncomingSecretShareRequest) { - processIncomingSecretShareRequest(request) - } - } - - receivedRequestCancellations?.forEach { request -> - Timber.v("## CRYPTO | GOSSIP processReceivedGossipingRequests() : m.room_key_request cancellation $request") - // we should probably only notify the app of cancellations we told it - // about, but we don't currently have a record of that, so we just pass - // everything through. - if (request.userId == credentials.userId && request.deviceId == credentials.deviceId) { - // ignore remote echo - return@forEach - } - val matchingIncoming = cryptoStore.getIncomingRoomKeyRequest(request.userId ?: "", request.deviceId ?: "", request.requestId ?: "") - if (matchingIncoming == null) { - // ignore that? - return@forEach - } else { - // If it was accepted from this device, keep the information, do not mark as cancelled - if (matchingIncoming.state != GossipingRequestState.ACCEPTED) { - onRoomKeyRequestCancellation(request) - cryptoStore.updateGossipingRequestState(request, GossipingRequestState.CANCELLED_BY_REQUESTER) - } - } - } - } - } - - private fun processIncomingRoomKeyRequest(request: IncomingRoomKeyRequest) { - val userId = request.userId ?: return - val deviceId = request.deviceId ?: return - val body = request.requestBody ?: return - val roomId = body.roomId ?: return - val alg = body.algorithm ?: return - - Timber.v("## CRYPTO | GOSSIP processIncomingRoomKeyRequest from $userId:$deviceId for $roomId / ${body.sessionId} id ${request.requestId}") - if (credentials.userId != userId) { - handleKeyRequestFromOtherUser(body, request, alg, roomId, userId, deviceId) - return - } - // TODO: should we queue up requests we don't yet have keys for, in case they turn up later? - // if we don't have a decryptor for this room/alg, we don't have - // the keys for the requested events, and can drop the requests. - val decryptor = roomDecryptorProvider.getRoomDecryptor(roomId, alg) - if (null == decryptor) { - Timber.w("## CRYPTO | GOSSIP processReceivedGossipingRequests() : room key request for unknown $alg in room $roomId") - cryptoStore.updateGossipingRequestState(request, GossipingRequestState.REJECTED) - return - } - if (!decryptor.hasKeysForKeyRequest(request)) { - Timber.w("## CRYPTO | GOSSIP processReceivedGossipingRequests() : room key request for unknown session ${body.sessionId!!}") - cryptoStore.updateGossipingRequestState(request, GossipingRequestState.REJECTED) - return - } - - if (credentials.deviceId == deviceId && credentials.userId == userId) { - Timber.v("## CRYPTO | GOSSIP processReceivedGossipingRequests() : oneself device - ignored") - cryptoStore.updateGossipingRequestState(request, GossipingRequestState.REJECTED) - return - } - request.share = Runnable { - decryptor.shareKeysWithDevice(request) - cryptoStore.updateGossipingRequestState(request, GossipingRequestState.ACCEPTED) - } - request.ignore = Runnable { - cryptoStore.updateGossipingRequestState(request, GossipingRequestState.REJECTED) - } - // if the device is verified already, share the keys - val device = cryptoStore.getUserDevice(userId, deviceId) - if (device != null) { - if (device.isVerified) { - Timber.v("## CRYPTO | GOSSIP processReceivedGossipingRequests() : device is already verified: sharing keys") - request.share?.run() - return - } - - if (device.isBlocked) { - Timber.v("## CRYPTO | GOSSIP processReceivedGossipingRequests() : device is blocked -> ignored") - cryptoStore.updateGossipingRequestState(request, GossipingRequestState.REJECTED) - return - } - } - - // As per config we automatically discard untrusted devices request - if (cryptoConfig.discardRoomKeyRequestsFromUntrustedDevices) { - Timber.v("## CRYPTO | processReceivedGossipingRequests() : discardRoomKeyRequestsFromUntrustedDevices") - // At this point the device is unknown, we don't want to bother user with that - cryptoStore.updateGossipingRequestState(request, GossipingRequestState.REJECTED) - return - } - - // Pass to application layer to decide what to do - onRoomKeyRequest(request) - } - - private fun handleKeyRequestFromOtherUser(body: RoomKeyRequestBody, - request: IncomingRoomKeyRequest, - alg: String, - roomId: String, - userId: String, - deviceId: String) { - Timber.w("## CRYPTO | GOSSIP processReceivedGossipingRequests() : room key request from other user") - val senderKey = body.senderKey ?: return Unit - .also { Timber.w("missing senderKey") } - .also { cryptoStore.updateGossipingRequestState(request, GossipingRequestState.REJECTED) } - val sessionId = body.sessionId ?: return Unit - .also { Timber.w("missing sessionId") } - .also { cryptoStore.updateGossipingRequestState(request, GossipingRequestState.REJECTED) } - - if (alg != MXCRYPTO_ALGORITHM_MEGOLM) { - return Unit - .also { Timber.w("Only megolm is accepted here") } - .also { cryptoStore.updateGossipingRequestState(request, GossipingRequestState.REJECTED) } - } - - val roomEncryptor = roomEncryptorsStore.get(roomId) ?: return Unit - .also { Timber.w("no room Encryptor") } - .also { cryptoStore.updateGossipingRequestState(request, GossipingRequestState.REJECTED) } - - cryptoCoroutineScope.launch(coroutineDispatchers.crypto) { - if (roomEncryptor is IMXGroupEncryption) { - val isSuccess = roomEncryptor.reshareKey(sessionId, userId, deviceId, senderKey) - - if (isSuccess) { - cryptoStore.updateGossipingRequestState(request, GossipingRequestState.ACCEPTED) - } else { - cryptoStore.updateGossipingRequestState(request, GossipingRequestState.UNABLE_TO_PROCESS) - } - } else { - Timber.e("## CRYPTO | handleKeyRequestFromOtherUser() from:$userId: Unable to handle IMXGroupEncryption.reshareKey for $alg") - } - } - cryptoStore.updateGossipingRequestState(request, GossipingRequestState.RE_REQUESTED) - } - - private fun processIncomingSecretShareRequest(request: IncomingSecretShareRequest) { - val secretName = request.secretName ?: return Unit.also { - cryptoStore.updateGossipingRequestState(request, GossipingRequestState.REJECTED) - Timber.v("## CRYPTO | GOSSIP processIncomingSecretShareRequest() : Missing secret name") - } - - val userId = request.userId - if (userId == null || credentials.userId != userId) { - Timber.e("## CRYPTO | GOSSIP processIncomingSecretShareRequest() : Ignoring secret share request from other users") - cryptoStore.updateGossipingRequestState(request, GossipingRequestState.REJECTED) - return - } - - val deviceId = request.deviceId - ?: return Unit.also { - Timber.e("## CRYPTO | GOSSIP processIncomingSecretShareRequest() : Malformed request, no ") - cryptoStore.updateGossipingRequestState(request, GossipingRequestState.REJECTED) - } - - val device = cryptoStore.getUserDevice(userId, deviceId) - ?: return Unit.also { - Timber.e("## CRYPTO | GOSSIP processIncomingSecretShareRequest() : Received secret share request from unknown device ${request.deviceId}") - cryptoStore.updateGossipingRequestState(request, GossipingRequestState.REJECTED) - } - - if (!device.isVerified || device.isBlocked) { - Timber.v("## CRYPTO | GOSSIP processIncomingSecretShareRequest() : Ignoring secret share request from untrusted/blocked session $device") - cryptoStore.updateGossipingRequestState(request, GossipingRequestState.REJECTED) - return - } - - val isDeviceLocallyVerified = cryptoStore.getUserDevice(userId, deviceId)?.trustLevel?.isLocallyVerified() - - when (secretName) { - MASTER_KEY_SSSS_NAME -> cryptoStore.getCrossSigningPrivateKeys()?.master - SELF_SIGNING_KEY_SSSS_NAME -> cryptoStore.getCrossSigningPrivateKeys()?.selfSigned - USER_SIGNING_KEY_SSSS_NAME -> cryptoStore.getCrossSigningPrivateKeys()?.user - KEYBACKUP_SECRET_SSSS_NAME -> cryptoStore.getKeyBackupRecoveryKeyInfo()?.recoveryKey - ?.let { - extractCurveKeyFromRecoveryKey(it)?.toBase64NoPadding() - } - else -> null - }?.let { secretValue -> - Timber.i("## CRYPTO | GOSSIP processIncomingSecretShareRequest() : Sharing secret $secretName with $device locally trusted") - if (isDeviceLocallyVerified == true && hasBeenVerifiedLessThanFiveMinutesFromNow(deviceId)) { - val params = SendGossipWorker.Params( - sessionId = sessionId, - secretValue = secretValue, - requestUserId = request.userId, - requestDeviceId = request.deviceId, - requestId = request.requestId, - txnId = createUniqueTxnId() - ) - - cryptoStore.updateGossipingRequestState(request, GossipingRequestState.ACCEPTING) - val workRequest = gossipingWorkManager.createWork(WorkerParamsFactory.toData(params), true) - gossipingWorkManager.postWork(workRequest) - } else { - Timber.v("## CRYPTO | GOSSIP processIncomingSecretShareRequest() : Can't share secret $secretName with $device, verification too old") - cryptoStore.updateGossipingRequestState(request, GossipingRequestState.REJECTED) - } - return - } - - Timber.v("## CRYPTO | GOSSIP processIncomingSecretShareRequest() : $secretName unknown at SDK level, asking to app layer") - - request.ignore = Runnable { - cryptoStore.updateGossipingRequestState(request, GossipingRequestState.REJECTED) - } - - request.share = { secretValue -> - val params = SendGossipWorker.Params( - sessionId = userId, - secretValue = secretValue, - requestUserId = request.userId, - requestDeviceId = request.deviceId, - requestId = request.requestId, - txnId = createUniqueTxnId() - ) - - cryptoStore.updateGossipingRequestState(request, GossipingRequestState.ACCEPTING) - val workRequest = gossipingWorkManager.createWork(WorkerParamsFactory.toData(params), true) - gossipingWorkManager.postWork(workRequest) - cryptoStore.updateGossipingRequestState(request, GossipingRequestState.ACCEPTED) - } - - onShareRequest(request) - } - - /** - * Dispatch onRoomKeyRequest - * - * @param request the request - */ - private fun onRoomKeyRequest(request: IncomingRoomKeyRequest) { - synchronized(gossipingRequestListeners) { - for (listener in gossipingRequestListeners) { - try { - listener.onRoomKeyRequest(request) - } catch (e: Exception) { - Timber.e(e, "## CRYPTO | onRoomKeyRequest() failed") - } - } - } - } - - /** - * Ask for a value to the listeners, and take the first one - */ - private fun onShareRequest(request: IncomingSecretShareRequest) { - synchronized(gossipingRequestListeners) { - for (listener in gossipingRequestListeners) { - try { - if (listener.onSecretShareRequest(request)) { - return - } - } catch (e: Exception) { - Timber.e(e, "## CRYPTO | GOSSIP onRoomKeyRequest() failed") - } - } - } - // Not handled, ignore - request.ignore?.run() - } - - /** - * A room key request cancellation has been received. - * - * @param request the cancellation request - */ - private fun onRoomKeyRequestCancellation(request: IncomingRequestCancellation) { - synchronized(gossipingRequestListeners) { - for (listener in gossipingRequestListeners) { - try { - listener.onRoomKeyRequestCancellation(request) - } catch (e: Exception) { - Timber.e(e, "## CRYPTO | GOSSIP onRoomKeyRequestCancellation() failed") - } - } - } - } - - fun addRoomKeysRequestListener(listener: GossipingRequestListener) { - synchronized(gossipingRequestListeners) { - gossipingRequestListeners.add(listener) - } - } - - fun removeRoomKeysRequestListener(listener: GossipingRequestListener) { - synchronized(gossipingRequestListeners) { - gossipingRequestListeners.remove(listener) - } - } - - companion object { - private const val FIVE_MINUTES_IN_MILLIS = 5 * 60 * 1000 - } -} diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/IncomingKeyRequestManager.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/IncomingKeyRequestManager.kt new file mode 100644 index 0000000000..7585becfa3 --- /dev/null +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/IncomingKeyRequestManager.kt @@ -0,0 +1,364 @@ +/* + * Copyright 2022 The Matrix.org Foundation C.I.C. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.matrix.android.sdk.internal.crypto + +import kotlinx.coroutines.CoroutineScope +import kotlinx.coroutines.SupervisorJob +import kotlinx.coroutines.asCoroutineDispatcher +import kotlinx.coroutines.cancel +import kotlinx.coroutines.launch +import kotlinx.coroutines.sync.withLock +import kotlinx.coroutines.withContext +import org.matrix.android.sdk.api.MatrixCoroutineDispatchers +import org.matrix.android.sdk.api.auth.data.Credentials +import org.matrix.android.sdk.api.crypto.MXCRYPTO_ALGORITHM_MEGOLM +import org.matrix.android.sdk.api.logger.LoggerTag +import org.matrix.android.sdk.api.session.crypto.keyshare.GossipingRequestListener +import org.matrix.android.sdk.api.session.crypto.model.CryptoDeviceInfo +import org.matrix.android.sdk.api.session.crypto.model.MXUsersDevicesMap +import org.matrix.android.sdk.api.session.crypto.model.RoomKeyShareRequest +import org.matrix.android.sdk.api.session.events.model.EventType +import org.matrix.android.sdk.api.session.events.model.content.RoomKeyWithHeldContent +import org.matrix.android.sdk.api.session.events.model.content.WithHeldCode +import org.matrix.android.sdk.internal.crypto.actions.EnsureOlmSessionsForDevicesAction +import org.matrix.android.sdk.internal.crypto.actions.MessageEncrypter +import org.matrix.android.sdk.internal.crypto.store.IMXCryptoStore +import org.matrix.android.sdk.internal.crypto.tasks.SendToDeviceTask +import org.matrix.android.sdk.internal.session.SessionScope +import org.matrix.android.sdk.internal.task.SemaphoreCoroutineSequencer +import timber.log.Timber +import java.util.concurrent.Executors +import javax.inject.Inject +import kotlin.system.measureTimeMillis + +private val loggerTag = LoggerTag("IncomingKeyRequestManager", LoggerTag.CRYPTO) + +@SessionScope +internal class IncomingKeyRequestManager @Inject constructor( + private val credentials: Credentials, + private val cryptoStore: IMXCryptoStore, + private val ensureOlmSessionsForDevicesAction: EnsureOlmSessionsForDevicesAction, + private val olmDevice: MXOlmDevice, + private val messageEncrypter: MessageEncrypter, + private val coroutineDispatchers: MatrixCoroutineDispatchers, + private val sendToDeviceTask: SendToDeviceTask) { + + private val dispatcher = Executors.newSingleThreadExecutor().asCoroutineDispatcher() + private val outgoingRequestScope = CoroutineScope(SupervisorJob() + dispatcher) + val sequencer = SemaphoreCoroutineSequencer() + + private val incomingRequestBuffer = mutableListOf() + + // the listeners + private val gossipingRequestListeners: MutableSet = HashSet() + + enum class MegolmRequestAction { + Request, Cancel + } + + data class ValidMegolmRequestBody( + val requestingUserId: String, + val requestingDeviceId: String, + val roomId: String, + val senderKey: String, + val sessionId: String, + val action: MegolmRequestAction + ) { + fun shortDbgString() = "Request from $requestingUserId|$requestingDeviceId for session $sessionId in room $roomId" + } + + private fun RoomKeyShareRequest.toValidMegolmRequest(senderId: String): ValidMegolmRequestBody? { + val deviceId = requestingDeviceId ?: return null + val body = body ?: return null + val roomId = body.roomId ?: return null + val sessionId = body.sessionId ?: return null + val senderKey = body.senderKey ?: return null + if (body.algorithm != MXCRYPTO_ALGORITHM_MEGOLM) return null + val action = when (this.action) { + "request" -> MegolmRequestAction.Request + "request_cancellation" -> MegolmRequestAction.Cancel + else -> null + } ?: return null + return ValidMegolmRequestBody( + requestingUserId = senderId, + requestingDeviceId = deviceId, + roomId = roomId, + senderKey = senderKey, + sessionId = sessionId, + action = action + ) + } + + fun addNewIncomingRequest(senderId: String, request: RoomKeyShareRequest) { + outgoingRequestScope.launch { + // It is important to handle requests in order + sequencer.post { + val validMegolmRequest = request.toValidMegolmRequest(senderId) ?: return@post Unit.also { + Timber.tag(loggerTag.value).w("Received key request for unknown algorithm ${request.body?.algorithm}") + } + + // is there already one like that? + val existing = incomingRequestBuffer.firstOrNull { it == validMegolmRequest } + if (existing == null) { + when (validMegolmRequest.action) { + MegolmRequestAction.Request -> { + // just add to the buffer + incomingRequestBuffer.add(validMegolmRequest) + } + MegolmRequestAction.Cancel -> { + // ignore, we can't cancel as it's not known (probably already processed) + } + } + } else { + when (validMegolmRequest.action) { + MegolmRequestAction.Request -> { + // it's already in buffer, nop keep existing + } + MegolmRequestAction.Cancel -> { + // discard the request in buffer + incomingRequestBuffer.remove(existing) + } + } + } + } + } + } + + fun processIncomingRequests() { + outgoingRequestScope.launch { + sequencer.post { + measureTimeMillis { + Timber.tag(loggerTag.value).v("processIncomingKeyRequests : ${incomingRequestBuffer.size} request to process") + incomingRequestBuffer.forEach { + // should not happen, we only store requests + if (it.action != MegolmRequestAction.Request) return@forEach + try { + handleIncomingRequest(it) + } catch (failure: Throwable) { + // ignore and continue, should not happen + Timber.tag(loggerTag.value).w(failure, "processIncomingKeyRequests : failed to process request $it") + } + } + incomingRequestBuffer.clear() + }.let { duration -> + Timber.tag(loggerTag.value).v("Finish processing incoming key request in $duration ms") + } + } + } + } + + private suspend fun handleIncomingRequest(request: ValidMegolmRequestBody) { + // We don't want to download keys, if we don't know the device yet we won't share any how? + val requestingDevice = + cryptoStore.getUserDevice(request.requestingUserId, request.requestingDeviceId) + ?: return Unit.also { + Timber.tag(loggerTag.value).d("Ignoring key request: ${request.shortDbgString()}") + } + + cryptoStore.saveIncomingKeyRequestAuditTrail( + request.roomId, + request.sessionId, + request.senderKey, + MXCRYPTO_ALGORITHM_MEGOLM, + request.requestingUserId, + request.requestingDeviceId + ) + + val roomAlgorithm = // withContext(coroutineDispatchers.crypto) { + cryptoStore.getRoomAlgorithm(request.roomId) +// } + if (roomAlgorithm != MXCRYPTO_ALGORITHM_MEGOLM) { + // strange we received a request for a room that is not encrypted + // maybe a broken state? + Timber.tag(loggerTag.value).w("Received a key request in a room with unsupported alg:$roomAlgorithm , req:${request.shortDbgString()}") + return + } + + // Is it for one of our sessions? + if (request.requestingUserId == credentials.userId) { + Timber.tag(loggerTag.value).v("handling request from own user: megolm session ${request.sessionId}") + + if (request.requestingDeviceId == credentials.deviceId) { + // ignore it's a remote echo + return + } + // If it's verified we share from the early index we know + // if not we check if it was originaly shared or not + if (requestingDevice.isVerified) { + // we share from the earliest known chain index + shareMegolmKey(request, requestingDevice, null) + } else { + shareIfItWasPreviouslyShared(request, requestingDevice) + } + } else { + Timber.tag(loggerTag.value).v("handling request from other user: megolm session ${request.sessionId}") + if (requestingDevice.isBlocked) { + // it's blocked, so send a withheld code + sendWithheldForRequest(request, WithHeldCode.BLACKLISTED) + } else { + shareIfItWasPreviouslyShared(request, requestingDevice) + } + } + } + + private suspend fun shareIfItWasPreviouslyShared(request: ValidMegolmRequestBody, requestingDevice: CryptoDeviceInfo) { + // we don't reshare unless it was previously shared with + val wasSessionSharedWithUser = withContext(coroutineDispatchers.crypto) { + cryptoStore.getSharedSessionInfo(request.roomId, request.sessionId, requestingDevice) + } + if (wasSessionSharedWithUser.found && wasSessionSharedWithUser.chainIndex != null) { + // we share from the index it was previously shared with + shareMegolmKey(request, requestingDevice, wasSessionSharedWithUser.chainIndex.toLong()) + } else { + sendWithheldForRequest(request, WithHeldCode.UNAUTHORISED) + // TODO if it's our device we could delegate to the app layer to decide? + } + } + + private suspend fun sendWithheldForRequest(request: ValidMegolmRequestBody, code: WithHeldCode) { + val withHeldContent = RoomKeyWithHeldContent( + roomId = request.roomId, + senderKey = request.senderKey, + algorithm = MXCRYPTO_ALGORITHM_MEGOLM, + sessionId = request.sessionId, + codeString = code.value, + fromDevice = credentials.deviceId + ) + + val params = SendToDeviceTask.Params( + EventType.ROOM_KEY_WITHHELD, + MXUsersDevicesMap().apply { + setObject(request.requestingUserId, request.requestingDeviceId, withHeldContent) + } + ) + try { + withContext(coroutineDispatchers.io) { + sendToDeviceTask.execute(params) + Timber.tag(loggerTag.value) + .d("Send withheld $code req: ${request.shortDbgString()}") + } + + cryptoStore.saveWithheldAuditTrail( + request.roomId, + request.sessionId, + request.senderKey, + MXCRYPTO_ALGORITHM_MEGOLM, + code, + request.requestingUserId, + request.requestingDeviceId + ) + } catch (failure: Throwable) { + // Ignore it's not that important? + // do we want to fallback to a worker? + Timber.tag(loggerTag.value) + .w("Failed to send withheld $code req: ${request.shortDbgString()} reason:${failure.localizedMessage}") + } + } + + private suspend fun shareMegolmKey(validRequest: ValidMegolmRequestBody, + requestingDevice: CryptoDeviceInfo, + chainIndex: Long?): Boolean { + Timber.tag(loggerTag.value) + .d("try to re-share Megolm Key at index $chainIndex for ${validRequest.shortDbgString()}") + + val devicesByUser = mapOf(validRequest.requestingUserId to listOf(requestingDevice)) + val usersDeviceMap = try { + ensureOlmSessionsForDevicesAction.handle(devicesByUser) + } catch (failure: Throwable) { + Timber.tag(loggerTag.value) + .w("Failed to establish olm session") + sendWithheldForRequest(validRequest, WithHeldCode.NO_OLM) + return false + } + + val olmSessionResult = usersDeviceMap.getObject(requestingDevice.userId, requestingDevice.deviceId) + if (olmSessionResult?.sessionId == null) { + Timber.tag(loggerTag.value) + .w("reshareKey: no session with this device, probably because there were no one-time keys") + sendWithheldForRequest(validRequest, WithHeldCode.NO_OLM) + return false + } + val sessionHolder = try { + olmDevice.getInboundGroupSession(validRequest.sessionId, validRequest.senderKey, validRequest.roomId) + } catch (failure: Throwable) { + Timber.tag(loggerTag.value) + .e(failure, "shareKeysWithDevice: failed to get session ${validRequest.requestingUserId}") + // It's unavailable + sendWithheldForRequest(validRequest, WithHeldCode.UNAVAILABLE) + return false + } + + val export = sessionHolder.mutex.withLock { + sessionHolder.wrapper.exportKeys(chainIndex) + } ?: return false.also { + Timber.tag(loggerTag.value) + .e("shareKeysWithDevice: failed to export group session ${validRequest.sessionId}") + } + + val payloadJson = mapOf( + "type" to EventType.FORWARDED_ROOM_KEY, + "content" to export + ) + + val encodedPayload = messageEncrypter.encryptMessage(payloadJson, listOf(requestingDevice)) + val sendToDeviceMap = MXUsersDevicesMap() + sendToDeviceMap.setObject(requestingDevice.userId, requestingDevice.deviceId, encodedPayload) + Timber.tag(loggerTag.value).d("reshareKey() : try sending session ${validRequest.sessionId} to ${requestingDevice.shortDebugString()}") + val sendToDeviceParams = SendToDeviceTask.Params(EventType.ENCRYPTED, sendToDeviceMap) + return try { + sendToDeviceTask.execute(sendToDeviceParams) + Timber.tag(loggerTag.value) + .i("successfully re-shared session ${validRequest.sessionId} to ${requestingDevice.shortDebugString()}") + cryptoStore.saveForwardKeyAuditTrail( + validRequest.roomId, + validRequest.sessionId, + validRequest.senderKey, + MXCRYPTO_ALGORITHM_MEGOLM, + requestingDevice.userId, + requestingDevice.deviceId, + chainIndex) + true + } catch (failure: Throwable) { + Timber.tag(loggerTag.value) + .e(failure, "fail to re-share session ${validRequest.sessionId} to ${requestingDevice.shortDebugString()}") + false + } + } + + fun addRoomKeysRequestListener(listener: GossipingRequestListener) { + synchronized(gossipingRequestListeners) { + // TODO + gossipingRequestListeners.add(listener) + } + } + + fun removeRoomKeysRequestListener(listener: GossipingRequestListener) { + synchronized(gossipingRequestListeners) { + // TODO + gossipingRequestListeners.remove(listener) + } + } + + fun close() { + try { + outgoingRequestScope.cancel("User Terminate") + incomingRequestBuffer.clear() + } catch (failure: Throwable) { + Timber.tag(loggerTag.value).w("Failed to shutDown request manager") + } + } +} diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/MXOlmDevice.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/MXOlmDevice.kt index 4947761f05..f12cefeb9a 100755 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/MXOlmDevice.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/MXOlmDevice.kt @@ -42,7 +42,6 @@ import org.matrix.olm.OlmOutboundGroupSession import org.matrix.olm.OlmSession import org.matrix.olm.OlmUtility import timber.log.Timber -import java.net.URLEncoder import javax.inject.Inject private val loggerTag = LoggerTag("MXOlmDevice", LoggerTag.CRYPTO) @@ -329,13 +328,13 @@ internal class MXOlmDevice @Inject constructor( Timber.tag(loggerTag.value).e(e, "## createInboundSession() : removeOneTimeKeys failed") } - Timber.tag(loggerTag.value).v("## createInboundSession() : ciphertext: $ciphertext") - try { - val sha256 = olmUtility!!.sha256(URLEncoder.encode(ciphertext, "utf-8")) - Timber.tag(loggerTag.value).v("## createInboundSession() :ciphertext: SHA256: $sha256") - } catch (e: Exception) { - Timber.tag(loggerTag.value).e(e, "## createInboundSession() :ciphertext: cannot encode ciphertext") - } +// Timber.tag(loggerTag.value).v("## createInboundSession() : ciphertext: $ciphertext.") +// try { +// val sha256 = olmUtility!!.sha256(URLEncoder.encode(ciphertext, "utf-8")) +// Timber.tag(loggerTag.value).v("## createInboundSession() :ciphertext: SHA256: $sha256") +// } catch (e: Exception) { +// Timber.tag(loggerTag.value).e(e, "## createInboundSession() :ciphertext: cannot encode ciphertext") +// } val olmMessage = OlmMessage() olmMessage.mCipherText = ciphertext @@ -787,7 +786,7 @@ internal class MXOlmDevice @Inject constructor( if (timelineSet.contains(messageIndexKey)) { val reason = String.format(MXCryptoError.DUPLICATE_MESSAGE_INDEX_REASON, decryptResult.mIndex) - Timber.tag(loggerTag.value).e("## decryptGroupMessage() : $reason") + Timber.tag(loggerTag.value).e("## decryptGroupMessage() timelineId=$timeline: $reason") throw MXCryptoError.Base(MXCryptoError.ErrorType.DUPLICATED_MESSAGE_INDEX, reason) } diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingGossipingRequest.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingGossipingRequest.kt index 2438e01102..7f41b50e38 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingGossipingRequest.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingGossipingRequest.kt @@ -16,12 +16,10 @@ package org.matrix.android.sdk.internal.crypto -import org.matrix.android.sdk.api.session.crypto.model.OutgoingGossipingRequestState - -internal interface OutgoingGossipingRequest { - val recipients: Map> - val requestId: String - val state: OutgoingGossipingRequestState +interface OutgoingGossipingRequest { + var recipients: Map> + var requestId: String + var state: OutgoingRoomKeyRequestState // transaction id for the cancellation, if any // var cancellationTxnId: String? } diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingGossipingRequestManager.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingGossipingRequestManager.kt index e6f6ac5053..0662be1e59 100755 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingGossipingRequestManager.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingGossipingRequestManager.kt @@ -17,151 +17,327 @@ package org.matrix.android.sdk.internal.crypto import kotlinx.coroutines.CoroutineScope -import kotlinx.coroutines.delay +import kotlinx.coroutines.SupervisorJob +import kotlinx.coroutines.asCoroutineDispatcher +import kotlinx.coroutines.cancel import kotlinx.coroutines.launch +import kotlinx.coroutines.withContext import org.matrix.android.sdk.api.MatrixCoroutineDispatchers -import org.matrix.android.sdk.api.session.crypto.model.OutgoingGossipingRequestState -import org.matrix.android.sdk.api.session.crypto.model.OutgoingRoomKeyRequest +import org.matrix.android.sdk.api.crypto.MXCRYPTO_ALGORITHM_MEGOLM +import org.matrix.android.sdk.api.logger.LoggerTag +import org.matrix.android.sdk.api.session.crypto.model.GossipingToDeviceObject +import org.matrix.android.sdk.api.session.crypto.model.MXUsersDevicesMap +import org.matrix.android.sdk.api.session.crypto.model.OutgoingRoomKeyRequestState import org.matrix.android.sdk.api.session.crypto.model.RoomKeyRequestBody +import org.matrix.android.sdk.api.session.crypto.model.RoomKeyShareRequest +import org.matrix.android.sdk.api.session.events.model.Event +import org.matrix.android.sdk.api.session.events.model.EventType import org.matrix.android.sdk.internal.crypto.store.IMXCryptoStore -import org.matrix.android.sdk.internal.crypto.tasks.createUniqueTxnId -import org.matrix.android.sdk.internal.crypto.util.RequestIdHelper +import org.matrix.android.sdk.internal.crypto.tasks.DefaultSendToDeviceTask +import org.matrix.android.sdk.internal.crypto.tasks.SendToDeviceTask import org.matrix.android.sdk.internal.di.SessionId import org.matrix.android.sdk.internal.session.SessionScope -import org.matrix.android.sdk.internal.worker.WorkerParamsFactory +import org.matrix.android.sdk.internal.task.SemaphoreCoroutineSequencer import timber.log.Timber +import java.util.Stack +import java.util.concurrent.Executors import javax.inject.Inject +import kotlin.system.measureTimeMillis +private val loggerTag = LoggerTag("OutgoingGossipingRequestManager", LoggerTag.CRYPTO) + +/** + * This class is responsible for sending key requests to other devices when a message failed to decrypt. + * It's lifecycle is based on the sync pulse: + * - You can post queries for session, or report when you got a session + * - At the end of the sync (onSyncComplete) it will then process all the posted request and send to devices + * If a request failed it will be retried at the end of the next sync + */ @SessionScope internal class OutgoingGossipingRequestManager @Inject constructor( @SessionId private val sessionId: String, private val cryptoStore: IMXCryptoStore, private val coroutineDispatchers: MatrixCoroutineDispatchers, - private val cryptoCoroutineScope: CoroutineScope, - private val gossipingWorkManager: GossipingWorkManager) { + private val sendToDeviceTask: DefaultSendToDeviceTask, + private val perSessionBackupQueryRateLimiter: PerSessionBackupQueryRateLimiter) { - /** - * Send off a room key request, if we haven't already done so. - * - * - * The `requestBody` is compared (with a deep-equality check) against - * previous queued or sent requests and if it matches, no change is made. - * Otherwise, a request is added to the pending list, and a job is started - * in the background to send it. - * - * @param requestBody requestBody - * @param recipients recipients - */ - fun sendRoomKeyRequest(requestBody: RoomKeyRequestBody, recipients: Map>) { - cryptoCoroutineScope.launch(coroutineDispatchers.crypto) { - cryptoStore.getOrAddOutgoingRoomKeyRequest(requestBody, recipients)?.let { - // Don't resend if it's already done, you need to cancel first (reRequest) - if (it.state == OutgoingGossipingRequestState.SENDING || it.state == OutgoingGossipingRequestState.SENT) { - Timber.v("## CRYPTO - GOSSIP sendOutgoingRoomKeyRequest() : we already request for that session: $it") - return@launch - } + private val dispatcher = Executors.newSingleThreadExecutor().asCoroutineDispatcher() + private val outgoingRequestScope = CoroutineScope(SupervisorJob() + dispatcher) + private val sequencer = SemaphoreCoroutineSequencer() - sendOutgoingGossipingRequest(it) - } - } - } + // We only have one active key request per session, so we don't request if it's already requested + // But it could make sense to check more the backup, as it's evolving. + // We keep a stack as we consider that the key requested last is more likely to be on screen? + private val requestDiscardedBecauseAlreadySentThatCouldBeTriedWithBackup = Stack() - fun sendSecretShareRequest(secretName: String, recipients: Map>) { - cryptoCoroutineScope.launch(coroutineDispatchers.crypto) { - // A bit dirty, but for better stability give other party some time to mark - // devices trusted :/ - delay(1500) - cryptoStore.getOrAddOutgoingSecretShareRequest(secretName, recipients)?.let { - // TODO check if there is already one that is being sent? - if (it.state == OutgoingGossipingRequestState.SENDING - /**|| it.state == OutgoingGossipingRequestState.SENT*/ - ) { - Timber.v("## CRYPTO - GOSSIP sendSecretShareRequest() : we are already sending for that session: $it") - return@launch - } - - sendOutgoingGossipingRequest(it) + fun postRoomKeyRequest(requestBody: RoomKeyRequestBody, recipients: Map>, force: Boolean = false) { + outgoingRequestScope.launch { + sequencer.post { + internalQueueRequest(requestBody, recipients, force) } } } /** - * Cancel room key requests, if any match the given details - * - * @param requestBody requestBody + * Typically called when we the session as been imported or received meanwhile */ - fun cancelRoomKeyRequest(requestBody: RoomKeyRequestBody) { - cryptoCoroutineScope.launch(coroutineDispatchers.computation) { - cancelRoomKeyRequest(requestBody, false) + fun postCancelRequestForSessionIfNeeded(sessionId: String, roomId: String, senderKey: String) { + outgoingRequestScope.launch { + sequencer.post { + internalQueueCancelRequest(sessionId, roomId, senderKey) + } + } + } + + fun onRoomKeyForwarded(sessionId: String, + algorithm: String, + roomId: String, + senderKey: String, + fromDevice: String?, + event: Event) { + Timber.tag(loggerTag.value).v("Key forwarded for $sessionId from ${event.senderId}|$fromDevice") + outgoingRequestScope.launch { + sequencer.post { + cryptoStore.updateOutgoingRoomKeyReply( + roomId, + sessionId, + algorithm, + senderKey, + fromDevice, + event + ) + } + } + } + + fun onRoomKeyWithHeld(sessionId: String, + algorithm: String, + roomId: String, + senderKey: String, + fromDevice: String?, + event: Event) { + outgoingRequestScope.launch { + sequencer.post { + Timber.tag(loggerTag.value).d("Withheld received for $sessionId from ${event.senderId}|$fromDevice") + cryptoStore.updateOutgoingRoomKeyReply( + roomId, + sessionId, + algorithm, + senderKey, + fromDevice, + event + ) + } } } /** - * Cancel room key requests, if any match the given details, and resend - * - * @param requestBody requestBody + * Should be called after a sync, ideally if no catchup sync needed (as keys might arrive in those) */ - fun resendRoomKeyRequest(requestBody: RoomKeyRequestBody) { - cryptoCoroutineScope.launch(coroutineDispatchers.computation) { - cancelRoomKeyRequest(requestBody, true) + fun requireProcessAllPendingKeyRequests() { + outgoingRequestScope.launch { + sequencer.post { + internalProcessPendingKeyRequests() + } } } - /** - * Cancel room key requests, if any match the given details, and resend - * - * @param requestBody requestBody - * @param andResend true to resend the key request - */ - private fun cancelRoomKeyRequest(requestBody: RoomKeyRequestBody, andResend: Boolean) { - val req = cryptoStore.getOutgoingRoomKeyRequest(requestBody) // no request was made for this key - ?: return Unit.also { - Timber.v("## CRYPTO - GOSSIP cancelRoomKeyRequest() Unknown request $requestBody") - } - - sendOutgoingRoomKeyRequestCancellation(req, andResend) - } - - /** - * Send the outgoing key request. - * - * @param request the request - */ - private fun sendOutgoingGossipingRequest(request: OutgoingGossipingRequest) { - Timber.v("## CRYPTO - GOSSIP sendOutgoingGossipingRequest() : Requesting keys $request") - - val params = SendGossipRequestWorker.Params( + private fun internalQueueCancelRequest(sessionId: String, roomId: String, senderKey: String) { + // do we have known requests for that session?? + Timber.tag(loggerTag.value).v("Cancel Key Request if needed for $sessionId") + val knownRequest = cryptoStore.getOutgoingRoomKeyRequest( + algorithm = MXCRYPTO_ALGORITHM_MEGOLM, + roomId = roomId, sessionId = sessionId, - keyShareRequest = request as? OutgoingRoomKeyRequest, - secretShareRequest = request as? OutgoingSecretRequest, - txnId = createUniqueTxnId() + senderKey = senderKey ) - cryptoStore.updateOutgoingGossipingRequestState(request.requestId, OutgoingGossipingRequestState.SENDING) - val workRequest = gossipingWorkManager.createWork(WorkerParamsFactory.toData(params), true) - gossipingWorkManager.postWork(workRequest) + if (knownRequest.isEmpty()) return Unit.also { + Timber.tag(loggerTag.value).v("Handle Cancel Key Request for $sessionId -- Was not currently requested") + } + if (knownRequest.size > 1) { + // It's worth logging, there should be only one + Timber.tag(loggerTag.value).w("Found multiple requests for same sessionId $sessionId") + } + knownRequest.forEach { request -> + when (request.state) { + OutgoingRoomKeyRequestState.UNSENT -> { + cryptoStore.deleteOutgoingRoomKeyRequest(request.requestId) + } + OutgoingRoomKeyRequestState.SENT -> { + // It was already sent, so cancel + cryptoStore.updateOutgoingRoomKeyRequestState(request.requestId, OutgoingRoomKeyRequestState.CANCELLATION_PENDING) + } + OutgoingRoomKeyRequestState.CANCELLATION_PENDING -> { + // It is already marked to be cancelled + } + OutgoingRoomKeyRequestState.CANCELLATION_PENDING_AND_WILL_RESEND -> { + // we just want to cancel now + cryptoStore.updateOutgoingRoomKeyRequestState(request.requestId, OutgoingRoomKeyRequestState.CANCELLATION_PENDING) + } + } + } } - /** - * Given a OutgoingRoomKeyRequest, cancel it and delete the request record - * - * @param request the request - */ - private fun sendOutgoingRoomKeyRequestCancellation(request: OutgoingRoomKeyRequest, resend: Boolean = false) { - Timber.v("## CRYPTO - sendOutgoingRoomKeyRequestCancellation $request") - val params = CancelGossipRequestWorker.Params.fromRequest(sessionId, request) - cryptoStore.updateOutgoingGossipingRequestState(request.requestId, OutgoingGossipingRequestState.CANCELLING) + fun close() { + try { + outgoingRequestScope.cancel("User Terminate") + requestDiscardedBecauseAlreadySentThatCouldBeTriedWithBackup.clear() + } catch (failure: Throwable) { + Timber.tag(loggerTag.value).w("Failed to shutDown request manager") + } + } - val workRequest = gossipingWorkManager.createWork(WorkerParamsFactory.toData(params), true) - gossipingWorkManager.postWork(workRequest) + private fun internalQueueRequest(requestBody: RoomKeyRequestBody, recipients: Map>, force: Boolean) { + Timber.tag(loggerTag.value).d("Queueing key request for ${requestBody.sessionId}") + val existing = cryptoStore.getOrAddOutgoingRoomKeyRequest(requestBody, recipients) + when (existing.state) { + OutgoingRoomKeyRequestState.UNSENT -> { + // nothing it's new or not yet handled + } + OutgoingRoomKeyRequestState.SENT -> { + // it was already requested + Timber.tag(loggerTag.value).w("The session ${requestBody.sessionId} is already requested") + if (force) { + // update to UNSENT + Timber.tag(loggerTag.value).w(".. force to request ${requestBody.sessionId}") + cryptoStore.updateOutgoingRoomKeyRequestState(existing.requestId, OutgoingRoomKeyRequestState.CANCELLATION_PENDING_AND_WILL_RESEND) + } else { + requestDiscardedBecauseAlreadySentThatCouldBeTriedWithBackup.push(existing.requestId) + } + } + OutgoingRoomKeyRequestState.CANCELLATION_PENDING -> { + // request is canceled only if I got the keys so what to do here... + if (force) { + cryptoStore.updateOutgoingRoomKeyRequestState(existing.requestId, OutgoingRoomKeyRequestState.CANCELLATION_PENDING_AND_WILL_RESEND) + } + } + OutgoingRoomKeyRequestState.CANCELLATION_PENDING_AND_WILL_RESEND -> { + // It's already going to resend + } + } + } - if (resend) { - val reSendParams = SendGossipRequestWorker.Params( - sessionId = sessionId, - keyShareRequest = request.copy(requestId = RequestIdHelper.createUniqueRequestId()), - txnId = createUniqueTxnId() - ) - val reSendWorkRequest = gossipingWorkManager.createWork(WorkerParamsFactory.toData(reSendParams), true) - gossipingWorkManager.postWork(reSendWorkRequest) + private suspend fun internalProcessPendingKeyRequests() { + val toProcess = cryptoStore.getOutgoingRoomKeyRequests(OutgoingRoomKeyRequestState.pendingStates()) + Timber.tag(loggerTag.value).v("Processing all pending key requests (found ${toProcess.size} pending)") + + measureTimeMillis { + toProcess.forEach { + when (it.state) { + OutgoingRoomKeyRequestState.UNSENT -> handleUnsentRequest(it) + OutgoingRoomKeyRequestState.CANCELLATION_PENDING -> handleRequestToCancel(it) + OutgoingRoomKeyRequestState.CANCELLATION_PENDING_AND_WILL_RESEND -> handleRequestToCancelWillResend(it) + OutgoingRoomKeyRequestState.SENT -> { + // these are filtered out + } + } + } + }.let { + Timber.tag(loggerTag.value).v("Finish processing pending key request in $it ms") + } + + val maxBackupCallsBySync = 60 + var currentCalls = 0 + measureTimeMillis { + while (requestDiscardedBecauseAlreadySentThatCouldBeTriedWithBackup.isNotEmpty() && currentCalls < maxBackupCallsBySync) { + requestDiscardedBecauseAlreadySentThatCouldBeTriedWithBackup.pop().let { + val req = cryptoStore.getOutgoingRoomKeyRequest(it) + val sessionId = req?.sessionId ?: return@let + val roomId = req.roomId ?: return@let + // we want to rate limit that somehow :/ + perSessionBackupQueryRateLimiter.tryFromBackupIfPossible(sessionId, roomId) + } + currentCalls++ + } + }.let { + Timber.tag(loggerTag.value).v("Finish querying backup in $it ms") + } + } + + private suspend fun handleUnsentRequest(request: OutgoingKeyRequest) { + // In order to avoid generating to_device traffic, we can first check if the key is backed up + Timber.tag(loggerTag.value).v("Handling unsent request for megolm session ${request.sessionId} in ${request.roomId}") + val sessionId = request.sessionId ?: return + val roomId = request.roomId ?: return + if (perSessionBackupQueryRateLimiter.tryFromBackupIfPossible(sessionId, roomId)) { + // we found the key in backup, so we can just mark as cancelled, no need to send request + Timber.tag(loggerTag.value).v("Megolm session $sessionId successfully restored from backup, do not send request") + cryptoStore.deleteOutgoingRoomKeyRequest(request.requestId) + return + } + + // we need to send the request + val toDeviceContent = RoomKeyShareRequest( + requestingDeviceId = cryptoStore.getDeviceId(), + requestId = request.requestId, + action = GossipingToDeviceObject.ACTION_SHARE_REQUEST, + body = request.requestBody + ) + val contentMap = MXUsersDevicesMap() + request.recipients.forEach { userToDeviceMap -> + userToDeviceMap.value.forEach { deviceId -> + contentMap.setObject(userToDeviceMap.key, deviceId, toDeviceContent) + } + } + + val params = SendToDeviceTask.Params( + eventType = EventType.ROOM_KEY_REQUEST, + contentMap = contentMap, + transactionId = request.requestId + ) + try { + withContext(coroutineDispatchers.io) { + sendToDeviceTask.executeRetry(params, 3) + } + Timber.tag(loggerTag.value).d("Key request sent for $sessionId in room $roomId to ${request.recipients}") + // The request was sent, so update state + cryptoStore.updateOutgoingRoomKeyRequestState(request.requestId, OutgoingRoomKeyRequestState.SENT) + // TODO update the audit trail + } catch (failure: Throwable) { + Timber.tag(loggerTag.value).v("Failed to request $sessionId targets:${request.recipients}") + } + } + + private suspend fun handleRequestToCancel(request: OutgoingKeyRequest): Boolean { + Timber.tag(loggerTag.value).v("handleRequestToCancel for megolm session ${request.sessionId}") + // we have to cancel this + val toDeviceContent = RoomKeyShareRequest( + requestingDeviceId = cryptoStore.getDeviceId(), + requestId = request.requestId, + action = GossipingToDeviceObject.ACTION_SHARE_CANCELLATION + ) + val contentMap = MXUsersDevicesMap() + request.recipients.forEach { userToDeviceMap -> + userToDeviceMap.value.forEach { deviceId -> + contentMap.setObject(userToDeviceMap.key, deviceId, toDeviceContent) + } + } + + val params = SendToDeviceTask.Params( + eventType = EventType.ROOM_KEY_REQUEST, + contentMap = contentMap, + transactionId = request.requestId + ) + return try { + withContext(coroutineDispatchers.io) { + sendToDeviceTask.executeRetry(params, 3) + } + // The request cancellation was sent, we can forget about it + cryptoStore.deleteOutgoingRoomKeyRequest(request.requestId) + // TODO update the audit trail + true + } catch (failure: Throwable) { + Timber.tag(loggerTag.value).v("Failed to cancel request ${request.requestId} for session $sessionId targets:${request.recipients}") + false + } + } + + private suspend fun handleRequestToCancelWillResend(request: OutgoingKeyRequest) { + if (handleRequestToCancel(request)) { + // we have to create a new unsent one + val body = request.requestBody ?: return + // this will create a new unsent request that will be process in the following call + cryptoStore.getOrAddOutgoingRoomKeyRequest(body, request.recipients) } } } diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingKeyRequest.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingKeyRequest.kt new file mode 100644 index 0000000000..57cabc29a0 --- /dev/null +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingKeyRequest.kt @@ -0,0 +1,58 @@ +/* + * Copyright (c) 2022 New Vector Ltd + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.matrix.android.sdk.internal.crypto + +import org.matrix.android.sdk.api.session.crypto.model.OutgoingRoomKeyRequestState +import org.matrix.android.sdk.api.session.crypto.model.RoomKeyRequestBody +import org.matrix.android.sdk.api.session.events.model.content.WithHeldCode + +data class RequestReply( + val userId: String, + val fromDevice: String?, + val result: RequestResult +) + +sealed class RequestResult { + object Success : RequestResult() + data class Failure(val code: WithHeldCode) : RequestResult() +} + +data class OutgoingKeyRequest( + var requestBody: RoomKeyRequestBody?, + // recipients for the request map of users to list of deviceId + val recipients: Map>, + // Unique id for this request. Used for both + // an id within the request for later pairing with a cancellation, and for + // the transaction id when sending the to_device messages to our local + val requestId: String, // current state of this request + val state: OutgoingRoomKeyRequestState, + val results: List +) { + /** + * Used only for log. + * + * @return the room id. + */ + val roomId = requestBody?.roomId + + /** + * Used only for log. + * + * @return the session id + */ + val sessionId = requestBody?.sessionId +} diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingSecretRequest.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingSecretRequest.kt index 2ba2f5c817..27ab1ca542 100755 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingSecretRequest.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingSecretRequest.kt @@ -17,7 +17,7 @@ package org.matrix.android.sdk.internal.crypto import com.squareup.moshi.JsonClass -import org.matrix.android.sdk.api.session.crypto.model.OutgoingGossipingRequestState +import org.matrix.android.sdk.api.session.crypto.model.OutgoingRoomKeyRequestState /** * Represents an outgoing room key request @@ -33,7 +33,7 @@ internal class OutgoingSecretRequest( // the transaction id when sending the to_device messages to our local override var requestId: String, // current state of this request - override var state: OutgoingGossipingRequestState) : OutgoingGossipingRequest { + override var state: OutgoingRoomKeyRequestState) : OutgoingGossipingRequest { // transaction id for the cancellation, if any } diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/PerSessionBackupQueryRateLimiter.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/PerSessionBackupQueryRateLimiter.kt new file mode 100644 index 0000000000..65fcfd4f8d --- /dev/null +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/PerSessionBackupQueryRateLimiter.kt @@ -0,0 +1,131 @@ +/* + * Copyright 2022 The Matrix.org Foundation C.I.C. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.matrix.android.sdk.internal.crypto + +import dagger.Lazy +import kotlinx.coroutines.withContext +import org.matrix.android.sdk.api.MatrixCoroutineDispatchers +import org.matrix.android.sdk.api.logger.LoggerTag +import org.matrix.android.sdk.internal.crypto.keysbackup.DefaultKeysBackupService +import org.matrix.android.sdk.internal.crypto.keysbackup.model.rest.KeysVersionResult +import org.matrix.android.sdk.internal.crypto.model.ImportRoomKeysResult +import org.matrix.android.sdk.internal.crypto.store.IMXCryptoStore +import org.matrix.android.sdk.internal.crypto.store.SavedKeyBackupKeyInfo +import org.matrix.android.sdk.internal.util.awaitCallback +import timber.log.Timber +import javax.inject.Inject + +// I keep the same name as OutgoingGossipingRequestManager to ease filtering of logs +private val loggerTag = LoggerTag("OutgoingGossipingRequestManager", LoggerTag.CRYPTO) + +/** + * Used to try to get the key for UISI messages before sending room key request. + * We are adding some rate limiting to avoid querying too much for a key not in backup. + * Nonetheless the backup can be updated so we might want to retry from time to time. + */ +internal class PerSessionBackupQueryRateLimiter @Inject constructor( + private val coroutineDispatchers: MatrixCoroutineDispatchers, + private val keysBackupService: Lazy, + private val cryptoStore: IMXCryptoStore +) { + + companion object { + val MIN_TRY_BACKUP_PERIOD_MILLIS = 60 * 60_000 // 1 hour + } + + data class Info( + val megolmSessionId: String, + val roomId: String + ) + + data class LastTry( + val backupVersion: String, + val timestamp: Long = System.currentTimeMillis() + ) + + /** + * Remember what we already tried (a key not in backup or some server issue) + * We might want to retry from time to time as the backup could have been updated + */ + private val lastFailureMap = mutableMapOf() + + private var backupVersion: KeysVersionResult? = null + private var savedKeyBackupKeyInfo: SavedKeyBackupKeyInfo? = null + var backupWasCheckedFromServer: Boolean = false + var now = System.currentTimeMillis() + + private fun refreshBackupInfoIfNeeded(force: Boolean = false) { + if (backupWasCheckedFromServer && !force) return + Timber.tag(loggerTag.value).v("Checking if can access a backup") + backupWasCheckedFromServer = true + val knownBackupSecret = cryptoStore.getKeyBackupRecoveryKeyInfo() + ?: return Unit.also { + Timber.tag(loggerTag.value).v("We don't have the backup secret!") + } + this.backupVersion = keysBackupService.get().keysBackupVersion + this.savedKeyBackupKeyInfo = knownBackupSecret + } + + suspend fun tryFromBackupIfPossible(sessionId: String, roomId: String): Boolean { + Timber.tag(loggerTag.value).v("tryFromBackupIfPossible for session:$sessionId in $roomId") + refreshBackupInfoIfNeeded() + val currentVersion = backupVersion + if (savedKeyBackupKeyInfo?.version == null || + currentVersion == null || + currentVersion.version != savedKeyBackupKeyInfo?.version) { + // We can't access the backup + Timber.tag(loggerTag.value).v("Can't get backup version info") + return false + } + val cacheKey = Info(sessionId, roomId) + val lastTry = lastFailureMap[cacheKey] + val shouldQuery = + lastTry == null || + lastTry.backupVersion != currentVersion.version || + (now - lastTry.timestamp) > MIN_TRY_BACKUP_PERIOD_MILLIS + + if (!shouldQuery) return false + + val successfullyImported = withContext(coroutineDispatchers.io) { + try { + awaitCallback { + keysBackupService.get().restoreKeysWithRecoveryKey( + currentVersion, + savedKeyBackupKeyInfo?.recoveryKey ?: "", + roomId, + sessionId, + null, + it + ) + }.successfullyNumberOfImportedKeys + } catch (failure: Throwable) { + // Fail silently + Timber.tag(loggerTag.value).v("getFromBackup failed ${failure.localizedMessage}") + 0 + } + } + if (successfullyImported == 1) { + Timber.tag(loggerTag.value).v("Found key in backup session:$sessionId in $roomId") + lastFailureMap.remove(cacheKey) + return true + } else { + Timber.tag(loggerTag.value).v("Failed to find key in backup session:$sessionId in $roomId") + lastFailureMap[cacheKey] = LastTry(currentVersion.version) + return false + } + } +} diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/RoomEncryptorsStore.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/RoomEncryptorsStore.kt index ba97d96133..169bfca4e1 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/RoomEncryptorsStore.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/RoomEncryptorsStore.kt @@ -17,11 +17,19 @@ package org.matrix.android.sdk.internal.crypto import org.matrix.android.sdk.internal.crypto.algorithms.IMXEncrypting +import org.matrix.android.sdk.internal.crypto.algorithms.megolm.MXMegolmEncryptionFactory +import org.matrix.android.sdk.internal.crypto.algorithms.olm.MXOlmEncryptionFactory +import org.matrix.android.sdk.internal.crypto.store.IMXCryptoStore import org.matrix.android.sdk.internal.session.SessionScope import javax.inject.Inject @SessionScope -internal class RoomEncryptorsStore @Inject constructor() { +internal class RoomEncryptorsStore @Inject constructor( + private val cryptoStore: IMXCryptoStore, + // Repository + private val megolmEncryptionFactory: MXMegolmEncryptionFactory, + private val olmEncryptionFactory: MXOlmEncryptionFactory, +) { // MXEncrypting instance for each room. private val roomEncryptors = mutableMapOf() @@ -34,7 +42,18 @@ internal class RoomEncryptorsStore @Inject constructor() { fun get(roomId: String): IMXEncrypting? { return synchronized(roomEncryptors) { - roomEncryptors[roomId] + val cache = roomEncryptors[roomId] + if (cache != null) { + return@synchronized cache + } else { + val alg: IMXEncrypting? = when (cryptoStore.getRoomAlgorithm(roomId)) { + MXCRYPTO_ALGORITHM_MEGOLM -> megolmEncryptionFactory.create(roomId) + MXCRYPTO_ALGORITHM_OLM -> olmEncryptionFactory.create(roomId) + else -> null + } + alg?.let { roomEncryptors.put(roomId, it) } + return@synchronized alg + } } } } diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/SecretShareManager.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/SecretShareManager.kt new file mode 100644 index 0000000000..9adef9df9f --- /dev/null +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/SecretShareManager.kt @@ -0,0 +1,274 @@ +/* + * Copyright (c) 2022 New Vector Ltd + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.matrix.android.sdk.internal.crypto + +import kotlinx.coroutines.CoroutineScope +import kotlinx.coroutines.launch +import kotlinx.coroutines.sync.Mutex +import kotlinx.coroutines.sync.withLock +import kotlinx.coroutines.withContext +import org.matrix.android.sdk.api.MatrixCoroutineDispatchers +import org.matrix.android.sdk.api.auth.data.Credentials +import org.matrix.android.sdk.api.logger.LoggerTag +import org.matrix.android.sdk.api.session.crypto.crosssigning.KEYBACKUP_SECRET_SSSS_NAME +import org.matrix.android.sdk.api.session.crypto.crosssigning.MASTER_KEY_SSSS_NAME +import org.matrix.android.sdk.api.session.crypto.crosssigning.SELF_SIGNING_KEY_SSSS_NAME +import org.matrix.android.sdk.api.session.crypto.crosssigning.USER_SIGNING_KEY_SSSS_NAME +import org.matrix.android.sdk.api.session.events.model.Event +import org.matrix.android.sdk.api.session.events.model.EventType +import org.matrix.android.sdk.api.session.events.model.toModel +import org.matrix.android.sdk.internal.crypto.actions.EnsureOlmSessionsForDevicesAction +import org.matrix.android.sdk.internal.crypto.actions.MessageEncrypter +import org.matrix.android.sdk.internal.crypto.crosssigning.toBase64NoPadding +import org.matrix.android.sdk.internal.crypto.keysbackup.util.extractCurveKeyFromRecoveryKey +import org.matrix.android.sdk.internal.crypto.model.MXUsersDevicesMap +import org.matrix.android.sdk.internal.crypto.model.event.SecretSendEventContent +import org.matrix.android.sdk.internal.crypto.model.rest.SecretShareRequest +import org.matrix.android.sdk.internal.crypto.store.IMXCryptoStore +import org.matrix.android.sdk.internal.crypto.tasks.SendToDeviceTask +import org.matrix.android.sdk.internal.crypto.tasks.createUniqueTxnId +import org.matrix.android.sdk.internal.session.SessionScope +import timber.log.Timber +import javax.inject.Inject + +private val loggerTag = LoggerTag("SecretShareManager", LoggerTag.CRYPTO) + +@SessionScope +internal class SecretShareManager @Inject constructor( + private val credentials: Credentials, + private val cryptoStore: IMXCryptoStore, + private val cryptoCoroutineScope: CoroutineScope, + private val messageEncrypter: MessageEncrypter, + private val ensureOlmSessionsForDevicesAction: EnsureOlmSessionsForDevicesAction, + private val sendToDeviceTask: SendToDeviceTask, + private val coroutineDispatchers: MatrixCoroutineDispatchers +) { + + companion object { + private const val SECRET_SHARE_WINDOW_DURATION = 5 * 60 * 1000 // 5 minutes + } + + /** + * Secret gossiping only occurs during a limited window period after interactive verification. + * We keep track of recent verification in memory for that purpose (no need to persist) + */ + private val recentlyVerifiedDevices = mutableMapOf() + private val verifMutex = Mutex() + + /** + * Secrets are exchanged as part of interactive verification, + * so we can just store in memory. + */ + private val outgoingSecretRequests = mutableListOf() + + /** + * Called when a session has been verified. + * This information can be used by the manager to decide whether or not to fullfill gossiping requests. + * This should be called as fast as possible after a successful self interactive verification + */ + fun onVerificationCompleteForDevice(deviceId: String) { + // For now we just keep an in memory cache + cryptoCoroutineScope.launch { + verifMutex.withLock { + recentlyVerifiedDevices[deviceId] = System.currentTimeMillis() + } + } + } + + suspend fun handleSecretRequest(toDevice: Event) { + val request = toDevice.getClearContent().toModel() + ?: return Unit.also { + Timber.tag(loggerTag.value) + .w("handleSecretRequest() : malformed request") + } + +// val (action, requestingDeviceId, requestId, secretName) = it + val secretName = request.secretName ?: return Unit.also { + Timber.tag(loggerTag.value) + .v("handleSecretRequest() : Missing secret name") + } + + val userId = toDevice.senderId ?: return Unit.also { + Timber.tag(loggerTag.value) + .v("handleSecretRequest() : Missing secret name") + } + + if (userId != credentials.userId) { + // secrets are only shared between our own devices + Timber.e("Ignoring secret share request from other users $userId") + return + } + + val deviceId = request.requestingDeviceId + ?: return Unit.also { + Timber.tag(loggerTag.value) + .w("handleSecretRequest() : malformed request norequestingDeviceId ") + } + + val device = cryptoStore.getUserDevice(credentials.userId, deviceId) + ?: return Unit.also { + Timber.e("Received secret share request from unknown device $deviceId") + } + + val isRequestingDeviceTrusted = device.isVerified + val isRecentInteractiveVerification = hasBeenVerifiedLessThanFiveMinutesFromNow(device.deviceId) + if (isRequestingDeviceTrusted && isRecentInteractiveVerification) { + // we can share the secret + + val secretValue = when (secretName) { + MASTER_KEY_SSSS_NAME -> cryptoStore.getCrossSigningPrivateKeys()?.master + SELF_SIGNING_KEY_SSSS_NAME -> cryptoStore.getCrossSigningPrivateKeys()?.selfSigned + USER_SIGNING_KEY_SSSS_NAME -> cryptoStore.getCrossSigningPrivateKeys()?.user + KEYBACKUP_SECRET_SSSS_NAME -> cryptoStore.getKeyBackupRecoveryKeyInfo()?.recoveryKey + ?.let { + extractCurveKeyFromRecoveryKey(it)?.toBase64NoPadding() + } + else -> null + } + if (secretValue == null) { + Timber.e("The secret is unknown $secretName") + return + } + + val payloadJson = mapOf( + "type" to EventType.SEND_SECRET, + "content" to mapOf( + "request_id" to request.requestId, + "secret" to secretValue + ) + ) + + // Is it possible that we don't have an olm session? + val devicesByUser = mapOf(device.userId to listOf(device)) + val usersDeviceMap = try { + ensureOlmSessionsForDevicesAction.handle(devicesByUser) + } catch (failure: Throwable) { + Timber.tag(loggerTag.value) + .w("Can't share secret ${request.secretName}: Failed to establish olm session") + return + } + + val olmSessionResult = usersDeviceMap.getObject(device.userId, device.deviceId) + if (olmSessionResult?.sessionId == null) { + Timber.tag(loggerTag.value) + .w("secret share: no session with this device $deviceId, probably because there were no one-time keys") + return + } + + val encodedPayload = messageEncrypter.encryptMessage(payloadJson, listOf(device)) + val sendToDeviceMap = MXUsersDevicesMap() + sendToDeviceMap.setObject(device.userId, device.deviceId, encodedPayload) + val sendToDeviceParams = SendToDeviceTask.Params(EventType.ENCRYPTED, sendToDeviceMap) + try { + // raise the retries for secret + sendToDeviceTask.executeRetry(sendToDeviceParams, 6) + Timber.tag(loggerTag.value) + .i("successfully shared secret $secretName to ${device.shortDebugString()}") + // TODO add a trail for that in audit logs + } catch (failure: Throwable) { + Timber.tag(loggerTag.value) + .e(failure, "failed to send shared secret $secretName to ${device.shortDebugString()}") + } + } else { + Timber.d(" Received secret share request from un-authorised device ${device.deviceId}") + } + } + + private suspend fun hasBeenVerifiedLessThanFiveMinutesFromNow(deviceId: String): Boolean { + val verifTimestamp = verifMutex.withLock { + recentlyVerifiedDevices[deviceId] + } ?: return false + + val age = System.currentTimeMillis() - verifTimestamp + + return age < SECRET_SHARE_WINDOW_DURATION + } + + suspend fun requestSecretTo(deviceId: String, secretName: String) { + val cryptoDeviceInfo = cryptoStore.getUserDevice(credentials.userId, deviceId) ?: return Unit.also { + Timber.tag(loggerTag.value) + .d("Can't request secret for $secretName unknown device $deviceId") + } + val toDeviceContent = SecretShareRequest( + requestingDeviceId = credentials.deviceId, + secretName = secretName, + requestId = createUniqueTxnId() + ) + + verifMutex.withLock { + outgoingSecretRequests.add(toDeviceContent) + } + + val contentMap = MXUsersDevicesMap() + contentMap.setObject(cryptoDeviceInfo.userId, cryptoDeviceInfo.deviceId, toDeviceContent) + + val params = SendToDeviceTask.Params( + eventType = EventType.REQUEST_SECRET, + contentMap = contentMap + ) + try { + withContext(coroutineDispatchers.io) { + sendToDeviceTask.executeRetry(params, 3) + } + Timber.tag(loggerTag.value) + .d("Secret request sent for $secretName to ${cryptoDeviceInfo.shortDebugString()}") + // TODO update the audit trail + } catch (failure: Throwable) { + Timber.tag(loggerTag.value) + .w("Failed to request secret $secretName to ${cryptoDeviceInfo.shortDebugString()}") + } + } + + suspend fun onSecretSendReceived(toDevice: Event, handleGossip: ((name: String, value: String) -> Boolean)) { + Timber.tag(loggerTag.value) + .i("onSecretSend() from ${toDevice.senderId} : onSecretSendReceived ${toDevice.content?.get("sender_key")}") + if (!toDevice.isEncrypted()) { + // secret send messages must be encrypted + Timber.tag(loggerTag.value).e("onSecretSend() :Received unencrypted secret send event") + return + } + + // Was that sent by us? + if (toDevice.senderId != credentials.userId) { + Timber.tag(loggerTag.value).e("onSecretSend() : Ignore secret from other user ${toDevice.senderId}") + return + } + + val secretContent = toDevice.getClearContent().toModel() ?: return + + val existingRequest = verifMutex.withLock { + outgoingSecretRequests.firstOrNull { it.requestId == secretContent.requestId } + } + + // As per spec: + // Clients should ignore m.secret.send events received from devices that it did not send an m.secret.request event to. + if (existingRequest?.secretName == null) { + Timber.tag(loggerTag.value).i("onSecretSend() : Ignore secret that was not requested: ${secretContent.requestId}") + return + } + // we don't need to cancel the request as we only request to one device + // just forget about the request now + verifMutex.withLock { + outgoingSecretRequests.remove(existingRequest) + } + + if (!handleGossip(existingRequest.secretName, secretContent.secretValue)) { + // TODO Ask to application layer? + Timber.tag(loggerTag.value).v("onSecretSend() : secret not handled by SDK") + } + } +} diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/SendGossipRequestWorker.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/SendGossipRequestWorker.kt deleted file mode 100644 index 69b405aedc..0000000000 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/SendGossipRequestWorker.kt +++ /dev/null @@ -1,151 +0,0 @@ -/* - * Copyright 2020 The Matrix.org Foundation C.I.C. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.matrix.android.sdk.internal.crypto - -import android.content.Context -import androidx.work.WorkerParameters -import com.squareup.moshi.JsonClass -import org.matrix.android.sdk.api.auth.data.Credentials -import org.matrix.android.sdk.api.failure.shouldBeRetried -import org.matrix.android.sdk.api.session.crypto.model.GossipingToDeviceObject -import org.matrix.android.sdk.api.session.crypto.model.MXUsersDevicesMap -import org.matrix.android.sdk.api.session.crypto.model.OutgoingGossipingRequestState -import org.matrix.android.sdk.api.session.crypto.model.OutgoingRoomKeyRequest -import org.matrix.android.sdk.api.session.crypto.model.RoomKeyShareRequest -import org.matrix.android.sdk.api.session.crypto.model.SecretShareRequest -import org.matrix.android.sdk.api.session.events.model.Event -import org.matrix.android.sdk.api.session.events.model.EventType -import org.matrix.android.sdk.api.session.events.model.toContent -import org.matrix.android.sdk.internal.SessionManager -import org.matrix.android.sdk.internal.crypto.store.IMXCryptoStore -import org.matrix.android.sdk.internal.crypto.tasks.SendToDeviceTask -import org.matrix.android.sdk.internal.crypto.tasks.createUniqueTxnId -import org.matrix.android.sdk.internal.session.SessionComponent -import org.matrix.android.sdk.internal.worker.SessionSafeCoroutineWorker -import org.matrix.android.sdk.internal.worker.SessionWorkerParams -import timber.log.Timber -import javax.inject.Inject - -internal class SendGossipRequestWorker(context: Context, params: WorkerParameters, sessionManager: SessionManager) : - SessionSafeCoroutineWorker(context, params, sessionManager, Params::class.java) { - - @JsonClass(generateAdapter = true) - internal data class Params( - override val sessionId: String, - val keyShareRequest: OutgoingRoomKeyRequest? = null, - val secretShareRequest: OutgoingSecretRequest? = null, - // The txnId for the sendToDevice request. Nullable for compatibility reasons, but MUST always be provided - // to use the same value if this worker is retried. - val txnId: String? = null, - override val lastFailureMessage: String? = null - ) : SessionWorkerParams - - @Inject lateinit var sendToDeviceTask: SendToDeviceTask - @Inject lateinit var cryptoStore: IMXCryptoStore - @Inject lateinit var credentials: Credentials - - override fun injectWith(injector: SessionComponent) { - injector.inject(this) - } - - override suspend fun doSafeWork(params: Params): Result { - // params.txnId should be provided in all cases now. But Params can be deserialized by - // the WorkManager from data serialized in a previous version of the application, so without the txnId field. - // So if not present, we create a txnId - val txnId = params.txnId ?: createUniqueTxnId() - val contentMap = MXUsersDevicesMap() - val eventType: String - val requestId: String - when { - params.keyShareRequest != null -> { - eventType = EventType.ROOM_KEY_REQUEST - requestId = params.keyShareRequest.requestId - val toDeviceContent = RoomKeyShareRequest( - requestingDeviceId = credentials.deviceId, - requestId = params.keyShareRequest.requestId, - action = GossipingToDeviceObject.ACTION_SHARE_REQUEST, - body = params.keyShareRequest.requestBody - ) - cryptoStore.saveGossipingEvent(Event( - type = eventType, - content = toDeviceContent.toContent(), - senderId = credentials.userId - ).also { - it.ageLocalTs = System.currentTimeMillis() - }) - - params.keyShareRequest.recipients.forEach { userToDeviceMap -> - userToDeviceMap.value.forEach { deviceId -> - contentMap.setObject(userToDeviceMap.key, deviceId, toDeviceContent) - } - } - } - params.secretShareRequest != null -> { - eventType = EventType.REQUEST_SECRET - requestId = params.secretShareRequest.requestId - val toDeviceContent = SecretShareRequest( - requestingDeviceId = credentials.deviceId, - requestId = params.secretShareRequest.requestId, - action = GossipingToDeviceObject.ACTION_SHARE_REQUEST, - secretName = params.secretShareRequest.secretName - ) - - cryptoStore.saveGossipingEvent(Event( - type = eventType, - content = toDeviceContent.toContent(), - senderId = credentials.userId - ).also { - it.ageLocalTs = System.currentTimeMillis() - }) - - params.secretShareRequest.recipients.forEach { userToDeviceMap -> - userToDeviceMap.value.forEach { deviceId -> - contentMap.setObject(userToDeviceMap.key, deviceId, toDeviceContent) - } - } - } - else -> { - return buildErrorResult(params, "Unknown empty gossiping request").also { - Timber.e("Unknown empty gossiping request: $params") - } - } - } - try { - cryptoStore.updateOutgoingGossipingRequestState(requestId, OutgoingGossipingRequestState.SENDING) - sendToDeviceTask.execute( - SendToDeviceTask.Params( - eventType = eventType, - contentMap = contentMap, - transactionId = txnId - ) - ) - cryptoStore.updateOutgoingGossipingRequestState(requestId, OutgoingGossipingRequestState.SENT) - return Result.success() - } catch (throwable: Throwable) { - return if (throwable.shouldBeRetried()) { - Result.retry() - } else { - cryptoStore.updateOutgoingGossipingRequestState(requestId, OutgoingGossipingRequestState.FAILED_TO_SEND) - buildErrorResult(params, throwable.localizedMessage ?: "error") - } - } - } - - override fun buildErrorParams(params: Params, message: String): Params { - return params.copy(lastFailureMessage = params.lastFailureMessage ?: message) - } -} diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/SendGossipWorker.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/SendGossipWorker.kt deleted file mode 100644 index fd472fe73b..0000000000 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/SendGossipWorker.kt +++ /dev/null @@ -1,168 +0,0 @@ -/* - * Copyright 2020 The Matrix.org Foundation C.I.C. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.matrix.android.sdk.internal.crypto - -import android.content.Context -import androidx.work.WorkerParameters -import com.squareup.moshi.JsonClass -import org.matrix.android.sdk.api.auth.data.Credentials -import org.matrix.android.sdk.api.failure.shouldBeRetried -import org.matrix.android.sdk.api.session.crypto.model.GossipingRequestState -import org.matrix.android.sdk.api.session.crypto.model.MXUsersDevicesMap -import org.matrix.android.sdk.api.session.events.model.Event -import org.matrix.android.sdk.api.session.events.model.EventType -import org.matrix.android.sdk.api.session.events.model.content.SecretSendEventContent -import org.matrix.android.sdk.api.session.events.model.toContent -import org.matrix.android.sdk.internal.SessionManager -import org.matrix.android.sdk.internal.crypto.actions.EnsureOlmSessionsForDevicesAction -import org.matrix.android.sdk.internal.crypto.actions.MessageEncrypter -import org.matrix.android.sdk.internal.crypto.store.IMXCryptoStore -import org.matrix.android.sdk.internal.crypto.tasks.SendToDeviceTask -import org.matrix.android.sdk.internal.crypto.tasks.createUniqueTxnId -import org.matrix.android.sdk.internal.session.SessionComponent -import org.matrix.android.sdk.internal.worker.SessionSafeCoroutineWorker -import org.matrix.android.sdk.internal.worker.SessionWorkerParams -import timber.log.Timber -import javax.inject.Inject - -internal class SendGossipWorker( - context: Context, - params: WorkerParameters, - sessionManager: SessionManager -) : SessionSafeCoroutineWorker(context, params, sessionManager, Params::class.java) { - - @JsonClass(generateAdapter = true) - internal data class Params( - override val sessionId: String, - val secretValue: String, - val requestUserId: String?, - val requestDeviceId: String?, - val requestId: String?, - // The txnId for the sendToDevice request. Nullable for compatibility reasons, but MUST always be provided - // to use the same value if this worker is retried. - val txnId: String? = null, - override val lastFailureMessage: String? = null - ) : SessionWorkerParams - - @Inject lateinit var sendToDeviceTask: SendToDeviceTask - @Inject lateinit var cryptoStore: IMXCryptoStore - @Inject lateinit var credentials: Credentials - @Inject lateinit var messageEncrypter: MessageEncrypter - @Inject lateinit var ensureOlmSessionsForDevicesAction: EnsureOlmSessionsForDevicesAction - - override fun injectWith(injector: SessionComponent) { - injector.inject(this) - } - - override suspend fun doSafeWork(params: Params): Result { - // params.txnId should be provided in all cases now. But Params can be deserialized by - // the WorkManager from data serialized in a previous version of the application, so without the txnId field. - // So if not present, we create a txnId - val txnId = params.txnId ?: createUniqueTxnId() - val eventType: String = EventType.SEND_SECRET - - val toDeviceContent = SecretSendEventContent( - requestId = params.requestId ?: "", - secretValue = params.secretValue - ) - - val requestingUserId = params.requestUserId ?: "" - val requestingDeviceId = params.requestDeviceId ?: "" - val deviceInfo = cryptoStore.getUserDevice(requestingUserId, requestingDeviceId) - ?: return buildErrorResult(params, "Unknown deviceInfo, cannot send message").also { - cryptoStore.updateGossipingRequestState( - requestUserId = params.requestUserId, - requestDeviceId = params.requestDeviceId, - requestId = params.requestId, - state = GossipingRequestState.FAILED_TO_ACCEPTED - ) - Timber.e("Unknown deviceInfo, cannot send message, sessionId: ${params.requestDeviceId}") - } - - val sendToDeviceMap = MXUsersDevicesMap() - - val devicesByUser = mapOf(requestingUserId to listOf(deviceInfo)) - val usersDeviceMap = ensureOlmSessionsForDevicesAction.handle(devicesByUser) - val olmSessionResult = usersDeviceMap.getObject(requestingUserId, requestingDeviceId) - if (olmSessionResult?.sessionId == null) { - // no session with this device, probably because there - // were no one-time keys. - return buildErrorResult(params, "no session with this device").also { - cryptoStore.updateGossipingRequestState( - requestUserId = params.requestUserId, - requestDeviceId = params.requestDeviceId, - requestId = params.requestId, - state = GossipingRequestState.FAILED_TO_ACCEPTED - ) - Timber.e("no session with this device $requestingDeviceId, probably because there were no one-time keys.") - } - } - - val payloadJson = mapOf( - "type" to EventType.SEND_SECRET, - "content" to toDeviceContent.toContent() - ) - - try { - val encodedPayload = messageEncrypter.encryptMessage(payloadJson, listOf(deviceInfo)) - sendToDeviceMap.setObject(requestingUserId, requestingDeviceId, encodedPayload) - } catch (failure: Throwable) { - Timber.e("## Fail to encrypt gossip + ${failure.localizedMessage}") - } - - cryptoStore.saveGossipingEvent(Event( - type = eventType, - content = toDeviceContent.toContent(), - senderId = credentials.userId - ).also { - it.ageLocalTs = System.currentTimeMillis() - }) - - try { - sendToDeviceTask.execute( - SendToDeviceTask.Params( - eventType = EventType.ENCRYPTED, - contentMap = sendToDeviceMap, - transactionId = txnId - ) - ) - cryptoStore.updateGossipingRequestState( - requestUserId = params.requestUserId, - requestDeviceId = params.requestDeviceId, - requestId = params.requestId, - state = GossipingRequestState.ACCEPTED - ) - return Result.success() - } catch (throwable: Throwable) { - return if (throwable.shouldBeRetried()) { - Result.retry() - } else { - cryptoStore.updateGossipingRequestState( - requestUserId = params.requestUserId, - requestDeviceId = params.requestDeviceId, - requestId = params.requestId, - state = GossipingRequestState.FAILED_TO_ACCEPTED - ) - buildErrorResult(params, throwable.localizedMessage ?: "error") - } - } - } - - override fun buildErrorParams(params: Params, message: String): Params { - return params.copy(lastFailureMessage = params.lastFailureMessage ?: message) - } -} diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/actions/MegolmSessionDataImporter.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/actions/MegolmSessionDataImporter.kt index f9bcdf2c68..af30072765 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/actions/MegolmSessionDataImporter.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/actions/MegolmSessionDataImporter.kt @@ -19,7 +19,7 @@ package org.matrix.android.sdk.internal.crypto.actions import androidx.annotation.WorkerThread import org.matrix.android.sdk.api.listeners.ProgressListener import org.matrix.android.sdk.api.session.crypto.model.ImportRoomKeysResult -import org.matrix.android.sdk.api.session.crypto.model.RoomKeyRequestBody +import org.matrix.android.sdk.api.logger.LoggerTag import org.matrix.android.sdk.internal.crypto.MXOlmDevice import org.matrix.android.sdk.internal.crypto.MegolmSessionData import org.matrix.android.sdk.internal.crypto.OutgoingGossipingRequestManager @@ -29,6 +29,8 @@ import org.matrix.android.sdk.internal.crypto.store.IMXCryptoStore import timber.log.Timber import javax.inject.Inject +private val loggerTag = LoggerTag("MegolmSessionDataImporter", LoggerTag.CRYPTO) + internal class MegolmSessionDataImporter @Inject constructor(private val olmDevice: MXOlmDevice, private val roomDecryptorProvider: RoomDecryptorProvider, private val outgoingGossipingRequestManager: OutgoingGossipingRequestManager, @@ -62,19 +64,18 @@ internal class MegolmSessionDataImporter @Inject constructor(private val olmDevi if (null != decrypting) { try { val sessionId = megolmSessionData.sessionId - Timber.v("## importRoomKeys retrieve senderKey " + megolmSessionData.senderKey + " sessionId " + sessionId) + Timber.tag(loggerTag.value).v("## importRoomKeys retrieve senderKey ${megolmSessionData.senderKey} sessionId $sessionId") totalNumbersOfImportedKeys++ // cancel any outstanding room key requests for this session - val roomKeyRequestBody = RoomKeyRequestBody( - algorithm = megolmSessionData.algorithm, - roomId = megolmSessionData.roomId, - senderKey = megolmSessionData.senderKey, - sessionId = megolmSessionData.sessionId - ) - outgoingGossipingRequestManager.cancelRoomKeyRequest(roomKeyRequestBody) + Timber.tag(loggerTag.value).d("Imported megolm session $sessionId from backup=$fromBackup in ${megolmSessionData.roomId}") + outgoingGossipingRequestManager.postCancelRequestForSessionIfNeeded( + megolmSessionData.sessionId ?: "", + megolmSessionData.roomId ?: "", + megolmSessionData.senderKey ?: "" + ) // Have another go at decrypting events sent with this session when (decrypting) { @@ -83,7 +84,7 @@ internal class MegolmSessionDataImporter @Inject constructor(private val olmDevi } } } catch (e: Exception) { - Timber.e(e, "## importRoomKeys() : onNewSession failed") + Timber.tag(loggerTag.value).e(e, "## importRoomKeys() : onNewSession failed") } } @@ -105,7 +106,7 @@ internal class MegolmSessionDataImporter @Inject constructor(private val olmDevi val t1 = System.currentTimeMillis() - Timber.v("## importMegolmSessionsData : sessions import " + (t1 - t0) + " ms (" + megolmSessionsData.size + " sessions)") + Timber.tag(loggerTag.value).v("## importMegolmSessionsData : sessions import " + (t1 - t0) + " ms (" + megolmSessionsData.size + " sessions)") return ImportRoomKeysResult(totalNumbersOfKeys, totalNumbersOfImportedKeys) } diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/algorithms/IMXWithHeldExtension.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/algorithms/IMXWithHeldExtension.kt deleted file mode 100644 index 585bcdbbde..0000000000 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/algorithms/IMXWithHeldExtension.kt +++ /dev/null @@ -1,23 +0,0 @@ -/* - * Copyright 2020 The Matrix.org Foundation C.I.C. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.matrix.android.sdk.internal.crypto.algorithms - -import org.matrix.android.sdk.api.session.events.model.content.RoomKeyWithHeldContent - -internal interface IMXWithHeldExtension { - fun onRoomKeyWithHeldEvent(withHeldInfo: RoomKeyWithHeldContent) -} diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/algorithms/megolm/MXMegolmDecryption.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/algorithms/megolm/MXMegolmDecryption.kt index 4c407c9eb9..191930b4c8 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/algorithms/megolm/MXMegolmDecryption.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/algorithms/megolm/MXMegolmDecryption.kt @@ -33,7 +33,6 @@ import org.matrix.android.sdk.api.session.events.model.Event import org.matrix.android.sdk.api.session.events.model.EventType import org.matrix.android.sdk.api.session.events.model.content.EncryptedEventContent import org.matrix.android.sdk.api.session.events.model.content.RoomKeyContent -import org.matrix.android.sdk.api.session.events.model.content.RoomKeyWithHeldContent import org.matrix.android.sdk.api.session.events.model.toModel import org.matrix.android.sdk.internal.crypto.DeviceListManager import org.matrix.android.sdk.internal.crypto.MXOlmDevice @@ -41,7 +40,6 @@ import org.matrix.android.sdk.internal.crypto.OutgoingGossipingRequestManager import org.matrix.android.sdk.internal.crypto.actions.EnsureOlmSessionsForDevicesAction import org.matrix.android.sdk.internal.crypto.actions.MessageEncrypter import org.matrix.android.sdk.internal.crypto.algorithms.IMXDecrypting -import org.matrix.android.sdk.internal.crypto.algorithms.IMXWithHeldExtension import org.matrix.android.sdk.internal.crypto.keysbackup.DefaultKeysBackupService import org.matrix.android.sdk.internal.crypto.store.IMXCryptoStore import org.matrix.android.sdk.internal.crypto.tasks.SendToDeviceTask @@ -61,7 +59,7 @@ internal class MXMegolmDecryption(private val userId: String, private val coroutineDispatchers: MatrixCoroutineDispatchers, private val cryptoCoroutineScope: CoroutineScope, private val liveEventManager: Lazy -) : IMXDecrypting, IMXWithHeldExtension { +) : IMXDecrypting { var newSessionListener: NewSessionListener? = null @@ -192,8 +190,10 @@ internal class MXMegolmDecryption(private val userId: String, */ override fun requestKeysForEvent(event: Event, withHeld: Boolean) { val sender = event.senderId ?: return - val encryptedEventContent = event.content.toModel() - val senderDevice = encryptedEventContent?.deviceId ?: return + val encryptedEventContent = event.content.toModel() ?: return Unit.also { + Timber.tag(loggerTag.value).e("requestRoomKeyForEvent Failed to re-request key, null content") + } + val senderDevice = encryptedEventContent.deviceId val recipients = if (event.senderId == userId || withHeld) { mapOf( @@ -205,7 +205,10 @@ internal class MXMegolmDecryption(private val userId: String, // sent to them. mapOf( userId to listOf("*"), - sender to listOf(senderDevice) + + // TODO we might not have deviceId in the future due to https://github.com/matrix-org/matrix-spec-proposals/pull/3700 + // so in this case query to all + sender to listOf(senderDevice ?: "*") ) } @@ -216,7 +219,7 @@ internal class MXMegolmDecryption(private val userId: String, sessionId = encryptedEventContent.sessionId ) - outgoingGossipingRequestManager.sendRoomKeyRequest(requestBody, recipients) + outgoingGossipingRequestManager.postRoomKeyRequest(requestBody, recipients, force = withHeld) } // /** @@ -286,6 +289,16 @@ internal class MXMegolmDecryption(private val userId: String, } keysClaimed["ed25519"] = forwardedRoomKeyContent.senderClaimedEd25519Key + + val fromDevice = event.getSenderKey()?.let { cryptoStore.deviceWithIdentityKey(it) }?.deviceId + + outgoingGossipingRequestManager.onRoomKeyForwarded( + sessionId = roomKeyContent.sessionId, + algorithm = roomKeyContent.algorithm ?: "", + roomId = roomKeyContent.roomId, + senderKey = forwardedRoomKeyContent.senderKey ?: "", + fromDevice = fromDevice, + event = event) } else { Timber.tag(loggerTag.value).i("onRoomKeyEvent(), Adding key : ${roomKeyContent.roomId}|${roomKeyContent.sessionId}") if (null == senderKey) { @@ -307,16 +320,11 @@ internal class MXMegolmDecryption(private val userId: String, exportFormat) if (added) { + Timber.tag(loggerTag.value) + .d("onRoomKeyEvent(${event.getClearType()}) : Added megolm session ${roomKeyContent.sessionId} in ${roomKeyContent.roomId}") defaultKeysBackupService.maybeBackupKeys() - val content = RoomKeyRequestBody( - algorithm = roomKeyContent.algorithm, - roomId = roomKeyContent.roomId, - sessionId = roomKeyContent.sessionId, - senderKey = senderKey - ) - - outgoingGossipingRequestManager.cancelRoomKeyRequest(content) + outgoingGossipingRequestManager.postCancelRequestForSessionIfNeeded(roomKeyContent.sessionId, roomKeyContent.roomId, senderKey) onNewSession(roomKeyContent.roomId, senderKey, roomKeyContent.sessionId) } @@ -401,9 +409,4 @@ internal class MXMegolmDecryption(private val userId: String, } } - override fun onRoomKeyWithHeldEvent(withHeldInfo: RoomKeyWithHeldContent) { - cryptoCoroutineScope.launch(coroutineDispatchers.crypto) { - cryptoStore.addWithHeldMegolmSession(withHeldInfo) - } - } } diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/algorithms/megolm/MXMegolmEncryption.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/algorithms/megolm/MXMegolmEncryption.kt index f052194230..4717697288 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/algorithms/megolm/MXMegolmEncryption.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/algorithms/megolm/MXMegolmEncryption.kt @@ -28,7 +28,6 @@ import org.matrix.android.sdk.api.session.crypto.model.CryptoDeviceInfo import org.matrix.android.sdk.api.session.crypto.model.MXUsersDevicesMap import org.matrix.android.sdk.api.session.crypto.model.forEach import org.matrix.android.sdk.api.session.events.model.Content -import org.matrix.android.sdk.api.session.events.model.Event import org.matrix.android.sdk.api.session.events.model.EventType import org.matrix.android.sdk.api.session.events.model.content.RoomKeyWithHeldContent import org.matrix.android.sdk.api.session.events.model.content.WithHeldCode @@ -281,25 +280,14 @@ internal class MXMegolmEncryption( // attempted to share with) rather than the contentMap (those we did // share with), because we don't want to try to claim a one-time-key // for dead devices on every message. - val gossipingEventBuffer = arrayListOf() for ((userId, devicesToShareWith) in devicesByUser) { for (deviceInfo in devicesToShareWith) { session.sharedWithHelper.markedSessionAsShared(deviceInfo, chainIndex) - gossipingEventBuffer.add( - Event( - type = EventType.ROOM_KEY, - senderId = myUserId, - content = submap.apply { - this["session_key"] = "" - // we add a fake key for trail - this["_dest"] = "$userId|${deviceInfo.deviceId}" - } - )) + // XXX is it needed to add it to the audit trail? + // For now decided that no, we are more interested by forward trail } } - cryptoStore.saveGossipingEvents(gossipingEventBuffer) - if (haveTargets) { t0 = System.currentTimeMillis() Timber.tag(loggerTag.value).i("shareUserDevicesKey() ${session.sessionId} : has target") diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/keysbackup/DefaultKeysBackupService.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/keysbackup/DefaultKeysBackupService.kt index e63a6dc791..f8db708268 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/keysbackup/DefaultKeysBackupService.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/keysbackup/DefaultKeysBackupService.kt @@ -808,12 +808,16 @@ internal class DefaultKeysBackupService @Inject constructor( )) } else if (roomId != null) { // Get all keys for the room - val data = getRoomSessionsDataTask.execute(GetRoomSessionsDataTask.Params(roomId, version)) + val data = withContext(coroutineDispatchers.io) { + getRoomSessionsDataTask.execute(GetRoomSessionsDataTask.Params(roomId, version)) + } // Convert to KeysBackupData KeysBackupData(mutableMapOf(roomId to data)) } else { // Get all keys - getSessionsDataTask.execute(GetSessionsDataTask.Params(version)) + withContext(coroutineDispatchers.io) { + getSessionsDataTask.execute(GetSessionsDataTask.Params(version)) + } } } diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/model/AuditTrail.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/model/AuditTrail.kt new file mode 100644 index 0000000000..325d930dc6 --- /dev/null +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/model/AuditTrail.kt @@ -0,0 +1,75 @@ +/* + * Copyright 2022 The Matrix.org Foundation C.I.C. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.matrix.android.sdk.internal.crypto.model + +import com.squareup.moshi.JsonClass +import org.matrix.android.sdk.internal.crypto.model.event.WithHeldCode + +enum class TrailType { + OutgoingKeyForward, + IncomingKeyForward, + OutgoingKeyWithheld, + IncomingKeyRequest, + Unknown +} + +interface AuditInfo { + val roomId: String + val sessionId: String + val senderKey: String + val alg: String + val userId: String + val deviceId: String +} + +@JsonClass(generateAdapter = true) +data class ForwardInfo( + override val roomId: String, + override val sessionId: String, + override val senderKey: String, + override val alg: String, + override val userId: String, + override val deviceId: String, + val chainIndex: Long? +) : AuditInfo + +@JsonClass(generateAdapter = true) +data class WithheldInfo( + override val roomId: String, + override val sessionId: String, + override val senderKey: String, + override val alg: String, + val code: WithHeldCode, + override val userId: String, + override val deviceId: String +) : AuditInfo + +@JsonClass(generateAdapter = true) +data class IncomingKeyRequestInfo( + override val roomId: String, + override val sessionId: String, + override val senderKey: String, + override val alg: String, + override val userId: String, + override val deviceId: String +) : AuditInfo + +data class AuditTrail( + val ageLocalTs: Long, + val type: TrailType, + val info: AuditInfo +) diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/secrets/DefaultSharedSecretStorageService.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/secrets/DefaultSharedSecretStorageService.kt index 972c03e92a..c3ac7be7de 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/secrets/DefaultSharedSecretStorageService.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/secrets/DefaultSharedSecretStorageService.kt @@ -40,7 +40,7 @@ import org.matrix.android.sdk.api.session.securestorage.SsssKeySpec import org.matrix.android.sdk.api.session.securestorage.SsssPassphrase import org.matrix.android.sdk.api.util.fromBase64 import org.matrix.android.sdk.api.util.toBase64NoPadding -import org.matrix.android.sdk.internal.crypto.OutgoingGossipingRequestManager +import org.matrix.android.sdk.internal.crypto.SecretShareManager import org.matrix.android.sdk.internal.crypto.keysbackup.generatePrivateKeyWithPassword import org.matrix.android.sdk.internal.crypto.tools.HkdfSha256 import org.matrix.android.sdk.internal.crypto.tools.withOlmDecryption @@ -57,7 +57,7 @@ import kotlin.experimental.and internal class DefaultSharedSecretStorageService @Inject constructor( @UserId private val userId: String, private val accountDataService: SessionAccountDataService, - private val outgoingGossipingRequestManager: OutgoingGossipingRequestManager, + private val secretShareManager: SecretShareManager, private val coroutineDispatchers: MatrixCoroutineDispatchers, private val cryptoCoroutineScope: CoroutineScope ) : SharedSecretStorageService { @@ -378,10 +378,7 @@ internal class DefaultSharedSecretStorageService @Inject constructor( return IntegrityResult.Success(keyInfo.content.passphrase != null) } - override fun requestSecret(name: String, myOtherDeviceId: String) { - outgoingGossipingRequestManager.sendSecretShareRequest( - name, - mapOf(userId to listOf(myOtherDeviceId)) - ) + override suspend fun requestSecret(name: String, myOtherDeviceId: String) { + secretShareManager.requestSecretTo(myOtherDeviceId, name) } } diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/IMXCryptoStore.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/IMXCryptoStore.kt index 8bedb78808..b6820e591f 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/IMXCryptoStore.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/IMXCryptoStore.kt @@ -28,14 +28,16 @@ import org.matrix.android.sdk.api.session.crypto.model.DeviceInfo import org.matrix.android.sdk.api.session.crypto.model.GossipingRequestState import org.matrix.android.sdk.api.session.crypto.model.IncomingRoomKeyRequest import org.matrix.android.sdk.api.session.crypto.model.MXUsersDevicesMap -import org.matrix.android.sdk.api.session.crypto.model.OutgoingGossipingRequestState -import org.matrix.android.sdk.api.session.crypto.model.OutgoingRoomKeyRequest +import org.matrix.android.sdk.api.session.crypto.model.OutgoingRoomKeyRequestState import org.matrix.android.sdk.api.session.crypto.model.RoomKeyRequestBody import org.matrix.android.sdk.api.session.events.model.Event import org.matrix.android.sdk.api.session.events.model.content.RoomKeyWithHeldContent +import org.matrix.android.sdk.api.session.events.model.content.WithHeldCode import org.matrix.android.sdk.api.util.Optional import org.matrix.android.sdk.internal.crypto.IncomingShareRequestCommon +import org.matrix.android.sdk.internal.crypto.OutgoingKeyRequest import org.matrix.android.sdk.internal.crypto.OutgoingSecretRequest +import org.matrix.android.sdk.internal.crypto.model.AuditTrail import org.matrix.android.sdk.internal.crypto.model.OlmInboundGroupSessionWrapper2 import org.matrix.android.sdk.internal.crypto.model.OlmSessionWrapper import org.matrix.android.sdk.internal.crypto.model.OutboundGroupSessionWrapper @@ -377,7 +379,9 @@ internal interface IMXCryptoStore { * @param requestBody the request body * @return an OutgoingRoomKeyRequest instance or null */ - fun getOutgoingRoomKeyRequest(requestBody: RoomKeyRequestBody): OutgoingRoomKeyRequest? + fun getOutgoingRoomKeyRequest(requestBody: RoomKeyRequestBody): OutgoingKeyRequest? + fun getOutgoingRoomKeyRequest(requestId: String): OutgoingKeyRequest? + fun getOutgoingRoomKeyRequest(roomId: String, sessionId: String, algorithm: String, senderKey: String): List /** * Look for an existing outgoing room key request, and if none is found, add a new one. @@ -385,14 +389,53 @@ internal interface IMXCryptoStore { * @param request the request * @return either the same instance as passed in, or the existing one. */ - fun getOrAddOutgoingRoomKeyRequest(requestBody: RoomKeyRequestBody, recipients: Map>): OutgoingRoomKeyRequest? + fun getOrAddOutgoingRoomKeyRequest(requestBody: RoomKeyRequestBody, recipients: Map>): OutgoingKeyRequest + fun updateOutgoingRoomKeyRequestState(requestId: String, newState: OutgoingRoomKeyRequestState) + fun updateOutgoingRoomKeyReply( + roomId: String, + sessionId: String, + algorithm: String, + senderKey: String, fromDevice: String?, event: Event) + + fun deleteOutgoingRoomKeyRequest(requestId: String) fun getOrAddOutgoingSecretShareRequest(secretName: String, recipients: Map>): OutgoingSecretRequest? + @Deprecated("TODO") fun saveGossipingEvent(event: Event) = saveGossipingEvents(listOf(event)) + @Deprecated("TODO") fun saveGossipingEvents(events: List) + fun saveIncomingKeyRequestAuditTrail( + roomId: String, + sessionId: String, + senderKey: String, + algorithm: String, + fromUser: String, + fromDevice: String + ) + + fun saveWithheldAuditTrail( + roomId: String, + sessionId: String, + senderKey: String, + algorithm: String, + code: WithHeldCode, + userId: String, + deviceId: String + ) + + fun saveForwardKeyAuditTrail( + roomId: String, + sessionId: String, + senderKey: String, + algorithm: String, + userId: String, + deviceId: String, + chainIndex: Long? + ) + fun updateGossipingRequestState(request: IncomingShareRequestCommon, state: GossipingRequestState) { updateGossipingRequestState( requestUserId = request.userId, @@ -417,7 +460,7 @@ internal interface IMXCryptoStore { */ fun getIncomingRoomKeyRequest(userId: String, deviceId: String, requestId: String): IncomingRoomKeyRequest? - fun updateOutgoingGossipingRequestState(requestId: String, state: OutgoingGossipingRequestState) + fun updateOutgoingGossipingRequestState(requestId: String, state: OutgoingRoomKeyRequestState) fun addNewSessionListener(listener: NewSessionListener) @@ -477,17 +520,18 @@ internal interface IMXCryptoStore { fun getSharedWithInfo(roomId: String?, sessionId: String): MXUsersDevicesMap // Dev tools - fun getOutgoingRoomKeyRequests(): List - fun getOutgoingRoomKeyRequestsPaged(): LiveData> + fun getOutgoingRoomKeyRequests(): List + fun getOutgoingRoomKeyRequestsPaged(): LiveData> fun getOutgoingSecretKeyRequests(): List fun getOutgoingSecretRequest(secretName: String): OutgoingSecretRequest? fun getIncomingRoomKeyRequests(): List fun getIncomingRoomKeyRequestsPaged(): LiveData> - fun getGossipingEventsTrail(): LiveData> - fun getGossipingEvents(): List + fun getGossipingEventsTrail(): LiveData> + fun getGossipingEvents(): List fun setDeviceKeysUploaded(uploaded: Boolean) fun areDeviceKeysUploaded(): Boolean fun tidyUpDataBase() fun logDbUsageInfo() + fun getOutgoingRoomKeyRequests(inStates: Set): List } diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/RealmCryptoStore.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/RealmCryptoStore.kt index 99adbbfbae..f3bd5c413c 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/RealmCryptoStore.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/RealmCryptoStore.kt @@ -24,9 +24,11 @@ import com.zhuinden.monarchy.Monarchy import io.realm.Realm import io.realm.RealmConfiguration import io.realm.Sort +import io.realm.kotlin.createObject import io.realm.kotlin.where import org.matrix.android.sdk.api.crypto.MXCRYPTO_ALGORITHM_MEGOLM import org.matrix.android.sdk.api.extensions.tryOrNull +import org.matrix.android.sdk.api.logger.LoggerTag import org.matrix.android.sdk.api.session.crypto.NewSessionListener import org.matrix.android.sdk.api.session.crypto.crosssigning.CryptoCrossSigningKey import org.matrix.android.sdk.api.session.crypto.crosssigning.MXCrossSigningInfo @@ -39,22 +41,31 @@ import org.matrix.android.sdk.api.session.crypto.model.IncomingRoomKeyRequest import org.matrix.android.sdk.api.session.crypto.model.IncomingSecretShareRequest import org.matrix.android.sdk.api.session.crypto.model.MXUsersDevicesMap import org.matrix.android.sdk.api.session.crypto.model.OlmDecryptionResult -import org.matrix.android.sdk.api.session.crypto.model.OutgoingGossipingRequestState -import org.matrix.android.sdk.api.session.crypto.model.OutgoingRoomKeyRequest +import org.matrix.android.sdk.api.session.crypto.model.OutgoingRoomKeyRequestState import org.matrix.android.sdk.api.session.crypto.model.RoomKeyRequestBody import org.matrix.android.sdk.api.session.events.model.Event import org.matrix.android.sdk.api.session.events.model.content.RoomKeyWithHeldContent +import org.matrix.android.sdk.api.session.events.model.content.WithHeldCode import org.matrix.android.sdk.api.session.room.send.SendState import org.matrix.android.sdk.api.util.Optional import org.matrix.android.sdk.api.util.toOptional import org.matrix.android.sdk.internal.crypto.GossipRequestType import org.matrix.android.sdk.internal.crypto.IncomingShareRequestCommon +import org.matrix.android.sdk.internal.crypto.OutgoingKeyRequest import org.matrix.android.sdk.internal.crypto.OutgoingSecretRequest +import org.matrix.android.sdk.internal.crypto.model.AuditTrail +import org.matrix.android.sdk.internal.crypto.model.ForwardInfo +import org.matrix.android.sdk.internal.crypto.model.IncomingKeyRequestInfo import org.matrix.android.sdk.internal.crypto.model.OlmInboundGroupSessionWrapper2 import org.matrix.android.sdk.internal.crypto.model.OlmSessionWrapper import org.matrix.android.sdk.internal.crypto.model.OutboundGroupSessionWrapper +import org.matrix.android.sdk.internal.crypto.model.TrailType +import org.matrix.android.sdk.internal.crypto.model.WithheldInfo import org.matrix.android.sdk.internal.crypto.store.IMXCryptoStore import org.matrix.android.sdk.internal.crypto.store.db.mapper.CrossSigningKeysMapper +import org.matrix.android.sdk.internal.crypto.store.db.model.AuditTrailEntity +import org.matrix.android.sdk.internal.crypto.store.db.model.AuditTrailEntityFields +import org.matrix.android.sdk.internal.crypto.store.db.model.AuditTrailMapper import org.matrix.android.sdk.internal.crypto.store.db.model.CrossSigningInfoEntity import org.matrix.android.sdk.internal.crypto.store.db.model.CrossSigningInfoEntityFields import org.matrix.android.sdk.internal.crypto.store.db.model.CryptoMapper @@ -74,8 +85,8 @@ import org.matrix.android.sdk.internal.crypto.store.db.model.OlmInboundGroupSess import org.matrix.android.sdk.internal.crypto.store.db.model.OlmSessionEntity import org.matrix.android.sdk.internal.crypto.store.db.model.OlmSessionEntityFields import org.matrix.android.sdk.internal.crypto.store.db.model.OutboundGroupSessionInfoEntity -import org.matrix.android.sdk.internal.crypto.store.db.model.OutgoingGossipingRequestEntity -import org.matrix.android.sdk.internal.crypto.store.db.model.OutgoingGossipingRequestEntityFields +import org.matrix.android.sdk.internal.crypto.store.db.model.OutgoingKeyRequestEntity +import org.matrix.android.sdk.internal.crypto.store.db.model.OutgoingKeyRequestEntityFields import org.matrix.android.sdk.internal.crypto.store.db.model.SharedSessionEntity import org.matrix.android.sdk.internal.crypto.store.db.model.TrustLevelEntity import org.matrix.android.sdk.internal.crypto.store.db.model.UserEntity @@ -105,6 +116,8 @@ import java.util.concurrent.Executors import java.util.concurrent.TimeUnit import javax.inject.Inject +private val loggerTag = LoggerTag("RealmCryptoStore", LoggerTag.CRYPTO) + @SessionScope internal class RealmCryptoStore @Inject constructor( @CryptoDatabase private val realmConfiguration: RealmConfiguration, @@ -1006,12 +1019,11 @@ internal class RealmCryptoStore @Inject constructor( ?: defaultValue } - override fun getOutgoingRoomKeyRequest(requestBody: RoomKeyRequestBody): OutgoingRoomKeyRequest? { + override fun getOutgoingRoomKeyRequest(requestBody: RoomKeyRequestBody): OutgoingKeyRequest? { return monarchy.fetchAllCopiedSync { realm -> - realm.where() - .equalTo(OutgoingGossipingRequestEntityFields.TYPE_STR, GossipRequestType.KEY.name) - }.mapNotNull { - it.toOutgoingGossipingRequest() as? OutgoingRoomKeyRequest + realm.where() + }.map { + it.toOutgoingGossipingRequest() }.firstOrNull { it.requestBody?.algorithm == requestBody.algorithm && it.requestBody?.roomId == requestBody.roomId && @@ -1020,16 +1032,40 @@ internal class RealmCryptoStore @Inject constructor( } } - override fun getOutgoingSecretRequest(secretName: String): OutgoingSecretRequest? { + override fun getOutgoingRoomKeyRequest(requestId: String): OutgoingKeyRequest? { return monarchy.fetchAllCopiedSync { realm -> - realm.where() - .equalTo(OutgoingGossipingRequestEntityFields.TYPE_STR, GossipRequestType.SECRET.name) - .equalTo(OutgoingGossipingRequestEntityFields.REQUESTED_INFO_STR, secretName) - }.mapNotNull { - it.toOutgoingGossipingRequest() as? OutgoingSecretRequest + realm.where() + .equalTo(OutgoingKeyRequestEntityFields.REQUEST_ID, requestId) + }.map { + it.toOutgoingGossipingRequest() }.firstOrNull() } + override fun getOutgoingRoomKeyRequest(roomId: String, sessionId: String, algorithm: String, senderKey: String): List { + // TODO this annoying we have to load all + return monarchy.fetchAllCopiedSync { realm -> + realm.where() + .equalTo(OutgoingKeyRequestEntityFields.ROOM_ID, roomId) + .equalTo(OutgoingKeyRequestEntityFields.MEGOLM_SESSION_ID, sessionId) + }.map { + it.toOutgoingGossipingRequest() + }.filter { + it.requestBody?.algorithm == algorithm && + it.requestBody?.senderKey == senderKey + } + } + + override fun getOutgoingSecretRequest(secretName: String): OutgoingSecretRequest? { +// return monarchy.fetchAllCopiedSync { realm -> +// realm.where() +// .equalTo(OutgoingGossipingRequestEntityFields.TYPE_STR, GossipRequestType.SECRET.name) +// .equalTo(OutgoingGossipingRequestEntityFields.REQUESTED_INFO_STR, secretName) +// }.mapNotNull { +// it.toOutgoingGossipingRequest() as? OutgoingSecretRequest +// }.firstOrNull() + return null + } + override fun getIncomingRoomKeyRequests(): List { return monarchy.fetchAllCopiedSync { realm -> realm.where() @@ -1066,11 +1102,26 @@ internal class RealmCryptoStore @Inject constructor( ) } - override fun getGossipingEventsTrail(): LiveData> { + override fun getGossipingEventsTrail(): LiveData> { val realmDataSourceFactory = monarchy.createDataSourceFactory { realm -> - realm.where().sort(GossipingEventEntityFields.AGE_LOCAL_TS, Sort.DESCENDING) + realm.where().sort(AuditTrailEntityFields.AGE_LOCAL_TS, Sort.DESCENDING) + } + val dataSourceFactory = realmDataSourceFactory.map { + AuditTrailMapper.map(it) + // mm we can't map not null... + ?: AuditTrail( + System.currentTimeMillis(), + TrailType.IncomingKeyRequest, + IncomingKeyRequestInfo( + "", + "", + "", + "", + "", + "", + ) + ) } - val dataSourceFactory = realmDataSourceFactory.map { it.toModel() } val trail = monarchy.findAllPagedWithChanges(realmDataSourceFactory, LivePagedListBuilder(dataSourceFactory, PagedList.Config.Builder() @@ -1082,25 +1133,32 @@ internal class RealmCryptoStore @Inject constructor( return trail } - override fun getGossipingEvents(): List { + override fun getGossipingEvents(): List { return monarchy.fetchAllCopiedSync { realm -> - realm.where() - }.map { - it.toModel() + realm.where() + }.mapNotNull { + AuditTrailMapper.map(it) } } - override fun getOrAddOutgoingRoomKeyRequest(requestBody: RoomKeyRequestBody, recipients: Map>): OutgoingRoomKeyRequest? { + override fun getOrAddOutgoingRoomKeyRequest(requestBody: RoomKeyRequestBody, recipients: Map>): OutgoingKeyRequest { // Insert the request and return the one passed in parameter - var request: OutgoingRoomKeyRequest? = null + lateinit var request: OutgoingKeyRequest doRealmTransaction(realmConfiguration) { realm -> - val existing = realm.where() - .equalTo(OutgoingGossipingRequestEntityFields.TYPE_STR, GossipRequestType.KEY.name) + val existing = realm.where() + .equalTo(OutgoingKeyRequestEntityFields.MEGOLM_SESSION_ID, requestBody.sessionId) + .equalTo(OutgoingKeyRequestEntityFields.ROOM_ID, requestBody.roomId) .findAll() - .mapNotNull { - it.toOutgoingGossipingRequest() as? OutgoingRoomKeyRequest - }.firstOrNull { + .map { + it.toOutgoingGossipingRequest() + }.also { + if (it.size > 1) { + // there should be one or zero but not more, worth warning + Timber.tag(loggerTag.value).w("There should not be more than one active key request per session") + } + } + .firstOrNull { it.requestBody?.algorithm == requestBody.algorithm && it.requestBody?.sessionId == requestBody.sessionId && it.requestBody?.senderKey == requestBody.senderKey && @@ -1108,13 +1166,13 @@ internal class RealmCryptoStore @Inject constructor( } if (existing == null) { - request = realm.createObject(OutgoingGossipingRequestEntity::class.java).apply { + request = realm.createObject(OutgoingKeyRequestEntity::class.java).apply { this.requestId = RequestIdHelper.createUniqueRequestId() this.setRecipients(recipients) - this.requestState = OutgoingGossipingRequestState.UNSENT - this.type = GossipRequestType.KEY - this.requestedInfoStr = requestBody.toJson() - }.toOutgoingGossipingRequest() as? OutgoingRoomKeyRequest + this.requestState = OutgoingRoomKeyRequestState.UNSENT + this.setRequestBody(requestBody) + this.creationTimeStamp = System.currentTimeMillis() + }.toOutgoingGossipingRequest() } else { request = existing } @@ -1122,32 +1180,72 @@ internal class RealmCryptoStore @Inject constructor( return request } - override fun getOrAddOutgoingSecretShareRequest(secretName: String, recipients: Map>): OutgoingSecretRequest? { - var request: OutgoingSecretRequest? = null - - // Insert the request and return the one passed in parameter + override fun updateOutgoingRoomKeyRequestState(requestId: String, newState: OutgoingRoomKeyRequestState) { doRealmTransaction(realmConfiguration) { realm -> - val existing = realm.where() - .equalTo(OutgoingGossipingRequestEntityFields.TYPE_STR, GossipRequestType.SECRET.name) - .equalTo(OutgoingGossipingRequestEntityFields.REQUESTED_INFO_STR, secretName) - .findAll() - .mapNotNull { - it.toOutgoingGossipingRequest() as? OutgoingSecretRequest - }.firstOrNull() - if (existing == null) { - request = realm.createObject(OutgoingGossipingRequestEntity::class.java).apply { - this.type = GossipRequestType.SECRET - setRecipients(recipients) - this.requestState = OutgoingGossipingRequestState.UNSENT - this.requestId = RequestIdHelper.createUniqueRequestId() - this.requestedInfoStr = secretName - }.toOutgoingGossipingRequest() as? OutgoingSecretRequest - } else { - request = existing - } + realm.where() + .equalTo(OutgoingKeyRequestEntityFields.REQUEST_ID, requestId) + .findFirst()?.apply { + this.requestState = newState + } } + } - return request + override fun updateOutgoingRoomKeyReply(roomId: String, + sessionId: String, + algorithm: String, + senderKey: String, + fromDevice: String?, + event: Event) { + doRealmTransaction(realmConfiguration) { realm -> + realm.where() + .equalTo(OutgoingKeyRequestEntityFields.ROOM_ID, roomId) + .equalTo(OutgoingKeyRequestEntityFields.MEGOLM_SESSION_ID, sessionId) + .findAll().firstOrNull { entity -> + entity.toOutgoingGossipingRequest().let { + it.requestBody?.senderKey == senderKey && + it.requestBody?.algorithm == algorithm + } + }?.apply { + event.senderId?.let { addReply(it, fromDevice, event) } + } + } + } + + override fun deleteOutgoingRoomKeyRequest(requestId: String) { + doRealmTransaction(realmConfiguration) { realm -> + realm.where() + .equalTo(OutgoingKeyRequestEntityFields.REQUEST_ID, requestId) + .findFirst()?.deleteOnCascade() + } + } + + override fun getOrAddOutgoingSecretShareRequest(secretName: String, recipients: Map>): OutgoingSecretRequest? { + return null +// var request: OutgoingSecretRequest? = null +// +// // Insert the request and return the one passed in parameter +// doRealmTransaction(realmConfiguration) { realm -> +// val existing = realm.where() +// .equalTo(OutgoingGossipingRequestEntityFields.TYPE_STR, GossipRequestType.SECRET.name) +// .equalTo(OutgoingGossipingRequestEntityFields.REQUESTED_INFO_STR, secretName) +// .findAll() +// .mapNotNull { +// it.toOutgoingGossipingRequest() as? OutgoingSecretRequest +// }.firstOrNull() +// if (existing == null) { +// request = realm.createObject(OutgoingGossipingRequestEntity::class.java).apply { +// this.type = GossipRequestType.SECRET +// setRecipients(recipients) +// this.requestState = OutgoingRoomKeyRequestEntity.UNSENT +// this.requestId = RequestIdHelper.createUniqueRequestId() +// this.requestedInfoStr = secretName +// }.toOutgoingGossipingRequest() as? OutgoingSecretRequest +// } else { +// request = existing +// } +// } +// +// return request } override fun saveGossipingEvents(events: List) { @@ -1170,6 +1268,88 @@ internal class RealmCryptoStore @Inject constructor( } } + override fun saveIncomingKeyRequestAuditTrail( + roomId: String, + sessionId: String, + senderKey: String, + algorithm: String, + fromUser: String, + fromDevice: String) { + monarchy.writeAsync { realm -> + val now = System.currentTimeMillis() + realm.createObject().apply { + this.ageLocalTs = now + this.type = TrailType.IncomingKeyRequest.name + val info = IncomingKeyRequestInfo( + roomId, + sessionId, + senderKey, + algorithm, + fromUser, + fromDevice + ) + MoshiProvider.providesMoshi().adapter(IncomingKeyRequestInfo::class.java).toJson(info)?.let { + this.contentJson = it + } + } + } + } + + override fun saveWithheldAuditTrail(roomId: String, + sessionId: String, + senderKey: String, + algorithm: String, + code: WithHeldCode, + userId: String, + deviceId: String) { + monarchy.writeAsync { realm -> + val now = System.currentTimeMillis() + realm.createObject().apply { + this.ageLocalTs = now + this.type = TrailType.OutgoingKeyWithheld.name + val info = WithheldInfo( + roomId, + sessionId, + senderKey, + algorithm, + code, + userId, + deviceId + ) + MoshiProvider.providesMoshi().adapter(WithheldInfo::class.java).toJson(info)?.let { + this.contentJson = it + } + } + } + } + + override fun saveForwardKeyAuditTrail(roomId: String, + sessionId: String, + senderKey: String, + algorithm: String, + userId: String, + deviceId: String, + chainIndex: Long?) { + monarchy.writeAsync { realm -> + val now = System.currentTimeMillis() + realm.createObject().apply { + this.ageLocalTs = now + this.type = TrailType.OutgoingKeyForward.name + val info = ForwardInfo( + roomId, + sessionId, + senderKey, + algorithm, + userId, + deviceId, + chainIndex + ) + MoshiProvider.providesMoshi().adapter(ForwardInfo::class.java).toJson(info)?.let { + this.contentJson = it + } + } + } + } // override fun getOutgoingRoomKeyRequestByState(states: Set): OutgoingRoomKeyRequest? { // val statesIndex = states.map { it.ordinal }.toTypedArray() // return doRealmQueryAndCopy(realmConfiguration) { realm -> @@ -1276,10 +1456,10 @@ internal class RealmCryptoStore @Inject constructor( } } - override fun updateOutgoingGossipingRequestState(requestId: String, state: OutgoingGossipingRequestState) { + override fun updateOutgoingGossipingRequestState(requestId: String, state: OutgoingRoomKeyRequestState) { doRealmTransaction(realmConfiguration) { realm -> - realm.where() - .equalTo(OutgoingGossipingRequestEntityFields.REQUEST_ID, requestId) + realm.where() + .equalTo(OutgoingKeyRequestEntityFields.REQUEST_ID, requestId) .findAll().forEach { it.requestState = state } @@ -1503,37 +1683,46 @@ internal class RealmCryptoStore @Inject constructor( } } - override fun getOutgoingRoomKeyRequests(): List { + override fun getOutgoingRoomKeyRequests(): List { return monarchy.fetchAllMappedSync({ realm -> realm - .where(OutgoingGossipingRequestEntity::class.java) - .equalTo(OutgoingGossipingRequestEntityFields.TYPE_STR, GossipRequestType.KEY.name) + .where(OutgoingKeyRequestEntity::class.java) }, { entity -> - entity.toOutgoingGossipingRequest() as? OutgoingRoomKeyRequest + entity.toOutgoingGossipingRequest() + }) + .filterNotNull() + } + + override fun getOutgoingRoomKeyRequests(inStates: Set): List { + return monarchy.fetchAllMappedSync({ realm -> + realm + .where(OutgoingKeyRequestEntity::class.java) + .`in`(OutgoingKeyRequestEntityFields.REQUEST_STATE_STR, inStates.map { it.name }.toTypedArray()) + }, { entity -> + entity.toOutgoingGossipingRequest() }) .filterNotNull() } override fun getOutgoingSecretKeyRequests(): List { - return monarchy.fetchAllMappedSync({ realm -> - realm - .where(OutgoingGossipingRequestEntity::class.java) - .equalTo(OutgoingGossipingRequestEntityFields.TYPE_STR, GossipRequestType.SECRET.name) - }, { entity -> - entity.toOutgoingGossipingRequest() as? OutgoingSecretRequest - }) - .filterNotNull() +// return monarchy.fetchAllMappedSync({ realm -> +// realm +// .where(OutgoingGossipingRequestEntity::class.java) +// .equalTo(OutgoingGossipingRequestEntityFields.TYPE_STR, GossipRequestType.SECRET.name) +// }, { entity -> +// entity.toOutgoingGossipingRequest() as? OutgoingSecretRequest +// }) +// .filterNotNull() + return emptyList() } - override fun getOutgoingRoomKeyRequestsPaged(): LiveData> { + override fun getOutgoingRoomKeyRequestsPaged(): LiveData> { val realmDataSourceFactory = monarchy.createDataSourceFactory { realm -> realm - .where(OutgoingGossipingRequestEntity::class.java) - .equalTo(OutgoingGossipingRequestEntityFields.TYPE_STR, GossipRequestType.KEY.name) + .where(OutgoingKeyRequestEntity::class.java) } val dataSourceFactory = realmDataSourceFactory.map { - it.toOutgoingGossipingRequest() as? OutgoingRoomKeyRequest - ?: OutgoingRoomKeyRequest(requestBody = null, requestId = "?", recipients = emptyMap(), state = OutgoingGossipingRequestState.CANCELLED) + it.toOutgoingGossipingRequest() } val trail = monarchy.findAllPagedWithChanges(realmDataSourceFactory, LivePagedListBuilder(dataSourceFactory, @@ -1716,12 +1905,11 @@ internal class RealmCryptoStore @Inject constructor( .also { Timber.i("## Crypto Clean up ${it.size} IncomingGossipingRequestEntity") } .deleteAllFromRealm() - // Clean the cancelled ones? - realm.where() - .equalTo(OutgoingGossipingRequestEntityFields.REQUEST_STATE_STR, OutgoingGossipingRequestState.CANCELLED.name) - .equalTo(OutgoingGossipingRequestEntityFields.TYPE_STR, GossipRequestType.KEY.name) + // Clean the old ones? + realm.where() + .lessThan(OutgoingKeyRequestEntityFields.CREATION_TIME_STAMP, prevWeekTs) .findAll() - .also { Timber.i("## Crypto Clean up ${it.size} OutgoingGossipingRequestEntity") } + .also { Timber.i("## Crypto Clean up ${it.size} OutgoingKeyRequestEntity") } .deleteAllFromRealm() // Only keep one week history diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/RealmCryptoStoreMigration.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/RealmCryptoStoreMigration.kt index cac6499486..3bb44572ac 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/RealmCryptoStoreMigration.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/RealmCryptoStoreMigration.kt @@ -33,6 +33,7 @@ import org.matrix.android.sdk.internal.crypto.store.db.migration.MigrateCryptoTo import org.matrix.android.sdk.internal.crypto.store.db.migration.MigrateCryptoTo013 import org.matrix.android.sdk.internal.crypto.store.db.migration.MigrateCryptoTo014 import org.matrix.android.sdk.internal.crypto.store.db.migration.MigrateCryptoTo015 +import org.matrix.android.sdk.internal.crypto.store.db.migration.MigrateCryptoTo016 import timber.log.Timber import javax.inject.Inject @@ -47,7 +48,7 @@ internal class RealmCryptoStoreMigration @Inject constructor() : RealmMigration // 0, 1, 2: legacy Riot-Android // 3: migrate to RiotX schema // 4, 5, 6, 7, 8, 9: migrations from RiotX (which was previously 1, 2, 3, 4, 5, 6) - val schemaVersion = 15L + val schemaVersion = 16L override fun migrate(realm: DynamicRealm, oldVersion: Long, newVersion: Long) { Timber.d("Migrating Realm Crypto from $oldVersion to $newVersion") @@ -67,5 +68,6 @@ internal class RealmCryptoStoreMigration @Inject constructor() : RealmMigration if (oldVersion < 13) MigrateCryptoTo013(realm).perform() if (oldVersion < 14) MigrateCryptoTo014(realm).perform() if (oldVersion < 15) MigrateCryptoTo015(realm).perform() + if (oldVersion < 16) MigrateCryptoTo016(realm).perform() } } diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/RealmCryptoStoreModule.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/RealmCryptoStoreModule.kt index a2f2f8e97a..e3e195ff8c 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/RealmCryptoStoreModule.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/RealmCryptoStoreModule.kt @@ -17,6 +17,7 @@ package org.matrix.android.sdk.internal.crypto.store.db import io.realm.annotations.RealmModule +import org.matrix.android.sdk.internal.crypto.store.db.model.AuditTrailEntity import org.matrix.android.sdk.internal.crypto.store.db.model.CrossSigningInfoEntity import org.matrix.android.sdk.internal.crypto.store.db.model.CryptoMetadataEntity import org.matrix.android.sdk.internal.crypto.store.db.model.CryptoRoomEntity @@ -24,12 +25,13 @@ import org.matrix.android.sdk.internal.crypto.store.db.model.DeviceInfoEntity import org.matrix.android.sdk.internal.crypto.store.db.model.GossipingEventEntity import org.matrix.android.sdk.internal.crypto.store.db.model.IncomingGossipingRequestEntity import org.matrix.android.sdk.internal.crypto.store.db.model.KeyInfoEntity +import org.matrix.android.sdk.internal.crypto.store.db.model.KeyRequestReplyEntity import org.matrix.android.sdk.internal.crypto.store.db.model.KeysBackupDataEntity import org.matrix.android.sdk.internal.crypto.store.db.model.MyDeviceLastSeenInfoEntity import org.matrix.android.sdk.internal.crypto.store.db.model.OlmInboundGroupSessionEntity import org.matrix.android.sdk.internal.crypto.store.db.model.OlmSessionEntity import org.matrix.android.sdk.internal.crypto.store.db.model.OutboundGroupSessionInfoEntity -import org.matrix.android.sdk.internal.crypto.store.db.model.OutgoingGossipingRequestEntity +import org.matrix.android.sdk.internal.crypto.store.db.model.OutgoingKeyRequestEntity import org.matrix.android.sdk.internal.crypto.store.db.model.SharedSessionEntity import org.matrix.android.sdk.internal.crypto.store.db.model.TrustLevelEntity import org.matrix.android.sdk.internal.crypto.store.db.model.UserEntity @@ -50,9 +52,9 @@ import org.matrix.android.sdk.internal.crypto.store.db.model.WithHeldSessionEnti KeyInfoEntity::class, CrossSigningInfoEntity::class, TrustLevelEntity::class, - GossipingEventEntity::class, - IncomingGossipingRequestEntity::class, - OutgoingGossipingRequestEntity::class, + AuditTrailEntity::class, + OutgoingKeyRequestEntity::class, + KeyRequestReplyEntity::class, MyDeviceLastSeenInfoEntity::class, WithHeldSessionEntity::class, SharedSessionEntity::class, diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/migration/MigrateCryptoTo016.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/migration/MigrateCryptoTo016.kt new file mode 100644 index 0000000000..832272f574 --- /dev/null +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/migration/MigrateCryptoTo016.kt @@ -0,0 +1,61 @@ +/* + * Copyright (c) 2022 New Vector Ltd + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.matrix.android.sdk.internal.crypto.store.db.migration + +import io.realm.DynamicRealm +import org.matrix.android.sdk.internal.crypto.store.db.model.AuditTrailEntityFields +import org.matrix.android.sdk.internal.crypto.store.db.model.KeyRequestReplyEntity +import org.matrix.android.sdk.internal.crypto.store.db.model.KeyRequestReplyEntityFields +import org.matrix.android.sdk.internal.crypto.store.db.model.OutgoingKeyRequestEntityFields +import org.matrix.android.sdk.internal.util.database.RealmMigrator + +class MigrateCryptoTo016(realm: DynamicRealm) : RealmMigrator(realm, 15) { + + override fun doMigrate(realm: DynamicRealm) { + realm.schema.remove("OutgoingGossipingRequestEntity") + realm.schema.remove("IncomingGossipingRequestEntity") + realm.schema.remove("GossipingEventEntity") + + // No need to migrate existing request, just start fresh + + realm.schema.create("OutgoingKeyRequestEntity") + .addField(OutgoingKeyRequestEntityFields.REQUEST_ID, String::class.java) + .addIndex(OutgoingKeyRequestEntityFields.REQUEST_ID) + .addField(OutgoingKeyRequestEntityFields.MEGOLM_SESSION_ID, String::class.java) + .addIndex(OutgoingKeyRequestEntityFields.MEGOLM_SESSION_ID) + .addRealmListField(OutgoingKeyRequestEntityFields.REPLIES.`$`, KeyRequestReplyEntity::class.java) + .addField(OutgoingKeyRequestEntityFields.RECIPIENTS_DATA, String::class.java) + .addField(OutgoingKeyRequestEntityFields.REQUEST_STATE_STR, String::class.java) + .addIndex(OutgoingKeyRequestEntityFields.REQUEST_STATE_STR) + .addField(OutgoingKeyRequestEntityFields.REQUESTED_INFO_STR, String::class.java) + .addField(OutgoingKeyRequestEntityFields.CREATION_TIME_STAMP, Long::class.java) + .setNullable(OutgoingKeyRequestEntityFields.CREATION_TIME_STAMP, true) + + + realm.schema.create("AuditTrailEntity") + .addField(AuditTrailEntityFields.AGE_LOCAL_TS, Long::class.java) + .setNullable(AuditTrailEntityFields.AGE_LOCAL_TS, true) + .addField(AuditTrailEntityFields.CONTENT_JSON, String::class.java) + .addField(AuditTrailEntityFields.TYPE, String::class.java) + + realm.schema.create("KeyRequestReplyEntity") + .addField(KeyRequestReplyEntityFields.SENDER_ID, String::class.java) + .addField(KeyRequestReplyEntityFields.FROM_DEVICE, String::class.java) + .addField(KeyRequestReplyEntityFields.EVENT_JSON, String::class.java) + + } +} diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/model/GossipingRequestState.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/AuditTrailEntity.kt similarity index 63% rename from matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/model/GossipingRequestState.kt rename to matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/AuditTrailEntity.kt index d9a6f4fcba..a3963e9485 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/model/GossipingRequestState.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/AuditTrailEntity.kt @@ -1,5 +1,5 @@ /* - * Copyright 2020 The Matrix.org Foundation C.I.C. + * Copyright 2022 The Matrix.org Foundation C.I.C. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -14,18 +14,14 @@ * limitations under the License. */ -package org.matrix.android.sdk.api.session.crypto.model +package org.matrix.android.sdk.internal.crypto.store.db.model -enum class GossipingRequestState { - NONE, - PENDING, - REJECTED, - ACCEPTING, - ACCEPTED, - FAILED_TO_ACCEPTED, +import io.realm.RealmObject - // USER_REJECTED, - UNABLE_TO_PROCESS, - CANCELLED_BY_REQUESTER, - RE_REQUESTED +internal open class AuditTrailEntity( + var ageLocalTs: Long? = null, + var type: String? = null, + var contentJson: String? = null +) : RealmObject() { + companion object } diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/AuditTrailMapper.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/AuditTrailMapper.kt new file mode 100644 index 0000000000..a89c5599ef --- /dev/null +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/AuditTrailMapper.kt @@ -0,0 +1,85 @@ +/* + * Copyright 2022 The Matrix.org Foundation C.I.C. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.matrix.android.sdk.internal.crypto.store.db.model + +import org.matrix.android.sdk.api.extensions.tryOrNull +import org.matrix.android.sdk.internal.crypto.model.AuditInfo +import org.matrix.android.sdk.internal.crypto.model.AuditTrail +import org.matrix.android.sdk.internal.crypto.model.ForwardInfo +import org.matrix.android.sdk.internal.crypto.model.IncomingKeyRequestInfo +import org.matrix.android.sdk.internal.crypto.model.TrailType +import org.matrix.android.sdk.internal.crypto.model.WithheldInfo +import org.matrix.android.sdk.internal.di.MoshiProvider + +internal object AuditTrailMapper { + + fun map(entity: AuditTrailEntity): AuditTrail? { + val contentJson = entity.contentJson ?: return null + return when (entity.type) { + TrailType.OutgoingKeyForward.name -> { + val info = tryOrNull { + MoshiProvider.providesMoshi().adapter(ForwardInfo::class.java).fromJson(contentJson) + } ?: return null + AuditTrail( + ageLocalTs = entity.ageLocalTs ?: 0, + type = TrailType.OutgoingKeyForward, + info = info + ) + } + TrailType.OutgoingKeyWithheld.name -> { + val info = tryOrNull { + MoshiProvider.providesMoshi().adapter(WithheldInfo::class.java).fromJson(contentJson) + } ?: return null + AuditTrail( + ageLocalTs = entity.ageLocalTs ?: 0, + type = TrailType.OutgoingKeyWithheld, + info = info + ) + } + TrailType.IncomingKeyRequest.name -> { + val info = tryOrNull { + MoshiProvider.providesMoshi().adapter(IncomingKeyRequestInfo::class.java).fromJson(contentJson) + } ?: return null + AuditTrail( + ageLocalTs = entity.ageLocalTs ?: 0, + type = TrailType.IncomingKeyRequest, + info = info + ) + } + else -> { + AuditTrail( + ageLocalTs = entity.ageLocalTs ?: 0, + type = TrailType.Unknown, + info = object : AuditInfo { + override val roomId: String + get() = "" + override val sessionId: String + get() = "" + override val senderKey: String + get() = "" + override val alg: String + get() = "" + override val userId: String + get() = "" + override val deviceId: String + get() = "" + } + ) + } + } + } +} diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/GossipingEventEntity.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/GossipingEventEntity.kt index a024e092b7..31b141014b 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/GossipingEventEntity.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/GossipingEventEntity.kt @@ -33,6 +33,8 @@ import timber.log.Timber * (room key request, or sss secret sharing, as well as cancellations) * */ + +// not used anymore, just here for db migration internal open class GossipingEventEntity(@Index var type: String? = "", var content: String? = null, @Index var sender: String? = null, diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/IncomingGossipingRequestEntity.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/IncomingGossipingRequestEntity.kt index f05c8853c8..c58b3a684d 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/IncomingGossipingRequestEntity.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/IncomingGossipingRequestEntity.kt @@ -26,6 +26,7 @@ import org.matrix.android.sdk.api.session.crypto.model.RoomKeyRequestBody import org.matrix.android.sdk.internal.crypto.GossipRequestType import org.matrix.android.sdk.internal.crypto.IncomingShareRequestCommon +// not used anymore, just here for db migration internal open class IncomingGossipingRequestEntity(@Index var requestId: String? = "", @Index var typeStr: String? = null, var otherUserId: String? = null, diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/KeyRequestReplyEntity.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/KeyRequestReplyEntity.kt new file mode 100644 index 0000000000..0c7cf79e78 --- /dev/null +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/KeyRequestReplyEntity.kt @@ -0,0 +1,35 @@ +/* + * Copyright 2022 The Matrix.org Foundation C.I.C. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.matrix.android.sdk.internal.crypto.store.db.model + +import io.realm.RealmObject +import org.matrix.android.sdk.api.session.events.model.Event +import org.matrix.android.sdk.internal.di.MoshiProvider + +internal open class KeyRequestReplyEntity( + var senderId: String? = null, + var fromDevice: String? = null, + var eventJson: String? = null +) : RealmObject() { + companion object + + fun getEvent(): Event? { + return eventJson?.let { + MoshiProvider.providesMoshi().adapter(Event::class.java).fromJson(it) + } + } +} diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/OutgoingGossipingRequestEntity.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/OutgoingGossipingRequestEntity.kt index 0e1278967e..ccb4590fb9 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/OutgoingGossipingRequestEntity.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/OutgoingGossipingRequestEntity.kt @@ -1,34 +1,26 @@ -/* - * Copyright 2020 The Matrix.org Foundation C.I.C. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ +// /* +// * Copyright 2020 The Matrix.org Foundation C.I.C. +// * +// * Licensed under the Apache License, Version 2.0 (the "License"); +// * you may not use this file except in compliance with the License. +// * You may obtain a copy of the License at +// * +// * http://www.apache.org/licenses/LICENSE-2.0 +// * +// * Unless required by applicable law or agreed to in writing, software +// * distributed under the License is distributed on an "AS IS" BASIS, +// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// * See the License for the specific language governing permissions and +// * limitations under the License. +// */ package org.matrix.android.sdk.internal.crypto.store.db.model -import com.squareup.moshi.JsonAdapter -import com.squareup.moshi.Types import io.realm.RealmObject import io.realm.annotations.Index -import org.matrix.android.sdk.api.extensions.tryOrNull -import org.matrix.android.sdk.api.session.crypto.model.OutgoingGossipingRequestState -import org.matrix.android.sdk.api.session.crypto.model.OutgoingRoomKeyRequest -import org.matrix.android.sdk.api.session.crypto.model.RoomKeyRequestBody -import org.matrix.android.sdk.internal.crypto.GossipRequestType -import org.matrix.android.sdk.internal.crypto.OutgoingGossipingRequest -import org.matrix.android.sdk.internal.crypto.OutgoingSecretRequest -import org.matrix.android.sdk.internal.di.MoshiProvider +import org.matrix.android.sdk.internal.crypto.OutgoingGossipingRequestState +// not used anymore, just here for db migration internal open class OutgoingGossipingRequestEntity( @Index var requestId: String? = null, var recipientsData: String? = null, @@ -36,69 +28,5 @@ internal open class OutgoingGossipingRequestEntity( @Index var typeStr: String? = null ) : RealmObject() { - fun getRequestedSecretName(): String? = if (type == GossipRequestType.SECRET) { - requestedInfoStr - } else null - - fun getRequestedKeyInfo(): RoomKeyRequestBody? = if (type == GossipRequestType.KEY) { - RoomKeyRequestBody.fromJson(requestedInfoStr) - } else null - - var type: GossipRequestType - get() { - return tryOrNull { typeStr?.let { GossipRequestType.valueOf(it) } } ?: GossipRequestType.KEY - } - set(value) { - typeStr = value.name - } - private var requestStateStr: String = OutgoingGossipingRequestState.UNSENT.name - - var requestState: OutgoingGossipingRequestState - get() { - return tryOrNull { OutgoingGossipingRequestState.valueOf(requestStateStr) } - ?: OutgoingGossipingRequestState.UNSENT - } - set(value) { - requestStateStr = value.name - } - - companion object { - - private val recipientsDataMapper: JsonAdapter>> = - MoshiProvider - .providesMoshi() - .adapter>>( - Types.newParameterizedType(Map::class.java, String::class.java, List::class.java) - ) - } - - fun toOutgoingGossipingRequest(): OutgoingGossipingRequest { - return when (type) { - GossipRequestType.KEY -> { - OutgoingRoomKeyRequest( - requestBody = getRequestedKeyInfo(), - recipients = getRecipients().orEmpty(), - requestId = requestId ?: "", - state = requestState - ) - } - GossipRequestType.SECRET -> { - OutgoingSecretRequest( - secretName = getRequestedSecretName(), - recipients = getRecipients().orEmpty(), - requestId = requestId ?: "", - state = requestState - ) - } - } - } - - private fun getRecipients(): Map>? { - return this.recipientsData?.let { recipientsDataMapper.fromJson(it) } - } - - fun setRecipients(recipients: Map>) { - this.recipientsData = recipientsDataMapper.toJson(recipients) - } } diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/OutgoingKeyRequestEntity.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/OutgoingKeyRequestEntity.kt new file mode 100644 index 0000000000..3e00ce7cce --- /dev/null +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/OutgoingKeyRequestEntity.kt @@ -0,0 +1,136 @@ +/* + * Copyright (c) 2022 New Vector Ltd + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.matrix.android.sdk.internal.crypto.store.db.model + +import com.squareup.moshi.JsonAdapter +import com.squareup.moshi.Types +import io.realm.RealmList +import io.realm.RealmObject +import io.realm.annotations.Index +import org.matrix.android.sdk.api.extensions.tryOrNull +import org.matrix.android.sdk.api.session.crypto.model.OutgoingRoomKeyRequestState +import org.matrix.android.sdk.api.session.crypto.model.RoomKeyRequestBody +import org.matrix.android.sdk.api.session.events.model.Event +import org.matrix.android.sdk.api.session.events.model.EventType +import org.matrix.android.sdk.api.session.events.model.content.RoomKeyWithHeldContent +import org.matrix.android.sdk.api.session.events.model.toModel +import org.matrix.android.sdk.internal.crypto.OutgoingKeyRequest +import org.matrix.android.sdk.internal.crypto.RequestReply +import org.matrix.android.sdk.internal.crypto.RequestResult +import org.matrix.android.sdk.internal.di.MoshiProvider +import timber.log.Timber + +internal open class OutgoingKeyRequestEntity( + @Index var requestId: String? = null, + var recipientsData: String? = null, + var requestedInfoStr: String? = null, + var creationTimeStamp: Long? = null, + // de-normalization for better query (if not have to query all and parse json) + @Index var roomId: String? = null, + @Index var megolmSessionId: String? = null, + + var replies: RealmList = RealmList() +) : RealmObject() { + + @Index private var requestStateStr: String = OutgoingRoomKeyRequestState.UNSENT.name + + companion object { + + private val recipientsDataMapper: JsonAdapter>> = + MoshiProvider + .providesMoshi() + .adapter( + Types.newParameterizedType(Map::class.java, String::class.java, List::class.java) + ) + } + + fun getRequestedKeyInfo(): RoomKeyRequestBody? = RoomKeyRequestBody.fromJson(requestedInfoStr) + + fun setRequestBody(body: RoomKeyRequestBody) { + requestedInfoStr = body.toJson() + roomId = body.roomId + megolmSessionId = body.sessionId + } + + var requestState: OutgoingRoomKeyRequestState + get() { + return tryOrNull { OutgoingRoomKeyRequestState.valueOf(requestStateStr) } + ?: OutgoingRoomKeyRequestState.UNSENT + } + set(value) { + requestStateStr = value.name + } + + private fun getRecipients(): Map>? { + return this.recipientsData?.let { recipientsDataMapper.fromJson(it) } + } + + fun setRecipients(recipients: Map>) { + this.recipientsData = recipientsDataMapper.toJson(recipients) + } + + fun addReply(userId: String, fromDevice: String?, event: Event) { + Timber.w("##VALR: add reply $userId / $fromDevice / $event") + val newReply = KeyRequestReplyEntity( + senderId = userId, + fromDevice = fromDevice, + eventJson = MoshiProvider.providesMoshi().adapter(Event::class.java).toJson(event) + ) + replies.add(newReply) + } + + fun toOutgoingGossipingRequest(): OutgoingKeyRequest { + return OutgoingKeyRequest( + requestBody = getRequestedKeyInfo(), + recipients = getRecipients().orEmpty(), + requestId = requestId ?: "", + state = requestState, + results = replies.mapNotNull { entity -> + val userId = entity.senderId ?: return@mapNotNull null + val result = entity.eventJson?.let { + MoshiProvider.providesMoshi().adapter(Event::class.java).fromJson(it) + }?.let { event -> + eventToResult(event) + } ?: return@mapNotNull null + RequestReply( + userId, + entity.fromDevice, + result + ) + } + ) + } + + private fun eventToResult(event: Event): RequestResult? { + return when (event.getClearType()) { + EventType.ROOM_KEY_WITHHELD -> { + event.content.toModel()?.code?.let { + RequestResult.Failure(it) + } + } + EventType.FORWARDED_ROOM_KEY -> { + RequestResult.Success + } + else -> null + } + } +} + +internal fun OutgoingKeyRequestEntity.deleteOnCascade() { + replies.deleteAllFromRealm() + deleteFromRealm() +} diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/tasks/SendEventTask.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/tasks/SendEventTask.kt index bdfe818c62..4d0871f145 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/tasks/SendEventTask.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/tasks/SendEventTask.kt @@ -15,6 +15,7 @@ */ package org.matrix.android.sdk.internal.crypto.tasks +import org.matrix.android.sdk.api.extensions.tryOrNull import org.matrix.android.sdk.api.session.events.model.Event import org.matrix.android.sdk.api.session.room.send.SendState import org.matrix.android.sdk.internal.network.GlobalErrorReceiver @@ -46,7 +47,9 @@ internal class DefaultSendEventTask @Inject constructor( params.event.roomId ?.takeIf { params.encrypt } ?.let { roomId -> - loadRoomMembersTask.execute(LoadRoomMembersTask.Params(roomId)) + tryOrNull { + loadRoomMembersTask.execute(LoadRoomMembersTask.Params(roomId)) + } } val event = handleEncryption(params) diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/DefaultIncomingSASDefaultVerificationTransaction.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/DefaultIncomingSASDefaultVerificationTransaction.kt index 68f1cf62d5..7b850628f6 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/DefaultIncomingSASDefaultVerificationTransaction.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/DefaultIncomingSASDefaultVerificationTransaction.kt @@ -23,8 +23,8 @@ import org.matrix.android.sdk.api.session.crypto.verification.IncomingSasVerific import org.matrix.android.sdk.api.session.crypto.verification.SasMode import org.matrix.android.sdk.api.session.crypto.verification.VerificationTxState import org.matrix.android.sdk.api.session.events.model.EventType -import org.matrix.android.sdk.internal.crypto.IncomingGossipingRequestManager import org.matrix.android.sdk.internal.crypto.OutgoingGossipingRequestManager +import org.matrix.android.sdk.internal.crypto.SecretShareManager import org.matrix.android.sdk.internal.crypto.actions.SetDeviceVerificationAction import org.matrix.android.sdk.internal.crypto.store.IMXCryptoStore import timber.log.Timber @@ -36,7 +36,7 @@ internal class DefaultIncomingSASDefaultVerificationTransaction( private val cryptoStore: IMXCryptoStore, crossSigningService: CrossSigningService, outgoingGossipingRequestManager: OutgoingGossipingRequestManager, - incomingGossipingRequestManager: IncomingGossipingRequestManager, + secretShareManager: SecretShareManager, deviceFingerprint: String, transactionId: String, otherUserID: String, @@ -48,7 +48,7 @@ internal class DefaultIncomingSASDefaultVerificationTransaction( cryptoStore, crossSigningService, outgoingGossipingRequestManager, - incomingGossipingRequestManager, + secretShareManager, deviceFingerprint, transactionId, otherUserID, diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/DefaultOutgoingSASDefaultVerificationTransaction.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/DefaultOutgoingSASDefaultVerificationTransaction.kt index e203f03b06..5c5f8dd668 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/DefaultOutgoingSASDefaultVerificationTransaction.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/DefaultOutgoingSASDefaultVerificationTransaction.kt @@ -20,8 +20,8 @@ import org.matrix.android.sdk.api.session.crypto.verification.CancelCode import org.matrix.android.sdk.api.session.crypto.verification.OutgoingSasVerificationTransaction import org.matrix.android.sdk.api.session.crypto.verification.VerificationTxState import org.matrix.android.sdk.api.session.events.model.EventType -import org.matrix.android.sdk.internal.crypto.IncomingGossipingRequestManager import org.matrix.android.sdk.internal.crypto.OutgoingGossipingRequestManager +import org.matrix.android.sdk.internal.crypto.SecretShareManager import org.matrix.android.sdk.internal.crypto.actions.SetDeviceVerificationAction import org.matrix.android.sdk.internal.crypto.store.IMXCryptoStore import timber.log.Timber @@ -33,7 +33,7 @@ internal class DefaultOutgoingSASDefaultVerificationTransaction( cryptoStore: IMXCryptoStore, crossSigningService: CrossSigningService, outgoingGossipingRequestManager: OutgoingGossipingRequestManager, - incomingGossipingRequestManager: IncomingGossipingRequestManager, + secretShareManager: SecretShareManager, deviceFingerprint: String, transactionId: String, otherUserId: String, @@ -45,7 +45,7 @@ internal class DefaultOutgoingSASDefaultVerificationTransaction( cryptoStore, crossSigningService, outgoingGossipingRequestManager, - incomingGossipingRequestManager, + secretShareManager, deviceFingerprint, transactionId, otherUserId, diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/DefaultVerificationService.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/DefaultVerificationService.kt index 28bf1d70f7..00d01f02ed 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/DefaultVerificationService.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/DefaultVerificationService.kt @@ -59,9 +59,9 @@ import org.matrix.android.sdk.api.session.room.model.message.MessageVerification import org.matrix.android.sdk.api.session.room.model.message.MessageVerificationStartContent import org.matrix.android.sdk.api.session.room.model.message.ValidVerificationDone import org.matrix.android.sdk.internal.crypto.DeviceListManager -import org.matrix.android.sdk.internal.crypto.IncomingGossipingRequestManager import org.matrix.android.sdk.internal.crypto.MyDeviceInfoHolder import org.matrix.android.sdk.internal.crypto.OutgoingGossipingRequestManager +import org.matrix.android.sdk.internal.crypto.SecretShareManager import org.matrix.android.sdk.internal.crypto.actions.SetDeviceVerificationAction import org.matrix.android.sdk.internal.crypto.model.rest.KeyVerificationAccept import org.matrix.android.sdk.internal.crypto.model.rest.KeyVerificationCancel @@ -95,7 +95,7 @@ internal class DefaultVerificationService @Inject constructor( @DeviceId private val deviceId: String?, private val cryptoStore: IMXCryptoStore, private val outgoingGossipingRequestManager: OutgoingGossipingRequestManager, - private val incomingGossipingRequestManager: IncomingGossipingRequestManager, + private val secretShareManager: SecretShareManager, private val myDeviceInfoHolder: Lazy, private val deviceListManager: DeviceListManager, private val setDeviceVerificationAction: SetDeviceVerificationAction, @@ -548,7 +548,7 @@ internal class DefaultVerificationService @Inject constructor( cryptoStore, crossSigningService, outgoingGossipingRequestManager, - incomingGossipingRequestManager, + secretShareManager, myDeviceInfoHolder.get().myDevice.fingerprint()!!, startReq.transactionId, otherUserId, @@ -807,17 +807,15 @@ internal class DefaultVerificationService @Inject constructor( getExistingTransaction(userId, doneReq.transactionId) ?: getOldTransaction(userId, doneReq.transactionId) ?.let { vt -> - val otherDeviceId = vt.otherDeviceId + val otherDeviceId = vt.otherDeviceId ?: return@let if (!crossSigningService.canCrossSign()) { - outgoingGossipingRequestManager.sendSecretShareRequest(MASTER_KEY_SSSS_NAME, mapOf(userId to listOf(otherDeviceId - ?: "*"))) - outgoingGossipingRequestManager.sendSecretShareRequest(SELF_SIGNING_KEY_SSSS_NAME, mapOf(userId to listOf(otherDeviceId - ?: "*"))) - outgoingGossipingRequestManager.sendSecretShareRequest(USER_SIGNING_KEY_SSSS_NAME, mapOf(userId to listOf(otherDeviceId - ?: "*"))) + cryptoCoroutineScope.launch { + secretShareManager.requestSecretTo(otherDeviceId, MASTER_KEY_SSSS_NAME) + secretShareManager.requestSecretTo(otherDeviceId, SELF_SIGNING_KEY_SSSS_NAME) + secretShareManager.requestSecretTo(otherDeviceId, USER_SIGNING_KEY_SSSS_NAME) + secretShareManager.requestSecretTo(otherDeviceId, KEYBACKUP_SECRET_SSSS_NAME) + } } - outgoingGossipingRequestManager.sendSecretShareRequest(KEYBACKUP_SECRET_SSSS_NAME, mapOf(userId to listOf(otherDeviceId - ?: "*"))) } } } @@ -912,7 +910,7 @@ internal class DefaultVerificationService @Inject constructor( otherDeviceId = readyReq.fromDevice, crossSigningService = crossSigningService, outgoingGossipingRequestManager = outgoingGossipingRequestManager, - incomingGossipingRequestManager = incomingGossipingRequestManager, + secretShareManager = secretShareManager, cryptoStore = cryptoStore, qrCodeData = qrCodeData, userId = userId, @@ -1111,7 +1109,7 @@ internal class DefaultVerificationService @Inject constructor( cryptoStore, crossSigningService, outgoingGossipingRequestManager, - incomingGossipingRequestManager, + secretShareManager, myDeviceInfoHolder.get().myDevice.fingerprint()!!, txID, otherUserId, @@ -1303,7 +1301,7 @@ internal class DefaultVerificationService @Inject constructor( cryptoStore, crossSigningService, outgoingGossipingRequestManager, - incomingGossipingRequestManager, + secretShareManager, myDeviceInfoHolder.get().myDevice.fingerprint()!!, transactionId, otherUserId, @@ -1441,7 +1439,7 @@ internal class DefaultVerificationService @Inject constructor( otherDeviceId = otherDeviceId, crossSigningService = crossSigningService, outgoingGossipingRequestManager = outgoingGossipingRequestManager, - incomingGossipingRequestManager = incomingGossipingRequestManager, + secretShareManager = secretShareManager, cryptoStore = cryptoStore, qrCodeData = qrCodeData, userId = userId, diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/DefaultVerificationTransaction.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/DefaultVerificationTransaction.kt index 69d9388c5f..770a6ba54c 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/DefaultVerificationTransaction.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/DefaultVerificationTransaction.kt @@ -20,8 +20,8 @@ import org.matrix.android.sdk.api.session.crypto.crosssigning.CrossSigningServic import org.matrix.android.sdk.api.session.crypto.crosssigning.DeviceTrustLevel import org.matrix.android.sdk.api.session.crypto.verification.VerificationTransaction import org.matrix.android.sdk.api.session.crypto.verification.VerificationTxState -import org.matrix.android.sdk.internal.crypto.IncomingGossipingRequestManager import org.matrix.android.sdk.internal.crypto.OutgoingGossipingRequestManager +import org.matrix.android.sdk.internal.crypto.SecretShareManager import org.matrix.android.sdk.internal.crypto.actions.SetDeviceVerificationAction import timber.log.Timber @@ -32,7 +32,7 @@ internal abstract class DefaultVerificationTransaction( private val setDeviceVerificationAction: SetDeviceVerificationAction, private val crossSigningService: CrossSigningService, private val outgoingGossipingRequestManager: OutgoingGossipingRequestManager, - private val incomingGossipingRequestManager: IncomingGossipingRequestManager, + private val secretShareManager: SecretShareManager, private val userId: String, override val transactionId: String, override val otherUserId: String, @@ -86,7 +86,7 @@ internal abstract class DefaultVerificationTransaction( } if (otherUserId == userId) { - incomingGossipingRequestManager.onVerificationCompleteForDevice(otherDeviceId!!) + secretShareManager.onVerificationCompleteForDevice(otherDeviceId!!) // If me it's reasonable to sign and upload the device signature // Notice that i might not have the private keys, so may not be able to do it diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/SASDefaultVerificationTransaction.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/SASDefaultVerificationTransaction.kt index 4bf01a2809..43e25ab2bf 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/SASDefaultVerificationTransaction.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/SASDefaultVerificationTransaction.kt @@ -23,8 +23,8 @@ import org.matrix.android.sdk.api.session.crypto.verification.SasMode import org.matrix.android.sdk.api.session.crypto.verification.SasVerificationTransaction import org.matrix.android.sdk.api.session.crypto.verification.VerificationTxState import org.matrix.android.sdk.api.session.events.model.EventType -import org.matrix.android.sdk.internal.crypto.IncomingGossipingRequestManager import org.matrix.android.sdk.internal.crypto.OutgoingGossipingRequestManager +import org.matrix.android.sdk.internal.crypto.SecretShareManager import org.matrix.android.sdk.internal.crypto.actions.SetDeviceVerificationAction import org.matrix.android.sdk.internal.crypto.store.IMXCryptoStore import org.matrix.android.sdk.internal.extensions.toUnsignedInt @@ -43,7 +43,7 @@ internal abstract class SASDefaultVerificationTransaction( private val cryptoStore: IMXCryptoStore, crossSigningService: CrossSigningService, outgoingGossipingRequestManager: OutgoingGossipingRequestManager, - incomingGossipingRequestManager: IncomingGossipingRequestManager, + secretShareManager: SecretShareManager, private val deviceFingerprint: String, transactionId: String, otherUserId: String, @@ -53,7 +53,7 @@ internal abstract class SASDefaultVerificationTransaction( setDeviceVerificationAction, crossSigningService, outgoingGossipingRequestManager, - incomingGossipingRequestManager, + secretShareManager, userId, transactionId, otherUserId, diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/qrcode/DefaultQrCodeVerificationTransaction.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/qrcode/DefaultQrCodeVerificationTransaction.kt index 06f0b36798..9cc31d9542 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/qrcode/DefaultQrCodeVerificationTransaction.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/qrcode/DefaultQrCodeVerificationTransaction.kt @@ -22,8 +22,8 @@ import org.matrix.android.sdk.api.session.crypto.verification.QrCodeVerification import org.matrix.android.sdk.api.session.crypto.verification.VerificationTxState import org.matrix.android.sdk.api.session.events.model.EventType import org.matrix.android.sdk.api.util.fromBase64 -import org.matrix.android.sdk.internal.crypto.IncomingGossipingRequestManager import org.matrix.android.sdk.internal.crypto.OutgoingGossipingRequestManager +import org.matrix.android.sdk.internal.crypto.SecretShareManager import org.matrix.android.sdk.internal.crypto.actions.SetDeviceVerificationAction import org.matrix.android.sdk.internal.crypto.crosssigning.fromBase64Safe import org.matrix.android.sdk.internal.crypto.store.IMXCryptoStore @@ -38,7 +38,7 @@ internal class DefaultQrCodeVerificationTransaction( override var otherDeviceId: String?, private val crossSigningService: CrossSigningService, outgoingGossipingRequestManager: OutgoingGossipingRequestManager, - incomingGossipingRequestManager: IncomingGossipingRequestManager, + secretShareManager: SecretShareManager, private val cryptoStore: IMXCryptoStore, // Not null only if other user is able to scan QR code private val qrCodeData: QrCodeData?, @@ -49,7 +49,7 @@ internal class DefaultQrCodeVerificationTransaction( setDeviceVerificationAction, crossSigningService, outgoingGossipingRequestManager, - incomingGossipingRequestManager, + secretShareManager, userId, transactionId, otherUserId, diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/session/SessionComponent.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/session/SessionComponent.kt index 76e5d84e56..4c1a06f1c7 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/session/SessionComponent.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/session/SessionComponent.kt @@ -21,10 +21,7 @@ import dagger.Component import org.matrix.android.sdk.api.MatrixCoroutineDispatchers import org.matrix.android.sdk.api.auth.data.SessionParams import org.matrix.android.sdk.api.session.Session -import org.matrix.android.sdk.internal.crypto.CancelGossipRequestWorker import org.matrix.android.sdk.internal.crypto.CryptoModule -import org.matrix.android.sdk.internal.crypto.SendGossipRequestWorker -import org.matrix.android.sdk.internal.crypto.SendGossipWorker import org.matrix.android.sdk.internal.crypto.crosssigning.UpdateTrustWorker import org.matrix.android.sdk.internal.crypto.verification.SendVerificationMessageWorker import org.matrix.android.sdk.internal.di.MatrixComponent @@ -134,12 +131,6 @@ internal interface SessionComponent { fun inject(worker: SendVerificationMessageWorker) - fun inject(worker: SendGossipRequestWorker) - - fun inject(worker: CancelGossipRequestWorker) - - fun inject(worker: SendGossipWorker) - fun inject(worker: UpdateTrustWorker) @Component.Factory diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/worker/MatrixWorkerFactory.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/worker/MatrixWorkerFactory.kt index e56b359f7a..94dd36114b 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/worker/MatrixWorkerFactory.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/worker/MatrixWorkerFactory.kt @@ -22,9 +22,6 @@ import androidx.work.ListenableWorker import androidx.work.WorkerFactory import androidx.work.WorkerParameters import org.matrix.android.sdk.internal.SessionManager -import org.matrix.android.sdk.internal.crypto.CancelGossipRequestWorker -import org.matrix.android.sdk.internal.crypto.SendGossipRequestWorker -import org.matrix.android.sdk.internal.crypto.SendGossipWorker import org.matrix.android.sdk.internal.crypto.crosssigning.UpdateTrustWorker import org.matrix.android.sdk.internal.crypto.verification.SendVerificationMessageWorker import org.matrix.android.sdk.internal.di.MatrixScope @@ -56,8 +53,6 @@ internal class MatrixWorkerFactory @Inject constructor(private val sessionManage CheckFactoryWorker(appContext, workerParameters, true) AddPusherWorker::class.java.name -> AddPusherWorker(appContext, workerParameters, sessionManager) - CancelGossipRequestWorker::class.java.name -> - CancelGossipRequestWorker(appContext, workerParameters, sessionManager) GetGroupDataWorker::class.java.name -> GetGroupDataWorker(appContext, workerParameters, sessionManager) MultipleEventSendingDispatcherWorker::class.java.name -> @@ -66,10 +61,6 @@ internal class MatrixWorkerFactory @Inject constructor(private val sessionManage RedactEventWorker(appContext, workerParameters, sessionManager) SendEventWorker::class.java.name -> SendEventWorker(appContext, workerParameters, sessionManager) - SendGossipRequestWorker::class.java.name -> - SendGossipRequestWorker(appContext, workerParameters, sessionManager) - SendGossipWorker::class.java.name -> - SendGossipWorker(appContext, workerParameters, sessionManager) SendVerificationMessageWorker::class.java.name -> SendVerificationMessageWorker(appContext, workerParameters, sessionManager) SyncWorker::class.java.name -> diff --git a/vector/src/main/java/im/vector/app/features/crypto/recover/BackupToQuadSMigrationTask.kt b/vector/src/main/java/im/vector/app/features/crypto/recover/BackupToQuadSMigrationTask.kt index 2092fe0f00..6cbeb3b29c 100644 --- a/vector/src/main/java/im/vector/app/features/crypto/recover/BackupToQuadSMigrationTask.kt +++ b/vector/src/main/java/im/vector/app/features/crypto/recover/BackupToQuadSMigrationTask.kt @@ -20,7 +20,6 @@ import im.vector.app.R import im.vector.app.core.platform.ViewModelTask import im.vector.app.core.platform.WaitingViewData import im.vector.app.core.resources.StringProvider -import org.matrix.android.sdk.api.NoOpMatrixCallback import org.matrix.android.sdk.api.listeners.ProgressListener import org.matrix.android.sdk.api.session.Session import org.matrix.android.sdk.api.session.crypto.crosssigning.KEYBACKUP_SECRET_SSSS_NAME @@ -143,15 +142,8 @@ class BackupToQuadSMigrationTask @Inject constructor( // save for gossiping keysBackupService.saveBackupRecoveryKey(recoveryKey, version.version) - // while we are there let's restore, but do not block - session.cryptoService().keysBackupService().restoreKeysWithRecoveryKey( - version, - recoveryKey, - null, - null, - null, - NoOpMatrixCallback() - ) + // It's not a good idea to download the full backup, it might take very long + // and use a lot of resources return Result.Success } catch (failure: Throwable) { diff --git a/vector/src/main/java/im/vector/app/features/crypto/verification/VerificationBottomSheetViewModel.kt b/vector/src/main/java/im/vector/app/features/crypto/verification/VerificationBottomSheetViewModel.kt index a7998dc474..db94bb61ea 100644 --- a/vector/src/main/java/im/vector/app/features/crypto/verification/VerificationBottomSheetViewModel.kt +++ b/vector/src/main/java/im/vector/app/features/crypto/verification/VerificationBottomSheetViewModel.kt @@ -42,7 +42,6 @@ import org.matrix.android.sdk.api.session.crypto.crosssigning.isVerified import org.matrix.android.sdk.api.session.crypto.keysbackup.KeysBackupLastVersionResult import org.matrix.android.sdk.api.session.crypto.keysbackup.computeRecoveryKey import org.matrix.android.sdk.api.session.crypto.keysbackup.toKeysVersionResult -import org.matrix.android.sdk.api.session.crypto.model.ImportRoomKeysResult import org.matrix.android.sdk.api.session.crypto.verification.CancelCode import org.matrix.android.sdk.api.session.crypto.verification.IncomingSasVerificationTransaction import org.matrix.android.sdk.api.session.crypto.verification.PendingVerificationRequest @@ -58,6 +57,7 @@ import org.matrix.android.sdk.api.util.MatrixItem import org.matrix.android.sdk.api.util.awaitCallback import org.matrix.android.sdk.api.util.fromBase64 import org.matrix.android.sdk.api.util.toMatrixItem + import timber.log.Timber data class VerificationBottomSheetViewState( @@ -422,6 +422,11 @@ class VerificationBottomSheetViewModel @AssistedInject constructor( } private fun tentativeRestoreBackup(res: Map?) { + // It's not a good idea to download the full backup, it might take very long + // and use a lot of resources + // Just check that the ey is valid and store it, the backup will be used megolm session per + // megolm session when an UISI is encountered + viewModelScope.launch(Dispatchers.IO) { try { val secret = res?.get(KEYBACKUP_SECRET_SSSS_NAME) ?: return@launch Unit.also { @@ -432,17 +437,13 @@ class VerificationBottomSheetViewModel @AssistedInject constructor( session.cryptoService().keysBackupService().getCurrentVersion(it) }.toKeysVersionResult() ?: return@launch - awaitCallback { - session.cryptoService().keysBackupService().restoreKeysWithRecoveryKey( - version, - computeRecoveryKey(secret.fromBase64()), - null, - null, - null, - it - ) + val recoveryKey = computeRecoveryKey(secret.fromBase64()) + val isValid = awaitCallback { + session.cryptoService().keysBackupService().isValidRecoveryKeyForCurrentVersion(recoveryKey, it) + } + if (isValid) { + session.cryptoService().keysBackupService().saveBackupRecoveryKey(recoveryKey, version.version) } - awaitCallback { session.cryptoService().keysBackupService().trustKeysBackupVersion(version, true, it) } diff --git a/vector/src/main/java/im/vector/app/features/settings/devtools/GossipingEventsPaperTrailFragment.kt b/vector/src/main/java/im/vector/app/features/settings/devtools/GossipingEventsPaperTrailFragment.kt index 83740c5018..f99b450cdd 100644 --- a/vector/src/main/java/im/vector/app/features/settings/devtools/GossipingEventsPaperTrailFragment.kt +++ b/vector/src/main/java/im/vector/app/features/settings/devtools/GossipingEventsPaperTrailFragment.kt @@ -27,10 +27,8 @@ import im.vector.app.core.extensions.cleanup import im.vector.app.core.extensions.configureWith import im.vector.app.core.platform.VectorBaseFragment import im.vector.app.core.resources.ColorProvider -import im.vector.app.core.utils.createJSonViewerStyleProvider import im.vector.app.databinding.FragmentGenericRecyclerBinding -import org.billcarsonfr.jsonviewer.JSonViewerDialog -import org.matrix.android.sdk.api.session.events.model.Event +import org.matrix.android.sdk.internal.crypto.model.AuditTrail import javax.inject.Inject class GossipingEventsPaperTrailFragment @Inject constructor( @@ -64,17 +62,17 @@ class GossipingEventsPaperTrailFragment @Inject constructor( super.onDestroyView() } - override fun didTap(event: Event) { - if (event.isEncrypted()) { - event.toClearContentStringWithIndent() - } else { - event.toContentStringWithIndent() - }?.let { - JSonViewerDialog.newInstance( - it, - -1, - createJSonViewerStyleProvider(colorProvider) - ).show(childFragmentManager, "JSON_VIEWER") - } + override fun didTap(event: AuditTrail) { +// if (event.isEncrypted()) { +// event.toClearContentStringWithIndent() +// } else { +// event.toContentStringWithIndent() +// }?.let { +// JSonViewerDialog.newInstance( +// it, +// -1, +// createJSonViewerStyleProvider(colorProvider) +// ).show(childFragmentManager, "JSON_VIEWER") +// } } } diff --git a/vector/src/main/java/im/vector/app/features/settings/devtools/GossipingEventsPaperTrailViewModel.kt b/vector/src/main/java/im/vector/app/features/settings/devtools/GossipingEventsPaperTrailViewModel.kt index 30c2757eff..feec469f80 100644 --- a/vector/src/main/java/im/vector/app/features/settings/devtools/GossipingEventsPaperTrailViewModel.kt +++ b/vector/src/main/java/im/vector/app/features/settings/devtools/GossipingEventsPaperTrailViewModel.kt @@ -32,10 +32,10 @@ import im.vector.app.core.platform.EmptyAction import im.vector.app.core.platform.EmptyViewEvents import im.vector.app.core.platform.VectorViewModel import org.matrix.android.sdk.api.session.Session -import org.matrix.android.sdk.api.session.events.model.Event +import org.matrix.android.sdk.internal.crypto.model.AuditTrail data class GossipingEventsPaperTrailState( - val events: Async> = Uninitialized + val events: Async> = Uninitialized ) : MavericksState class GossipingEventsPaperTrailViewModel @AssistedInject constructor(@Assisted initialState: GossipingEventsPaperTrailState, diff --git a/vector/src/main/java/im/vector/app/features/settings/devtools/GossipingEventsSerializer.kt b/vector/src/main/java/im/vector/app/features/settings/devtools/GossipingEventsSerializer.kt index 30c2efc3ce..20a14df6b2 100644 --- a/vector/src/main/java/im/vector/app/features/settings/devtools/GossipingEventsSerializer.kt +++ b/vector/src/main/java/im/vector/app/features/settings/devtools/GossipingEventsSerializer.kt @@ -17,62 +17,37 @@ package im.vector.app.features.settings.devtools import im.vector.app.core.resources.DateProvider -import me.gujun.android.span.span -import org.matrix.android.sdk.api.session.crypto.model.ForwardedRoomKeyContent -import org.matrix.android.sdk.api.session.crypto.model.GossipingToDeviceObject -import org.matrix.android.sdk.api.session.crypto.model.RoomKeyShareRequest -import org.matrix.android.sdk.api.session.crypto.model.SecretShareRequest -import org.matrix.android.sdk.api.session.events.model.Event -import org.matrix.android.sdk.api.session.events.model.EventType -import org.matrix.android.sdk.api.session.events.model.content.OlmEventContent -import org.matrix.android.sdk.api.session.events.model.content.SecretSendEventContent -import org.matrix.android.sdk.api.session.events.model.toModel +import org.matrix.android.sdk.internal.crypto.model.AuditTrail +import org.matrix.android.sdk.internal.crypto.model.ForwardInfo +import org.matrix.android.sdk.internal.crypto.model.TrailType +import org.matrix.android.sdk.internal.crypto.model.WithheldInfo import org.threeten.bp.format.DateTimeFormatter class GossipingEventsSerializer { private val full24DateFormatter = DateTimeFormatter.ofPattern("yyyy-MM-dd HH:mm:ss.SSS") - fun serialize(eventList: List): String { + fun serialize(eventList: List): String { return buildString { - eventList.forEach { - val clearType = it.getClearType() - append("[${getFormattedDate(it.ageLocalTs)}] $clearType from:${it.senderId} - ") - when (clearType) { - EventType.ROOM_KEY_REQUEST -> { - val content = it.getClearContent().toModel() - append("reqId:${content?.requestId} action:${content?.action} ") - if (content?.action == GossipingToDeviceObject.ACTION_SHARE_REQUEST) { - append("sessionId: ${content.body?.sessionId} ") - } - append("requestedBy: ${content?.requestingDeviceId}") + eventList.forEach { trail -> + val type = trail.type + val info = trail.info + append("[${getFormattedDate(trail.ageLocalTs)}] ${type.name} ") + append("sessionId: ${info.sessionId} ") + when (type) { + TrailType.IncomingKeyRequest -> { + append("from:${info.userId}|${info.deviceId} - ") } - EventType.FORWARDED_ROOM_KEY -> { - val encryptedContent = it.content.toModel() - val content = it.getClearContent().toModel() - - append("sessionId:${content?.sessionId} From Device (sender key):${encryptedContent?.senderKey}") - span("\nFrom Device (sender key):") { - textStyle = "bold" + TrailType.OutgoingKeyForward -> { + append("to:${info.userId}|${info.deviceId} - ") + (trail.info as? ForwardInfo)?.let { + append("chainIndex: ${it.chainIndex} ") } } - EventType.ROOM_KEY -> { - val content = it.getClearContent() - append("sessionId:${content?.get("session_id")} roomId:${content?.get("room_id")} dest:${content?.get("_dest") ?: "me"}") - } - EventType.SEND_SECRET -> { - val content = it.getClearContent().toModel() - append("requestId:${content?.requestId} From Device:${it.mxDecryptionResult?.payload?.get("sender_device")}") - } - EventType.REQUEST_SECRET -> { - val content = it.getClearContent().toModel() - append("reqId:${content?.requestId} action:${content?.action} ") - if (content?.action == GossipingToDeviceObject.ACTION_SHARE_REQUEST) { - append("secretName:${content.secretName} ") + TrailType.OutgoingKeyWithheld -> { + append("to:${info.userId}|${info.deviceId} - ") + (trail.info as? WithheldInfo)?.let { + append("code: ${it.code} ") } - append("requestedBy:${content?.requestingDeviceId}") - } - EventType.ENCRYPTED -> { - append("Failed to Decrypt") } else -> { append("??") diff --git a/vector/src/main/java/im/vector/app/features/settings/devtools/GossipingTrailPagedEpoxyController.kt b/vector/src/main/java/im/vector/app/features/settings/devtools/GossipingTrailPagedEpoxyController.kt index dd016c2bf5..79b4564e7a 100644 --- a/vector/src/main/java/im/vector/app/features/settings/devtools/GossipingTrailPagedEpoxyController.kt +++ b/vector/src/main/java/im/vector/app/features/settings/devtools/GossipingTrailPagedEpoxyController.kt @@ -18,7 +18,6 @@ package im.vector.app.features.settings.devtools import com.airbnb.epoxy.EpoxyModel import com.airbnb.epoxy.paging.PagedListEpoxyController -import im.vector.app.R import im.vector.app.core.date.DateFormatKind import im.vector.app.core.date.VectorDateFormatter import im.vector.app.core.resources.ColorProvider @@ -26,137 +25,68 @@ import im.vector.app.core.ui.list.GenericItem_ import im.vector.app.core.utils.createUIHandler import im.vector.lib.core.utils.epoxy.charsequence.toEpoxyCharSequence import me.gujun.android.span.span -import org.matrix.android.sdk.api.session.crypto.model.ForwardedRoomKeyContent -import org.matrix.android.sdk.api.session.crypto.model.GossipingToDeviceObject -import org.matrix.android.sdk.api.session.crypto.model.RoomKeyShareRequest -import org.matrix.android.sdk.api.session.crypto.model.SecretShareRequest -import org.matrix.android.sdk.api.session.events.model.Event -import org.matrix.android.sdk.api.session.events.model.EventType -import org.matrix.android.sdk.api.session.events.model.content.OlmEventContent -import org.matrix.android.sdk.api.session.events.model.content.SecretSendEventContent -import org.matrix.android.sdk.api.session.events.model.toModel + +import org.matrix.android.sdk.internal.crypto.model.AuditTrail +import org.matrix.android.sdk.internal.crypto.model.ForwardInfo +import org.matrix.android.sdk.internal.crypto.model.TrailType +import org.matrix.android.sdk.internal.crypto.model.WithheldInfo + import javax.inject.Inject class GossipingTrailPagedEpoxyController @Inject constructor( private val vectorDateFormatter: VectorDateFormatter, private val colorProvider: ColorProvider -) : PagedListEpoxyController( +) : PagedListEpoxyController( // Important it must match the PageList builder notify Looper modelBuildingHandler = createUIHandler() ) { interface InteractionListener { - fun didTap(event: Event) + fun didTap(event: AuditTrail) } var interactionListener: InteractionListener? = null - override fun buildItemModel(currentPosition: Int, item: Event?): EpoxyModel<*> { + override fun buildItemModel(currentPosition: Int, item: AuditTrail?): EpoxyModel<*> { val host = this val event = item ?: return GenericItem_().apply { id(currentPosition) } return GenericItem_().apply { id(event.hashCode()) itemClickAction { host.interactionListener?.didTap(event) } - title( - if (event.isEncrypted()) { - "${event.getClearType()} [encrypted]" - } else { - event.type - }?.toEpoxyCharSequence() - ) + title(event.type.name.toEpoxyCharSequence()) description( span { +host.vectorDateFormatter.format(event.ageLocalTs, DateFormatKind.DEFAULT_DATE_AND_TIME) span("\nfrom: ") { textStyle = "bold" } - +"${event.senderId}" + +"${event.info.userId}|${event.info.deviceId}" + span("\nroomId: ") { + textStyle = "bold" + } + +event.info.roomId + span("\nsessionId: ") { + textStyle = "bold" + } + +event.info.sessionId apply { - if (event.getClearType() == EventType.ROOM_KEY_REQUEST) { - val content = event.getClearContent().toModel() - span("\nreqId:") { - textStyle = "bold" - } - +" ${content?.requestId}" - span("\naction:") { - textStyle = "bold" - } - +" ${content?.action}" - if (content?.action == GossipingToDeviceObject.ACTION_SHARE_REQUEST) { - span("\nsessionId:") { + when (event.type) { + TrailType.OutgoingKeyForward -> { + val fInfo = event.info as ForwardInfo + span("\nchainIndex: ") { textStyle = "bold" } - +" ${content.body?.sessionId}" + +"${fInfo.chainIndex}" } - span("\nrequestedBy: ") { - textStyle = "bold" - } - +"${content?.requestingDeviceId}" - } else if (event.getClearType() == EventType.FORWARDED_ROOM_KEY) { - val encryptedContent = event.content.toModel() - val content = event.getClearContent().toModel() - if (event.mxDecryptionResult == null) { - span("**Failed to Decrypt** ${event.mCryptoError}") { - textColor = host.colorProvider.getColorFromAttribute(R.attr.colorError) - } - } - span("\nsessionId:") { - textStyle = "bold" - } - +" ${content?.sessionId}" - span("\nFrom Device (sender key):") { - textStyle = "bold" - } - +" ${encryptedContent?.senderKey}" - } else if (event.getClearType() == EventType.ROOM_KEY) { - // it's a bit of a fake event for trail reasons - val content = event.getClearContent() - span("\nsessionId:") { - textStyle = "bold" - } - +" ${content?.get("session_id")}" - span("\nroomId:") { - textStyle = "bold" - } - +" ${content?.get("room_id")}" - span("\nTo :") { - textStyle = "bold" - } - +" ${content?.get("_dest") ?: "me"}" - } else if (event.getClearType() == EventType.SEND_SECRET) { - val content = event.getClearContent().toModel() - - span("\nrequestId:") { - textStyle = "bold" - } - +" ${content?.requestId}" - span("\nFrom Device:") { - textStyle = "bold" - } - +" ${event.mxDecryptionResult?.payload?.get("sender_device")}" - } else if (event.getClearType() == EventType.REQUEST_SECRET) { - val content = event.getClearContent().toModel() - span("\nreqId:") { - textStyle = "bold" - } - +" ${content?.requestId}" - span("\naction:") { - textStyle = "bold" - } - +" ${content?.action}" - if (content?.action == GossipingToDeviceObject.ACTION_SHARE_REQUEST) { - span("\nsecretName:") { + TrailType.OutgoingKeyWithheld -> { + val fInfo = event.info as WithheldInfo + span("\ncode: ") { textStyle = "bold" } - +" ${content.secretName}" + +"${fInfo.code}" } - span("\nrequestedBy: ") { - textStyle = "bold" - } - +"${content?.requestingDeviceId}" - } else if (event.getClearType() == EventType.ENCRYPTED) { - span("**Failed to Decrypt** ${event.mCryptoError}") { - textColor = host.colorProvider.getColorFromAttribute(R.attr.colorError) + TrailType.IncomingKeyRequest -> { + // no additional info } } } diff --git a/vector/src/main/java/im/vector/app/features/settings/devtools/KeyRequestListViewModel.kt b/vector/src/main/java/im/vector/app/features/settings/devtools/KeyRequestListViewModel.kt index a8045c07e3..ef2aabd7fe 100644 --- a/vector/src/main/java/im/vector/app/features/settings/devtools/KeyRequestListViewModel.kt +++ b/vector/src/main/java/im/vector/app/features/settings/devtools/KeyRequestListViewModel.kt @@ -33,11 +33,11 @@ import im.vector.app.core.platform.VectorViewModel import kotlinx.coroutines.launch import org.matrix.android.sdk.api.session.Session import org.matrix.android.sdk.api.session.crypto.model.IncomingRoomKeyRequest -import org.matrix.android.sdk.api.session.crypto.model.OutgoingRoomKeyRequest +import org.matrix.android.sdk.internal.crypto.OutgoingKeyRequest data class KeyRequestListViewState( val incomingRequests: Async> = Uninitialized, - val outgoingRoomKeyRequests: Async> = Uninitialized + val outgoingRoomKeyRequests: Async> = Uninitialized ) : MavericksState class KeyRequestListViewModel @AssistedInject constructor(@Assisted initialState: KeyRequestListViewState, diff --git a/vector/src/main/java/im/vector/app/features/settings/devtools/OutgoingKeyRequestPagedController.kt b/vector/src/main/java/im/vector/app/features/settings/devtools/OutgoingKeyRequestPagedController.kt index b23bd77277..e3b31227b6 100644 --- a/vector/src/main/java/im/vector/app/features/settings/devtools/OutgoingKeyRequestPagedController.kt +++ b/vector/src/main/java/im/vector/app/features/settings/devtools/OutgoingKeyRequestPagedController.kt @@ -22,10 +22,10 @@ import im.vector.app.core.ui.list.GenericItem_ import im.vector.app.core.utils.createUIHandler import im.vector.lib.core.utils.epoxy.charsequence.toEpoxyCharSequence import me.gujun.android.span.span -import org.matrix.android.sdk.api.session.crypto.model.OutgoingRoomKeyRequest +import org.matrix.android.sdk.internal.crypto.OutgoingKeyRequest import javax.inject.Inject -class OutgoingKeyRequestPagedController @Inject constructor() : PagedListEpoxyController( +class OutgoingKeyRequestPagedController @Inject constructor() : PagedListEpoxyController( // Important it must match the PageList builder notify Looper modelBuildingHandler = createUIHandler() ) { @@ -36,7 +36,7 @@ class OutgoingKeyRequestPagedController @Inject constructor() : PagedListEpoxyCo var interactionListener: InteractionListener? = null - override fun buildItemModel(currentPosition: Int, item: OutgoingRoomKeyRequest?): EpoxyModel<*> { + override fun buildItemModel(currentPosition: Int, item: OutgoingKeyRequest?): EpoxyModel<*> { val roomKeyRequest = item ?: return GenericItem_().apply { id(currentPosition) } return GenericItem_().apply { diff --git a/vector/src/test/java/im/vector/app/test/fakes/FakeSharedSecretStorageService.kt b/vector/src/test/java/im/vector/app/test/fakes/FakeSharedSecretStorageService.kt index 4f349f8506..d7d18b925d 100644 --- a/vector/src/test/java/im/vector/app/test/fakes/FakeSharedSecretStorageService.kt +++ b/vector/src/test/java/im/vector/app/test/fakes/FakeSharedSecretStorageService.kt @@ -66,7 +66,7 @@ class FakeSharedSecretStorageService : SharedSecretStorageService { override fun checkShouldBeAbleToAccessSecrets(secretNames: List, keyId: String?) = integrityResult - override fun requestSecret(name: String, myOtherDeviceId: String) { + override suspend fun requestSecret(name: String, myOtherDeviceId: String) { TODO("Not yet implemented") } } From 9747eb2432c1906a2bd2d80678e84ed608ce006c Mon Sep 17 00:00:00 2001 From: Valere Date: Wed, 16 Mar 2022 14:50:50 +0100 Subject: [PATCH 006/433] Add share test + fix Crypto config to only request to own device. Only cancel request if ratchet index is low enough --- .../android/sdk/common/CryptoTestHelper.kt | 59 +- .../sdk/internal/crypto/E2eeSanityTests.kt | 67 +- .../crypto/gossiping/KeyShareTests.kt | 517 ++++--- .../android/sdk/api/crypto/MXCryptoConfig.kt | 8 +- .../sdk/api/session/crypto/CryptoService.kt | 6 + .../keyshare/GossipingRequestListener.kt | 7 +- .../model/IncomingRequestCancellation.kt | 63 - .../crypto/model/IncomingRoomKeyRequest.kt | 61 +- .../model/IncomingSecretShareRequest.kt | 82 - .../internal/crypto/DefaultCryptoService.kt | 135 +- .../sdk/internal/crypto/DeviceListManager.kt | 17 +- .../crypto/IncomingKeyRequestManager.kt | 112 +- .../crypto/IncomingShareRequestCommon.kt | 36 - .../sdk/internal/crypto/MXOlmDevice.kt | 23 +- .../sdk/internal/crypto/OutgoingKeyRequest.kt | 5 +- ...anager.kt => OutgoingKeyRequestManager.kt} | 204 ++- .../crypto/OutgoingRoomKeyRequestState.kt} | 3 +- .../sdk/internal/crypto/SecretShareManager.kt | 24 +- .../actions/MegolmSessionDataImporter.kt | 14 +- .../crypto/algorithms/IMXDecrypting.kt | 21 - .../algorithms/megolm/MXMegolmDecryption.kt | 230 +-- .../megolm/MXMegolmDecryptionFactory.kt | 27 +- .../crypto/algorithms/olm/MXOlmDecryption.kt | 4 - .../sdk/internal/crypto/model/AuditTrail.kt | 3 +- .../internal/crypto/store/IMXCryptoStore.kt | 66 +- .../crypto/store/db/RealmCryptoStore.kt | 1333 +++++++---------- .../crypto/store/db/RealmCryptoStoreModule.kt | 2 - .../store/db/migration/MigrateCryptoTo016.kt | 4 +- .../model/IncomingGossipingRequestEntity.kt | 58 +- .../model/OutgoingGossipingRequestEntity.kt | 3 +- .../db/model/OutgoingKeyRequestEntity.kt | 14 +- ...comingSASDefaultVerificationTransaction.kt | 6 +- ...tgoingSASDefaultVerificationTransaction.kt | 6 +- .../DefaultVerificationService.kt | 14 +- .../DefaultVerificationTransaction.kt | 4 +- .../SASDefaultVerificationTransaction.kt | 6 +- .../DefaultQrCodeVerificationTransaction.kt | 7 +- .../crypto/keysrequest/KeyRequestHandler.kt | 20 +- .../IncomingKeyRequestPagedController.kt | 4 - 39 files changed, 1364 insertions(+), 1911 deletions(-) delete mode 100755 matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/model/IncomingRequestCancellation.kt delete mode 100755 matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/model/IncomingSecretShareRequest.kt delete mode 100644 matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/IncomingShareRequestCommon.kt rename matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/{OutgoingGossipingRequestManager.kt => OutgoingKeyRequestManager.kt} (61%) rename matrix-sdk-android/src/main/java/org/matrix/android/sdk/{api/session/crypto/model/OutgoingGossipingRequestState.kt => internal/crypto/OutgoingRoomKeyRequestState.kt} (92%) diff --git a/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/common/CryptoTestHelper.kt b/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/common/CryptoTestHelper.kt index 5916bf2fab..ffcae5ad01 100644 --- a/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/common/CryptoTestHelper.kt +++ b/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/common/CryptoTestHelper.kt @@ -19,6 +19,7 @@ package org.matrix.android.sdk.common import android.os.SystemClock import android.util.Log import androidx.lifecycle.Observer +import org.amshove.kluent.fail import org.junit.Assert.assertEquals import org.junit.Assert.assertNotNull import org.junit.Assert.assertNull @@ -31,6 +32,7 @@ import org.matrix.android.sdk.api.crypto.MXCRYPTO_ALGORITHM_MEGOLM import org.matrix.android.sdk.api.crypto.MXCRYPTO_ALGORITHM_MEGOLM_BACKUP import org.matrix.android.sdk.api.extensions.orFalse import org.matrix.android.sdk.api.session.Session +import org.matrix.android.sdk.api.session.crypto.MXCryptoError import org.matrix.android.sdk.api.session.crypto.crosssigning.KEYBACKUP_SECRET_SSSS_NAME import org.matrix.android.sdk.api.session.crypto.crosssigning.MASTER_KEY_SSSS_NAME import org.matrix.android.sdk.api.session.crypto.crosssigning.SELF_SIGNING_KEY_SSSS_NAME @@ -39,6 +41,7 @@ import org.matrix.android.sdk.api.session.crypto.keysbackup.KeysVersion import org.matrix.android.sdk.api.session.crypto.keysbackup.MegolmBackupAuthData import org.matrix.android.sdk.api.session.crypto.keysbackup.MegolmBackupCreationInfo import org.matrix.android.sdk.api.session.crypto.keysbackup.extractCurveKeyFromRecoveryKey +import org.matrix.android.sdk.api.session.crypto.model.OlmDecryptionResult import org.matrix.android.sdk.api.session.crypto.verification.IncomingSasVerificationTransaction import org.matrix.android.sdk.api.session.crypto.verification.OutgoingSasVerificationTransaction import org.matrix.android.sdk.api.session.crypto.verification.VerificationMethod @@ -46,11 +49,13 @@ import org.matrix.android.sdk.api.session.crypto.verification.VerificationTxStat import org.matrix.android.sdk.api.session.events.model.Event import org.matrix.android.sdk.api.session.events.model.EventType import org.matrix.android.sdk.api.session.events.model.toContent +import org.matrix.android.sdk.api.session.events.model.toModel import org.matrix.android.sdk.api.session.getRoom import org.matrix.android.sdk.api.session.room.Room import org.matrix.android.sdk.api.session.room.model.Membership import org.matrix.android.sdk.api.session.room.model.RoomSummary import org.matrix.android.sdk.api.session.room.model.create.CreateRoomParams +import org.matrix.android.sdk.api.session.room.model.message.MessageContent import org.matrix.android.sdk.api.session.room.roomSummaryQueryParams import org.matrix.android.sdk.api.session.securestorage.EmptyKeySigner import org.matrix.android.sdk.api.session.securestorage.SharedSecretStorageService @@ -299,7 +304,8 @@ class CryptoTestHelper(private val testHelper: CommonTestHelper) { ) ) } - }, it) + }, it + ) } } @@ -308,7 +314,7 @@ class CryptoTestHelper(private val testHelper: CommonTestHelper) { */ fun bootstrapSecurity(session: Session) { initializeCrossSigning(session) - val ssssService = session.sharedSecretStorageService + val ssssService = session.sharedSecretStorageService() testHelper.runBlockingTest { val keyInfo = ssssService.generateKey( UUID.randomUUID().toString(), @@ -369,7 +375,8 @@ class CryptoTestHelper(private val testHelper: CommonTestHelper) { requestID, roomId, bob.myUserId, - bob.sessionParams.credentials.deviceId!!) + bob.sessionParams.credentials.deviceId!! + ) // we should reach SHOW SAS on both var alicePovTx: OutgoingSasVerificationTransaction? = null @@ -451,4 +458,50 @@ class CryptoTestHelper(private val testHelper: CommonTestHelper) { return CryptoTestData(roomId, sessions) } + + fun ensureCanDecrypt(sentEventIds: List, session: Session, e2eRoomID: String, messagesText: List) { + sentEventIds.forEachIndexed { index, sentEventId -> + testHelper.waitWithLatch { latch -> + testHelper.retryPeriodicallyWithLatch(latch) { + val event = session.getRoom(e2eRoomID)!!.getTimelineEvent(sentEventId)!!.root + testHelper.runBlockingTest { + try { + session.cryptoService().decryptEvent(event, "").let { result -> + event.mxDecryptionResult = OlmDecryptionResult( + payload = result.clearEvent, + senderKey = result.senderCurve25519Key, + keysClaimed = result.claimedEd25519Key?.let { mapOf("ed25519" to it) }, + forwardingCurve25519KeyChain = result.forwardingCurve25519KeyChain + ) + } + } catch (error: MXCryptoError) { + // nop + } + } + Log.v("TEST", "ensureCanDecrypt ${event.getClearType()} is ${event.getClearContent()}") + event.getClearType() == EventType.MESSAGE && + messagesText[index] == event.getClearContent()?.toModel()?.body + } + } + } + } + + fun ensureCannotDecrypt(sentEventIds: List, session: Session, e2eRoomID: String, expectedError: MXCryptoError.ErrorType? = null) { + sentEventIds.forEach { sentEventId -> + val event = session.getRoom(e2eRoomID)!!.getTimelineEvent(sentEventId)!!.root + testHelper.runBlockingTest { + try { + session.cryptoService().decryptEvent(event, "") + fail("Should not be able to decrypt event") + } catch (error: MXCryptoError) { + val errorType = (error as? MXCryptoError.Base)?.errorType + if (expectedError == null) { + assertNotNull(errorType) + } else { + assertEquals("Unexpected reason", expectedError, errorType) + } + } + } + } + } } diff --git a/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/E2eeSanityTests.kt b/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/E2eeSanityTests.kt index fbbb82843b..d5ae06a0e3 100644 --- a/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/E2eeSanityTests.kt +++ b/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/E2eeSanityTests.kt @@ -34,7 +34,6 @@ import org.matrix.android.sdk.api.session.crypto.keysbackup.KeysVersion import org.matrix.android.sdk.api.session.crypto.keysbackup.KeysVersionResult import org.matrix.android.sdk.api.session.crypto.keysbackup.MegolmBackupCreationInfo import org.matrix.android.sdk.api.session.crypto.model.ImportRoomKeysResult -import org.matrix.android.sdk.api.session.crypto.model.OlmDecryptionResult import org.matrix.android.sdk.api.session.crypto.verification.IncomingSasVerificationTransaction import org.matrix.android.sdk.api.session.crypto.verification.OutgoingSasVerificationTransaction import org.matrix.android.sdk.api.session.crypto.verification.PendingVerificationRequest @@ -296,7 +295,7 @@ class E2eeSanityTests : InstrumentedTest { } } // after initial sync events are not decrypted, so we have to try manually - ensureCannotDecrypt(sentEventIds, newBobSession, e2eRoomID, MXCryptoError.ErrorType.UNKNOWN_INBOUND_SESSION_ID) + cryptoTestHelper.ensureCannotDecrypt(sentEventIds, newBobSession, e2eRoomID, MXCryptoError.ErrorType.UNKNOWN_INBOUND_SESSION_ID) // Let's now import keys from backup @@ -317,7 +316,7 @@ class E2eeSanityTests : InstrumentedTest { } // ensure bob can now decrypt - ensureCanDecrypt(sentEventIds, newBobSession, e2eRoomID, messagesText) + cryptoTestHelper.ensureCanDecrypt(sentEventIds, newBobSession, e2eRoomID, messagesText) testHelper.signOutAndClose(newBobSession) } @@ -368,7 +367,7 @@ class E2eeSanityTests : InstrumentedTest { // check that new bob can't currently decrypt Log.v("#E2E TEST", "check that new bob can't currently decrypt") - ensureCannotDecrypt(sentEventIds, newBobSession, e2eRoomID, null) + cryptoTestHelper.ensureCannotDecrypt(sentEventIds, newBobSession, e2eRoomID, null) // newBobSession.cryptoService().getOutgoingRoomKeyRequests() // .firstOrNull { // it.sessionId == @@ -408,7 +407,7 @@ class E2eeSanityTests : InstrumentedTest { } } - ensureCannotDecrypt(sentEventIds, newBobSession, e2eRoomID, null) + cryptoTestHelper.ensureCannotDecrypt(sentEventIds, newBobSession, e2eRoomID, null) // Now mark new bob session as verified @@ -421,7 +420,7 @@ class E2eeSanityTests : InstrumentedTest { newBobSession.cryptoService().reRequestRoomKeyForEvent(event) } - ensureCanDecrypt(sentEventIds, newBobSession, e2eRoomID, messagesText) + cryptoTestHelper.ensureCanDecrypt(sentEventIds, newBobSession, e2eRoomID, messagesText) cryptoTestData.cleanUp(testHelper) testHelper.signOutAndClose(newBobSession) @@ -467,7 +466,7 @@ class E2eeSanityTests : InstrumentedTest { // check that new bob can't currently decrypt Log.v("#E2E TEST", "check that new bob can't currently decrypt") - ensureCannotDecrypt(listOf(firstEventId), newBobSession, e2eRoomID, MXCryptoError.ErrorType.UNKNOWN_INBOUND_SESSION_ID) + cryptoTestHelper.ensureCannotDecrypt(listOf(firstEventId), newBobSession, e2eRoomID, MXCryptoError.ErrorType.UNKNOWN_INBOUND_SESSION_ID) // Now let alice send a new message. this time the new bob session will be able to decrypt var secondEventId: String @@ -686,8 +685,13 @@ class E2eeSanityTests : InstrumentedTest { // wait for secret gossiping to happen testHelper.waitWithLatch { latch -> testHelper.retryPeriodicallyWithLatch(latch) { - aliceNewSession.cryptoService().crossSigningService().allPrivateKeysKnown() && - aliceNewSession.cryptoService().keysBackupService().getKeyBackupRecoveryKeyInfo() != null + aliceNewSession.cryptoService().crossSigningService().allPrivateKeysKnown() + } + } + + testHelper.waitWithLatch { latch -> + testHelper.retryPeriodicallyWithLatch(latch) { + aliceNewSession.cryptoService().keysBackupService().getKeyBackupRecoveryKeyInfo() != null } } @@ -765,32 +769,6 @@ class E2eeSanityTests : InstrumentedTest { } } - private fun ensureCanDecrypt(sentEventIds: MutableList, session: Session, e2eRoomID: String, messagesText: List) { - sentEventIds.forEachIndexed { index, sentEventId -> - testHelper.waitWithLatch { latch -> - testHelper.retryPeriodicallyWithLatch(latch) { - val event = session.getRoom(e2eRoomID)!!.getTimelineEvent(sentEventId)!!.root - testHelper.runBlockingTest { - try { - session.cryptoService().decryptEvent(event, "").let { result -> - event.mxDecryptionResult = OlmDecryptionResult( - payload = result.clearEvent, - senderKey = result.senderCurve25519Key, - keysClaimed = result.claimedEd25519Key?.let { mapOf("ed25519" to it) }, - forwardingCurve25519KeyChain = result.forwardingCurve25519KeyChain - ) - } - } catch (error: MXCryptoError) { - // nop - } - } - event.getClearType() == EventType.MESSAGE && - messagesText[index] == event.getClearContent()?.toModel()?.body - } - } - } - } - private fun ensureIsDecrypted(sentEventIds: List, session: Session, e2eRoomID: String) { testHelper.waitWithLatch { latch -> sentEventIds.forEach { sentEventId -> @@ -803,23 +781,4 @@ class E2eeSanityTests : InstrumentedTest { } } } - - private fun ensureCannotDecrypt(sentEventIds: List, newBobSession: Session, e2eRoomID: String, expectedError: MXCryptoError.ErrorType?) { - sentEventIds.forEach { sentEventId -> - val event = newBobSession.getRoom(e2eRoomID)!!.getTimelineEvent(sentEventId)!!.root - testHelper.runBlockingTest { - try { - newBobSession.cryptoService().decryptEvent(event, "") - fail("Should not be able to decrypt event") - } catch (error: MXCryptoError) { - val errorType = (error as? MXCryptoError.Base)?.errorType - if (expectedError == null) { - Assert.assertNotNull(errorType) - } else { - assertEquals(expectedError, errorType, "Unexpected reason") - } - } - } - } - } } diff --git a/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/gossiping/KeyShareTests.kt b/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/gossiping/KeyShareTests.kt index a05dd721a0..3e8ca8daff 100644 --- a/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/gossiping/KeyShareTests.kt +++ b/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/gossiping/KeyShareTests.kt @@ -19,45 +19,31 @@ package org.matrix.android.sdk.internal.crypto.gossiping import android.util.Log import androidx.test.ext.junit.runners.AndroidJUnit4 import androidx.test.filters.LargeTest -import junit.framework.TestCase.assertEquals import junit.framework.TestCase.assertNotNull import junit.framework.TestCase.assertTrue import junit.framework.TestCase.fail +import org.amshove.kluent.internal.assertEquals import org.junit.Assert +import org.junit.Assert.assertNull import org.junit.FixMethodOrder -import org.junit.Ignore import org.junit.Test import org.junit.runner.RunWith import org.junit.runners.MethodSorters import org.matrix.android.sdk.InstrumentedTest -import org.matrix.android.sdk.api.auth.UIABaseAuth -import org.matrix.android.sdk.api.auth.UserInteractiveAuthInterceptor -import org.matrix.android.sdk.api.auth.UserPasswordAuth -import org.matrix.android.sdk.api.auth.registration.RegistrationFlowResponse -import org.matrix.android.sdk.api.extensions.tryOrNull import org.matrix.android.sdk.api.session.crypto.crosssigning.DeviceTrustLevel -import org.matrix.android.sdk.api.session.crypto.keysbackup.KeysVersion -import org.matrix.android.sdk.api.session.crypto.keysbackup.MegolmBackupCreationInfo -import org.matrix.android.sdk.api.session.crypto.model.CryptoDeviceInfo -import org.matrix.android.sdk.api.session.crypto.model.GossipingRequestState -import org.matrix.android.sdk.api.session.crypto.model.MXUsersDevicesMap -import org.matrix.android.sdk.api.session.crypto.verification.IncomingSasVerificationTransaction -import org.matrix.android.sdk.api.session.crypto.verification.SasVerificationTransaction -import org.matrix.android.sdk.api.session.crypto.verification.VerificationMethod -import org.matrix.android.sdk.api.session.crypto.verification.VerificationService -import org.matrix.android.sdk.api.session.crypto.verification.VerificationTransaction -import org.matrix.android.sdk.api.session.crypto.verification.VerificationTxState import org.matrix.android.sdk.api.session.events.model.content.EncryptedEventContent +import org.matrix.android.sdk.api.session.events.model.content.WithHeldCode import org.matrix.android.sdk.api.session.events.model.toModel import org.matrix.android.sdk.api.session.getRoom import org.matrix.android.sdk.api.session.room.model.RoomDirectoryVisibility import org.matrix.android.sdk.api.session.room.model.create.CreateRoomParams -import org.matrix.android.sdk.api.session.room.model.message.MessageContent +import org.matrix.android.sdk.api.session.room.timeline.getLastMessageContent import org.matrix.android.sdk.common.CommonTestHelper +import org.matrix.android.sdk.common.CryptoTestHelper import org.matrix.android.sdk.common.SessionTestParams import org.matrix.android.sdk.common.TestConstants -import kotlin.coroutines.Continuation -import kotlin.coroutines.resume +import org.matrix.android.sdk.internal.crypto.OutgoingRoomKeyRequestState +import org.matrix.android.sdk.internal.crypto.RequestResult @RunWith(AndroidJUnit4::class) @FixMethodOrder(MethodSorters.JVM) @@ -65,11 +51,12 @@ import kotlin.coroutines.resume class KeyShareTests : InstrumentedTest { private val commonTestHelper = CommonTestHelper(context()) + private val cryptoTestHelper = CryptoTestHelper(commonTestHelper) @Test - @Ignore("This test will be ignored until it is fixed") fun test_DoNotSelfShareIfNotTrusted() { val aliceSession = commonTestHelper.createAccount(TestConstants.USER_ALICE, SessionTestParams(true)) + Log.v("TEST", "=======> AliceSession 1 is ${aliceSession.sessionParams.deviceId}") // Create an encrypted room and add a message val roomId = commonTestHelper.runBlockingTest { @@ -84,11 +71,14 @@ class KeyShareTests : InstrumentedTest { assertNotNull(room) Thread.sleep(4_000) assertTrue(room?.isEncrypted() == true) - val sentEventId = commonTestHelper.sendTextMessage(room!!, "My Message", 1).first().eventId + val sentEvent = commonTestHelper.sendTextMessage(room!!, "My Message", 1).first() + val sentEventId = sentEvent.eventId + val sentEventText = sentEvent.getLastMessageContent()?.body // Open a new sessionx val aliceSession2 = commonTestHelper.logIntoAccount(aliceSession.myUserId, SessionTestParams(true)) + Log.v("TEST", "=======> AliceSession 2 is ${aliceSession2.sessionParams.deviceId}") val roomSecondSessionPOV = aliceSession2.getRoom(roomId) @@ -139,17 +129,34 @@ class KeyShareTests : InstrumentedTest { commonTestHelper.waitWithLatch { latch -> commonTestHelper.retryPeriodicallyWithLatch(latch) { // DEBUG LOGS - aliceSession.cryptoService().getIncomingRoomKeyRequests().let { - Log.v("TEST", "Incoming request Session 1 (looking for $outGoingRequestId)") +// aliceSession.cryptoService().getIncomingRoomKeyRequests().let { +// Log.v("TEST", "Incoming request Session 1 (looking for $outGoingRequestId)") +// Log.v("TEST", "=========================") +// it.forEach { keyRequest -> +// Log.v("TEST", "[ts${keyRequest.localCreationTimestamp}] requestId ${keyRequest.requestId}, for sessionId ${keyRequest.requestBody?.sessionId}") +// } +// Log.v("TEST", "=========================") +// } + + val incoming = aliceSession.cryptoService().getIncomingRoomKeyRequests().firstOrNull { it.requestId == outGoingRequestId } + incoming != null + } + } + + commonTestHelper.waitWithLatch { latch -> + commonTestHelper.retryPeriodicallyWithLatch(latch) { + // DEBUG LOGS + aliceSession2.cryptoService().getOutgoingRoomKeyRequests().forEach { keyRequest -> Log.v("TEST", "=========================") - it.forEach { keyRequest -> - Log.v("TEST", "[ts${keyRequest.localCreationTimestamp}] requestId ${keyRequest.requestId}, for sessionId ${keyRequest.requestBody?.sessionId} is ${keyRequest.state}") - } + Log.v("TEST", "requestId ${keyRequest.requestId}, for sessionId ${keyRequest.requestBody?.sessionId}") + Log.v("TEST", "replies -> ${keyRequest.results.joinToString { it.toString() }}") Log.v("TEST", "=========================") } - val incoming = aliceSession.cryptoService().getIncomingRoomKeyRequests().firstOrNull { it.requestId == outGoingRequestId } - incoming?.state == GossipingRequestState.REJECTED + val outgoing = aliceSession2.cryptoService().getOutgoingRoomKeyRequests().firstOrNull { it.requestId == outGoingRequestId } + val reply = outgoing?.results?.firstOrNull { it.userId == aliceSession.myUserId && it.fromDevice == aliceSession.sessionParams.deviceId } + val resultCode = (reply?.result as? RequestResult.Failure)?.code + resultCode == WithHeldCode.UNAUTHORISED } } @@ -168,249 +175,279 @@ class KeyShareTests : InstrumentedTest { // Re request aliceSession2.cryptoService().reRequestRoomKeyForEvent(receivedEvent.root) - commonTestHelper.waitWithLatch { latch -> - commonTestHelper.retryPeriodicallyWithLatch(latch) { - aliceSession.cryptoService().getIncomingRoomKeyRequests().let { - Log.v("TEST", "Incoming request Session 1") - Log.v("TEST", "=========================") - it.forEach { - Log.v("TEST", "requestId ${it.requestId}, for sessionId ${it.requestBody?.sessionId} is ${it.state}") - } - Log.v("TEST", "=========================") - - it.any { it.requestBody?.sessionId == eventMegolmSessionId && it.state == GossipingRequestState.ACCEPTED } - } - } - } - - Thread.sleep(6_000) - commonTestHelper.waitWithLatch { latch -> - commonTestHelper.retryPeriodicallyWithLatch(latch) { - // It should have been deleted from store - val outgoingRoomKeyRequests = aliceSession2.cryptoService().getOutgoingRoomKeyRequests() - outgoingRoomKeyRequests.isEmpty() - } - } - - try { - commonTestHelper.runBlockingTest { - aliceSession2.cryptoService().decryptEvent(receivedEvent.root, "foo") - } - } catch (failure: Throwable) { - fail("should have been able to decrypt") - } + cryptoTestHelper.ensureCanDecrypt(listOf(receivedEvent.eventId), aliceSession2, roomId, listOf(sentEventText ?: "")) commonTestHelper.signOutAndClose(aliceSession) commonTestHelper.signOutAndClose(aliceSession2) } + // See E2ESanityTest for a test regarding secret sharing + + /** + * Test that the sender of a message accepts to re-share to another user + * if the key was originally shared with him + */ @Test - @Ignore("This test will be ignored until it is fixed") - fun test_ShareSSSSSecret() { - val aliceSession1 = commonTestHelper.createAccount(TestConstants.USER_ALICE, SessionTestParams(true)) + fun test_reShareIfWasIntendedToBeShared() { + val testData = cryptoTestHelper.doE2ETestWithAliceAndBobInARoom(true) + val aliceSession = testData.firstSession + val roomFromAlice = aliceSession.getRoom(testData.roomId)!! + val bobSession = testData.secondSession!! - commonTestHelper.doSync { - aliceSession1.cryptoService().crossSigningService() - .initializeCrossSigning( - object : UserInteractiveAuthInterceptor { - override fun performStage(flowResponse: RegistrationFlowResponse, errCode: String?, promise: Continuation) { - promise.resume( - UserPasswordAuth( - user = aliceSession1.myUserId, - password = TestConstants.PASSWORD - ) - ) - } - }, it) - } + val sentEvent = commonTestHelper.sendTextMessage(roomFromAlice, "Hello", 1).first() + val sentEventMegolmSession = sentEvent.root.content.toModel()!!.sessionId!! - // Also bootstrap keybackup on first session - val creationInfo = commonTestHelper.doSync { - aliceSession1.cryptoService().keysBackupService().prepareKeysBackupVersion(null, null, it) - } - val version = commonTestHelper.doSync { - aliceSession1.cryptoService().keysBackupService().createKeysBackupVersion(creationInfo, it) - } - // Save it for gossiping - aliceSession1.cryptoService().keysBackupService().saveBackupRecoveryKey(creationInfo.recoveryKey, version = version.version) + // bob should be able to decrypt + cryptoTestHelper.ensureCanDecrypt(listOf(sentEvent.eventId), bobSession, testData.roomId, listOf(sentEvent.getLastMessageContent()?.body ?: "")) - val aliceSession2 = commonTestHelper.logIntoAccount(aliceSession1.myUserId, SessionTestParams(true)) - - val aliceVerificationService1 = aliceSession1.cryptoService().verificationService() - val aliceVerificationService2 = aliceSession2.cryptoService().verificationService() - - // force keys download - commonTestHelper.doSync> { - aliceSession1.cryptoService().downloadKeys(listOf(aliceSession1.myUserId), true, it) - } - commonTestHelper.doSync> { - aliceSession2.cryptoService().downloadKeys(listOf(aliceSession2.myUserId), true, it) - } - - var session1ShortCode: String? = null - var session2ShortCode: String? = null - - aliceVerificationService1.addListener(object : VerificationService.Listener { - override fun transactionUpdated(tx: VerificationTransaction) { - Log.d("#TEST", "AA: tx incoming?:${tx.isIncoming} state ${tx.state}") - if (tx is SasVerificationTransaction) { - if (tx.state == VerificationTxState.OnStarted) { - (tx as IncomingSasVerificationTransaction).performAccept() - } - if (tx.state == VerificationTxState.ShortCodeReady) { - session1ShortCode = tx.getDecimalCodeRepresentation() - Thread.sleep(500) - tx.userHasVerifiedShortCode() - } - } - } - }) - - aliceVerificationService2.addListener(object : VerificationService.Listener { - override fun transactionUpdated(tx: VerificationTransaction) { - Log.d("#TEST", "BB: tx incoming?:${tx.isIncoming} state ${tx.state}") - if (tx is SasVerificationTransaction) { - if (tx.state == VerificationTxState.ShortCodeReady) { - session2ShortCode = tx.getDecimalCodeRepresentation() - Thread.sleep(500) - tx.userHasVerifiedShortCode() - } - } - } - }) - - val txId = "m.testVerif12" - aliceVerificationService2.beginKeyVerification(VerificationMethod.SAS, aliceSession1.myUserId, aliceSession1.sessionParams.deviceId - ?: "", txId) + // Let's try to request any how. + // As it was share previously alice should accept to reshare + bobSession.cryptoService().reRequestRoomKeyForEvent(sentEvent.root) commonTestHelper.waitWithLatch { latch -> commonTestHelper.retryPeriodicallyWithLatch(latch) { - aliceSession1.cryptoService().getDeviceInfo(aliceSession1.myUserId, aliceSession2.sessionParams.deviceId ?: "")?.isVerified == true + val outgoing = bobSession.cryptoService().getOutgoingRoomKeyRequests().firstOrNull { it.sessionId == sentEventMegolmSession } + val aliceReply = outgoing?.results?.firstOrNull { it.userId == aliceSession.myUserId && it.fromDevice == aliceSession.sessionParams.deviceId } + aliceReply != null && aliceReply.result is RequestResult.Success } } - - assertNotNull(session1ShortCode) - Log.d("#TEST", "session1ShortCode: $session1ShortCode") - assertNotNull(session2ShortCode) - Log.d("#TEST", "session2ShortCode: $session2ShortCode") - assertEquals(session1ShortCode, session2ShortCode) - - // SSK and USK private keys should have been shared - - commonTestHelper.waitWithLatch(60_000) { latch -> - commonTestHelper.retryPeriodicallyWithLatch(latch) { - Log.d("#TEST", "CAN XS :${aliceSession2.cryptoService().crossSigningService().getMyCrossSigningKeys()}") - aliceSession2.cryptoService().crossSigningService().canCrossSign() - } - } - - // Test that key backup key has been shared to - commonTestHelper.waitWithLatch(60_000) { latch -> - val keysBackupService = aliceSession2.cryptoService().keysBackupService() - commonTestHelper.retryPeriodicallyWithLatch(latch) { - Log.d("#TEST", "Recovery :${keysBackupService.getKeyBackupRecoveryKeyInfo()?.recoveryKey}") - keysBackupService.getKeyBackupRecoveryKeyInfo()?.recoveryKey == creationInfo.recoveryKey - } - } - - commonTestHelper.signOutAndClose(aliceSession1) - commonTestHelper.signOutAndClose(aliceSession2) } + /** + * Test that our own devices accept to reshare to unverified device if it was shared initialy + * if the key was originally shared with him + */ @Test - @Ignore("This test will be ignored until it is fixed") - fun test_ImproperKeyShareBug() { - val aliceSession = commonTestHelper.createAccount(TestConstants.USER_ALICE, SessionTestParams(true)) + fun test_reShareToUnverifiedIfWasIntendedToBeShared() { + val testData = cryptoTestHelper.doE2ETestWithAliceInARoom(true) + val aliceSession = testData.firstSession + val roomFromAlice = aliceSession.getRoom(testData.roomId)!! - commonTestHelper.doSync { - aliceSession.cryptoService().crossSigningService() - .initializeCrossSigning( - object : UserInteractiveAuthInterceptor { - override fun performStage(flowResponse: RegistrationFlowResponse, errCode: String?, promise: Continuation) { - promise.resume( - UserPasswordAuth( - user = aliceSession.myUserId, - password = TestConstants.PASSWORD, - session = flowResponse.session - ) - ) - } - }, it) + val aliceNewSession = commonTestHelper.logIntoAccount(aliceSession.myUserId, SessionTestParams(true)) + + // we wait for alice first session to be aware of that session? + commonTestHelper.waitWithLatch { latch -> + commonTestHelper.retryPeriodicallyWithLatch(latch) { + val newSession = aliceSession.cryptoService().getUserDevices(aliceSession.myUserId) + .firstOrNull { it.deviceId == aliceNewSession.sessionParams.deviceId } + newSession != null + } } + val sentEvent = commonTestHelper.sendTextMessage(roomFromAlice, "Hello", 1).first() + val sentEventMegolmSession = sentEvent.root.content.toModel()!!.sessionId!! - // Create an encrypted room and send a couple of messages - val roomId = commonTestHelper.runBlockingTest { - aliceSession.roomService().createRoom( - CreateRoomParams().apply { - visibility = RoomDirectoryVisibility.PRIVATE - enableEncryption() - } - ) + // Let's try to request any how. + // As it was share previously alice should accept to reshare + aliceNewSession.cryptoService().reRequestRoomKeyForEvent(sentEvent.root) + + commonTestHelper.waitWithLatch { latch -> + commonTestHelper.retryPeriodicallyWithLatch(latch) { + val outgoing = aliceNewSession.cryptoService().getOutgoingRoomKeyRequests().firstOrNull { it.sessionId == sentEventMegolmSession } + val ownDeviceReply = outgoing?.results?.firstOrNull { it.userId == aliceSession.myUserId && it.fromDevice == aliceSession.sessionParams.deviceId } + ownDeviceReply != null && ownDeviceReply.result is RequestResult.Success + } } - val roomAlicePov = aliceSession.getRoom(roomId) - assertNotNull(roomAlicePov) - Thread.sleep(1_000) - assertTrue(roomAlicePov?.isEncrypted() == true) - val secondEventId = commonTestHelper.sendTextMessage(roomAlicePov!!, "Message", 3)[1].eventId + } - // Create bob session + /** + * Tests that keys reshared with own verified session are done from the earliest known index + */ + @Test + fun test_reShareFromTheEarliestKnownIndexWithOwnVerifiedSession() { + val testData = cryptoTestHelper.doE2ETestWithAliceAndBobInARoom(true) + val aliceSession = testData.firstSession + val bobSession = testData.secondSession!! + val roomFromBob = bobSession.getRoom(testData.roomId)!! - val bobSession = commonTestHelper.createAccount(TestConstants.USER_BOB, SessionTestParams(true)) - commonTestHelper.doSync { - bobSession.cryptoService().crossSigningService() - .initializeCrossSigning( - object : UserInteractiveAuthInterceptor { - override fun performStage(flowResponse: RegistrationFlowResponse, errCode: String?, promise: Continuation) { - promise.resume( - UserPasswordAuth( - user = bobSession.myUserId, - password = TestConstants.PASSWORD, - session = flowResponse.session - ) - ) - } - }, it) - } + val sentEvents = commonTestHelper.sendTextMessage(roomFromBob, "Hello", 3) + val sentEventMegolmSession = sentEvents.first().root.content.toModel()!!.sessionId!! - // Let alice invite bob - commonTestHelper.runBlockingTest { - roomAlicePov.invite(bobSession.myUserId, null) - } + // Let alice now add a new session + val aliceNewSession = commonTestHelper.logIntoAccount(aliceSession.myUserId, SessionTestParams(true)) - commonTestHelper.runBlockingTest { - bobSession.roomService().joinRoom(roomAlicePov.roomId, null, emptyList()) - } - - // we want to discard alice outbound session - aliceSession.cryptoService().discardOutboundSession(roomAlicePov.roomId) - - // and now resend a new message to reset index to 0 - commonTestHelper.sendTextMessage(roomAlicePov, "After", 1) - - val roomRoomBobPov = aliceSession.getRoom(roomId) - val beforeJoin = roomRoomBobPov!!.getTimelineEvent(secondEventId) - - var dRes = tryOrNull { - commonTestHelper.runBlockingTest { - bobSession.cryptoService().decryptEvent(beforeJoin!!.root, "") + // we wait bob first session to be aware of that session? + commonTestHelper.waitWithLatch { latch -> + commonTestHelper.retryPeriodicallyWithLatch(latch) { + val newSession = bobSession.cryptoService().getUserDevices(aliceSession.myUserId) + .firstOrNull { it.deviceId == aliceNewSession.sessionParams.deviceId } + newSession != null } } - assert(dRes == null) + val newEvent = commonTestHelper.sendTextMessage(roomFromBob, "The New", 1).first() + val newEventId = newEvent.eventId + val newEventText = newEvent.getLastMessageContent()!!.body - // Try to re-ask the keys + // alice should be able to decrypt the new one + cryptoTestHelper.ensureCanDecrypt(listOf(newEventId), aliceNewSession, testData.roomId, listOf(newEventText)) + // but not the first one! + cryptoTestHelper.ensureCannotDecrypt(sentEvents.map { it.eventId }, aliceNewSession, testData.roomId) - bobSession.cryptoService().reRequestRoomKeyForEvent(beforeJoin!!.root) + // All should be using the same session id + sentEvents.forEach { + assertEquals(sentEventMegolmSession, it.root.content.toModel()!!.sessionId) + } + assertEquals(sentEventMegolmSession, newEvent.root.content.toModel()!!.sessionId) - Thread.sleep(3_000) + // Request a first time, bob and alice should reply with unauthorized + aliceNewSession.cryptoService().reRequestRoomKeyForEvent(newEvent.root) - // With the bug the first session would have improperly reshare that key :/ - dRes = tryOrNull { - commonTestHelper.runBlockingTest { - bobSession.cryptoService().decryptEvent(beforeJoin.root, "") + commonTestHelper.waitWithLatch { latch -> + commonTestHelper.retryPeriodicallyWithLatch(latch) { + val outgoing = aliceNewSession.cryptoService().getOutgoingRoomKeyRequests().firstOrNull { it.sessionId == sentEventMegolmSession } + val ownDeviceReply = outgoing?.results + ?.firstOrNull { it.userId == aliceSession.myUserId && it.fromDevice == aliceSession.sessionParams.deviceId } + val result = ownDeviceReply?.result + Log.v("TEST", "own device result is $result") + result != null && result is RequestResult.Failure && result.code == WithHeldCode.UNVERIFIED } } - Log.d("#TEST", "KS: sgould not decrypt that ${beforeJoin.root.getClearContent().toModel()?.body}") - assert(dRes?.clearEvent == null) + + commonTestHelper.waitWithLatch { latch -> + commonTestHelper.retryPeriodicallyWithLatch(latch) { + val outgoing = aliceNewSession.cryptoService().getOutgoingRoomKeyRequests().firstOrNull { it.sessionId == sentEventMegolmSession } + val bobDeviceReply = outgoing?.results + ?.firstOrNull { it.userId == bobSession.myUserId && it.fromDevice == bobSession.sessionParams.deviceId } + val result = bobDeviceReply?.result + result != null && result is RequestResult.Success && result.chainIndex > 0 + } + } + + // it's a success but still can't decrypt first message + cryptoTestHelper.ensureCannotDecrypt(sentEvents.map { it.eventId }, aliceNewSession, testData.roomId) + + // Mark the new session as verified + aliceSession.cryptoService() + .verificationService() + .markedLocallyAsManuallyVerified(aliceNewSession.myUserId, aliceNewSession.sessionParams.deviceId!!) + + // Let's now try to request + aliceNewSession.cryptoService().reRequestRoomKeyForEvent(newEvent.root) + + commonTestHelper.waitWithLatch { latch -> + commonTestHelper.retryPeriodicallyWithLatch(latch) { + // DEBUG LOGS + aliceNewSession.cryptoService().getOutgoingRoomKeyRequests().forEach { keyRequest -> + Log.v("TEST", "=========================") + Log.v("TEST", "requestId ${keyRequest.requestId}, for sessionId ${keyRequest.requestBody?.sessionId}") + Log.v("TEST", "replies -> ${keyRequest.results.joinToString { it.toString() }}") + Log.v("TEST", "=========================") + } + val outgoing = aliceNewSession.cryptoService().getOutgoingRoomKeyRequests().firstOrNull { it.sessionId == sentEventMegolmSession } + val ownDeviceReply = outgoing?.results?.firstOrNull { it.userId == aliceSession.myUserId && it.fromDevice == aliceSession.sessionParams.deviceId } + val result = ownDeviceReply?.result + result != null && result is RequestResult.Success && result.chainIndex == 0 + } + } + + // now the new session should be able to decrypt all! + cryptoTestHelper.ensureCanDecrypt( + sentEvents.map { it.eventId }, + aliceNewSession, + testData.roomId, + sentEvents.map { it.getLastMessageContent()!!.body } + ) + + // Additional test, can we check that bob replied successfully but with a ratcheted key + commonTestHelper.waitWithLatch { latch -> + commonTestHelper.retryPeriodicallyWithLatch(latch) { + val outgoing = aliceNewSession.cryptoService().getOutgoingRoomKeyRequests().firstOrNull { it.sessionId == sentEventMegolmSession } + val bobReply = outgoing?.results?.firstOrNull { it.userId == bobSession.myUserId } + val result = bobReply?.result + result != null && result is RequestResult.Success && result.chainIndex == 3 + } + } + + commonTestHelper.signOutAndClose(aliceNewSession) + commonTestHelper.signOutAndClose(aliceSession) + commonTestHelper.signOutAndClose(bobSession) + } + + /** + * Tests that we don't cancel a request to early on first forward if the index is not good enough + */ + @Test + fun test_dontCancelToEarly() { + val testData = cryptoTestHelper.doE2ETestWithAliceAndBobInARoom(true) + val aliceSession = testData.firstSession + val bobSession = testData.secondSession!! + val roomFromBob = bobSession.getRoom(testData.roomId)!! + + val sentEvents = commonTestHelper.sendTextMessage(roomFromBob, "Hello", 3) + val sentEventMegolmSession = sentEvents.first().root.content.toModel()!!.sessionId!! + + // Let alice now add a new session + val aliceNewSession = commonTestHelper.logIntoAccount(aliceSession.myUserId, SessionTestParams(true)) + + // we wait bob first session to be aware of that session? + commonTestHelper.waitWithLatch { latch -> + commonTestHelper.retryPeriodicallyWithLatch(latch) { + val newSession = bobSession.cryptoService().getUserDevices(aliceSession.myUserId) + .firstOrNull { it.deviceId == aliceNewSession.sessionParams.deviceId } + newSession != null + } + } + + val newEvent = commonTestHelper.sendTextMessage(roomFromBob, "The New", 1).first() + val newEventId = newEvent.eventId + val newEventText = newEvent.getLastMessageContent()!!.body + + // alice should be able to decrypt the new one + cryptoTestHelper.ensureCanDecrypt(listOf(newEventId), aliceNewSession, testData.roomId, listOf(newEventText)) + // but not the first one! + cryptoTestHelper.ensureCannotDecrypt(sentEvents.map { it.eventId }, aliceNewSession, testData.roomId) + + // All should be using the same session id + sentEvents.forEach { + assertEquals(sentEventMegolmSession, it.root.content.toModel()!!.sessionId) + } + assertEquals(sentEventMegolmSession, newEvent.root.content.toModel()!!.sessionId) + + // Mark the new session as verified + aliceSession.cryptoService() + .verificationService() + .markedLocallyAsManuallyVerified(aliceNewSession.myUserId, aliceNewSession.sessionParams.deviceId!!) + + // /!\ Stop initial alice session syncing so that it can't reply + aliceSession.stopSync() + + // Let's now try to request + aliceNewSession.cryptoService().reRequestRoomKeyForEvent(sentEvents.first().root) + + // Should get a reply from bob and not from alice + commonTestHelper.waitWithLatch { latch -> + commonTestHelper.retryPeriodicallyWithLatch(latch) { + val outgoing = aliceNewSession.cryptoService().getOutgoingRoomKeyRequests().firstOrNull { it.sessionId == sentEventMegolmSession } + val bobReply = outgoing?.results?.firstOrNull { it.userId == bobSession.myUserId } + val result = bobReply?.result + result != null && result is RequestResult.Success && result.chainIndex == 3 + } + } + + val outgoingReq = aliceNewSession.cryptoService().getOutgoingRoomKeyRequests().firstOrNull { it.sessionId == sentEventMegolmSession } + + assertNull("We should not have a reply from first session", outgoingReq!!.results.firstOrNull { it.fromDevice == aliceSession.sessionParams.deviceId }) + assertEquals("The request should not be canceled", OutgoingRoomKeyRequestState.SENT, outgoingReq.state) + + // let's wake up alice + aliceSession.startSync(true) + + // We should now get a reply from first session + commonTestHelper.waitWithLatch { latch -> + commonTestHelper.retryPeriodicallyWithLatch(latch) { + val outgoing = aliceNewSession.cryptoService().getOutgoingRoomKeyRequests().firstOrNull { it.sessionId == sentEventMegolmSession } + val ownDeviceReply = outgoing?.results?.firstOrNull { it.userId == aliceSession.myUserId && it.fromDevice == aliceSession.sessionParams.deviceId } + val result = ownDeviceReply?.result + result != null && result is RequestResult.Success && result.chainIndex == 0 + } + } + + // It should be in sent then cancel + val outgoing = aliceNewSession.cryptoService().getOutgoingRoomKeyRequests().firstOrNull { it.sessionId == sentEventMegolmSession } + assertEquals("The request should be canceled", OutgoingRoomKeyRequestState.SENT_THEN_CANCELED, outgoing!!.state) + + commonTestHelper.signOutAndClose(aliceNewSession) + commonTestHelper.signOutAndClose(aliceSession) + commonTestHelper.signOutAndClose(bobSession) } } diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/crypto/MXCryptoConfig.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/crypto/MXCryptoConfig.kt index 9a686de2e1..a0e1011aba 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/crypto/MXCryptoConfig.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/crypto/MXCryptoConfig.kt @@ -31,5 +31,11 @@ data class MXCryptoConfig constructor( * If set to false, the request will be forwarded to the application layer; in this * case the application can decide to prompt the user. */ - val discardRoomKeyRequestsFromUntrustedDevices: Boolean = true + val discardRoomKeyRequestsFromUntrustedDevices: Boolean = true, + + /** + * Currently megolm keys are requested to the sender device and to all of our devices. + * You can limit request only to your sessions by turning this setting to `true` + */ + val limitRoomKeyRequestsToMyDevices: Boolean = false ) diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/CryptoService.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/CryptoService.kt index 015b0c75be..b62908ade0 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/CryptoService.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/CryptoService.kt @@ -146,6 +146,12 @@ interface CryptoService { fun getIncomingRoomKeyRequests(): List fun getIncomingRoomKeyRequestsPaged(): LiveData> + /** + * Can be called by the app layer to accept a request manually + * Use carefully as it is prone to social attacks + */ + suspend fun manuallyAcceptRoomKeyRequest(request: IncomingRoomKeyRequest) + fun getGossipingEventsTrail(): LiveData> fun getGossipingEvents(): List diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/keyshare/GossipingRequestListener.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/keyshare/GossipingRequestListener.kt index 3cd36c2ce8..6fdbaf3301 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/keyshare/GossipingRequestListener.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/keyshare/GossipingRequestListener.kt @@ -16,9 +16,8 @@ package org.matrix.android.sdk.api.session.crypto.keyshare -import org.matrix.android.sdk.api.session.crypto.model.IncomingRequestCancellation import org.matrix.android.sdk.api.session.crypto.model.IncomingRoomKeyRequest -import org.matrix.android.sdk.api.session.crypto.model.IncomingSecretShareRequest +import org.matrix.android.sdk.api.session.crypto.model.SecretShareRequest /** * Room keys events listener @@ -35,12 +34,12 @@ interface GossipingRequestListener { * Returns the secret value to be shared * @return true if is handled */ - fun onSecretShareRequest(request: IncomingSecretShareRequest): Boolean + fun onSecretShareRequest(request: SecretShareRequest): Boolean /** * A room key request cancellation has been received. * * @param request the cancellation request */ - fun onRoomKeyRequestCancellation(request: IncomingRequestCancellation) + fun onRequestCancelled(requestId: IncomingRoomKeyRequest) } diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/model/IncomingRequestCancellation.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/model/IncomingRequestCancellation.kt deleted file mode 100755 index 74ca7304f7..0000000000 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/model/IncomingRequestCancellation.kt +++ /dev/null @@ -1,63 +0,0 @@ -/* - * Copyright 2020 The Matrix.org Foundation C.I.C. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.matrix.android.sdk.api.session.crypto.model - -import org.matrix.android.sdk.api.session.events.model.Event -import org.matrix.android.sdk.api.session.events.model.toModel -import org.matrix.android.sdk.internal.crypto.IncomingShareRequestCommon -import org.matrix.android.sdk.internal.crypto.model.rest.ShareRequestCancellation - -/** - * IncomingRequestCancellation describes the incoming room key cancellation. - */ -data class IncomingRequestCancellation( - /** - * The user id - */ - override val userId: String? = null, - - /** - * The device id - */ - override val deviceId: String? = null, - - /** - * The request id - */ - override val requestId: String? = null, - override val localCreationTimestamp: Long? -) : IncomingShareRequestCommon { - companion object { - /** - * Factory - * - * @param event the event - */ - fun fromEvent(event: Event): IncomingRequestCancellation? { - return event.getClearContent() - .toModel() - ?.let { - IncomingRequestCancellation( - userId = event.senderId, - deviceId = it.requestingDeviceId, - requestId = it.requestId, - localCreationTimestamp = event.ageLocalTs ?: System.currentTimeMillis() - ) - } - } - } -} diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/model/IncomingRoomKeyRequest.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/model/IncomingRoomKeyRequest.kt index 45b0926d89..c5d8f5f285 100755 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/model/IncomingRoomKeyRequest.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/model/IncomingRoomKeyRequest.kt @@ -16,9 +16,9 @@ package org.matrix.android.sdk.api.session.crypto.model -import org.matrix.android.sdk.api.session.events.model.Event -import org.matrix.android.sdk.api.session.events.model.toModel -import org.matrix.android.sdk.internal.crypto.IncomingShareRequestCommon +import org.matrix.android.sdk.internal.crypto.model.AuditTrail +import org.matrix.android.sdk.internal.crypto.model.IncomingKeyRequestInfo +import org.matrix.android.sdk.internal.crypto.model.TrailType /** * IncomingRoomKeyRequest class defines the incoming room keys request. @@ -27,56 +27,61 @@ data class IncomingRoomKeyRequest( /** * The user id */ - override val userId: String? = null, + val userId: String? = null, /** * The device id */ - override val deviceId: String? = null, + val deviceId: String? = null, /** * The request id */ - override val requestId: String? = null, + val requestId: String? = null, /** * The request body */ val requestBody: RoomKeyRequestBody? = null, - val state: GossipingRequestState = GossipingRequestState.NONE, - - /** - * The runnable to call to accept to share the keys - */ - @Transient - var share: Runnable? = null, - - /** - * The runnable to call to ignore the key share request. - */ - @Transient - var ignore: Runnable? = null, - override val localCreationTimestamp: Long? -) : IncomingShareRequestCommon { + val localCreationTimestamp: Long? +) { companion object { /** * Factory * * @param event the event */ - fun fromEvent(event: Event): IncomingRoomKeyRequest? { - return event.getClearContent() - .toModel() + fun fromEvent(trail: AuditTrail): IncomingRoomKeyRequest? { + return trail + .takeIf { it.type == TrailType.IncomingKeyRequest } + ?.let { + it.info as? IncomingKeyRequestInfo + } ?.let { IncomingRoomKeyRequest( - userId = event.senderId, - deviceId = it.requestingDeviceId, + userId = it.userId, + deviceId = it.deviceId, requestId = it.requestId, - requestBody = it.body ?: RoomKeyRequestBody(), - localCreationTimestamp = event.ageLocalTs ?: System.currentTimeMillis() + requestBody = RoomKeyRequestBody( + algorithm = it.alg, + roomId = it.roomId, + senderKey = it.senderKey, + sessionId = it.sessionId + ), + localCreationTimestamp = trail.ageLocalTs ) } } + + fun fromRestRequest(senderId: String, request: RoomKeyShareRequest): IncomingRoomKeyRequest? { + return IncomingRoomKeyRequest( + userId = senderId, + deviceId = request.requestingDeviceId, + requestId = request.requestId, + requestBody = request.body, + localCreationTimestamp = System.currentTimeMillis() + ) + } } } diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/model/IncomingSecretShareRequest.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/model/IncomingSecretShareRequest.kt deleted file mode 100755 index 5afffef1ae..0000000000 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/model/IncomingSecretShareRequest.kt +++ /dev/null @@ -1,82 +0,0 @@ -/* - * Copyright 2020 The Matrix.org Foundation C.I.C. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.matrix.android.sdk.api.session.crypto.model - -import org.matrix.android.sdk.api.session.events.model.Event -import org.matrix.android.sdk.api.session.events.model.toModel -import org.matrix.android.sdk.internal.crypto.IncomingShareRequestCommon - -/** - * IncomingSecretShareRequest class defines the incoming secret keys request. - */ -data class IncomingSecretShareRequest( - /** - * The user id - */ - override val userId: String? = null, - - /** - * The device id - */ - override val deviceId: String? = null, - - /** - * The request id - */ - override val requestId: String? = null, - - /** - * The request body - */ - val secretName: String? = null, - - /** - * The runnable to call to accept to share the keys - */ - @Transient - var share: ((String) -> Unit)? = null, - - /** - * The runnable to call to ignore the key share request. - */ - @Transient - var ignore: Runnable? = null, - - override val localCreationTimestamp: Long? - -) : IncomingShareRequestCommon { - companion object { - /** - * Factory - * - * @param event the event - */ - fun fromEvent(event: Event): IncomingSecretShareRequest? { - return event.getClearContent() - .toModel() - ?.let { - IncomingSecretShareRequest( - userId = event.senderId, - deviceId = it.requestingDeviceId, - requestId = it.requestId, - secretName = it.secretName, - localCreationTimestamp = event.ageLocalTs ?: System.currentTimeMillis() - ) - } - } - } -} diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/DefaultCryptoService.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/DefaultCryptoService.kt index ee0b208cbb..0f040bd322 100755 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/DefaultCryptoService.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/DefaultCryptoService.kt @@ -81,6 +81,13 @@ import org.matrix.android.sdk.internal.crypto.crosssigning.DefaultCrossSigningSe import org.matrix.android.sdk.internal.crypto.keysbackup.DefaultKeysBackupService import org.matrix.android.sdk.internal.crypto.model.AuditTrail import org.matrix.android.sdk.internal.crypto.model.MXKey.Companion.KEY_SIGNED_CURVE_25519_TYPE +import org.matrix.android.sdk.internal.crypto.model.MXUsersDevicesMap +import org.matrix.android.sdk.internal.crypto.model.TrailType +import org.matrix.android.sdk.internal.crypto.model.event.RoomKeyContent +import org.matrix.android.sdk.internal.crypto.model.event.RoomKeyWithHeldContent +import org.matrix.android.sdk.internal.crypto.model.rest.DeviceInfo +import org.matrix.android.sdk.internal.crypto.model.rest.DevicesListResponse +import org.matrix.android.sdk.internal.crypto.model.rest.RoomKeyShareRequest import org.matrix.android.sdk.internal.crypto.model.toRest import org.matrix.android.sdk.internal.crypto.repository.WarnOnUnknownDeviceRepository import org.matrix.android.sdk.internal.crypto.store.IMXCryptoStore @@ -156,7 +163,7 @@ internal class DefaultCryptoService @Inject constructor( private val incomingKeyRequestManager: IncomingKeyRequestManager, private val secretShareManager: SecretShareManager, // - private val outgoingGossipingRequestManager: OutgoingGossipingRequestManager, + private val outgoingKeyRequestManager: OutgoingKeyRequestManager, // Actions private val setDeviceVerificationAction: SetDeviceVerificationAction, private val megolmSessionDataImporter: MegolmSessionDataImporter, @@ -387,7 +394,7 @@ internal class DefaultCryptoService @Inject constructor( fun close() = runBlocking(coroutineDispatchers.crypto) { cryptoCoroutineScope.coroutineContext.cancelChildren(CancellationException("Closing crypto module")) incomingKeyRequestManager.close() - outgoingGossipingRequestManager.close() + outgoingKeyRequestManager.close() olmDevice.release() cryptoStore.close() } @@ -458,7 +465,7 @@ internal class DefaultCryptoService @Inject constructor( try { if (toDevices.isEmpty()) { // this is not blocking - outgoingGossipingRequestManager.requireProcessAllPendingKeyRequests() + outgoingKeyRequestManager.requireProcessAllPendingKeyRequests() } else { Timber.tag(loggerTag.value) .w("Don't process key requests yet as their might be more to_device to catchup") @@ -778,26 +785,18 @@ internal class DefaultCryptoService @Inject constructor( cryptoCoroutineScope.launch(coroutineDispatchers.crypto) { when (event.getClearType()) { EventType.ROOM_KEY, EventType.FORWARDED_ROOM_KEY -> { -// gossipingBuffer.add(event) // Keys are imported directly, not waiting for end of sync onRoomKeyEvent(event) } EventType.REQUEST_SECRET -> { secretShareManager.handleSecretRequest(event) -// incomingGossipingRequestManager.onGossipingRequestEvent(event) } EventType.ROOM_KEY_REQUEST -> { - Timber.w("VALR: key request ${event.getClearContent()}") - // save audit trail -// gossipingBuffer.add(event) - // Requests are stacked, and will be handled one by one at the end of the sync (onSyncComplete) - Timber.w("VALR: sender Id is ${event.senderId} full ev $event") event.getClearContent().toModel()?.let { req -> event.senderId?.let { incomingKeyRequestManager.addNewIncomingRequest(it, req) } } } EventType.SEND_SECRET -> { -// gossipingBuffer.add(event) onSecretSendReceived(event) } EventType.ROOM_KEY_WITHHELD -> { @@ -842,7 +841,7 @@ internal class DefaultCryptoService @Inject constructor( withHeldContent.algorithm ?: return withHeldContent.roomId ?: return withHeldContent.senderKey ?: return - outgoingGossipingRequestManager.onRoomKeyWithHeld( + outgoingKeyRequestManager.onRoomKeyWithHeld( sessionId = withHeldContent.sessionId, algorithm = withHeldContent.algorithm, roomId = withHeldContent.roomId, @@ -854,14 +853,6 @@ internal class DefaultCryptoService @Inject constructor( content = event.getClearContent() ) ) -// Timber.tag(loggerTag.value).i("onKeyWithHeldReceived() received from:${event.senderId}, content <$withHeldContent>") -// val alg = roomDecryptorProvider.getOrCreateRoomDecryptor(withHeldContent.roomId, withHeldContent.algorithm) -// if (alg is IMXWithHeldExtension) { -// alg.onRoomKeyWithHeldEvent(senderId, withHeldContent) -// } else { -// Timber.tag(loggerTag.value).e("onKeyWithHeldReceived() from:${event.senderId}: Unable to handle WithHeldContent for ${withHeldContent.algorithm}") -// return -// } } private suspend fun onSecretSendReceived(event: Event) { @@ -1158,52 +1149,11 @@ internal class DefaultCryptoService @Inject constructor( * @param event the event to decrypt again. */ override fun reRequestRoomKeyForEvent(event: Event) { - val sender = event.senderId ?: return - val wireContent = event.content.toModel() ?: return Unit.also { - Timber.tag(loggerTag.value).e("reRequestRoomKeyForEvent Failed to re-request key, null content") - } - - val recipients = if (event.senderId == userId) { - mapOf( - userId to listOf("*") - ) - } else { - // for the case where you share the key with a device that has a broken olm session - // The other user might Re-shares a megolm session key with devices if the key has already been - // sent to them. - mapOf( - userId to listOf("*"), - // TODO we might not have deviceId in the future due to https://github.com/matrix-org/matrix-spec-proposals/pull/3700 - // so in this case query to all - sender to listOf(wireContent.deviceId ?: "*") - ) - } - val requestBody = RoomKeyRequestBody( - algorithm = wireContent.algorithm, - roomId = event.roomId, - senderKey = wireContent.senderKey, - sessionId = wireContent.sessionId - ) - - outgoingGossipingRequestManager.postRoomKeyRequest(requestBody, recipients, true) + outgoingKeyRequestManager.requestKeyForEvent(event, true) } override fun requestRoomKeyForEvent(event: Event) { - val wireContent = event.content.toModel() ?: return Unit.also { - Timber.tag(loggerTag.value).e("requestRoomKeyForEvent Failed to request key, null content eventId: ${event.eventId}") - } - - cryptoCoroutineScope.launch(coroutineDispatchers.crypto) { -// if (!isStarted()) { -// Timber.v("## CRYPTO | requestRoomKeyForEvent() : wait after e2e init") -// internalStart(false) -// } - roomDecryptorProvider - .getOrCreateRoomDecryptor(event.roomId, wireContent.algorithm) - ?.requestKeysForEvent(event, false) ?: run { - Timber.tag(loggerTag.value).v("requestRoomKeyForEvent() : No room decryptor for roomId:${event.roomId} algorithm:${wireContent.algorithm}") - } - } + outgoingKeyRequestManager.requestKeyForEvent(event, false) } /** @@ -1213,7 +1163,7 @@ internal class DefaultCryptoService @Inject constructor( */ override fun addRoomKeysRequestListener(listener: GossipingRequestListener) { incomingKeyRequestManager.addRoomKeysRequestListener(listener) - // TODO same for secret manager + secretShareManager.addListener(listener) } /** @@ -1223,42 +1173,9 @@ internal class DefaultCryptoService @Inject constructor( */ override fun removeRoomKeysRequestListener(listener: GossipingRequestListener) { incomingKeyRequestManager.removeRoomKeysRequestListener(listener) - // TODO same for secret manager + secretShareManager.addListener(listener) } -// private fun markOlmSessionForUnwedging(senderId: String, deviceInfo: CryptoDeviceInfo) { -// val deviceKey = deviceInfo.identityKey() -// -// val lastForcedDate = lastNewSessionForcedDates.getObject(senderId, deviceKey) ?: 0 -// val now = System.currentTimeMillis() -// if (now - lastForcedDate < CRYPTO_MIN_FORCE_SESSION_PERIOD_MILLIS) { -// Timber.d("## CRYPTO | markOlmSessionForUnwedging: New session already forced with device at $lastForcedDate. Not forcing another") -// return -// } -// -// Timber.d("## CRYPTO | markOlmSessionForUnwedging from $senderId:${deviceInfo.deviceId}") -// lastNewSessionForcedDates.setObject(senderId, deviceKey, now) -// -// cryptoCoroutineScope.launch(coroutineDispatchers.crypto) { -// ensureOlmSessionsForDevicesAction.handle(mapOf(senderId to listOf(deviceInfo)), force = true) -// -// // Now send a blank message on that session so the other side knows about it. -// // (The keyshare request is sent in the clear so that won't do) -// // We send this first such that, as long as the toDevice messages arrive in the -// // same order we sent them, the other end will get this first, set up the new session, -// // then get the keyshare request and send the key over this new session (because it -// // is the session it has most recently received a message on). -// val payloadJson = mapOf("type" to EventType.DUMMY) -// -// val encodedPayload = messageEncrypter.encryptMessage(payloadJson, listOf(deviceInfo)) -// val sendToDeviceMap = MXUsersDevicesMap() -// sendToDeviceMap.setObject(senderId, deviceInfo.deviceId, encodedPayload) -// Timber.v("## CRYPTO | markOlmSessionForUnwedging() : sending to $senderId:${deviceInfo.deviceId}") -// val sendToDeviceParams = SendToDeviceTask.Params(EventType.ENCRYPTED, sendToDeviceMap) -// sendToDeviceTask.execute(sendToDeviceParams) -// } -// } - /** * Provides the list of unknown devices * @@ -1312,12 +1229,26 @@ internal class DefaultCryptoService @Inject constructor( return cryptoStore.getOutgoingRoomKeyRequestsPaged() } - override fun getIncomingRoomKeyRequestsPaged(): LiveData> { - return cryptoStore.getIncomingRoomKeyRequestsPaged() + override fun getIncomingRoomKeyRequests(): List { + return cryptoStore.getGossipingEvents() + .mapNotNull { + IncomingRoomKeyRequest.fromEvent(it) + } } - override fun getIncomingRoomKeyRequests(): List { - return cryptoStore.getIncomingRoomKeyRequests() + override fun getIncomingRoomKeyRequestsPaged(): LiveData> { + return cryptoStore.getGossipingEventsTrail(TrailType.IncomingKeyRequest) { + IncomingRoomKeyRequest.fromEvent(it) + ?: IncomingRoomKeyRequest(localCreationTimestamp = 0L) + } + } + + /** + * If you registered a `GossipingRequestListener`, you will be notified of key request + * that was not accepted by the SDK. You can call back this manually to accept anyhow. + */ + override suspend fun manuallyAcceptRoomKeyRequest(request: IncomingRoomKeyRequest) { + incomingKeyRequestManager.manuallyAcceptRoomKeyRequest(request) } override fun getGossipingEventsTrail(): LiveData> { diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/DeviceListManager.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/DeviceListManager.kt index 6cae2d0935..d96671376d 100755 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/DeviceListManager.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/DeviceListManager.kt @@ -311,10 +311,19 @@ internal class DeviceListManager @Inject constructor(private val cryptoStore: IM } else { Timber.v("## CRYPTO | downloadKeys() : starts") val t0 = System.currentTimeMillis() - val result = doKeyDownloadForUsers(downloadUsers) - Timber.v("## CRYPTO | downloadKeys() : doKeyDownloadForUsers succeeds after ${System.currentTimeMillis() - t0} ms") - result.also { - it.addEntriesFromMap(stored) + try { + val result = doKeyDownloadForUsers(downloadUsers) + Timber.v("## CRYPTO | downloadKeys() : doKeyDownloadForUsers succeeds after ${System.currentTimeMillis() - t0} ms") + result.also { + it.addEntriesFromMap(stored) + } + } catch (failure: Throwable) { + Timber.w(failure, "## CRYPTO | downloadKeys() : doKeyDownloadForUsers failed after ${System.currentTimeMillis() - t0} ms") + if (forceDownload) { + throw failure + } else { + stored + } } } } diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/IncomingKeyRequestManager.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/IncomingKeyRequestManager.kt index 7585becfa3..3766e5f5a3 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/IncomingKeyRequestManager.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/IncomingKeyRequestManager.kt @@ -26,10 +26,14 @@ import kotlinx.coroutines.withContext import org.matrix.android.sdk.api.MatrixCoroutineDispatchers import org.matrix.android.sdk.api.auth.data.Credentials import org.matrix.android.sdk.api.crypto.MXCRYPTO_ALGORITHM_MEGOLM +import org.matrix.android.sdk.api.crypto.MXCryptoConfig +import org.matrix.android.sdk.api.extensions.tryOrNull import org.matrix.android.sdk.api.logger.LoggerTag import org.matrix.android.sdk.api.session.crypto.keyshare.GossipingRequestListener import org.matrix.android.sdk.api.session.crypto.model.CryptoDeviceInfo +import org.matrix.android.sdk.api.session.crypto.model.IncomingRoomKeyRequest import org.matrix.android.sdk.api.session.crypto.model.MXUsersDevicesMap +import org.matrix.android.sdk.api.session.crypto.model.RoomKeyRequestBody import org.matrix.android.sdk.api.session.crypto.model.RoomKeyShareRequest import org.matrix.android.sdk.api.session.events.model.EventType import org.matrix.android.sdk.api.session.events.model.content.RoomKeyWithHeldContent @@ -53,6 +57,7 @@ internal class IncomingKeyRequestManager @Inject constructor( private val cryptoStore: IMXCryptoStore, private val ensureOlmSessionsForDevicesAction: EnsureOlmSessionsForDevicesAction, private val olmDevice: MXOlmDevice, + private val cryptoConfig: MXCryptoConfig, private val messageEncrypter: MessageEncrypter, private val coroutineDispatchers: MatrixCoroutineDispatchers, private val sendToDeviceTask: SendToDeviceTask) { @@ -71,6 +76,7 @@ internal class IncomingKeyRequestManager @Inject constructor( } data class ValidMegolmRequestBody( + val requestId: String, val requestingUserId: String, val requestingDeviceId: String, val roomId: String, @@ -87,6 +93,7 @@ internal class IncomingKeyRequestManager @Inject constructor( val roomId = body.roomId ?: return null val sessionId = body.sessionId ?: return null val senderKey = body.senderKey ?: return null + val requestId = this.requestId ?: return null if (body.algorithm != MXCRYPTO_ALGORITHM_MEGOLM) return null val action = when (this.action) { "request" -> MegolmRequestAction.Request @@ -94,6 +101,7 @@ internal class IncomingKeyRequestManager @Inject constructor( else -> null } ?: return null return ValidMegolmRequestBody( + requestId = requestId, requestingUserId = senderId, requestingDeviceId = deviceId, roomId = roomId, @@ -121,6 +129,21 @@ internal class IncomingKeyRequestManager @Inject constructor( } MegolmRequestAction.Cancel -> { // ignore, we can't cancel as it's not known (probably already processed) + // still notify app layer if it was passed up previously + IncomingRoomKeyRequest.fromRestRequest(senderId, request)?.let { iReq -> + outgoingRequestScope.launch(coroutineDispatchers.computation) { + val listenersCopy = synchronized(gossipingRequestListeners) { + gossipingRequestListeners.toList() + } + listenersCopy.onEach { + tryOrNull { + withContext(coroutineDispatchers.main) { + it.onRequestCancelled(iReq) + } + } + } + } + } } } } else { @@ -131,6 +154,18 @@ internal class IncomingKeyRequestManager @Inject constructor( MegolmRequestAction.Cancel -> { // discard the request in buffer incomingRequestBuffer.remove(existing) + outgoingRequestScope.launch(coroutineDispatchers.computation) { + val listenersCopy = synchronized(gossipingRequestListeners) { + gossipingRequestListeners.toList() + } + listenersCopy.onEach { + IncomingRoomKeyRequest.fromRestRequest(senderId, request)?.let { iReq -> + withContext(coroutineDispatchers.main) { + tryOrNull { it.onRequestCancelled(iReq) } + } + } + } + } } } } @@ -170,6 +205,7 @@ internal class IncomingKeyRequestManager @Inject constructor( } cryptoStore.saveIncomingKeyRequestAuditTrail( + request.requestId, request.roomId, request.sessionId, request.senderKey, @@ -205,6 +241,10 @@ internal class IncomingKeyRequestManager @Inject constructor( shareIfItWasPreviouslyShared(request, requestingDevice) } } else { + if (cryptoConfig.limitRoomKeyRequestsToMyDevices) { + Timber.tag(loggerTag.value).v("Ignore request from other user as per crypto config: ${request.shortDbgString()}") + return + } Timber.tag(loggerTag.value).v("handling request from other user: megolm session ${request.sessionId}") if (requestingDevice.isBlocked) { // it's blocked, so send a withheld code @@ -224,12 +264,39 @@ internal class IncomingKeyRequestManager @Inject constructor( // we share from the index it was previously shared with shareMegolmKey(request, requestingDevice, wasSessionSharedWithUser.chainIndex.toLong()) } else { - sendWithheldForRequest(request, WithHeldCode.UNAUTHORISED) - // TODO if it's our device we could delegate to the app layer to decide? + val isOwnDevice = requestingDevice.userId == credentials.userId + sendWithheldForRequest(request, if (isOwnDevice) WithHeldCode.UNVERIFIED else WithHeldCode.UNAUTHORISED) + // if it's our device we could delegate to the app layer to decide + if (isOwnDevice) { + outgoingRequestScope.launch(coroutineDispatchers.computation) { + val listenersCopy = synchronized(gossipingRequestListeners) { + gossipingRequestListeners.toList() + } + val iReq = IncomingRoomKeyRequest( + userId = requestingDevice.userId, + deviceId = requestingDevice.deviceId, + requestId = request.requestId, + requestBody = RoomKeyRequestBody( + algorithm = MXCRYPTO_ALGORITHM_MEGOLM, + senderKey = request.senderKey, + sessionId = request.sessionId, + roomId = request.roomId + ), + localCreationTimestamp = System.currentTimeMillis() + ) + listenersCopy.onEach { + withContext(coroutineDispatchers.main) { + tryOrNull { it.onRoomKeyRequest(iReq) } + } + } + } + } } } private suspend fun sendWithheldForRequest(request: ValidMegolmRequestBody, code: WithHeldCode) { + Timber.tag(loggerTag.value) + .w("Send withheld $code for req: ${request.shortDbgString()}") val withHeldContent = RoomKeyWithHeldContent( roomId = request.roomId, senderKey = request.senderKey, @@ -253,13 +320,13 @@ internal class IncomingKeyRequestManager @Inject constructor( } cryptoStore.saveWithheldAuditTrail( - request.roomId, - request.sessionId, - request.senderKey, - MXCRYPTO_ALGORITHM_MEGOLM, - code, - request.requestingUserId, - request.requestingDeviceId + roomId = request.roomId, + sessionId = request.sessionId, + senderKey = request.senderKey, + algorithm = MXCRYPTO_ALGORITHM_MEGOLM, + code = code, + userId = request.requestingUserId, + deviceId = request.requestingDeviceId ) } catch (failure: Throwable) { // Ignore it's not that important? @@ -269,6 +336,31 @@ internal class IncomingKeyRequestManager @Inject constructor( } } + suspend fun manuallyAcceptRoomKeyRequest(request: IncomingRoomKeyRequest) { + request.requestId ?: return + request.deviceId ?: return + request.userId ?: return + request.requestBody?.roomId ?: return + request.requestBody.senderKey ?: return + request.requestBody.sessionId ?: return + val validReq = ValidMegolmRequestBody( + requestId = request.requestId, + requestingDeviceId = request.deviceId, + requestingUserId = request.userId, + roomId = request.requestBody.roomId, + senderKey = request.requestBody.senderKey, + sessionId = request.requestBody.sessionId, + action = MegolmRequestAction.Request + ) + val requestingDevice = + cryptoStore.getUserDevice(request.userId, request.deviceId) + ?: return Unit.also { + Timber.tag(loggerTag.value).d("Ignoring key request: ${validReq.shortDbgString()}") + } + + shareMegolmKey(validReq, requestingDevice, null) + } + private suspend fun shareMegolmKey(validRequest: ValidMegolmRequestBody, requestingDevice: CryptoDeviceInfo, chainIndex: Long?): Boolean { @@ -341,14 +433,12 @@ internal class IncomingKeyRequestManager @Inject constructor( fun addRoomKeysRequestListener(listener: GossipingRequestListener) { synchronized(gossipingRequestListeners) { - // TODO gossipingRequestListeners.add(listener) } } fun removeRoomKeysRequestListener(listener: GossipingRequestListener) { synchronized(gossipingRequestListeners) { - // TODO gossipingRequestListeners.remove(listener) } } diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/IncomingShareRequestCommon.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/IncomingShareRequestCommon.kt deleted file mode 100644 index 97c369db3e..0000000000 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/IncomingShareRequestCommon.kt +++ /dev/null @@ -1,36 +0,0 @@ -/* - * Copyright 2020 The Matrix.org Foundation C.I.C. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.matrix.android.sdk.internal.crypto - -internal interface IncomingShareRequestCommon { - /** - * The user id - */ - val userId: String? - - /** - * The device id - */ - val deviceId: String? - - /** - * The request id - */ - val requestId: String? - - val localCreationTimestamp: Long? -} diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/MXOlmDevice.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/MXOlmDevice.kt index f12cefeb9a..67d544ca43 100755 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/MXOlmDevice.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/MXOlmDevice.kt @@ -585,6 +585,13 @@ internal class MXOlmDevice @Inject constructor( // Inbound group session + sealed class AddSessionResult { + data class Imported(val ratchetIndex: Int) : AddSessionResult() + abstract class Failure : AddSessionResult() + object NotImported : Failure() + data class NotImportedHigherIndex(val newIndex: Int) : AddSessionResult() + } + /** * Add an inbound group session to the session store. * @@ -603,7 +610,7 @@ internal class MXOlmDevice @Inject constructor( senderKey: String, forwardingCurve25519KeyChain: List, keysClaimed: Map, - exportFormat: Boolean): Boolean { + exportFormat: Boolean): AddSessionResult { val candidateSession = OlmInboundGroupSessionWrapper2(sessionKey, exportFormat) val existingSessionHolder = tryOrNull { getInboundGroupSession(sessionId, senderKey, roomId) } val existingSession = existingSessionHolder?.wrapper @@ -611,7 +618,7 @@ internal class MXOlmDevice @Inject constructor( if (existingSession != null) { Timber.tag(loggerTag.value).d("## addInboundGroupSession() check if known session is better than candidate session") try { - val existingFirstKnown = existingSession.firstKnownIndex ?: return false.also { + val existingFirstKnown = existingSession.firstKnownIndex ?: return AddSessionResult.NotImported.also { // This is quite unexpected, could throw if native was released? Timber.tag(loggerTag.value).e("## addInboundGroupSession() null firstKnownIndex on existing session") candidateSession.olmInboundGroupSession?.releaseSession() @@ -622,12 +629,12 @@ internal class MXOlmDevice @Inject constructor( if (newKnownFirstIndex != null && existingFirstKnown <= newKnownFirstIndex) { Timber.tag(loggerTag.value).d("## addInboundGroupSession() : ignore session our is better $senderKey/$sessionId") candidateSession.olmInboundGroupSession?.releaseSession() - return false + return AddSessionResult.NotImportedHigherIndex(newKnownFirstIndex.toInt()) } } catch (failure: Throwable) { Timber.tag(loggerTag.value).e("## addInboundGroupSession() Failed to add inbound: ${failure.localizedMessage}") candidateSession.olmInboundGroupSession?.releaseSession() - return false + return AddSessionResult.NotImported } } @@ -637,19 +644,19 @@ internal class MXOlmDevice @Inject constructor( val candidateOlmInboundSession = candidateSession.olmInboundGroupSession if (null == candidateOlmInboundSession) { Timber.tag(loggerTag.value).e("## addInboundGroupSession : invalid session ") - return false + return AddSessionResult.NotImported } try { if (candidateOlmInboundSession.sessionIdentifier() != sessionId) { Timber.tag(loggerTag.value).e("## addInboundGroupSession : ERROR: Mismatched group session ID from senderKey: $senderKey") candidateOlmInboundSession.releaseSession() - return false + return AddSessionResult.NotImported } } catch (e: Throwable) { candidateOlmInboundSession.releaseSession() Timber.tag(loggerTag.value).e(e, "## addInboundGroupSession : sessionIdentifier() failed") - return false + return AddSessionResult.NotImported } candidateSession.senderKey = senderKey @@ -663,7 +670,7 @@ internal class MXOlmDevice @Inject constructor( inboundGroupSessionStore.storeInBoundGroupSession(InboundGroupSessionHolder(candidateSession), sessionId, senderKey) } - return true + return AddSessionResult.Imported(candidateSession.firstKnownIndex?.toInt() ?: 0) } /** diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingKeyRequest.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingKeyRequest.kt index 57cabc29a0..95148513ac 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingKeyRequest.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingKeyRequest.kt @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 New Vector Ltd + * Copyright (c) 2022 The Matrix.org Foundation C.I.C. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -27,7 +27,7 @@ data class RequestReply( ) sealed class RequestResult { - object Success : RequestResult() + data class Success(val chainIndex: Int) : RequestResult() data class Failure(val code: WithHeldCode) : RequestResult() } @@ -35,6 +35,7 @@ data class OutgoingKeyRequest( var requestBody: RoomKeyRequestBody?, // recipients for the request map of users to list of deviceId val recipients: Map>, + val fromIndex: Int, // Unique id for this request. Used for both // an id within the request for later pairing with a cancellation, and for // the transaction id when sending the to_device messages to our local diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingGossipingRequestManager.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingKeyRequestManager.kt similarity index 61% rename from matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingGossipingRequestManager.kt rename to matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingKeyRequestManager.kt index 0662be1e59..d8d3296d25 100755 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingGossipingRequestManager.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingKeyRequestManager.kt @@ -23,19 +23,23 @@ import kotlinx.coroutines.cancel import kotlinx.coroutines.launch import kotlinx.coroutines.withContext import org.matrix.android.sdk.api.MatrixCoroutineDispatchers -import org.matrix.android.sdk.api.crypto.MXCRYPTO_ALGORITHM_MEGOLM +import org.matrix.android.sdk.api.crypto.MXCryptoConfig +import org.matrix.android.sdk.api.extensions.tryOrNull import org.matrix.android.sdk.api.logger.LoggerTag -import org.matrix.android.sdk.api.session.crypto.model.GossipingToDeviceObject -import org.matrix.android.sdk.api.session.crypto.model.MXUsersDevicesMap -import org.matrix.android.sdk.api.session.crypto.model.OutgoingRoomKeyRequestState -import org.matrix.android.sdk.api.session.crypto.model.RoomKeyRequestBody -import org.matrix.android.sdk.api.session.crypto.model.RoomKeyShareRequest import org.matrix.android.sdk.api.session.events.model.Event import org.matrix.android.sdk.api.session.events.model.EventType +import org.matrix.android.sdk.api.session.events.model.toModel +import org.matrix.android.sdk.internal.crypto.crosssigning.fromBase64 +import org.matrix.android.sdk.internal.crypto.model.MXUsersDevicesMap +import org.matrix.android.sdk.internal.crypto.model.event.EncryptedEventContent +import org.matrix.android.sdk.internal.crypto.model.rest.GossipingToDeviceObject +import org.matrix.android.sdk.internal.crypto.model.rest.RoomKeyRequestBody +import org.matrix.android.sdk.internal.crypto.model.rest.RoomKeyShareRequest import org.matrix.android.sdk.internal.crypto.store.IMXCryptoStore import org.matrix.android.sdk.internal.crypto.tasks.DefaultSendToDeviceTask import org.matrix.android.sdk.internal.crypto.tasks.SendToDeviceTask import org.matrix.android.sdk.internal.di.SessionId +import org.matrix.android.sdk.internal.di.UserId import org.matrix.android.sdk.internal.session.SessionScope import org.matrix.android.sdk.internal.task.SemaphoreCoroutineSequencer import timber.log.Timber @@ -44,7 +48,7 @@ import java.util.concurrent.Executors import javax.inject.Inject import kotlin.system.measureTimeMillis -private val loggerTag = LoggerTag("OutgoingGossipingRequestManager", LoggerTag.CRYPTO) +private val loggerTag = LoggerTag("OutgoingKeyRequestManager", LoggerTag.CRYPTO) /** * This class is responsible for sending key requests to other devices when a message failed to decrypt. @@ -54,10 +58,13 @@ private val loggerTag = LoggerTag("OutgoingGossipingRequestManager", LoggerTag.C * If a request failed it will be retried at the end of the next sync */ @SessionScope -internal class OutgoingGossipingRequestManager @Inject constructor( +internal class OutgoingKeyRequestManager @Inject constructor( @SessionId private val sessionId: String, + @UserId private val myUserId: String, private val cryptoStore: IMXCryptoStore, private val coroutineDispatchers: MatrixCoroutineDispatchers, + private val cryptoConfig: MXCryptoConfig, + private val inboundGroupSessionStore: InboundGroupSessionStore, private val sendToDeviceTask: DefaultSendToDeviceTask, private val perSessionBackupQueryRateLimiter: PerSessionBackupQueryRateLimiter) { @@ -70,10 +77,71 @@ internal class OutgoingGossipingRequestManager @Inject constructor( // We keep a stack as we consider that the key requested last is more likely to be on screen? private val requestDiscardedBecauseAlreadySentThatCouldBeTriedWithBackup = Stack() - fun postRoomKeyRequest(requestBody: RoomKeyRequestBody, recipients: Map>, force: Boolean = false) { + fun requestKeyForEvent(event: Event, force: Boolean) { + val (targets, body) = getRoomKeyRequestTargetForEvent(event) ?: return + val index = ratchetIndexForMessage(event) ?: 0 + postRoomKeyRequest(body, targets, index, force) + } + + private fun getRoomKeyRequestTargetForEvent(event: Event): Pair>, RoomKeyRequestBody>? { + val sender = event.senderId ?: return null + val encryptedEventContent = event.content.toModel() ?: return null.also { + Timber.tag(loggerTag.value).e("getRoomKeyRequestTargetForEvent Failed to re-request key, null content") + } + if (encryptedEventContent.algorithm != MXCRYPTO_ALGORITHM_MEGOLM) return null + + val senderDevice = encryptedEventContent.deviceId + val recipients = if (cryptoConfig.limitRoomKeyRequestsToMyDevices) { + mapOf( + myUserId to listOf("*") + ) + } else { + if (event.senderId == myUserId) { + mapOf( + myUserId to listOf("*") + ) + } else { + // for the case where you share the key with a device that has a broken olm session + // The other user might Re-shares a megolm session key with devices if the key has already been + // sent to them. + mapOf( + myUserId to listOf("*"), + + // TODO we might not have deviceId in the future due to https://github.com/matrix-org/matrix-spec-proposals/pull/3700 + // so in this case query to all + sender to listOf(senderDevice ?: "*") + ) + } + } + + val requestBody = RoomKeyRequestBody( + roomId = event.roomId, + algorithm = encryptedEventContent.algorithm, + senderKey = encryptedEventContent.senderKey, + sessionId = encryptedEventContent.sessionId + ) + return recipients to requestBody + } + + private fun ratchetIndexForMessage(event: Event): Int? { + val encryptedContent = event.content.toModel() ?: return null + if (encryptedContent.algorithm != MXCRYPTO_ALGORITHM_MEGOLM) return null + return encryptedContent.ciphertext?.fromBase64()?.inputStream()?.reader()?.let { + tryOrNull { + val megolmVersion = it.read() + if (megolmVersion != 3) return@tryOrNull null + /** Int tag */ + /** Int tag */ + if (it.read() != 8) return@tryOrNull null + it.read() + } + } + } + + fun postRoomKeyRequest(requestBody: RoomKeyRequestBody, recipients: Map>, fromIndex: Int, force: Boolean = false) { outgoingRequestScope.launch { sequencer.post { - internalQueueRequest(requestBody, recipients, force) + internalQueueRequest(requestBody, recipients, fromIndex, force) } } } @@ -81,10 +149,10 @@ internal class OutgoingGossipingRequestManager @Inject constructor( /** * Typically called when we the session as been imported or received meanwhile */ - fun postCancelRequestForSessionIfNeeded(sessionId: String, roomId: String, senderKey: String) { + fun postCancelRequestForSessionIfNeeded(sessionId: String, roomId: String, senderKey: String, fromIndex: Int) { outgoingRequestScope.launch { sequencer.post { - internalQueueCancelRequest(sessionId, roomId, senderKey) + internalQueueCancelRequest(sessionId, roomId, senderKey, fromIndex) } } } @@ -94,17 +162,24 @@ internal class OutgoingGossipingRequestManager @Inject constructor( roomId: String, senderKey: String, fromDevice: String?, + fromIndex: Int, event: Event) { - Timber.tag(loggerTag.value).v("Key forwarded for $sessionId from ${event.senderId}|$fromDevice") + Timber.tag(loggerTag.value).d("Key forwarded for $sessionId from ${event.senderId}|$fromDevice at index $fromIndex") outgoingRequestScope.launch { sequencer.post { cryptoStore.updateOutgoingRoomKeyReply( - roomId, - sessionId, - algorithm, - senderKey, - fromDevice, - event + roomId = roomId, + sessionId = sessionId, + algorithm = algorithm, + senderKey = senderKey, + fromDevice = fromDevice, + // strip out encrypted stuff as it's just a trail? + event = event.copy( + type = event.getClearType(), + content = mapOf( + "chain_index" to fromIndex + ) + ) ) } } @@ -120,12 +195,12 @@ internal class OutgoingGossipingRequestManager @Inject constructor( sequencer.post { Timber.tag(loggerTag.value).d("Withheld received for $sessionId from ${event.senderId}|$fromDevice") cryptoStore.updateOutgoingRoomKeyReply( - roomId, - sessionId, - algorithm, - senderKey, - fromDevice, - event + roomId = roomId, + sessionId = sessionId, + algorithm = algorithm, + senderKey = senderKey, + fromDevice = fromDevice, + event = event ) } } @@ -142,7 +217,7 @@ internal class OutgoingGossipingRequestManager @Inject constructor( } } - private fun internalQueueCancelRequest(sessionId: String, roomId: String, senderKey: String) { + private fun internalQueueCancelRequest(sessionId: String, roomId: String, senderKey: String, localKnownChainIndex: Int) { // do we have known requests for that session?? Timber.tag(loggerTag.value).v("Cancel Key Request if needed for $sessionId") val knownRequest = cryptoStore.getOutgoingRoomKeyRequest( @@ -161,18 +236,29 @@ internal class OutgoingGossipingRequestManager @Inject constructor( knownRequest.forEach { request -> when (request.state) { OutgoingRoomKeyRequestState.UNSENT -> { - cryptoStore.deleteOutgoingRoomKeyRequest(request.requestId) + if (request.fromIndex >= localKnownChainIndex) { + // we have a good index we can cancel + cryptoStore.deleteOutgoingRoomKeyRequest(request.requestId) + } } OutgoingRoomKeyRequestState.SENT -> { - // It was already sent, so cancel - cryptoStore.updateOutgoingRoomKeyRequestState(request.requestId, OutgoingRoomKeyRequestState.CANCELLATION_PENDING) + // It was already sent, and index satisfied we can cancel + if (request.fromIndex >= localKnownChainIndex) { + cryptoStore.updateOutgoingRoomKeyRequestState(request.requestId, OutgoingRoomKeyRequestState.CANCELLATION_PENDING) + } } OutgoingRoomKeyRequestState.CANCELLATION_PENDING -> { // It is already marked to be cancelled } OutgoingRoomKeyRequestState.CANCELLATION_PENDING_AND_WILL_RESEND -> { - // we just want to cancel now - cryptoStore.updateOutgoingRoomKeyRequestState(request.requestId, OutgoingRoomKeyRequestState.CANCELLATION_PENDING) + if (request.fromIndex >= localKnownChainIndex) { + // we just want to cancel now + cryptoStore.updateOutgoingRoomKeyRequestState(request.requestId, OutgoingRoomKeyRequestState.CANCELLATION_PENDING) + } + } + OutgoingRoomKeyRequestState.SENT_THEN_CANCELED -> { + // was already canceled + // if we need a better index, should we resend? } } } @@ -187,19 +273,24 @@ internal class OutgoingGossipingRequestManager @Inject constructor( } } - private fun internalQueueRequest(requestBody: RoomKeyRequestBody, recipients: Map>, force: Boolean) { - Timber.tag(loggerTag.value).d("Queueing key request for ${requestBody.sessionId}") - val existing = cryptoStore.getOrAddOutgoingRoomKeyRequest(requestBody, recipients) - when (existing.state) { + private fun internalQueueRequest(requestBody: RoomKeyRequestBody, recipients: Map>, fromIndex: Int, force: Boolean) { + Timber.tag(loggerTag.value).d("Queueing key request for ${requestBody.sessionId} force:$force") + val existing = cryptoStore.getOutgoingRoomKeyRequest(requestBody) + Timber.tag(loggerTag.value).v("Queueing key request exiting is ${existing?.state}") + when (existing?.state) { + null -> { + // create a new one + cryptoStore.getOrAddOutgoingRoomKeyRequest(requestBody, recipients, fromIndex) + } OutgoingRoomKeyRequestState.UNSENT -> { // nothing it's new or not yet handled } OutgoingRoomKeyRequestState.SENT -> { // it was already requested - Timber.tag(loggerTag.value).w("The session ${requestBody.sessionId} is already requested") + Timber.tag(loggerTag.value).d("The session ${requestBody.sessionId} is already requested") if (force) { // update to UNSENT - Timber.tag(loggerTag.value).w(".. force to request ${requestBody.sessionId}") + Timber.tag(loggerTag.value).d(".. force to request ${requestBody.sessionId}") cryptoStore.updateOutgoingRoomKeyRequestState(existing.requestId, OutgoingRoomKeyRequestState.CANCELLATION_PENDING_AND_WILL_RESEND) } else { requestDiscardedBecauseAlreadySentThatCouldBeTriedWithBackup.push(existing.requestId) @@ -214,6 +305,17 @@ internal class OutgoingGossipingRequestManager @Inject constructor( OutgoingRoomKeyRequestState.CANCELLATION_PENDING_AND_WILL_RESEND -> { // It's already going to resend } + OutgoingRoomKeyRequestState.SENT_THEN_CANCELED -> { + if (force) { + cryptoStore.deleteOutgoingRoomKeyRequest(existing.requestId) + cryptoStore.getOrAddOutgoingRoomKeyRequest(requestBody, recipients, fromIndex) + } + } + } + + if (existing != null && existing.fromIndex >= fromIndex) { + // update the required index + cryptoStore.updateOutgoingRoomKeyRequiredIndex(existing.requestId, fromIndex) } } @@ -227,6 +329,7 @@ internal class OutgoingGossipingRequestManager @Inject constructor( OutgoingRoomKeyRequestState.UNSENT -> handleUnsentRequest(it) OutgoingRoomKeyRequestState.CANCELLATION_PENDING -> handleRequestToCancel(it) OutgoingRoomKeyRequestState.CANCELLATION_PENDING_AND_WILL_RESEND -> handleRequestToCancelWillResend(it) + OutgoingRoomKeyRequestState.SENT_THEN_CANCELED, OutgoingRoomKeyRequestState.SENT -> { // these are filtered out } @@ -260,10 +363,16 @@ internal class OutgoingGossipingRequestManager @Inject constructor( val sessionId = request.sessionId ?: return val roomId = request.roomId ?: return if (perSessionBackupQueryRateLimiter.tryFromBackupIfPossible(sessionId, roomId)) { - // we found the key in backup, so we can just mark as cancelled, no need to send request - Timber.tag(loggerTag.value).v("Megolm session $sessionId successfully restored from backup, do not send request") - cryptoStore.deleteOutgoingRoomKeyRequest(request.requestId) - return + // let's see what's the index + val knownIndex = tryOrNull { + inboundGroupSessionStore.getInboundGroupSession(sessionId, request.requestBody?.senderKey ?: "")?.wrapper?.firstKnownIndex + } + if (knownIndex != null && knownIndex <= request.fromIndex) { + // we found the key in backup with good enough index, so we can just mark as cancelled, no need to send request + Timber.tag(loggerTag.value).v("Megolm session $sessionId successfully restored from backup, do not send request") + cryptoStore.deleteOutgoingRoomKeyRequest(request.requestId) + return + } } // we need to send the request @@ -322,9 +431,9 @@ internal class OutgoingGossipingRequestManager @Inject constructor( withContext(coroutineDispatchers.io) { sendToDeviceTask.executeRetry(params, 3) } - // The request cancellation was sent, we can forget about it - cryptoStore.deleteOutgoingRoomKeyRequest(request.requestId) - // TODO update the audit trail + // The request cancellation was sent, we don't delete yet because we want + // to keep trace of the sent replies + cryptoStore.updateOutgoingRoomKeyRequestState(request.requestId, OutgoingRoomKeyRequestState.SENT_THEN_CANCELED) true } catch (failure: Throwable) { Timber.tag(loggerTag.value).v("Failed to cancel request ${request.requestId} for session $sessionId targets:${request.recipients}") @@ -334,10 +443,9 @@ internal class OutgoingGossipingRequestManager @Inject constructor( private suspend fun handleRequestToCancelWillResend(request: OutgoingKeyRequest) { if (handleRequestToCancel(request)) { - // we have to create a new unsent one - val body = request.requestBody ?: return - // this will create a new unsent request that will be process in the following call - cryptoStore.getOrAddOutgoingRoomKeyRequest(body, request.recipients) + // this will create a new unsent request with no replies that will be process in the following call + cryptoStore.deleteOutgoingRoomKeyRequest(request.requestId) + request.requestBody?.let { cryptoStore.getOrAddOutgoingRoomKeyRequest(it, request.recipients, request.fromIndex) } } } } diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/model/OutgoingGossipingRequestState.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingRoomKeyRequestState.kt similarity index 92% rename from matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/model/OutgoingGossipingRequestState.kt rename to matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingRoomKeyRequestState.kt index 99c3c37773..98019200d0 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/model/OutgoingGossipingRequestState.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingRoomKeyRequestState.kt @@ -14,11 +14,12 @@ * limitations under the License. */ -package org.matrix.android.sdk.api.session.crypto.model +package org.matrix.android.sdk.internal.crypto enum class OutgoingRoomKeyRequestState { UNSENT, SENT, + SENT_THEN_CANCELED, CANCELLATION_PENDING, CANCELLATION_PENDING_AND_WILL_RESEND; diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/SecretShareManager.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/SecretShareManager.kt index 9adef9df9f..1905c540ef 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/SecretShareManager.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/SecretShareManager.kt @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 New Vector Ltd + * Copyright (c) 2022 The Matrix.org Foundation C.I.C. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -28,6 +28,7 @@ import org.matrix.android.sdk.api.session.crypto.crosssigning.KEYBACKUP_SECRET_S import org.matrix.android.sdk.api.session.crypto.crosssigning.MASTER_KEY_SSSS_NAME import org.matrix.android.sdk.api.session.crypto.crosssigning.SELF_SIGNING_KEY_SSSS_NAME import org.matrix.android.sdk.api.session.crypto.crosssigning.USER_SIGNING_KEY_SSSS_NAME +import org.matrix.android.sdk.api.session.crypto.keyshare.GossipingRequestListener import org.matrix.android.sdk.api.session.events.model.Event import org.matrix.android.sdk.api.session.events.model.EventType import org.matrix.android.sdk.api.session.events.model.toModel @@ -75,6 +76,21 @@ internal class SecretShareManager @Inject constructor( */ private val outgoingSecretRequests = mutableListOf() + // the listeners + private val gossipingRequestListeners: MutableSet = HashSet() + + fun addListener(listener: GossipingRequestListener) { + synchronized(gossipingRequestListeners) { + gossipingRequestListeners.add(listener) + } + } + + fun removeRoomKeysRequestListener(listener: GossipingRequestListener) { + synchronized(gossipingRequestListeners) { + gossipingRequestListeners.remove(listener) + } + } + /** * Called when a session has been verified. * This information can be used by the manager to decide whether or not to fullfill gossiping requests. @@ -140,7 +156,11 @@ internal class SecretShareManager @Inject constructor( else -> null } if (secretValue == null) { - Timber.e("The secret is unknown $secretName") + Timber.i("The secret is unknown $secretName, passing to app layer") + val toList = synchronized(gossipingRequestListeners) { gossipingRequestListeners.toList() } + toList.onEach { listener -> + listener.onSecretShareRequest(request) + } return } diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/actions/MegolmSessionDataImporter.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/actions/MegolmSessionDataImporter.kt index af30072765..7b4df00282 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/actions/MegolmSessionDataImporter.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/actions/MegolmSessionDataImporter.kt @@ -17,12 +17,13 @@ package org.matrix.android.sdk.internal.crypto.actions import androidx.annotation.WorkerThread +import org.matrix.android.sdk.api.extensions.tryOrNull import org.matrix.android.sdk.api.listeners.ProgressListener import org.matrix.android.sdk.api.session.crypto.model.ImportRoomKeysResult import org.matrix.android.sdk.api.logger.LoggerTag import org.matrix.android.sdk.internal.crypto.MXOlmDevice import org.matrix.android.sdk.internal.crypto.MegolmSessionData -import org.matrix.android.sdk.internal.crypto.OutgoingGossipingRequestManager +import org.matrix.android.sdk.internal.crypto.OutgoingKeyRequestManager import org.matrix.android.sdk.internal.crypto.RoomDecryptorProvider import org.matrix.android.sdk.internal.crypto.algorithms.megolm.MXMegolmDecryption import org.matrix.android.sdk.internal.crypto.store.IMXCryptoStore @@ -33,7 +34,7 @@ private val loggerTag = LoggerTag("MegolmSessionDataImporter", LoggerTag.CRYPTO) internal class MegolmSessionDataImporter @Inject constructor(private val olmDevice: MXOlmDevice, private val roomDecryptorProvider: RoomDecryptorProvider, - private val outgoingGossipingRequestManager: OutgoingGossipingRequestManager, + private val outgoingKeyRequestManager: OutgoingKeyRequestManager, private val cryptoStore: IMXCryptoStore) { /** @@ -71,10 +72,15 @@ internal class MegolmSessionDataImporter @Inject constructor(private val olmDevi // cancel any outstanding room key requests for this session Timber.tag(loggerTag.value).d("Imported megolm session $sessionId from backup=$fromBackup in ${megolmSessionData.roomId}") - outgoingGossipingRequestManager.postCancelRequestForSessionIfNeeded( + outgoingKeyRequestManager.postCancelRequestForSessionIfNeeded( megolmSessionData.sessionId ?: "", megolmSessionData.roomId ?: "", - megolmSessionData.senderKey ?: "" + megolmSessionData.senderKey ?: "", + tryOrNull { + olmInboundGroupSessionWrappers + .firstOrNull { it.olmInboundGroupSession?.sessionIdentifier() == megolmSessionData.sessionId } + ?.firstKnownIndex?.toInt() + } ?: 0 ) // Have another go at decrypting events sent with this session diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/algorithms/IMXDecrypting.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/algorithms/IMXDecrypting.kt index 2ea4e1dd29..d555062442 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/algorithms/IMXDecrypting.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/algorithms/IMXDecrypting.kt @@ -17,8 +17,6 @@ package org.matrix.android.sdk.internal.crypto.algorithms import org.matrix.android.sdk.api.session.crypto.MXCryptoError -import org.matrix.android.sdk.api.session.crypto.model.IncomingRoomKeyRequest -import org.matrix.android.sdk.api.session.crypto.model.IncomingSecretShareRequest import org.matrix.android.sdk.api.session.crypto.model.MXEventDecryptionResult import org.matrix.android.sdk.api.session.events.model.Event import org.matrix.android.sdk.internal.crypto.keysbackup.DefaultKeysBackupService @@ -44,23 +42,4 @@ internal interface IMXDecrypting { * @param event the key event. */ fun onRoomKeyEvent(event: Event, defaultKeysBackupService: DefaultKeysBackupService) {} - - /** - * Determine if we have the keys necessary to respond to a room key request - * - * @param request keyRequest - * @return true if we have the keys and could (theoretically) share - */ - fun hasKeysForKeyRequest(request: IncomingRoomKeyRequest): Boolean = false - - /** - * Send the response to a room key request. - * - * @param request keyRequest - */ - fun shareKeysWithDevice(request: IncomingRoomKeyRequest) {} - - fun shareSecretWithDevice(request: IncomingSecretShareRequest, secretValue: String) {} - - fun requestKeysForEvent(event: Event, withHeld: Boolean) } diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/algorithms/megolm/MXMegolmDecryption.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/algorithms/megolm/MXMegolmDecryption.kt index 191930b4c8..4b90617998 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/algorithms/megolm/MXMegolmDecryption.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/algorithms/megolm/MXMegolmDecryption.kt @@ -17,48 +17,31 @@ package org.matrix.android.sdk.internal.crypto.algorithms.megolm import dagger.Lazy -import kotlinx.coroutines.CoroutineScope -import kotlinx.coroutines.launch -import kotlinx.coroutines.sync.withLock -import org.matrix.android.sdk.api.MatrixCoroutineDispatchers import org.matrix.android.sdk.api.logger.LoggerTag import org.matrix.android.sdk.api.session.crypto.MXCryptoError import org.matrix.android.sdk.api.session.crypto.NewSessionListener import org.matrix.android.sdk.api.session.crypto.model.ForwardedRoomKeyContent -import org.matrix.android.sdk.api.session.crypto.model.IncomingRoomKeyRequest import org.matrix.android.sdk.api.session.crypto.model.MXEventDecryptionResult -import org.matrix.android.sdk.api.session.crypto.model.MXUsersDevicesMap -import org.matrix.android.sdk.api.session.crypto.model.RoomKeyRequestBody import org.matrix.android.sdk.api.session.events.model.Event import org.matrix.android.sdk.api.session.events.model.EventType import org.matrix.android.sdk.api.session.events.model.content.EncryptedEventContent import org.matrix.android.sdk.api.session.events.model.content.RoomKeyContent import org.matrix.android.sdk.api.session.events.model.toModel -import org.matrix.android.sdk.internal.crypto.DeviceListManager import org.matrix.android.sdk.internal.crypto.MXOlmDevice -import org.matrix.android.sdk.internal.crypto.OutgoingGossipingRequestManager -import org.matrix.android.sdk.internal.crypto.actions.EnsureOlmSessionsForDevicesAction -import org.matrix.android.sdk.internal.crypto.actions.MessageEncrypter import org.matrix.android.sdk.internal.crypto.algorithms.IMXDecrypting import org.matrix.android.sdk.internal.crypto.keysbackup.DefaultKeysBackupService +import org.matrix.android.sdk.internal.crypto.OutgoingKeyRequestManager import org.matrix.android.sdk.internal.crypto.store.IMXCryptoStore -import org.matrix.android.sdk.internal.crypto.tasks.SendToDeviceTask import org.matrix.android.sdk.internal.session.StreamEventsManager import timber.log.Timber private val loggerTag = LoggerTag("MXMegolmDecryption", LoggerTag.CRYPTO) -internal class MXMegolmDecryption(private val userId: String, - private val olmDevice: MXOlmDevice, - private val deviceListManager: DeviceListManager, - private val outgoingGossipingRequestManager: OutgoingGossipingRequestManager, - private val messageEncrypter: MessageEncrypter, - private val ensureOlmSessionsForDevicesAction: EnsureOlmSessionsForDevicesAction, - private val cryptoStore: IMXCryptoStore, - private val sendToDeviceTask: SendToDeviceTask, - private val coroutineDispatchers: MatrixCoroutineDispatchers, - private val cryptoCoroutineScope: CoroutineScope, - private val liveEventManager: Lazy +internal class MXMegolmDecryption( + private val olmDevice: MXOlmDevice, + private val outgoingKeyRequestManager: OutgoingKeyRequestManager, + private val cryptoStore: IMXCryptoStore, + private val liveEventManager: Lazy ) : IMXDecrypting { var newSessionListener: NewSessionListener? = null @@ -122,23 +105,9 @@ internal class MXMegolmDecryption(private val userId: String, if (throwable is MXCryptoError.OlmError) { // TODO Check the value of .message if (throwable.olmException.message == "UNKNOWN_MESSAGE_INDEX") { - // addEventToPendingList(event, timeline) - // The session might has been partially withheld (and only pass ratcheted) - val withHeldInfo = cryptoStore.getWithHeldMegolmSession(event.roomId, encryptedEventContent.sessionId) - if (withHeldInfo != null) { - if (requestKeysOnFail) { - requestKeysForEvent(event, true) - } - // Encapsulate as withHeld exception - throw MXCryptoError.Base(MXCryptoError.ErrorType.KEYS_WITHHELD, - withHeldInfo.code?.value ?: "", - withHeldInfo.reason) - } - if (requestKeysOnFail) { - requestKeysForEvent(event, false) + requestKeysForEvent(event) } - throw MXCryptoError.Base( MXCryptoError.ErrorType.UNKNOWN_MESSAGE_INDEX, "UNKNOWN_MESSAGE_INDEX", @@ -154,25 +123,9 @@ internal class MXMegolmDecryption(private val userId: String, detailedReason) } if (throwable is MXCryptoError.Base) { - if ( - /** if the session is unknown*/ - throwable.errorType == MXCryptoError.ErrorType.UNKNOWN_INBOUND_SESSION_ID - ) { - val withHeldInfo = cryptoStore.getWithHeldMegolmSession(event.roomId, encryptedEventContent.sessionId) - if (withHeldInfo != null) { - if (requestKeysOnFail) { - requestKeysForEvent(event, true) - } - // Encapsulate as withHeld exception - throw MXCryptoError.Base(MXCryptoError.ErrorType.KEYS_WITHHELD, - withHeldInfo.code?.value ?: "", - withHeldInfo.reason) - } else { - // This is un-used in Matrix Android SDK2, not sure if needed - // addEventToPendingList(event, timeline) - if (requestKeysOnFail) { - requestKeysForEvent(event, false) - } + if (throwable.errorType == MXCryptoError.ErrorType.UNKNOWN_INBOUND_SESSION_ID) { + if (requestKeysOnFail) { + requestKeysForEvent(event) } } } @@ -188,60 +141,10 @@ internal class MXMegolmDecryption(private val userId: String, * * @param event the event */ - override fun requestKeysForEvent(event: Event, withHeld: Boolean) { - val sender = event.senderId ?: return - val encryptedEventContent = event.content.toModel() ?: return Unit.also { - Timber.tag(loggerTag.value).e("requestRoomKeyForEvent Failed to re-request key, null content") - } - val senderDevice = encryptedEventContent.deviceId - - val recipients = if (event.senderId == userId || withHeld) { - mapOf( - userId to listOf("*") - ) - } else { - // for the case where you share the key with a device that has a broken olm session - // The other user might Re-shares a megolm session key with devices if the key has already been - // sent to them. - mapOf( - userId to listOf("*"), - - // TODO we might not have deviceId in the future due to https://github.com/matrix-org/matrix-spec-proposals/pull/3700 - // so in this case query to all - sender to listOf(senderDevice ?: "*") - ) - } - - val requestBody = RoomKeyRequestBody( - roomId = event.roomId, - algorithm = encryptedEventContent.algorithm, - senderKey = encryptedEventContent.senderKey, - sessionId = encryptedEventContent.sessionId - ) - - outgoingGossipingRequestManager.postRoomKeyRequest(requestBody, recipients, force = withHeld) + private fun requestKeysForEvent(event: Event) { + outgoingKeyRequestManager.requestKeyForEvent(event, false) } -// /** -// * Add an event to the list of those we couldn't decrypt the first time we -// * saw them. -// * -// * @param event the event to try to decrypt later -// * @param timelineId the timeline identifier -// */ -// private fun addEventToPendingList(event: Event, timelineId: String) { -// val encryptedEventContent = event.content.toModel() ?: return -// val pendingEventsKey = "${encryptedEventContent.senderKey}|${encryptedEventContent.sessionId}" -// -// val timeline = pendingEvents.getOrPut(pendingEventsKey) { HashMap() } -// val events = timeline.getOrPut(timelineId) { ArrayList() } -// -// if (event !in events) { -// Timber.v("## CRYPTO | addEventToPendingList() : add Event ${event.eventId} in room id ${event.roomId}") -// events.add(event) -// } -// } - /** * Handle a key event. * @@ -289,16 +192,6 @@ internal class MXMegolmDecryption(private val userId: String, } keysClaimed["ed25519"] = forwardedRoomKeyContent.senderClaimedEd25519Key - - val fromDevice = event.getSenderKey()?.let { cryptoStore.deviceWithIdentityKey(it) }?.deviceId - - outgoingGossipingRequestManager.onRoomKeyForwarded( - sessionId = roomKeyContent.sessionId, - algorithm = roomKeyContent.algorithm ?: "", - roomId = roomKeyContent.roomId, - senderKey = forwardedRoomKeyContent.senderKey ?: "", - fromDevice = fromDevice, - event = event) } else { Timber.tag(loggerTag.value).i("onRoomKeyEvent(), Adding key : ${roomKeyContent.roomId}|${roomKeyContent.sessionId}") if (null == senderKey) { @@ -319,13 +212,38 @@ internal class MXMegolmDecryption(private val userId: String, keysClaimed, exportFormat) - if (added) { + when (added) { + is MXOlmDevice.AddSessionResult.Imported -> added.ratchetIndex + is MXOlmDevice.AddSessionResult.NotImportedHigherIndex -> added.newIndex + else -> null + }?.let { index -> + if (event.getClearType() == EventType.FORWARDED_ROOM_KEY) { + val fromDevice = (event.content?.get("sender_key") as? String)?.let { senderDeviceIdentityKey -> + cryptoStore.getUserDeviceList(event.senderId ?: "") + ?.firstOrNull { + it.identityKey() == senderDeviceIdentityKey + } + }?.deviceId + + outgoingKeyRequestManager.onRoomKeyForwarded( + sessionId = roomKeyContent.sessionId, + algorithm = roomKeyContent.algorithm ?: "", + roomId = roomKeyContent.roomId, + senderKey = senderKey, + fromIndex = index, + fromDevice = fromDevice, + event = event) + + // The index is used to decide if we cancel sent request or if we wait for a better key + outgoingKeyRequestManager.postCancelRequestForSessionIfNeeded(roomKeyContent.sessionId, roomKeyContent.roomId, senderKey, index) + } + } + + if (added is MXOlmDevice.AddSessionResult.Imported) { Timber.tag(loggerTag.value) .d("onRoomKeyEvent(${event.getClearType()}) : Added megolm session ${roomKeyContent.sessionId} in ${roomKeyContent.roomId}") defaultKeysBackupService.maybeBackupKeys() - outgoingGossipingRequestManager.postCancelRequestForSessionIfNeeded(roomKeyContent.sessionId, roomKeyContent.roomId, senderKey) - onNewSession(roomKeyContent.roomId, senderKey, roomKeyContent.sessionId) } } @@ -341,72 +259,4 @@ internal class MXMegolmDecryption(private val userId: String, Timber.tag(loggerTag.value).v("ON NEW SESSION $sessionId - $senderKey") newSessionListener?.onNewSession(roomId, senderKey, sessionId) } - - override fun hasKeysForKeyRequest(request: IncomingRoomKeyRequest): Boolean { - val roomId = request.requestBody?.roomId ?: return false - val senderKey = request.requestBody.senderKey ?: return false - val sessionId = request.requestBody.sessionId ?: return false - return olmDevice.hasInboundSessionKeys(roomId, senderKey, sessionId) - } - - override fun shareKeysWithDevice(request: IncomingRoomKeyRequest) { - // sanity checks - if (request.requestBody == null) { - return - } - val userId = request.userId ?: return - - cryptoCoroutineScope.launch(coroutineDispatchers.crypto) { - val body = request.requestBody - val sessionHolder = try { - olmDevice.getInboundGroupSession(body.sessionId, body.senderKey, body.roomId) - } catch (failure: Throwable) { - Timber.tag(loggerTag.value).e(failure, "shareKeysWithDevice: failed to get session for request $body") - return@launch - } - - val export = sessionHolder.mutex.withLock { - sessionHolder.wrapper.exportKeys() - } ?: return@launch Unit.also { - Timber.tag(loggerTag.value).e("shareKeysWithDevice: failed to export group session ${body.sessionId}") - } - - runCatching { deviceListManager.downloadKeys(listOf(userId), false) } - .mapCatching { - val deviceId = request.deviceId - val deviceInfo = cryptoStore.getUserDevice(userId, deviceId ?: "") - if (deviceInfo == null) { - throw RuntimeException() - } else { - val devicesByUser = mapOf(userId to listOf(deviceInfo)) - val usersDeviceMap = ensureOlmSessionsForDevicesAction.handle(devicesByUser) - val olmSessionResult = usersDeviceMap.getObject(userId, deviceId) - if (olmSessionResult?.sessionId == null) { - // no session with this device, probably because there - // were no one-time keys. - Timber.tag(loggerTag.value).e("no session with this device $deviceId, probably because there were no one-time keys.") - return@mapCatching - } - Timber.tag(loggerTag.value).i("shareKeysWithDevice() : sharing session ${body.sessionId} with device $userId:$deviceId") - - val payloadJson = mapOf( - "type" to EventType.FORWARDED_ROOM_KEY, - "content" to export - ) - - val encodedPayload = messageEncrypter.encryptMessage(payloadJson, listOf(deviceInfo)) - val sendToDeviceMap = MXUsersDevicesMap() - sendToDeviceMap.setObject(userId, deviceId, encodedPayload) - Timber.tag(loggerTag.value).i("shareKeysWithDevice() : sending ${body.sessionId} to $userId:$deviceId") - val sendToDeviceParams = SendToDeviceTask.Params(EventType.ENCRYPTED, sendToDeviceMap) - try { - sendToDeviceTask.execute(sendToDeviceParams) - } catch (failure: Throwable) { - Timber.tag(loggerTag.value).e(failure, "shareKeysWithDevice() : Failed to send ${body.sessionId} to $userId:$deviceId") - } - } - } - } - } - } diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/algorithms/megolm/MXMegolmDecryptionFactory.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/algorithms/megolm/MXMegolmDecryptionFactory.kt index 3eba04b9f1..096773a959 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/algorithms/megolm/MXMegolmDecryptionFactory.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/algorithms/megolm/MXMegolmDecryptionFactory.kt @@ -17,45 +17,24 @@ package org.matrix.android.sdk.internal.crypto.algorithms.megolm import dagger.Lazy -import kotlinx.coroutines.CoroutineScope -import org.matrix.android.sdk.api.MatrixCoroutineDispatchers -import org.matrix.android.sdk.internal.crypto.DeviceListManager import org.matrix.android.sdk.internal.crypto.MXOlmDevice -import org.matrix.android.sdk.internal.crypto.OutgoingGossipingRequestManager -import org.matrix.android.sdk.internal.crypto.actions.EnsureOlmSessionsForDevicesAction -import org.matrix.android.sdk.internal.crypto.actions.MessageEncrypter +import org.matrix.android.sdk.internal.crypto.OutgoingKeyRequestManager import org.matrix.android.sdk.internal.crypto.store.IMXCryptoStore -import org.matrix.android.sdk.internal.crypto.tasks.SendToDeviceTask -import org.matrix.android.sdk.internal.di.UserId import org.matrix.android.sdk.internal.session.StreamEventsManager import javax.inject.Inject internal class MXMegolmDecryptionFactory @Inject constructor( - @UserId private val userId: String, private val olmDevice: MXOlmDevice, - private val deviceListManager: DeviceListManager, - private val outgoingGossipingRequestManager: OutgoingGossipingRequestManager, - private val messageEncrypter: MessageEncrypter, - private val ensureOlmSessionsForDevicesAction: EnsureOlmSessionsForDevicesAction, + private val outgoingKeyRequestManager: OutgoingKeyRequestManager, private val cryptoStore: IMXCryptoStore, - private val sendToDeviceTask: SendToDeviceTask, - private val coroutineDispatchers: MatrixCoroutineDispatchers, - private val cryptoCoroutineScope: CoroutineScope, private val eventsManager: Lazy ) { fun create(): MXMegolmDecryption { return MXMegolmDecryption( - userId, olmDevice, - deviceListManager, - outgoingGossipingRequestManager, - messageEncrypter, - ensureOlmSessionsForDevicesAction, + outgoingKeyRequestManager, cryptoStore, - sendToDeviceTask, - coroutineDispatchers, - cryptoCoroutineScope, eventsManager) } } diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/algorithms/olm/MXOlmDecryption.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/algorithms/olm/MXOlmDecryption.kt index 0db8700852..f20085b07c 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/algorithms/olm/MXOlmDecryption.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/algorithms/olm/MXOlmDecryption.kt @@ -241,8 +241,4 @@ internal class MXOlmDecryption( return res["payload"] } - - override fun requestKeysForEvent(event: Event, withHeld: Boolean) { - // nop - } } diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/model/AuditTrail.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/model/AuditTrail.kt index 325d930dc6..dece891439 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/model/AuditTrail.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/model/AuditTrail.kt @@ -65,7 +65,8 @@ data class IncomingKeyRequestInfo( override val senderKey: String, override val alg: String, override val userId: String, - override val deviceId: String + override val deviceId: String, + val requestId: String ) : AuditInfo data class AuditTrail( diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/IMXCryptoStore.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/IMXCryptoStore.kt index b6820e591f..1a8be74d92 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/IMXCryptoStore.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/IMXCryptoStore.kt @@ -25,22 +25,19 @@ import org.matrix.android.sdk.api.session.crypto.crosssigning.PrivateKeysInfo import org.matrix.android.sdk.api.session.crypto.keysbackup.SavedKeyBackupKeyInfo import org.matrix.android.sdk.api.session.crypto.model.CryptoDeviceInfo import org.matrix.android.sdk.api.session.crypto.model.DeviceInfo -import org.matrix.android.sdk.api.session.crypto.model.GossipingRequestState -import org.matrix.android.sdk.api.session.crypto.model.IncomingRoomKeyRequest import org.matrix.android.sdk.api.session.crypto.model.MXUsersDevicesMap -import org.matrix.android.sdk.api.session.crypto.model.OutgoingRoomKeyRequestState import org.matrix.android.sdk.api.session.crypto.model.RoomKeyRequestBody import org.matrix.android.sdk.api.session.events.model.Event import org.matrix.android.sdk.api.session.events.model.content.RoomKeyWithHeldContent import org.matrix.android.sdk.api.session.events.model.content.WithHeldCode import org.matrix.android.sdk.api.util.Optional -import org.matrix.android.sdk.internal.crypto.IncomingShareRequestCommon import org.matrix.android.sdk.internal.crypto.OutgoingKeyRequest -import org.matrix.android.sdk.internal.crypto.OutgoingSecretRequest +import org.matrix.android.sdk.api.session.crypto.model.OutgoingRoomKeyRequestState import org.matrix.android.sdk.internal.crypto.model.AuditTrail import org.matrix.android.sdk.internal.crypto.model.OlmInboundGroupSessionWrapper2 import org.matrix.android.sdk.internal.crypto.model.OlmSessionWrapper import org.matrix.android.sdk.internal.crypto.model.OutboundGroupSessionWrapper +import org.matrix.android.sdk.internal.crypto.model.TrailType import org.matrix.android.sdk.internal.crypto.store.db.model.KeysBackupDataEntity import org.matrix.olm.OlmAccount import org.matrix.olm.OlmOutboundGroupSession @@ -127,18 +124,6 @@ internal interface IMXCryptoStore { */ fun getDeviceTrackingStatuses(): Map - /** - * @return the pending IncomingRoomKeyRequest requests - */ - fun getPendingIncomingRoomKeyRequests(): List - - fun getPendingIncomingGossipingRequests(): List - - fun storeIncomingGossipingRequest(request: IncomingShareRequestCommon, ageLocalTS: Long?) - - fun storeIncomingGossipingRequests(requests: List) -// fun getPendingIncomingSecretShareRequests(): List - /** * Indicate if the store contains data for the passed account. * @@ -389,25 +374,21 @@ internal interface IMXCryptoStore { * @param request the request * @return either the same instance as passed in, or the existing one. */ - fun getOrAddOutgoingRoomKeyRequest(requestBody: RoomKeyRequestBody, recipients: Map>): OutgoingKeyRequest + fun getOrAddOutgoingRoomKeyRequest(requestBody: RoomKeyRequestBody, recipients: Map>, fromIndex: Int): OutgoingKeyRequest fun updateOutgoingRoomKeyRequestState(requestId: String, newState: OutgoingRoomKeyRequestState) + fun updateOutgoingRoomKeyRequiredIndex(requestId: String, newIndex: Int) fun updateOutgoingRoomKeyReply( roomId: String, sessionId: String, algorithm: String, - senderKey: String, fromDevice: String?, event: Event) + senderKey: String, + fromDevice: String?, + event: Event) fun deleteOutgoingRoomKeyRequest(requestId: String) - fun getOrAddOutgoingSecretShareRequest(secretName: String, recipients: Map>): OutgoingSecretRequest? - - @Deprecated("TODO") - fun saveGossipingEvent(event: Event) = saveGossipingEvents(listOf(event)) - - @Deprecated("TODO") - fun saveGossipingEvents(events: List) - fun saveIncomingKeyRequestAuditTrail( + requestId: String, roomId: String, sessionId: String, senderKey: String, @@ -436,32 +417,6 @@ internal interface IMXCryptoStore { chainIndex: Long? ) - fun updateGossipingRequestState(request: IncomingShareRequestCommon, state: GossipingRequestState) { - updateGossipingRequestState( - requestUserId = request.userId, - requestDeviceId = request.deviceId, - requestId = request.requestId, - state = state - ) - } - - fun updateGossipingRequestState(requestUserId: String?, - requestDeviceId: String?, - requestId: String?, - state: GossipingRequestState) - - /** - * Search an IncomingRoomKeyRequest - * - * @param userId the user id - * @param deviceId the device id - * @param requestId the request id - * @return an IncomingRoomKeyRequest if it exists, else null - */ - fun getIncomingRoomKeyRequest(userId: String, deviceId: String, requestId: String): IncomingRoomKeyRequest? - - fun updateOutgoingGossipingRequestState(requestId: String, state: OutgoingRoomKeyRequestState) - fun addNewSessionListener(listener: NewSessionListener) fun removeSessionListener(listener: NewSessionListener) @@ -522,11 +477,8 @@ internal interface IMXCryptoStore { fun getOutgoingRoomKeyRequests(): List fun getOutgoingRoomKeyRequestsPaged(): LiveData> - fun getOutgoingSecretKeyRequests(): List - fun getOutgoingSecretRequest(secretName: String): OutgoingSecretRequest? - fun getIncomingRoomKeyRequests(): List - fun getIncomingRoomKeyRequestsPaged(): LiveData> fun getGossipingEventsTrail(): LiveData> + fun getGossipingEventsTrail(type: TrailType, mapper: ((AuditTrail) -> T)): LiveData> fun getGossipingEvents(): List fun setDeviceKeysUploaded(uploaded: Boolean) diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/RealmCryptoStore.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/RealmCryptoStore.kt index f3bd5c413c..c7cbf9cdf1 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/RealmCryptoStore.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/RealmCryptoStore.kt @@ -36,23 +36,13 @@ import org.matrix.android.sdk.api.session.crypto.crosssigning.PrivateKeysInfo import org.matrix.android.sdk.api.session.crypto.keysbackup.SavedKeyBackupKeyInfo import org.matrix.android.sdk.api.session.crypto.model.CryptoDeviceInfo import org.matrix.android.sdk.api.session.crypto.model.DeviceInfo -import org.matrix.android.sdk.api.session.crypto.model.GossipingRequestState -import org.matrix.android.sdk.api.session.crypto.model.IncomingRoomKeyRequest -import org.matrix.android.sdk.api.session.crypto.model.IncomingSecretShareRequest import org.matrix.android.sdk.api.session.crypto.model.MXUsersDevicesMap -import org.matrix.android.sdk.api.session.crypto.model.OlmDecryptionResult import org.matrix.android.sdk.api.session.crypto.model.OutgoingRoomKeyRequestState import org.matrix.android.sdk.api.session.crypto.model.RoomKeyRequestBody import org.matrix.android.sdk.api.session.events.model.Event import org.matrix.android.sdk.api.session.events.model.content.RoomKeyWithHeldContent import org.matrix.android.sdk.api.session.events.model.content.WithHeldCode -import org.matrix.android.sdk.api.session.room.send.SendState -import org.matrix.android.sdk.api.util.Optional import org.matrix.android.sdk.api.util.toOptional -import org.matrix.android.sdk.internal.crypto.GossipRequestType -import org.matrix.android.sdk.internal.crypto.IncomingShareRequestCommon -import org.matrix.android.sdk.internal.crypto.OutgoingKeyRequest -import org.matrix.android.sdk.internal.crypto.OutgoingSecretRequest import org.matrix.android.sdk.internal.crypto.model.AuditTrail import org.matrix.android.sdk.internal.crypto.model.ForwardInfo import org.matrix.android.sdk.internal.crypto.model.IncomingKeyRequestInfo @@ -74,10 +64,6 @@ import org.matrix.android.sdk.internal.crypto.store.db.model.CryptoRoomEntity import org.matrix.android.sdk.internal.crypto.store.db.model.CryptoRoomEntityFields import org.matrix.android.sdk.internal.crypto.store.db.model.DeviceInfoEntity import org.matrix.android.sdk.internal.crypto.store.db.model.DeviceInfoEntityFields -import org.matrix.android.sdk.internal.crypto.store.db.model.GossipingEventEntity -import org.matrix.android.sdk.internal.crypto.store.db.model.GossipingEventEntityFields -import org.matrix.android.sdk.internal.crypto.store.db.model.IncomingGossipingRequestEntity -import org.matrix.android.sdk.internal.crypto.store.db.model.IncomingGossipingRequestEntityFields import org.matrix.android.sdk.internal.crypto.store.db.model.KeysBackupDataEntity import org.matrix.android.sdk.internal.crypto.store.db.model.MyDeviceLastSeenInfoEntity import org.matrix.android.sdk.internal.crypto.store.db.model.OlmInboundGroupSessionEntity @@ -100,7 +86,6 @@ import org.matrix.android.sdk.internal.crypto.store.db.query.get import org.matrix.android.sdk.internal.crypto.store.db.query.getById import org.matrix.android.sdk.internal.crypto.store.db.query.getOrCreate import org.matrix.android.sdk.internal.crypto.util.RequestIdHelper -import org.matrix.android.sdk.internal.database.mapper.ContentMapper import org.matrix.android.sdk.internal.database.tools.RealmDebugTools import org.matrix.android.sdk.internal.di.CryptoDatabase import org.matrix.android.sdk.internal.di.DeviceId @@ -108,6 +93,7 @@ import org.matrix.android.sdk.internal.di.MoshiProvider import org.matrix.android.sdk.internal.di.UserId import org.matrix.android.sdk.internal.extensions.clearWith import org.matrix.android.sdk.internal.session.SessionScope +import org.matrix.android.sdk.internal.crypto.OutgoingKeyRequest import org.matrix.olm.OlmAccount import org.matrix.olm.OlmException import org.matrix.olm.OlmOutboundGroupSession @@ -115,6 +101,7 @@ import timber.log.Timber import java.util.concurrent.Executors import java.util.concurrent.TimeUnit import javax.inject.Inject +import org.matrix.android.sdk.api.util.Optional private val loggerTag = LoggerTag("RealmCryptoStore", LoggerTag.CRYPTO) @@ -1022,6 +1009,8 @@ internal class RealmCryptoStore @Inject constructor( override fun getOutgoingRoomKeyRequest(requestBody: RoomKeyRequestBody): OutgoingKeyRequest? { return monarchy.fetchAllCopiedSync { realm -> realm.where() + .equalTo(OutgoingKeyRequestEntityFields.ROOM_ID, requestBody.roomId) + .equalTo(OutgoingKeyRequestEntityFields.MEGOLM_SESSION_ID, requestBody.sessionId) }.map { it.toOutgoingGossipingRequest() }.firstOrNull { @@ -1055,41 +1044,25 @@ internal class RealmCryptoStore @Inject constructor( } } - override fun getOutgoingSecretRequest(secretName: String): OutgoingSecretRequest? { -// return monarchy.fetchAllCopiedSync { realm -> -// realm.where() -// .equalTo(OutgoingGossipingRequestEntityFields.TYPE_STR, GossipRequestType.SECRET.name) -// .equalTo(OutgoingGossipingRequestEntityFields.REQUESTED_INFO_STR, secretName) -// }.mapNotNull { -// it.toOutgoingGossipingRequest() as? OutgoingSecretRequest -// }.firstOrNull() - return null - } - - override fun getIncomingRoomKeyRequests(): List { - return monarchy.fetchAllCopiedSync { realm -> - realm.where() - .equalTo(IncomingGossipingRequestEntityFields.TYPE_STR, GossipRequestType.KEY.name) - }.mapNotNull { - it.toIncomingGossipingRequest() as? IncomingRoomKeyRequest - } - } - - override fun getIncomingRoomKeyRequestsPaged(): LiveData> { + override fun getGossipingEventsTrail(): LiveData> { val realmDataSourceFactory = monarchy.createDataSourceFactory { realm -> - realm.where() - .equalTo(IncomingGossipingRequestEntityFields.TYPE_STR, GossipRequestType.KEY.name) - .sort(IncomingGossipingRequestEntityFields.LOCAL_CREATION_TIMESTAMP, Sort.DESCENDING) + realm.where().sort(AuditTrailEntityFields.AGE_LOCAL_TS, Sort.DESCENDING) } val dataSourceFactory = realmDataSourceFactory.map { - it.toIncomingGossipingRequest() as? IncomingRoomKeyRequest - ?: IncomingRoomKeyRequest( - requestBody = null, - deviceId = "", - userId = "", - requestId = "", - state = GossipingRequestState.NONE, - localCreationTimestamp = 0 + AuditTrailMapper.map(it) + // mm we can't map not null... + ?: AuditTrail( + System.currentTimeMillis(), + TrailType.Unknown, + IncomingKeyRequestInfo( + "", + "", + "", + "", + "", + "", + "", + ) ) } return monarchy.findAllPagedWithChanges(realmDataSourceFactory, @@ -1102,831 +1075,557 @@ internal class RealmCryptoStore @Inject constructor( ) } - override fun getGossipingEventsTrail(): LiveData> { + override fun getGossipingEventsTrail(type: TrailType, mapper: ((AuditTrail) -> T)): LiveData> { val realmDataSourceFactory = monarchy.createDataSourceFactory { realm -> - realm.where().sort(AuditTrailEntityFields.AGE_LOCAL_TS, Sort.DESCENDING) - } - val dataSourceFactory = realmDataSourceFactory.map { - AuditTrailMapper.map(it) - // mm we can't map not null... - ?: AuditTrail( - System.currentTimeMillis(), - TrailType.IncomingKeyRequest, - IncomingKeyRequestInfo( - "", - "", - "", - "", - "", - "", - ) - ) - } - val trail = monarchy.findAllPagedWithChanges(realmDataSourceFactory, - LivePagedListBuilder(dataSourceFactory, - PagedList.Config.Builder() - .setPageSize(20) - .setEnablePlaceholders(false) - .setPrefetchDistance(1) - .build()) - ) - return trail - } - - override fun getGossipingEvents(): List { - return monarchy.fetchAllCopiedSync { realm -> realm.where() - }.mapNotNull { - AuditTrailMapper.map(it) + .equalTo(AuditTrailEntityFields.TYPE, type.name) + .sort(AuditTrailEntityFields.AGE_LOCAL_TS, Sort.DESCENDING) } - } - - override fun getOrAddOutgoingRoomKeyRequest(requestBody: RoomKeyRequestBody, recipients: Map>): OutgoingKeyRequest { - // Insert the request and return the one passed in parameter - lateinit var request: OutgoingKeyRequest - doRealmTransaction(realmConfiguration) { realm -> - - val existing = realm.where() - .equalTo(OutgoingKeyRequestEntityFields.MEGOLM_SESSION_ID, requestBody.sessionId) - .equalTo(OutgoingKeyRequestEntityFields.ROOM_ID, requestBody.roomId) - .findAll() - .map { - it.toOutgoingGossipingRequest() - }.also { - if (it.size > 1) { - // there should be one or zero but not more, worth warning - Timber.tag(loggerTag.value).w("There should not be more than one active key request per session") - } - } - .firstOrNull { - it.requestBody?.algorithm == requestBody.algorithm && - it.requestBody?.sessionId == requestBody.sessionId && - it.requestBody?.senderKey == requestBody.senderKey && - it.requestBody?.roomId == requestBody.roomId - } - - if (existing == null) { - request = realm.createObject(OutgoingKeyRequestEntity::class.java).apply { - this.requestId = RequestIdHelper.createUniqueRequestId() - this.setRecipients(recipients) - this.requestState = OutgoingRoomKeyRequestState.UNSENT - this.setRequestBody(requestBody) - this.creationTimeStamp = System.currentTimeMillis() - }.toOutgoingGossipingRequest() - } else { - request = existing - } - } - return request - } - - override fun updateOutgoingRoomKeyRequestState(requestId: String, newState: OutgoingRoomKeyRequestState) { - doRealmTransaction(realmConfiguration) { realm -> - realm.where() - .equalTo(OutgoingKeyRequestEntityFields.REQUEST_ID, requestId) - .findFirst()?.apply { - this.requestState = newState - } - } - } - - override fun updateOutgoingRoomKeyReply(roomId: String, - sessionId: String, - algorithm: String, - senderKey: String, - fromDevice: String?, - event: Event) { - doRealmTransaction(realmConfiguration) { realm -> - realm.where() - .equalTo(OutgoingKeyRequestEntityFields.ROOM_ID, roomId) - .equalTo(OutgoingKeyRequestEntityFields.MEGOLM_SESSION_ID, sessionId) - .findAll().firstOrNull { entity -> - entity.toOutgoingGossipingRequest().let { - it.requestBody?.senderKey == senderKey && - it.requestBody?.algorithm == algorithm - } - }?.apply { - event.senderId?.let { addReply(it, fromDevice, event) } - } - } - } - - override fun deleteOutgoingRoomKeyRequest(requestId: String) { - doRealmTransaction(realmConfiguration) { realm -> - realm.where() - .equalTo(OutgoingKeyRequestEntityFields.REQUEST_ID, requestId) - .findFirst()?.deleteOnCascade() - } - } - - override fun getOrAddOutgoingSecretShareRequest(secretName: String, recipients: Map>): OutgoingSecretRequest? { - return null -// var request: OutgoingSecretRequest? = null -// -// // Insert the request and return the one passed in parameter -// doRealmTransaction(realmConfiguration) { realm -> -// val existing = realm.where() -// .equalTo(OutgoingGossipingRequestEntityFields.TYPE_STR, GossipRequestType.SECRET.name) -// .equalTo(OutgoingGossipingRequestEntityFields.REQUESTED_INFO_STR, secretName) -// .findAll() -// .mapNotNull { -// it.toOutgoingGossipingRequest() as? OutgoingSecretRequest -// }.firstOrNull() -// if (existing == null) { -// request = realm.createObject(OutgoingGossipingRequestEntity::class.java).apply { -// this.type = GossipRequestType.SECRET -// setRecipients(recipients) -// this.requestState = OutgoingRoomKeyRequestEntity.UNSENT -// this.requestId = RequestIdHelper.createUniqueRequestId() -// this.requestedInfoStr = secretName -// }.toOutgoingGossipingRequest() as? OutgoingSecretRequest -// } else { -// request = existing -// } -// } -// -// return request - } - - override fun saveGossipingEvents(events: List) { - monarchy.writeAsync { realm -> - val now = System.currentTimeMillis() - events.forEach { event -> - val ageLocalTs = event.unsignedData?.age?.let { now - it } ?: now - val entity = GossipingEventEntity( - type = event.type, - sender = event.senderId, - ageLocalTs = ageLocalTs, - content = ContentMapper.map(event.content) - ).apply { - sendState = SendState.SYNCED - decryptionResultJson = MoshiProvider.providesMoshi().adapter(OlmDecryptionResult::class.java).toJson(event.mxDecryptionResult) - decryptionErrorCode = event.mCryptoError?.name - } - realm.insertOrUpdate(entity) - } - } - } - - override fun saveIncomingKeyRequestAuditTrail( - roomId: String, - sessionId: String, - senderKey: String, - algorithm: String, - fromUser: String, - fromDevice: String) { - monarchy.writeAsync { realm -> - val now = System.currentTimeMillis() - realm.createObject().apply { - this.ageLocalTs = now - this.type = TrailType.IncomingKeyRequest.name - val info = IncomingKeyRequestInfo( - roomId, - sessionId, - senderKey, - algorithm, - fromUser, - fromDevice - ) - MoshiProvider.providesMoshi().adapter(IncomingKeyRequestInfo::class.java).toJson(info)?.let { - this.contentJson = it - } - } - } - } - - override fun saveWithheldAuditTrail(roomId: String, - sessionId: String, - senderKey: String, - algorithm: String, - code: WithHeldCode, - userId: String, - deviceId: String) { - monarchy.writeAsync { realm -> - val now = System.currentTimeMillis() - realm.createObject().apply { - this.ageLocalTs = now - this.type = TrailType.OutgoingKeyWithheld.name - val info = WithheldInfo( - roomId, - sessionId, - senderKey, - algorithm, - code, - userId, - deviceId - ) - MoshiProvider.providesMoshi().adapter(WithheldInfo::class.java).toJson(info)?.let { - this.contentJson = it - } - } - } - } - - override fun saveForwardKeyAuditTrail(roomId: String, - sessionId: String, - senderKey: String, - algorithm: String, - userId: String, - deviceId: String, - chainIndex: Long?) { - monarchy.writeAsync { realm -> - val now = System.currentTimeMillis() - realm.createObject().apply { - this.ageLocalTs = now - this.type = TrailType.OutgoingKeyForward.name - val info = ForwardInfo( - roomId, - sessionId, - senderKey, - algorithm, - userId, - deviceId, - chainIndex - ) - MoshiProvider.providesMoshi().adapter(ForwardInfo::class.java).toJson(info)?.let { - this.contentJson = it - } - } - } - } -// override fun getOutgoingRoomKeyRequestByState(states: Set): OutgoingRoomKeyRequest? { -// val statesIndex = states.map { it.ordinal }.toTypedArray() -// return doRealmQueryAndCopy(realmConfiguration) { realm -> -// realm.where() -// .equalTo(GossipingEventEntityFields.SENDER, credentials.userId) -// .findAll() -// .filter {entity -> -// states.any { it == entity.requestState} -// } -// }.mapNotNull { -// ContentMapper.map(it.content)?.toModel() -// } -// ?.toOutgoingRoomKeyRequest() -// } -// -// override fun getOutgoingSecretShareRequestByState(states: Set): OutgoingSecretRequest? { -// val statesIndex = states.map { it.ordinal }.toTypedArray() -// return doRealmQueryAndCopy(realmConfiguration) { -// it.where() -// .`in`(OutgoingSecretRequestEntityFields.STATE, statesIndex) -// .findFirst() -// } -// ?.toOutgoingSecretRequest() -// } - -// override fun updateOutgoingRoomKeyRequest(request: OutgoingRoomKeyRequest) { -// doRealmTransaction(realmConfiguration) { -// val obj = OutgoingRoomKeyRequestEntity().apply { -// requestId = request.requestId -// cancellationTxnId = request.cancellationTxnId -// state = request.state.ordinal -// putRecipients(request.recipients) -// putRequestBody(request.requestBody) -// } -// -// it.insertOrUpdate(obj) -// } -// } - -// override fun deleteOutgoingRoomKeyRequest(transactionId: String) { -// doRealmTransaction(realmConfiguration) { -// it.where() -// .equalTo(OutgoingRoomKeyRequestEntityFields.REQUEST_ID, transactionId) -// .findFirst() -// ?.deleteFromRealm() -// } -// } - -// override fun storeIncomingRoomKeyRequest(incomingRoomKeyRequest: IncomingRoomKeyRequest?) { -// if (incomingRoomKeyRequest == null) { -// return -// } -// -// doRealmTransaction(realmConfiguration) { -// // Delete any previous store request with the same parameters -// it.where() -// .equalTo(IncomingRoomKeyRequestEntityFields.USER_ID, incomingRoomKeyRequest.userId) -// .equalTo(IncomingRoomKeyRequestEntityFields.DEVICE_ID, incomingRoomKeyRequest.deviceId) -// .equalTo(IncomingRoomKeyRequestEntityFields.REQUEST_ID, incomingRoomKeyRequest.requestId) -// .findAll() -// .deleteAllFromRealm() -// -// // Then store it -// it.createObject(IncomingRoomKeyRequestEntity::class.java).apply { -// userId = incomingRoomKeyRequest.userId -// deviceId = incomingRoomKeyRequest.deviceId -// requestId = incomingRoomKeyRequest.requestId -// putRequestBody(incomingRoomKeyRequest.requestBody) -// } -// } -// } - -// override fun deleteIncomingRoomKeyRequest(incomingRoomKeyRequest: IncomingShareRequestCommon) { -// doRealmTransaction(realmConfiguration) { -// it.where() -// .equalTo(GossipingEventEntityFields.TYPE, EventType.ROOM_KEY_REQUEST) -// .notEqualTo(GossipingEventEntityFields.SENDER, credentials.userId) -// .findAll() -// .filter { -// ContentMapper.map(it.content).toModel()?.let { -// -// } -// } -// // .equalTo(IncomingRoomKeyRequestEntityFields.USER_ID, incomingRoomKeyRequest.userId) -// // .equalTo(IncomingRoomKeyRequestEntityFields.DEVICE_ID, incomingRoomKeyRequest.deviceId) -// // .equalTo(IncomingRoomKeyRequestEntityFields.REQUEST_ID, incomingRoomKeyRequest.requestId) -// // .findAll() -// // .deleteAllFromRealm() -// } -// } - - override fun updateGossipingRequestState(requestUserId: String?, - requestDeviceId: String?, - requestId: String?, - state: GossipingRequestState) { - doRealmTransaction(realmConfiguration) { realm -> - realm.where() - .equalTo(IncomingGossipingRequestEntityFields.OTHER_USER_ID, requestUserId) - .equalTo(IncomingGossipingRequestEntityFields.OTHER_DEVICE_ID, requestDeviceId) - .equalTo(IncomingGossipingRequestEntityFields.REQUEST_ID, requestId) - .findAll().forEach { - it.requestState = state - } - } - } - - override fun updateOutgoingGossipingRequestState(requestId: String, state: OutgoingRoomKeyRequestState) { - doRealmTransaction(realmConfiguration) { realm -> - realm.where() - .equalTo(OutgoingKeyRequestEntityFields.REQUEST_ID, requestId) - .findAll().forEach { - it.requestState = state - } - } - } - - override fun getIncomingRoomKeyRequest(userId: String, deviceId: String, requestId: String): IncomingRoomKeyRequest? { - return doWithRealm(realmConfiguration) { realm -> - realm.where() - .equalTo(IncomingGossipingRequestEntityFields.TYPE_STR, GossipRequestType.KEY.name) - .equalTo(IncomingGossipingRequestEntityFields.OTHER_DEVICE_ID, deviceId) - .equalTo(IncomingGossipingRequestEntityFields.OTHER_USER_ID, userId) - .findAll() - .mapNotNull { entity -> - entity.toIncomingGossipingRequest() as? IncomingRoomKeyRequest - } - .firstOrNull() - } - } - - override fun getPendingIncomingRoomKeyRequests(): List { - return doWithRealm(realmConfiguration) { - it.where() - .equalTo(IncomingGossipingRequestEntityFields.TYPE_STR, GossipRequestType.KEY.name) - .equalTo(IncomingGossipingRequestEntityFields.REQUEST_STATE_STR, GossipingRequestState.PENDING.name) - .findAll() - .map { entity -> - IncomingRoomKeyRequest( - userId = entity.otherUserId, - deviceId = entity.otherDeviceId, - requestId = entity.requestId, - requestBody = entity.getRequestedKeyInfo(), - localCreationTimestamp = entity.localCreationTimestamp + val dataSourceFactory = realmDataSourceFactory.map { entity -> + (AuditTrailMapper.map(entity) + // mm we can't map not null... + ?: AuditTrail( + System.currentTimeMillis(), + type, + IncomingKeyRequestInfo( + "", + "", + "", + "", + "", + "", + "", + ) ) - } + ).let { mapper.invoke(it) } + } + return monarchy.findAllPagedWithChanges(realmDataSourceFactory, + LivePagedListBuilder(dataSourceFactory, + PagedList.Config.Builder() + .setPageSize(20) + .setEnablePlaceholders(false) + .setPrefetchDistance(1) + .build()) + ) } - } - override fun getPendingIncomingGossipingRequests(): List { - return doWithRealm(realmConfiguration) { - it.where() - .equalTo(IncomingGossipingRequestEntityFields.REQUEST_STATE_STR, GossipingRequestState.PENDING.name) - .findAll() - .mapNotNull { entity -> - when (entity.type) { - GossipRequestType.KEY -> { - IncomingRoomKeyRequest( - userId = entity.otherUserId, - deviceId = entity.otherDeviceId, - requestId = entity.requestId, - requestBody = entity.getRequestedKeyInfo(), - localCreationTimestamp = entity.localCreationTimestamp - ) - } - GossipRequestType.SECRET -> { - IncomingSecretShareRequest( - userId = entity.otherUserId, - deviceId = entity.otherDeviceId, - requestId = entity.requestId, - secretName = entity.getRequestedSecretName(), - localCreationTimestamp = entity.localCreationTimestamp - ) + override fun getGossipingEvents(): List { + return monarchy.fetchAllCopiedSync { realm -> + realm.where() + }.mapNotNull { + AuditTrailMapper.map(it) + } + } + + override fun getOrAddOutgoingRoomKeyRequest(requestBody: RoomKeyRequestBody, + recipients: Map>, + fromIndex: Int): OutgoingKeyRequest { + // Insert the request and return the one passed in parameter + lateinit var request: OutgoingKeyRequest + doRealmTransaction(realmConfiguration) { realm -> + + val existing = realm.where() + .equalTo(OutgoingKeyRequestEntityFields.MEGOLM_SESSION_ID, requestBody.sessionId) + .equalTo(OutgoingKeyRequestEntityFields.ROOM_ID, requestBody.roomId) + .findAll() + .map { + it.toOutgoingGossipingRequest() + }.also { + if (it.size > 1) { + // there should be one or zero but not more, worth warning + Timber.tag(loggerTag.value).w("There should not be more than one active key request per session") } } - } - } - } + .firstOrNull { + it.requestBody?.algorithm == requestBody.algorithm && + it.requestBody?.sessionId == requestBody.sessionId && + it.requestBody?.senderKey == requestBody.senderKey && + it.requestBody?.roomId == requestBody.roomId + } - override fun storeIncomingGossipingRequest(request: IncomingShareRequestCommon, ageLocalTS: Long?) { - doRealmTransactionAsync(realmConfiguration) { realm -> - - // After a clear cache, we might have a - - realm.createObject(IncomingGossipingRequestEntity::class.java).let { - it.otherDeviceId = request.deviceId - it.otherUserId = request.userId - it.requestId = request.requestId ?: "" - it.requestState = GossipingRequestState.PENDING - it.localCreationTimestamp = ageLocalTS ?: System.currentTimeMillis() - if (request is IncomingSecretShareRequest) { - it.type = GossipRequestType.SECRET - it.requestedInfoStr = request.secretName - } else if (request is IncomingRoomKeyRequest) { - it.type = GossipRequestType.KEY - it.requestedInfoStr = request.requestBody?.toJson() - } - } - } - } - - override fun storeIncomingGossipingRequests(requests: List) { - doRealmTransactionAsync(realmConfiguration) { realm -> - requests.forEach { request -> - // After a clear cache, we might have a - realm.createObject(IncomingGossipingRequestEntity::class.java).let { - it.otherDeviceId = request.deviceId - it.otherUserId = request.userId - it.requestId = request.requestId ?: "" - it.requestState = GossipingRequestState.PENDING - it.localCreationTimestamp = request.localCreationTimestamp ?: System.currentTimeMillis() - if (request is IncomingSecretShareRequest) { - it.type = GossipRequestType.SECRET - it.requestedInfoStr = request.secretName - } else if (request is IncomingRoomKeyRequest) { - it.type = GossipRequestType.KEY - it.requestedInfoStr = request.requestBody?.toJson() - } - } - } - } - } - -// override fun getPendingIncomingSecretShareRequests(): List { -// return doRealmQueryAndCopyList(realmConfiguration) { -// it.where() -// .findAll() -// }.map { -// it.toIncomingSecretShareRequest() -// } -// } - - /* ========================================================================================== - * Cross Signing - * ========================================================================================== */ - override fun getMyCrossSigningInfo(): MXCrossSigningInfo? { - return doWithRealm(realmConfiguration) { - it.where().findFirst()?.userId - }?.let { - getCrossSigningInfo(it) - } - } - - override fun setMyCrossSigningInfo(info: MXCrossSigningInfo?) { - doRealmTransaction(realmConfiguration) { realm -> - realm.where().findFirst()?.userId?.let { userId -> - addOrUpdateCrossSigningInfo(realm, userId, info) - } - } - } - - override fun setUserKeysAsTrusted(userId: String, trusted: Boolean) { - doRealmTransaction(realmConfiguration) { realm -> - val xInfoEntity = realm.where(CrossSigningInfoEntity::class.java) - .equalTo(CrossSigningInfoEntityFields.USER_ID, userId) - .findFirst() - xInfoEntity?.crossSigningKeys?.forEach { info -> - val level = info.trustLevelEntity - if (level == null) { - val newLevel = realm.createObject(TrustLevelEntity::class.java) - newLevel.locallyVerified = trusted - newLevel.crossSignedVerified = trusted - info.trustLevelEntity = newLevel + if (existing == null) { + request = realm.createObject(OutgoingKeyRequestEntity::class.java).apply { + this.requestId = RequestIdHelper.createUniqueRequestId() + this.setRecipients(recipients) + this.requestedIndex = fromIndex + this.requestState = OutgoingRoomKeyRequestState.UNSENT + this.setRequestBody(requestBody) + this.creationTimeStamp = System.currentTimeMillis() + }.toOutgoingGossipingRequest() } else { - level.locallyVerified = trusted - level.crossSignedVerified = trusted + request = existing } } + return request } - } - override fun setDeviceTrust(userId: String, deviceId: String, crossSignedVerified: Boolean, locallyVerified: Boolean?) { - doRealmTransaction(realmConfiguration) { realm -> - realm.where(DeviceInfoEntity::class.java) - .equalTo(DeviceInfoEntityFields.PRIMARY_KEY, DeviceInfoEntity.createPrimaryKey(userId, deviceId)) - .findFirst()?.let { deviceInfoEntity -> - val trustEntity = deviceInfoEntity.trustLevelEntity - if (trustEntity == null) { - realm.createObject(TrustLevelEntity::class.java).let { - it.locallyVerified = locallyVerified - it.crossSignedVerified = crossSignedVerified - deviceInfoEntity.trustLevelEntity = it + override fun updateOutgoingRoomKeyRequestState(requestId: String, newState: OutgoingRoomKeyRequestState) { + doRealmTransaction(realmConfiguration) { realm -> + realm.where() + .equalTo(OutgoingKeyRequestEntityFields.REQUEST_ID, requestId) + .findFirst()?.apply { + this.requestState = newState + if (newState == OutgoingRoomKeyRequestState.UNSENT) { + // clear the old replies + this.replies.deleteAllFromRealm() } - } else { - locallyVerified?.let { trustEntity.locallyVerified = it } - trustEntity.crossSignedVerified = crossSignedVerified } - } - } - } - - override fun clearOtherUserTrust() { - doRealmTransaction(realmConfiguration) { realm -> - val xInfoEntities = realm.where(CrossSigningInfoEntity::class.java) - .findAll() - xInfoEntities?.forEach { info -> - // Need to ignore mine - if (info.userId != userId) { - info.crossSigningKeys.forEach { - it.trustLevelEntity = null - } - } } } - } - override fun updateUsersTrust(check: (String) -> Boolean) { - doRealmTransaction(realmConfiguration) { realm -> - val xInfoEntities = realm.where(CrossSigningInfoEntity::class.java) - .findAll() - xInfoEntities?.forEach { xInfoEntity -> - // Need to ignore mine - if (xInfoEntity.userId == userId) return@forEach - val mapped = mapCrossSigningInfoEntity(xInfoEntity) - val currentTrust = mapped.isTrusted() - val newTrust = check(mapped.userId) - if (currentTrust != newTrust) { - xInfoEntity.crossSigningKeys.forEach { info -> - val level = info.trustLevelEntity - if (level == null) { - val newLevel = realm.createObject(TrustLevelEntity::class.java) - newLevel.locallyVerified = newTrust - newLevel.crossSignedVerified = newTrust - info.trustLevelEntity = newLevel - } else { - level.locallyVerified = newTrust - level.crossSignedVerified = newTrust + override fun updateOutgoingRoomKeyRequiredIndex(requestId: String, newIndex: Int) { + doRealmTransaction(realmConfiguration) { realm -> + realm.where() + .equalTo(OutgoingKeyRequestEntityFields.REQUEST_ID, requestId) + .findFirst()?.apply { + this.requestedIndex = newIndex } + } + } + + override fun updateOutgoingRoomKeyReply(roomId: String, + sessionId: String, + algorithm: String, + senderKey: String, + fromDevice: String?, + event: Event) { + doRealmTransaction(realmConfiguration) { realm -> + realm.where() + .equalTo(OutgoingKeyRequestEntityFields.ROOM_ID, roomId) + .equalTo(OutgoingKeyRequestEntityFields.MEGOLM_SESSION_ID, sessionId) + .findAll().firstOrNull { entity -> + entity.toOutgoingGossipingRequest().let { + it.requestBody?.senderKey == senderKey && + it.requestBody?.algorithm == algorithm + } + }?.apply { + event.senderId?.let { addReply(it, fromDevice, event) } + } + } + } + + override fun deleteOutgoingRoomKeyRequest(requestId: String) { + doRealmTransaction(realmConfiguration) { realm -> + realm.where() + .equalTo(OutgoingKeyRequestEntityFields.REQUEST_ID, requestId) + .findFirst()?.deleteOnCascade() + } + } + + override fun saveIncomingKeyRequestAuditTrail( + requestId: String, + roomId: String, + sessionId: String, + senderKey: String, + algorithm: String, + fromUser: String, + fromDevice: String) { + monarchy.writeAsync { realm -> + val now = System.currentTimeMillis() + realm.createObject().apply { + this.ageLocalTs = now + this.type = TrailType.IncomingKeyRequest.name + val info = IncomingKeyRequestInfo( + roomId = roomId, + sessionId = sessionId, + senderKey = senderKey, + alg = algorithm, + userId = fromUser, + deviceId = fromDevice, + requestId = requestId + ) + MoshiProvider.providesMoshi().adapter(IncomingKeyRequestInfo::class.java).toJson(info)?.let { + this.contentJson = it } } } } - } - override fun getOutgoingRoomKeyRequests(): List { - return monarchy.fetchAllMappedSync({ realm -> - realm - .where(OutgoingKeyRequestEntity::class.java) - }, { entity -> - entity.toOutgoingGossipingRequest() - }) - .filterNotNull() - } - - override fun getOutgoingRoomKeyRequests(inStates: Set): List { - return monarchy.fetchAllMappedSync({ realm -> - realm - .where(OutgoingKeyRequestEntity::class.java) - .`in`(OutgoingKeyRequestEntityFields.REQUEST_STATE_STR, inStates.map { it.name }.toTypedArray()) - }, { entity -> - entity.toOutgoingGossipingRequest() - }) - .filterNotNull() - } - - override fun getOutgoingSecretKeyRequests(): List { -// return monarchy.fetchAllMappedSync({ realm -> -// realm -// .where(OutgoingGossipingRequestEntity::class.java) -// .equalTo(OutgoingGossipingRequestEntityFields.TYPE_STR, GossipRequestType.SECRET.name) -// }, { entity -> -// entity.toOutgoingGossipingRequest() as? OutgoingSecretRequest -// }) -// .filterNotNull() - return emptyList() - } - - override fun getOutgoingRoomKeyRequestsPaged(): LiveData> { - val realmDataSourceFactory = monarchy.createDataSourceFactory { realm -> - realm - .where(OutgoingKeyRequestEntity::class.java) - } - val dataSourceFactory = realmDataSourceFactory.map { - it.toOutgoingGossipingRequest() - } - val trail = monarchy.findAllPagedWithChanges(realmDataSourceFactory, - LivePagedListBuilder(dataSourceFactory, - PagedList.Config.Builder() - .setPageSize(20) - .setEnablePlaceholders(false) - .setPrefetchDistance(1) - .build()) - ) - return trail - } - - override fun getCrossSigningInfo(userId: String): MXCrossSigningInfo? { - return doWithRealm(realmConfiguration) { realm -> - val crossSigningInfo = realm.where(CrossSigningInfoEntity::class.java) - .equalTo(CrossSigningInfoEntityFields.USER_ID, userId) - .findFirst() - if (crossSigningInfo == null) { - null - } else { - mapCrossSigningInfoEntity(crossSigningInfo) + override fun saveWithheldAuditTrail(roomId: String, + sessionId: String, + senderKey: String, + algorithm: String, + code: WithHeldCode, + userId: String, + deviceId: String) { + monarchy.writeAsync { realm -> + val now = System.currentTimeMillis() + realm.createObject().apply { + this.ageLocalTs = now + this.type = TrailType.OutgoingKeyWithheld.name + val info = WithheldInfo( + roomId = roomId, + sessionId = sessionId, + senderKey = senderKey, + alg = algorithm, + code = code, + userId = userId, + deviceId = deviceId + ) + MoshiProvider.providesMoshi().adapter(WithheldInfo::class.java).toJson(info)?.let { + this.contentJson = it + } + } } } - } - private fun mapCrossSigningInfoEntity(xsignInfo: CrossSigningInfoEntity): MXCrossSigningInfo { - val userId = xsignInfo.userId ?: "" - return MXCrossSigningInfo( - userId = userId, - crossSigningKeys = xsignInfo.crossSigningKeys.mapNotNull { - crossSigningKeysMapper.map(userId, it) + override fun saveForwardKeyAuditTrail(roomId: String, + sessionId: String, + senderKey: String, + algorithm: String, + userId: String, + deviceId: String, + chainIndex: Long?) { + monarchy.writeAsync { realm -> + val now = System.currentTimeMillis() + realm.createObject().apply { + this.ageLocalTs = now + this.type = TrailType.OutgoingKeyForward.name + val info = ForwardInfo( + roomId = roomId, + sessionId = sessionId, + senderKey = senderKey, + alg = algorithm, + userId = userId, + deviceId = deviceId, + chainIndex = chainIndex + ) + MoshiProvider.providesMoshi().adapter(ForwardInfo::class.java).toJson(info)?.let { + this.contentJson = it + } } - ) - } - - override fun getLiveCrossSigningInfo(userId: String): LiveData> { - val liveData = monarchy.findAllMappedWithChanges( - { realm: Realm -> - realm.where() - .equalTo(UserEntityFields.USER_ID, userId) - }, - { mapCrossSigningInfoEntity(it) } - ) - return Transformations.map(liveData) { - it.firstOrNull().toOptional() + } } - } - override fun setCrossSigningInfo(userId: String, info: MXCrossSigningInfo?) { - doRealmTransaction(realmConfiguration) { realm -> - addOrUpdateCrossSigningInfo(realm, userId, info) + /* ========================================================================================== + * Cross Signing + * ========================================================================================== */ + override fun getMyCrossSigningInfo(): MXCrossSigningInfo? { + return doWithRealm(realmConfiguration) { + it.where().findFirst()?.userId + }?.let { + getCrossSigningInfo(it) + } } - } - override fun markMyMasterKeyAsLocallyTrusted(trusted: Boolean) { - doRealmTransaction(realmConfiguration) { realm -> - realm.where().findFirst()?.userId?.let { myUserId -> - CrossSigningInfoEntity.get(realm, myUserId)?.getMasterKey()?.let { xInfoEntity -> - val level = xInfoEntity.trustLevelEntity + override fun setMyCrossSigningInfo(info: MXCrossSigningInfo?) { + doRealmTransaction(realmConfiguration) { realm -> + realm.where().findFirst()?.userId?.let { userId -> + addOrUpdateCrossSigningInfo(realm, userId, info) + } + } + } + + override fun setUserKeysAsTrusted(userId: String, trusted: Boolean) { + doRealmTransaction(realmConfiguration) { realm -> + val xInfoEntity = realm.where(CrossSigningInfoEntity::class.java) + .equalTo(CrossSigningInfoEntityFields.USER_ID, userId) + .findFirst() + xInfoEntity?.crossSigningKeys?.forEach { info -> + val level = info.trustLevelEntity if (level == null) { val newLevel = realm.createObject(TrustLevelEntity::class.java) newLevel.locallyVerified = trusted - xInfoEntity.trustLevelEntity = newLevel + newLevel.crossSignedVerified = trusted + info.trustLevelEntity = newLevel } else { level.locallyVerified = trusted + level.crossSignedVerified = trusted } } } } - } - private fun addOrUpdateCrossSigningInfo(realm: Realm, userId: String, info: MXCrossSigningInfo?): CrossSigningInfoEntity? { - if (info == null) { - // Delete known if needed - CrossSigningInfoEntity.get(realm, userId)?.deleteFromRealm() - return null - // TODO notify, we might need to untrust things? - } else { - // Just override existing, caller should check and untrust id needed - val existing = CrossSigningInfoEntity.getOrCreate(realm, userId) - existing.crossSigningKeys.clearWith { it.deleteOnCascade() } - existing.crossSigningKeys.addAll( - info.crossSigningKeys.map { - crossSigningKeysMapper.map(it) - } - ) - return existing - } - } - - override fun addWithHeldMegolmSession(withHeldContent: RoomKeyWithHeldContent) { - val roomId = withHeldContent.roomId ?: return - val sessionId = withHeldContent.sessionId ?: return - if (withHeldContent.algorithm != MXCRYPTO_ALGORITHM_MEGOLM) return - doRealmTransaction(realmConfiguration) { realm -> - WithHeldSessionEntity.getOrCreate(realm, roomId, sessionId)?.let { - it.code = withHeldContent.code - it.senderKey = withHeldContent.senderKey - it.reason = withHeldContent.reason + override fun setDeviceTrust(userId: String, deviceId: String, crossSignedVerified: Boolean, locallyVerified: Boolean?) { + doRealmTransaction(realmConfiguration) { realm -> + realm.where(DeviceInfoEntity::class.java) + .equalTo(DeviceInfoEntityFields.PRIMARY_KEY, DeviceInfoEntity.createPrimaryKey(userId, deviceId)) + .findFirst()?.let { deviceInfoEntity -> + val trustEntity = deviceInfoEntity.trustLevelEntity + if (trustEntity == null) { + realm.createObject(TrustLevelEntity::class.java).let { + it.locallyVerified = locallyVerified + it.crossSignedVerified = crossSignedVerified + deviceInfoEntity.trustLevelEntity = it + } + } else { + locallyVerified?.let { trustEntity.locallyVerified = it } + trustEntity.crossSignedVerified = crossSignedVerified + } + } } } - } - override fun getWithHeldMegolmSession(roomId: String, sessionId: String): RoomKeyWithHeldContent? { - return doWithRealm(realmConfiguration) { realm -> - WithHeldSessionEntity.get(realm, roomId, sessionId)?.let { - RoomKeyWithHeldContent( + override fun clearOtherUserTrust() { + doRealmTransaction(realmConfiguration) { realm -> + val xInfoEntities = realm.where(CrossSigningInfoEntity::class.java) + .findAll() + xInfoEntities?.forEach { info -> + // Need to ignore mine + if (info.userId != userId) { + info.crossSigningKeys.forEach { + it.trustLevelEntity = null + } + } + } + } + } + + override fun updateUsersTrust(check: (String) -> Boolean) { + doRealmTransaction(realmConfiguration) { realm -> + val xInfoEntities = realm.where(CrossSigningInfoEntity::class.java) + .findAll() + xInfoEntities?.forEach { xInfoEntity -> + // Need to ignore mine + if (xInfoEntity.userId == userId) return@forEach + val mapped = mapCrossSigningInfoEntity(xInfoEntity) + val currentTrust = mapped.isTrusted() + val newTrust = check(mapped.userId) + if (currentTrust != newTrust) { + xInfoEntity.crossSigningKeys.forEach { info -> + val level = info.trustLevelEntity + if (level == null) { + val newLevel = realm.createObject(TrustLevelEntity::class.java) + newLevel.locallyVerified = newTrust + newLevel.crossSignedVerified = newTrust + info.trustLevelEntity = newLevel + } else { + level.locallyVerified = newTrust + level.crossSignedVerified = newTrust + } + } + } + } + } + } + + override fun getOutgoingRoomKeyRequests(): List { + return monarchy.fetchAllMappedSync({ realm -> + realm + .where(OutgoingKeyRequestEntity::class.java) + }, { entity -> + entity.toOutgoingGossipingRequest() + }) + .filterNotNull() + } + + override fun getOutgoingRoomKeyRequests(inStates: Set): List { + return monarchy.fetchAllMappedSync({ realm -> + realm + .where(OutgoingKeyRequestEntity::class.java) + .`in`(OutgoingKeyRequestEntityFields.REQUEST_STATE_STR, inStates.map { it.name }.toTypedArray()) + }, { entity -> + entity.toOutgoingGossipingRequest() + }) + .filterNotNull() + } + + override fun getOutgoingRoomKeyRequestsPaged(): LiveData> { + val realmDataSourceFactory = monarchy.createDataSourceFactory { realm -> + realm + .where(OutgoingKeyRequestEntity::class.java) + } + val dataSourceFactory = realmDataSourceFactory.map { + it.toOutgoingGossipingRequest() + } + val trail = monarchy.findAllPagedWithChanges(realmDataSourceFactory, + LivePagedListBuilder(dataSourceFactory, + PagedList.Config.Builder() + .setPageSize(20) + .setEnablePlaceholders(false) + .setPrefetchDistance(1) + .build()) + ) + return trail + } + + override fun getCrossSigningInfo(userId: String): MXCrossSigningInfo? { + return doWithRealm(realmConfiguration) { realm -> + val crossSigningInfo = realm.where(CrossSigningInfoEntity::class.java) + .equalTo(CrossSigningInfoEntityFields.USER_ID, userId) + .findFirst() + if (crossSigningInfo == null) { + null + } else { + mapCrossSigningInfoEntity(crossSigningInfo) + } + } + } + + private fun mapCrossSigningInfoEntity(xsignInfo: CrossSigningInfoEntity): MXCrossSigningInfo { + val userId = xsignInfo.userId ?: "" + return MXCrossSigningInfo( + userId = userId, + crossSigningKeys = xsignInfo.crossSigningKeys.mapNotNull { + crossSigningKeysMapper.map(userId, it) + } + ) + } + + override fun getLiveCrossSigningInfo(userId: String): LiveData> { + val liveData = monarchy.findAllMappedWithChanges( + { realm: Realm -> + realm.where() + .equalTo(UserEntityFields.USER_ID, userId) + }, + { mapCrossSigningInfoEntity(it) } + ) + return Transformations.map(liveData) { + it.firstOrNull().toOptional() + } + } + + override fun setCrossSigningInfo(userId: String, info: MXCrossSigningInfo?) { + doRealmTransaction(realmConfiguration) { realm -> + addOrUpdateCrossSigningInfo(realm, userId, info) + } + } + + override fun markMyMasterKeyAsLocallyTrusted(trusted: Boolean) { + doRealmTransaction(realmConfiguration) { realm -> + realm.where().findFirst()?.userId?.let { myUserId -> + CrossSigningInfoEntity.get(realm, myUserId)?.getMasterKey()?.let { xInfoEntity -> + val level = xInfoEntity.trustLevelEntity + if (level == null) { + val newLevel = realm.createObject(TrustLevelEntity::class.java) + newLevel.locallyVerified = trusted + xInfoEntity.trustLevelEntity = newLevel + } else { + level.locallyVerified = trusted + } + } + } + } + } + + private fun addOrUpdateCrossSigningInfo(realm: Realm, userId: String, info: MXCrossSigningInfo?): CrossSigningInfoEntity? { + if (info == null) { + // Delete known if needed + CrossSigningInfoEntity.get(realm, userId)?.deleteFromRealm() + return null + // TODO notify, we might need to untrust things? + } else { + // Just override existing, caller should check and untrust id needed + val existing = CrossSigningInfoEntity.getOrCreate(realm, userId) + existing.crossSigningKeys.clearWith { it.deleteOnCascade() } + existing.crossSigningKeys.addAll( + info.crossSigningKeys.map { + crossSigningKeysMapper.map(it) + } + ) + return existing + } + } + + override fun addWithHeldMegolmSession(withHeldContent: RoomKeyWithHeldContent) { + val roomId = withHeldContent.roomId ?: return + val sessionId = withHeldContent.sessionId ?: return + if (withHeldContent.algorithm != MXCRYPTO_ALGORITHM_MEGOLM) return + doRealmTransaction(realmConfiguration) { realm -> + WithHeldSessionEntity.getOrCreate(realm, roomId, sessionId)?.let { + it.code = withHeldContent.code + it.senderKey = withHeldContent.senderKey + it.reason = withHeldContent.reason + } + } + } + + override fun getWithHeldMegolmSession(roomId: String, sessionId: String): RoomKeyWithHeldContent? { + return doWithRealm(realmConfiguration) { realm -> + WithHeldSessionEntity.get(realm, roomId, sessionId)?.let { + RoomKeyWithHeldContent( + roomId = roomId, + sessionId = sessionId, + algorithm = it.algorithm, + codeString = it.codeString, + reason = it.reason, + senderKey = it.senderKey + ) + } + } + } + + override fun markedSessionAsShared(roomId: String?, + sessionId: String, + userId: String, + deviceId: String, + deviceIdentityKey: String, + chainIndex: Int) { + doRealmTransaction(realmConfiguration) { realm -> + SharedSessionEntity.create( + realm = realm, roomId = roomId, sessionId = sessionId, - algorithm = it.algorithm, - codeString = it.codeString, - reason = it.reason, - senderKey = it.senderKey + userId = userId, + deviceId = deviceId, + deviceIdentityKey = deviceIdentityKey, + chainIndex = chainIndex ) } } - } - override fun markedSessionAsShared(roomId: String?, - sessionId: String, - userId: String, - deviceId: String, - deviceIdentityKey: String, - chainIndex: Int) { - doRealmTransaction(realmConfiguration) { realm -> - SharedSessionEntity.create( - realm = realm, - roomId = roomId, - sessionId = sessionId, - userId = userId, - deviceId = deviceId, - deviceIdentityKey = deviceIdentityKey, - chainIndex = chainIndex - ) + override fun getSharedSessionInfo(roomId: String?, sessionId: String, deviceInfo: CryptoDeviceInfo): IMXCryptoStore.SharedSessionResult { + return doWithRealm(realmConfiguration) { realm -> + SharedSessionEntity.get( + realm = realm, + roomId = roomId, + sessionId = sessionId, + userId = deviceInfo.userId, + deviceId = deviceInfo.deviceId, + deviceIdentityKey = deviceInfo.identityKey() + )?.let { + IMXCryptoStore.SharedSessionResult(true, it.chainIndex) + } ?: IMXCryptoStore.SharedSessionResult(false, null) + } } - } - override fun getSharedSessionInfo(roomId: String?, sessionId: String, deviceInfo: CryptoDeviceInfo): IMXCryptoStore.SharedSessionResult { - return doWithRealm(realmConfiguration) { realm -> - SharedSessionEntity.get( - realm = realm, - roomId = roomId, - sessionId = sessionId, - userId = deviceInfo.userId, - deviceId = deviceInfo.deviceId, - deviceIdentityKey = deviceInfo.identityKey() - )?.let { - IMXCryptoStore.SharedSessionResult(true, it.chainIndex) - } ?: IMXCryptoStore.SharedSessionResult(false, null) - } - } - - override fun getSharedWithInfo(roomId: String?, sessionId: String): MXUsersDevicesMap { - return doWithRealm(realmConfiguration) { realm -> - val result = MXUsersDevicesMap() - SharedSessionEntity.get(realm, roomId, sessionId) - .groupBy { it.userId } - .forEach { (userId, shared) -> - shared.forEach { - result.setObject(userId, it.deviceId, it.chainIndex) + override fun getSharedWithInfo(roomId: String?, sessionId: String): MXUsersDevicesMap { + return doWithRealm(realmConfiguration) { realm -> + val result = MXUsersDevicesMap() + SharedSessionEntity.get(realm, roomId, sessionId) + .groupBy { it.userId } + .forEach { (userId, shared) -> + shared.forEach { + result.setObject(userId, it.deviceId, it.chainIndex) + } } - } - result + result + } + } + + /** + * Some entries in the DB can get a bit out of control with time + * So we need to tidy up a bit + */ + override fun tidyUpDataBase() { + val prevWeekTs = System.currentTimeMillis() - 7 * 24 * 60 * 60 * 1_000 + doRealmTransaction(realmConfiguration) { realm -> + + // Clean the old ones? + realm.where() + .lessThan(OutgoingKeyRequestEntityFields.CREATION_TIME_STAMP, prevWeekTs) + .findAll() + .also { Timber.i("## Crypto Clean up ${it.size} OutgoingKeyRequestEntity") } + .deleteAllFromRealm() + + // Only keep one month history + + val prevMonthTs = System.currentTimeMillis() - 4 * 7 * 24 * 60 * 60 * 1_000L + realm.where() + .lessThan(AuditTrailEntityFields.AGE_LOCAL_TS, prevMonthTs) + .findAll() + .also { Timber.i("## Crypto Clean up ${it.size} AuditTrailEntity") } + .deleteAllFromRealm() + + // Can we do something for WithHeldSessionEntity? + } + } + + /** + * Prints out database info + */ + override fun logDbUsageInfo() { + RealmDebugTools(realmConfiguration).logInfo("Crypto") } } - - /** - * Some entries in the DB can get a bit out of control with time - * So we need to tidy up a bit - */ - override fun tidyUpDataBase() { - val prevWeekTs = System.currentTimeMillis() - 7 * 24 * 60 * 60 * 1_000 - doRealmTransaction(realmConfiguration) { realm -> - - // Only keep one week history - realm.where() - .lessThan(IncomingGossipingRequestEntityFields.LOCAL_CREATION_TIMESTAMP, prevWeekTs) - .findAll() - .also { Timber.i("## Crypto Clean up ${it.size} IncomingGossipingRequestEntity") } - .deleteAllFromRealm() - - // Clean the old ones? - realm.where() - .lessThan(OutgoingKeyRequestEntityFields.CREATION_TIME_STAMP, prevWeekTs) - .findAll() - .also { Timber.i("## Crypto Clean up ${it.size} OutgoingKeyRequestEntity") } - .deleteAllFromRealm() - - // Only keep one week history - realm.where() - .lessThan(GossipingEventEntityFields.AGE_LOCAL_TS, prevWeekTs) - .findAll() - .also { Timber.i("## Crypto Clean up ${it.size} GossipingEventEntityFields") } - .deleteAllFromRealm() - - // Can we do something for WithHeldSessionEntity? - } - } - - /** - * Prints out database info - */ - override fun logDbUsageInfo() { - RealmDebugTools(realmConfiguration).logInfo("Crypto") - } -} diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/RealmCryptoStoreModule.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/RealmCryptoStoreModule.kt index e3e195ff8c..26761a860c 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/RealmCryptoStoreModule.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/RealmCryptoStoreModule.kt @@ -22,8 +22,6 @@ import org.matrix.android.sdk.internal.crypto.store.db.model.CrossSigningInfoEnt import org.matrix.android.sdk.internal.crypto.store.db.model.CryptoMetadataEntity import org.matrix.android.sdk.internal.crypto.store.db.model.CryptoRoomEntity import org.matrix.android.sdk.internal.crypto.store.db.model.DeviceInfoEntity -import org.matrix.android.sdk.internal.crypto.store.db.model.GossipingEventEntity -import org.matrix.android.sdk.internal.crypto.store.db.model.IncomingGossipingRequestEntity import org.matrix.android.sdk.internal.crypto.store.db.model.KeyInfoEntity import org.matrix.android.sdk.internal.crypto.store.db.model.KeyRequestReplyEntity import org.matrix.android.sdk.internal.crypto.store.db.model.KeysBackupDataEntity diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/migration/MigrateCryptoTo016.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/migration/MigrateCryptoTo016.kt index 832272f574..17d7494968 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/migration/MigrateCryptoTo016.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/migration/MigrateCryptoTo016.kt @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 New Vector Ltd + * Copyright (c) 2022 The Matrix.org Foundation C.I.C. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -45,7 +45,6 @@ class MigrateCryptoTo016(realm: DynamicRealm) : RealmMigrator(realm, 15) { .addField(OutgoingKeyRequestEntityFields.CREATION_TIME_STAMP, Long::class.java) .setNullable(OutgoingKeyRequestEntityFields.CREATION_TIME_STAMP, true) - realm.schema.create("AuditTrailEntity") .addField(AuditTrailEntityFields.AGE_LOCAL_TS, Long::class.java) .setNullable(AuditTrailEntityFields.AGE_LOCAL_TS, true) @@ -56,6 +55,5 @@ class MigrateCryptoTo016(realm: DynamicRealm) : RealmMigrator(realm, 15) { .addField(KeyRequestReplyEntityFields.SENDER_ID, String::class.java) .addField(KeyRequestReplyEntityFields.FROM_DEVICE, String::class.java) .addField(KeyRequestReplyEntityFields.EVENT_JSON, String::class.java) - } } diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/IncomingGossipingRequestEntity.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/IncomingGossipingRequestEntity.kt index c58b3a684d..5ac659d327 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/IncomingGossipingRequestEntity.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/IncomingGossipingRequestEntity.kt @@ -18,13 +18,6 @@ package org.matrix.android.sdk.internal.crypto.store.db.model import io.realm.RealmObject import io.realm.annotations.Index -import org.matrix.android.sdk.api.extensions.tryOrNull -import org.matrix.android.sdk.api.session.crypto.model.GossipingRequestState -import org.matrix.android.sdk.api.session.crypto.model.IncomingRoomKeyRequest -import org.matrix.android.sdk.api.session.crypto.model.IncomingSecretShareRequest -import org.matrix.android.sdk.api.session.crypto.model.RoomKeyRequestBody -import org.matrix.android.sdk.internal.crypto.GossipRequestType -import org.matrix.android.sdk.internal.crypto.IncomingShareRequestCommon // not used anymore, just here for db migration internal open class IncomingGossipingRequestEntity(@Index var requestId: String? = "", @@ -35,56 +28,7 @@ internal open class IncomingGossipingRequestEntity(@Index var requestId: String? var localCreationTimestamp: Long? = null ) : RealmObject() { - fun getRequestedSecretName(): String? = if (type == GossipRequestType.SECRET) { - requestedInfoStr - } else null - - fun getRequestedKeyInfo(): RoomKeyRequestBody? = if (type == GossipRequestType.KEY) { - RoomKeyRequestBody.fromJson(requestedInfoStr) - } else null - - var type: GossipRequestType - get() { - return tryOrNull { typeStr?.let { GossipRequestType.valueOf(it) } } ?: GossipRequestType.KEY - } - set(value) { - typeStr = value.name - } - - private var requestStateStr: String = GossipingRequestState.NONE.name - - var requestState: GossipingRequestState - get() { - return tryOrNull { GossipingRequestState.valueOf(requestStateStr) } - ?: GossipingRequestState.NONE - } - set(value) { - requestStateStr = value.name - } + private var requestStateStr: String = "" companion object - - fun toIncomingGossipingRequest(): IncomingShareRequestCommon { - return when (type) { - GossipRequestType.KEY -> { - IncomingRoomKeyRequest( - requestBody = getRequestedKeyInfo(), - deviceId = otherDeviceId, - userId = otherUserId, - requestId = requestId, - state = requestState, - localCreationTimestamp = localCreationTimestamp - ) - } - GossipRequestType.SECRET -> { - IncomingSecretShareRequest( - secretName = getRequestedSecretName(), - deviceId = otherDeviceId, - userId = otherUserId, - requestId = requestId, - localCreationTimestamp = localCreationTimestamp - ) - } - } - } } diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/OutgoingGossipingRequestEntity.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/OutgoingGossipingRequestEntity.kt index ccb4590fb9..cd3b21f7ba 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/OutgoingGossipingRequestEntity.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/OutgoingGossipingRequestEntity.kt @@ -18,7 +18,6 @@ package org.matrix.android.sdk.internal.crypto.store.db.model import io.realm.RealmObject import io.realm.annotations.Index -import org.matrix.android.sdk.internal.crypto.OutgoingGossipingRequestState // not used anymore, just here for db migration internal open class OutgoingGossipingRequestEntity( @@ -28,5 +27,5 @@ internal open class OutgoingGossipingRequestEntity( @Index var typeStr: String? = null ) : RealmObject() { - private var requestStateStr: String = OutgoingGossipingRequestState.UNSENT.name + private var requestStateStr: String = "" } diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/OutgoingKeyRequestEntity.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/OutgoingKeyRequestEntity.kt index 3e00ce7cce..6ff93b0224 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/OutgoingKeyRequestEntity.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/OutgoingKeyRequestEntity.kt @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 New Vector Ltd + * Copyright (c) 2022 The Matrix.org Foundation C.I.C. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -32,10 +32,10 @@ import org.matrix.android.sdk.internal.crypto.OutgoingKeyRequest import org.matrix.android.sdk.internal.crypto.RequestReply import org.matrix.android.sdk.internal.crypto.RequestResult import org.matrix.android.sdk.internal.di.MoshiProvider -import timber.log.Timber internal open class OutgoingKeyRequestEntity( @Index var requestId: String? = null, + var requestedIndex: Int? = null, var recipientsData: String? = null, var requestedInfoStr: String? = null, var creationTimeStamp: Long? = null, @@ -84,7 +84,6 @@ internal open class OutgoingKeyRequestEntity( } fun addReply(userId: String, fromDevice: String?, event: Event) { - Timber.w("##VALR: add reply $userId / $fromDevice / $event") val newReply = KeyRequestReplyEntity( senderId = userId, fromDevice = fromDevice, @@ -98,6 +97,7 @@ internal open class OutgoingKeyRequestEntity( requestBody = getRequestedKeyInfo(), recipients = getRecipients().orEmpty(), requestId = requestId ?: "", + fromIndex = requestedIndex ?: 0, state = requestState, results = replies.mapNotNull { entity -> val userId = entity.senderId ?: return@mapNotNull null @@ -107,9 +107,9 @@ internal open class OutgoingKeyRequestEntity( eventToResult(event) } ?: return@mapNotNull null RequestReply( - userId, - entity.fromDevice, - result + userId = userId, + fromDevice = entity.fromDevice, + result = result ) } ) @@ -123,7 +123,7 @@ internal open class OutgoingKeyRequestEntity( } } EventType.FORWARDED_ROOM_KEY -> { - RequestResult.Success + RequestResult.Success((event.content?.get("chain_index") as? Number)?.toInt() ?: 0) } else -> null } diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/DefaultIncomingSASDefaultVerificationTransaction.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/DefaultIncomingSASDefaultVerificationTransaction.kt index 7b850628f6..15c55f81ea 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/DefaultIncomingSASDefaultVerificationTransaction.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/DefaultIncomingSASDefaultVerificationTransaction.kt @@ -23,7 +23,7 @@ import org.matrix.android.sdk.api.session.crypto.verification.IncomingSasVerific import org.matrix.android.sdk.api.session.crypto.verification.SasMode import org.matrix.android.sdk.api.session.crypto.verification.VerificationTxState import org.matrix.android.sdk.api.session.events.model.EventType -import org.matrix.android.sdk.internal.crypto.OutgoingGossipingRequestManager +import org.matrix.android.sdk.internal.crypto.OutgoingKeyRequestManager import org.matrix.android.sdk.internal.crypto.SecretShareManager import org.matrix.android.sdk.internal.crypto.actions.SetDeviceVerificationAction import org.matrix.android.sdk.internal.crypto.store.IMXCryptoStore @@ -35,7 +35,7 @@ internal class DefaultIncomingSASDefaultVerificationTransaction( override val deviceId: String?, private val cryptoStore: IMXCryptoStore, crossSigningService: CrossSigningService, - outgoingGossipingRequestManager: OutgoingGossipingRequestManager, + outgoingKeyRequestManager: OutgoingKeyRequestManager, secretShareManager: SecretShareManager, deviceFingerprint: String, transactionId: String, @@ -47,7 +47,7 @@ internal class DefaultIncomingSASDefaultVerificationTransaction( deviceId, cryptoStore, crossSigningService, - outgoingGossipingRequestManager, + outgoingKeyRequestManager, secretShareManager, deviceFingerprint, transactionId, diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/DefaultOutgoingSASDefaultVerificationTransaction.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/DefaultOutgoingSASDefaultVerificationTransaction.kt index 5c5f8dd668..00a2b8f82a 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/DefaultOutgoingSASDefaultVerificationTransaction.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/DefaultOutgoingSASDefaultVerificationTransaction.kt @@ -20,7 +20,7 @@ import org.matrix.android.sdk.api.session.crypto.verification.CancelCode import org.matrix.android.sdk.api.session.crypto.verification.OutgoingSasVerificationTransaction import org.matrix.android.sdk.api.session.crypto.verification.VerificationTxState import org.matrix.android.sdk.api.session.events.model.EventType -import org.matrix.android.sdk.internal.crypto.OutgoingGossipingRequestManager +import org.matrix.android.sdk.internal.crypto.OutgoingKeyRequestManager import org.matrix.android.sdk.internal.crypto.SecretShareManager import org.matrix.android.sdk.internal.crypto.actions.SetDeviceVerificationAction import org.matrix.android.sdk.internal.crypto.store.IMXCryptoStore @@ -32,7 +32,7 @@ internal class DefaultOutgoingSASDefaultVerificationTransaction( deviceId: String?, cryptoStore: IMXCryptoStore, crossSigningService: CrossSigningService, - outgoingGossipingRequestManager: OutgoingGossipingRequestManager, + outgoingKeyRequestManager: OutgoingKeyRequestManager, secretShareManager: SecretShareManager, deviceFingerprint: String, transactionId: String, @@ -44,7 +44,7 @@ internal class DefaultOutgoingSASDefaultVerificationTransaction( deviceId, cryptoStore, crossSigningService, - outgoingGossipingRequestManager, + outgoingKeyRequestManager, secretShareManager, deviceFingerprint, transactionId, diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/DefaultVerificationService.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/DefaultVerificationService.kt index 00d01f02ed..16f1f7d719 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/DefaultVerificationService.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/DefaultVerificationService.kt @@ -60,7 +60,7 @@ import org.matrix.android.sdk.api.session.room.model.message.MessageVerification import org.matrix.android.sdk.api.session.room.model.message.ValidVerificationDone import org.matrix.android.sdk.internal.crypto.DeviceListManager import org.matrix.android.sdk.internal.crypto.MyDeviceInfoHolder -import org.matrix.android.sdk.internal.crypto.OutgoingGossipingRequestManager +import org.matrix.android.sdk.internal.crypto.OutgoingKeyRequestManager import org.matrix.android.sdk.internal.crypto.SecretShareManager import org.matrix.android.sdk.internal.crypto.actions.SetDeviceVerificationAction import org.matrix.android.sdk.internal.crypto.model.rest.KeyVerificationAccept @@ -94,7 +94,7 @@ internal class DefaultVerificationService @Inject constructor( @UserId private val userId: String, @DeviceId private val deviceId: String?, private val cryptoStore: IMXCryptoStore, - private val outgoingGossipingRequestManager: OutgoingGossipingRequestManager, + private val outgoingKeyRequestManager: OutgoingKeyRequestManager, private val secretShareManager: SecretShareManager, private val myDeviceInfoHolder: Lazy, private val deviceListManager: DeviceListManager, @@ -547,7 +547,7 @@ internal class DefaultVerificationService @Inject constructor( deviceId, cryptoStore, crossSigningService, - outgoingGossipingRequestManager, + outgoingKeyRequestManager, secretShareManager, myDeviceInfoHolder.get().myDevice.fingerprint()!!, startReq.transactionId, @@ -909,7 +909,7 @@ internal class DefaultVerificationService @Inject constructor( otherUserId = senderId, otherDeviceId = readyReq.fromDevice, crossSigningService = crossSigningService, - outgoingGossipingRequestManager = outgoingGossipingRequestManager, + outgoingKeyRequestManager = outgoingKeyRequestManager, secretShareManager = secretShareManager, cryptoStore = cryptoStore, qrCodeData = qrCodeData, @@ -1108,7 +1108,7 @@ internal class DefaultVerificationService @Inject constructor( deviceId, cryptoStore, crossSigningService, - outgoingGossipingRequestManager, + outgoingKeyRequestManager, secretShareManager, myDeviceInfoHolder.get().myDevice.fingerprint()!!, txID, @@ -1300,7 +1300,7 @@ internal class DefaultVerificationService @Inject constructor( deviceId, cryptoStore, crossSigningService, - outgoingGossipingRequestManager, + outgoingKeyRequestManager, secretShareManager, myDeviceInfoHolder.get().myDevice.fingerprint()!!, transactionId, @@ -1438,7 +1438,7 @@ internal class DefaultVerificationService @Inject constructor( otherUserId = otherUserId, otherDeviceId = otherDeviceId, crossSigningService = crossSigningService, - outgoingGossipingRequestManager = outgoingGossipingRequestManager, + outgoingKeyRequestManager = outgoingKeyRequestManager, secretShareManager = secretShareManager, cryptoStore = cryptoStore, qrCodeData = qrCodeData, diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/DefaultVerificationTransaction.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/DefaultVerificationTransaction.kt index 770a6ba54c..bb90d7b100 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/DefaultVerificationTransaction.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/DefaultVerificationTransaction.kt @@ -20,7 +20,7 @@ import org.matrix.android.sdk.api.session.crypto.crosssigning.CrossSigningServic import org.matrix.android.sdk.api.session.crypto.crosssigning.DeviceTrustLevel import org.matrix.android.sdk.api.session.crypto.verification.VerificationTransaction import org.matrix.android.sdk.api.session.crypto.verification.VerificationTxState -import org.matrix.android.sdk.internal.crypto.OutgoingGossipingRequestManager +import org.matrix.android.sdk.internal.crypto.OutgoingKeyRequestManager import org.matrix.android.sdk.internal.crypto.SecretShareManager import org.matrix.android.sdk.internal.crypto.actions.SetDeviceVerificationAction import timber.log.Timber @@ -31,7 +31,7 @@ import timber.log.Timber internal abstract class DefaultVerificationTransaction( private val setDeviceVerificationAction: SetDeviceVerificationAction, private val crossSigningService: CrossSigningService, - private val outgoingGossipingRequestManager: OutgoingGossipingRequestManager, + private val outgoingKeyRequestManager: OutgoingKeyRequestManager, private val secretShareManager: SecretShareManager, private val userId: String, override val transactionId: String, diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/SASDefaultVerificationTransaction.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/SASDefaultVerificationTransaction.kt index 43e25ab2bf..133dfe2328 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/SASDefaultVerificationTransaction.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/SASDefaultVerificationTransaction.kt @@ -23,7 +23,7 @@ import org.matrix.android.sdk.api.session.crypto.verification.SasMode import org.matrix.android.sdk.api.session.crypto.verification.SasVerificationTransaction import org.matrix.android.sdk.api.session.crypto.verification.VerificationTxState import org.matrix.android.sdk.api.session.events.model.EventType -import org.matrix.android.sdk.internal.crypto.OutgoingGossipingRequestManager +import org.matrix.android.sdk.internal.crypto.OutgoingKeyRequestManager import org.matrix.android.sdk.internal.crypto.SecretShareManager import org.matrix.android.sdk.internal.crypto.actions.SetDeviceVerificationAction import org.matrix.android.sdk.internal.crypto.store.IMXCryptoStore @@ -42,7 +42,7 @@ internal abstract class SASDefaultVerificationTransaction( open val deviceId: String?, private val cryptoStore: IMXCryptoStore, crossSigningService: CrossSigningService, - outgoingGossipingRequestManager: OutgoingGossipingRequestManager, + outgoingKeyRequestManager: OutgoingKeyRequestManager, secretShareManager: SecretShareManager, private val deviceFingerprint: String, transactionId: String, @@ -52,7 +52,7 @@ internal abstract class SASDefaultVerificationTransaction( ) : DefaultVerificationTransaction( setDeviceVerificationAction, crossSigningService, - outgoingGossipingRequestManager, + outgoingKeyRequestManager, secretShareManager, userId, transactionId, diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/qrcode/DefaultQrCodeVerificationTransaction.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/qrcode/DefaultQrCodeVerificationTransaction.kt index 9cc31d9542..ba434444bf 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/qrcode/DefaultQrCodeVerificationTransaction.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/qrcode/DefaultQrCodeVerificationTransaction.kt @@ -21,8 +21,7 @@ import org.matrix.android.sdk.api.session.crypto.verification.CancelCode import org.matrix.android.sdk.api.session.crypto.verification.QrCodeVerificationTransaction import org.matrix.android.sdk.api.session.crypto.verification.VerificationTxState import org.matrix.android.sdk.api.session.events.model.EventType -import org.matrix.android.sdk.api.util.fromBase64 -import org.matrix.android.sdk.internal.crypto.OutgoingGossipingRequestManager +import org.matrix.android.sdk.internal.crypto.OutgoingKeyRequestManager import org.matrix.android.sdk.internal.crypto.SecretShareManager import org.matrix.android.sdk.internal.crypto.actions.SetDeviceVerificationAction import org.matrix.android.sdk.internal.crypto.crosssigning.fromBase64Safe @@ -37,7 +36,7 @@ internal class DefaultQrCodeVerificationTransaction( override val otherUserId: String, override var otherDeviceId: String?, private val crossSigningService: CrossSigningService, - outgoingGossipingRequestManager: OutgoingGossipingRequestManager, + outgoingKeyRequestManager: OutgoingKeyRequestManager, secretShareManager: SecretShareManager, private val cryptoStore: IMXCryptoStore, // Not null only if other user is able to scan QR code @@ -48,7 +47,7 @@ internal class DefaultQrCodeVerificationTransaction( ) : DefaultVerificationTransaction( setDeviceVerificationAction, crossSigningService, - outgoingGossipingRequestManager, + outgoingKeyRequestManager, secretShareManager, userId, transactionId, diff --git a/vector/src/main/java/im/vector/app/features/crypto/keysrequest/KeyRequestHandler.kt b/vector/src/main/java/im/vector/app/features/crypto/keysrequest/KeyRequestHandler.kt index 0fbb18e63c..cbaafed7e3 100644 --- a/vector/src/main/java/im/vector/app/features/crypto/keysrequest/KeyRequestHandler.kt +++ b/vector/src/main/java/im/vector/app/features/crypto/keysrequest/KeyRequestHandler.kt @@ -22,6 +22,8 @@ import im.vector.app.core.date.DateFormatKind import im.vector.app.core.date.VectorDateFormatter import im.vector.app.features.popup.DefaultVectorAlert import im.vector.app.features.popup.PopupAlertManager +import im.vector.app.features.session.coroutineScope +import kotlinx.coroutines.launch import org.matrix.android.sdk.api.MatrixCallback import org.matrix.android.sdk.api.session.Session import org.matrix.android.sdk.api.session.crypto.crosssigning.DeviceTrustLevel @@ -36,6 +38,12 @@ import org.matrix.android.sdk.api.session.crypto.verification.SasVerificationTra import org.matrix.android.sdk.api.session.crypto.verification.VerificationService import org.matrix.android.sdk.api.session.crypto.verification.VerificationTransaction import org.matrix.android.sdk.api.session.crypto.verification.VerificationTxState +import org.matrix.android.sdk.internal.crypto.IncomingRoomKeyRequest +import org.matrix.android.sdk.internal.crypto.crosssigning.DeviceTrustLevel +import org.matrix.android.sdk.internal.crypto.model.CryptoDeviceInfo +import org.matrix.android.sdk.internal.crypto.model.MXUsersDevicesMap +import org.matrix.android.sdk.internal.crypto.model.rest.DeviceInfo +import org.matrix.android.sdk.internal.crypto.model.rest.SecretShareRequest import timber.log.Timber import javax.inject.Inject import javax.inject.Singleton @@ -72,10 +80,9 @@ class KeyRequestHandler @Inject constructor( session = null } - override fun onSecretShareRequest(request: IncomingSecretShareRequest): Boolean { + override fun onSecretShareRequest(request: SecretShareRequest): Boolean { // By default Element will not prompt if the SDK has decided that the request should not be fulfilled Timber.v("## onSecretShareRequest() : Ignoring $request") - request.ignore?.run() return true } @@ -195,15 +202,14 @@ class KeyRequestHandler @Inject constructor( } private fun denyAllRequests(mappingKey: String) { - alertsToRequests[mappingKey]?.forEach { - it.ignore?.run() - } alertsToRequests.remove(mappingKey) } private fun shareAllSessions(mappingKey: String) { alertsToRequests[mappingKey]?.forEach { - it.share?.run() + session?.coroutineScope?.launch { + session?.cryptoService()?.manuallyAcceptRoomKeyRequest(it) + } } alertsToRequests.remove(mappingKey) } @@ -213,7 +219,7 @@ class KeyRequestHandler @Inject constructor( * * @param request the cancellation request. */ - override fun onRoomKeyRequestCancellation(request: IncomingRequestCancellation) { + override fun onRequestCancelled(request: IncomingRoomKeyRequest) { // see if we can find the request in the queue val userId = request.userId val deviceId = request.deviceId diff --git a/vector/src/main/java/im/vector/app/features/settings/devtools/IncomingKeyRequestPagedController.kt b/vector/src/main/java/im/vector/app/features/settings/devtools/IncomingKeyRequestPagedController.kt index 4653f04f2c..de867b8693 100644 --- a/vector/src/main/java/im/vector/app/features/settings/devtools/IncomingKeyRequestPagedController.kt +++ b/vector/src/main/java/im/vector/app/features/settings/devtools/IncomingKeyRequestPagedController.kt @@ -62,10 +62,6 @@ class IncomingKeyRequestPagedController @Inject constructor( textStyle = "bold" } +"${roomKeyRequest.deviceId}" - span("\nstate: ") { - textStyle = "bold" - } - +roomKeyRequest.state.name }.toEpoxyCharSequence() ) } From b1db6ca180b23de79fc32d6105b7edd3b905c938 Mon Sep 17 00:00:00 2001 From: Valere Date: Wed, 16 Mar 2022 15:55:00 +0100 Subject: [PATCH 007/433] fix db migration --- .../crypto/store/db/migration/MigrateCryptoTo016.kt | 4 ++++ .../sdk/internal/crypto/store/db/model/AuditTrailEntity.kt | 3 ++- .../settings/devtools/GossipingTrailPagedEpoxyController.kt | 6 ++++++ 3 files changed, 12 insertions(+), 1 deletion(-) diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/migration/MigrateCryptoTo016.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/migration/MigrateCryptoTo016.kt index 17d7494968..dac2ba2c31 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/migration/MigrateCryptoTo016.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/migration/MigrateCryptoTo016.kt @@ -42,6 +42,9 @@ class MigrateCryptoTo016(realm: DynamicRealm) : RealmMigrator(realm, 15) { .addField(OutgoingKeyRequestEntityFields.REQUEST_STATE_STR, String::class.java) .addIndex(OutgoingKeyRequestEntityFields.REQUEST_STATE_STR) .addField(OutgoingKeyRequestEntityFields.REQUESTED_INFO_STR, String::class.java) + .addField(OutgoingKeyRequestEntityFields.ROOM_ID, String::class.java) + .addIndex(OutgoingKeyRequestEntityFields.ROOM_ID) + .addField(OutgoingKeyRequestEntityFields.REQUESTED_INDEX, String::class.java) .addField(OutgoingKeyRequestEntityFields.CREATION_TIME_STAMP, Long::class.java) .setNullable(OutgoingKeyRequestEntityFields.CREATION_TIME_STAMP, true) @@ -50,6 +53,7 @@ class MigrateCryptoTo016(realm: DynamicRealm) : RealmMigrator(realm, 15) { .setNullable(AuditTrailEntityFields.AGE_LOCAL_TS, true) .addField(AuditTrailEntityFields.CONTENT_JSON, String::class.java) .addField(AuditTrailEntityFields.TYPE, String::class.java) + .addIndex(AuditTrailEntityFields.TYPE) realm.schema.create("KeyRequestReplyEntity") .addField(KeyRequestReplyEntityFields.SENDER_ID, String::class.java) diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/AuditTrailEntity.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/AuditTrailEntity.kt index a3963e9485..2e0e9c8c8b 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/AuditTrailEntity.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/AuditTrailEntity.kt @@ -17,10 +17,11 @@ package org.matrix.android.sdk.internal.crypto.store.db.model import io.realm.RealmObject +import io.realm.annotations.Index internal open class AuditTrailEntity( var ageLocalTs: Long? = null, - var type: String? = null, + @Index var type: String? = null, var contentJson: String? = null ) : RealmObject() { companion object diff --git a/vector/src/main/java/im/vector/app/features/settings/devtools/GossipingTrailPagedEpoxyController.kt b/vector/src/main/java/im/vector/app/features/settings/devtools/GossipingTrailPagedEpoxyController.kt index 79b4564e7a..5831a6eacf 100644 --- a/vector/src/main/java/im/vector/app/features/settings/devtools/GossipingTrailPagedEpoxyController.kt +++ b/vector/src/main/java/im/vector/app/features/settings/devtools/GossipingTrailPagedEpoxyController.kt @@ -88,6 +88,12 @@ class GossipingTrailPagedEpoxyController @Inject constructor( TrailType.IncomingKeyRequest -> { // no additional info } + TrailType.IncomingKeyForward -> { + + } + TrailType.Unknown -> { + + } } } }.toEpoxyCharSequence() From ae6df469e2adb4b0378aef6d4d31d121ad4fd3d4 Mon Sep 17 00:00:00 2001 From: Valere Date: Wed, 16 Mar 2022 17:47:52 +0100 Subject: [PATCH 008/433] Add incoming key forward trail --- .../algorithms/megolm/MXMegolmDecryption.kt | 9 +++ .../internal/crypto/store/IMXCryptoStore.kt | 10 +++ .../crypto/store/db/RealmCryptoStore.kt | 69 ++++++++++++------- .../devtools/GossipingEventsSerializer.kt | 6 ++ .../GossipingTrailPagedEpoxyController.kt | 7 +- .../IncomingKeyRequestPagedController.kt | 1 + 6 files changed, 76 insertions(+), 26 deletions(-) diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/algorithms/megolm/MXMegolmDecryption.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/algorithms/megolm/MXMegolmDecryption.kt index 4b90617998..8e5edd3643 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/algorithms/megolm/MXMegolmDecryption.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/algorithms/megolm/MXMegolmDecryption.kt @@ -234,6 +234,15 @@ internal class MXMegolmDecryption( fromDevice = fromDevice, event = event) + cryptoStore.saveIncomingForwardKeyAuditTrail( + roomId = roomKeyContent.roomId, + sessionId = roomKeyContent.sessionId, + senderKey = senderKey, + algorithm = roomKeyContent.algorithm ?: "", + userId = event.senderId ?: "", + deviceId = fromDevice ?: "", + chainIndex = index.toLong()) + // The index is used to decide if we cancel sent request or if we wait for a better key outgoingKeyRequestManager.postCancelRequestForSessionIfNeeded(roomKeyContent.sessionId, roomKeyContent.roomId, senderKey, index) } diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/IMXCryptoStore.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/IMXCryptoStore.kt index 1a8be74d92..182b54a096 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/IMXCryptoStore.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/IMXCryptoStore.kt @@ -417,6 +417,16 @@ internal interface IMXCryptoStore { chainIndex: Long? ) + fun saveIncomingForwardKeyAuditTrail( + roomId: String, + sessionId: String, + senderKey: String, + algorithm: String, + userId: String, + deviceId: String, + chainIndex: Long? + ) + fun addNewSessionListener(listener: NewSessionListener) fun removeSessionListener(listener: NewSessionListener) diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/RealmCryptoStore.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/RealmCryptoStore.kt index c7cbf9cdf1..f14ad97745 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/RealmCryptoStore.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/RealmCryptoStore.kt @@ -1269,30 +1269,51 @@ internal class RealmCryptoStore @Inject constructor( } } - override fun saveForwardKeyAuditTrail(roomId: String, - sessionId: String, - senderKey: String, - algorithm: String, - userId: String, - deviceId: String, - chainIndex: Long?) { - monarchy.writeAsync { realm -> - val now = System.currentTimeMillis() - realm.createObject().apply { - this.ageLocalTs = now - this.type = TrailType.OutgoingKeyForward.name - val info = ForwardInfo( - roomId = roomId, - sessionId = sessionId, - senderKey = senderKey, - alg = algorithm, - userId = userId, - deviceId = deviceId, - chainIndex = chainIndex - ) - MoshiProvider.providesMoshi().adapter(ForwardInfo::class.java).toJson(info)?.let { - this.contentJson = it - } + override fun saveForwardKeyAuditTrail(roomId: String, + sessionId: String, + senderKey: String, + algorithm: String, + userId: String, + deviceId: String, + chainIndex: Long?) { + saveForwardKeyTrail(roomId, sessionId, senderKey, algorithm, userId, deviceId, chainIndex, false) + } + + override fun saveIncomingForwardKeyAuditTrail(roomId: String, + sessionId: String, + senderKey: String, + algorithm: String, + userId: String, + deviceId: String, + chainIndex: Long?) { + saveForwardKeyTrail(roomId, sessionId, senderKey, algorithm, userId, deviceId, chainIndex, true) + } + + private fun saveForwardKeyTrail(roomId: String, + sessionId: String, + senderKey: String, + algorithm: String, + userId: String, + deviceId: String, + chainIndex: Long?, + incoming: Boolean + ) { + monarchy.writeAsync { realm -> + val now = System.currentTimeMillis() + realm.createObject().apply { + this.ageLocalTs = now + this.type = if (incoming) TrailType.IncomingKeyForward.name else TrailType.OutgoingKeyForward.name + val info = ForwardInfo( + roomId = roomId, + sessionId = sessionId, + senderKey = senderKey, + alg = algorithm, + userId = userId, + deviceId = deviceId, + chainIndex = chainIndex + ) + MoshiProvider.providesMoshi().adapter(ForwardInfo::class.java).toJson(info)?.let { + this.contentJson = it } } } diff --git a/vector/src/main/java/im/vector/app/features/settings/devtools/GossipingEventsSerializer.kt b/vector/src/main/java/im/vector/app/features/settings/devtools/GossipingEventsSerializer.kt index 20a14df6b2..05fc3a570d 100644 --- a/vector/src/main/java/im/vector/app/features/settings/devtools/GossipingEventsSerializer.kt +++ b/vector/src/main/java/im/vector/app/features/settings/devtools/GossipingEventsSerializer.kt @@ -49,6 +49,12 @@ class GossipingEventsSerializer { append("code: ${it.code} ") } } + TrailType.IncomingKeyForward -> { + append("from:${info.userId}|${info.deviceId} - ") + (trail.info as? ForwardInfo)?.let { + append("chainIndex: ${it.chainIndex} ") + } + } else -> { append("??") } diff --git a/vector/src/main/java/im/vector/app/features/settings/devtools/GossipingTrailPagedEpoxyController.kt b/vector/src/main/java/im/vector/app/features/settings/devtools/GossipingTrailPagedEpoxyController.kt index 5831a6eacf..1377cad1b8 100644 --- a/vector/src/main/java/im/vector/app/features/settings/devtools/GossipingTrailPagedEpoxyController.kt +++ b/vector/src/main/java/im/vector/app/features/settings/devtools/GossipingTrailPagedEpoxyController.kt @@ -89,10 +89,13 @@ class GossipingTrailPagedEpoxyController @Inject constructor( // no additional info } TrailType.IncomingKeyForward -> { - + val fInfo = event.info as ForwardInfo + span("\nchainIndex: ") { + textStyle = "bold" + } + +"${fInfo.chainIndex}" } TrailType.Unknown -> { - } } } diff --git a/vector/src/main/java/im/vector/app/features/settings/devtools/IncomingKeyRequestPagedController.kt b/vector/src/main/java/im/vector/app/features/settings/devtools/IncomingKeyRequestPagedController.kt index de867b8693..09dd198bee 100644 --- a/vector/src/main/java/im/vector/app/features/settings/devtools/IncomingKeyRequestPagedController.kt +++ b/vector/src/main/java/im/vector/app/features/settings/devtools/IncomingKeyRequestPagedController.kt @@ -53,6 +53,7 @@ class IncomingKeyRequestPagedController @Inject constructor( textStyle = "bold" } span("${roomKeyRequest.userId}") + +"\n" +host.vectorDateFormatter.format(roomKeyRequest.localCreationTimestamp, DateFormatKind.DEFAULT_DATE_AND_TIME) span("\nsessionId:") { textStyle = "bold" From 6a509ce22d072ed658e119a95d7822bf6d3eabfe Mon Sep 17 00:00:00 2001 From: Valere Date: Thu, 17 Mar 2022 08:58:02 +0100 Subject: [PATCH 009/433] fix unused var --- .../sdk/internal/crypto/algorithms/megolm/MXMegolmEncryption.kt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/algorithms/megolm/MXMegolmEncryption.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/algorithms/megolm/MXMegolmEncryption.kt index 4717697288..e9a4fb206d 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/algorithms/megolm/MXMegolmEncryption.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/algorithms/megolm/MXMegolmEncryption.kt @@ -280,7 +280,7 @@ internal class MXMegolmEncryption( // attempted to share with) rather than the contentMap (those we did // share with), because we don't want to try to claim a one-time-key // for dead devices on every message. - for ((userId, devicesToShareWith) in devicesByUser) { + for ((_, devicesToShareWith) in devicesByUser) { for (deviceInfo in devicesToShareWith) { session.sharedWithHelper.markedSessionAsShared(deviceInfo, chainIndex) // XXX is it needed to add it to the audit trail? From 1d948d6b2003078159aa1734da0fb40a967e5eaa Mon Sep 17 00:00:00 2001 From: Valere Date: Fri, 18 Mar 2022 17:11:56 +0100 Subject: [PATCH 010/433] Add option to disable key gossip, clear key request on trust change --- .../sdk/internal/crypto/E2eeSanityTests.kt | 91 +- .../crypto/gossiping/KeyShareTests.kt | 45 +- .../sdk/api/session/crypto/CryptoService.kt | 9 + .../internal/crypto/DefaultCryptoService.kt | 6 + .../crypto/OutgoingKeyRequestManager.kt | 47 +- .../algorithms/megolm/MXMegolmDecryption.kt | 10 +- .../DefaultCrossSigningService.kt | 21 +- .../internal/crypto/store/IMXCryptoStore.kt | 12 +- .../crypto/store/db/RealmCryptoStore.kt | 1007 +++++++++-------- .../store/db/migration/MigrateCryptoTo016.kt | 8 + .../store/db/model/CryptoMetadataEntity.kt | 2 + .../room/membership/joining/JoinRoomTask.kt | 15 +- 12 files changed, 696 insertions(+), 577 deletions(-) diff --git a/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/E2eeSanityTests.kt b/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/E2eeSanityTests.kt index d5ae06a0e3..fe7c17636b 100644 --- a/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/E2eeSanityTests.kt +++ b/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/E2eeSanityTests.kt @@ -64,9 +64,6 @@ import java.util.concurrent.CountDownLatch @LargeTest class E2eeSanityTests : InstrumentedTest { - private val testHelper = CommonTestHelper(context()) - private val cryptoTestHelper = CryptoTestHelper(testHelper) - /** * Simple test that create an e2ee room. * Some new members are added, and a message is sent. @@ -78,16 +75,24 @@ class E2eeSanityTests : InstrumentedTest { */ @Test fun testSendingE2EEMessages() { + val testHelper = CommonTestHelper(context()) + val cryptoTestHelper = CryptoTestHelper(testHelper) + val cryptoTestData = cryptoTestHelper.doE2ETestWithAliceAndBobInARoom(true) val aliceSession = cryptoTestData.firstSession val e2eRoomID = cryptoTestData.roomId val aliceRoomPOV = aliceSession.getRoom(e2eRoomID)!! + // we want to disable key gossiping to just check initial sending of keys + aliceSession.cryptoService().enableKeyGossiping(false) + cryptoTestData.secondSession?.cryptoService()?.enableKeyGossiping(false) // add some more users and invite them val otherAccounts = listOf("benoit", "valere", "ganfra") // , "adam", "manu") .map { - testHelper.createAccount(it, SessionTestParams(true)) + testHelper.createAccount(it, SessionTestParams(true)).also { + it.cryptoService().enableKeyGossiping(false) + } } Log.v("#E2E TEST", "All accounts created") @@ -101,18 +106,18 @@ class E2eeSanityTests : InstrumentedTest { // All user should accept invite otherAccounts.forEach { otherSession -> - waitForAndAcceptInviteInRoom(otherSession, e2eRoomID) + waitForAndAcceptInviteInRoom(testHelper, otherSession, e2eRoomID) Log.v("#E2E TEST", "${otherSession.myUserId} joined room $e2eRoomID") } // check that alice see them as joined (not really necessary?) - ensureMembersHaveJoined(aliceSession, otherAccounts, e2eRoomID) + ensureMembersHaveJoined(testHelper, aliceSession, otherAccounts, e2eRoomID) Log.v("#E2E TEST", "All users have joined the room") Log.v("#E2E TEST", "Alice is sending the message") val text = "This is my message" - val sentEventId: String? = sendMessageInRoom(aliceRoomPOV, text) + val sentEventId: String? = sendMessageInRoom(testHelper, aliceRoomPOV, text) // val sentEvent = testHelper.sendTextMessage(aliceRoomPOV, "Hello all", 1).first() Assert.assertTrue("Message should be sent", sentEventId != null) @@ -142,10 +147,10 @@ class E2eeSanityTests : InstrumentedTest { } newAccount.forEach { - waitForAndAcceptInviteInRoom(it, e2eRoomID) + waitForAndAcceptInviteInRoom(testHelper, it, e2eRoomID) } - ensureMembersHaveJoined(aliceSession, newAccount, e2eRoomID) + ensureMembersHaveJoined(testHelper, aliceSession, newAccount, e2eRoomID) // wait a bit testHelper.runBlockingTest { @@ -170,7 +175,7 @@ class E2eeSanityTests : InstrumentedTest { Log.v("#E2E TEST", "Alice sends a new message") val secondMessage = "2 This is my message" - val secondSentEventId: String? = sendMessageInRoom(aliceRoomPOV, secondMessage) + val secondSentEventId: String? = sendMessageInRoom(testHelper, aliceRoomPOV, secondMessage) // new members should be able to decrypt it newAccount.forEach { otherSession -> @@ -194,6 +199,14 @@ class E2eeSanityTests : InstrumentedTest { cryptoTestData.cleanUp(testHelper) } + @Test + fun testKeyGossipingIsEnabledByDefault() { + val testHelper = CommonTestHelper(context()) + val session = testHelper.createAccount("alice", SessionTestParams(true)) + Assert.assertTrue("Key gossiping should be enabled by default", session.cryptoService().isKeyGossipingEnabled()) + testHelper.signOutAndClose(session) + } + /** * Quick test for basic key backup * 1. Create e2e between Alice and Bob @@ -210,6 +223,9 @@ class E2eeSanityTests : InstrumentedTest { */ @Test fun testBasicBackupImport() { + val testHelper = CommonTestHelper(context()) + val cryptoTestHelper = CryptoTestHelper(testHelper) + val cryptoTestData = cryptoTestHelper.doE2ETestWithAliceAndBobInARoom(true) val aliceSession = cryptoTestData.firstSession val bobSession = cryptoTestData.secondSession!! @@ -233,7 +249,7 @@ class E2eeSanityTests : InstrumentedTest { val sentEventIds = mutableListOf() val messagesText = listOf("1. Hello", "2. Bob", "3. Good morning") messagesText.forEach { text -> - val sentEventId = sendMessageInRoom(aliceRoomPOV, text)!!.also { + val sentEventId = sendMessageInRoom(testHelper, aliceRoomPOV, text)!!.also { sentEventIds.add(it) } @@ -327,6 +343,9 @@ class E2eeSanityTests : InstrumentedTest { */ @Test fun testSimpleGossip() { + val testHelper = CommonTestHelper(context()) + val cryptoTestHelper = CryptoTestHelper(testHelper) + val cryptoTestData = cryptoTestHelper.doE2ETestWithAliceAndBobInARoom(true) val aliceSession = cryptoTestData.firstSession val bobSession = cryptoTestData.secondSession!! @@ -334,15 +353,13 @@ class E2eeSanityTests : InstrumentedTest { val aliceRoomPOV = aliceSession.getRoom(e2eRoomID)!! - cryptoTestHelper.initializeCrossSigning(bobSession) - // let's send a few message to bob val sentEventIds = mutableListOf() val messagesText = listOf("1. Hello", "2. Bob") Log.v("#E2E TEST", "Alice sends some messages") messagesText.forEach { text -> - val sentEventId = sendMessageInRoom(aliceRoomPOV, text)!!.also { + val sentEventId = sendMessageInRoom(testHelper, aliceRoomPOV, text)!!.also { sentEventIds.add(it) } @@ -357,7 +374,7 @@ class E2eeSanityTests : InstrumentedTest { } // Ensure bob can decrypt - ensureIsDecrypted(sentEventIds, bobSession, e2eRoomID) + ensureIsDecrypted(testHelper, sentEventIds, bobSession, e2eRoomID) // Let's now add a new bob session // Create a new session for bob @@ -431,6 +448,9 @@ class E2eeSanityTests : InstrumentedTest { */ @Test fun testForwardBetterKey() { + val testHelper = CommonTestHelper(context()) + val cryptoTestHelper = CryptoTestHelper(testHelper) + val cryptoTestData = cryptoTestHelper.doE2ETestWithAliceAndBobInARoom(true) val aliceSession = cryptoTestData.firstSession val bobSessionWithBetterKey = cryptoTestData.secondSession!! @@ -438,15 +458,13 @@ class E2eeSanityTests : InstrumentedTest { val aliceRoomPOV = aliceSession.getRoom(e2eRoomID)!! - cryptoTestHelper.initializeCrossSigning(bobSessionWithBetterKey) - // let's send a few message to bob var firstEventId: String val firstMessage = "1. Hello" Log.v("#E2E TEST", "Alice sends some messages") firstMessage.let { text -> - firstEventId = sendMessageInRoom(aliceRoomPOV, text)!! + firstEventId = sendMessageInRoom(testHelper, aliceRoomPOV, text)!! testHelper.waitWithLatch { latch -> testHelper.retryPeriodicallyWithLatch(latch) { @@ -459,7 +477,7 @@ class E2eeSanityTests : InstrumentedTest { } // Ensure bob can decrypt - ensureIsDecrypted(listOf(firstEventId), bobSessionWithBetterKey, e2eRoomID) + ensureIsDecrypted(testHelper, listOf(firstEventId), bobSessionWithBetterKey, e2eRoomID) // Let's add a new unverified session from bob val newBobSession = testHelper.logIntoAccount(bobSessionWithBetterKey.myUserId, SessionTestParams(true)) @@ -474,7 +492,7 @@ class E2eeSanityTests : InstrumentedTest { Log.v("#E2E TEST", "Alice sends some messages") secondMessage.let { text -> - secondEventId = sendMessageInRoom(aliceRoomPOV, text)!! + secondEventId = sendMessageInRoom(testHelper, aliceRoomPOV, text)!! testHelper.waitWithLatch { latch -> testHelper.retryPeriodicallyWithLatch(latch) { @@ -524,7 +542,7 @@ class E2eeSanityTests : InstrumentedTest { .markedLocallyAsManuallyVerified(bobSessionWithBetterKey.myUserId, bobSessionWithBetterKey.sessionParams.deviceId!!) // now let new session request - newBobSession.cryptoService().requestRoomKeyForEvent(firstEventNewBobPov.root) + newBobSession.cryptoService().reRequestRoomKeyForEvent(firstEventNewBobPov.root) // We need to wait for the key request to be sent out and then a reply to be received @@ -552,11 +570,12 @@ class E2eeSanityTests : InstrumentedTest { } } - cryptoTestData.cleanUp(testHelper) + testHelper.signOutAndClose(aliceSession) + testHelper.signOutAndClose(bobSessionWithBetterKey) testHelper.signOutAndClose(newBobSession) } - private fun sendMessageInRoom(aliceRoomPOV: Room, text: String): String? { + private fun sendMessageInRoom(testHelper: CommonTestHelper, aliceRoomPOV: Room, text: String): String? { aliceRoomPOV.sendTextMessage(text) var sentEventId: String? = null testHelper.waitWithLatch(4 * 60_000L) { latch -> @@ -586,6 +605,9 @@ class E2eeSanityTests : InstrumentedTest { */ @Test fun testSelfInteractiveVerificationAndGossip() { + val testHelper = CommonTestHelper(context()) + val cryptoTestHelper = CryptoTestHelper(testHelper) + val aliceSession = testHelper.createAccount("alice", SessionTestParams(true)) cryptoTestHelper.bootstrapSecurity(aliceSession) @@ -614,16 +636,16 @@ class E2eeSanityTests : InstrumentedTest { Log.d("##TEST", "exitsingPov: $tx") val sasTx = tx as OutgoingSasVerificationTransaction when (sasTx.uxState) { - OutgoingSasVerificationTransaction.UxState.SHOW_SAS -> { + OutgoingSasVerificationTransaction.UxState.SHOW_SAS -> { // for the test we just accept? oldCode = sasTx.getDecimalCodeRepresentation() sasTx.userHasVerifiedShortCode() } - OutgoingSasVerificationTransaction.UxState.VERIFIED -> { + OutgoingSasVerificationTransaction.UxState.VERIFIED -> { // we can release this latch? oldCompleteLatch.countDown() } - else -> Unit + else -> Unit } } }) @@ -647,20 +669,20 @@ class E2eeSanityTests : InstrumentedTest { val sasTx = tx as IncomingSasVerificationTransaction when (sasTx.uxState) { - IncomingSasVerificationTransaction.UxState.SHOW_ACCEPT -> { + IncomingSasVerificationTransaction.UxState.SHOW_ACCEPT -> { // no need to accept as there was a request first it will auto accept } - IncomingSasVerificationTransaction.UxState.SHOW_SAS -> { + IncomingSasVerificationTransaction.UxState.SHOW_SAS -> { if (matchOnce) { sasTx.userHasVerifiedShortCode() newCode = sasTx.getDecimalCodeRepresentation() matchOnce = false } } - IncomingSasVerificationTransaction.UxState.VERIFIED -> { + IncomingSasVerificationTransaction.UxState.VERIFIED -> { newCompleteLatch.countDown() } - else -> Unit + else -> Unit } } }) @@ -727,7 +749,7 @@ class E2eeSanityTests : InstrumentedTest { testHelper.signOutAndClose(aliceNewSession) } - private fun ensureMembersHaveJoined(aliceSession: Session, otherAccounts: List, e2eRoomID: String) { + private fun ensureMembersHaveJoined(testHelper: CommonTestHelper, aliceSession: Session, otherAccounts: List, e2eRoomID: String) { testHelper.waitWithLatch { latch -> testHelper.retryPeriodicallyWithLatch(latch) { otherAccounts.map { @@ -739,7 +761,7 @@ class E2eeSanityTests : InstrumentedTest { } } - private fun waitForAndAcceptInviteInRoom(otherSession: Session, e2eRoomID: String) { + private fun waitForAndAcceptInviteInRoom(testHelper: CommonTestHelper, otherSession: Session, e2eRoomID: String) { testHelper.waitWithLatch { latch -> testHelper.retryPeriodicallyWithLatch(latch) { val roomSummary = otherSession.getRoomSummary(e2eRoomID) @@ -751,7 +773,8 @@ class E2eeSanityTests : InstrumentedTest { } } - testHelper.runBlockingTest(60_000) { + // not sure why it's taking so long :/ + testHelper.runBlockingTest(90_000) { Log.v("#E2E TEST", "${otherSession.myUserId} tries to join room $e2eRoomID") try { otherSession.roomService().joinRoom(e2eRoomID) @@ -769,7 +792,7 @@ class E2eeSanityTests : InstrumentedTest { } } - private fun ensureIsDecrypted(sentEventIds: List, session: Session, e2eRoomID: String) { + private fun ensureIsDecrypted(testHelper: CommonTestHelper, sentEventIds: List, session: Session, e2eRoomID: String) { testHelper.waitWithLatch { latch -> sentEventIds.forEach { sentEventId -> testHelper.retryPeriodicallyWithLatch(latch) { diff --git a/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/gossiping/KeyShareTests.kt b/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/gossiping/KeyShareTests.kt index 3e8ca8daff..631b241c6c 100644 --- a/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/gossiping/KeyShareTests.kt +++ b/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/gossiping/KeyShareTests.kt @@ -50,11 +50,11 @@ import org.matrix.android.sdk.internal.crypto.RequestResult @LargeTest class KeyShareTests : InstrumentedTest { - private val commonTestHelper = CommonTestHelper(context()) - private val cryptoTestHelper = CryptoTestHelper(commonTestHelper) - @Test fun test_DoNotSelfShareIfNotTrusted() { + val commonTestHelper = CommonTestHelper(context()) + val cryptoTestHelper = CryptoTestHelper(commonTestHelper) + val aliceSession = commonTestHelper.createAccount(TestConstants.USER_ALICE, SessionTestParams(true)) Log.v("TEST", "=======> AliceSession 1 is ${aliceSession.sessionParams.deviceId}") @@ -71,13 +71,17 @@ class KeyShareTests : InstrumentedTest { assertNotNull(room) Thread.sleep(4_000) assertTrue(room?.isEncrypted() == true) + val sentEvent = commonTestHelper.sendTextMessage(room!!, "My Message", 1).first() val sentEventId = sentEvent.eventId val sentEventText = sentEvent.getLastMessageContent()?.body - // Open a new sessionx + // Open a new session + val aliceSession2 = commonTestHelper.logIntoAccount(aliceSession.myUserId, SessionTestParams(false)) + // block key requesting for now as decrypt will send requests (room summary is trying to decrypt) + aliceSession2.cryptoService().enableKeyGossiping(false) + commonTestHelper.syncSession(aliceSession2) - val aliceSession2 = commonTestHelper.logIntoAccount(aliceSession.myUserId, SessionTestParams(true)) Log.v("TEST", "=======> AliceSession 2 is ${aliceSession2.sessionParams.deviceId}") val roomSecondSessionPOV = aliceSession2.getRoom(roomId) @@ -95,7 +99,10 @@ class KeyShareTests : InstrumentedTest { } val outgoingRequestsBefore = aliceSession2.cryptoService().getOutgoingRoomKeyRequests() + assertEquals("There should be no request as it's disabled", 0, outgoingRequestsBefore.size) + // Try to request + aliceSession2.cryptoService().enableKeyGossiping(true) aliceSession2.cryptoService().requestRoomKeyForEvent(receivedEvent.root) val eventMegolmSessionId = receivedEvent.root.content.toModel()?.sessionId @@ -105,10 +112,6 @@ class KeyShareTests : InstrumentedTest { commonTestHelper.waitWithLatch { latch -> commonTestHelper.retryPeriodicallyWithLatch(latch) { aliceSession2.cryptoService().getOutgoingRoomKeyRequests() - .filter { req -> - // filter out request that was known before - !outgoingRequestsBefore.any { req.requestId == it.requestId } - } .let { val outgoing = it.firstOrNull { it.sessionId == eventMegolmSessionId } outGoingRequestId = outgoing?.requestId @@ -156,7 +159,7 @@ class KeyShareTests : InstrumentedTest { val outgoing = aliceSession2.cryptoService().getOutgoingRoomKeyRequests().firstOrNull { it.requestId == outGoingRequestId } val reply = outgoing?.results?.firstOrNull { it.userId == aliceSession.myUserId && it.fromDevice == aliceSession.sessionParams.deviceId } val resultCode = (reply?.result as? RequestResult.Failure)?.code - resultCode == WithHeldCode.UNAUTHORISED + resultCode == WithHeldCode.UNVERIFIED } } @@ -189,6 +192,9 @@ class KeyShareTests : InstrumentedTest { */ @Test fun test_reShareIfWasIntendedToBeShared() { + val commonTestHelper = CommonTestHelper(context()) + val cryptoTestHelper = CryptoTestHelper(commonTestHelper) + val testData = cryptoTestHelper.doE2ETestWithAliceAndBobInARoom(true) val aliceSession = testData.firstSession val roomFromAlice = aliceSession.getRoom(testData.roomId)!! @@ -219,6 +225,9 @@ class KeyShareTests : InstrumentedTest { */ @Test fun test_reShareToUnverifiedIfWasIntendedToBeShared() { + val commonTestHelper = CommonTestHelper(context()) + val cryptoTestHelper = CryptoTestHelper(commonTestHelper) + val testData = cryptoTestHelper.doE2ETestWithAliceInARoom(true) val aliceSession = testData.firstSession val roomFromAlice = aliceSession.getRoom(testData.roomId)!! @@ -254,6 +263,9 @@ class KeyShareTests : InstrumentedTest { */ @Test fun test_reShareFromTheEarliestKnownIndexWithOwnVerifiedSession() { + val commonTestHelper = CommonTestHelper(context()) + val cryptoTestHelper = CryptoTestHelper(commonTestHelper) + val testData = cryptoTestHelper.doE2ETestWithAliceAndBobInARoom(true) val aliceSession = testData.firstSession val bobSession = testData.secondSession!! @@ -263,7 +275,9 @@ class KeyShareTests : InstrumentedTest { val sentEventMegolmSession = sentEvents.first().root.content.toModel()!!.sessionId!! // Let alice now add a new session - val aliceNewSession = commonTestHelper.logIntoAccount(aliceSession.myUserId, SessionTestParams(true)) + val aliceNewSession = commonTestHelper.logIntoAccount(aliceSession.myUserId, SessionTestParams(false)) + aliceNewSession.cryptoService().enableKeyGossiping(false) + commonTestHelper.syncSession(aliceNewSession) // we wait bob first session to be aware of that session? commonTestHelper.waitWithLatch { latch -> @@ -289,7 +303,8 @@ class KeyShareTests : InstrumentedTest { } assertEquals(sentEventMegolmSession, newEvent.root.content.toModel()!!.sessionId) - // Request a first time, bob and alice should reply with unauthorized + // Request a first time, bob should reply with unauthorized and alice should reply with unverified + aliceNewSession.cryptoService().enableKeyGossiping(true) aliceNewSession.cryptoService().reRequestRoomKeyForEvent(newEvent.root) commonTestHelper.waitWithLatch { latch -> @@ -309,6 +324,7 @@ class KeyShareTests : InstrumentedTest { val bobDeviceReply = outgoing?.results ?.firstOrNull { it.userId == bobSession.myUserId && it.fromDevice == bobSession.sessionParams.deviceId } val result = bobDeviceReply?.result + Log.v("TEST", "bob device result is $result") result != null && result is RequestResult.Success && result.chainIndex > 0 } } @@ -322,7 +338,7 @@ class KeyShareTests : InstrumentedTest { .markedLocallyAsManuallyVerified(aliceNewSession.myUserId, aliceNewSession.sessionParams.deviceId!!) // Let's now try to request - aliceNewSession.cryptoService().reRequestRoomKeyForEvent(newEvent.root) + aliceNewSession.cryptoService().reRequestRoomKeyForEvent(sentEvents.first().root) commonTestHelper.waitWithLatch { latch -> commonTestHelper.retryPeriodicallyWithLatch(latch) { @@ -368,6 +384,9 @@ class KeyShareTests : InstrumentedTest { */ @Test fun test_dontCancelToEarly() { + val commonTestHelper = CommonTestHelper(context()) + val cryptoTestHelper = CryptoTestHelper(commonTestHelper) + val testData = cryptoTestHelper.doE2ETestWithAliceAndBobInARoom(true) val aliceSession = testData.firstSession val bobSession = testData.secondSession!! diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/CryptoService.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/CryptoService.kt index b62908ade0..5a2d8702be 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/CryptoService.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/CryptoService.kt @@ -76,6 +76,15 @@ interface CryptoService { fun setGlobalBlacklistUnverifiedDevices(block: Boolean) + /** + * Enable or disable key gossiping. + * Default is true. + * If set to false this device won't send key_request nor will accept key forwarded + */ + fun enableKeyGossiping(enable: Boolean) + + fun isKeyGossipingEnabled(): Boolean + fun setRoomUnBlacklistUnverifiedDevices(roomId: String) fun getDeviceTrackingStatus(userId: String): Int diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/DefaultCryptoService.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/DefaultCryptoService.kt index 0f040bd322..2ce517d79c 100755 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/DefaultCryptoService.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/DefaultCryptoService.kt @@ -1080,6 +1080,12 @@ internal class DefaultCryptoService @Inject constructor( cryptoStore.setGlobalBlacklistUnverifiedDevices(block) } + override fun enableKeyGossiping(enable: Boolean) { + cryptoStore.enableKeyGossiping(enable) + } + + override fun isKeyGossipingEnabled() = cryptoStore.isKeyGossipingEnabled() + /** * Tells whether the client should ever send encrypted messages to unverified devices. * The default value is false. diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingKeyRequestManager.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingKeyRequestManager.kt index d8d3296d25..c0b94f5584 100755 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingKeyRequestManager.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingKeyRequestManager.kt @@ -23,18 +23,19 @@ import kotlinx.coroutines.cancel import kotlinx.coroutines.launch import kotlinx.coroutines.withContext import org.matrix.android.sdk.api.MatrixCoroutineDispatchers +import org.matrix.android.sdk.api.crypto.MXCRYPTO_ALGORITHM_MEGOLM import org.matrix.android.sdk.api.crypto.MXCryptoConfig import org.matrix.android.sdk.api.extensions.tryOrNull import org.matrix.android.sdk.api.logger.LoggerTag +import org.matrix.android.sdk.api.session.crypto.model.GossipingToDeviceObject +import org.matrix.android.sdk.api.session.crypto.model.MXUsersDevicesMap +import org.matrix.android.sdk.api.session.crypto.model.RoomKeyRequestBody +import org.matrix.android.sdk.api.session.crypto.model.RoomKeyShareRequest import org.matrix.android.sdk.api.session.events.model.Event import org.matrix.android.sdk.api.session.events.model.EventType +import org.matrix.android.sdk.api.session.events.model.content.EncryptedEventContent import org.matrix.android.sdk.api.session.events.model.toModel -import org.matrix.android.sdk.internal.crypto.crosssigning.fromBase64 -import org.matrix.android.sdk.internal.crypto.model.MXUsersDevicesMap -import org.matrix.android.sdk.internal.crypto.model.event.EncryptedEventContent -import org.matrix.android.sdk.internal.crypto.model.rest.GossipingToDeviceObject -import org.matrix.android.sdk.internal.crypto.model.rest.RoomKeyRequestBody -import org.matrix.android.sdk.internal.crypto.model.rest.RoomKeyShareRequest +import org.matrix.android.sdk.api.util.fromBase64 import org.matrix.android.sdk.internal.crypto.store.IMXCryptoStore import org.matrix.android.sdk.internal.crypto.tasks.DefaultSendToDeviceTask import org.matrix.android.sdk.internal.crypto.tasks.SendToDeviceTask @@ -75,7 +76,7 @@ internal class OutgoingKeyRequestManager @Inject constructor( // We only have one active key request per session, so we don't request if it's already requested // But it could make sense to check more the backup, as it's evolving. // We keep a stack as we consider that the key requested last is more likely to be on screen? - private val requestDiscardedBecauseAlreadySentThatCouldBeTriedWithBackup = Stack() + private val requestDiscardedBecauseAlreadySentThatCouldBeTriedWithBackup = Stack>() fun requestKeyForEvent(event: Event, force: Boolean) { val (targets, body) = getRoomKeyRequestTargetForEvent(event) ?: return @@ -157,6 +158,20 @@ internal class OutgoingKeyRequestManager @Inject constructor( } } + fun onSelfCrossSigningTrustChanged(newTrust: Boolean) { + if (newTrust) { + // we were previously not cross signed, but we are now + // so there is now more chances to get better replies for existing request + // Let's forget about sent request so that next time we try to decrypt we will resend requests + // We don't resend all because we don't want to generate a bulk of traffic + outgoingRequestScope.launch { + sequencer.post { + cryptoStore.deleteOutgoingRoomKeyRequestInState(OutgoingRoomKeyRequestState.SENT) + } + } + } + } + fun onRoomKeyForwarded(sessionId: String, algorithm: String, roomId: String, @@ -274,6 +289,15 @@ internal class OutgoingKeyRequestManager @Inject constructor( } private fun internalQueueRequest(requestBody: RoomKeyRequestBody, recipients: Map>, fromIndex: Int, force: Boolean) { + if (!cryptoStore.isKeyGossipingEnabled()) { + // we might want to try backup? + if (requestBody.roomId != null && requestBody.sessionId != null) { + requestDiscardedBecauseAlreadySentThatCouldBeTriedWithBackup.push(requestBody.roomId to requestBody.sessionId) + } + Timber.tag(loggerTag.value).d("discarding request for ${requestBody.sessionId} as gossiping is disabled") + return + } + Timber.tag(loggerTag.value).d("Queueing key request for ${requestBody.sessionId} force:$force") val existing = cryptoStore.getOutgoingRoomKeyRequest(requestBody) Timber.tag(loggerTag.value).v("Queueing key request exiting is ${existing?.state}") @@ -293,7 +317,9 @@ internal class OutgoingKeyRequestManager @Inject constructor( Timber.tag(loggerTag.value).d(".. force to request ${requestBody.sessionId}") cryptoStore.updateOutgoingRoomKeyRequestState(existing.requestId, OutgoingRoomKeyRequestState.CANCELLATION_PENDING_AND_WILL_RESEND) } else { - requestDiscardedBecauseAlreadySentThatCouldBeTriedWithBackup.push(existing.requestId) + if (existing.roomId != null && existing.sessionId != null) { + requestDiscardedBecauseAlreadySentThatCouldBeTriedWithBackup.push(existing.roomId to existing.sessionId) + } } } OutgoingRoomKeyRequestState.CANCELLATION_PENDING -> { @@ -343,10 +369,7 @@ internal class OutgoingKeyRequestManager @Inject constructor( var currentCalls = 0 measureTimeMillis { while (requestDiscardedBecauseAlreadySentThatCouldBeTriedWithBackup.isNotEmpty() && currentCalls < maxBackupCallsBySync) { - requestDiscardedBecauseAlreadySentThatCouldBeTriedWithBackup.pop().let { - val req = cryptoStore.getOutgoingRoomKeyRequest(it) - val sessionId = req?.sessionId ?: return@let - val roomId = req.roomId ?: return@let + requestDiscardedBecauseAlreadySentThatCouldBeTriedWithBackup.pop().let { (roomId, sessionId) -> // we want to rate limit that somehow :/ perSessionBackupQueryRateLimiter.tryFromBackupIfPossible(sessionId, roomId) } diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/algorithms/megolm/MXMegolmDecryption.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/algorithms/megolm/MXMegolmDecryption.kt index 8e5edd3643..464a1ca3e7 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/algorithms/megolm/MXMegolmDecryption.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/algorithms/megolm/MXMegolmDecryption.kt @@ -54,10 +54,7 @@ internal class MXMegolmDecryption( @Throws(MXCryptoError::class) override suspend fun decryptEvent(event: Event, timeline: String): MXEventDecryptionResult { - // If cross signing is enabled, we don't send request until the keys are trusted - // There could be a race effect here when xsigning is enabled, we should ensure that keys was downloaded once - val requestOnFail = cryptoStore.getMyCrossSigningInfo()?.isTrusted() == true - return decryptEvent(event, timeline, requestOnFail) + return decryptEvent(event, timeline, true) } @Throws(MXCryptoError::class) @@ -164,6 +161,11 @@ internal class MXMegolmDecryption( return } if (event.getClearType() == EventType.FORWARDED_ROOM_KEY) { + if (!cryptoStore.isKeyGossipingEnabled()) { + Timber.tag(loggerTag.value) + .i("onRoomKeyEvent(), ignore forward adding as per crypto config : ${roomKeyContent.roomId}|${roomKeyContent.sessionId}") + return + } Timber.tag(loggerTag.value).i("onRoomKeyEvent(), forward adding key : ${roomKeyContent.roomId}|${roomKeyContent.sessionId}") val forwardedRoomKeyContent = event.getClearContent().toModel() ?: return diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/crosssigning/DefaultCrossSigningService.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/crosssigning/DefaultCrossSigningService.kt index ba1718688f..18e1608f95 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/crosssigning/DefaultCrossSigningService.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/crosssigning/DefaultCrossSigningService.kt @@ -38,6 +38,8 @@ import org.matrix.android.sdk.api.session.crypto.model.CryptoDeviceInfo import org.matrix.android.sdk.api.util.Optional import org.matrix.android.sdk.api.util.fromBase64 import org.matrix.android.sdk.internal.crypto.DeviceListManager +import org.matrix.android.sdk.internal.crypto.OutgoingKeyRequestManager +import org.matrix.android.sdk.internal.crypto.model.CryptoDeviceInfo import org.matrix.android.sdk.internal.crypto.model.rest.UploadSignatureQueryBuilder import org.matrix.android.sdk.internal.crypto.store.IMXCryptoStore import org.matrix.android.sdk.internal.crypto.tasks.InitializeCrossSigningTask @@ -70,6 +72,7 @@ internal class DefaultCrossSigningService @Inject constructor( private val coroutineDispatchers: MatrixCoroutineDispatchers, private val cryptoCoroutineScope: CoroutineScope, private val workManagerProvider: WorkManagerProvider, + private val outgoingKeyRequestManager: OutgoingKeyRequestManager, private val updateTrustWorkerDataRepository: UpdateTrustWorkerDataRepository ) : CrossSigningService, DeviceListManager.UserDevicesUpdateListener { @@ -781,7 +784,8 @@ internal class DefaultCrossSigningService @Inject constructor( // If it's me, recheck trust of all users and devices? val users = ArrayList() if (otherUserId == userId && currentTrust != trusted) { -// reRequestAllPendingRoomKeyRequest() + // notify key requester + outgoingKeyRequestManager.onSelfCrossSigningTrustChanged(trusted) cryptoStore.updateUsersTrust { users.add(it) checkUserTrust(it).isVerified() @@ -796,19 +800,4 @@ internal class DefaultCrossSigningService @Inject constructor( } } } - -// private fun reRequestAllPendingRoomKeyRequest() { -// cryptoCoroutineScope.launch(coroutineDispatchers.crypto) { -// Timber.d("## CrossSigning - reRequest pending outgoing room key requests") -// cryptoStore.getOutgoingRoomKeyRequests().forEach { -// it.requestBody?.let { requestBody -> -// if (cryptoStore.getInboundGroupSession(requestBody.sessionId ?: "", requestBody.senderKey ?: "") == null) { -// outgoingRoomKeyRequestManager.resendRoomKeyRequest(requestBody) -// } else { -// outgoingRoomKeyRequestManager.cancelRoomKeyRequest(requestBody) -// } -// } -// } -// } -// } } diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/IMXCryptoStore.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/IMXCryptoStore.kt index 182b54a096..438fb53717 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/IMXCryptoStore.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/IMXCryptoStore.kt @@ -32,7 +32,7 @@ import org.matrix.android.sdk.api.session.events.model.content.RoomKeyWithHeldCo import org.matrix.android.sdk.api.session.events.model.content.WithHeldCode import org.matrix.android.sdk.api.util.Optional import org.matrix.android.sdk.internal.crypto.OutgoingKeyRequest -import org.matrix.android.sdk.api.session.crypto.model.OutgoingRoomKeyRequestState +import org.matrix.android.sdk.internal.crypto.OutgoingRoomKeyRequestState import org.matrix.android.sdk.internal.crypto.model.AuditTrail import org.matrix.android.sdk.internal.crypto.model.OlmInboundGroupSessionWrapper2 import org.matrix.android.sdk.internal.crypto.model.OlmSessionWrapper @@ -81,6 +81,15 @@ internal interface IMXCryptoStore { */ fun setGlobalBlacklistUnverifiedDevices(block: Boolean) + /** + * Enable or disable key gossiping. + * Default is true. + * If set to false this device won't send key_request nor will accept key forwarded + */ + fun enableKeyGossiping(enable: Boolean) + + fun isKeyGossipingEnabled(): Boolean + /** * Provides the rooms ids list in which the messages are not encrypted for the unverified devices. * @@ -386,6 +395,7 @@ internal interface IMXCryptoStore { event: Event) fun deleteOutgoingRoomKeyRequest(requestId: String) + fun deleteOutgoingRoomKeyRequestInState(state: OutgoingRoomKeyRequestState) fun saveIncomingKeyRequestAuditTrail( requestId: String, diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/RealmCryptoStore.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/RealmCryptoStore.kt index f14ad97745..3595609eef 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/RealmCryptoStore.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/RealmCryptoStore.kt @@ -37,12 +37,14 @@ import org.matrix.android.sdk.api.session.crypto.keysbackup.SavedKeyBackupKeyInf import org.matrix.android.sdk.api.session.crypto.model.CryptoDeviceInfo import org.matrix.android.sdk.api.session.crypto.model.DeviceInfo import org.matrix.android.sdk.api.session.crypto.model.MXUsersDevicesMap -import org.matrix.android.sdk.api.session.crypto.model.OutgoingRoomKeyRequestState import org.matrix.android.sdk.api.session.crypto.model.RoomKeyRequestBody import org.matrix.android.sdk.api.session.events.model.Event import org.matrix.android.sdk.api.session.events.model.content.RoomKeyWithHeldContent import org.matrix.android.sdk.api.session.events.model.content.WithHeldCode +import org.matrix.android.sdk.api.util.Optional import org.matrix.android.sdk.api.util.toOptional +import org.matrix.android.sdk.internal.crypto.OutgoingKeyRequest +import org.matrix.android.sdk.internal.crypto.OutgoingRoomKeyRequestState import org.matrix.android.sdk.internal.crypto.model.AuditTrail import org.matrix.android.sdk.internal.crypto.model.ForwardInfo import org.matrix.android.sdk.internal.crypto.model.IncomingKeyRequestInfo @@ -93,7 +95,6 @@ import org.matrix.android.sdk.internal.di.MoshiProvider import org.matrix.android.sdk.internal.di.UserId import org.matrix.android.sdk.internal.extensions.clearWith import org.matrix.android.sdk.internal.session.SessionScope -import org.matrix.android.sdk.internal.crypto.OutgoingKeyRequest import org.matrix.olm.OlmAccount import org.matrix.olm.OlmException import org.matrix.olm.OlmOutboundGroupSession @@ -101,7 +102,6 @@ import timber.log.Timber import java.util.concurrent.Executors import java.util.concurrent.TimeUnit import javax.inject.Inject -import org.matrix.android.sdk.api.util.Optional private val loggerTag = LoggerTag("RealmCryptoStore", LoggerTag.CRYPTO) @@ -925,6 +925,18 @@ internal class RealmCryptoStore @Inject constructor( } } + override fun enableKeyGossiping(enable: Boolean) { + doRealmTransaction(realmConfiguration) { + it.where().findFirst()?.globalEnableKeyRequestingAndSharing = enable + } + } + + override fun isKeyGossipingEnabled(): Boolean { + return doWithRealm(realmConfiguration) { + it.where().findFirst()?.globalEnableKeyRequestingAndSharing + } ?: true + } + override fun getGlobalBlacklistUnverifiedDevices(): Boolean { return doWithRealm(realmConfiguration) { it.where().findFirst()?.globalBlacklistUnverifiedDevices @@ -1081,193 +1093,203 @@ internal class RealmCryptoStore @Inject constructor( .equalTo(AuditTrailEntityFields.TYPE, type.name) .sort(AuditTrailEntityFields.AGE_LOCAL_TS, Sort.DESCENDING) } - val dataSourceFactory = realmDataSourceFactory.map { entity -> - (AuditTrailMapper.map(entity) - // mm we can't map not null... - ?: AuditTrail( - System.currentTimeMillis(), - type, - IncomingKeyRequestInfo( - "", - "", - "", - "", - "", - "", - "", - ) - ) - ).let { mapper.invoke(it) } - } - return monarchy.findAllPagedWithChanges(realmDataSourceFactory, - LivePagedListBuilder(dataSourceFactory, - PagedList.Config.Builder() - .setPageSize(20) - .setEnablePlaceholders(false) - .setPrefetchDistance(1) - .build()) - ) - } - - override fun getGossipingEvents(): List { - return monarchy.fetchAllCopiedSync { realm -> - realm.where() - }.mapNotNull { - AuditTrailMapper.map(it) - } - } - - override fun getOrAddOutgoingRoomKeyRequest(requestBody: RoomKeyRequestBody, - recipients: Map>, - fromIndex: Int): OutgoingKeyRequest { - // Insert the request and return the one passed in parameter - lateinit var request: OutgoingKeyRequest - doRealmTransaction(realmConfiguration) { realm -> - - val existing = realm.where() - .equalTo(OutgoingKeyRequestEntityFields.MEGOLM_SESSION_ID, requestBody.sessionId) - .equalTo(OutgoingKeyRequestEntityFields.ROOM_ID, requestBody.roomId) - .findAll() - .map { - it.toOutgoingGossipingRequest() - }.also { - if (it.size > 1) { - // there should be one or zero but not more, worth warning - Timber.tag(loggerTag.value).w("There should not be more than one active key request per session") - } - } - .firstOrNull { - it.requestBody?.algorithm == requestBody.algorithm && - it.requestBody?.sessionId == requestBody.sessionId && - it.requestBody?.senderKey == requestBody.senderKey && - it.requestBody?.roomId == requestBody.roomId - } - - if (existing == null) { - request = realm.createObject(OutgoingKeyRequestEntity::class.java).apply { - this.requestId = RequestIdHelper.createUniqueRequestId() - this.setRecipients(recipients) - this.requestedIndex = fromIndex - this.requestState = OutgoingRoomKeyRequestState.UNSENT - this.setRequestBody(requestBody) - this.creationTimeStamp = System.currentTimeMillis() - }.toOutgoingGossipingRequest() - } else { - request = existing - } - } - return request - } - - override fun updateOutgoingRoomKeyRequestState(requestId: String, newState: OutgoingRoomKeyRequestState) { - doRealmTransaction(realmConfiguration) { realm -> - realm.where() - .equalTo(OutgoingKeyRequestEntityFields.REQUEST_ID, requestId) - .findFirst()?.apply { - this.requestState = newState - if (newState == OutgoingRoomKeyRequestState.UNSENT) { - // clear the old replies - this.replies.deleteAllFromRealm() - } - } - } - } - - override fun updateOutgoingRoomKeyRequiredIndex(requestId: String, newIndex: Int) { - doRealmTransaction(realmConfiguration) { realm -> - realm.where() - .equalTo(OutgoingKeyRequestEntityFields.REQUEST_ID, requestId) - .findFirst()?.apply { - this.requestedIndex = newIndex - } - } - } - - override fun updateOutgoingRoomKeyReply(roomId: String, - sessionId: String, - algorithm: String, - senderKey: String, - fromDevice: String?, - event: Event) { - doRealmTransaction(realmConfiguration) { realm -> - realm.where() - .equalTo(OutgoingKeyRequestEntityFields.ROOM_ID, roomId) - .equalTo(OutgoingKeyRequestEntityFields.MEGOLM_SESSION_ID, sessionId) - .findAll().firstOrNull { entity -> - entity.toOutgoingGossipingRequest().let { - it.requestBody?.senderKey == senderKey && - it.requestBody?.algorithm == algorithm - } - }?.apply { - event.senderId?.let { addReply(it, fromDevice, event) } - } - } - } - - override fun deleteOutgoingRoomKeyRequest(requestId: String) { - doRealmTransaction(realmConfiguration) { realm -> - realm.where() - .equalTo(OutgoingKeyRequestEntityFields.REQUEST_ID, requestId) - .findFirst()?.deleteOnCascade() - } - } - - override fun saveIncomingKeyRequestAuditTrail( - requestId: String, - roomId: String, - sessionId: String, - senderKey: String, - algorithm: String, - fromUser: String, - fromDevice: String) { - monarchy.writeAsync { realm -> - val now = System.currentTimeMillis() - realm.createObject().apply { - this.ageLocalTs = now - this.type = TrailType.IncomingKeyRequest.name - val info = IncomingKeyRequestInfo( - roomId = roomId, - sessionId = sessionId, - senderKey = senderKey, - alg = algorithm, - userId = fromUser, - deviceId = fromDevice, - requestId = requestId + val dataSourceFactory = realmDataSourceFactory.map { entity -> + (AuditTrailMapper.map(entity) + // mm we can't map not null... + ?: AuditTrail( + System.currentTimeMillis(), + type, + IncomingKeyRequestInfo( + "", + "", + "", + "", + "", + "", + "", + ) ) - MoshiProvider.providesMoshi().adapter(IncomingKeyRequestInfo::class.java).toJson(info)?.let { - this.contentJson = it + ).let { mapper.invoke(it) } + } + return monarchy.findAllPagedWithChanges(realmDataSourceFactory, + LivePagedListBuilder(dataSourceFactory, + PagedList.Config.Builder() + .setPageSize(20) + .setEnablePlaceholders(false) + .setPrefetchDistance(1) + .build()) + ) + } + + override fun getGossipingEvents(): List { + return monarchy.fetchAllCopiedSync { realm -> + realm.where() + }.mapNotNull { + AuditTrailMapper.map(it) + } + } + + override fun getOrAddOutgoingRoomKeyRequest(requestBody: RoomKeyRequestBody, + recipients: Map>, + fromIndex: Int): OutgoingKeyRequest { + // Insert the request and return the one passed in parameter + lateinit var request: OutgoingKeyRequest + doRealmTransaction(realmConfiguration) { realm -> + + val existing = realm.where() + .equalTo(OutgoingKeyRequestEntityFields.MEGOLM_SESSION_ID, requestBody.sessionId) + .equalTo(OutgoingKeyRequestEntityFields.ROOM_ID, requestBody.roomId) + .findAll() + .map { + it.toOutgoingGossipingRequest() + }.also { + if (it.size > 1) { + // there should be one or zero but not more, worth warning + Timber.tag(loggerTag.value).w("There should not be more than one active key request per session") + } } - } + .firstOrNull { + it.requestBody?.algorithm == requestBody.algorithm && + it.requestBody?.sessionId == requestBody.sessionId && + it.requestBody?.senderKey == requestBody.senderKey && + it.requestBody?.roomId == requestBody.roomId + } + + if (existing == null) { + request = realm.createObject(OutgoingKeyRequestEntity::class.java).apply { + this.requestId = RequestIdHelper.createUniqueRequestId() + this.setRecipients(recipients) + this.requestedIndex = fromIndex + this.requestState = OutgoingRoomKeyRequestState.UNSENT + this.setRequestBody(requestBody) + this.creationTimeStamp = System.currentTimeMillis() + }.toOutgoingGossipingRequest() + } else { + request = existing } } + return request + } - override fun saveWithheldAuditTrail(roomId: String, + override fun updateOutgoingRoomKeyRequestState(requestId: String, newState: OutgoingRoomKeyRequestState) { + doRealmTransaction(realmConfiguration) { realm -> + realm.where() + .equalTo(OutgoingKeyRequestEntityFields.REQUEST_ID, requestId) + .findFirst()?.apply { + this.requestState = newState + if (newState == OutgoingRoomKeyRequestState.UNSENT) { + // clear the old replies + this.replies.deleteAllFromRealm() + } + } + } + } + + override fun updateOutgoingRoomKeyRequiredIndex(requestId: String, newIndex: Int) { + doRealmTransaction(realmConfiguration) { realm -> + realm.where() + .equalTo(OutgoingKeyRequestEntityFields.REQUEST_ID, requestId) + .findFirst()?.apply { + this.requestedIndex = newIndex + } + } + } + + override fun updateOutgoingRoomKeyReply(roomId: String, sessionId: String, - senderKey: String, algorithm: String, - code: WithHeldCode, - userId: String, - deviceId: String) { - monarchy.writeAsync { realm -> - val now = System.currentTimeMillis() - realm.createObject().apply { - this.ageLocalTs = now - this.type = TrailType.OutgoingKeyWithheld.name - val info = WithheldInfo( - roomId = roomId, - sessionId = sessionId, - senderKey = senderKey, - alg = algorithm, - code = code, - userId = userId, - deviceId = deviceId - ) - MoshiProvider.providesMoshi().adapter(WithheldInfo::class.java).toJson(info)?.let { - this.contentJson = it + senderKey: String, + fromDevice: String?, + event: Event) { + doRealmTransaction(realmConfiguration) { realm -> + realm.where() + .equalTo(OutgoingKeyRequestEntityFields.ROOM_ID, roomId) + .equalTo(OutgoingKeyRequestEntityFields.MEGOLM_SESSION_ID, sessionId) + .findAll().firstOrNull { entity -> + entity.toOutgoingGossipingRequest().let { + it.requestBody?.senderKey == senderKey && + it.requestBody?.algorithm == algorithm + } + }?.apply { + event.senderId?.let { addReply(it, fromDevice, event) } } + } + } + + override fun deleteOutgoingRoomKeyRequest(requestId: String) { + doRealmTransaction(realmConfiguration) { realm -> + realm.where() + .equalTo(OutgoingKeyRequestEntityFields.REQUEST_ID, requestId) + .findFirst()?.deleteOnCascade() + } + } + + override fun deleteOutgoingRoomKeyRequestInState(state: OutgoingRoomKeyRequestState) { + doRealmTransaction(realmConfiguration) { realm -> + realm.where() + .equalTo(OutgoingKeyRequestEntityFields.REQUEST_STATE_STR, state.name) + .findAll() + // I delete like this because I want to cascade delete replies? + .onEach { it.deleteOnCascade() } + } + } + + override fun saveIncomingKeyRequestAuditTrail( + requestId: String, + roomId: String, + sessionId: String, + senderKey: String, + algorithm: String, + fromUser: String, + fromDevice: String) { + monarchy.writeAsync { realm -> + val now = System.currentTimeMillis() + realm.createObject().apply { + this.ageLocalTs = now + this.type = TrailType.IncomingKeyRequest.name + val info = IncomingKeyRequestInfo( + roomId = roomId, + sessionId = sessionId, + senderKey = senderKey, + alg = algorithm, + userId = fromUser, + deviceId = fromDevice, + requestId = requestId + ) + MoshiProvider.providesMoshi().adapter(IncomingKeyRequestInfo::class.java).toJson(info)?.let { + this.contentJson = it } } } + } + + override fun saveWithheldAuditTrail(roomId: String, + sessionId: String, + senderKey: String, + algorithm: String, + code: WithHeldCode, + userId: String, + deviceId: String) { + monarchy.writeAsync { realm -> + val now = System.currentTimeMillis() + realm.createObject().apply { + this.ageLocalTs = now + this.type = TrailType.OutgoingKeyWithheld.name + val info = WithheldInfo( + roomId = roomId, + sessionId = sessionId, + senderKey = senderKey, + alg = algorithm, + code = code, + userId = userId, + deviceId = deviceId + ) + MoshiProvider.providesMoshi().adapter(WithheldInfo::class.java).toJson(info)?.let { + this.contentJson = it + } + } + } + } override fun saveForwardKeyAuditTrail(roomId: String, sessionId: String, @@ -1317,336 +1339,337 @@ internal class RealmCryptoStore @Inject constructor( } } } + } - /* ========================================================================================== - * Cross Signing - * ========================================================================================== */ - override fun getMyCrossSigningInfo(): MXCrossSigningInfo? { - return doWithRealm(realmConfiguration) { - it.where().findFirst()?.userId - }?.let { - getCrossSigningInfo(it) - } + /* ========================================================================================== + * Cross Signing + * ========================================================================================== */ + override fun getMyCrossSigningInfo(): MXCrossSigningInfo? { + return doWithRealm(realmConfiguration) { + it.where().findFirst()?.userId + }?.let { + getCrossSigningInfo(it) } + } - override fun setMyCrossSigningInfo(info: MXCrossSigningInfo?) { - doRealmTransaction(realmConfiguration) { realm -> - realm.where().findFirst()?.userId?.let { userId -> - addOrUpdateCrossSigningInfo(realm, userId, info) - } - } - } - - override fun setUserKeysAsTrusted(userId: String, trusted: Boolean) { - doRealmTransaction(realmConfiguration) { realm -> - val xInfoEntity = realm.where(CrossSigningInfoEntity::class.java) - .equalTo(CrossSigningInfoEntityFields.USER_ID, userId) - .findFirst() - xInfoEntity?.crossSigningKeys?.forEach { info -> - val level = info.trustLevelEntity - if (level == null) { - val newLevel = realm.createObject(TrustLevelEntity::class.java) - newLevel.locallyVerified = trusted - newLevel.crossSignedVerified = trusted - info.trustLevelEntity = newLevel - } else { - level.locallyVerified = trusted - level.crossSignedVerified = trusted - } - } - } - } - - override fun setDeviceTrust(userId: String, deviceId: String, crossSignedVerified: Boolean, locallyVerified: Boolean?) { - doRealmTransaction(realmConfiguration) { realm -> - realm.where(DeviceInfoEntity::class.java) - .equalTo(DeviceInfoEntityFields.PRIMARY_KEY, DeviceInfoEntity.createPrimaryKey(userId, deviceId)) - .findFirst()?.let { deviceInfoEntity -> - val trustEntity = deviceInfoEntity.trustLevelEntity - if (trustEntity == null) { - realm.createObject(TrustLevelEntity::class.java).let { - it.locallyVerified = locallyVerified - it.crossSignedVerified = crossSignedVerified - deviceInfoEntity.trustLevelEntity = it - } - } else { - locallyVerified?.let { trustEntity.locallyVerified = it } - trustEntity.crossSignedVerified = crossSignedVerified - } - } - } - } - - override fun clearOtherUserTrust() { - doRealmTransaction(realmConfiguration) { realm -> - val xInfoEntities = realm.where(CrossSigningInfoEntity::class.java) - .findAll() - xInfoEntities?.forEach { info -> - // Need to ignore mine - if (info.userId != userId) { - info.crossSigningKeys.forEach { - it.trustLevelEntity = null - } - } - } - } - } - - override fun updateUsersTrust(check: (String) -> Boolean) { - doRealmTransaction(realmConfiguration) { realm -> - val xInfoEntities = realm.where(CrossSigningInfoEntity::class.java) - .findAll() - xInfoEntities?.forEach { xInfoEntity -> - // Need to ignore mine - if (xInfoEntity.userId == userId) return@forEach - val mapped = mapCrossSigningInfoEntity(xInfoEntity) - val currentTrust = mapped.isTrusted() - val newTrust = check(mapped.userId) - if (currentTrust != newTrust) { - xInfoEntity.crossSigningKeys.forEach { info -> - val level = info.trustLevelEntity - if (level == null) { - val newLevel = realm.createObject(TrustLevelEntity::class.java) - newLevel.locallyVerified = newTrust - newLevel.crossSignedVerified = newTrust - info.trustLevelEntity = newLevel - } else { - level.locallyVerified = newTrust - level.crossSignedVerified = newTrust - } - } - } - } - } - } - - override fun getOutgoingRoomKeyRequests(): List { - return monarchy.fetchAllMappedSync({ realm -> - realm - .where(OutgoingKeyRequestEntity::class.java) - }, { entity -> - entity.toOutgoingGossipingRequest() - }) - .filterNotNull() - } - - override fun getOutgoingRoomKeyRequests(inStates: Set): List { - return monarchy.fetchAllMappedSync({ realm -> - realm - .where(OutgoingKeyRequestEntity::class.java) - .`in`(OutgoingKeyRequestEntityFields.REQUEST_STATE_STR, inStates.map { it.name }.toTypedArray()) - }, { entity -> - entity.toOutgoingGossipingRequest() - }) - .filterNotNull() - } - - override fun getOutgoingRoomKeyRequestsPaged(): LiveData> { - val realmDataSourceFactory = monarchy.createDataSourceFactory { realm -> - realm - .where(OutgoingKeyRequestEntity::class.java) - } - val dataSourceFactory = realmDataSourceFactory.map { - it.toOutgoingGossipingRequest() - } - val trail = monarchy.findAllPagedWithChanges(realmDataSourceFactory, - LivePagedListBuilder(dataSourceFactory, - PagedList.Config.Builder() - .setPageSize(20) - .setEnablePlaceholders(false) - .setPrefetchDistance(1) - .build()) - ) - return trail - } - - override fun getCrossSigningInfo(userId: String): MXCrossSigningInfo? { - return doWithRealm(realmConfiguration) { realm -> - val crossSigningInfo = realm.where(CrossSigningInfoEntity::class.java) - .equalTo(CrossSigningInfoEntityFields.USER_ID, userId) - .findFirst() - if (crossSigningInfo == null) { - null - } else { - mapCrossSigningInfoEntity(crossSigningInfo) - } - } - } - - private fun mapCrossSigningInfoEntity(xsignInfo: CrossSigningInfoEntity): MXCrossSigningInfo { - val userId = xsignInfo.userId ?: "" - return MXCrossSigningInfo( - userId = userId, - crossSigningKeys = xsignInfo.crossSigningKeys.mapNotNull { - crossSigningKeysMapper.map(userId, it) - } - ) - } - - override fun getLiveCrossSigningInfo(userId: String): LiveData> { - val liveData = monarchy.findAllMappedWithChanges( - { realm: Realm -> - realm.where() - .equalTo(UserEntityFields.USER_ID, userId) - }, - { mapCrossSigningInfoEntity(it) } - ) - return Transformations.map(liveData) { - it.firstOrNull().toOptional() - } - } - - override fun setCrossSigningInfo(userId: String, info: MXCrossSigningInfo?) { - doRealmTransaction(realmConfiguration) { realm -> + override fun setMyCrossSigningInfo(info: MXCrossSigningInfo?) { + doRealmTransaction(realmConfiguration) { realm -> + realm.where().findFirst()?.userId?.let { userId -> addOrUpdateCrossSigningInfo(realm, userId, info) } } + } - override fun markMyMasterKeyAsLocallyTrusted(trusted: Boolean) { - doRealmTransaction(realmConfiguration) { realm -> - realm.where().findFirst()?.userId?.let { myUserId -> - CrossSigningInfoEntity.get(realm, myUserId)?.getMasterKey()?.let { xInfoEntity -> - val level = xInfoEntity.trustLevelEntity + override fun setUserKeysAsTrusted(userId: String, trusted: Boolean) { + doRealmTransaction(realmConfiguration) { realm -> + val xInfoEntity = realm.where(CrossSigningInfoEntity::class.java) + .equalTo(CrossSigningInfoEntityFields.USER_ID, userId) + .findFirst() + xInfoEntity?.crossSigningKeys?.forEach { info -> + val level = info.trustLevelEntity + if (level == null) { + val newLevel = realm.createObject(TrustLevelEntity::class.java) + newLevel.locallyVerified = trusted + newLevel.crossSignedVerified = trusted + info.trustLevelEntity = newLevel + } else { + level.locallyVerified = trusted + level.crossSignedVerified = trusted + } + } + } + } + + override fun setDeviceTrust(userId: String, deviceId: String, crossSignedVerified: Boolean, locallyVerified: Boolean?) { + doRealmTransaction(realmConfiguration) { realm -> + realm.where(DeviceInfoEntity::class.java) + .equalTo(DeviceInfoEntityFields.PRIMARY_KEY, DeviceInfoEntity.createPrimaryKey(userId, deviceId)) + .findFirst()?.let { deviceInfoEntity -> + val trustEntity = deviceInfoEntity.trustLevelEntity + if (trustEntity == null) { + realm.createObject(TrustLevelEntity::class.java).let { + it.locallyVerified = locallyVerified + it.crossSignedVerified = crossSignedVerified + deviceInfoEntity.trustLevelEntity = it + } + } else { + locallyVerified?.let { trustEntity.locallyVerified = it } + trustEntity.crossSignedVerified = crossSignedVerified + } + } + } + } + + override fun clearOtherUserTrust() { + doRealmTransaction(realmConfiguration) { realm -> + val xInfoEntities = realm.where(CrossSigningInfoEntity::class.java) + .findAll() + xInfoEntities?.forEach { info -> + // Need to ignore mine + if (info.userId != userId) { + info.crossSigningKeys.forEach { + it.trustLevelEntity = null + } + } + } + } + } + + override fun updateUsersTrust(check: (String) -> Boolean) { + doRealmTransaction(realmConfiguration) { realm -> + val xInfoEntities = realm.where(CrossSigningInfoEntity::class.java) + .findAll() + xInfoEntities?.forEach { xInfoEntity -> + // Need to ignore mine + if (xInfoEntity.userId == userId) return@forEach + val mapped = mapCrossSigningInfoEntity(xInfoEntity) + val currentTrust = mapped.isTrusted() + val newTrust = check(mapped.userId) + if (currentTrust != newTrust) { + xInfoEntity.crossSigningKeys.forEach { info -> + val level = info.trustLevelEntity if (level == null) { val newLevel = realm.createObject(TrustLevelEntity::class.java) - newLevel.locallyVerified = trusted - xInfoEntity.trustLevelEntity = newLevel + newLevel.locallyVerified = newTrust + newLevel.crossSignedVerified = newTrust + info.trustLevelEntity = newLevel } else { - level.locallyVerified = trusted + level.locallyVerified = newTrust + level.crossSignedVerified = newTrust } } } } } + } - private fun addOrUpdateCrossSigningInfo(realm: Realm, userId: String, info: MXCrossSigningInfo?): CrossSigningInfoEntity? { - if (info == null) { - // Delete known if needed - CrossSigningInfoEntity.get(realm, userId)?.deleteFromRealm() - return null - // TODO notify, we might need to untrust things? + override fun getOutgoingRoomKeyRequests(): List { + return monarchy.fetchAllMappedSync({ realm -> + realm + .where(OutgoingKeyRequestEntity::class.java) + }, { entity -> + entity.toOutgoingGossipingRequest() + }) + .filterNotNull() + } + + override fun getOutgoingRoomKeyRequests(inStates: Set): List { + return monarchy.fetchAllMappedSync({ realm -> + realm + .where(OutgoingKeyRequestEntity::class.java) + .`in`(OutgoingKeyRequestEntityFields.REQUEST_STATE_STR, inStates.map { it.name }.toTypedArray()) + }, { entity -> + entity.toOutgoingGossipingRequest() + }) + .filterNotNull() + } + + override fun getOutgoingRoomKeyRequestsPaged(): LiveData> { + val realmDataSourceFactory = monarchy.createDataSourceFactory { realm -> + realm + .where(OutgoingKeyRequestEntity::class.java) + } + val dataSourceFactory = realmDataSourceFactory.map { + it.toOutgoingGossipingRequest() + } + val trail = monarchy.findAllPagedWithChanges(realmDataSourceFactory, + LivePagedListBuilder(dataSourceFactory, + PagedList.Config.Builder() + .setPageSize(20) + .setEnablePlaceholders(false) + .setPrefetchDistance(1) + .build()) + ) + return trail + } + + override fun getCrossSigningInfo(userId: String): MXCrossSigningInfo? { + return doWithRealm(realmConfiguration) { realm -> + val crossSigningInfo = realm.where(CrossSigningInfoEntity::class.java) + .equalTo(CrossSigningInfoEntityFields.USER_ID, userId) + .findFirst() + if (crossSigningInfo == null) { + null } else { - // Just override existing, caller should check and untrust id needed - val existing = CrossSigningInfoEntity.getOrCreate(realm, userId) - existing.crossSigningKeys.clearWith { it.deleteOnCascade() } - existing.crossSigningKeys.addAll( - info.crossSigningKeys.map { - crossSigningKeysMapper.map(it) - } - ) - return existing + mapCrossSigningInfoEntity(crossSigningInfo) } } - - override fun addWithHeldMegolmSession(withHeldContent: RoomKeyWithHeldContent) { - val roomId = withHeldContent.roomId ?: return - val sessionId = withHeldContent.sessionId ?: return - if (withHeldContent.algorithm != MXCRYPTO_ALGORITHM_MEGOLM) return - doRealmTransaction(realmConfiguration) { realm -> - WithHeldSessionEntity.getOrCreate(realm, roomId, sessionId)?.let { - it.code = withHeldContent.code - it.senderKey = withHeldContent.senderKey - it.reason = withHeldContent.reason - } - } - } - - override fun getWithHeldMegolmSession(roomId: String, sessionId: String): RoomKeyWithHeldContent? { - return doWithRealm(realmConfiguration) { realm -> - WithHeldSessionEntity.get(realm, roomId, sessionId)?.let { - RoomKeyWithHeldContent( - roomId = roomId, - sessionId = sessionId, - algorithm = it.algorithm, - codeString = it.codeString, - reason = it.reason, - senderKey = it.senderKey - ) - } - } - } - - override fun markedSessionAsShared(roomId: String?, - sessionId: String, - userId: String, - deviceId: String, - deviceIdentityKey: String, - chainIndex: Int) { - doRealmTransaction(realmConfiguration) { realm -> - SharedSessionEntity.create( - realm = realm, - roomId = roomId, - sessionId = sessionId, - userId = userId, - deviceId = deviceId, - deviceIdentityKey = deviceIdentityKey, - chainIndex = chainIndex - ) - } - } - - override fun getSharedSessionInfo(roomId: String?, sessionId: String, deviceInfo: CryptoDeviceInfo): IMXCryptoStore.SharedSessionResult { - return doWithRealm(realmConfiguration) { realm -> - SharedSessionEntity.get( - realm = realm, - roomId = roomId, - sessionId = sessionId, - userId = deviceInfo.userId, - deviceId = deviceInfo.deviceId, - deviceIdentityKey = deviceInfo.identityKey() - )?.let { - IMXCryptoStore.SharedSessionResult(true, it.chainIndex) - } ?: IMXCryptoStore.SharedSessionResult(false, null) - } - } - - override fun getSharedWithInfo(roomId: String?, sessionId: String): MXUsersDevicesMap { - return doWithRealm(realmConfiguration) { realm -> - val result = MXUsersDevicesMap() - SharedSessionEntity.get(realm, roomId, sessionId) - .groupBy { it.userId } - .forEach { (userId, shared) -> - shared.forEach { - result.setObject(userId, it.deviceId, it.chainIndex) - } - } - - result - } - } - - /** - * Some entries in the DB can get a bit out of control with time - * So we need to tidy up a bit - */ - override fun tidyUpDataBase() { - val prevWeekTs = System.currentTimeMillis() - 7 * 24 * 60 * 60 * 1_000 - doRealmTransaction(realmConfiguration) { realm -> - - // Clean the old ones? - realm.where() - .lessThan(OutgoingKeyRequestEntityFields.CREATION_TIME_STAMP, prevWeekTs) - .findAll() - .also { Timber.i("## Crypto Clean up ${it.size} OutgoingKeyRequestEntity") } - .deleteAllFromRealm() - - // Only keep one month history - - val prevMonthTs = System.currentTimeMillis() - 4 * 7 * 24 * 60 * 60 * 1_000L - realm.where() - .lessThan(AuditTrailEntityFields.AGE_LOCAL_TS, prevMonthTs) - .findAll() - .also { Timber.i("## Crypto Clean up ${it.size} AuditTrailEntity") } - .deleteAllFromRealm() - - // Can we do something for WithHeldSessionEntity? - } - } - - /** - * Prints out database info - */ - override fun logDbUsageInfo() { - RealmDebugTools(realmConfiguration).logInfo("Crypto") - } } + + private fun mapCrossSigningInfoEntity(xsignInfo: CrossSigningInfoEntity): MXCrossSigningInfo { + val userId = xsignInfo.userId ?: "" + return MXCrossSigningInfo( + userId = userId, + crossSigningKeys = xsignInfo.crossSigningKeys.mapNotNull { + crossSigningKeysMapper.map(userId, it) + } + ) + } + + override fun getLiveCrossSigningInfo(userId: String): LiveData> { + val liveData = monarchy.findAllMappedWithChanges( + { realm: Realm -> + realm.where() + .equalTo(UserEntityFields.USER_ID, userId) + }, + { mapCrossSigningInfoEntity(it) } + ) + return Transformations.map(liveData) { + it.firstOrNull().toOptional() + } + } + + override fun setCrossSigningInfo(userId: String, info: MXCrossSigningInfo?) { + doRealmTransaction(realmConfiguration) { realm -> + addOrUpdateCrossSigningInfo(realm, userId, info) + } + } + + override fun markMyMasterKeyAsLocallyTrusted(trusted: Boolean) { + doRealmTransaction(realmConfiguration) { realm -> + realm.where().findFirst()?.userId?.let { myUserId -> + CrossSigningInfoEntity.get(realm, myUserId)?.getMasterKey()?.let { xInfoEntity -> + val level = xInfoEntity.trustLevelEntity + if (level == null) { + val newLevel = realm.createObject(TrustLevelEntity::class.java) + newLevel.locallyVerified = trusted + xInfoEntity.trustLevelEntity = newLevel + } else { + level.locallyVerified = trusted + } + } + } + } + } + + private fun addOrUpdateCrossSigningInfo(realm: Realm, userId: String, info: MXCrossSigningInfo?): CrossSigningInfoEntity? { + if (info == null) { + // Delete known if needed + CrossSigningInfoEntity.get(realm, userId)?.deleteFromRealm() + return null + // TODO notify, we might need to untrust things? + } else { + // Just override existing, caller should check and untrust id needed + val existing = CrossSigningInfoEntity.getOrCreate(realm, userId) + existing.crossSigningKeys.clearWith { it.deleteOnCascade() } + existing.crossSigningKeys.addAll( + info.crossSigningKeys.map { + crossSigningKeysMapper.map(it) + } + ) + return existing + } + } + + override fun addWithHeldMegolmSession(withHeldContent: RoomKeyWithHeldContent) { + val roomId = withHeldContent.roomId ?: return + val sessionId = withHeldContent.sessionId ?: return + if (withHeldContent.algorithm != MXCRYPTO_ALGORITHM_MEGOLM) return + doRealmTransaction(realmConfiguration) { realm -> + WithHeldSessionEntity.getOrCreate(realm, roomId, sessionId)?.let { + it.code = withHeldContent.code + it.senderKey = withHeldContent.senderKey + it.reason = withHeldContent.reason + } + } + } + + override fun getWithHeldMegolmSession(roomId: String, sessionId: String): RoomKeyWithHeldContent? { + return doWithRealm(realmConfiguration) { realm -> + WithHeldSessionEntity.get(realm, roomId, sessionId)?.let { + RoomKeyWithHeldContent( + roomId = roomId, + sessionId = sessionId, + algorithm = it.algorithm, + codeString = it.codeString, + reason = it.reason, + senderKey = it.senderKey + ) + } + } + } + + override fun markedSessionAsShared(roomId: String?, + sessionId: String, + userId: String, + deviceId: String, + deviceIdentityKey: String, + chainIndex: Int) { + doRealmTransaction(realmConfiguration) { realm -> + SharedSessionEntity.create( + realm = realm, + roomId = roomId, + sessionId = sessionId, + userId = userId, + deviceId = deviceId, + deviceIdentityKey = deviceIdentityKey, + chainIndex = chainIndex + ) + } + } + + override fun getSharedSessionInfo(roomId: String?, sessionId: String, deviceInfo: CryptoDeviceInfo): IMXCryptoStore.SharedSessionResult { + return doWithRealm(realmConfiguration) { realm -> + SharedSessionEntity.get( + realm = realm, + roomId = roomId, + sessionId = sessionId, + userId = deviceInfo.userId, + deviceId = deviceInfo.deviceId, + deviceIdentityKey = deviceInfo.identityKey() + )?.let { + IMXCryptoStore.SharedSessionResult(true, it.chainIndex) + } ?: IMXCryptoStore.SharedSessionResult(false, null) + } + } + + override fun getSharedWithInfo(roomId: String?, sessionId: String): MXUsersDevicesMap { + return doWithRealm(realmConfiguration) { realm -> + val result = MXUsersDevicesMap() + SharedSessionEntity.get(realm, roomId, sessionId) + .groupBy { it.userId } + .forEach { (userId, shared) -> + shared.forEach { + result.setObject(userId, it.deviceId, it.chainIndex) + } + } + + result + } + } + + /** + * Some entries in the DB can get a bit out of control with time + * So we need to tidy up a bit + */ + override fun tidyUpDataBase() { + val prevWeekTs = System.currentTimeMillis() - 7 * 24 * 60 * 60 * 1_000 + doRealmTransaction(realmConfiguration) { realm -> + + // Clean the old ones? + realm.where() + .lessThan(OutgoingKeyRequestEntityFields.CREATION_TIME_STAMP, prevWeekTs) + .findAll() + .also { Timber.i("## Crypto Clean up ${it.size} OutgoingKeyRequestEntity") } + .deleteAllFromRealm() + + // Only keep one month history + + val prevMonthTs = System.currentTimeMillis() - 4 * 7 * 24 * 60 * 60 * 1_000L + realm.where() + .lessThan(AuditTrailEntityFields.AGE_LOCAL_TS, prevMonthTs) + .findAll() + .also { Timber.i("## Crypto Clean up ${it.size} AuditTrailEntity") } + .deleteAllFromRealm() + + // Can we do something for WithHeldSessionEntity? + } + } + + /** + * Prints out database info + */ + override fun logDbUsageInfo() { + RealmDebugTools(realmConfiguration).logInfo("Crypto") + } +} diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/migration/MigrateCryptoTo016.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/migration/MigrateCryptoTo016.kt index dac2ba2c31..6d8891d356 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/migration/MigrateCryptoTo016.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/migration/MigrateCryptoTo016.kt @@ -18,6 +18,7 @@ package org.matrix.android.sdk.internal.crypto.store.db.migration import io.realm.DynamicRealm import org.matrix.android.sdk.internal.crypto.store.db.model.AuditTrailEntityFields +import org.matrix.android.sdk.internal.crypto.store.db.model.CryptoMetadataEntityFields import org.matrix.android.sdk.internal.crypto.store.db.model.KeyRequestReplyEntity import org.matrix.android.sdk.internal.crypto.store.db.model.KeyRequestReplyEntityFields import org.matrix.android.sdk.internal.crypto.store.db.model.OutgoingKeyRequestEntityFields @@ -59,5 +60,12 @@ class MigrateCryptoTo016(realm: DynamicRealm) : RealmMigrator(realm, 15) { .addField(KeyRequestReplyEntityFields.SENDER_ID, String::class.java) .addField(KeyRequestReplyEntityFields.FROM_DEVICE, String::class.java) .addField(KeyRequestReplyEntityFields.EVENT_JSON, String::class.java) + + realm.schema.get("CryptoMetadataEntity") + ?.addField(CryptoMetadataEntityFields.GLOBAL_ENABLE_KEY_REQUESTING_AND_SHARING, Boolean::class.java) + ?.transform { + // set the default value to true + it.setBoolean(CryptoMetadataEntityFields.GLOBAL_ENABLE_KEY_REQUESTING_AND_SHARING, true) + } } } diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/CryptoMetadataEntity.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/CryptoMetadataEntity.kt index 35ae86db8b..9776d2073a 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/CryptoMetadataEntity.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/CryptoMetadataEntity.kt @@ -33,6 +33,8 @@ internal open class CryptoMetadataEntity( var deviceSyncToken: String? = null, // Settings for blacklisting unverified devices. var globalBlacklistUnverifiedDevices: Boolean = false, + // setting to enable or disable key gossiping + var globalEnableKeyRequestingAndSharing: Boolean = true, // The keys backup version currently used. Null means no backup. var backupVersion: String? = null, diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/session/room/membership/joining/JoinRoomTask.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/session/room/membership/joining/JoinRoomTask.kt index f883cc33ec..fa7dfd8726 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/session/room/membership/joining/JoinRoomTask.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/session/room/membership/joining/JoinRoomTask.kt @@ -18,6 +18,8 @@ package org.matrix.android.sdk.internal.session.room.membership.joining import io.realm.RealmConfiguration import kotlinx.coroutines.TimeoutCancellationException +import kotlinx.coroutines.withContext +import org.matrix.android.sdk.api.MatrixCoroutineDispatchers import org.matrix.android.sdk.api.session.events.model.toContent import org.matrix.android.sdk.api.session.identity.model.SignInvitationResult import org.matrix.android.sdk.api.session.room.failure.JoinRoomFailure @@ -52,6 +54,7 @@ internal class DefaultJoinRoomTask @Inject constructor( private val readMarkersTask: SetReadMarkersTask, @SessionDatabase private val realmConfiguration: RealmConfiguration, + private val coroutineDispatcher: MatrixCoroutineDispatchers, private val roomChangeMembershipStateDataSource: RoomChangeMembershipStateDataSource, private val globalErrorReceiver: GlobalErrorReceiver ) : JoinRoomTask { @@ -68,11 +71,13 @@ internal class DefaultJoinRoomTask @Inject constructor( } val joinRoomResponse = try { executeRequest(globalErrorReceiver) { - roomAPI.join( - roomIdOrAlias = params.roomIdOrAlias, - viaServers = params.viaServers.take(3), - params = extraParams - ) + withContext(coroutineDispatcher.io) { + roomAPI.join( + roomIdOrAlias = params.roomIdOrAlias, + viaServers = params.viaServers.take(3), + params = extraParams + ) + } } } catch (failure: Throwable) { roomChangeMembershipStateDataSource.updateState(params.roomIdOrAlias, ChangeMembershipState.FailedJoining(failure)) From 81b114fc8277916537abec51312c7ae91970b856 Mon Sep 17 00:00:00 2001 From: Valere Date: Mon, 21 Mar 2022 09:48:57 +0100 Subject: [PATCH 011/433] Add change log + quick quality fix --- changelog.d/5494.feature | 1 + .../sdk/api/session/crypto/keyshare/GossipingRequestListener.kt | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) create mode 100644 changelog.d/5494.feature diff --git a/changelog.d/5494.feature b/changelog.d/5494.feature new file mode 100644 index 0000000000..59b8a78a2c --- /dev/null +++ b/changelog.d/5494.feature @@ -0,0 +1 @@ +Use key backup before requesting keys + refactor & improvement of key request/forward \ No newline at end of file diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/keyshare/GossipingRequestListener.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/keyshare/GossipingRequestListener.kt index 6fdbaf3301..24d3cf4004 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/keyshare/GossipingRequestListener.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/keyshare/GossipingRequestListener.kt @@ -41,5 +41,5 @@ interface GossipingRequestListener { * * @param request the cancellation request */ - fun onRequestCancelled(requestId: IncomingRoomKeyRequest) + fun onRequestCancelled(request: IncomingRoomKeyRequest) } From cc107498ebf1e9af052abd525d184329afb44c9f Mon Sep 17 00:00:00 2001 From: Valere Date: Mon, 21 Mar 2022 12:31:15 +0100 Subject: [PATCH 012/433] Fix database migration --- .../store/db/migration/MigrateCryptoTo016.kt | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/migration/MigrateCryptoTo016.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/migration/MigrateCryptoTo016.kt index 6d8891d356..3b2a08dba3 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/migration/MigrateCryptoTo016.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/migration/MigrateCryptoTo016.kt @@ -19,7 +19,6 @@ package org.matrix.android.sdk.internal.crypto.store.db.migration import io.realm.DynamicRealm import org.matrix.android.sdk.internal.crypto.store.db.model.AuditTrailEntityFields import org.matrix.android.sdk.internal.crypto.store.db.model.CryptoMetadataEntityFields -import org.matrix.android.sdk.internal.crypto.store.db.model.KeyRequestReplyEntity import org.matrix.android.sdk.internal.crypto.store.db.model.KeyRequestReplyEntityFields import org.matrix.android.sdk.internal.crypto.store.db.model.OutgoingKeyRequestEntityFields import org.matrix.android.sdk.internal.util.database.RealmMigrator @@ -33,19 +32,24 @@ class MigrateCryptoTo016(realm: DynamicRealm) : RealmMigrator(realm, 15) { // No need to migrate existing request, just start fresh + val replySchema = realm.schema.create("KeyRequestReplyEntity") + .addField(KeyRequestReplyEntityFields.SENDER_ID, String::class.java) + .addField(KeyRequestReplyEntityFields.FROM_DEVICE, String::class.java) + .addField(KeyRequestReplyEntityFields.EVENT_JSON, String::class.java) + realm.schema.create("OutgoingKeyRequestEntity") .addField(OutgoingKeyRequestEntityFields.REQUEST_ID, String::class.java) .addIndex(OutgoingKeyRequestEntityFields.REQUEST_ID) .addField(OutgoingKeyRequestEntityFields.MEGOLM_SESSION_ID, String::class.java) .addIndex(OutgoingKeyRequestEntityFields.MEGOLM_SESSION_ID) - .addRealmListField(OutgoingKeyRequestEntityFields.REPLIES.`$`, KeyRequestReplyEntity::class.java) + .addRealmListField(OutgoingKeyRequestEntityFields.REPLIES.`$`, replySchema) .addField(OutgoingKeyRequestEntityFields.RECIPIENTS_DATA, String::class.java) .addField(OutgoingKeyRequestEntityFields.REQUEST_STATE_STR, String::class.java) .addIndex(OutgoingKeyRequestEntityFields.REQUEST_STATE_STR) .addField(OutgoingKeyRequestEntityFields.REQUESTED_INFO_STR, String::class.java) .addField(OutgoingKeyRequestEntityFields.ROOM_ID, String::class.java) .addIndex(OutgoingKeyRequestEntityFields.ROOM_ID) - .addField(OutgoingKeyRequestEntityFields.REQUESTED_INDEX, String::class.java) + .addField(OutgoingKeyRequestEntityFields.REQUESTED_INDEX, Integer::class.java) .addField(OutgoingKeyRequestEntityFields.CREATION_TIME_STAMP, Long::class.java) .setNullable(OutgoingKeyRequestEntityFields.CREATION_TIME_STAMP, true) @@ -56,11 +60,6 @@ class MigrateCryptoTo016(realm: DynamicRealm) : RealmMigrator(realm, 15) { .addField(AuditTrailEntityFields.TYPE, String::class.java) .addIndex(AuditTrailEntityFields.TYPE) - realm.schema.create("KeyRequestReplyEntity") - .addField(KeyRequestReplyEntityFields.SENDER_ID, String::class.java) - .addField(KeyRequestReplyEntityFields.FROM_DEVICE, String::class.java) - .addField(KeyRequestReplyEntityFields.EVENT_JSON, String::class.java) - realm.schema.get("CryptoMetadataEntity") ?.addField(CryptoMetadataEntityFields.GLOBAL_ENABLE_KEY_REQUESTING_AND_SHARING, Boolean::class.java) ?.transform { From 88cf1a5e67a71d846776dc4b355896d7dd95de05 Mon Sep 17 00:00:00 2001 From: Valere Date: Tue, 29 Mar 2022 15:56:34 +0200 Subject: [PATCH 013/433] Fix unneeded re-uploade of key got from backup and disabled prompting for untrusted key sharing --- .../crypto/OutgoingKeyRequestManager.kt | 6 + .../PerSessionBackupQueryRateLimiter.kt | 2 +- .../keysbackup/DefaultKeysBackupService.kt | 259 +++++++++--------- .../crypto/store/db/RealmCryptoStore.kt | 46 +++- .../crypto/keysrequest/KeyRequestHandler.kt | 5 + 5 files changed, 183 insertions(+), 135 deletions(-) diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingKeyRequestManager.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingKeyRequestManager.kt index c0b94f5584..fa2a26bbce 100755 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingKeyRequestManager.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingKeyRequestManager.kt @@ -20,6 +20,7 @@ import kotlinx.coroutines.CoroutineScope import kotlinx.coroutines.SupervisorJob import kotlinx.coroutines.asCoroutineDispatcher import kotlinx.coroutines.cancel +import kotlinx.coroutines.delay import kotlinx.coroutines.launch import kotlinx.coroutines.withContext import org.matrix.android.sdk.api.MatrixCoroutineDispatchers @@ -168,6 +169,11 @@ internal class OutgoingKeyRequestManager @Inject constructor( sequencer.post { cryptoStore.deleteOutgoingRoomKeyRequestInState(OutgoingRoomKeyRequestState.SENT) } + + sequencer.post { + delay(1000) + perSessionBackupQueryRateLimiter.refreshBackupInfoIfNeeded(true) + } } } } diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/PerSessionBackupQueryRateLimiter.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/PerSessionBackupQueryRateLimiter.kt index 65fcfd4f8d..daf69f892d 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/PerSessionBackupQueryRateLimiter.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/PerSessionBackupQueryRateLimiter.kt @@ -68,7 +68,7 @@ internal class PerSessionBackupQueryRateLimiter @Inject constructor( var backupWasCheckedFromServer: Boolean = false var now = System.currentTimeMillis() - private fun refreshBackupInfoIfNeeded(force: Boolean = false) { + fun refreshBackupInfoIfNeeded(force: Boolean = false) { if (backupWasCheckedFromServer && !force) return Timber.tag(loggerTag.value).v("Checking if can access a backup") backupWasCheckedFromServer = true diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/keysbackup/DefaultKeysBackupService.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/keysbackup/DefaultKeysBackupService.kt index f8db708268..778bdb9849 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/keysbackup/DefaultKeysBackupService.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/keysbackup/DefaultKeysBackupService.kt @@ -63,16 +63,11 @@ import org.matrix.android.sdk.internal.crypto.keysbackup.model.rest.RoomKeysBack import org.matrix.android.sdk.internal.crypto.keysbackup.model.rest.UpdateKeysBackupVersionBody import org.matrix.android.sdk.internal.crypto.keysbackup.tasks.CreateKeysBackupVersionTask import org.matrix.android.sdk.internal.crypto.keysbackup.tasks.DeleteBackupTask -import org.matrix.android.sdk.internal.crypto.keysbackup.tasks.DeleteRoomSessionDataTask -import org.matrix.android.sdk.internal.crypto.keysbackup.tasks.DeleteRoomSessionsDataTask -import org.matrix.android.sdk.internal.crypto.keysbackup.tasks.DeleteSessionsDataTask import org.matrix.android.sdk.internal.crypto.keysbackup.tasks.GetKeysBackupLastVersionTask import org.matrix.android.sdk.internal.crypto.keysbackup.tasks.GetKeysBackupVersionTask import org.matrix.android.sdk.internal.crypto.keysbackup.tasks.GetRoomSessionDataTask import org.matrix.android.sdk.internal.crypto.keysbackup.tasks.GetRoomSessionsDataTask import org.matrix.android.sdk.internal.crypto.keysbackup.tasks.GetSessionsDataTask -import org.matrix.android.sdk.internal.crypto.keysbackup.tasks.StoreRoomSessionDataTask -import org.matrix.android.sdk.internal.crypto.keysbackup.tasks.StoreRoomSessionsDataTask import org.matrix.android.sdk.internal.crypto.keysbackup.tasks.StoreSessionsDataTask import org.matrix.android.sdk.internal.crypto.keysbackup.tasks.UpdateKeysBackupVersionTask import org.matrix.android.sdk.internal.crypto.model.OlmInboundGroupSessionWrapper2 @@ -112,16 +107,11 @@ internal class DefaultKeysBackupService @Inject constructor( // Tasks private val createKeysBackupVersionTask: CreateKeysBackupVersionTask, private val deleteBackupTask: DeleteBackupTask, - private val deleteRoomSessionDataTask: DeleteRoomSessionDataTask, - private val deleteRoomSessionsDataTask: DeleteRoomSessionsDataTask, - private val deleteSessionDataTask: DeleteSessionsDataTask, private val getKeysBackupLastVersionTask: GetKeysBackupLastVersionTask, private val getKeysBackupVersionTask: GetKeysBackupVersionTask, private val getRoomSessionDataTask: GetRoomSessionDataTask, private val getRoomSessionsDataTask: GetRoomSessionsDataTask, private val getSessionsDataTask: GetSessionsDataTask, - private val storeRoomSessionDataTask: StoreRoomSessionDataTask, - private val storeSessionsDataTask: StoreRoomSessionsDataTask, private val storeSessionDataTask: StoreSessionsDataTask, private val updateKeysBackupVersionTask: UpdateKeysBackupVersionTask, // Task executor @@ -168,58 +158,63 @@ internal class DefaultKeysBackupService @Inject constructor( override fun prepareKeysBackupVersion(password: String?, progressListener: ProgressListener?, callback: MatrixCallback) { - cryptoCoroutineScope.launch(coroutineDispatchers.main) { - runCatching { - withContext(coroutineDispatchers.crypto) { - val olmPkDecryption = OlmPkDecryption() - val signalableMegolmBackupAuthData = if (password != null) { - // Generate a private key from the password - val backgroundProgressListener = if (progressListener == null) { - null - } else { - object : ProgressListener { - override fun onProgress(progress: Int, total: Int) { - uiHandler.post { - try { - progressListener.onProgress(progress, total) - } catch (e: Exception) { - Timber.e(e, "prepareKeysBackupVersion: onProgress failure") - } + cryptoCoroutineScope.launch(coroutineDispatchers.io) { + try { + val olmPkDecryption = OlmPkDecryption() + val signalableMegolmBackupAuthData = if (password != null) { + // Generate a private key from the password + val backgroundProgressListener = if (progressListener == null) { + null + } else { + object : ProgressListener { + override fun onProgress(progress: Int, total: Int) { + uiHandler.post { + try { + progressListener.onProgress(progress, total) + } catch (e: Exception) { + Timber.e(e, "prepareKeysBackupVersion: onProgress failure") } } } } - - val generatePrivateKeyResult = generatePrivateKeyWithPassword(password, backgroundProgressListener) - SignalableMegolmBackupAuthData( - publicKey = olmPkDecryption.setPrivateKey(generatePrivateKeyResult.privateKey), - privateKeySalt = generatePrivateKeyResult.salt, - privateKeyIterations = generatePrivateKeyResult.iterations - ) - } else { - val publicKey = olmPkDecryption.generateKey() - - SignalableMegolmBackupAuthData( - publicKey = publicKey - ) } - val canonicalJson = JsonCanonicalizer.getCanonicalJson(Map::class.java, signalableMegolmBackupAuthData.signalableJSONDictionary()) - - val signedMegolmBackupAuthData = MegolmBackupAuthData( - publicKey = signalableMegolmBackupAuthData.publicKey, - privateKeySalt = signalableMegolmBackupAuthData.privateKeySalt, - privateKeyIterations = signalableMegolmBackupAuthData.privateKeyIterations, - signatures = objectSigner.signObject(canonicalJson) + val generatePrivateKeyResult = generatePrivateKeyWithPassword(password, backgroundProgressListener) + SignalableMegolmBackupAuthData( + publicKey = olmPkDecryption.setPrivateKey(generatePrivateKeyResult.privateKey), + privateKeySalt = generatePrivateKeyResult.salt, + privateKeyIterations = generatePrivateKeyResult.iterations ) + } else { + val publicKey = olmPkDecryption.generateKey() - MegolmBackupCreationInfo( - algorithm = MXCRYPTO_ALGORITHM_MEGOLM_BACKUP, - authData = signedMegolmBackupAuthData, - recoveryKey = computeRecoveryKey(olmPkDecryption.privateKey()) + SignalableMegolmBackupAuthData( + publicKey = publicKey ) } - }.foldToCallback(callback) + + val canonicalJson = JsonCanonicalizer.getCanonicalJson(Map::class.java, signalableMegolmBackupAuthData.signalableJSONDictionary()) + + val signedMegolmBackupAuthData = MegolmBackupAuthData( + publicKey = signalableMegolmBackupAuthData.publicKey, + privateKeySalt = signalableMegolmBackupAuthData.privateKeySalt, + privateKeyIterations = signalableMegolmBackupAuthData.privateKeyIterations, + signatures = objectSigner.signObject(canonicalJson) + ) + + val creationInfo = MegolmBackupCreationInfo( + algorithm = MXCRYPTO_ALGORITHM_MEGOLM_BACKUP, + authData = signedMegolmBackupAuthData, + recoveryKey = computeRecoveryKey(olmPkDecryption.privateKey()) + ) + uiHandler.post { + callback.onSuccess(creationInfo) + } + } catch (failure: Throwable) { + uiHandler.post { + callback.onFailure(failure) + } + } } } @@ -267,41 +262,39 @@ internal class DefaultKeysBackupService @Inject constructor( } override fun deleteBackup(version: String, callback: MatrixCallback?) { - cryptoCoroutineScope.launch(coroutineDispatchers.main) { - withContext(coroutineDispatchers.crypto) { - // If we're currently backing up to this backup... stop. - // (We start using it automatically in createKeysBackupVersion so this is symmetrical). - if (keysBackupVersion != null && version == keysBackupVersion?.version) { - resetKeysBackupData() - keysBackupVersion = null - keysBackupStateManager.state = KeysBackupState.Unknown - } + cryptoCoroutineScope.launch(coroutineDispatchers.io) { + // If we're currently backing up to this backup... stop. + // (We start using it automatically in createKeysBackupVersion so this is symmetrical). + if (keysBackupVersion != null && version == keysBackupVersion?.version) { + resetKeysBackupData() + keysBackupVersion = null + keysBackupStateManager.state = KeysBackupState.Unknown + } - deleteBackupTask - .configureWith(DeleteBackupTask.Params(version)) { - this.callback = object : MatrixCallback { - private fun eventuallyRestartBackup() { - // Do not stay in KeysBackupState.Unknown but check what is available on the homeserver - if (state == KeysBackupState.Unknown) { - checkAndStartKeysBackup() - } - } - - override fun onSuccess(data: Unit) { - eventuallyRestartBackup() - - uiHandler.post { callback?.onSuccess(Unit) } - } - - override fun onFailure(failure: Throwable) { - eventuallyRestartBackup() - - uiHandler.post { callback?.onFailure(failure) } + deleteBackupTask + .configureWith(DeleteBackupTask.Params(version)) { + this.callback = object : MatrixCallback { + private fun eventuallyRestartBackup() { + // Do not stay in KeysBackupState.Unknown but check what is available on the homeserver + if (state == KeysBackupState.Unknown) { + checkAndStartKeysBackup() } } + + override fun onSuccess(data: Unit) { + eventuallyRestartBackup() + + uiHandler.post { callback?.onSuccess(Unit) } + } + + override fun onFailure(failure: Throwable) { + eventuallyRestartBackup() + + uiHandler.post { callback?.onFailure(failure) } + } } - .executeBy(taskExecutor) - } + } + .executeBy(taskExecutor) } } @@ -480,10 +473,11 @@ internal class DefaultKeysBackupService @Inject constructor( if (authData == null) { Timber.w("trustKeyBackupVersion:trust: Key backup is missing required data") - - callback.onFailure(IllegalArgumentException("Missing element")) + uiHandler.post { + callback.onFailure(IllegalArgumentException("Missing element")) + } } else { - cryptoCoroutineScope.launch(coroutineDispatchers.main) { + cryptoCoroutineScope.launch(coroutineDispatchers.io) { val updateKeysBackupVersionBody = withContext(coroutineDispatchers.crypto) { // Get current signatures, or create an empty set val myUserSignatures = authData.signatures?.get(userId).orEmpty().toMutableMap() @@ -535,11 +529,15 @@ internal class DefaultKeysBackupService @Inject constructor( checkAndStartWithKeysBackupVersion(newKeysBackupVersion) - callback.onSuccess(data) + uiHandler.post { + callback.onSuccess(data) + } } override fun onFailure(failure: Throwable) { - callback.onFailure(failure) + uiHandler.post { + callback.onFailure(failure) + } } } } @@ -553,15 +551,14 @@ internal class DefaultKeysBackupService @Inject constructor( callback: MatrixCallback) { Timber.v("trustKeysBackupVersionWithRecoveryKey: version ${keysBackupVersion.version}") - cryptoCoroutineScope.launch(coroutineDispatchers.main) { - val isValid = withContext(coroutineDispatchers.crypto) { - isValidRecoveryKeyForKeysBackupVersion(recoveryKey, keysBackupVersion) - } + cryptoCoroutineScope.launch(coroutineDispatchers.io) { + val isValid = isValidRecoveryKeyForKeysBackupVersion(recoveryKey, keysBackupVersion) if (!isValid) { Timber.w("trustKeyBackupVersionWithRecoveryKey: Invalid recovery key.") - - callback.onFailure(IllegalArgumentException("Invalid recovery key or password")) + uiHandler.post { + callback.onFailure(IllegalArgumentException("Invalid recovery key or password")) + } } else { trustKeysBackupVersion(keysBackupVersion, true, callback) } @@ -573,15 +570,14 @@ internal class DefaultKeysBackupService @Inject constructor( callback: MatrixCallback) { Timber.v("trustKeysBackupVersionWithPassphrase: version ${keysBackupVersion.version}") - cryptoCoroutineScope.launch(coroutineDispatchers.main) { - val recoveryKey = withContext(coroutineDispatchers.crypto) { - recoveryKeyFromPassword(password, keysBackupVersion, null) - } + cryptoCoroutineScope.launch(coroutineDispatchers.io) { + val recoveryKey = recoveryKeyFromPassword(password, keysBackupVersion, null) if (recoveryKey == null) { Timber.w("trustKeysBackupVersionWithPassphrase: Key backup is missing required data") - - callback.onFailure(IllegalArgumentException("Missing element")) + uiHandler.post { + callback.onFailure(IllegalArgumentException("Missing element")) + } } else { // Check trust using the recovery key trustKeysBackupVersionWithRecoveryKey(keysBackupVersion, recoveryKey, callback) @@ -592,30 +588,23 @@ internal class DefaultKeysBackupService @Inject constructor( override fun onSecretKeyGossip(secret: String) { Timber.i("## CrossSigning - onSecretKeyGossip") - cryptoCoroutineScope.launch(coroutineDispatchers.main) { + cryptoCoroutineScope.launch(coroutineDispatchers.io) { try { when (val keysBackupLastVersionResult = getKeysBackupLastVersionTask.execute(Unit)) { KeysBackupLastVersionResult.NoKeysBackup -> { Timber.d("No keys backup found") } - is KeysBackupLastVersionResult.KeysBackup -> { - val keysBackupVersion = keysBackupLastVersionResult.keysVersionResult - val recoveryKey = computeRecoveryKey(secret.fromBase64()) - if (isValidRecoveryKeyForKeysBackupVersion(recoveryKey, keysBackupVersion)) { - awaitCallback { - trustKeysBackupVersion(keysBackupVersion, true, it) - } - val importResult = awaitCallback { - restoreKeysWithRecoveryKey(keysBackupVersion, recoveryKey, null, null, null, it) - } - withContext(coroutineDispatchers.crypto) { - cryptoStore.saveBackupRecoveryKey(recoveryKey, keysBackupVersion.version) - } - Timber.i("onSecretKeyGossip: Recovered keys $importResult") - } else { - Timber.e("onSecretKeyGossip: Recovery key is not valid ${keysBackupVersion.version}") - } + // we don't want to start immediately downloading all as it can take very long + +// val importResult = awaitCallback { +// restoreKeysWithRecoveryKey(keysBackupVersion, recoveryKey, null, null, null, it) +// } + withContext(coroutineDispatchers.crypto) { + cryptoStore.saveBackupRecoveryKey(recoveryKey, keysBackupVersion.version) } + Timber.i("onSecretKeyGossip: saved valid backup key") + } else { + Timber.e("onSecretKeyGossip: Recovery key is not valid ${keysBackupVersion.version}") } } catch (failure: Throwable) { Timber.e("onSecretKeyGossip: failed to trust key backup version ${keysBackupVersion?.version}") @@ -678,9 +667,9 @@ internal class DefaultKeysBackupService @Inject constructor( callback: MatrixCallback) { Timber.v("restoreKeysWithRecoveryKey: From backup version: ${keysVersionResult.version}") - cryptoCoroutineScope.launch(coroutineDispatchers.main) { + cryptoCoroutineScope.launch(coroutineDispatchers.io) { runCatching { - val decryption = withContext(coroutineDispatchers.crypto) { + val decryption = withContext(coroutineDispatchers.computation) { // Check if the recovery is valid before going any further if (!isValidRecoveryKeyForKeysBackupVersion(recoveryKey, keysVersionResult)) { Timber.e("restoreKeysWithRecoveryKey: Invalid recovery key for this keys version") @@ -749,7 +738,19 @@ internal class DefaultKeysBackupService @Inject constructor( } result } - }.foldToCallback(callback) + }.foldToCallback(object : MatrixCallback { + override fun onSuccess(data: ImportRoomKeysResult) { + uiHandler.post { + callback.onSuccess(data) + } + } + + override fun onFailure(failure: Throwable) { + uiHandler.post { + callback.onFailure(failure) + } + } + }) } } @@ -761,7 +762,7 @@ internal class DefaultKeysBackupService @Inject constructor( callback: MatrixCallback) { Timber.v("[MXKeyBackup] restoreKeyBackup with password: From backup version: ${keysBackupVersion.version}") - cryptoCoroutineScope.launch(coroutineDispatchers.main) { + cryptoCoroutineScope.launch(coroutineDispatchers.io) { runCatching { val progressListener = if (stepProgressListener != null) { object : ProgressListener { @@ -786,7 +787,19 @@ internal class DefaultKeysBackupService @Inject constructor( restoreKeysWithRecoveryKey(keysBackupVersion, recoveryKey, roomId, sessionId, stepProgressListener, it) } } - }.foldToCallback(callback) + }.foldToCallback(object : MatrixCallback { + override fun onSuccess(data: ImportRoomKeysResult) { + uiHandler.post { + callback.onSuccess(data) + } + } + + override fun onFailure(failure: Throwable) { + uiHandler.post { + callback.onFailure(failure) + } + } + }) } } diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/RealmCryptoStore.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/RealmCryptoStore.kt index 3595609eef..ff2aa1dba7 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/RealmCryptoStore.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/RealmCryptoStore.kt @@ -740,14 +740,23 @@ internal class RealmCryptoStore @Inject constructor( if (sessionIdentifier != null) { val key = OlmInboundGroupSessionEntity.createPrimaryKey(sessionIdentifier, session.senderKey) - val realmOlmInboundGroupSession = OlmInboundGroupSessionEntity().apply { - primaryKey = key - sessionId = sessionIdentifier - senderKey = session.senderKey - putInboundGroupSession(session) - } + val existing = realm.where() + .equalTo(OlmInboundGroupSessionEntityFields.PRIMARY_KEY, key) + .findFirst() - realm.insertOrUpdate(realmOlmInboundGroupSession) + if (existing != null) { + // we want to keep the existing backup status + existing.putInboundGroupSession(session) + } else { + val realmOlmInboundGroupSession = OlmInboundGroupSessionEntity().apply { + primaryKey = key + sessionId = sessionIdentifier + senderKey = session.senderKey + putInboundGroupSession(session) + } + + realm.insertOrUpdate(realmOlmInboundGroupSession) + } } } } @@ -876,17 +885,32 @@ internal class RealmCryptoStore @Inject constructor( return } - doRealmTransaction(realmConfiguration) { + doRealmTransaction(realmConfiguration) { realm -> olmInboundGroupSessionWrappers.forEach { olmInboundGroupSessionWrapper -> try { + val sessionIdentifier = olmInboundGroupSessionWrapper.olmInboundGroupSession?.sessionIdentifier() val key = OlmInboundGroupSessionEntity.createPrimaryKey( - olmInboundGroupSessionWrapper.olmInboundGroupSession?.sessionIdentifier(), + sessionIdentifier, olmInboundGroupSessionWrapper.senderKey) - it.where() + val existing = realm.where() .equalTo(OlmInboundGroupSessionEntityFields.PRIMARY_KEY, key) .findFirst() - ?.backedUp = true + + if (existing != null) { + existing.backedUp = true + } else { + // ... might be in cache but not yet persisted, create a record to persist backedup state + val realmOlmInboundGroupSession = OlmInboundGroupSessionEntity().apply { + primaryKey = key + sessionId = sessionIdentifier + senderKey = olmInboundGroupSessionWrapper.senderKey + putInboundGroupSession(olmInboundGroupSessionWrapper) + backedUp = true + } + + realm.insertOrUpdate(realmOlmInboundGroupSession) + } } catch (e: OlmException) { Timber.e(e, "OlmException") } diff --git a/vector/src/main/java/im/vector/app/features/crypto/keysrequest/KeyRequestHandler.kt b/vector/src/main/java/im/vector/app/features/crypto/keysrequest/KeyRequestHandler.kt index cbaafed7e3..4f40916825 100644 --- a/vector/src/main/java/im/vector/app/features/crypto/keysrequest/KeyRequestHandler.kt +++ b/vector/src/main/java/im/vector/app/features/crypto/keysrequest/KeyRequestHandler.kt @@ -68,6 +68,9 @@ class KeyRequestHandler @Inject constructor( var session: Session? = null + // This functionality is disabled in element for now. As it could be prone to social attacks + var enablePromptingForRequest = false + fun start(session: Session) { this.session = session session.cryptoService().verificationService().addListener(this) @@ -92,6 +95,8 @@ class KeyRequestHandler @Inject constructor( * @param request the key request. */ override fun onRoomKeyRequest(request: IncomingRoomKeyRequest) { + if (!enablePromptingForRequest) return + val userId = request.userId val deviceId = request.deviceId val requestId = request.requestId From 54fb4ae8dbb84be5ad48af3e4362fb52adddd814 Mon Sep 17 00:00:00 2001 From: Valere Date: Tue, 12 Apr 2022 23:37:04 +0200 Subject: [PATCH 014/433] proper initial withheld support --- .../crypto/OutgoingKeyRequestManager.kt | 37 +++++++++++++++++++ .../algorithms/megolm/MXMegolmDecryption.kt | 23 ++++++++++++ .../algorithms/megolm/MXMegolmEncryption.kt | 3 +- .../crypto/store/db/RealmCryptoStore.kt | 13 ++++--- 4 files changed, 69 insertions(+), 7 deletions(-) diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingKeyRequestManager.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingKeyRequestManager.kt index fa2a26bbce..47465ceaa5 100755 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingKeyRequestManager.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingKeyRequestManager.kt @@ -35,6 +35,7 @@ import org.matrix.android.sdk.api.session.crypto.model.RoomKeyShareRequest import org.matrix.android.sdk.api.session.events.model.Event import org.matrix.android.sdk.api.session.events.model.EventType import org.matrix.android.sdk.api.session.events.model.content.EncryptedEventContent +import org.matrix.android.sdk.api.session.events.model.content.RoomKeyWithHeldContent import org.matrix.android.sdk.api.session.events.model.toModel import org.matrix.android.sdk.api.util.fromBase64 import org.matrix.android.sdk.internal.crypto.store.IMXCryptoStore @@ -68,6 +69,7 @@ internal class OutgoingKeyRequestManager @Inject constructor( private val cryptoConfig: MXCryptoConfig, private val inboundGroupSessionStore: InboundGroupSessionStore, private val sendToDeviceTask: DefaultSendToDeviceTask, + private val deviceListManager: DeviceListManager, private val perSessionBackupQueryRateLimiter: PerSessionBackupQueryRateLimiter) { private val dispatcher = Executors.newSingleThreadExecutor().asCoroutineDispatcher() @@ -215,6 +217,41 @@ internal class OutgoingKeyRequestManager @Inject constructor( outgoingRequestScope.launch { sequencer.post { Timber.tag(loggerTag.value).d("Withheld received for $sessionId from ${event.senderId}|$fromDevice") + Timber.tag(loggerTag.value).v("Withheld content ${event.getClearContent()}") + + // We want to store withheld code from the sender of the message (owner of the megolm session), not from + // other devices that might gossip the key. If not the initial reason might be overridden + // by a request to one of our session. + event.getClearContent().toModel()?.let { withheld -> + withContext(coroutineDispatchers.crypto) { + tryOrNull { + deviceListManager.downloadKeys(listOf(event.senderId ?: ""), false) + } + cryptoStore.getUserDeviceList(event.senderId ?: "") + .also { devices -> + Timber.tag(loggerTag.value).v("Withheld Devices for ${event.senderId} are ${devices.orEmpty().joinToString { it.identityKey() ?: "" }}") + } + ?.firstOrNull { + it.identityKey() == senderKey + } + }.also { + Timber.tag(loggerTag.value).v("Withheld device for sender key $senderKey is from ${it?.shortDebugString()}") + }?.let { + if (it.userId == event.senderId) { + if (fromDevice != null) { + if (it.deviceId == fromDevice) { + Timber.tag(loggerTag.value).v("Storing sender Withheld code ${withheld.code} for ${withheld.sessionId}") + cryptoStore.addWithHeldMegolmSession(withheld) + } + } else { + Timber.tag(loggerTag.value).v("Storing sender Withheld code ${withheld.code} for ${withheld.sessionId}") + cryptoStore.addWithHeldMegolmSession(withheld) + } + } + } + } + + // Here we store the replies from a given request cryptoStore.updateOutgoingRoomKeyReply( roomId = roomId, sessionId = sessionId, diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/algorithms/megolm/MXMegolmDecryption.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/algorithms/megolm/MXMegolmDecryption.kt index 464a1ca3e7..17c15d9d3c 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/algorithms/megolm/MXMegolmDecryption.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/algorithms/megolm/MXMegolmDecryption.kt @@ -102,9 +102,20 @@ internal class MXMegolmDecryption( if (throwable is MXCryptoError.OlmError) { // TODO Check the value of .message if (throwable.olmException.message == "UNKNOWN_MESSAGE_INDEX") { + // So we know that session, but it's ratcheted and we can't decrypt at that index + if (requestKeysOnFail) { requestKeysForEvent(event) } + // Check if partially withheld + val withHeldInfo = cryptoStore.getWithHeldMegolmSession(event.roomId, encryptedEventContent.sessionId) + if (withHeldInfo != null) { + // Encapsulate as withHeld exception + throw MXCryptoError.Base(MXCryptoError.ErrorType.KEYS_WITHHELD, + withHeldInfo.code?.value ?: "", + withHeldInfo.reason) + } + throw MXCryptoError.Base( MXCryptoError.ErrorType.UNKNOWN_MESSAGE_INDEX, "UNKNOWN_MESSAGE_INDEX", @@ -121,6 +132,18 @@ internal class MXMegolmDecryption( } if (throwable is MXCryptoError.Base) { if (throwable.errorType == MXCryptoError.ErrorType.UNKNOWN_INBOUND_SESSION_ID) { + // Check if it was withheld by sender to enrich error code + val withHeldInfo = cryptoStore.getWithHeldMegolmSession(event.roomId, encryptedEventContent.sessionId) + if (withHeldInfo != null) { + if (requestKeysOnFail) { + requestKeysForEvent(event) + } + // Encapsulate as withHeld exception + throw MXCryptoError.Base(MXCryptoError.ErrorType.KEYS_WITHHELD, + withHeldInfo.code?.value ?: "", + withHeldInfo.reason) + } + if (requestKeysOnFail) { requestKeysForEvent(event) } diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/algorithms/megolm/MXMegolmEncryption.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/algorithms/megolm/MXMegolmEncryption.kt index e9a4fb206d..064d47f3ff 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/algorithms/megolm/MXMegolmEncryption.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/algorithms/megolm/MXMegolmEncryption.kt @@ -328,7 +328,8 @@ internal class MXMegolmEncryption( senderKey = senderKey, algorithm = MXCRYPTO_ALGORITHM_MEGOLM, sessionId = sessionId, - codeString = code.value + codeString = code.value, + fromDevice = myDeviceId ) val params = SendToDeviceTask.Params( EventType.ROOM_KEY_WITHHELD, diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/RealmCryptoStore.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/RealmCryptoStore.kt index ff2aa1dba7..0b43be8551 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/RealmCryptoStore.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/RealmCryptoStore.kt @@ -271,12 +271,13 @@ internal class RealmCryptoStore @Inject constructor( } override fun deviceWithIdentityKey(identityKey: String): CryptoDeviceInfo? { - return doWithRealm(realmConfiguration) { - it.where() - .equalTo(DeviceInfoEntityFields.IDENTITY_KEY, identityKey) - .findFirst() - ?.let { deviceInfo -> - CryptoMapper.mapToModel(deviceInfo) + return doWithRealm(realmConfiguration) { realm -> + realm.where() + .contains(DeviceInfoEntityFields.KEYS_MAP_JSON, identityKey) + .findAll() + .mapNotNull { CryptoMapper.mapToModel(it) } + .firstOrNull { + it.identityKey() == identityKey } } } From f9dd3b96d6f38e15e89bf7e7e05f3c97e0272fde Mon Sep 17 00:00:00 2001 From: Valere Date: Fri, 15 Apr 2022 10:11:30 +0200 Subject: [PATCH 015/433] Stop using workers for interactive verification --- .../internal/crypto/DefaultCryptoService.kt | 13 +- .../internal/crypto/tasks/EncryptEventTask.kt | 7 +- .../tasks/SendVerificationMessageTask.kt | 2 +- .../DefaultVerificationService.kt | 11 +- .../SendVerificationMessageWorker.kt | 88 ------ .../VerificationMessageProcessor.kt | 46 +--- .../VerificationTransportRoomMessage.kt | 257 +++++++----------- ...VerificationTransportRoomMessageFactory.kt | 26 +- .../sdk/internal/session/SessionComponent.kt | 3 - .../sdk/internal/session/SessionModule.kt | 5 - .../sync/handler/room/RoomSyncHandler.kt | 7 +- .../internal/worker/MatrixWorkerFactory.kt | 3 - 12 files changed, 145 insertions(+), 323 deletions(-) delete mode 100644 matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/SendVerificationMessageWorker.kt diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/DefaultCryptoService.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/DefaultCryptoService.kt index 2ce517d79c..dbe9880111 100755 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/DefaultCryptoService.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/DefaultCryptoService.kt @@ -97,6 +97,7 @@ import org.matrix.android.sdk.internal.crypto.tasks.GetDevicesTask import org.matrix.android.sdk.internal.crypto.tasks.SetDeviceNameTask import org.matrix.android.sdk.internal.crypto.tasks.UploadKeysTask import org.matrix.android.sdk.internal.crypto.verification.DefaultVerificationService +import org.matrix.android.sdk.internal.crypto.verification.VerificationMessageProcessor import org.matrix.android.sdk.internal.di.DeviceId import org.matrix.android.sdk.internal.di.MoshiProvider import org.matrix.android.sdk.internal.di.UserId @@ -183,6 +184,7 @@ internal class DefaultCryptoService @Inject constructor( private val taskExecutor: TaskExecutor, private val cryptoCoroutineScope: CoroutineScope, private val eventDecryptor: EventDecryptor, + private val verificationMessageProcessor: VerificationMessageProcessor, private val liveEventManager: Lazy ) : CryptoService { @@ -197,7 +199,7 @@ internal class DefaultCryptoService @Inject constructor( } } - fun onLiveEvent(roomId: String, event: Event) { + fun onLiveEvent(roomId: String, event: Event, isInitialSync: Boolean) { // handle state events if (event.isStateEvent()) { when (event.type) { @@ -206,6 +208,15 @@ internal class DefaultCryptoService @Inject constructor( EventType.STATE_ROOM_HISTORY_VISIBILITY -> onRoomHistoryVisibilityEvent(roomId, event) } } + + // handle verification + if (!isInitialSync) { + if (event.type != null && verificationMessageProcessor.shouldProcess(event.type)) { + cryptoCoroutineScope.launch(coroutineDispatchers.dmVerif) { + verificationMessageProcessor.process(event) + } + } + } } // val gossipingBuffer = mutableListOf() diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/tasks/EncryptEventTask.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/tasks/EncryptEventTask.kt index 1e395796a9..ba64f0c0a5 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/tasks/EncryptEventTask.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/tasks/EncryptEventTask.kt @@ -16,6 +16,7 @@ package org.matrix.android.sdk.internal.crypto.tasks import org.matrix.android.sdk.api.crypto.MXCRYPTO_ALGORITHM_MEGOLM +import dagger.Lazy import org.matrix.android.sdk.api.session.crypto.CryptoService import org.matrix.android.sdk.api.session.crypto.model.MXEncryptEventContentResult import org.matrix.android.sdk.api.session.crypto.model.MXEventDecryptionResult @@ -39,7 +40,7 @@ internal interface EncryptEventTask : Task { internal class DefaultEncryptEventTask @Inject constructor( private val localEchoRepository: LocalEchoRepository, - private val cryptoService: CryptoService + private val cryptoService: Lazy ) : EncryptEventTask { override suspend fun execute(params: EncryptEventTask.Params): Event { // don't want to wait for any query @@ -59,7 +60,7 @@ internal class DefaultEncryptEventTask @Inject constructor( // try { // let it throws awaitCallback { - cryptoService.encryptEventContent(localMutableContent, localEvent.type, params.roomId, it) + cryptoService.get().encryptEventContent(localMutableContent, localEvent.type, params.roomId, it) }.let { result -> val modifiedContent = HashMap(result.eventContent) params.keepKeys?.forEach { toKeep -> @@ -80,7 +81,7 @@ internal class DefaultEncryptEventTask @Inject constructor( ).toContent(), forwardingCurve25519KeyChain = emptyList(), senderCurve25519Key = result.eventContent["sender_key"] as? String, - claimedEd25519Key = cryptoService.getMyDevice().fingerprint() + claimedEd25519Key = cryptoService.get().getMyDevice().fingerprint() ) } else { null diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/tasks/SendVerificationMessageTask.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/tasks/SendVerificationMessageTask.kt index c4a6ba27d6..ca23bcd4c4 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/tasks/SendVerificationMessageTask.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/tasks/SendVerificationMessageTask.kt @@ -47,7 +47,7 @@ internal class DefaultSendVerificationMessageTask @Inject constructor( localEchoRepository.updateSendState(localId, event.roomId, SendState.SENDING) val response = executeRequest(globalErrorReceiver) { roomAPI.send( - localId, + txId = localId, roomId = event.roomId ?: "", content = event.content, eventType = event.type ?: "" diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/DefaultVerificationService.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/DefaultVerificationService.kt index 16f1f7d719..46d53355a8 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/DefaultVerificationService.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/DefaultVerificationService.kt @@ -764,8 +764,15 @@ internal class DefaultVerificationService @Inject constructor( return } + val roomId = event.roomId + if (roomId == null) { + Timber.e("## SAS Verification missing roomId for event") + // TODO cancel? + return + } + handleReadyReceived(event.senderId, readyReq) { - verificationTransportRoomMessageFactory.createTransport(event.roomId!!, it) + verificationTransportRoomMessageFactory.createTransport(roomId, it) } } @@ -1171,6 +1178,7 @@ internal class DefaultVerificationService @Inject constructor( } .distinct() + requestsForUser.add(verificationRequest) transport.sendVerificationRequest(methodValues, validLocalId, otherUserId, roomId, null) { syncedId, info -> // We need to update with the syncedID updatePendingRequest(verificationRequest.copy( @@ -1180,7 +1188,6 @@ internal class DefaultVerificationService @Inject constructor( )) } - requestsForUser.add(verificationRequest) dispatchRequestAdded(verificationRequest) return verificationRequest diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/SendVerificationMessageWorker.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/SendVerificationMessageWorker.kt deleted file mode 100644 index 0a175ae3ca..0000000000 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/SendVerificationMessageWorker.kt +++ /dev/null @@ -1,88 +0,0 @@ -/* - * Copyright 2020 The Matrix.org Foundation C.I.C. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.matrix.android.sdk.internal.crypto.verification - -import android.content.Context -import androidx.work.Data -import androidx.work.WorkerParameters -import com.squareup.moshi.JsonClass -import org.matrix.android.sdk.api.failure.shouldBeRetried -import org.matrix.android.sdk.internal.SessionManager -import org.matrix.android.sdk.internal.crypto.tasks.SendVerificationMessageTask -import org.matrix.android.sdk.internal.session.SessionComponent -import org.matrix.android.sdk.internal.session.room.send.CancelSendTracker -import org.matrix.android.sdk.internal.session.room.send.LocalEchoRepository -import org.matrix.android.sdk.internal.worker.SessionSafeCoroutineWorker -import org.matrix.android.sdk.internal.worker.SessionWorkerParams -import timber.log.Timber -import javax.inject.Inject - -/** - * Possible previous worker: None - * Possible next worker : None - */ -internal class SendVerificationMessageWorker(context: Context, params: WorkerParameters, sessionManager: SessionManager) : - SessionSafeCoroutineWorker(context, params, sessionManager, Params::class.java) { - - @JsonClass(generateAdapter = true) - internal data class Params( - override val sessionId: String, - val eventId: String, - override val lastFailureMessage: String? = null - ) : SessionWorkerParams - - @Inject lateinit var sendVerificationMessageTask: SendVerificationMessageTask - @Inject lateinit var localEchoRepository: LocalEchoRepository - @Inject lateinit var cancelSendTracker: CancelSendTracker - - override fun injectWith(injector: SessionComponent) { - injector.inject(this) - } - - override suspend fun doSafeWork(params: Params): Result { - val localEvent = localEchoRepository.getUpToDateEcho(params.eventId) ?: return buildErrorResult(params, "Event not found") - val localEventId = localEvent.eventId ?: "" - val roomId = localEvent.roomId ?: "" - - if (cancelSendTracker.isCancelRequestedFor(localEventId, roomId)) { - return Result.success() - .also { - cancelSendTracker.markCancelled(localEventId, roomId) - Timber.e("## SendEvent: Event sending has been cancelled $localEventId") - } - } - - return try { - val resultEventId = sendVerificationMessageTask.execute( - SendVerificationMessageTask.Params( - event = localEvent - ) - ) - - Result.success(Data.Builder().putString(localEventId, resultEventId).build()) - } catch (throwable: Throwable) { - if (throwable.shouldBeRetried()) { - Result.retry() - } else { - buildErrorResult(params, throwable.localizedMessage ?: "error") - } - } - } - - override fun buildErrorParams(params: Params, message: String): Params { - return params.copy(lastFailureMessage = params.lastFailureMessage ?: message) - } -} diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/VerificationMessageProcessor.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/VerificationMessageProcessor.kt index 52166761ab..7e756e8914 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/VerificationMessageProcessor.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/VerificationMessageProcessor.kt @@ -15,13 +15,9 @@ */ package org.matrix.android.sdk.internal.crypto.verification -import io.realm.Realm -import org.matrix.android.sdk.api.session.crypto.MXCryptoError -import org.matrix.android.sdk.api.session.crypto.model.OlmDecryptionResult import org.matrix.android.sdk.api.session.crypto.verification.VerificationService import org.matrix.android.sdk.api.session.events.model.Event import org.matrix.android.sdk.api.session.events.model.EventType -import org.matrix.android.sdk.api.session.events.model.LocalEcho import org.matrix.android.sdk.api.session.events.model.toModel import org.matrix.android.sdk.api.session.room.model.message.MessageContent import org.matrix.android.sdk.api.session.room.model.message.MessageRelationContent @@ -29,20 +25,16 @@ import org.matrix.android.sdk.api.session.room.model.message.MessageType import org.matrix.android.sdk.api.session.room.model.message.MessageVerificationReadyContent import org.matrix.android.sdk.api.session.room.model.message.MessageVerificationRequestContent import org.matrix.android.sdk.api.session.room.model.message.MessageVerificationStartContent -import org.matrix.android.sdk.internal.crypto.EventDecryptor -import org.matrix.android.sdk.internal.database.model.EventInsertType import org.matrix.android.sdk.internal.di.DeviceId import org.matrix.android.sdk.internal.di.UserId -import org.matrix.android.sdk.internal.session.EventInsertLiveProcessor import timber.log.Timber import javax.inject.Inject internal class VerificationMessageProcessor @Inject constructor( - private val eventDecryptor: EventDecryptor, private val verificationService: DefaultVerificationService, @UserId private val userId: String, @DeviceId private val deviceId: String? -) : EventInsertLiveProcessor { +) { private val transactionsHandledByOtherDevice = ArrayList() @@ -58,41 +50,20 @@ internal class VerificationMessageProcessor @Inject constructor( EventType.ENCRYPTED ) - override fun shouldProcess(eventId: String, eventType: String, insertType: EventInsertType): Boolean { - if (insertType != EventInsertType.INCREMENTAL_SYNC) { - return false - } - return allowedTypes.contains(eventType) && !LocalEcho.isLocalEchoId(eventId) + fun shouldProcess(eventType: String): Boolean { + return allowedTypes.contains(eventType) } - override suspend fun process(realm: Realm, event: Event) { - Timber.v("## SAS Verification live observer: received msgId: ${event.eventId} msgtype: ${event.type} from ${event.senderId}") + suspend fun process(event: Event) { + Timber.v("## SAS Verification live observer: received msgId: ${event.eventId} msgtype: ${event.getClearType()} from ${event.senderId}") // If the request is in the future by more than 5 minutes or more than 10 minutes in the past, // the message should be ignored by the receiver. - if (!VerificationService.isValidRequest(event.ageLocalTs - ?: event.originServerTs)) return Unit.also { - Timber.d("## SAS Verification live observer: msgId: ${event.eventId} is outdated") + if (event.ageLocalTs != null && !VerificationService.isValidRequest(event.ageLocalTs)) return Unit.also { + Timber.d("## SAS Verification live observer: msgId: ${event.eventId} is outdated age:$event.ageLocalTs ms") } - // decrypt if needed? - if (event.isEncrypted() && event.mxDecryptionResult == null) { - // TODO use a global event decryptor? attache to session and that listen to new sessionId? - // for now decrypt sync - try { - val result = eventDecryptor.decryptEvent(event, "") - event.mxDecryptionResult = OlmDecryptionResult( - payload = result.clearEvent, - senderKey = result.senderCurve25519Key, - keysClaimed = result.claimedEd25519Key?.let { mapOf("ed25519" to it) }, - forwardingCurve25519KeyChain = result.forwardingCurve25519KeyChain - ) - } catch (e: MXCryptoError) { - Timber.e("## SAS Failed to decrypt event: ${event.eventId}") - verificationService.onPotentiallyInterestingEventRoomFailToDecrypt(event) - } - } Timber.v("## SAS Verification live observer: received msgId: ${event.eventId} type: ${event.getClearType()}") // Relates to is not encrypted @@ -101,7 +72,6 @@ internal class VerificationMessageProcessor @Inject constructor( if (event.senderId == userId) { // If it's send from me, we need to keep track of Requests or Start // done from another device of mine - if (EventType.MESSAGE == event.getClearType()) { val msgType = event.getClearContent().toModel()?.msgType if (MessageType.MSGTYPE_VERIFICATION_REQUEST == msgType) { @@ -136,6 +106,8 @@ internal class VerificationMessageProcessor @Inject constructor( transactionsHandledByOtherDevice.remove(it) verificationService.onRoomRequestHandledByOtherDevice(event) } + } else if (EventType.ENCRYPTED == event.getClearType()) { + verificationService.onPotentiallyInterestingEventRoomFailToDecrypt(event) } Timber.v("## SAS Verification ignoring message sent by me: ${event.eventId} type: ${event.getClearType()}") diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/VerificationTransportRoomMessage.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/VerificationTransportRoomMessage.kt index 49235c5744..b6eba6b3b4 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/VerificationTransportRoomMessage.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/VerificationTransportRoomMessage.kt @@ -15,14 +15,9 @@ */ package org.matrix.android.sdk.internal.crypto.verification -import androidx.lifecycle.Observer -import androidx.work.BackoffPolicy -import androidx.work.Data -import androidx.work.ExistingWorkPolicy -import androidx.work.Operation -import androidx.work.WorkInfo import kotlinx.coroutines.CoroutineScope -import kotlinx.coroutines.Dispatchers +import kotlinx.coroutines.SupervisorJob +import kotlinx.coroutines.asCoroutineDispatcher import kotlinx.coroutines.launch import org.matrix.android.sdk.api.session.crypto.verification.CancelCode import org.matrix.android.sdk.api.session.crypto.verification.ValidVerificationInfoRequest @@ -45,25 +40,25 @@ import org.matrix.android.sdk.api.session.room.model.message.MessageVerification import org.matrix.android.sdk.api.session.room.model.relation.RelationDefaultContent import org.matrix.android.sdk.internal.crypto.model.rest.VERIFICATION_METHOD_RECIPROCATE import org.matrix.android.sdk.internal.crypto.model.rest.VERIFICATION_METHOD_SAS -import org.matrix.android.sdk.internal.di.WorkManagerProvider +import org.matrix.android.sdk.internal.crypto.tasks.SendVerificationMessageTask import org.matrix.android.sdk.internal.session.room.send.LocalEchoEventFactory -import org.matrix.android.sdk.internal.worker.SessionSafeCoroutineWorker -import org.matrix.android.sdk.internal.worker.WorkerParamsFactory +import org.matrix.android.sdk.internal.task.SemaphoreCoroutineSequencer import timber.log.Timber -import java.util.UUID -import java.util.concurrent.TimeUnit +import java.util.concurrent.Executors internal class VerificationTransportRoomMessage( - private val workManagerProvider: WorkManagerProvider, - private val sessionId: String, + private val sendVerificationMessageTask: SendVerificationMessageTask, private val userId: String, private val userDeviceId: String?, private val roomId: String, private val localEchoEventFactory: LocalEchoEventFactory, - private val tx: DefaultVerificationTransaction?, - private val coroutineScope: CoroutineScope + private val tx: DefaultVerificationTransaction? ) : VerificationTransport { + private val dispatcher = Executors.newSingleThreadExecutor().asCoroutineDispatcher() + private val verificationSenderScope = CoroutineScope(SupervisorJob() + dispatcher) + private val sequencer = SemaphoreCoroutineSequencer() + override fun sendToOther(type: String, verificationInfo: VerificationInfo, nextState: VerificationTxState, @@ -77,68 +72,22 @@ internal class VerificationTransportRoomMessage( content = verificationInfo.toEventContent()!! ) - val workerParams = WorkerParamsFactory.toData(SendVerificationMessageWorker.Params( - sessionId = sessionId, - eventId = event.eventId ?: "" - )) - val enqueueInfo = enqueueSendWork(workerParams) - - // I cannot just listen to the given work request, because when used in a uniqueWork, - // The callback is called while it is still Running ... - -// Futures.addCallback(enqueueInfo.first.result, object : FutureCallback { -// override fun onSuccess(result: Operation.State.SUCCESS?) { -// if (onDone != null) { -// onDone() -// } else { -// tx?.state = nextState -// } -// } -// -// override fun onFailure(t: Throwable) { -// Timber.e("## SAS verification [${tx?.transactionId}] failed to send toDevice in state : ${tx?.state}, reason: ${t.localizedMessage}") -// tx?.cancel(onErrorReason) -// } -// }, listenerExecutor) - - val workLiveData = workManagerProvider.workManager - .getWorkInfosForUniqueWorkLiveData(uniqueQueueName()) - - val observer = object : Observer> { - override fun onChanged(workInfoList: List?) { - workInfoList - ?.firstOrNull { it.id == enqueueInfo.second } - ?.let { wInfo -> - when (wInfo.state) { - WorkInfo.State.FAILED -> { - tx?.cancel(onErrorReason) - workLiveData.removeObserver(this) - } - WorkInfo.State.SUCCEEDED -> { - if (SessionSafeCoroutineWorker.hasFailed(wInfo.outputData)) { - Timber.e("## SAS verification [${tx?.transactionId}] failed to send verification message in state : ${tx?.state}") - tx?.cancel(onErrorReason) - } else { - if (onDone != null) { - onDone() - } else { - tx?.state = nextState - } - } - workLiveData.removeObserver(this) - } - else -> { - // nop - } - } - } + verificationSenderScope.launch { + sequencer.post { + try { + val params = SendVerificationMessageTask.Params(event) + sendVerificationMessageTask.executeRetry(params, 5) + // Do I need to update local echo state to sent? + if (onDone != null) { + onDone() + } else { + tx?.state = nextState + } + } catch (failure: Throwable) { + tx?.cancel(onErrorReason) + } } } - - // TODO listen to DB to get synced info - coroutineScope.launch(Dispatchers.Main) { - workLiveData.observeForever(observer) - } } override fun sendVerificationRequest(supportedMethods: List, @@ -169,58 +118,24 @@ internal class VerificationTransportRoomMessage( val content = info.toContent() val event = createEventAndLocalEcho( - localId, - EventType.MESSAGE, - roomId, - content + localId = localId, + type = EventType.MESSAGE, + roomId = roomId, + content = content ) - val workerParams = WorkerParamsFactory.toData(SendVerificationMessageWorker.Params( - sessionId = sessionId, - eventId = event.eventId ?: "" - )) - - val workRequest = workManagerProvider.matrixOneTimeWorkRequestBuilder() - .setConstraints(WorkManagerProvider.workConstraints) - .setInputData(workerParams) - .setBackoffCriteria(BackoffPolicy.LINEAR, WorkManagerProvider.BACKOFF_DELAY_MILLIS, TimeUnit.MILLISECONDS) - .build() - - workManagerProvider.workManager - .beginUniqueWork("${roomId}_VerificationWork", ExistingWorkPolicy.APPEND_OR_REPLACE, workRequest) - .enqueue() - - // I cannot just listen to the given work request, because when used in a uniqueWork, - // The callback is called while it is still Running ... - - val workLiveData = workManagerProvider.workManager - .getWorkInfosForUniqueWorkLiveData("${roomId}_VerificationWork") - - val observer = object : Observer> { - override fun onChanged(workInfoList: List?) { - workInfoList - ?.filter { it.state == WorkInfo.State.SUCCEEDED } - ?.firstOrNull { it.id == workRequest.id } - ?.let { wInfo -> - if (SessionSafeCoroutineWorker.hasFailed(wInfo.outputData)) { - callback(null, null) - } else { - val eventId = wInfo.outputData.getString(localId) - if (eventId != null) { - callback(eventId, validInfo) - } else { - callback(null, null) - } - } - workLiveData.removeObserver(this) - } + verificationSenderScope.launch { + val params = SendVerificationMessageTask.Params(event) + sequencer.post { + try { + val eventId = sendVerificationMessageTask.executeRetry(params, 5) + // Do I need to update local echo state to sent? + callback(eventId, validInfo) + } catch (failure: Throwable) { + callback(null, null) + } } } - - // TODO listen to DB to get synced info - coroutineScope.launch(Dispatchers.Main) { - workLiveData.observeForever(observer) - } } override fun cancelTransaction(transactionId: String, otherUserId: String, otherUserDeviceId: String?, code: CancelCode) { @@ -230,11 +145,17 @@ internal class VerificationTransportRoomMessage( roomId = roomId, content = MessageVerificationCancelContent.create(transactionId, code).toContent() ) - val workerParams = WorkerParamsFactory.toData(SendVerificationMessageWorker.Params( - sessionId = sessionId, - eventId = event.eventId ?: "" - )) - enqueueSendWork(workerParams) + + verificationSenderScope.launch { + sequencer.post { + try { + val params = SendVerificationMessageTask.Params(event) + sendVerificationMessageTask.executeRetry(params, 5) + } catch (failure: Throwable) { + Timber.w("") + } + } + } } override fun done(transactionId: String, @@ -250,44 +171,56 @@ internal class VerificationTransportRoomMessage( ) ).toContent() ) - val workerParams = WorkerParamsFactory.toData(SendVerificationMessageWorker.Params( - sessionId = sessionId, - eventId = event.eventId ?: "" - )) - val enqueueInfo = enqueueSendWork(workerParams) - - val workLiveData = workManagerProvider.workManager - .getWorkInfosForUniqueWorkLiveData(uniqueQueueName()) - val observer = object : Observer> { - override fun onChanged(workInfoList: List?) { - workInfoList - ?.filter { it.state == WorkInfo.State.SUCCEEDED } - ?.firstOrNull { it.id == enqueueInfo.second } - ?.let { _ -> - onDone?.invoke() - workLiveData.removeObserver(this) - } + verificationSenderScope.launch { + sequencer.post { + try { + val params = SendVerificationMessageTask.Params(event) + sendVerificationMessageTask.executeRetry(params, 5) + } catch (failure: Throwable) { + Timber.w("") + } finally { + onDone?.invoke() + } } } - - // TODO listen to DB to get synced info - coroutineScope.launch(Dispatchers.Main) { - workLiveData.observeForever(observer) - } +// val workerParams = WorkerParamsFactory.toData(SendVerificationMessageWorker.Params( +// sessionId = sessionId, +// eventId = event.eventId ?: "" +// )) +// val enqueueInfo = enqueueSendWork(workerParams) +// +// val workLiveData = workManagerProvider.workManager +// .getWorkInfosForUniqueWorkLiveData(uniqueQueueName()) +// val observer = object : Observer> { +// override fun onChanged(workInfoList: List?) { +// workInfoList +// ?.filter { it.state == WorkInfo.State.SUCCEEDED } +// ?.firstOrNull { it.id == enqueueInfo.second } +// ?.let { _ -> +// onDone?.invoke() +// workLiveData.removeObserver(this) +// } +// } +// } +// +// // TODO listen to DB to get synced info +// coroutineScope.launch(Dispatchers.Main) { +// workLiveData.observeForever(observer) +// } } - private fun enqueueSendWork(workerParams: Data): Pair { - val workRequest = workManagerProvider.matrixOneTimeWorkRequestBuilder() - .setConstraints(WorkManagerProvider.workConstraints) - .setInputData(workerParams) - .setBackoffCriteria(BackoffPolicy.LINEAR, WorkManagerProvider.BACKOFF_DELAY_MILLIS, TimeUnit.MILLISECONDS) - .build() - return workManagerProvider.workManager - .beginUniqueWork(uniqueQueueName(), ExistingWorkPolicy.APPEND_OR_REPLACE, workRequest) - .enqueue() to workRequest.id - } +// private fun enqueueSendWork(workerParams: Data): Pair { +// val workRequest = workManagerProvider.matrixOneTimeWorkRequestBuilder() +// .setConstraints(WorkManagerProvider.workConstraints) +// .setInputData(workerParams) +// .setBackoffCriteria(BackoffPolicy.LINEAR, WorkManagerProvider.BACKOFF_DELAY_MILLIS, TimeUnit.MILLISECONDS) +// .build() +// return workManagerProvider.workManager +// .beginUniqueWork(uniqueQueueName(), ExistingWorkPolicy.APPEND_OR_REPLACE, workRequest) +// .enqueue() to workRequest.id +// } - private fun uniqueQueueName() = "${roomId}_VerificationWork" +// private fun uniqueQueueName() = "${roomId}_VerificationWork" override fun createAccept(tid: String, keyAgreementProtocol: String, diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/VerificationTransportRoomMessageFactory.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/VerificationTransportRoomMessageFactory.kt index f89127273b..efbdd9c175 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/VerificationTransportRoomMessageFactory.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/VerificationTransportRoomMessageFactory.kt @@ -16,34 +16,28 @@ package org.matrix.android.sdk.internal.crypto.verification +import org.matrix.android.sdk.internal.crypto.tasks.SendVerificationMessageTask import org.matrix.android.sdk.internal.di.DeviceId -import org.matrix.android.sdk.internal.di.SessionId import org.matrix.android.sdk.internal.di.UserId -import org.matrix.android.sdk.internal.di.WorkManagerProvider import org.matrix.android.sdk.internal.session.room.send.LocalEchoEventFactory -import org.matrix.android.sdk.internal.task.TaskExecutor import javax.inject.Inject internal class VerificationTransportRoomMessageFactory @Inject constructor( - private val workManagerProvider: WorkManagerProvider, - @SessionId - private val sessionId: String, + private val sendVerificationMessageTask: SendVerificationMessageTask, @UserId private val userId: String, @DeviceId private val deviceId: String?, - private val localEchoEventFactory: LocalEchoEventFactory, - private val taskExecutor: TaskExecutor + private val localEchoEventFactory: LocalEchoEventFactory ) { fun createTransport(roomId: String, tx: DefaultVerificationTransaction?): VerificationTransportRoomMessage { - return VerificationTransportRoomMessage(workManagerProvider, - sessionId, - userId, - deviceId, - roomId, - localEchoEventFactory, - tx, - taskExecutor.executorScope) + return VerificationTransportRoomMessage( + sendVerificationMessageTask = sendVerificationMessageTask, + userId = userId, + userDeviceId = deviceId, + roomId = roomId, + localEchoEventFactory = localEchoEventFactory, + tx = tx) } } diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/session/SessionComponent.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/session/SessionComponent.kt index 4c1a06f1c7..e1e4f7fd50 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/session/SessionComponent.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/session/SessionComponent.kt @@ -23,7 +23,6 @@ import org.matrix.android.sdk.api.auth.data.SessionParams import org.matrix.android.sdk.api.session.Session import org.matrix.android.sdk.internal.crypto.CryptoModule import org.matrix.android.sdk.internal.crypto.crosssigning.UpdateTrustWorker -import org.matrix.android.sdk.internal.crypto.verification.SendVerificationMessageWorker import org.matrix.android.sdk.internal.di.MatrixComponent import org.matrix.android.sdk.internal.federation.FederationModule import org.matrix.android.sdk.internal.network.NetworkConnectivityChecker @@ -129,8 +128,6 @@ internal interface SessionComponent { fun inject(worker: AddPusherWorker) - fun inject(worker: SendVerificationMessageWorker) - fun inject(worker: UpdateTrustWorker) @Component.Factory diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/session/SessionModule.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/session/SessionModule.kt index 0aae9f3105..7ceb89e892 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/session/SessionModule.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/session/SessionModule.kt @@ -49,7 +49,6 @@ import org.matrix.android.sdk.api.util.md5 import org.matrix.android.sdk.internal.crypto.secrets.DefaultSharedSecretStorageService import org.matrix.android.sdk.internal.crypto.tasks.DefaultRedactEventTask import org.matrix.android.sdk.internal.crypto.tasks.RedactEventTask -import org.matrix.android.sdk.internal.crypto.verification.VerificationMessageProcessor import org.matrix.android.sdk.internal.database.EventInsertLiveObserver import org.matrix.android.sdk.internal.database.RealmSessionProvider import org.matrix.android.sdk.internal.database.SessionRealmConfigurationFactory @@ -318,10 +317,6 @@ internal abstract class SessionModule { @IntoSet abstract fun bindRoomCreateEventProcessor(processor: RoomCreateEventProcessor): EventInsertLiveProcessor - @Binds - @IntoSet - abstract fun bindVerificationMessageProcessor(processor: VerificationMessageProcessor): EventInsertLiveProcessor - @Binds @IntoSet abstract fun bindCallEventProcessor(processor: CallEventProcessor): EventInsertLiveProcessor diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/session/sync/handler/room/RoomSyncHandler.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/session/sync/handler/room/RoomSyncHandler.kt index afd8e1bb99..18cc420e1a 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/session/sync/handler/room/RoomSyncHandler.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/session/sync/handler/room/RoomSyncHandler.kt @@ -378,7 +378,10 @@ internal class RoomSyncHandler @Inject constructor(private val readReceiptHandle val roomMemberContentsByUser = HashMap() val optimizedThreadSummaryMap = hashMapOf() - for (event in eventList) { + for (rawEvent in eventList) { + // It's annoying roomId is not there, but lot of code rely on it. + // And had to do it now as copy would delete all decryption results.. + val event = rawEvent.copy(roomId = roomId) if (event.eventId == null || event.senderId == null || event.type == null) { continue } @@ -445,7 +448,7 @@ internal class RoomSyncHandler @Inject constructor(private val readReceiptHandle } } // Give info to crypto module - cryptoService.onLiveEvent(roomEntity.roomId, event) + cryptoService.onLiveEvent(roomEntity.roomId, event, isInitialSync) // Try to remove local echo event.unsignedData?.transactionId?.also { diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/worker/MatrixWorkerFactory.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/worker/MatrixWorkerFactory.kt index 94dd36114b..8e5576d2ce 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/worker/MatrixWorkerFactory.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/worker/MatrixWorkerFactory.kt @@ -23,7 +23,6 @@ import androidx.work.WorkerFactory import androidx.work.WorkerParameters import org.matrix.android.sdk.internal.SessionManager import org.matrix.android.sdk.internal.crypto.crosssigning.UpdateTrustWorker -import org.matrix.android.sdk.internal.crypto.verification.SendVerificationMessageWorker import org.matrix.android.sdk.internal.di.MatrixScope import org.matrix.android.sdk.internal.session.content.UploadContentWorker import org.matrix.android.sdk.internal.session.group.GetGroupDataWorker @@ -61,8 +60,6 @@ internal class MatrixWorkerFactory @Inject constructor(private val sessionManage RedactEventWorker(appContext, workerParameters, sessionManager) SendEventWorker::class.java.name -> SendEventWorker(appContext, workerParameters, sessionManager) - SendVerificationMessageWorker::class.java.name -> - SendVerificationMessageWorker(appContext, workerParameters, sessionManager) SyncWorker::class.java.name -> SyncWorker(appContext, workerParameters, sessionManager) UpdateTrustWorker::class.java.name -> From a60171ce29c553c61d0a8a2d5aaa046efa28eb79 Mon Sep 17 00:00:00 2001 From: Valere Date: Fri, 15 Apr 2022 10:11:48 +0200 Subject: [PATCH 016/433] Reactivate withheld and verification tests --- .../android/sdk/common/CryptoTestHelper.kt | 57 ++++++++++++------- .../crypto/gossiping/WithHeldTests.kt | 23 +++++--- .../verification/qrcode/VerificationTest.kt | 2 - .../internal/crypto/DefaultCryptoService.kt | 8 --- .../sdk/internal/crypto/OutgoingKeyRequest.kt | 1 - .../internal/crypto/OutgoingSecretRequest.kt | 1 - .../PerSessionBackupQueryRateLimiter.kt | 8 +-- .../internal/crypto/RoomEncryptorsStore.kt | 2 + .../sdk/internal/crypto/SecretShareManager.kt | 10 ++-- .../DefaultCrossSigningService.kt | 1 - .../keysbackup/DefaultKeysBackupService.kt | 11 +++- .../sdk/internal/crypto/model/AuditTrail.kt | 2 +- .../store/db/migration/MigrateCryptoTo016.kt | 2 +- .../db/model/OutgoingKeyRequestEntity.kt | 2 +- .../DefaultQrCodeVerificationTransaction.kt | 1 + .../crypto/keysrequest/KeyRequestHandler.kt | 9 +-- 16 files changed, 76 insertions(+), 64 deletions(-) diff --git a/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/common/CryptoTestHelper.kt b/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/common/CryptoTestHelper.kt index ffcae5ad01..84bf9c06ee 100644 --- a/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/common/CryptoTestHelper.kt +++ b/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/common/CryptoTestHelper.kt @@ -366,29 +366,37 @@ class CryptoTestHelper(private val testHelper: CommonTestHelper) { assertTrue(alice.cryptoService().crossSigningService().canCrossSign()) assertTrue(bob.cryptoService().crossSigningService().canCrossSign()) - val requestID = UUID.randomUUID().toString() val aliceVerificationService = alice.cryptoService().verificationService() val bobVerificationService = bob.cryptoService().verificationService() - aliceVerificationService.beginKeyVerificationInDMs( - VerificationMethod.SAS, - requestID, - roomId, - bob.myUserId, - bob.sessionParams.credentials.deviceId!! - ) + val localId = UUID.randomUUID().toString() + aliceVerificationService.requestKeyVerificationInDMs( + localId = localId, + methods = listOf(VerificationMethod.SAS, VerificationMethod.QR_CODE_SCAN, VerificationMethod.QR_CODE_SHOW), + otherUserId = bob.myUserId, + roomId = roomId + ).transactionId - // we should reach SHOW SAS on both - var alicePovTx: OutgoingSasVerificationTransaction? = null - var bobPovTx: IncomingSasVerificationTransaction? = null - - // wait for alice to get the ready testHelper.waitWithLatch { testHelper.retryPeriodicallyWithLatch(it) { - bobPovTx = bobVerificationService.getExistingTransaction(alice.myUserId, requestID) as? IncomingSasVerificationTransaction - Log.v("TEST", "== bobPovTx is ${alicePovTx?.uxState}") - if (bobPovTx?.state == VerificationTxState.OnStarted) { - bobPovTx?.performAccept() + bobVerificationService.getExistingVerificationRequests(alice.myUserId).firstOrNull { + it.requestInfo?.fromDevice == alice.sessionParams.deviceId + } != null + } + } + val incomingRequest = bobVerificationService.getExistingVerificationRequests(alice.myUserId).first { + it.requestInfo?.fromDevice == alice.sessionParams.deviceId + } + bobVerificationService.readyPendingVerification(listOf(VerificationMethod.SAS), alice.myUserId, incomingRequest.transactionId!!) + + var requestID: String? = null + // wait for it to be readied + testHelper.waitWithLatch { + testHelper.retryPeriodicallyWithLatch(it) { + val outgoingRequest = aliceVerificationService.getExistingVerificationRequests(bob.myUserId) + .firstOrNull { it.localId == localId } + if (outgoingRequest?.isReady == true) { + requestID = outgoingRequest.transactionId!! true } else { false @@ -396,9 +404,20 @@ class CryptoTestHelper(private val testHelper: CommonTestHelper) { } } + aliceVerificationService.beginKeyVerificationInDMs( + VerificationMethod.SAS, + requestID!!, + roomId, + bob.myUserId, + bob.sessionParams.credentials.deviceId!!) + + // we should reach SHOW SAS on both + var alicePovTx: OutgoingSasVerificationTransaction? = null + var bobPovTx: IncomingSasVerificationTransaction? = null + testHelper.waitWithLatch { testHelper.retryPeriodicallyWithLatch(it) { - alicePovTx = aliceVerificationService.getExistingTransaction(bob.myUserId, requestID) as? OutgoingSasVerificationTransaction + alicePovTx = aliceVerificationService.getExistingTransaction(bob.myUserId, requestID!!) as? OutgoingSasVerificationTransaction Log.v("TEST", "== alicePovTx is ${alicePovTx?.uxState}") alicePovTx?.state == VerificationTxState.ShortCodeReady } @@ -406,7 +425,7 @@ class CryptoTestHelper(private val testHelper: CommonTestHelper) { // wait for alice to get the ready testHelper.waitWithLatch { testHelper.retryPeriodicallyWithLatch(it) { - bobPovTx = bobVerificationService.getExistingTransaction(alice.myUserId, requestID) as? IncomingSasVerificationTransaction + bobPovTx = bobVerificationService.getExistingTransaction(alice.myUserId, requestID!!) as? IncomingSasVerificationTransaction Log.v("TEST", "== bobPovTx is ${alicePovTx?.uxState}") if (bobPovTx?.state == VerificationTxState.OnStarted) { bobPovTx?.performAccept() diff --git a/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/gossiping/WithHeldTests.kt b/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/gossiping/WithHeldTests.kt index 8f906c56a7..d799bf7a7c 100644 --- a/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/gossiping/WithHeldTests.kt +++ b/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/gossiping/WithHeldTests.kt @@ -21,7 +21,6 @@ import androidx.test.ext.junit.runners.AndroidJUnit4 import androidx.test.filters.LargeTest import org.junit.Assert import org.junit.FixMethodOrder -import org.junit.Ignore import org.junit.Test import org.junit.runner.RunWith import org.junit.runners.MethodSorters @@ -45,12 +44,11 @@ import org.matrix.android.sdk.common.TestConstants @LargeTest class WithHeldTests : InstrumentedTest { - private val testHelper = CommonTestHelper(context()) - private val cryptoTestHelper = CryptoTestHelper(testHelper) - @Test - @Ignore("This test will be ignored until it is fixed") fun test_WithHeldUnverifiedReason() { + val testHelper = CommonTestHelper(context()) + val cryptoTestHelper = CryptoTestHelper(testHelper) + // ============================= // ARRANGE // ============================= @@ -138,8 +136,10 @@ class WithHeldTests : InstrumentedTest { } @Test - @Ignore("This test will be ignored until it is fixed") - fun test_WithHeldNoOlm() { + fun test_WithHeldNoOlm() { + val testHelper = CommonTestHelper(context()) + val cryptoTestHelper = CryptoTestHelper(testHelper) + val testData = cryptoTestHelper.doE2ETestWithAliceAndBobInARoom() val aliceSession = testData.firstSession val bobSession = testData.secondSession!! @@ -211,8 +211,10 @@ class WithHeldTests : InstrumentedTest { } @Test - @Ignore("This test will be ignored until it is fixed") - fun test_WithHeldKeyRequest() { + fun test_WithHeldKeyRequest() { + val testHelper = CommonTestHelper(context()) + val cryptoTestHelper = CryptoTestHelper(testHelper) + val testData = cryptoTestHelper.doE2ETestWithAliceAndBobInARoom() val aliceSession = testData.firstSession val bobSession = testData.secondSession!! @@ -258,5 +260,8 @@ class WithHeldTests : InstrumentedTest { wc?.code == WithHeldCode.UNAUTHORISED } } + + testHelper.signOutAndClose(aliceSession) + testHelper.signOutAndClose(bobSecondSession) } } diff --git a/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/verification/qrcode/VerificationTest.kt b/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/verification/qrcode/VerificationTest.kt index 374d709505..e757f9b60f 100644 --- a/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/verification/qrcode/VerificationTest.kt +++ b/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/verification/qrcode/VerificationTest.kt @@ -19,7 +19,6 @@ package org.matrix.android.sdk.internal.crypto.verification.qrcode import androidx.test.ext.junit.runners.AndroidJUnit4 import org.amshove.kluent.shouldBe import org.junit.FixMethodOrder -import org.junit.Ignore import org.junit.Test import org.junit.runner.RunWith import org.junit.runners.MethodSorters @@ -40,7 +39,6 @@ import kotlin.coroutines.resume @RunWith(AndroidJUnit4::class) @FixMethodOrder(MethodSorters.JVM) -@Ignore("This test is flaky ; see issue #5449") class VerificationTest : InstrumentedTest { data class ExpectedResult( diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/DefaultCryptoService.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/DefaultCryptoService.kt index dbe9880111..0b7b8036e3 100755 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/DefaultCryptoService.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/DefaultCryptoService.kt @@ -57,12 +57,10 @@ import org.matrix.android.sdk.api.session.crypto.model.MXDeviceInfo import org.matrix.android.sdk.api.session.crypto.model.MXEncryptEventContentResult import org.matrix.android.sdk.api.session.crypto.model.MXEventDecryptionResult import org.matrix.android.sdk.api.session.crypto.model.MXUsersDevicesMap -import org.matrix.android.sdk.api.session.crypto.model.RoomKeyRequestBody import org.matrix.android.sdk.api.session.crypto.model.RoomKeyShareRequest import org.matrix.android.sdk.api.session.events.model.Content import org.matrix.android.sdk.api.session.events.model.Event import org.matrix.android.sdk.api.session.events.model.EventType -import org.matrix.android.sdk.api.session.events.model.content.EncryptedEventContent import org.matrix.android.sdk.api.session.events.model.content.RoomKeyContent import org.matrix.android.sdk.api.session.events.model.content.RoomKeyWithHeldContent import org.matrix.android.sdk.api.session.events.model.toModel @@ -81,13 +79,7 @@ import org.matrix.android.sdk.internal.crypto.crosssigning.DefaultCrossSigningSe import org.matrix.android.sdk.internal.crypto.keysbackup.DefaultKeysBackupService import org.matrix.android.sdk.internal.crypto.model.AuditTrail import org.matrix.android.sdk.internal.crypto.model.MXKey.Companion.KEY_SIGNED_CURVE_25519_TYPE -import org.matrix.android.sdk.internal.crypto.model.MXUsersDevicesMap import org.matrix.android.sdk.internal.crypto.model.TrailType -import org.matrix.android.sdk.internal.crypto.model.event.RoomKeyContent -import org.matrix.android.sdk.internal.crypto.model.event.RoomKeyWithHeldContent -import org.matrix.android.sdk.internal.crypto.model.rest.DeviceInfo -import org.matrix.android.sdk.internal.crypto.model.rest.DevicesListResponse -import org.matrix.android.sdk.internal.crypto.model.rest.RoomKeyShareRequest import org.matrix.android.sdk.internal.crypto.model.toRest import org.matrix.android.sdk.internal.crypto.repository.WarnOnUnknownDeviceRepository import org.matrix.android.sdk.internal.crypto.store.IMXCryptoStore diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingKeyRequest.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingKeyRequest.kt index 95148513ac..e96f8079d2 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingKeyRequest.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingKeyRequest.kt @@ -16,7 +16,6 @@ package org.matrix.android.sdk.internal.crypto -import org.matrix.android.sdk.api.session.crypto.model.OutgoingRoomKeyRequestState import org.matrix.android.sdk.api.session.crypto.model.RoomKeyRequestBody import org.matrix.android.sdk.api.session.events.model.content.WithHeldCode diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingSecretRequest.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingSecretRequest.kt index 27ab1ca542..20add23666 100755 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingSecretRequest.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingSecretRequest.kt @@ -17,7 +17,6 @@ package org.matrix.android.sdk.internal.crypto import com.squareup.moshi.JsonClass -import org.matrix.android.sdk.api.session.crypto.model.OutgoingRoomKeyRequestState /** * Represents an outgoing room key request diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/PerSessionBackupQueryRateLimiter.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/PerSessionBackupQueryRateLimiter.kt index daf69f892d..8e0def5b76 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/PerSessionBackupQueryRateLimiter.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/PerSessionBackupQueryRateLimiter.kt @@ -20,12 +20,12 @@ import dagger.Lazy import kotlinx.coroutines.withContext import org.matrix.android.sdk.api.MatrixCoroutineDispatchers import org.matrix.android.sdk.api.logger.LoggerTag +import org.matrix.android.sdk.api.session.crypto.keysbackup.KeysVersionResult +import org.matrix.android.sdk.api.session.crypto.keysbackup.SavedKeyBackupKeyInfo +import org.matrix.android.sdk.api.session.crypto.model.ImportRoomKeysResult +import org.matrix.android.sdk.api.util.awaitCallback import org.matrix.android.sdk.internal.crypto.keysbackup.DefaultKeysBackupService -import org.matrix.android.sdk.internal.crypto.keysbackup.model.rest.KeysVersionResult -import org.matrix.android.sdk.internal.crypto.model.ImportRoomKeysResult import org.matrix.android.sdk.internal.crypto.store.IMXCryptoStore -import org.matrix.android.sdk.internal.crypto.store.SavedKeyBackupKeyInfo -import org.matrix.android.sdk.internal.util.awaitCallback import timber.log.Timber import javax.inject.Inject diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/RoomEncryptorsStore.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/RoomEncryptorsStore.kt index 169bfca4e1..58378e556a 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/RoomEncryptorsStore.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/RoomEncryptorsStore.kt @@ -16,6 +16,8 @@ package org.matrix.android.sdk.internal.crypto +import org.matrix.android.sdk.api.crypto.MXCRYPTO_ALGORITHM_MEGOLM +import org.matrix.android.sdk.api.crypto.MXCRYPTO_ALGORITHM_OLM import org.matrix.android.sdk.internal.crypto.algorithms.IMXEncrypting import org.matrix.android.sdk.internal.crypto.algorithms.megolm.MXMegolmEncryptionFactory import org.matrix.android.sdk.internal.crypto.algorithms.olm.MXOlmEncryptionFactory diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/SecretShareManager.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/SecretShareManager.kt index 1905c540ef..1bdf18b272 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/SecretShareManager.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/SecretShareManager.kt @@ -28,17 +28,17 @@ import org.matrix.android.sdk.api.session.crypto.crosssigning.KEYBACKUP_SECRET_S import org.matrix.android.sdk.api.session.crypto.crosssigning.MASTER_KEY_SSSS_NAME import org.matrix.android.sdk.api.session.crypto.crosssigning.SELF_SIGNING_KEY_SSSS_NAME import org.matrix.android.sdk.api.session.crypto.crosssigning.USER_SIGNING_KEY_SSSS_NAME +import org.matrix.android.sdk.api.session.crypto.keysbackup.extractCurveKeyFromRecoveryKey import org.matrix.android.sdk.api.session.crypto.keyshare.GossipingRequestListener +import org.matrix.android.sdk.api.session.crypto.model.MXUsersDevicesMap +import org.matrix.android.sdk.api.session.crypto.model.SecretShareRequest import org.matrix.android.sdk.api.session.events.model.Event import org.matrix.android.sdk.api.session.events.model.EventType +import org.matrix.android.sdk.api.session.events.model.content.SecretSendEventContent import org.matrix.android.sdk.api.session.events.model.toModel +import org.matrix.android.sdk.api.util.toBase64NoPadding import org.matrix.android.sdk.internal.crypto.actions.EnsureOlmSessionsForDevicesAction import org.matrix.android.sdk.internal.crypto.actions.MessageEncrypter -import org.matrix.android.sdk.internal.crypto.crosssigning.toBase64NoPadding -import org.matrix.android.sdk.internal.crypto.keysbackup.util.extractCurveKeyFromRecoveryKey -import org.matrix.android.sdk.internal.crypto.model.MXUsersDevicesMap -import org.matrix.android.sdk.internal.crypto.model.event.SecretSendEventContent -import org.matrix.android.sdk.internal.crypto.model.rest.SecretShareRequest import org.matrix.android.sdk.internal.crypto.store.IMXCryptoStore import org.matrix.android.sdk.internal.crypto.tasks.SendToDeviceTask import org.matrix.android.sdk.internal.crypto.tasks.createUniqueTxnId diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/crosssigning/DefaultCrossSigningService.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/crosssigning/DefaultCrossSigningService.kt index 18e1608f95..20fcf70e18 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/crosssigning/DefaultCrossSigningService.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/crosssigning/DefaultCrossSigningService.kt @@ -39,7 +39,6 @@ import org.matrix.android.sdk.api.util.Optional import org.matrix.android.sdk.api.util.fromBase64 import org.matrix.android.sdk.internal.crypto.DeviceListManager import org.matrix.android.sdk.internal.crypto.OutgoingKeyRequestManager -import org.matrix.android.sdk.internal.crypto.model.CryptoDeviceInfo import org.matrix.android.sdk.internal.crypto.model.rest.UploadSignatureQueryBuilder import org.matrix.android.sdk.internal.crypto.store.IMXCryptoStore import org.matrix.android.sdk.internal.crypto.tasks.InitializeCrossSigningTask diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/keysbackup/DefaultKeysBackupService.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/keysbackup/DefaultKeysBackupService.kt index 778bdb9849..107a3337b0 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/keysbackup/DefaultKeysBackupService.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/keysbackup/DefaultKeysBackupService.kt @@ -590,9 +590,14 @@ internal class DefaultKeysBackupService @Inject constructor( cryptoCoroutineScope.launch(coroutineDispatchers.io) { try { - when (val keysBackupLastVersionResult = getKeysBackupLastVersionTask.execute(Unit)) { - KeysBackupLastVersionResult.NoKeysBackup -> { - Timber.d("No keys backup found") + val keysBackupVersion = getKeysBackupLastVersionTask.execute(Unit).toKeysVersionResult() + ?: return@launch Unit.also { + Timber.d("Failed to get backup last version") + } + val recoveryKey = computeRecoveryKey(secret.fromBase64()) + if (isValidRecoveryKeyForKeysBackupVersion(recoveryKey, keysBackupVersion)) { + awaitCallback { + trustKeysBackupVersion(keysBackupVersion, true, it) } // we don't want to start immediately downloading all as it can take very long diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/model/AuditTrail.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/model/AuditTrail.kt index dece891439..dcf01e6342 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/model/AuditTrail.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/model/AuditTrail.kt @@ -17,7 +17,7 @@ package org.matrix.android.sdk.internal.crypto.model import com.squareup.moshi.JsonClass -import org.matrix.android.sdk.internal.crypto.model.event.WithHeldCode +import org.matrix.android.sdk.api.session.events.model.content.WithHeldCode enum class TrailType { OutgoingKeyForward, diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/migration/MigrateCryptoTo016.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/migration/MigrateCryptoTo016.kt index 3b2a08dba3..8d79ba3075 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/migration/MigrateCryptoTo016.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/migration/MigrateCryptoTo016.kt @@ -23,7 +23,7 @@ import org.matrix.android.sdk.internal.crypto.store.db.model.KeyRequestReplyEnti import org.matrix.android.sdk.internal.crypto.store.db.model.OutgoingKeyRequestEntityFields import org.matrix.android.sdk.internal.util.database.RealmMigrator -class MigrateCryptoTo016(realm: DynamicRealm) : RealmMigrator(realm, 15) { +internal class MigrateCryptoTo016(realm: DynamicRealm) : RealmMigrator(realm, 15) { override fun doMigrate(realm: DynamicRealm) { realm.schema.remove("OutgoingGossipingRequestEntity") diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/OutgoingKeyRequestEntity.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/OutgoingKeyRequestEntity.kt index 6ff93b0224..ee8785ea6b 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/OutgoingKeyRequestEntity.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/OutgoingKeyRequestEntity.kt @@ -22,13 +22,13 @@ import io.realm.RealmList import io.realm.RealmObject import io.realm.annotations.Index import org.matrix.android.sdk.api.extensions.tryOrNull -import org.matrix.android.sdk.api.session.crypto.model.OutgoingRoomKeyRequestState import org.matrix.android.sdk.api.session.crypto.model.RoomKeyRequestBody import org.matrix.android.sdk.api.session.events.model.Event import org.matrix.android.sdk.api.session.events.model.EventType import org.matrix.android.sdk.api.session.events.model.content.RoomKeyWithHeldContent import org.matrix.android.sdk.api.session.events.model.toModel import org.matrix.android.sdk.internal.crypto.OutgoingKeyRequest +import org.matrix.android.sdk.internal.crypto.OutgoingRoomKeyRequestState import org.matrix.android.sdk.internal.crypto.RequestReply import org.matrix.android.sdk.internal.crypto.RequestResult import org.matrix.android.sdk.internal.di.MoshiProvider diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/qrcode/DefaultQrCodeVerificationTransaction.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/qrcode/DefaultQrCodeVerificationTransaction.kt index ba434444bf..e40cd46455 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/qrcode/DefaultQrCodeVerificationTransaction.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/qrcode/DefaultQrCodeVerificationTransaction.kt @@ -21,6 +21,7 @@ import org.matrix.android.sdk.api.session.crypto.verification.CancelCode import org.matrix.android.sdk.api.session.crypto.verification.QrCodeVerificationTransaction import org.matrix.android.sdk.api.session.crypto.verification.VerificationTxState import org.matrix.android.sdk.api.session.events.model.EventType +import org.matrix.android.sdk.api.util.fromBase64 import org.matrix.android.sdk.internal.crypto.OutgoingKeyRequestManager import org.matrix.android.sdk.internal.crypto.SecretShareManager import org.matrix.android.sdk.internal.crypto.actions.SetDeviceVerificationAction diff --git a/vector/src/main/java/im/vector/app/features/crypto/keysrequest/KeyRequestHandler.kt b/vector/src/main/java/im/vector/app/features/crypto/keysrequest/KeyRequestHandler.kt index 4f40916825..034c667aac 100644 --- a/vector/src/main/java/im/vector/app/features/crypto/keysrequest/KeyRequestHandler.kt +++ b/vector/src/main/java/im/vector/app/features/crypto/keysrequest/KeyRequestHandler.kt @@ -30,20 +30,13 @@ import org.matrix.android.sdk.api.session.crypto.crosssigning.DeviceTrustLevel import org.matrix.android.sdk.api.session.crypto.keyshare.GossipingRequestListener import org.matrix.android.sdk.api.session.crypto.model.CryptoDeviceInfo import org.matrix.android.sdk.api.session.crypto.model.DeviceInfo -import org.matrix.android.sdk.api.session.crypto.model.IncomingRequestCancellation import org.matrix.android.sdk.api.session.crypto.model.IncomingRoomKeyRequest -import org.matrix.android.sdk.api.session.crypto.model.IncomingSecretShareRequest import org.matrix.android.sdk.api.session.crypto.model.MXUsersDevicesMap +import org.matrix.android.sdk.api.session.crypto.model.SecretShareRequest import org.matrix.android.sdk.api.session.crypto.verification.SasVerificationTransaction import org.matrix.android.sdk.api.session.crypto.verification.VerificationService import org.matrix.android.sdk.api.session.crypto.verification.VerificationTransaction import org.matrix.android.sdk.api.session.crypto.verification.VerificationTxState -import org.matrix.android.sdk.internal.crypto.IncomingRoomKeyRequest -import org.matrix.android.sdk.internal.crypto.crosssigning.DeviceTrustLevel -import org.matrix.android.sdk.internal.crypto.model.CryptoDeviceInfo -import org.matrix.android.sdk.internal.crypto.model.MXUsersDevicesMap -import org.matrix.android.sdk.internal.crypto.model.rest.DeviceInfo -import org.matrix.android.sdk.internal.crypto.model.rest.SecretShareRequest import timber.log.Timber import javax.inject.Inject import javax.inject.Singleton From 3f5f2dc0f1c1bf4585019159b5d6713ee577d51a Mon Sep 17 00:00:00 2001 From: Valere Date: Fri, 15 Apr 2022 16:42:15 +0200 Subject: [PATCH 017/433] Fix tests --- .../sdk/internal/crypto/E2eeSanityTests.kt | 7 +++--- .../crypto/gossiping/WithHeldTests.kt | 25 +++++++++++++++---- 2 files changed, 23 insertions(+), 9 deletions(-) diff --git a/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/E2eeSanityTests.kt b/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/E2eeSanityTests.kt index fe7c17636b..e13dbd5c6f 100644 --- a/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/E2eeSanityTests.kt +++ b/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/E2eeSanityTests.kt @@ -484,7 +484,7 @@ class E2eeSanityTests : InstrumentedTest { // check that new bob can't currently decrypt Log.v("#E2E TEST", "check that new bob can't currently decrypt") - cryptoTestHelper.ensureCannotDecrypt(listOf(firstEventId), newBobSession, e2eRoomID, MXCryptoError.ErrorType.UNKNOWN_INBOUND_SESSION_ID) + cryptoTestHelper.ensureCannotDecrypt(listOf(firstEventId), newBobSession, e2eRoomID, null) // Now let alice send a new message. this time the new bob session will be able to decrypt var secondEventId: String @@ -518,9 +518,8 @@ class E2eeSanityTests : InstrumentedTest { try { newBobSession.cryptoService().decryptEvent(firstEventNewBobPov.root, "") fail("Should not be able to decrypt event") - } catch (error: MXCryptoError) { - val errorType = (error as? MXCryptoError.Base)?.errorType - assertEquals(MXCryptoError.ErrorType.UNKNOWN_MESSAGE_INDEX, errorType) + } catch (_: MXCryptoError) { + } } diff --git a/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/gossiping/WithHeldTests.kt b/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/gossiping/WithHeldTests.kt index d799bf7a7c..fc26f132a1 100644 --- a/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/gossiping/WithHeldTests.kt +++ b/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/gossiping/WithHeldTests.kt @@ -38,6 +38,7 @@ import org.matrix.android.sdk.common.CryptoTestHelper import org.matrix.android.sdk.common.MockOkHttpInterceptor import org.matrix.android.sdk.common.SessionTestParams import org.matrix.android.sdk.common.TestConstants +import org.matrix.android.sdk.internal.crypto.RequestResult @RunWith(AndroidJUnit4::class) @FixMethodOrder(MethodSorters.JVM) @@ -66,7 +67,6 @@ class WithHeldTests : InstrumentedTest { val roomAlicePOV = aliceSession.getRoom(roomId)!! val bobUnverifiedSession = testHelper.logIntoAccount(bobSession.myUserId, SessionTestParams(true)) - // ============================= // ACT // ============================= @@ -85,6 +85,7 @@ class WithHeldTests : InstrumentedTest { val eventBobPOV = bobUnverifiedSession.getRoom(roomId)?.getTimelineEvent(timelineEvent.eventId)!! + val megolmSessionId = eventBobPOV.root.content.toModel()!!.sessionId!! // ============================= // ASSERT // ============================= @@ -100,9 +101,23 @@ class WithHeldTests : InstrumentedTest { val type = (failure as MXCryptoError.Base).errorType val technicalMessage = failure.technicalMessage Assert.assertEquals("Error should be withheld", MXCryptoError.ErrorType.KEYS_WITHHELD, type) - Assert.assertEquals("Cause should be unverified", WithHeldCode.UNVERIFIED.value, technicalMessage) + Assert.assertEquals("Cause should be unverified", WithHeldCode.UNAUTHORISED.value, technicalMessage) } + // Let's see if the reply we got from bob first session is unverified + testHelper.waitWithLatch { latch -> + testHelper.retryPeriodicallyWithLatch(latch) { + bobUnverifiedSession.cryptoService().getOutgoingRoomKeyRequests() + .firstOrNull { it.sessionId == megolmSessionId } + ?.results + ?.firstOrNull { it.fromDevice == bobSession.sessionParams.deviceId } + ?.result + ?.let { + it as? RequestResult.Failure + } + ?.code == WithHeldCode.UNVERIFIED + } + } // enable back sending to unverified aliceSession.cryptoService().setGlobalBlacklistUnverifiedDevices(false) @@ -127,7 +142,7 @@ class WithHeldTests : InstrumentedTest { val type = (failure as MXCryptoError.Base).errorType val technicalMessage = failure.technicalMessage Assert.assertEquals("Error should be withheld", MXCryptoError.ErrorType.KEYS_WITHHELD, type) - Assert.assertEquals("Cause should be unverified", WithHeldCode.UNVERIFIED.value, technicalMessage) + Assert.assertEquals("Cause should be unverified", WithHeldCode.UNAUTHORISED.value, technicalMessage) } testHelper.signOutAndClose(aliceSession) @@ -136,7 +151,7 @@ class WithHeldTests : InstrumentedTest { } @Test - fun test_WithHeldNoOlm() { + fun test_WithHeldNoOlm() { val testHelper = CommonTestHelper(context()) val cryptoTestHelper = CryptoTestHelper(testHelper) @@ -211,7 +226,7 @@ class WithHeldTests : InstrumentedTest { } @Test - fun test_WithHeldKeyRequest() { + fun test_WithHeldKeyRequest() { val testHelper = CommonTestHelper(context()) val cryptoTestHelper = CryptoTestHelper(testHelper) From 631ea50bdeaea55ce80e066f6aa3e8add39999b7 Mon Sep 17 00:00:00 2001 From: Valere Date: Fri, 15 Apr 2022 19:38:10 +0200 Subject: [PATCH 018/433] Move some crypto classes to API + cleaning --- .../sdk/internal/crypto/E2eeSanityTests.kt | 5 ++--- .../sdk/internal/crypto/PreShareKeysTest.kt | 1 - .../crypto/gossiping/KeyShareTests.kt | 2 +- .../sdk/api/session/crypto/CryptoService.kt | 3 +-- .../session}/crypto/OutgoingKeyRequest.kt | 2 +- .../crypto/OutgoingRoomKeyRequestState.kt | 4 ++-- .../session}/crypto/model/AuditTrail.kt | 2 +- .../crypto/model/IncomingRoomKeyRequest.kt | 4 ---- .../internal/crypto/DefaultCryptoService.kt | 5 +++-- .../crypto/OutgoingGossipingRequest.kt | 2 ++ .../crypto/OutgoingKeyRequestManager.kt | 5 ++++- .../internal/crypto/OutgoingSecretRequest.kt | 1 + .../actions/MegolmSessionDataImporter.kt | 2 +- .../algorithms/megolm/MXMegolmDecryption.kt | 2 +- .../internal/crypto/store/IMXCryptoStore.kt | 8 ++++---- .../crypto/store/db/RealmCryptoStore.kt | 20 +++++++++---------- .../crypto/store/db/model/AuditTrailMapper.kt | 16 +++++++-------- .../db/model/OutgoingKeyRequestEntity.kt | 8 ++++---- .../internal/crypto/tasks/EncryptEventTask.kt | 2 +- .../VerificationBottomSheetViewModel.kt | 1 - .../GossipingEventsPaperTrailFragment.kt | 2 +- .../GossipingEventsPaperTrailViewModel.kt | 2 +- .../devtools/GossipingEventsSerializer.kt | 8 ++++---- .../GossipingTrailPagedEpoxyController.kt | 10 ++++------ .../devtools/KeyRequestListViewModel.kt | 2 +- .../OutgoingKeyRequestPagedController.kt | 2 +- 26 files changed, 59 insertions(+), 62 deletions(-) rename matrix-sdk-android/src/main/java/org/matrix/android/sdk/{internal => api/session}/crypto/OutgoingKeyRequest.kt (97%) rename matrix-sdk-android/src/main/java/org/matrix/android/sdk/{internal => api/session}/crypto/OutgoingRoomKeyRequestState.kt (89%) rename matrix-sdk-android/src/main/java/org/matrix/android/sdk/{internal => api/session}/crypto/model/AuditTrail.kt (97%) diff --git a/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/E2eeSanityTests.kt b/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/E2eeSanityTests.kt index e13dbd5c6f..f82741b8f2 100644 --- a/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/E2eeSanityTests.kt +++ b/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/E2eeSanityTests.kt @@ -33,6 +33,7 @@ import org.matrix.android.sdk.api.session.crypto.MXCryptoError import org.matrix.android.sdk.api.session.crypto.keysbackup.KeysVersion import org.matrix.android.sdk.api.session.crypto.keysbackup.KeysVersionResult import org.matrix.android.sdk.api.session.crypto.keysbackup.MegolmBackupCreationInfo +import org.matrix.android.sdk.api.session.crypto.model.CryptoDeviceInfo import org.matrix.android.sdk.api.session.crypto.model.ImportRoomKeysResult import org.matrix.android.sdk.api.session.crypto.verification.IncomingSasVerificationTransaction import org.matrix.android.sdk.api.session.crypto.verification.OutgoingSasVerificationTransaction @@ -42,6 +43,7 @@ import org.matrix.android.sdk.api.session.crypto.verification.VerificationServic import org.matrix.android.sdk.api.session.crypto.verification.VerificationTransaction import org.matrix.android.sdk.api.session.events.model.EventType import org.matrix.android.sdk.api.session.events.model.content.EncryptedEventContent +import org.matrix.android.sdk.api.session.events.model.content.WithHeldCode import org.matrix.android.sdk.api.session.events.model.toModel import org.matrix.android.sdk.api.session.getRoom import org.matrix.android.sdk.api.session.getRoomSummary @@ -55,8 +57,6 @@ import org.matrix.android.sdk.common.CommonTestHelper import org.matrix.android.sdk.common.CryptoTestHelper import org.matrix.android.sdk.common.SessionTestParams import org.matrix.android.sdk.common.TestMatrixCallback -import org.matrix.android.sdk.api.session.crypto.model.CryptoDeviceInfo -import org.matrix.android.sdk.api.session.events.model.content.WithHeldCode import java.util.concurrent.CountDownLatch @RunWith(JUnit4::class) @@ -519,7 +519,6 @@ class E2eeSanityTests : InstrumentedTest { newBobSession.cryptoService().decryptEvent(firstEventNewBobPov.root, "") fail("Should not be able to decrypt event") } catch (_: MXCryptoError) { - } } diff --git a/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/PreShareKeysTest.kt b/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/PreShareKeysTest.kt index d4f9d01c4a..bd5ca1d594 100644 --- a/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/PreShareKeysTest.kt +++ b/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/PreShareKeysTest.kt @@ -27,7 +27,6 @@ import org.junit.runners.MethodSorters import org.matrix.android.sdk.InstrumentedTest import org.matrix.android.sdk.api.session.events.model.EventType import org.matrix.android.sdk.api.session.events.model.content.EncryptedEventContent -import org.matrix.android.sdk.api.session.events.model.content.RoomKeyContent import org.matrix.android.sdk.api.session.events.model.toModel import org.matrix.android.sdk.api.session.getRoom import org.matrix.android.sdk.common.CommonTestHelper diff --git a/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/gossiping/KeyShareTests.kt b/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/gossiping/KeyShareTests.kt index 631b241c6c..14970dd258 100644 --- a/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/gossiping/KeyShareTests.kt +++ b/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/gossiping/KeyShareTests.kt @@ -30,6 +30,7 @@ import org.junit.Test import org.junit.runner.RunWith import org.junit.runners.MethodSorters import org.matrix.android.sdk.InstrumentedTest +import org.matrix.android.sdk.api.session.crypto.OutgoingRoomKeyRequestState import org.matrix.android.sdk.api.session.crypto.crosssigning.DeviceTrustLevel import org.matrix.android.sdk.api.session.events.model.content.EncryptedEventContent import org.matrix.android.sdk.api.session.events.model.content.WithHeldCode @@ -42,7 +43,6 @@ import org.matrix.android.sdk.common.CommonTestHelper import org.matrix.android.sdk.common.CryptoTestHelper import org.matrix.android.sdk.common.SessionTestParams import org.matrix.android.sdk.common.TestConstants -import org.matrix.android.sdk.internal.crypto.OutgoingRoomKeyRequestState import org.matrix.android.sdk.internal.crypto.RequestResult @RunWith(AndroidJUnit4::class) diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/CryptoService.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/CryptoService.kt index 5a2d8702be..b8c08d23dc 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/CryptoService.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/CryptoService.kt @@ -26,6 +26,7 @@ import org.matrix.android.sdk.api.session.crypto.crosssigning.CrossSigningServic import org.matrix.android.sdk.api.session.crypto.crosssigning.DeviceTrustLevel import org.matrix.android.sdk.api.session.crypto.keysbackup.KeysBackupService import org.matrix.android.sdk.api.session.crypto.keyshare.GossipingRequestListener +import org.matrix.android.sdk.api.session.crypto.model.AuditTrail import org.matrix.android.sdk.api.session.crypto.model.CryptoDeviceInfo import org.matrix.android.sdk.api.session.crypto.model.DeviceInfo import org.matrix.android.sdk.api.session.crypto.model.DevicesListResponse @@ -39,8 +40,6 @@ import org.matrix.android.sdk.api.session.crypto.verification.VerificationServic import org.matrix.android.sdk.api.session.events.model.Content import org.matrix.android.sdk.api.session.events.model.Event import org.matrix.android.sdk.api.session.events.model.content.RoomKeyWithHeldContent -import org.matrix.android.sdk.internal.crypto.OutgoingKeyRequest -import org.matrix.android.sdk.internal.crypto.model.AuditTrail interface CryptoService { diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingKeyRequest.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/OutgoingKeyRequest.kt similarity index 97% rename from matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingKeyRequest.kt rename to matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/OutgoingKeyRequest.kt index e96f8079d2..855f17a34f 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingKeyRequest.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/OutgoingKeyRequest.kt @@ -14,7 +14,7 @@ * limitations under the License. */ -package org.matrix.android.sdk.internal.crypto +package org.matrix.android.sdk.api.session.crypto import org.matrix.android.sdk.api.session.crypto.model.RoomKeyRequestBody import org.matrix.android.sdk.api.session.events.model.content.WithHeldCode diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingRoomKeyRequestState.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/OutgoingRoomKeyRequestState.kt similarity index 89% rename from matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingRoomKeyRequestState.kt rename to matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/OutgoingRoomKeyRequestState.kt index 98019200d0..6e80bdc133 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingRoomKeyRequestState.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/OutgoingRoomKeyRequestState.kt @@ -1,5 +1,5 @@ /* - * Copyright 2020 The Matrix.org Foundation C.I.C. + * Copyright (c) 2022 The Matrix.org Foundation C.I.C. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -14,7 +14,7 @@ * limitations under the License. */ -package org.matrix.android.sdk.internal.crypto +package org.matrix.android.sdk.api.session.crypto enum class OutgoingRoomKeyRequestState { UNSENT, diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/model/AuditTrail.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/model/AuditTrail.kt similarity index 97% rename from matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/model/AuditTrail.kt rename to matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/model/AuditTrail.kt index dcf01e6342..6100c19118 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/model/AuditTrail.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/model/AuditTrail.kt @@ -14,7 +14,7 @@ * limitations under the License. */ -package org.matrix.android.sdk.internal.crypto.model +package org.matrix.android.sdk.api.session.crypto.model import com.squareup.moshi.JsonClass import org.matrix.android.sdk.api.session.events.model.content.WithHeldCode diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/model/IncomingRoomKeyRequest.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/model/IncomingRoomKeyRequest.kt index c5d8f5f285..ed8fa91408 100755 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/model/IncomingRoomKeyRequest.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/model/IncomingRoomKeyRequest.kt @@ -16,10 +16,6 @@ package org.matrix.android.sdk.api.session.crypto.model -import org.matrix.android.sdk.internal.crypto.model.AuditTrail -import org.matrix.android.sdk.internal.crypto.model.IncomingKeyRequestInfo -import org.matrix.android.sdk.internal.crypto.model.TrailType - /** * IncomingRoomKeyRequest class defines the incoming room keys request. */ diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/DefaultCryptoService.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/DefaultCryptoService.kt index 0b7b8036e3..d969da12b3 100755 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/DefaultCryptoService.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/DefaultCryptoService.kt @@ -42,12 +42,14 @@ import org.matrix.android.sdk.api.logger.LoggerTag import org.matrix.android.sdk.api.session.crypto.CryptoService import org.matrix.android.sdk.api.session.crypto.MXCryptoError import org.matrix.android.sdk.api.session.crypto.NewSessionListener +import org.matrix.android.sdk.api.session.crypto.OutgoingKeyRequest import org.matrix.android.sdk.api.session.crypto.crosssigning.DeviceTrustLevel import org.matrix.android.sdk.api.session.crypto.crosssigning.KEYBACKUP_SECRET_SSSS_NAME import org.matrix.android.sdk.api.session.crypto.crosssigning.MASTER_KEY_SSSS_NAME import org.matrix.android.sdk.api.session.crypto.crosssigning.SELF_SIGNING_KEY_SSSS_NAME import org.matrix.android.sdk.api.session.crypto.crosssigning.USER_SIGNING_KEY_SSSS_NAME import org.matrix.android.sdk.api.session.crypto.keyshare.GossipingRequestListener +import org.matrix.android.sdk.api.session.crypto.model.AuditTrail import org.matrix.android.sdk.api.session.crypto.model.CryptoDeviceInfo import org.matrix.android.sdk.api.session.crypto.model.DeviceInfo import org.matrix.android.sdk.api.session.crypto.model.DevicesListResponse @@ -58,6 +60,7 @@ import org.matrix.android.sdk.api.session.crypto.model.MXEncryptEventContentResu import org.matrix.android.sdk.api.session.crypto.model.MXEventDecryptionResult import org.matrix.android.sdk.api.session.crypto.model.MXUsersDevicesMap import org.matrix.android.sdk.api.session.crypto.model.RoomKeyShareRequest +import org.matrix.android.sdk.api.session.crypto.model.TrailType import org.matrix.android.sdk.api.session.events.model.Content import org.matrix.android.sdk.api.session.events.model.Event import org.matrix.android.sdk.api.session.events.model.EventType @@ -77,9 +80,7 @@ import org.matrix.android.sdk.internal.crypto.algorithms.megolm.MXMegolmEncrypti import org.matrix.android.sdk.internal.crypto.algorithms.olm.MXOlmEncryptionFactory import org.matrix.android.sdk.internal.crypto.crosssigning.DefaultCrossSigningService import org.matrix.android.sdk.internal.crypto.keysbackup.DefaultKeysBackupService -import org.matrix.android.sdk.internal.crypto.model.AuditTrail import org.matrix.android.sdk.internal.crypto.model.MXKey.Companion.KEY_SIGNED_CURVE_25519_TYPE -import org.matrix.android.sdk.internal.crypto.model.TrailType import org.matrix.android.sdk.internal.crypto.model.toRest import org.matrix.android.sdk.internal.crypto.repository.WarnOnUnknownDeviceRepository import org.matrix.android.sdk.internal.crypto.store.IMXCryptoStore diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingGossipingRequest.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingGossipingRequest.kt index 7f41b50e38..16e520c668 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingGossipingRequest.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingGossipingRequest.kt @@ -16,6 +16,8 @@ package org.matrix.android.sdk.internal.crypto +import org.matrix.android.sdk.api.session.crypto.OutgoingRoomKeyRequestState + interface OutgoingGossipingRequest { var recipients: Map> var requestId: String diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingKeyRequestManager.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingKeyRequestManager.kt index 47465ceaa5..037c8020d5 100755 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingKeyRequestManager.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingKeyRequestManager.kt @@ -28,6 +28,8 @@ import org.matrix.android.sdk.api.crypto.MXCRYPTO_ALGORITHM_MEGOLM import org.matrix.android.sdk.api.crypto.MXCryptoConfig import org.matrix.android.sdk.api.extensions.tryOrNull import org.matrix.android.sdk.api.logger.LoggerTag +import org.matrix.android.sdk.api.session.crypto.OutgoingKeyRequest +import org.matrix.android.sdk.api.session.crypto.OutgoingRoomKeyRequestState import org.matrix.android.sdk.api.session.crypto.model.GossipingToDeviceObject import org.matrix.android.sdk.api.session.crypto.model.MXUsersDevicesMap import org.matrix.android.sdk.api.session.crypto.model.RoomKeyRequestBody @@ -229,7 +231,8 @@ internal class OutgoingKeyRequestManager @Inject constructor( } cryptoStore.getUserDeviceList(event.senderId ?: "") .also { devices -> - Timber.tag(loggerTag.value).v("Withheld Devices for ${event.senderId} are ${devices.orEmpty().joinToString { it.identityKey() ?: "" }}") + Timber.tag(loggerTag.value) + .v("Withheld Devices for ${event.senderId} are ${devices.orEmpty().joinToString { it.identityKey() ?: "" }}") } ?.firstOrNull { it.identityKey() == senderKey diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingSecretRequest.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingSecretRequest.kt index 20add23666..fae7a2f1c4 100755 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingSecretRequest.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingSecretRequest.kt @@ -17,6 +17,7 @@ package org.matrix.android.sdk.internal.crypto import com.squareup.moshi.JsonClass +import org.matrix.android.sdk.api.session.crypto.OutgoingRoomKeyRequestState /** * Represents an outgoing room key request diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/actions/MegolmSessionDataImporter.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/actions/MegolmSessionDataImporter.kt index 7b4df00282..26333cf3ee 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/actions/MegolmSessionDataImporter.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/actions/MegolmSessionDataImporter.kt @@ -19,8 +19,8 @@ package org.matrix.android.sdk.internal.crypto.actions import androidx.annotation.WorkerThread import org.matrix.android.sdk.api.extensions.tryOrNull import org.matrix.android.sdk.api.listeners.ProgressListener -import org.matrix.android.sdk.api.session.crypto.model.ImportRoomKeysResult import org.matrix.android.sdk.api.logger.LoggerTag +import org.matrix.android.sdk.api.session.crypto.model.ImportRoomKeysResult import org.matrix.android.sdk.internal.crypto.MXOlmDevice import org.matrix.android.sdk.internal.crypto.MegolmSessionData import org.matrix.android.sdk.internal.crypto.OutgoingKeyRequestManager diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/algorithms/megolm/MXMegolmDecryption.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/algorithms/megolm/MXMegolmDecryption.kt index 17c15d9d3c..37fb8ba0f9 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/algorithms/megolm/MXMegolmDecryption.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/algorithms/megolm/MXMegolmDecryption.kt @@ -28,9 +28,9 @@ import org.matrix.android.sdk.api.session.events.model.content.EncryptedEventCon import org.matrix.android.sdk.api.session.events.model.content.RoomKeyContent import org.matrix.android.sdk.api.session.events.model.toModel import org.matrix.android.sdk.internal.crypto.MXOlmDevice +import org.matrix.android.sdk.internal.crypto.OutgoingKeyRequestManager import org.matrix.android.sdk.internal.crypto.algorithms.IMXDecrypting import org.matrix.android.sdk.internal.crypto.keysbackup.DefaultKeysBackupService -import org.matrix.android.sdk.internal.crypto.OutgoingKeyRequestManager import org.matrix.android.sdk.internal.crypto.store.IMXCryptoStore import org.matrix.android.sdk.internal.session.StreamEventsManager import timber.log.Timber diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/IMXCryptoStore.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/IMXCryptoStore.kt index 438fb53717..d720777ae1 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/IMXCryptoStore.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/IMXCryptoStore.kt @@ -19,25 +19,25 @@ package org.matrix.android.sdk.internal.crypto.store import androidx.lifecycle.LiveData import androidx.paging.PagedList import org.matrix.android.sdk.api.session.crypto.NewSessionListener +import org.matrix.android.sdk.api.session.crypto.OutgoingKeyRequest +import org.matrix.android.sdk.api.session.crypto.OutgoingRoomKeyRequestState import org.matrix.android.sdk.api.session.crypto.crosssigning.CryptoCrossSigningKey import org.matrix.android.sdk.api.session.crypto.crosssigning.MXCrossSigningInfo import org.matrix.android.sdk.api.session.crypto.crosssigning.PrivateKeysInfo import org.matrix.android.sdk.api.session.crypto.keysbackup.SavedKeyBackupKeyInfo +import org.matrix.android.sdk.api.session.crypto.model.AuditTrail import org.matrix.android.sdk.api.session.crypto.model.CryptoDeviceInfo import org.matrix.android.sdk.api.session.crypto.model.DeviceInfo import org.matrix.android.sdk.api.session.crypto.model.MXUsersDevicesMap import org.matrix.android.sdk.api.session.crypto.model.RoomKeyRequestBody +import org.matrix.android.sdk.api.session.crypto.model.TrailType import org.matrix.android.sdk.api.session.events.model.Event import org.matrix.android.sdk.api.session.events.model.content.RoomKeyWithHeldContent import org.matrix.android.sdk.api.session.events.model.content.WithHeldCode import org.matrix.android.sdk.api.util.Optional -import org.matrix.android.sdk.internal.crypto.OutgoingKeyRequest -import org.matrix.android.sdk.internal.crypto.OutgoingRoomKeyRequestState -import org.matrix.android.sdk.internal.crypto.model.AuditTrail import org.matrix.android.sdk.internal.crypto.model.OlmInboundGroupSessionWrapper2 import org.matrix.android.sdk.internal.crypto.model.OlmSessionWrapper import org.matrix.android.sdk.internal.crypto.model.OutboundGroupSessionWrapper -import org.matrix.android.sdk.internal.crypto.model.TrailType import org.matrix.android.sdk.internal.crypto.store.db.model.KeysBackupDataEntity import org.matrix.olm.OlmAccount import org.matrix.olm.OlmOutboundGroupSession diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/RealmCryptoStore.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/RealmCryptoStore.kt index 0b43be8551..2db3dba50d 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/RealmCryptoStore.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/RealmCryptoStore.kt @@ -30,29 +30,29 @@ import org.matrix.android.sdk.api.crypto.MXCRYPTO_ALGORITHM_MEGOLM import org.matrix.android.sdk.api.extensions.tryOrNull import org.matrix.android.sdk.api.logger.LoggerTag import org.matrix.android.sdk.api.session.crypto.NewSessionListener +import org.matrix.android.sdk.api.session.crypto.OutgoingKeyRequest +import org.matrix.android.sdk.api.session.crypto.OutgoingRoomKeyRequestState import org.matrix.android.sdk.api.session.crypto.crosssigning.CryptoCrossSigningKey import org.matrix.android.sdk.api.session.crypto.crosssigning.MXCrossSigningInfo import org.matrix.android.sdk.api.session.crypto.crosssigning.PrivateKeysInfo import org.matrix.android.sdk.api.session.crypto.keysbackup.SavedKeyBackupKeyInfo +import org.matrix.android.sdk.api.session.crypto.model.AuditTrail import org.matrix.android.sdk.api.session.crypto.model.CryptoDeviceInfo import org.matrix.android.sdk.api.session.crypto.model.DeviceInfo +import org.matrix.android.sdk.api.session.crypto.model.ForwardInfo +import org.matrix.android.sdk.api.session.crypto.model.IncomingKeyRequestInfo import org.matrix.android.sdk.api.session.crypto.model.MXUsersDevicesMap import org.matrix.android.sdk.api.session.crypto.model.RoomKeyRequestBody +import org.matrix.android.sdk.api.session.crypto.model.TrailType +import org.matrix.android.sdk.api.session.crypto.model.WithheldInfo import org.matrix.android.sdk.api.session.events.model.Event import org.matrix.android.sdk.api.session.events.model.content.RoomKeyWithHeldContent import org.matrix.android.sdk.api.session.events.model.content.WithHeldCode import org.matrix.android.sdk.api.util.Optional import org.matrix.android.sdk.api.util.toOptional -import org.matrix.android.sdk.internal.crypto.OutgoingKeyRequest -import org.matrix.android.sdk.internal.crypto.OutgoingRoomKeyRequestState -import org.matrix.android.sdk.internal.crypto.model.AuditTrail -import org.matrix.android.sdk.internal.crypto.model.ForwardInfo -import org.matrix.android.sdk.internal.crypto.model.IncomingKeyRequestInfo import org.matrix.android.sdk.internal.crypto.model.OlmInboundGroupSessionWrapper2 import org.matrix.android.sdk.internal.crypto.model.OlmSessionWrapper import org.matrix.android.sdk.internal.crypto.model.OutboundGroupSessionWrapper -import org.matrix.android.sdk.internal.crypto.model.TrailType -import org.matrix.android.sdk.internal.crypto.model.WithheldInfo import org.matrix.android.sdk.internal.crypto.store.IMXCryptoStore import org.matrix.android.sdk.internal.crypto.store.db.mapper.CrossSigningKeysMapper import org.matrix.android.sdk.internal.crypto.store.db.model.AuditTrailEntity @@ -275,7 +275,7 @@ internal class RealmCryptoStore @Inject constructor( realm.where() .contains(DeviceInfoEntityFields.KEYS_MAP_JSON, identityKey) .findAll() - .mapNotNull { CryptoMapper.mapToModel(it) } + .mapNotNull { CryptoMapper.mapToModel(it) } .firstOrNull { it.identityKey() == identityKey } @@ -741,7 +741,7 @@ internal class RealmCryptoStore @Inject constructor( if (sessionIdentifier != null) { val key = OlmInboundGroupSessionEntity.createPrimaryKey(sessionIdentifier, session.senderKey) - val existing = realm.where() + val existing = realm.where() .equalTo(OlmInboundGroupSessionEntityFields.PRIMARY_KEY, key) .findFirst() @@ -894,7 +894,7 @@ internal class RealmCryptoStore @Inject constructor( sessionIdentifier, olmInboundGroupSessionWrapper.senderKey) - val existing = realm.where() + val existing = realm.where() .equalTo(OlmInboundGroupSessionEntityFields.PRIMARY_KEY, key) .findFirst() diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/AuditTrailMapper.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/AuditTrailMapper.kt index a89c5599ef..465837bc81 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/AuditTrailMapper.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/AuditTrailMapper.kt @@ -17,12 +17,12 @@ package org.matrix.android.sdk.internal.crypto.store.db.model import org.matrix.android.sdk.api.extensions.tryOrNull -import org.matrix.android.sdk.internal.crypto.model.AuditInfo -import org.matrix.android.sdk.internal.crypto.model.AuditTrail -import org.matrix.android.sdk.internal.crypto.model.ForwardInfo -import org.matrix.android.sdk.internal.crypto.model.IncomingKeyRequestInfo -import org.matrix.android.sdk.internal.crypto.model.TrailType -import org.matrix.android.sdk.internal.crypto.model.WithheldInfo +import org.matrix.android.sdk.api.session.crypto.model.AuditInfo +import org.matrix.android.sdk.api.session.crypto.model.AuditTrail +import org.matrix.android.sdk.api.session.crypto.model.ForwardInfo +import org.matrix.android.sdk.api.session.crypto.model.IncomingKeyRequestInfo +import org.matrix.android.sdk.api.session.crypto.model.TrailType +import org.matrix.android.sdk.api.session.crypto.model.WithheldInfo import org.matrix.android.sdk.internal.di.MoshiProvider internal object AuditTrailMapper { @@ -30,7 +30,7 @@ internal object AuditTrailMapper { fun map(entity: AuditTrailEntity): AuditTrail? { val contentJson = entity.contentJson ?: return null return when (entity.type) { - TrailType.OutgoingKeyForward.name -> { + TrailType.OutgoingKeyForward.name -> { val info = tryOrNull { MoshiProvider.providesMoshi().adapter(ForwardInfo::class.java).fromJson(contentJson) } ?: return null @@ -40,7 +40,7 @@ internal object AuditTrailMapper { info = info ) } - TrailType.OutgoingKeyWithheld.name -> { + TrailType.OutgoingKeyWithheld.name -> { val info = tryOrNull { MoshiProvider.providesMoshi().adapter(WithheldInfo::class.java).fromJson(contentJson) } ?: return null diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/OutgoingKeyRequestEntity.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/OutgoingKeyRequestEntity.kt index ee8785ea6b..11c2514845 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/OutgoingKeyRequestEntity.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/OutgoingKeyRequestEntity.kt @@ -22,15 +22,15 @@ import io.realm.RealmList import io.realm.RealmObject import io.realm.annotations.Index import org.matrix.android.sdk.api.extensions.tryOrNull +import org.matrix.android.sdk.api.session.crypto.OutgoingKeyRequest +import org.matrix.android.sdk.api.session.crypto.OutgoingRoomKeyRequestState +import org.matrix.android.sdk.api.session.crypto.RequestReply +import org.matrix.android.sdk.api.session.crypto.RequestResult import org.matrix.android.sdk.api.session.crypto.model.RoomKeyRequestBody import org.matrix.android.sdk.api.session.events.model.Event import org.matrix.android.sdk.api.session.events.model.EventType import org.matrix.android.sdk.api.session.events.model.content.RoomKeyWithHeldContent import org.matrix.android.sdk.api.session.events.model.toModel -import org.matrix.android.sdk.internal.crypto.OutgoingKeyRequest -import org.matrix.android.sdk.internal.crypto.OutgoingRoomKeyRequestState -import org.matrix.android.sdk.internal.crypto.RequestReply -import org.matrix.android.sdk.internal.crypto.RequestResult import org.matrix.android.sdk.internal.di.MoshiProvider internal open class OutgoingKeyRequestEntity( diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/tasks/EncryptEventTask.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/tasks/EncryptEventTask.kt index ba64f0c0a5..394c618968 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/tasks/EncryptEventTask.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/tasks/EncryptEventTask.kt @@ -15,8 +15,8 @@ */ package org.matrix.android.sdk.internal.crypto.tasks -import org.matrix.android.sdk.api.crypto.MXCRYPTO_ALGORITHM_MEGOLM import dagger.Lazy +import org.matrix.android.sdk.api.crypto.MXCRYPTO_ALGORITHM_MEGOLM import org.matrix.android.sdk.api.session.crypto.CryptoService import org.matrix.android.sdk.api.session.crypto.model.MXEncryptEventContentResult import org.matrix.android.sdk.api.session.crypto.model.MXEventDecryptionResult diff --git a/vector/src/main/java/im/vector/app/features/crypto/verification/VerificationBottomSheetViewModel.kt b/vector/src/main/java/im/vector/app/features/crypto/verification/VerificationBottomSheetViewModel.kt index db94bb61ea..1e14d0a2ed 100644 --- a/vector/src/main/java/im/vector/app/features/crypto/verification/VerificationBottomSheetViewModel.kt +++ b/vector/src/main/java/im/vector/app/features/crypto/verification/VerificationBottomSheetViewModel.kt @@ -57,7 +57,6 @@ import org.matrix.android.sdk.api.util.MatrixItem import org.matrix.android.sdk.api.util.awaitCallback import org.matrix.android.sdk.api.util.fromBase64 import org.matrix.android.sdk.api.util.toMatrixItem - import timber.log.Timber data class VerificationBottomSheetViewState( diff --git a/vector/src/main/java/im/vector/app/features/settings/devtools/GossipingEventsPaperTrailFragment.kt b/vector/src/main/java/im/vector/app/features/settings/devtools/GossipingEventsPaperTrailFragment.kt index f99b450cdd..ec4ef26001 100644 --- a/vector/src/main/java/im/vector/app/features/settings/devtools/GossipingEventsPaperTrailFragment.kt +++ b/vector/src/main/java/im/vector/app/features/settings/devtools/GossipingEventsPaperTrailFragment.kt @@ -28,7 +28,7 @@ import im.vector.app.core.extensions.configureWith import im.vector.app.core.platform.VectorBaseFragment import im.vector.app.core.resources.ColorProvider import im.vector.app.databinding.FragmentGenericRecyclerBinding -import org.matrix.android.sdk.internal.crypto.model.AuditTrail +import org.matrix.android.sdk.api.session.crypto.model.AuditTrail import javax.inject.Inject class GossipingEventsPaperTrailFragment @Inject constructor( diff --git a/vector/src/main/java/im/vector/app/features/settings/devtools/GossipingEventsPaperTrailViewModel.kt b/vector/src/main/java/im/vector/app/features/settings/devtools/GossipingEventsPaperTrailViewModel.kt index feec469f80..e7f09b09e0 100644 --- a/vector/src/main/java/im/vector/app/features/settings/devtools/GossipingEventsPaperTrailViewModel.kt +++ b/vector/src/main/java/im/vector/app/features/settings/devtools/GossipingEventsPaperTrailViewModel.kt @@ -32,7 +32,7 @@ import im.vector.app.core.platform.EmptyAction import im.vector.app.core.platform.EmptyViewEvents import im.vector.app.core.platform.VectorViewModel import org.matrix.android.sdk.api.session.Session -import org.matrix.android.sdk.internal.crypto.model.AuditTrail +import org.matrix.android.sdk.api.session.crypto.model.AuditTrail data class GossipingEventsPaperTrailState( val events: Async> = Uninitialized diff --git a/vector/src/main/java/im/vector/app/features/settings/devtools/GossipingEventsSerializer.kt b/vector/src/main/java/im/vector/app/features/settings/devtools/GossipingEventsSerializer.kt index 05fc3a570d..b8d82699e6 100644 --- a/vector/src/main/java/im/vector/app/features/settings/devtools/GossipingEventsSerializer.kt +++ b/vector/src/main/java/im/vector/app/features/settings/devtools/GossipingEventsSerializer.kt @@ -17,10 +17,10 @@ package im.vector.app.features.settings.devtools import im.vector.app.core.resources.DateProvider -import org.matrix.android.sdk.internal.crypto.model.AuditTrail -import org.matrix.android.sdk.internal.crypto.model.ForwardInfo -import org.matrix.android.sdk.internal.crypto.model.TrailType -import org.matrix.android.sdk.internal.crypto.model.WithheldInfo +import org.matrix.android.sdk.api.session.crypto.model.AuditTrail +import org.matrix.android.sdk.api.session.crypto.model.ForwardInfo +import org.matrix.android.sdk.api.session.crypto.model.TrailType +import org.matrix.android.sdk.api.session.crypto.model.WithheldInfo import org.threeten.bp.format.DateTimeFormatter class GossipingEventsSerializer { diff --git a/vector/src/main/java/im/vector/app/features/settings/devtools/GossipingTrailPagedEpoxyController.kt b/vector/src/main/java/im/vector/app/features/settings/devtools/GossipingTrailPagedEpoxyController.kt index 1377cad1b8..b6e7a3c88b 100644 --- a/vector/src/main/java/im/vector/app/features/settings/devtools/GossipingTrailPagedEpoxyController.kt +++ b/vector/src/main/java/im/vector/app/features/settings/devtools/GossipingTrailPagedEpoxyController.kt @@ -25,12 +25,10 @@ import im.vector.app.core.ui.list.GenericItem_ import im.vector.app.core.utils.createUIHandler import im.vector.lib.core.utils.epoxy.charsequence.toEpoxyCharSequence import me.gujun.android.span.span - -import org.matrix.android.sdk.internal.crypto.model.AuditTrail -import org.matrix.android.sdk.internal.crypto.model.ForwardInfo -import org.matrix.android.sdk.internal.crypto.model.TrailType -import org.matrix.android.sdk.internal.crypto.model.WithheldInfo - +import org.matrix.android.sdk.api.session.crypto.model.AuditTrail +import org.matrix.android.sdk.api.session.crypto.model.ForwardInfo +import org.matrix.android.sdk.api.session.crypto.model.TrailType +import org.matrix.android.sdk.api.session.crypto.model.WithheldInfo import javax.inject.Inject class GossipingTrailPagedEpoxyController @Inject constructor( diff --git a/vector/src/main/java/im/vector/app/features/settings/devtools/KeyRequestListViewModel.kt b/vector/src/main/java/im/vector/app/features/settings/devtools/KeyRequestListViewModel.kt index ef2aabd7fe..e0a130a1e6 100644 --- a/vector/src/main/java/im/vector/app/features/settings/devtools/KeyRequestListViewModel.kt +++ b/vector/src/main/java/im/vector/app/features/settings/devtools/KeyRequestListViewModel.kt @@ -32,8 +32,8 @@ import im.vector.app.core.platform.EmptyViewEvents import im.vector.app.core.platform.VectorViewModel import kotlinx.coroutines.launch import org.matrix.android.sdk.api.session.Session +import org.matrix.android.sdk.api.session.crypto.OutgoingKeyRequest import org.matrix.android.sdk.api.session.crypto.model.IncomingRoomKeyRequest -import org.matrix.android.sdk.internal.crypto.OutgoingKeyRequest data class KeyRequestListViewState( val incomingRequests: Async> = Uninitialized, diff --git a/vector/src/main/java/im/vector/app/features/settings/devtools/OutgoingKeyRequestPagedController.kt b/vector/src/main/java/im/vector/app/features/settings/devtools/OutgoingKeyRequestPagedController.kt index e3b31227b6..13ba4a69ac 100644 --- a/vector/src/main/java/im/vector/app/features/settings/devtools/OutgoingKeyRequestPagedController.kt +++ b/vector/src/main/java/im/vector/app/features/settings/devtools/OutgoingKeyRequestPagedController.kt @@ -22,7 +22,7 @@ import im.vector.app.core.ui.list.GenericItem_ import im.vector.app.core.utils.createUIHandler import im.vector.lib.core.utils.epoxy.charsequence.toEpoxyCharSequence import me.gujun.android.span.span -import org.matrix.android.sdk.internal.crypto.OutgoingKeyRequest +import org.matrix.android.sdk.api.session.crypto.OutgoingKeyRequest import javax.inject.Inject class OutgoingKeyRequestPagedController @Inject constructor() : PagedListEpoxyController( From effbc47bd3bab613e848b2d169183f6e9a064768 Mon Sep 17 00:00:00 2001 From: Valere Date: Wed, 20 Apr 2022 15:44:00 +0200 Subject: [PATCH 019/433] FIx unit test compilation --- .../sdk/internal/crypto/E2eeSanityTests.kt | 1 + .../crypto/gossiping/KeyShareTests.kt | 17 +- .../crypto/gossiping/WithHeldTests.kt | 2 +- .../api/session/crypto/model/AuditTrail.kt | 152 +++++++++--------- 4 files changed, 89 insertions(+), 83 deletions(-) diff --git a/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/E2eeSanityTests.kt b/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/E2eeSanityTests.kt index f82741b8f2..6fdcf53478 100644 --- a/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/E2eeSanityTests.kt +++ b/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/E2eeSanityTests.kt @@ -30,6 +30,7 @@ import org.junit.runners.MethodSorters import org.matrix.android.sdk.InstrumentedTest import org.matrix.android.sdk.api.session.Session import org.matrix.android.sdk.api.session.crypto.MXCryptoError +import org.matrix.android.sdk.api.session.crypto.RequestResult import org.matrix.android.sdk.api.session.crypto.keysbackup.KeysVersion import org.matrix.android.sdk.api.session.crypto.keysbackup.KeysVersionResult import org.matrix.android.sdk.api.session.crypto.keysbackup.MegolmBackupCreationInfo diff --git a/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/gossiping/KeyShareTests.kt b/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/gossiping/KeyShareTests.kt index 14970dd258..bc286a75be 100644 --- a/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/gossiping/KeyShareTests.kt +++ b/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/gossiping/KeyShareTests.kt @@ -31,6 +31,7 @@ import org.junit.runner.RunWith import org.junit.runners.MethodSorters import org.matrix.android.sdk.InstrumentedTest import org.matrix.android.sdk.api.session.crypto.OutgoingRoomKeyRequestState +import org.matrix.android.sdk.api.session.crypto.RequestResult import org.matrix.android.sdk.api.session.crypto.crosssigning.DeviceTrustLevel import org.matrix.android.sdk.api.session.events.model.content.EncryptedEventContent import org.matrix.android.sdk.api.session.events.model.content.WithHeldCode @@ -43,7 +44,6 @@ import org.matrix.android.sdk.common.CommonTestHelper import org.matrix.android.sdk.common.CryptoTestHelper import org.matrix.android.sdk.common.SessionTestParams import org.matrix.android.sdk.common.TestConstants -import org.matrix.android.sdk.internal.crypto.RequestResult @RunWith(AndroidJUnit4::class) @FixMethodOrder(MethodSorters.JVM) @@ -172,8 +172,10 @@ class KeyShareTests : InstrumentedTest { } // Mark the device as trusted - aliceSession.cryptoService().setDeviceVerification(DeviceTrustLevel(crossSigningVerified = false, locallyVerified = true), aliceSession.myUserId, - aliceSession2.sessionParams.deviceId ?: "") + aliceSession.cryptoService().setDeviceVerification( + DeviceTrustLevel(crossSigningVerified = false, locallyVerified = true), aliceSession.myUserId, + aliceSession2.sessionParams.deviceId ?: "" + ) // Re request aliceSession2.cryptoService().reRequestRoomKeyForEvent(receivedEvent.root) @@ -252,7 +254,8 @@ class KeyShareTests : InstrumentedTest { commonTestHelper.waitWithLatch { latch -> commonTestHelper.retryPeriodicallyWithLatch(latch) { val outgoing = aliceNewSession.cryptoService().getOutgoingRoomKeyRequests().firstOrNull { it.sessionId == sentEventMegolmSession } - val ownDeviceReply = outgoing?.results?.firstOrNull { it.userId == aliceSession.myUserId && it.fromDevice == aliceSession.sessionParams.deviceId } + val ownDeviceReply = + outgoing?.results?.firstOrNull { it.userId == aliceSession.myUserId && it.fromDevice == aliceSession.sessionParams.deviceId } ownDeviceReply != null && ownDeviceReply.result is RequestResult.Success } } @@ -350,7 +353,8 @@ class KeyShareTests : InstrumentedTest { Log.v("TEST", "=========================") } val outgoing = aliceNewSession.cryptoService().getOutgoingRoomKeyRequests().firstOrNull { it.sessionId == sentEventMegolmSession } - val ownDeviceReply = outgoing?.results?.firstOrNull { it.userId == aliceSession.myUserId && it.fromDevice == aliceSession.sessionParams.deviceId } + val ownDeviceReply = + outgoing?.results?.firstOrNull { it.userId == aliceSession.myUserId && it.fromDevice == aliceSession.sessionParams.deviceId } val result = ownDeviceReply?.result result != null && result is RequestResult.Success && result.chainIndex == 0 } @@ -455,7 +459,8 @@ class KeyShareTests : InstrumentedTest { commonTestHelper.waitWithLatch { latch -> commonTestHelper.retryPeriodicallyWithLatch(latch) { val outgoing = aliceNewSession.cryptoService().getOutgoingRoomKeyRequests().firstOrNull { it.sessionId == sentEventMegolmSession } - val ownDeviceReply = outgoing?.results?.firstOrNull { it.userId == aliceSession.myUserId && it.fromDevice == aliceSession.sessionParams.deviceId } + val ownDeviceReply = + outgoing?.results?.firstOrNull { it.userId == aliceSession.myUserId && it.fromDevice == aliceSession.sessionParams.deviceId } val result = ownDeviceReply?.result result != null && result is RequestResult.Success && result.chainIndex == 0 } diff --git a/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/gossiping/WithHeldTests.kt b/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/gossiping/WithHeldTests.kt index fc26f132a1..63c856d0f1 100644 --- a/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/gossiping/WithHeldTests.kt +++ b/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/gossiping/WithHeldTests.kt @@ -28,6 +28,7 @@ import org.matrix.android.sdk.InstrumentedTest import org.matrix.android.sdk.api.NoOpMatrixCallback import org.matrix.android.sdk.api.extensions.tryOrNull import org.matrix.android.sdk.api.session.crypto.MXCryptoError +import org.matrix.android.sdk.api.session.crypto.RequestResult import org.matrix.android.sdk.api.session.events.model.EventType import org.matrix.android.sdk.api.session.events.model.content.EncryptedEventContent import org.matrix.android.sdk.api.session.events.model.content.WithHeldCode @@ -38,7 +39,6 @@ import org.matrix.android.sdk.common.CryptoTestHelper import org.matrix.android.sdk.common.MockOkHttpInterceptor import org.matrix.android.sdk.common.SessionTestParams import org.matrix.android.sdk.common.TestConstants -import org.matrix.android.sdk.internal.crypto.RequestResult @RunWith(AndroidJUnit4::class) @FixMethodOrder(MethodSorters.JVM) diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/model/AuditTrail.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/model/AuditTrail.kt index 6100c19118..c479ee8146 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/model/AuditTrail.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/model/AuditTrail.kt @@ -1,76 +1,76 @@ -/* - * Copyright 2022 The Matrix.org Foundation C.I.C. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.matrix.android.sdk.api.session.crypto.model - -import com.squareup.moshi.JsonClass -import org.matrix.android.sdk.api.session.events.model.content.WithHeldCode - -enum class TrailType { - OutgoingKeyForward, - IncomingKeyForward, - OutgoingKeyWithheld, - IncomingKeyRequest, - Unknown -} - -interface AuditInfo { - val roomId: String - val sessionId: String - val senderKey: String - val alg: String - val userId: String - val deviceId: String -} - -@JsonClass(generateAdapter = true) -data class ForwardInfo( - override val roomId: String, - override val sessionId: String, - override val senderKey: String, - override val alg: String, - override val userId: String, - override val deviceId: String, - val chainIndex: Long? -) : AuditInfo - -@JsonClass(generateAdapter = true) -data class WithheldInfo( - override val roomId: String, - override val sessionId: String, - override val senderKey: String, - override val alg: String, - val code: WithHeldCode, - override val userId: String, - override val deviceId: String -) : AuditInfo - -@JsonClass(generateAdapter = true) -data class IncomingKeyRequestInfo( - override val roomId: String, - override val sessionId: String, - override val senderKey: String, - override val alg: String, - override val userId: String, - override val deviceId: String, - val requestId: String -) : AuditInfo - -data class AuditTrail( - val ageLocalTs: Long, - val type: TrailType, - val info: AuditInfo -) +/* + * Copyright 2022 The Matrix.org Foundation C.I.C. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.matrix.android.sdk.api.session.crypto.model + +import com.squareup.moshi.JsonClass +import org.matrix.android.sdk.api.session.events.model.content.WithHeldCode + +enum class TrailType { + OutgoingKeyForward, + IncomingKeyForward, + OutgoingKeyWithheld, + IncomingKeyRequest, + Unknown +} + +interface AuditInfo { + val roomId: String + val sessionId: String + val senderKey: String + val alg: String + val userId: String + val deviceId: String +} + +@JsonClass(generateAdapter = true) +data class ForwardInfo( + override val roomId: String, + override val sessionId: String, + override val senderKey: String, + override val alg: String, + override val userId: String, + override val deviceId: String, + val chainIndex: Long? +) : AuditInfo + +@JsonClass(generateAdapter = true) +data class WithheldInfo( + override val roomId: String, + override val sessionId: String, + override val senderKey: String, + override val alg: String, + val code: WithHeldCode, + override val userId: String, + override val deviceId: String +) : AuditInfo + +@JsonClass(generateAdapter = true) +data class IncomingKeyRequestInfo( + override val roomId: String, + override val sessionId: String, + override val senderKey: String, + override val alg: String, + override val userId: String, + override val deviceId: String, + val requestId: String +) : AuditInfo + +data class AuditTrail( + val ageLocalTs: Long, + val type: TrailType, + val info: AuditInfo +) From 885f836adb1f8e88e78a5926726fa69b6dd01812 Mon Sep 17 00:00:00 2001 From: Valere Date: Wed, 20 Apr 2022 18:06:24 +0200 Subject: [PATCH 020/433] Cleaning, review --- .../internal/crypto/DefaultCryptoService.kt | 2668 ++++++++--------- .../sdk/internal/crypto/MXOlmDevice.kt | 1844 ++++++------ .../crypto/OutgoingKeyRequestManager.kt | 1039 ++++--- .../sdk/internal/crypto/SecretShareManager.kt | 592 ++-- .../model/OutgoingGossipingRequestEntity.kt | 62 +- .../VerificationTransportRoomMessage.kt | 631 ++-- 6 files changed, 3416 insertions(+), 3420 deletions(-) diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/DefaultCryptoService.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/DefaultCryptoService.kt index d969da12b3..f89927f9c2 100755 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/DefaultCryptoService.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/DefaultCryptoService.kt @@ -1,1334 +1,1334 @@ -/* - * Copyright 2020 The Matrix.org Foundation C.I.C. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.matrix.android.sdk.internal.crypto - -import android.content.Context -import androidx.annotation.VisibleForTesting -import androidx.lifecycle.LiveData -import androidx.paging.PagedList -import com.squareup.moshi.Types -import dagger.Lazy -import kotlinx.coroutines.CancellationException -import kotlinx.coroutines.CoroutineScope -import kotlinx.coroutines.cancelChildren -import kotlinx.coroutines.launch -import kotlinx.coroutines.runBlocking -import kotlinx.coroutines.withContext -import org.matrix.android.sdk.api.MatrixCallback -import org.matrix.android.sdk.api.MatrixCoroutineDispatchers -import org.matrix.android.sdk.api.NoOpMatrixCallback -import org.matrix.android.sdk.api.auth.UserInteractiveAuthInterceptor -import org.matrix.android.sdk.api.crypto.MXCRYPTO_ALGORITHM_MEGOLM -import org.matrix.android.sdk.api.crypto.MXCRYPTO_ALGORITHM_OLM -import org.matrix.android.sdk.api.crypto.MXCryptoConfig -import org.matrix.android.sdk.api.extensions.tryOrNull -import org.matrix.android.sdk.api.failure.Failure -import org.matrix.android.sdk.api.listeners.ProgressListener -import org.matrix.android.sdk.api.logger.LoggerTag -import org.matrix.android.sdk.api.session.crypto.CryptoService -import org.matrix.android.sdk.api.session.crypto.MXCryptoError -import org.matrix.android.sdk.api.session.crypto.NewSessionListener -import org.matrix.android.sdk.api.session.crypto.OutgoingKeyRequest -import org.matrix.android.sdk.api.session.crypto.crosssigning.DeviceTrustLevel -import org.matrix.android.sdk.api.session.crypto.crosssigning.KEYBACKUP_SECRET_SSSS_NAME -import org.matrix.android.sdk.api.session.crypto.crosssigning.MASTER_KEY_SSSS_NAME -import org.matrix.android.sdk.api.session.crypto.crosssigning.SELF_SIGNING_KEY_SSSS_NAME -import org.matrix.android.sdk.api.session.crypto.crosssigning.USER_SIGNING_KEY_SSSS_NAME -import org.matrix.android.sdk.api.session.crypto.keyshare.GossipingRequestListener -import org.matrix.android.sdk.api.session.crypto.model.AuditTrail -import org.matrix.android.sdk.api.session.crypto.model.CryptoDeviceInfo -import org.matrix.android.sdk.api.session.crypto.model.DeviceInfo -import org.matrix.android.sdk.api.session.crypto.model.DevicesListResponse -import org.matrix.android.sdk.api.session.crypto.model.ImportRoomKeysResult -import org.matrix.android.sdk.api.session.crypto.model.IncomingRoomKeyRequest -import org.matrix.android.sdk.api.session.crypto.model.MXDeviceInfo -import org.matrix.android.sdk.api.session.crypto.model.MXEncryptEventContentResult -import org.matrix.android.sdk.api.session.crypto.model.MXEventDecryptionResult -import org.matrix.android.sdk.api.session.crypto.model.MXUsersDevicesMap -import org.matrix.android.sdk.api.session.crypto.model.RoomKeyShareRequest -import org.matrix.android.sdk.api.session.crypto.model.TrailType -import org.matrix.android.sdk.api.session.events.model.Content -import org.matrix.android.sdk.api.session.events.model.Event -import org.matrix.android.sdk.api.session.events.model.EventType -import org.matrix.android.sdk.api.session.events.model.content.RoomKeyContent -import org.matrix.android.sdk.api.session.events.model.content.RoomKeyWithHeldContent -import org.matrix.android.sdk.api.session.events.model.toModel -import org.matrix.android.sdk.api.session.room.model.Membership -import org.matrix.android.sdk.api.session.room.model.RoomHistoryVisibility -import org.matrix.android.sdk.api.session.room.model.RoomHistoryVisibilityContent -import org.matrix.android.sdk.api.session.room.model.RoomMemberContent -import org.matrix.android.sdk.api.session.sync.model.SyncResponse -import org.matrix.android.sdk.internal.crypto.actions.MegolmSessionDataImporter -import org.matrix.android.sdk.internal.crypto.actions.SetDeviceVerificationAction -import org.matrix.android.sdk.internal.crypto.algorithms.IMXEncrypting -import org.matrix.android.sdk.internal.crypto.algorithms.IMXGroupEncryption -import org.matrix.android.sdk.internal.crypto.algorithms.megolm.MXMegolmEncryptionFactory -import org.matrix.android.sdk.internal.crypto.algorithms.olm.MXOlmEncryptionFactory -import org.matrix.android.sdk.internal.crypto.crosssigning.DefaultCrossSigningService -import org.matrix.android.sdk.internal.crypto.keysbackup.DefaultKeysBackupService -import org.matrix.android.sdk.internal.crypto.model.MXKey.Companion.KEY_SIGNED_CURVE_25519_TYPE -import org.matrix.android.sdk.internal.crypto.model.toRest -import org.matrix.android.sdk.internal.crypto.repository.WarnOnUnknownDeviceRepository -import org.matrix.android.sdk.internal.crypto.store.IMXCryptoStore -import org.matrix.android.sdk.internal.crypto.tasks.DeleteDeviceTask -import org.matrix.android.sdk.internal.crypto.tasks.GetDeviceInfoTask -import org.matrix.android.sdk.internal.crypto.tasks.GetDevicesTask -import org.matrix.android.sdk.internal.crypto.tasks.SetDeviceNameTask -import org.matrix.android.sdk.internal.crypto.tasks.UploadKeysTask -import org.matrix.android.sdk.internal.crypto.verification.DefaultVerificationService -import org.matrix.android.sdk.internal.crypto.verification.VerificationMessageProcessor -import org.matrix.android.sdk.internal.di.DeviceId -import org.matrix.android.sdk.internal.di.MoshiProvider -import org.matrix.android.sdk.internal.di.UserId -import org.matrix.android.sdk.internal.extensions.foldToCallback -import org.matrix.android.sdk.internal.session.SessionScope -import org.matrix.android.sdk.internal.session.StreamEventsManager -import org.matrix.android.sdk.internal.session.room.membership.LoadRoomMembersTask -import org.matrix.android.sdk.internal.task.TaskExecutor -import org.matrix.android.sdk.internal.task.TaskThread -import org.matrix.android.sdk.internal.task.configureWith -import org.matrix.android.sdk.internal.task.launchToCallback -import org.matrix.android.sdk.internal.util.JsonCanonicalizer -import org.matrix.olm.OlmManager -import timber.log.Timber -import java.util.concurrent.atomic.AtomicBoolean -import javax.inject.Inject -import kotlin.math.max - -/** - * A `CryptoService` class instance manages the end-to-end crypto for a session. - * - * - * Messages posted by the user are automatically redirected to CryptoService in order to be encrypted - * before sending. - * In the other hand, received events goes through CryptoService for decrypting. - * CryptoService maintains all necessary keys and their sharing with other devices required for the crypto. - * Specially, it tracks all room membership changes events in order to do keys updates. - */ - -private val loggerTag = LoggerTag("DefaultCryptoService", LoggerTag.CRYPTO) - -@SessionScope -internal class DefaultCryptoService @Inject constructor( - // Olm Manager - private val olmManager: OlmManager, - @UserId - private val userId: String, - @DeviceId - private val deviceId: String?, - private val myDeviceInfoHolder: Lazy, - // the crypto store - private val cryptoStore: IMXCryptoStore, - // Room encryptors store - private val roomEncryptorsStore: RoomEncryptorsStore, - // Olm device - private val olmDevice: MXOlmDevice, - // Set of parameters used to configure/customize the end-to-end crypto. - private val mxCryptoConfig: MXCryptoConfig, - // Device list manager - private val deviceListManager: DeviceListManager, - // The key backup service. - private val keysBackupService: DefaultKeysBackupService, - // - private val objectSigner: ObjectSigner, - // - private val oneTimeKeysUploader: OneTimeKeysUploader, - // - private val roomDecryptorProvider: RoomDecryptorProvider, - // The verification service. - private val verificationService: DefaultVerificationService, - - private val crossSigningService: DefaultCrossSigningService, - // - private val incomingKeyRequestManager: IncomingKeyRequestManager, - private val secretShareManager: SecretShareManager, - // - private val outgoingKeyRequestManager: OutgoingKeyRequestManager, - // Actions - private val setDeviceVerificationAction: SetDeviceVerificationAction, - private val megolmSessionDataImporter: MegolmSessionDataImporter, - private val warnOnUnknownDevicesRepository: WarnOnUnknownDeviceRepository, - // Repository - private val megolmEncryptionFactory: MXMegolmEncryptionFactory, - private val olmEncryptionFactory: MXOlmEncryptionFactory, - // Tasks - private val deleteDeviceTask: DeleteDeviceTask, - private val getDevicesTask: GetDevicesTask, - private val getDeviceInfoTask: GetDeviceInfoTask, - private val setDeviceNameTask: SetDeviceNameTask, - private val uploadKeysTask: UploadKeysTask, - private val loadRoomMembersTask: LoadRoomMembersTask, - private val cryptoSessionInfoProvider: CryptoSessionInfoProvider, - private val coroutineDispatchers: MatrixCoroutineDispatchers, - private val taskExecutor: TaskExecutor, - private val cryptoCoroutineScope: CoroutineScope, - private val eventDecryptor: EventDecryptor, - private val verificationMessageProcessor: VerificationMessageProcessor, - private val liveEventManager: Lazy -) : CryptoService { - - private val isStarting = AtomicBoolean(false) - private val isStarted = AtomicBoolean(false) - - fun onStateEvent(roomId: String, event: Event) { - when (event.type) { - EventType.STATE_ROOM_ENCRYPTION -> onRoomEncryptionEvent(roomId, event) - EventType.STATE_ROOM_MEMBER -> onRoomMembershipEvent(roomId, event) - EventType.STATE_ROOM_HISTORY_VISIBILITY -> onRoomHistoryVisibilityEvent(roomId, event) - } - } - - fun onLiveEvent(roomId: String, event: Event, isInitialSync: Boolean) { - // handle state events - if (event.isStateEvent()) { - when (event.type) { - EventType.STATE_ROOM_ENCRYPTION -> onRoomEncryptionEvent(roomId, event) - EventType.STATE_ROOM_MEMBER -> onRoomMembershipEvent(roomId, event) - EventType.STATE_ROOM_HISTORY_VISIBILITY -> onRoomHistoryVisibilityEvent(roomId, event) - } - } - - // handle verification - if (!isInitialSync) { - if (event.type != null && verificationMessageProcessor.shouldProcess(event.type)) { - cryptoCoroutineScope.launch(coroutineDispatchers.dmVerif) { - verificationMessageProcessor.process(event) - } - } - } - } - -// val gossipingBuffer = mutableListOf() - - override fun setDeviceName(deviceId: String, deviceName: String, callback: MatrixCallback) { - setDeviceNameTask - .configureWith(SetDeviceNameTask.Params(deviceId, deviceName)) { - this.executionThread = TaskThread.CRYPTO - this.callback = object : MatrixCallback { - override fun onSuccess(data: Unit) { - // bg refresh of crypto device - downloadKeys(listOf(userId), true, NoOpMatrixCallback()) - callback.onSuccess(data) - } - - override fun onFailure(failure: Throwable) { - callback.onFailure(failure) - } - } - } - .executeBy(taskExecutor) - } - - override fun deleteDevice(deviceId: String, userInteractiveAuthInterceptor: UserInteractiveAuthInterceptor, callback: MatrixCallback) { - deleteDeviceTask - .configureWith(DeleteDeviceTask.Params(deviceId, userInteractiveAuthInterceptor, null)) { - this.executionThread = TaskThread.CRYPTO - this.callback = callback - } - .executeBy(taskExecutor) - } - - override fun getCryptoVersion(context: Context, longFormat: Boolean): String { - return if (longFormat) olmManager.getDetailedVersion(context) else olmManager.version - } - - override fun getMyDevice(): CryptoDeviceInfo { - return myDeviceInfoHolder.get().myDevice - } - - override fun fetchDevicesList(callback: MatrixCallback) { - getDevicesTask - .configureWith { - // this.executionThread = TaskThread.CRYPTO - this.callback = object : MatrixCallback { - override fun onFailure(failure: Throwable) { - callback.onFailure(failure) - } - - override fun onSuccess(data: DevicesListResponse) { - // Save in local DB - cryptoStore.saveMyDevicesInfo(data.devices.orEmpty()) - callback.onSuccess(data) - } - } - } - .executeBy(taskExecutor) - } - - override fun getLiveMyDevicesInfo(): LiveData> { - return cryptoStore.getLiveMyDevicesInfo() - } - - override fun getMyDevicesInfo(): List { - return cryptoStore.getMyDevicesInfo() - } - - override fun getDeviceInfo(deviceId: String, callback: MatrixCallback) { - getDeviceInfoTask - .configureWith(GetDeviceInfoTask.Params(deviceId)) { - this.executionThread = TaskThread.CRYPTO - this.callback = callback - } - .executeBy(taskExecutor) - } - - override fun inboundGroupSessionsCount(onlyBackedUp: Boolean): Int { - return cryptoStore.inboundGroupSessionsCount(onlyBackedUp) - } - - /** - * Provides the tracking status - * - * @param userId the user id - * @return the tracking status - */ - override fun getDeviceTrackingStatus(userId: String): Int { - return cryptoStore.getDeviceTrackingStatus(userId, DeviceListManager.TRACKING_STATUS_NOT_TRACKED) - } - - /** - * Tell if the MXCrypto is started - * - * @return true if the crypto is started - */ - fun isStarted(): Boolean { - return isStarted.get() - } - - /** - * Tells if the MXCrypto is starting. - * - * @return true if the crypto is starting - */ - fun isStarting(): Boolean { - return isStarting.get() - } - - /** - * Start the crypto module. - * Device keys will be uploaded, then one time keys if there are not enough on the homeserver - * and, then, if this is the first time, this new device will be announced to all other users - * devices. - * - */ - fun start() { - cryptoCoroutineScope.launch(coroutineDispatchers.crypto) { - internalStart() - } - // Just update - fetchDevicesList(NoOpMatrixCallback()) - - cryptoCoroutineScope.launch(coroutineDispatchers.crypto) { - cryptoStore.tidyUpDataBase() - } - } - - fun ensureDevice() { - cryptoCoroutineScope.launchToCallback(coroutineDispatchers.crypto, NoOpMatrixCallback()) { - // Open the store - cryptoStore.open() - - if (!cryptoStore.areDeviceKeysUploaded()) { - // Schedule upload of OTK - oneTimeKeysUploader.updateOneTimeKeyCount(0) - } - - // this can throw if no network - tryOrNull { - uploadDeviceKeys() - } - - oneTimeKeysUploader.maybeUploadOneTimeKeys() - // this can throw if no backup - tryOrNull { - keysBackupService.checkAndStartKeysBackup() - } - } - } - - fun onSyncWillProcess(isInitialSync: Boolean) { - cryptoCoroutineScope.launch(coroutineDispatchers.crypto) { - if (isInitialSync) { - try { - // On initial sync, we start all our tracking from - // scratch, so mark everything as untracked. onCryptoEvent will - // be called for all e2e rooms during the processing of the sync, - // at which point we'll start tracking all the users of that room. - deviceListManager.invalidateAllDeviceLists() - // always track my devices? - deviceListManager.startTrackingDeviceList(listOf(userId)) - deviceListManager.refreshOutdatedDeviceLists() - } catch (failure: Throwable) { - Timber.tag(loggerTag.value).e(failure, "onSyncWillProcess ") - } - } - } - } - - private fun internalStart() { - if (isStarted.get() || isStarting.get()) { - return - } - isStarting.set(true) - - // Open the store - cryptoStore.open() - - isStarting.set(false) - isStarted.set(true) - } - - /** - * Close the crypto - */ - fun close() = runBlocking(coroutineDispatchers.crypto) { - cryptoCoroutineScope.coroutineContext.cancelChildren(CancellationException("Closing crypto module")) - incomingKeyRequestManager.close() - outgoingKeyRequestManager.close() - olmDevice.release() - cryptoStore.close() - } - - // Always enabled on Matrix Android SDK2 - override fun isCryptoEnabled() = true - - /** - * @return the Keys backup Service - */ - override fun keysBackupService() = keysBackupService - - /** - * @return the VerificationService - */ - override fun verificationService() = verificationService - - override fun crossSigningService() = crossSigningService - - /** - * A sync response has been received - * - * @param syncResponse the syncResponse - */ - fun onSyncCompleted(syncResponse: SyncResponse) { - cryptoCoroutineScope.launch(coroutineDispatchers.crypto) { - runCatching { - if (syncResponse.deviceLists != null) { - deviceListManager.handleDeviceListsChanges(syncResponse.deviceLists.changed, syncResponse.deviceLists.left) - } - if (syncResponse.deviceOneTimeKeysCount != null) { - val currentCount = syncResponse.deviceOneTimeKeysCount.signedCurve25519 ?: 0 - oneTimeKeysUploader.updateOneTimeKeyCount(currentCount) - } - - // unwedge if needed - try { - eventDecryptor.unwedgeDevicesIfNeeded() - } catch (failure: Throwable) { - Timber.tag(loggerTag.value).w("unwedgeDevicesIfNeeded failed") - } - - // There is a limit of to_device events returned per sync. - // If we are in a case of such limited to_device sync we can't try to generate/upload - // new otk now, because there might be some pending olm pre-key to_device messages that would fail if we rotate - // the old otk too early. In this case we want to wait for the pending to_device before doing anything - // As per spec: - // If there is a large queue of send-to-device messages, the server should limit the number sent in each /sync response. - // 100 messages is recommended as a reasonable limit. - // The limit is not part of the spec, so it's probably safer to handle that when there are no more to_device ( so we are sure - // that there are no pending to_device - val toDevices = syncResponse.toDevice?.events.orEmpty() - if (isStarted() && toDevices.isEmpty()) { - // Make sure we process to-device messages before generating new one-time-keys #2782 - deviceListManager.refreshOutdatedDeviceLists() - // The presence of device_unused_fallback_key_types indicates that the server supports fallback keys. - // If there's no unused signed_curve25519 fallback key we need a new one. - if (syncResponse.deviceUnusedFallbackKeyTypes != null && - // Generate a fallback key only if the server does not already have an unused fallback key. - !syncResponse.deviceUnusedFallbackKeyTypes.contains(KEY_SIGNED_CURVE_25519_TYPE)) { - oneTimeKeysUploader.needsNewFallback() - } - - oneTimeKeysUploader.maybeUploadOneTimeKeys() - } - - // Process pending key requests - try { - if (toDevices.isEmpty()) { - // this is not blocking - outgoingKeyRequestManager.requireProcessAllPendingKeyRequests() - } else { - Timber.tag(loggerTag.value) - .w("Don't process key requests yet as their might be more to_device to catchup") - } - } catch (failure: Throwable) { - // just for safety but should not throw - Timber.tag(loggerTag.value).w("failed to process pending request") - } - - try { - incomingKeyRequestManager.processIncomingRequests() - } catch (failure: Throwable) { - // just for safety but should not throw - Timber.tag(loggerTag.value).w("failed to process incoming room key requests") - } - } - } - } - - /** - * Find a device by curve25519 identity key - * - * @param senderKey the curve25519 key to match. - * @param algorithm the encryption algorithm. - * @return the device info, or null if not found / unsupported algorithm / crypto released - */ - override fun deviceWithIdentityKey(senderKey: String, algorithm: String): CryptoDeviceInfo? { - return if (algorithm != MXCRYPTO_ALGORITHM_MEGOLM && algorithm != MXCRYPTO_ALGORITHM_OLM) { - // We only deal in olm keys - null - } else cryptoStore.deviceWithIdentityKey(senderKey) - } - - /** - * Provides the device information for a user id and a device Id - * - * @param userId the user id - * @param deviceId the device id - */ - override fun getDeviceInfo(userId: String, deviceId: String?): CryptoDeviceInfo? { - return if (userId.isNotEmpty() && !deviceId.isNullOrEmpty()) { - cryptoStore.getUserDevice(userId, deviceId) - } else { - null - } - } - - override fun getCryptoDeviceInfo(userId: String): List { - return cryptoStore.getUserDeviceList(userId).orEmpty() - } - - override fun getLiveCryptoDeviceInfo(): LiveData> { - return cryptoStore.getLiveDeviceList() - } - - override fun getLiveCryptoDeviceInfo(userId: String): LiveData> { - return cryptoStore.getLiveDeviceList(userId) - } - - override fun getLiveCryptoDeviceInfo(userIds: List): LiveData> { - return cryptoStore.getLiveDeviceList(userIds) - } - - /** - * Set the devices as known - * - * @param devices the devices. Note that the verified member of the devices in this list will not be updated by this method. - * @param callback the asynchronous callback - */ - override fun setDevicesKnown(devices: List, callback: MatrixCallback?) { - // build a devices map - val devicesIdListByUserId = devices.groupBy({ it.userId }, { it.deviceId }) - - for ((userId, deviceIds) in devicesIdListByUserId) { - val storedDeviceIDs = cryptoStore.getUserDevices(userId) - - // sanity checks - if (null != storedDeviceIDs) { - var isUpdated = false - - deviceIds.forEach { deviceId -> - val device = storedDeviceIDs[deviceId] - - // assume if the device is either verified or blocked - // it means that the device is known - if (device?.isUnknown == true) { - device.trustLevel = DeviceTrustLevel(crossSigningVerified = false, locallyVerified = false) - isUpdated = true - } - } - - if (isUpdated) { - cryptoStore.storeUserDevices(userId, storedDeviceIDs) - } - } - } - - callback?.onSuccess(Unit) - } - - /** - * Update the blocked/verified state of the given device. - * - * @param trustLevel the new trust level - * @param userId the owner of the device - * @param deviceId the unique identifier for the device. - */ - override fun setDeviceVerification(trustLevel: DeviceTrustLevel, userId: String, deviceId: String) { - setDeviceVerificationAction.handle(trustLevel, userId, deviceId) - } - - /** - * Configure a room to use encryption. - * - * @param roomId the room id to enable encryption in. - * @param algorithm the encryption config for the room. - * @param inhibitDeviceQuery true to suppress device list query for users in the room (for now) - * @param membersId list of members to start tracking their devices - * @return true if the operation succeeds. - */ - private suspend fun setEncryptionInRoom(roomId: String, - algorithm: String?, - inhibitDeviceQuery: Boolean, - membersId: List): Boolean { - // If we already have encryption in this room, we should ignore this event - // (for now at least. Maybe we should alert the user somehow?) - val existingAlgorithm = cryptoStore.getRoomAlgorithm(roomId) - - if (existingAlgorithm == algorithm) { - // ignore - Timber.tag(loggerTag.value).e("setEncryptionInRoom() : Ignoring m.room.encryption for same alg ($algorithm) in $roomId") - return false - } - - val encryptingClass = MXCryptoAlgorithms.hasEncryptorClassForAlgorithm(algorithm) - - // Always store even if not supported - cryptoStore.storeRoomAlgorithm(roomId, algorithm) - - if (!encryptingClass) { - Timber.tag(loggerTag.value).e("setEncryptionInRoom() : Unable to encrypt room $roomId with $algorithm") - return false - } - - val alg: IMXEncrypting? = when (algorithm) { - MXCRYPTO_ALGORITHM_MEGOLM -> megolmEncryptionFactory.create(roomId) - MXCRYPTO_ALGORITHM_OLM -> olmEncryptionFactory.create(roomId) - else -> null - } - - if (alg != null) { - roomEncryptorsStore.put(roomId, alg) - } - - // if encryption was not previously enabled in this room, we will have been - // ignoring new device events for these users so far. We may well have - // up-to-date lists for some users, for instance if we were sharing other - // e2e rooms with them, so there is room for optimisation here, but for now - // we just invalidate everyone in the room. - if (null == existingAlgorithm) { - Timber.tag(loggerTag.value).d("Enabling encryption in $roomId for the first time; invalidating device lists for all users therein") - - val userIds = ArrayList(membersId) - - deviceListManager.startTrackingDeviceList(userIds) - - if (!inhibitDeviceQuery) { - deviceListManager.refreshOutdatedDeviceLists() - } - } - - return true - } - - /** - * Tells if a room is encrypted with MXCRYPTO_ALGORITHM_MEGOLM - * - * @param roomId the room id - * @return true if the room is encrypted with algorithm MXCRYPTO_ALGORITHM_MEGOLM - */ - override fun isRoomEncrypted(roomId: String): Boolean { - return cryptoSessionInfoProvider.isRoomEncrypted(roomId) - } - - /** - * @return the stored device keys for a user. - */ - override fun getUserDevices(userId: String): MutableList { - return cryptoStore.getUserDevices(userId)?.values?.toMutableList() ?: ArrayList() - } - - private fun isEncryptionEnabledForInvitedUser(): Boolean { - return mxCryptoConfig.enableEncryptionForInvitedMembers - } - - override fun getEncryptionAlgorithm(roomId: String): String? { - return cryptoStore.getRoomAlgorithm(roomId) - } - - /** - * Determine whether we should encrypt messages for invited users in this room. - *

- * Check here whether the invited members are allowed to read messages in the room history - * from the point they were invited onwards. - * - * @return true if we should encrypt messages for invited users. - */ - override fun shouldEncryptForInvitedMembers(roomId: String): Boolean { - return cryptoStore.shouldEncryptForInvitedMembers(roomId) - } - - /** - * Encrypt an event content according to the configuration of the room. - * - * @param eventContent the content of the event. - * @param eventType the type of the event. - * @param roomId the room identifier the event will be sent. - * @param callback the asynchronous callback - */ - override fun encryptEventContent(eventContent: Content, - eventType: String, - roomId: String, - callback: MatrixCallback) { - // moved to crypto scope to have uptodate values - cryptoCoroutineScope.launch(coroutineDispatchers.crypto) { - val userIds = getRoomUserIds(roomId) - var alg = roomEncryptorsStore.get(roomId) - if (alg == null) { - val algorithm = getEncryptionAlgorithm(roomId) - if (algorithm != null) { - if (setEncryptionInRoom(roomId, algorithm, false, userIds)) { - alg = roomEncryptorsStore.get(roomId) - } - } - } - val safeAlgorithm = alg - if (safeAlgorithm != null) { - val t0 = System.currentTimeMillis() - Timber.tag(loggerTag.value).v("encryptEventContent() starts") - runCatching { - val content = safeAlgorithm.encryptEventContent(eventContent, eventType, userIds) - Timber.tag(loggerTag.value).v("## CRYPTO | encryptEventContent() : succeeds after ${System.currentTimeMillis() - t0} ms") - MXEncryptEventContentResult(content, EventType.ENCRYPTED) - }.foldToCallback(callback) - } else { - val algorithm = getEncryptionAlgorithm(roomId) - val reason = String.format(MXCryptoError.UNABLE_TO_ENCRYPT_REASON, - algorithm ?: MXCryptoError.NO_MORE_ALGORITHM_REASON) - Timber.tag(loggerTag.value).e("encryptEventContent() : failed $reason") - callback.onFailure(Failure.CryptoError(MXCryptoError.Base(MXCryptoError.ErrorType.UNABLE_TO_ENCRYPT, reason))) - } - } - } - - override fun discardOutboundSession(roomId: String) { - cryptoCoroutineScope.launch(coroutineDispatchers.crypto) { - val roomEncryptor = roomEncryptorsStore.get(roomId) - if (roomEncryptor is IMXGroupEncryption) { - roomEncryptor.discardSessionKey() - } else { - Timber.tag(loggerTag.value).e("discardOutboundSession() for:$roomId: Unable to handle IMXGroupEncryption") - } - } - } - - /** - * Decrypt an event - * - * @param event the raw event. - * @param timeline the id of the timeline where the event is decrypted. It is used to prevent replay attack. - * @return the MXEventDecryptionResult data, or throw in case of error - */ - @Throws(MXCryptoError::class) - override suspend fun decryptEvent(event: Event, timeline: String): MXEventDecryptionResult { - return internalDecryptEvent(event, timeline) - } - - /** - * Decrypt an event asynchronously - * - * @param event the raw event. - * @param timeline the id of the timeline where the event is decrypted. It is used to prevent replay attack. - * @param callback the callback to return data or null - */ - override fun decryptEventAsync(event: Event, timeline: String, callback: MatrixCallback) { - eventDecryptor.decryptEventAsync(event, timeline, callback) - } - - /** - * Decrypt an event - * - * @param event the raw event. - * @param timeline the id of the timeline where the event is decrypted. It is used to prevent replay attack. - * @return the MXEventDecryptionResult data, or null in case of error - */ - @Throws(MXCryptoError::class) - private suspend fun internalDecryptEvent(event: Event, timeline: String): MXEventDecryptionResult { - return eventDecryptor.decryptEvent(event, timeline) - } - - /** - * Reset replay attack data for the given timeline. - * - * @param timelineId the timeline id - */ - fun resetReplayAttackCheckInTimeline(timelineId: String) { - olmDevice.resetReplayAttackCheckInTimeline(timelineId) - } - - /** - * Handle the 'toDevice' event - * - * @param event the event - */ - fun onToDeviceEvent(event: Event) { - // event have already been decrypted - cryptoCoroutineScope.launch(coroutineDispatchers.crypto) { - when (event.getClearType()) { - EventType.ROOM_KEY, EventType.FORWARDED_ROOM_KEY -> { - // Keys are imported directly, not waiting for end of sync - onRoomKeyEvent(event) - } - EventType.REQUEST_SECRET -> { - secretShareManager.handleSecretRequest(event) - } - EventType.ROOM_KEY_REQUEST -> { - event.getClearContent().toModel()?.let { req -> - event.senderId?.let { incomingKeyRequestManager.addNewIncomingRequest(it, req) } - } - } - EventType.SEND_SECRET -> { - onSecretSendReceived(event) - } - EventType.ROOM_KEY_WITHHELD -> { - onKeyWithHeldReceived(event) - } - else -> { - // ignore - } - } - } - liveEventManager.get().dispatchOnLiveToDevice(event) - } - - /** - * Handle a key event. - * - * @param event the key event. - */ - private fun onRoomKeyEvent(event: Event) { - val roomKeyContent = event.getClearContent().toModel() ?: return - Timber.tag(loggerTag.value).i("onRoomKeyEvent() from: ${event.senderId} type<${event.getClearType()}> , sessionId<${roomKeyContent.sessionId}>") - if (roomKeyContent.roomId.isNullOrEmpty() || roomKeyContent.algorithm.isNullOrEmpty()) { - Timber.tag(loggerTag.value).e("onRoomKeyEvent() : missing fields") - return - } - val alg = roomDecryptorProvider.getOrCreateRoomDecryptor(roomKeyContent.roomId, roomKeyContent.algorithm) - if (alg == null) { - Timber.tag(loggerTag.value).e("GOSSIP onRoomKeyEvent() : Unable to handle keys for ${roomKeyContent.algorithm}") - return - } - alg.onRoomKeyEvent(event, keysBackupService) - } - - private fun onKeyWithHeldReceived(event: Event) { - val withHeldContent = event.getClearContent().toModel() ?: return Unit.also { - Timber.tag(loggerTag.value).i("Malformed onKeyWithHeldReceived() : missing fields") - } - val senderId = event.senderId ?: return Unit.also { - Timber.tag(loggerTag.value).i("Malformed onKeyWithHeldReceived() : missing fields") - } - withHeldContent.sessionId ?: return - withHeldContent.algorithm ?: return - withHeldContent.roomId ?: return - withHeldContent.senderKey ?: return - outgoingKeyRequestManager.onRoomKeyWithHeld( - sessionId = withHeldContent.sessionId, - algorithm = withHeldContent.algorithm, - roomId = withHeldContent.roomId, - senderKey = withHeldContent.senderKey, - fromDevice = withHeldContent.fromDevice, - event = Event( - type = EventType.ROOM_KEY_WITHHELD, - senderId = senderId, - content = event.getClearContent() - ) - ) - } - - private suspend fun onSecretSendReceived(event: Event) { - secretShareManager.onSecretSendReceived(event) { secretName, secretValue -> - handleSDKLevelGossip(secretName, secretValue) - } - } - - /** - * Returns true if handled by SDK, otherwise should be sent to application layer - */ - private fun handleSDKLevelGossip(secretName: String?, - secretValue: String): Boolean { - return when (secretName) { - MASTER_KEY_SSSS_NAME -> { - crossSigningService.onSecretMSKGossip(secretValue) - true - } - SELF_SIGNING_KEY_SSSS_NAME -> { - crossSigningService.onSecretSSKGossip(secretValue) - true - } - USER_SIGNING_KEY_SSSS_NAME -> { - crossSigningService.onSecretUSKGossip(secretValue) - true - } - KEYBACKUP_SECRET_SSSS_NAME -> { - keysBackupService.onSecretKeyGossip(secretValue) - true - } - else -> false - } - } - - /** - * Handle an m.room.encryption event. - * - * @param event the encryption event. - */ - private fun onRoomEncryptionEvent(roomId: String, event: Event) { - if (!event.isStateEvent()) { - // Ignore - Timber.tag(loggerTag.value).w("Invalid encryption event") - return - } - cryptoCoroutineScope.launch(coroutineDispatchers.crypto) { - val userIds = getRoomUserIds(roomId) - setEncryptionInRoom(roomId, event.content?.get("algorithm")?.toString(), true, userIds) - } - } - - private fun getRoomUserIds(roomId: String): List { - val encryptForInvitedMembers = isEncryptionEnabledForInvitedUser() && - shouldEncryptForInvitedMembers(roomId) - return cryptoSessionInfoProvider.getRoomUserIds(roomId, encryptForInvitedMembers) - } - - /** - * Handle a change in the membership state of a member of a room. - * - * @param event the membership event causing the change - */ - private fun onRoomMembershipEvent(roomId: String, event: Event) { - roomEncryptorsStore.get(roomId) ?: /* No encrypting in this room */ return - - event.stateKey?.let { userId -> - val roomMember: RoomMemberContent? = event.content.toModel() - val membership = roomMember?.membership - if (membership == Membership.JOIN) { - // make sure we are tracking the deviceList for this user. - deviceListManager.startTrackingDeviceList(listOf(userId)) - } else if (membership == Membership.INVITE && - shouldEncryptForInvitedMembers(roomId) && - isEncryptionEnabledForInvitedUser()) { - // track the deviceList for this invited user. - // Caution: there's a big edge case here in that federated servers do not - // know what other servers are in the room at the time they've been invited. - // They therefore will not send device updates if a user logs in whilst - // their state is invite. - deviceListManager.startTrackingDeviceList(listOf(userId)) - } - } - } - - private fun onRoomHistoryVisibilityEvent(roomId: String, event: Event) { - if (!event.isStateEvent()) return - val eventContent = event.content.toModel() - eventContent?.historyVisibility?.let { - cryptoStore.setShouldEncryptForInvitedMembers(roomId, it != RoomHistoryVisibility.JOINED) - } - } - - /** - * Upload my user's device keys. - */ - private suspend fun uploadDeviceKeys() { - if (cryptoStore.areDeviceKeysUploaded()) { - Timber.tag(loggerTag.value).d("Keys already uploaded, nothing to do") - return - } - // Prepare the device keys data to send - // Sign it - val canonicalJson = JsonCanonicalizer.getCanonicalJson(Map::class.java, getMyDevice().signalableJSONDictionary()) - var rest = getMyDevice().toRest() - - rest = rest.copy( - signatures = objectSigner.signObject(canonicalJson) - ) - - val uploadDeviceKeysParams = UploadKeysTask.Params(rest, null, null) - uploadKeysTask.execute(uploadDeviceKeysParams) - - cryptoStore.setDeviceKeysUploaded(true) - } - - /** - * Export the crypto keys - * - * @param password the password - * @return the exported keys - */ - override suspend fun exportRoomKeys(password: String): ByteArray { - return exportRoomKeys(password, MXMegolmExportEncryption.DEFAULT_ITERATION_COUNT) - } - - /** - * Export the crypto keys - * - * @param password the password - * @param anIterationCount the encryption iteration count (0 means no encryption) - */ - private suspend fun exportRoomKeys(password: String, anIterationCount: Int): ByteArray { - return withContext(coroutineDispatchers.crypto) { - val iterationCount = max(0, anIterationCount) - - val exportedSessions = cryptoStore.getInboundGroupSessions().mapNotNull { it.exportKeys() } - - val adapter = MoshiProvider.providesMoshi() - .adapter(List::class.java) - - MXMegolmExportEncryption.encryptMegolmKeyFile(adapter.toJson(exportedSessions), password, iterationCount) - } - } - - /** - * Import the room keys - * - * @param roomKeysAsArray the room keys as array. - * @param password the password - * @param progressListener the progress listener - * @return the result ImportRoomKeysResult - */ - override suspend fun importRoomKeys(roomKeysAsArray: ByteArray, - password: String, - progressListener: ProgressListener?): ImportRoomKeysResult { - return withContext(coroutineDispatchers.crypto) { - Timber.tag(loggerTag.value).v("importRoomKeys starts") - - val t0 = System.currentTimeMillis() - val roomKeys = MXMegolmExportEncryption.decryptMegolmKeyFile(roomKeysAsArray, password) - val t1 = System.currentTimeMillis() - - Timber.tag(loggerTag.value).v("importRoomKeys : decryptMegolmKeyFile done in ${t1 - t0} ms") - - val importedSessions = MoshiProvider.providesMoshi() - .adapter>(Types.newParameterizedType(List::class.java, MegolmSessionData::class.java)) - .fromJson(roomKeys) - - val t2 = System.currentTimeMillis() - - Timber.tag(loggerTag.value).v("importRoomKeys : JSON parsing ${t2 - t1} ms") - - if (importedSessions == null) { - throw Exception("Error") - } - - megolmSessionDataImporter.handle( - megolmSessionsData = importedSessions, - fromBackup = false, - progressListener = progressListener - ) - } - } - - /** - * Update the warn status when some unknown devices are detected. - * - * @param warn true to warn when some unknown devices are detected. - */ - override fun setWarnOnUnknownDevices(warn: Boolean) { - warnOnUnknownDevicesRepository.setWarnOnUnknownDevices(warn) - } - - /** - * Check if the user ids list have some unknown devices. - * A success means there is no unknown devices. - * If there are some unknown devices, a MXCryptoError.UnknownDevice exception is triggered. - * - * @param userIds the user ids list - * @param callback the asynchronous callback. - */ - fun checkUnknownDevices(userIds: List, callback: MatrixCallback) { - // force the refresh to ensure that the devices list is up-to-date - cryptoCoroutineScope.launch(coroutineDispatchers.crypto) { - runCatching { - val keys = deviceListManager.downloadKeys(userIds, true) - val unknownDevices = getUnknownDevices(keys) - if (unknownDevices.map.isNotEmpty()) { - // trigger an an unknown devices exception - throw Failure.CryptoError(MXCryptoError.UnknownDevice(unknownDevices)) - } - }.foldToCallback(callback) - } - } - - /** - * Set the global override for whether the client should ever send encrypted - * messages to unverified devices. - * If false, it can still be overridden per-room. - * If true, it overrides the per-room settings. - * - * @param block true to unilaterally blacklist all - */ - override fun setGlobalBlacklistUnverifiedDevices(block: Boolean) { - cryptoStore.setGlobalBlacklistUnverifiedDevices(block) - } - - override fun enableKeyGossiping(enable: Boolean) { - cryptoStore.enableKeyGossiping(enable) - } - - override fun isKeyGossipingEnabled() = cryptoStore.isKeyGossipingEnabled() - - /** - * Tells whether the client should ever send encrypted messages to unverified devices. - * The default value is false. - * This function must be called in the getEncryptingThreadHandler() thread. - * - * @return true to unilaterally blacklist all unverified devices. - */ - override fun getGlobalBlacklistUnverifiedDevices(): Boolean { - return cryptoStore.getGlobalBlacklistUnverifiedDevices() - } - - /** - * Tells whether the client should encrypt messages only for the verified devices - * in this room. - * The default value is false. - * - * @param roomId the room id - * @return true if the client should encrypt messages only for the verified devices. - */ -// TODO add this info in CryptoRoomEntity? - override fun isRoomBlacklistUnverifiedDevices(roomId: String?): Boolean { - return roomId?.let { cryptoStore.getRoomsListBlacklistUnverifiedDevices().contains(it) } - ?: false - } - - /** - * Manages the room black-listing for unverified devices. - * - * @param roomId the room id - * @param add true to add the room id to the list, false to remove it. - */ - private fun setRoomBlacklistUnverifiedDevices(roomId: String, add: Boolean) { - val roomIds = cryptoStore.getRoomsListBlacklistUnverifiedDevices().toMutableList() - - if (add) { - if (roomId !in roomIds) { - roomIds.add(roomId) - } - } else { - roomIds.remove(roomId) - } - - cryptoStore.setRoomsListBlacklistUnverifiedDevices(roomIds) - } - - /** - * Add this room to the ones which don't encrypt messages to unverified devices. - * - * @param roomId the room id - */ - override fun setRoomBlacklistUnverifiedDevices(roomId: String) { - setRoomBlacklistUnverifiedDevices(roomId, true) - } - - /** - * Remove this room to the ones which don't encrypt messages to unverified devices. - * - * @param roomId the room id - */ - override fun setRoomUnBlacklistUnverifiedDevices(roomId: String) { - setRoomBlacklistUnverifiedDevices(roomId, false) - } - - /** - * Re request the encryption keys required to decrypt an event. - * - * @param event the event to decrypt again. - */ - override fun reRequestRoomKeyForEvent(event: Event) { - outgoingKeyRequestManager.requestKeyForEvent(event, true) - } - - override fun requestRoomKeyForEvent(event: Event) { - outgoingKeyRequestManager.requestKeyForEvent(event, false) - } - - /** - * Add a GossipingRequestListener listener. - * - * @param listener listener - */ - override fun addRoomKeysRequestListener(listener: GossipingRequestListener) { - incomingKeyRequestManager.addRoomKeysRequestListener(listener) - secretShareManager.addListener(listener) - } - - /** - * Add a GossipingRequestListener listener. - * - * @param listener listener - */ - override fun removeRoomKeysRequestListener(listener: GossipingRequestListener) { - incomingKeyRequestManager.removeRoomKeysRequestListener(listener) - secretShareManager.addListener(listener) - } - - /** - * Provides the list of unknown devices - * - * @param devicesInRoom the devices map - * @return the unknown devices map - */ - private fun getUnknownDevices(devicesInRoom: MXUsersDevicesMap): MXUsersDevicesMap { - val unknownDevices = MXUsersDevicesMap() - val userIds = devicesInRoom.userIds - for (userId in userIds) { - devicesInRoom.getUserDeviceIds(userId)?.forEach { deviceId -> - devicesInRoom.getObject(userId, deviceId) - ?.takeIf { it.isUnknown } - ?.let { - unknownDevices.setObject(userId, deviceId, it) - } - } - } - - return unknownDevices - } - - override fun downloadKeys(userIds: List, forceDownload: Boolean, callback: MatrixCallback>) { - cryptoCoroutineScope.launch(coroutineDispatchers.crypto) { - runCatching { - deviceListManager.downloadKeys(userIds, forceDownload) - }.foldToCallback(callback) - } - } - - override fun addNewSessionListener(newSessionListener: NewSessionListener) { - roomDecryptorProvider.addNewSessionListener(newSessionListener) - } - - override fun removeSessionListener(listener: NewSessionListener) { - roomDecryptorProvider.removeSessionListener(listener) - } -/* ========================================================================================== - * DEBUG INFO - * ========================================================================================== */ - - override fun toString(): String { - return "DefaultCryptoService of $userId ($deviceId)" - } - - override fun getOutgoingRoomKeyRequests(): List { - return cryptoStore.getOutgoingRoomKeyRequests() - } - - override fun getOutgoingRoomKeyRequestsPaged(): LiveData> { - return cryptoStore.getOutgoingRoomKeyRequestsPaged() - } - - override fun getIncomingRoomKeyRequests(): List { - return cryptoStore.getGossipingEvents() - .mapNotNull { - IncomingRoomKeyRequest.fromEvent(it) - } - } - - override fun getIncomingRoomKeyRequestsPaged(): LiveData> { - return cryptoStore.getGossipingEventsTrail(TrailType.IncomingKeyRequest) { - IncomingRoomKeyRequest.fromEvent(it) - ?: IncomingRoomKeyRequest(localCreationTimestamp = 0L) - } - } - - /** - * If you registered a `GossipingRequestListener`, you will be notified of key request - * that was not accepted by the SDK. You can call back this manually to accept anyhow. - */ - override suspend fun manuallyAcceptRoomKeyRequest(request: IncomingRoomKeyRequest) { - incomingKeyRequestManager.manuallyAcceptRoomKeyRequest(request) - } - - override fun getGossipingEventsTrail(): LiveData> { - return cryptoStore.getGossipingEventsTrail() - } - - override fun getGossipingEvents(): List { - return cryptoStore.getGossipingEvents() - } - - override fun getSharedWithInfo(roomId: String?, sessionId: String): MXUsersDevicesMap { - return cryptoStore.getSharedWithInfo(roomId, sessionId) - } - - override fun getWithHeldMegolmSession(roomId: String, sessionId: String): RoomKeyWithHeldContent? { - return cryptoStore.getWithHeldMegolmSession(roomId, sessionId) - } - - override fun logDbUsageInfo() { - cryptoStore.logDbUsageInfo() - } - - override fun prepareToEncrypt(roomId: String, callback: MatrixCallback) { - cryptoCoroutineScope.launch(coroutineDispatchers.crypto) { - Timber.tag(loggerTag.value).d("prepareToEncrypt() roomId:$roomId Check room members up to date") - // Ensure to load all room members - try { - loadRoomMembersTask.execute(LoadRoomMembersTask.Params(roomId)) - } catch (failure: Throwable) { - Timber.tag(loggerTag.value).e("prepareToEncrypt() : Failed to load room members") -// callback.onFailure(failure) -// return@launch - } - - val userIds = getRoomUserIds(roomId) - val alg = roomEncryptorsStore.get(roomId) - ?: getEncryptionAlgorithm(roomId) - ?.let { setEncryptionInRoom(roomId, it, false, userIds) } - ?.let { roomEncryptorsStore.get(roomId) } - - if (alg == null) { - val reason = String.format(MXCryptoError.UNABLE_TO_ENCRYPT_REASON, MXCryptoError.NO_MORE_ALGORITHM_REASON) - Timber.tag(loggerTag.value).e("prepareToEncrypt() : $reason") - callback.onFailure(IllegalArgumentException("Missing algorithm")) - return@launch - } - - runCatching { - (alg as? IMXGroupEncryption)?.preshareKey(userIds) - }.fold( - { callback.onSuccess(Unit) }, - { - Timber.tag(loggerTag.value).e(it, "prepareToEncrypt() failed.") - callback.onFailure(it) - } - ) - } - } - - /* ========================================================================================== - * For test only - * ========================================================================================== */ - - @VisibleForTesting - val cryptoStoreForTesting = cryptoStore - - @VisibleForTesting - val olmDeviceForTest = olmDevice - - companion object { - const val CRYPTO_MIN_FORCE_SESSION_PERIOD_MILLIS = 3_600_000 // one hour - } -} +/* + * Copyright 2020 The Matrix.org Foundation C.I.C. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.matrix.android.sdk.internal.crypto + +import android.content.Context +import androidx.annotation.VisibleForTesting +import androidx.lifecycle.LiveData +import androidx.paging.PagedList +import com.squareup.moshi.Types +import dagger.Lazy +import kotlinx.coroutines.CancellationException +import kotlinx.coroutines.CoroutineScope +import kotlinx.coroutines.cancelChildren +import kotlinx.coroutines.launch +import kotlinx.coroutines.runBlocking +import kotlinx.coroutines.withContext +import org.matrix.android.sdk.api.MatrixCallback +import org.matrix.android.sdk.api.MatrixCoroutineDispatchers +import org.matrix.android.sdk.api.NoOpMatrixCallback +import org.matrix.android.sdk.api.auth.UserInteractiveAuthInterceptor +import org.matrix.android.sdk.api.crypto.MXCRYPTO_ALGORITHM_MEGOLM +import org.matrix.android.sdk.api.crypto.MXCRYPTO_ALGORITHM_OLM +import org.matrix.android.sdk.api.crypto.MXCryptoConfig +import org.matrix.android.sdk.api.extensions.tryOrNull +import org.matrix.android.sdk.api.failure.Failure +import org.matrix.android.sdk.api.listeners.ProgressListener +import org.matrix.android.sdk.api.logger.LoggerTag +import org.matrix.android.sdk.api.session.crypto.CryptoService +import org.matrix.android.sdk.api.session.crypto.MXCryptoError +import org.matrix.android.sdk.api.session.crypto.NewSessionListener +import org.matrix.android.sdk.api.session.crypto.OutgoingKeyRequest +import org.matrix.android.sdk.api.session.crypto.crosssigning.DeviceTrustLevel +import org.matrix.android.sdk.api.session.crypto.crosssigning.KEYBACKUP_SECRET_SSSS_NAME +import org.matrix.android.sdk.api.session.crypto.crosssigning.MASTER_KEY_SSSS_NAME +import org.matrix.android.sdk.api.session.crypto.crosssigning.SELF_SIGNING_KEY_SSSS_NAME +import org.matrix.android.sdk.api.session.crypto.crosssigning.USER_SIGNING_KEY_SSSS_NAME +import org.matrix.android.sdk.api.session.crypto.keyshare.GossipingRequestListener +import org.matrix.android.sdk.api.session.crypto.model.AuditTrail +import org.matrix.android.sdk.api.session.crypto.model.CryptoDeviceInfo +import org.matrix.android.sdk.api.session.crypto.model.DeviceInfo +import org.matrix.android.sdk.api.session.crypto.model.DevicesListResponse +import org.matrix.android.sdk.api.session.crypto.model.ImportRoomKeysResult +import org.matrix.android.sdk.api.session.crypto.model.IncomingRoomKeyRequest +import org.matrix.android.sdk.api.session.crypto.model.MXDeviceInfo +import org.matrix.android.sdk.api.session.crypto.model.MXEncryptEventContentResult +import org.matrix.android.sdk.api.session.crypto.model.MXEventDecryptionResult +import org.matrix.android.sdk.api.session.crypto.model.MXUsersDevicesMap +import org.matrix.android.sdk.api.session.crypto.model.RoomKeyShareRequest +import org.matrix.android.sdk.api.session.crypto.model.TrailType +import org.matrix.android.sdk.api.session.events.model.Content +import org.matrix.android.sdk.api.session.events.model.Event +import org.matrix.android.sdk.api.session.events.model.EventType +import org.matrix.android.sdk.api.session.events.model.content.RoomKeyContent +import org.matrix.android.sdk.api.session.events.model.content.RoomKeyWithHeldContent +import org.matrix.android.sdk.api.session.events.model.toModel +import org.matrix.android.sdk.api.session.room.model.Membership +import org.matrix.android.sdk.api.session.room.model.RoomHistoryVisibility +import org.matrix.android.sdk.api.session.room.model.RoomHistoryVisibilityContent +import org.matrix.android.sdk.api.session.room.model.RoomMemberContent +import org.matrix.android.sdk.api.session.sync.model.SyncResponse +import org.matrix.android.sdk.internal.crypto.actions.MegolmSessionDataImporter +import org.matrix.android.sdk.internal.crypto.actions.SetDeviceVerificationAction +import org.matrix.android.sdk.internal.crypto.algorithms.IMXEncrypting +import org.matrix.android.sdk.internal.crypto.algorithms.IMXGroupEncryption +import org.matrix.android.sdk.internal.crypto.algorithms.megolm.MXMegolmEncryptionFactory +import org.matrix.android.sdk.internal.crypto.algorithms.olm.MXOlmEncryptionFactory +import org.matrix.android.sdk.internal.crypto.crosssigning.DefaultCrossSigningService +import org.matrix.android.sdk.internal.crypto.keysbackup.DefaultKeysBackupService +import org.matrix.android.sdk.internal.crypto.model.MXKey.Companion.KEY_SIGNED_CURVE_25519_TYPE +import org.matrix.android.sdk.internal.crypto.model.toRest +import org.matrix.android.sdk.internal.crypto.repository.WarnOnUnknownDeviceRepository +import org.matrix.android.sdk.internal.crypto.store.IMXCryptoStore +import org.matrix.android.sdk.internal.crypto.tasks.DeleteDeviceTask +import org.matrix.android.sdk.internal.crypto.tasks.GetDeviceInfoTask +import org.matrix.android.sdk.internal.crypto.tasks.GetDevicesTask +import org.matrix.android.sdk.internal.crypto.tasks.SetDeviceNameTask +import org.matrix.android.sdk.internal.crypto.tasks.UploadKeysTask +import org.matrix.android.sdk.internal.crypto.verification.DefaultVerificationService +import org.matrix.android.sdk.internal.crypto.verification.VerificationMessageProcessor +import org.matrix.android.sdk.internal.di.DeviceId +import org.matrix.android.sdk.internal.di.MoshiProvider +import org.matrix.android.sdk.internal.di.UserId +import org.matrix.android.sdk.internal.extensions.foldToCallback +import org.matrix.android.sdk.internal.session.SessionScope +import org.matrix.android.sdk.internal.session.StreamEventsManager +import org.matrix.android.sdk.internal.session.room.membership.LoadRoomMembersTask +import org.matrix.android.sdk.internal.task.TaskExecutor +import org.matrix.android.sdk.internal.task.TaskThread +import org.matrix.android.sdk.internal.task.configureWith +import org.matrix.android.sdk.internal.task.launchToCallback +import org.matrix.android.sdk.internal.util.JsonCanonicalizer +import org.matrix.olm.OlmManager +import timber.log.Timber +import java.util.concurrent.atomic.AtomicBoolean +import javax.inject.Inject +import kotlin.math.max + +/** + * A `CryptoService` class instance manages the end-to-end crypto for a session. + * + * + * Messages posted by the user are automatically redirected to CryptoService in order to be encrypted + * before sending. + * In the other hand, received events goes through CryptoService for decrypting. + * CryptoService maintains all necessary keys and their sharing with other devices required for the crypto. + * Specially, it tracks all room membership changes events in order to do keys updates. + */ + +private val loggerTag = LoggerTag("DefaultCryptoService", LoggerTag.CRYPTO) + +@SessionScope +internal class DefaultCryptoService @Inject constructor( + // Olm Manager + private val olmManager: OlmManager, + @UserId + private val userId: String, + @DeviceId + private val deviceId: String?, + private val myDeviceInfoHolder: Lazy, + // the crypto store + private val cryptoStore: IMXCryptoStore, + // Room encryptors store + private val roomEncryptorsStore: RoomEncryptorsStore, + // Olm device + private val olmDevice: MXOlmDevice, + // Set of parameters used to configure/customize the end-to-end crypto. + private val mxCryptoConfig: MXCryptoConfig, + // Device list manager + private val deviceListManager: DeviceListManager, + // The key backup service. + private val keysBackupService: DefaultKeysBackupService, + // + private val objectSigner: ObjectSigner, + // + private val oneTimeKeysUploader: OneTimeKeysUploader, + // + private val roomDecryptorProvider: RoomDecryptorProvider, + // The verification service. + private val verificationService: DefaultVerificationService, + + private val crossSigningService: DefaultCrossSigningService, + // + private val incomingKeyRequestManager: IncomingKeyRequestManager, + private val secretShareManager: SecretShareManager, + // + private val outgoingKeyRequestManager: OutgoingKeyRequestManager, + // Actions + private val setDeviceVerificationAction: SetDeviceVerificationAction, + private val megolmSessionDataImporter: MegolmSessionDataImporter, + private val warnOnUnknownDevicesRepository: WarnOnUnknownDeviceRepository, + // Repository + private val megolmEncryptionFactory: MXMegolmEncryptionFactory, + private val olmEncryptionFactory: MXOlmEncryptionFactory, + // Tasks + private val deleteDeviceTask: DeleteDeviceTask, + private val getDevicesTask: GetDevicesTask, + private val getDeviceInfoTask: GetDeviceInfoTask, + private val setDeviceNameTask: SetDeviceNameTask, + private val uploadKeysTask: UploadKeysTask, + private val loadRoomMembersTask: LoadRoomMembersTask, + private val cryptoSessionInfoProvider: CryptoSessionInfoProvider, + private val coroutineDispatchers: MatrixCoroutineDispatchers, + private val taskExecutor: TaskExecutor, + private val cryptoCoroutineScope: CoroutineScope, + private val eventDecryptor: EventDecryptor, + private val verificationMessageProcessor: VerificationMessageProcessor, + private val liveEventManager: Lazy +) : CryptoService { + + private val isStarting = AtomicBoolean(false) + private val isStarted = AtomicBoolean(false) + + fun onStateEvent(roomId: String, event: Event) { + when (event.type) { + EventType.STATE_ROOM_ENCRYPTION -> onRoomEncryptionEvent(roomId, event) + EventType.STATE_ROOM_MEMBER -> onRoomMembershipEvent(roomId, event) + EventType.STATE_ROOM_HISTORY_VISIBILITY -> onRoomHistoryVisibilityEvent(roomId, event) + } + } + + fun onLiveEvent(roomId: String, event: Event, isInitialSync: Boolean) { + // handle state events + if (event.isStateEvent()) { + when (event.type) { + EventType.STATE_ROOM_ENCRYPTION -> onRoomEncryptionEvent(roomId, event) + EventType.STATE_ROOM_MEMBER -> onRoomMembershipEvent(roomId, event) + EventType.STATE_ROOM_HISTORY_VISIBILITY -> onRoomHistoryVisibilityEvent(roomId, event) + } + } + + // handle verification + if (!isInitialSync) { + if (event.type != null && verificationMessageProcessor.shouldProcess(event.type)) { + cryptoCoroutineScope.launch(coroutineDispatchers.dmVerif) { + verificationMessageProcessor.process(event) + } + } + } + } + +// val gossipingBuffer = mutableListOf() + + override fun setDeviceName(deviceId: String, deviceName: String, callback: MatrixCallback) { + setDeviceNameTask + .configureWith(SetDeviceNameTask.Params(deviceId, deviceName)) { + this.executionThread = TaskThread.CRYPTO + this.callback = object : MatrixCallback { + override fun onSuccess(data: Unit) { + // bg refresh of crypto device + downloadKeys(listOf(userId), true, NoOpMatrixCallback()) + callback.onSuccess(data) + } + + override fun onFailure(failure: Throwable) { + callback.onFailure(failure) + } + } + } + .executeBy(taskExecutor) + } + + override fun deleteDevice(deviceId: String, userInteractiveAuthInterceptor: UserInteractiveAuthInterceptor, callback: MatrixCallback) { + deleteDeviceTask + .configureWith(DeleteDeviceTask.Params(deviceId, userInteractiveAuthInterceptor, null)) { + this.executionThread = TaskThread.CRYPTO + this.callback = callback + } + .executeBy(taskExecutor) + } + + override fun getCryptoVersion(context: Context, longFormat: Boolean): String { + return if (longFormat) olmManager.getDetailedVersion(context) else olmManager.version + } + + override fun getMyDevice(): CryptoDeviceInfo { + return myDeviceInfoHolder.get().myDevice + } + + override fun fetchDevicesList(callback: MatrixCallback) { + getDevicesTask + .configureWith { + // this.executionThread = TaskThread.CRYPTO + this.callback = object : MatrixCallback { + override fun onFailure(failure: Throwable) { + callback.onFailure(failure) + } + + override fun onSuccess(data: DevicesListResponse) { + // Save in local DB + cryptoStore.saveMyDevicesInfo(data.devices.orEmpty()) + callback.onSuccess(data) + } + } + } + .executeBy(taskExecutor) + } + + override fun getLiveMyDevicesInfo(): LiveData> { + return cryptoStore.getLiveMyDevicesInfo() + } + + override fun getMyDevicesInfo(): List { + return cryptoStore.getMyDevicesInfo() + } + + override fun getDeviceInfo(deviceId: String, callback: MatrixCallback) { + getDeviceInfoTask + .configureWith(GetDeviceInfoTask.Params(deviceId)) { + this.executionThread = TaskThread.CRYPTO + this.callback = callback + } + .executeBy(taskExecutor) + } + + override fun inboundGroupSessionsCount(onlyBackedUp: Boolean): Int { + return cryptoStore.inboundGroupSessionsCount(onlyBackedUp) + } + + /** + * Provides the tracking status + * + * @param userId the user id + * @return the tracking status + */ + override fun getDeviceTrackingStatus(userId: String): Int { + return cryptoStore.getDeviceTrackingStatus(userId, DeviceListManager.TRACKING_STATUS_NOT_TRACKED) + } + + /** + * Tell if the MXCrypto is started + * + * @return true if the crypto is started + */ + fun isStarted(): Boolean { + return isStarted.get() + } + + /** + * Tells if the MXCrypto is starting. + * + * @return true if the crypto is starting + */ + fun isStarting(): Boolean { + return isStarting.get() + } + + /** + * Start the crypto module. + * Device keys will be uploaded, then one time keys if there are not enough on the homeserver + * and, then, if this is the first time, this new device will be announced to all other users + * devices. + * + */ + fun start() { + cryptoCoroutineScope.launch(coroutineDispatchers.crypto) { + internalStart() + } + // Just update + fetchDevicesList(NoOpMatrixCallback()) + + cryptoCoroutineScope.launch(coroutineDispatchers.crypto) { + cryptoStore.tidyUpDataBase() + } + } + + fun ensureDevice() { + cryptoCoroutineScope.launchToCallback(coroutineDispatchers.crypto, NoOpMatrixCallback()) { + // Open the store + cryptoStore.open() + + if (!cryptoStore.areDeviceKeysUploaded()) { + // Schedule upload of OTK + oneTimeKeysUploader.updateOneTimeKeyCount(0) + } + + // this can throw if no network + tryOrNull { + uploadDeviceKeys() + } + + oneTimeKeysUploader.maybeUploadOneTimeKeys() + // this can throw if no backup + tryOrNull { + keysBackupService.checkAndStartKeysBackup() + } + } + } + + fun onSyncWillProcess(isInitialSync: Boolean) { + cryptoCoroutineScope.launch(coroutineDispatchers.crypto) { + if (isInitialSync) { + try { + // On initial sync, we start all our tracking from + // scratch, so mark everything as untracked. onCryptoEvent will + // be called for all e2e rooms during the processing of the sync, + // at which point we'll start tracking all the users of that room. + deviceListManager.invalidateAllDeviceLists() + // always track my devices? + deviceListManager.startTrackingDeviceList(listOf(userId)) + deviceListManager.refreshOutdatedDeviceLists() + } catch (failure: Throwable) { + Timber.tag(loggerTag.value).e(failure, "onSyncWillProcess ") + } + } + } + } + + private fun internalStart() { + if (isStarted.get() || isStarting.get()) { + return + } + isStarting.set(true) + + // Open the store + cryptoStore.open() + + isStarting.set(false) + isStarted.set(true) + } + + /** + * Close the crypto + */ + fun close() = runBlocking(coroutineDispatchers.crypto) { + cryptoCoroutineScope.coroutineContext.cancelChildren(CancellationException("Closing crypto module")) + incomingKeyRequestManager.close() + outgoingKeyRequestManager.close() + olmDevice.release() + cryptoStore.close() + } + + // Always enabled on Matrix Android SDK2 + override fun isCryptoEnabled() = true + + /** + * @return the Keys backup Service + */ + override fun keysBackupService() = keysBackupService + + /** + * @return the VerificationService + */ + override fun verificationService() = verificationService + + override fun crossSigningService() = crossSigningService + + /** + * A sync response has been received + * + * @param syncResponse the syncResponse + */ + fun onSyncCompleted(syncResponse: SyncResponse) { + cryptoCoroutineScope.launch(coroutineDispatchers.crypto) { + runCatching { + if (syncResponse.deviceLists != null) { + deviceListManager.handleDeviceListsChanges(syncResponse.deviceLists.changed, syncResponse.deviceLists.left) + } + if (syncResponse.deviceOneTimeKeysCount != null) { + val currentCount = syncResponse.deviceOneTimeKeysCount.signedCurve25519 ?: 0 + oneTimeKeysUploader.updateOneTimeKeyCount(currentCount) + } + + // unwedge if needed + try { + eventDecryptor.unwedgeDevicesIfNeeded() + } catch (failure: Throwable) { + Timber.tag(loggerTag.value).w("unwedgeDevicesIfNeeded failed") + } + + // There is a limit of to_device events returned per sync. + // If we are in a case of such limited to_device sync we can't try to generate/upload + // new otk now, because there might be some pending olm pre-key to_device messages that would fail if we rotate + // the old otk too early. In this case we want to wait for the pending to_device before doing anything + // As per spec: + // If there is a large queue of send-to-device messages, the server should limit the number sent in each /sync response. + // 100 messages is recommended as a reasonable limit. + // The limit is not part of the spec, so it's probably safer to handle that when there are no more to_device ( so we are sure + // that there are no pending to_device + val toDevices = syncResponse.toDevice?.events.orEmpty() + if (isStarted() && toDevices.isEmpty()) { + // Make sure we process to-device messages before generating new one-time-keys #2782 + deviceListManager.refreshOutdatedDeviceLists() + // The presence of device_unused_fallback_key_types indicates that the server supports fallback keys. + // If there's no unused signed_curve25519 fallback key we need a new one. + if (syncResponse.deviceUnusedFallbackKeyTypes != null && + // Generate a fallback key only if the server does not already have an unused fallback key. + !syncResponse.deviceUnusedFallbackKeyTypes.contains(KEY_SIGNED_CURVE_25519_TYPE)) { + oneTimeKeysUploader.needsNewFallback() + } + + oneTimeKeysUploader.maybeUploadOneTimeKeys() + } + + // Process pending key requests + try { + if (toDevices.isEmpty()) { + // this is not blocking + outgoingKeyRequestManager.requireProcessAllPendingKeyRequests() + } else { + Timber.tag(loggerTag.value) + .w("Don't process key requests yet as there might be more to_device to catchup") + } + } catch (failure: Throwable) { + // just for safety but should not throw + Timber.tag(loggerTag.value).w("failed to process pending request") + } + + try { + incomingKeyRequestManager.processIncomingRequests() + } catch (failure: Throwable) { + // just for safety but should not throw + Timber.tag(loggerTag.value).w("failed to process incoming room key requests") + } + } + } + } + + /** + * Find a device by curve25519 identity key + * + * @param senderKey the curve25519 key to match. + * @param algorithm the encryption algorithm. + * @return the device info, or null if not found / unsupported algorithm / crypto released + */ + override fun deviceWithIdentityKey(senderKey: String, algorithm: String): CryptoDeviceInfo? { + return if (algorithm != MXCRYPTO_ALGORITHM_MEGOLM && algorithm != MXCRYPTO_ALGORITHM_OLM) { + // We only deal in olm keys + null + } else cryptoStore.deviceWithIdentityKey(senderKey) + } + + /** + * Provides the device information for a user id and a device Id + * + * @param userId the user id + * @param deviceId the device id + */ + override fun getDeviceInfo(userId: String, deviceId: String?): CryptoDeviceInfo? { + return if (userId.isNotEmpty() && !deviceId.isNullOrEmpty()) { + cryptoStore.getUserDevice(userId, deviceId) + } else { + null + } + } + + override fun getCryptoDeviceInfo(userId: String): List { + return cryptoStore.getUserDeviceList(userId).orEmpty() + } + + override fun getLiveCryptoDeviceInfo(): LiveData> { + return cryptoStore.getLiveDeviceList() + } + + override fun getLiveCryptoDeviceInfo(userId: String): LiveData> { + return cryptoStore.getLiveDeviceList(userId) + } + + override fun getLiveCryptoDeviceInfo(userIds: List): LiveData> { + return cryptoStore.getLiveDeviceList(userIds) + } + + /** + * Set the devices as known + * + * @param devices the devices. Note that the verified member of the devices in this list will not be updated by this method. + * @param callback the asynchronous callback + */ + override fun setDevicesKnown(devices: List, callback: MatrixCallback?) { + // build a devices map + val devicesIdListByUserId = devices.groupBy({ it.userId }, { it.deviceId }) + + for ((userId, deviceIds) in devicesIdListByUserId) { + val storedDeviceIDs = cryptoStore.getUserDevices(userId) + + // sanity checks + if (null != storedDeviceIDs) { + var isUpdated = false + + deviceIds.forEach { deviceId -> + val device = storedDeviceIDs[deviceId] + + // assume if the device is either verified or blocked + // it means that the device is known + if (device?.isUnknown == true) { + device.trustLevel = DeviceTrustLevel(crossSigningVerified = false, locallyVerified = false) + isUpdated = true + } + } + + if (isUpdated) { + cryptoStore.storeUserDevices(userId, storedDeviceIDs) + } + } + } + + callback?.onSuccess(Unit) + } + + /** + * Update the blocked/verified state of the given device. + * + * @param trustLevel the new trust level + * @param userId the owner of the device + * @param deviceId the unique identifier for the device. + */ + override fun setDeviceVerification(trustLevel: DeviceTrustLevel, userId: String, deviceId: String) { + setDeviceVerificationAction.handle(trustLevel, userId, deviceId) + } + + /** + * Configure a room to use encryption. + * + * @param roomId the room id to enable encryption in. + * @param algorithm the encryption config for the room. + * @param inhibitDeviceQuery true to suppress device list query for users in the room (for now) + * @param membersId list of members to start tracking their devices + * @return true if the operation succeeds. + */ + private suspend fun setEncryptionInRoom(roomId: String, + algorithm: String?, + inhibitDeviceQuery: Boolean, + membersId: List): Boolean { + // If we already have encryption in this room, we should ignore this event + // (for now at least. Maybe we should alert the user somehow?) + val existingAlgorithm = cryptoStore.getRoomAlgorithm(roomId) + + if (existingAlgorithm == algorithm) { + // ignore + Timber.tag(loggerTag.value).e("setEncryptionInRoom() : Ignoring m.room.encryption for same alg ($algorithm) in $roomId") + return false + } + + val encryptingClass = MXCryptoAlgorithms.hasEncryptorClassForAlgorithm(algorithm) + + // Always store even if not supported + cryptoStore.storeRoomAlgorithm(roomId, algorithm) + + if (!encryptingClass) { + Timber.tag(loggerTag.value).e("setEncryptionInRoom() : Unable to encrypt room $roomId with $algorithm") + return false + } + + val alg: IMXEncrypting? = when (algorithm) { + MXCRYPTO_ALGORITHM_MEGOLM -> megolmEncryptionFactory.create(roomId) + MXCRYPTO_ALGORITHM_OLM -> olmEncryptionFactory.create(roomId) + else -> null + } + + if (alg != null) { + roomEncryptorsStore.put(roomId, alg) + } + + // if encryption was not previously enabled in this room, we will have been + // ignoring new device events for these users so far. We may well have + // up-to-date lists for some users, for instance if we were sharing other + // e2e rooms with them, so there is room for optimisation here, but for now + // we just invalidate everyone in the room. + if (null == existingAlgorithm) { + Timber.tag(loggerTag.value).d("Enabling encryption in $roomId for the first time; invalidating device lists for all users therein") + + val userIds = ArrayList(membersId) + + deviceListManager.startTrackingDeviceList(userIds) + + if (!inhibitDeviceQuery) { + deviceListManager.refreshOutdatedDeviceLists() + } + } + + return true + } + + /** + * Tells if a room is encrypted with MXCRYPTO_ALGORITHM_MEGOLM + * + * @param roomId the room id + * @return true if the room is encrypted with algorithm MXCRYPTO_ALGORITHM_MEGOLM + */ + override fun isRoomEncrypted(roomId: String): Boolean { + return cryptoSessionInfoProvider.isRoomEncrypted(roomId) + } + + /** + * @return the stored device keys for a user. + */ + override fun getUserDevices(userId: String): MutableList { + return cryptoStore.getUserDevices(userId)?.values?.toMutableList() ?: ArrayList() + } + + private fun isEncryptionEnabledForInvitedUser(): Boolean { + return mxCryptoConfig.enableEncryptionForInvitedMembers + } + + override fun getEncryptionAlgorithm(roomId: String): String? { + return cryptoStore.getRoomAlgorithm(roomId) + } + + /** + * Determine whether we should encrypt messages for invited users in this room. + *

+ * Check here whether the invited members are allowed to read messages in the room history + * from the point they were invited onwards. + * + * @return true if we should encrypt messages for invited users. + */ + override fun shouldEncryptForInvitedMembers(roomId: String): Boolean { + return cryptoStore.shouldEncryptForInvitedMembers(roomId) + } + + /** + * Encrypt an event content according to the configuration of the room. + * + * @param eventContent the content of the event. + * @param eventType the type of the event. + * @param roomId the room identifier the event will be sent. + * @param callback the asynchronous callback + */ + override fun encryptEventContent(eventContent: Content, + eventType: String, + roomId: String, + callback: MatrixCallback) { + // moved to crypto scope to have uptodate values + cryptoCoroutineScope.launch(coroutineDispatchers.crypto) { + val userIds = getRoomUserIds(roomId) + var alg = roomEncryptorsStore.get(roomId) + if (alg == null) { + val algorithm = getEncryptionAlgorithm(roomId) + if (algorithm != null) { + if (setEncryptionInRoom(roomId, algorithm, false, userIds)) { + alg = roomEncryptorsStore.get(roomId) + } + } + } + val safeAlgorithm = alg + if (safeAlgorithm != null) { + val t0 = System.currentTimeMillis() + Timber.tag(loggerTag.value).v("encryptEventContent() starts") + runCatching { + val content = safeAlgorithm.encryptEventContent(eventContent, eventType, userIds) + Timber.tag(loggerTag.value).v("## CRYPTO | encryptEventContent() : succeeds after ${System.currentTimeMillis() - t0} ms") + MXEncryptEventContentResult(content, EventType.ENCRYPTED) + }.foldToCallback(callback) + } else { + val algorithm = getEncryptionAlgorithm(roomId) + val reason = String.format(MXCryptoError.UNABLE_TO_ENCRYPT_REASON, + algorithm ?: MXCryptoError.NO_MORE_ALGORITHM_REASON) + Timber.tag(loggerTag.value).e("encryptEventContent() : failed $reason") + callback.onFailure(Failure.CryptoError(MXCryptoError.Base(MXCryptoError.ErrorType.UNABLE_TO_ENCRYPT, reason))) + } + } + } + + override fun discardOutboundSession(roomId: String) { + cryptoCoroutineScope.launch(coroutineDispatchers.crypto) { + val roomEncryptor = roomEncryptorsStore.get(roomId) + if (roomEncryptor is IMXGroupEncryption) { + roomEncryptor.discardSessionKey() + } else { + Timber.tag(loggerTag.value).e("discardOutboundSession() for:$roomId: Unable to handle IMXGroupEncryption") + } + } + } + + /** + * Decrypt an event + * + * @param event the raw event. + * @param timeline the id of the timeline where the event is decrypted. It is used to prevent replay attack. + * @return the MXEventDecryptionResult data, or throw in case of error + */ + @Throws(MXCryptoError::class) + override suspend fun decryptEvent(event: Event, timeline: String): MXEventDecryptionResult { + return internalDecryptEvent(event, timeline) + } + + /** + * Decrypt an event asynchronously + * + * @param event the raw event. + * @param timeline the id of the timeline where the event is decrypted. It is used to prevent replay attack. + * @param callback the callback to return data or null + */ + override fun decryptEventAsync(event: Event, timeline: String, callback: MatrixCallback) { + eventDecryptor.decryptEventAsync(event, timeline, callback) + } + + /** + * Decrypt an event + * + * @param event the raw event. + * @param timeline the id of the timeline where the event is decrypted. It is used to prevent replay attack. + * @return the MXEventDecryptionResult data, or null in case of error + */ + @Throws(MXCryptoError::class) + private suspend fun internalDecryptEvent(event: Event, timeline: String): MXEventDecryptionResult { + return eventDecryptor.decryptEvent(event, timeline) + } + + /** + * Reset replay attack data for the given timeline. + * + * @param timelineId the timeline id + */ + fun resetReplayAttackCheckInTimeline(timelineId: String) { + olmDevice.resetReplayAttackCheckInTimeline(timelineId) + } + + /** + * Handle the 'toDevice' event + * + * @param event the event + */ + fun onToDeviceEvent(event: Event) { + // event have already been decrypted + cryptoCoroutineScope.launch(coroutineDispatchers.crypto) { + when (event.getClearType()) { + EventType.ROOM_KEY, EventType.FORWARDED_ROOM_KEY -> { + // Keys are imported directly, not waiting for end of sync + onRoomKeyEvent(event) + } + EventType.REQUEST_SECRET -> { + secretShareManager.handleSecretRequest(event) + } + EventType.ROOM_KEY_REQUEST -> { + event.getClearContent().toModel()?.let { req -> + event.senderId?.let { incomingKeyRequestManager.addNewIncomingRequest(it, req) } + } + } + EventType.SEND_SECRET -> { + onSecretSendReceived(event) + } + EventType.ROOM_KEY_WITHHELD -> { + onKeyWithHeldReceived(event) + } + else -> { + // ignore + } + } + } + liveEventManager.get().dispatchOnLiveToDevice(event) + } + + /** + * Handle a key event. + * + * @param event the key event. + */ + private fun onRoomKeyEvent(event: Event) { + val roomKeyContent = event.getClearContent().toModel() ?: return + Timber.tag(loggerTag.value).i("onRoomKeyEvent() from: ${event.senderId} type<${event.getClearType()}> , sessionId<${roomKeyContent.sessionId}>") + if (roomKeyContent.roomId.isNullOrEmpty() || roomKeyContent.algorithm.isNullOrEmpty()) { + Timber.tag(loggerTag.value).e("onRoomKeyEvent() : missing fields") + return + } + val alg = roomDecryptorProvider.getOrCreateRoomDecryptor(roomKeyContent.roomId, roomKeyContent.algorithm) + if (alg == null) { + Timber.tag(loggerTag.value).e("GOSSIP onRoomKeyEvent() : Unable to handle keys for ${roomKeyContent.algorithm}") + return + } + alg.onRoomKeyEvent(event, keysBackupService) + } + + private fun onKeyWithHeldReceived(event: Event) { + val withHeldContent = event.getClearContent().toModel() ?: return Unit.also { + Timber.tag(loggerTag.value).i("Malformed onKeyWithHeldReceived() : missing fields") + } + val senderId = event.senderId ?: return Unit.also { + Timber.tag(loggerTag.value).i("Malformed onKeyWithHeldReceived() : missing fields") + } + withHeldContent.sessionId ?: return + withHeldContent.algorithm ?: return + withHeldContent.roomId ?: return + withHeldContent.senderKey ?: return + outgoingKeyRequestManager.onRoomKeyWithHeld( + sessionId = withHeldContent.sessionId, + algorithm = withHeldContent.algorithm, + roomId = withHeldContent.roomId, + senderKey = withHeldContent.senderKey, + fromDevice = withHeldContent.fromDevice, + event = Event( + type = EventType.ROOM_KEY_WITHHELD, + senderId = senderId, + content = event.getClearContent() + ) + ) + } + + private suspend fun onSecretSendReceived(event: Event) { + secretShareManager.onSecretSendReceived(event) { secretName, secretValue -> + handleSDKLevelGossip(secretName, secretValue) + } + } + + /** + * Returns true if handled by SDK, otherwise should be sent to application layer + */ + private fun handleSDKLevelGossip(secretName: String?, + secretValue: String): Boolean { + return when (secretName) { + MASTER_KEY_SSSS_NAME -> { + crossSigningService.onSecretMSKGossip(secretValue) + true + } + SELF_SIGNING_KEY_SSSS_NAME -> { + crossSigningService.onSecretSSKGossip(secretValue) + true + } + USER_SIGNING_KEY_SSSS_NAME -> { + crossSigningService.onSecretUSKGossip(secretValue) + true + } + KEYBACKUP_SECRET_SSSS_NAME -> { + keysBackupService.onSecretKeyGossip(secretValue) + true + } + else -> false + } + } + + /** + * Handle an m.room.encryption event. + * + * @param event the encryption event. + */ + private fun onRoomEncryptionEvent(roomId: String, event: Event) { + if (!event.isStateEvent()) { + // Ignore + Timber.tag(loggerTag.value).w("Invalid encryption event") + return + } + cryptoCoroutineScope.launch(coroutineDispatchers.crypto) { + val userIds = getRoomUserIds(roomId) + setEncryptionInRoom(roomId, event.content?.get("algorithm")?.toString(), true, userIds) + } + } + + private fun getRoomUserIds(roomId: String): List { + val encryptForInvitedMembers = isEncryptionEnabledForInvitedUser() && + shouldEncryptForInvitedMembers(roomId) + return cryptoSessionInfoProvider.getRoomUserIds(roomId, encryptForInvitedMembers) + } + + /** + * Handle a change in the membership state of a member of a room. + * + * @param event the membership event causing the change + */ + private fun onRoomMembershipEvent(roomId: String, event: Event) { + roomEncryptorsStore.get(roomId) ?: /* No encrypting in this room */ return + + event.stateKey?.let { userId -> + val roomMember: RoomMemberContent? = event.content.toModel() + val membership = roomMember?.membership + if (membership == Membership.JOIN) { + // make sure we are tracking the deviceList for this user. + deviceListManager.startTrackingDeviceList(listOf(userId)) + } else if (membership == Membership.INVITE && + shouldEncryptForInvitedMembers(roomId) && + isEncryptionEnabledForInvitedUser()) { + // track the deviceList for this invited user. + // Caution: there's a big edge case here in that federated servers do not + // know what other servers are in the room at the time they've been invited. + // They therefore will not send device updates if a user logs in whilst + // their state is invite. + deviceListManager.startTrackingDeviceList(listOf(userId)) + } + } + } + + private fun onRoomHistoryVisibilityEvent(roomId: String, event: Event) { + if (!event.isStateEvent()) return + val eventContent = event.content.toModel() + eventContent?.historyVisibility?.let { + cryptoStore.setShouldEncryptForInvitedMembers(roomId, it != RoomHistoryVisibility.JOINED) + } + } + + /** + * Upload my user's device keys. + */ + private suspend fun uploadDeviceKeys() { + if (cryptoStore.areDeviceKeysUploaded()) { + Timber.tag(loggerTag.value).d("Keys already uploaded, nothing to do") + return + } + // Prepare the device keys data to send + // Sign it + val canonicalJson = JsonCanonicalizer.getCanonicalJson(Map::class.java, getMyDevice().signalableJSONDictionary()) + var rest = getMyDevice().toRest() + + rest = rest.copy( + signatures = objectSigner.signObject(canonicalJson) + ) + + val uploadDeviceKeysParams = UploadKeysTask.Params(rest, null, null) + uploadKeysTask.execute(uploadDeviceKeysParams) + + cryptoStore.setDeviceKeysUploaded(true) + } + + /** + * Export the crypto keys + * + * @param password the password + * @return the exported keys + */ + override suspend fun exportRoomKeys(password: String): ByteArray { + return exportRoomKeys(password, MXMegolmExportEncryption.DEFAULT_ITERATION_COUNT) + } + + /** + * Export the crypto keys + * + * @param password the password + * @param anIterationCount the encryption iteration count (0 means no encryption) + */ + private suspend fun exportRoomKeys(password: String, anIterationCount: Int): ByteArray { + return withContext(coroutineDispatchers.crypto) { + val iterationCount = max(0, anIterationCount) + + val exportedSessions = cryptoStore.getInboundGroupSessions().mapNotNull { it.exportKeys() } + + val adapter = MoshiProvider.providesMoshi() + .adapter(List::class.java) + + MXMegolmExportEncryption.encryptMegolmKeyFile(adapter.toJson(exportedSessions), password, iterationCount) + } + } + + /** + * Import the room keys + * + * @param roomKeysAsArray the room keys as array. + * @param password the password + * @param progressListener the progress listener + * @return the result ImportRoomKeysResult + */ + override suspend fun importRoomKeys(roomKeysAsArray: ByteArray, + password: String, + progressListener: ProgressListener?): ImportRoomKeysResult { + return withContext(coroutineDispatchers.crypto) { + Timber.tag(loggerTag.value).v("importRoomKeys starts") + + val t0 = System.currentTimeMillis() + val roomKeys = MXMegolmExportEncryption.decryptMegolmKeyFile(roomKeysAsArray, password) + val t1 = System.currentTimeMillis() + + Timber.tag(loggerTag.value).v("importRoomKeys : decryptMegolmKeyFile done in ${t1 - t0} ms") + + val importedSessions = MoshiProvider.providesMoshi() + .adapter>(Types.newParameterizedType(List::class.java, MegolmSessionData::class.java)) + .fromJson(roomKeys) + + val t2 = System.currentTimeMillis() + + Timber.tag(loggerTag.value).v("importRoomKeys : JSON parsing ${t2 - t1} ms") + + if (importedSessions == null) { + throw Exception("Error") + } + + megolmSessionDataImporter.handle( + megolmSessionsData = importedSessions, + fromBackup = false, + progressListener = progressListener + ) + } + } + + /** + * Update the warn status when some unknown devices are detected. + * + * @param warn true to warn when some unknown devices are detected. + */ + override fun setWarnOnUnknownDevices(warn: Boolean) { + warnOnUnknownDevicesRepository.setWarnOnUnknownDevices(warn) + } + + /** + * Check if the user ids list have some unknown devices. + * A success means there is no unknown devices. + * If there are some unknown devices, a MXCryptoError.UnknownDevice exception is triggered. + * + * @param userIds the user ids list + * @param callback the asynchronous callback. + */ + fun checkUnknownDevices(userIds: List, callback: MatrixCallback) { + // force the refresh to ensure that the devices list is up-to-date + cryptoCoroutineScope.launch(coroutineDispatchers.crypto) { + runCatching { + val keys = deviceListManager.downloadKeys(userIds, true) + val unknownDevices = getUnknownDevices(keys) + if (unknownDevices.map.isNotEmpty()) { + // trigger an an unknown devices exception + throw Failure.CryptoError(MXCryptoError.UnknownDevice(unknownDevices)) + } + }.foldToCallback(callback) + } + } + + /** + * Set the global override for whether the client should ever send encrypted + * messages to unverified devices. + * If false, it can still be overridden per-room. + * If true, it overrides the per-room settings. + * + * @param block true to unilaterally blacklist all + */ + override fun setGlobalBlacklistUnverifiedDevices(block: Boolean) { + cryptoStore.setGlobalBlacklistUnverifiedDevices(block) + } + + override fun enableKeyGossiping(enable: Boolean) { + cryptoStore.enableKeyGossiping(enable) + } + + override fun isKeyGossipingEnabled() = cryptoStore.isKeyGossipingEnabled() + + /** + * Tells whether the client should ever send encrypted messages to unverified devices. + * The default value is false. + * This function must be called in the getEncryptingThreadHandler() thread. + * + * @return true to unilaterally blacklist all unverified devices. + */ + override fun getGlobalBlacklistUnverifiedDevices(): Boolean { + return cryptoStore.getGlobalBlacklistUnverifiedDevices() + } + + /** + * Tells whether the client should encrypt messages only for the verified devices + * in this room. + * The default value is false. + * + * @param roomId the room id + * @return true if the client should encrypt messages only for the verified devices. + */ +// TODO add this info in CryptoRoomEntity? + override fun isRoomBlacklistUnverifiedDevices(roomId: String?): Boolean { + return roomId?.let { cryptoStore.getRoomsListBlacklistUnverifiedDevices().contains(it) } + ?: false + } + + /** + * Manages the room black-listing for unverified devices. + * + * @param roomId the room id + * @param add true to add the room id to the list, false to remove it. + */ + private fun setRoomBlacklistUnverifiedDevices(roomId: String, add: Boolean) { + val roomIds = cryptoStore.getRoomsListBlacklistUnverifiedDevices().toMutableList() + + if (add) { + if (roomId !in roomIds) { + roomIds.add(roomId) + } + } else { + roomIds.remove(roomId) + } + + cryptoStore.setRoomsListBlacklistUnverifiedDevices(roomIds) + } + + /** + * Add this room to the ones which don't encrypt messages to unverified devices. + * + * @param roomId the room id + */ + override fun setRoomBlacklistUnverifiedDevices(roomId: String) { + setRoomBlacklistUnverifiedDevices(roomId, true) + } + + /** + * Remove this room to the ones which don't encrypt messages to unverified devices. + * + * @param roomId the room id + */ + override fun setRoomUnBlacklistUnverifiedDevices(roomId: String) { + setRoomBlacklistUnverifiedDevices(roomId, false) + } + + /** + * Re request the encryption keys required to decrypt an event. + * + * @param event the event to decrypt again. + */ + override fun reRequestRoomKeyForEvent(event: Event) { + outgoingKeyRequestManager.requestKeyForEvent(event, true) + } + + override fun requestRoomKeyForEvent(event: Event) { + outgoingKeyRequestManager.requestKeyForEvent(event, false) + } + + /** + * Add a GossipingRequestListener listener. + * + * @param listener listener + */ + override fun addRoomKeysRequestListener(listener: GossipingRequestListener) { + incomingKeyRequestManager.addRoomKeysRequestListener(listener) + secretShareManager.addListener(listener) + } + + /** + * Add a GossipingRequestListener listener. + * + * @param listener listener + */ + override fun removeRoomKeysRequestListener(listener: GossipingRequestListener) { + incomingKeyRequestManager.removeRoomKeysRequestListener(listener) + secretShareManager.addListener(listener) + } + + /** + * Provides the list of unknown devices + * + * @param devicesInRoom the devices map + * @return the unknown devices map + */ + private fun getUnknownDevices(devicesInRoom: MXUsersDevicesMap): MXUsersDevicesMap { + val unknownDevices = MXUsersDevicesMap() + val userIds = devicesInRoom.userIds + for (userId in userIds) { + devicesInRoom.getUserDeviceIds(userId)?.forEach { deviceId -> + devicesInRoom.getObject(userId, deviceId) + ?.takeIf { it.isUnknown } + ?.let { + unknownDevices.setObject(userId, deviceId, it) + } + } + } + + return unknownDevices + } + + override fun downloadKeys(userIds: List, forceDownload: Boolean, callback: MatrixCallback>) { + cryptoCoroutineScope.launch(coroutineDispatchers.crypto) { + runCatching { + deviceListManager.downloadKeys(userIds, forceDownload) + }.foldToCallback(callback) + } + } + + override fun addNewSessionListener(newSessionListener: NewSessionListener) { + roomDecryptorProvider.addNewSessionListener(newSessionListener) + } + + override fun removeSessionListener(listener: NewSessionListener) { + roomDecryptorProvider.removeSessionListener(listener) + } +/* ========================================================================================== + * DEBUG INFO + * ========================================================================================== */ + + override fun toString(): String { + return "DefaultCryptoService of $userId ($deviceId)" + } + + override fun getOutgoingRoomKeyRequests(): List { + return cryptoStore.getOutgoingRoomKeyRequests() + } + + override fun getOutgoingRoomKeyRequestsPaged(): LiveData> { + return cryptoStore.getOutgoingRoomKeyRequestsPaged() + } + + override fun getIncomingRoomKeyRequests(): List { + return cryptoStore.getGossipingEvents() + .mapNotNull { + IncomingRoomKeyRequest.fromEvent(it) + } + } + + override fun getIncomingRoomKeyRequestsPaged(): LiveData> { + return cryptoStore.getGossipingEventsTrail(TrailType.IncomingKeyRequest) { + IncomingRoomKeyRequest.fromEvent(it) + ?: IncomingRoomKeyRequest(localCreationTimestamp = 0L) + } + } + + /** + * If you registered a `GossipingRequestListener`, you will be notified of key request + * that was not accepted by the SDK. You can call back this manually to accept anyhow. + */ + override suspend fun manuallyAcceptRoomKeyRequest(request: IncomingRoomKeyRequest) { + incomingKeyRequestManager.manuallyAcceptRoomKeyRequest(request) + } + + override fun getGossipingEventsTrail(): LiveData> { + return cryptoStore.getGossipingEventsTrail() + } + + override fun getGossipingEvents(): List { + return cryptoStore.getGossipingEvents() + } + + override fun getSharedWithInfo(roomId: String?, sessionId: String): MXUsersDevicesMap { + return cryptoStore.getSharedWithInfo(roomId, sessionId) + } + + override fun getWithHeldMegolmSession(roomId: String, sessionId: String): RoomKeyWithHeldContent? { + return cryptoStore.getWithHeldMegolmSession(roomId, sessionId) + } + + override fun logDbUsageInfo() { + cryptoStore.logDbUsageInfo() + } + + override fun prepareToEncrypt(roomId: String, callback: MatrixCallback) { + cryptoCoroutineScope.launch(coroutineDispatchers.crypto) { + Timber.tag(loggerTag.value).d("prepareToEncrypt() roomId:$roomId Check room members up to date") + // Ensure to load all room members + try { + loadRoomMembersTask.execute(LoadRoomMembersTask.Params(roomId)) + } catch (failure: Throwable) { + Timber.tag(loggerTag.value).e("prepareToEncrypt() : Failed to load room members") + // we probably shouldn't block sending on that (but questionable) + // but some members won't be able to decrypt + } + + val userIds = getRoomUserIds(roomId) + val alg = roomEncryptorsStore.get(roomId) + ?: getEncryptionAlgorithm(roomId) + ?.let { setEncryptionInRoom(roomId, it, false, userIds) } + ?.let { roomEncryptorsStore.get(roomId) } + + if (alg == null) { + val reason = String.format(MXCryptoError.UNABLE_TO_ENCRYPT_REASON, MXCryptoError.NO_MORE_ALGORITHM_REASON) + Timber.tag(loggerTag.value).e("prepareToEncrypt() : $reason") + callback.onFailure(IllegalArgumentException("Missing algorithm")) + return@launch + } + + runCatching { + (alg as? IMXGroupEncryption)?.preshareKey(userIds) + }.fold( + { callback.onSuccess(Unit) }, + { + Timber.tag(loggerTag.value).e(it, "prepareToEncrypt() failed.") + callback.onFailure(it) + } + ) + } + } + + /* ========================================================================================== + * For test only + * ========================================================================================== */ + + @VisibleForTesting + val cryptoStoreForTesting = cryptoStore + + @VisibleForTesting + val olmDeviceForTest = olmDevice + + companion object { + const val CRYPTO_MIN_FORCE_SESSION_PERIOD_MILLIS = 3_600_000 // one hour + } +} diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/MXOlmDevice.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/MXOlmDevice.kt index 67d544ca43..b91a970fc1 100755 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/MXOlmDevice.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/MXOlmDevice.kt @@ -1,926 +1,918 @@ -/* - * Copyright 2020 The Matrix.org Foundation C.I.C. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.matrix.android.sdk.internal.crypto - -import androidx.annotation.VisibleForTesting -import kotlinx.coroutines.sync.Mutex -import kotlinx.coroutines.sync.withLock -import org.matrix.android.sdk.api.extensions.tryOrNull -import org.matrix.android.sdk.api.logger.LoggerTag -import org.matrix.android.sdk.api.session.crypto.MXCryptoError -import org.matrix.android.sdk.api.session.crypto.model.OlmDecryptionResult -import org.matrix.android.sdk.api.util.JSON_DICT_PARAMETERIZED_TYPE -import org.matrix.android.sdk.api.util.JsonDict -import org.matrix.android.sdk.internal.crypto.algorithms.megolm.MXOutboundSessionInfo -import org.matrix.android.sdk.internal.crypto.algorithms.megolm.SharedWithHelper -import org.matrix.android.sdk.internal.crypto.model.OlmInboundGroupSessionWrapper2 -import org.matrix.android.sdk.internal.crypto.model.OlmSessionWrapper -import org.matrix.android.sdk.internal.crypto.store.IMXCryptoStore -import org.matrix.android.sdk.internal.di.MoshiProvider -import org.matrix.android.sdk.internal.session.SessionScope -import org.matrix.android.sdk.internal.util.JsonCanonicalizer -import org.matrix.android.sdk.internal.util.convertFromUTF8 -import org.matrix.android.sdk.internal.util.convertToUTF8 -import org.matrix.olm.OlmAccount -import org.matrix.olm.OlmException -import org.matrix.olm.OlmMessage -import org.matrix.olm.OlmOutboundGroupSession -import org.matrix.olm.OlmSession -import org.matrix.olm.OlmUtility -import timber.log.Timber -import javax.inject.Inject - -private val loggerTag = LoggerTag("MXOlmDevice", LoggerTag.CRYPTO) - -// The libolm wrapper. -@SessionScope -internal class MXOlmDevice @Inject constructor( - /** - * The store where crypto data is saved. - */ - private val store: IMXCryptoStore, - private val olmSessionStore: OlmSessionStore, - private val inboundGroupSessionStore: InboundGroupSessionStore -) { - - val mutex = Mutex() - - /** - * @return the Curve25519 key for the account. - */ - var deviceCurve25519Key: String? = null - private set - - /** - * @return the Ed25519 key for the account. - */ - var deviceEd25519Key: String? = null - private set - - // The OLM lib utility instance. - private var olmUtility: OlmUtility? = null - - private data class GroupSessionCacheItem( - val groupId: String, - val groupSession: OlmOutboundGroupSession - ) - - // The outbound group session. - // Caches active outbound session to avoid to sync with DB before read - // The key is the session id, the value the . - private val outboundGroupSessionCache: MutableMap = HashMap() - - // Store a set of decrypted message indexes for each group session. - // This partially mitigates a replay attack where a MITM resends a group - // message into the room. - // - // The Matrix SDK exposes events through MXEventTimelines. A developer can open several - // timelines from a same room so that a message can be decrypted several times but from - // a different timeline. - // So, store these message indexes per timeline id. - // - // The first level keys are timeline ids. - // The second level keys are strings of form "||" - private val inboundGroupSessionMessageIndexes: MutableMap> = HashMap() - - init { - // Retrieve the account from the store - try { - store.getOrCreateOlmAccount() - } catch (e: Exception) { - Timber.tag(loggerTag.value).e(e, "MXOlmDevice : cannot initialize olmAccount") - } - - try { - olmUtility = OlmUtility() - } catch (e: Exception) { - Timber.tag(loggerTag.value).e(e, "## MXOlmDevice : OlmUtility failed with error") - olmUtility = null - } - - try { - deviceCurve25519Key = store.doWithOlmAccount { it.identityKeys()[OlmAccount.JSON_KEY_IDENTITY_KEY] } - } catch (e: Exception) { - Timber.tag(loggerTag.value).e(e, "## MXOlmDevice : cannot find ${OlmAccount.JSON_KEY_IDENTITY_KEY} with error") - } - - try { - deviceEd25519Key = store.doWithOlmAccount { it.identityKeys()[OlmAccount.JSON_KEY_FINGER_PRINT_KEY] } - } catch (e: Exception) { - Timber.tag(loggerTag.value).e(e, "## MXOlmDevice : cannot find ${OlmAccount.JSON_KEY_FINGER_PRINT_KEY} with error") - } - } - - /** - * @return The current (unused, unpublished) one-time keys for this account. - */ - fun getOneTimeKeys(): Map>? { - try { - return store.doWithOlmAccount { it.oneTimeKeys() } - } catch (e: Exception) { - Timber.tag(loggerTag.value).e(e, "## getOneTimeKeys() : failed") - } - - return null - } - - /** - * @return The maximum number of one-time keys the olm account can store. - */ - fun getMaxNumberOfOneTimeKeys(): Long { - return store.doWithOlmAccount { it.maxOneTimeKeys() } - } - - /** - * Returns an unpublished fallback key - * A call to markKeysAsPublished will mark it as published and this - * call will return null (until a call to generateFallbackKey is made) - */ - fun getFallbackKey(): MutableMap>? { - try { - return store.doWithOlmAccount { it.fallbackKey() } - } catch (e: Exception) { - Timber.tag(loggerTag.value).e("## getFallbackKey() : failed") - } - return null - } - - /** - * Generates a new fallback key if there is not already - * an unpublished one. - * @return true if a new key was generated - */ - fun generateFallbackKeyIfNeeded(): Boolean { - try { - if (!hasUnpublishedFallbackKey()) { - store.doWithOlmAccount { - it.generateFallbackKey() - store.saveOlmAccount() - } - return true - } - } catch (e: Exception) { - Timber.tag(loggerTag.value).e("## generateFallbackKey() : failed") - } - return false - } - - internal fun hasUnpublishedFallbackKey(): Boolean { - return getFallbackKey()?.get(OlmAccount.JSON_KEY_ONE_TIME_KEY).orEmpty().isNotEmpty() - } - - fun forgetFallbackKey() { - try { - store.doWithOlmAccount { - it.forgetFallbackKey() - store.saveOlmAccount() - } - } catch (e: Exception) { - Timber.tag(loggerTag.value).e("## forgetFallbackKey() : failed") - } - } - - /** - * Release the instance - */ - fun release() { - olmUtility?.releaseUtility() - outboundGroupSessionCache.values.forEach { - it.groupSession.releaseSession() - } - outboundGroupSessionCache.clear() - inboundGroupSessionStore.clear() - olmSessionStore.clear() - } - - /** - * Signs a message with the ed25519 key for this account. - * - * @param message the message to be signed. - * @return the base64-encoded signature. - */ - fun signMessage(message: String): String? { - try { - return store.doWithOlmAccount { it.signMessage(message) } - } catch (e: Exception) { - Timber.tag(loggerTag.value).e(e, "## signMessage() : failed") - } - - return null - } - - /** - * Marks all of the one-time keys as published. - */ - fun markKeysAsPublished() { - try { - store.doWithOlmAccount { - it.markOneTimeKeysAsPublished() - store.saveOlmAccount() - } - } catch (e: Exception) { - Timber.tag(loggerTag.value).e(e, "## markKeysAsPublished() : failed") - } - } - - /** - * Generate some new one-time keys - * - * @param numKeys number of keys to generate - */ - fun generateOneTimeKeys(numKeys: Int) { - try { - store.doWithOlmAccount { - it.generateOneTimeKeys(numKeys) - store.saveOlmAccount() - } - } catch (e: Exception) { - Timber.tag(loggerTag.value).e(e, "## generateOneTimeKeys() : failed") - } - } - - /** - * Generate a new outbound session. - * The new session will be stored in the MXStore. - * - * @param theirIdentityKey the remote user's Curve25519 identity key - * @param theirOneTimeKey the remote user's one-time Curve25519 key - * @return the session id for the outbound session. - */ - fun createOutboundSession(theirIdentityKey: String, theirOneTimeKey: String): String? { - Timber.tag(loggerTag.value).d("## createOutboundSession() ; theirIdentityKey $theirIdentityKey theirOneTimeKey $theirOneTimeKey") - var olmSession: OlmSession? = null - - try { - olmSession = OlmSession() - store.doWithOlmAccount { olmAccount -> - olmSession.initOutboundSession(olmAccount, theirIdentityKey, theirOneTimeKey) - } - - val olmSessionWrapper = OlmSessionWrapper(olmSession, 0) - - // Pretend we've received a message at this point, otherwise - // if we try to send a message to the device, it won't use - // this session - olmSessionWrapper.onMessageReceived() - - olmSessionStore.storeSession(olmSessionWrapper, theirIdentityKey) - - val sessionIdentifier = olmSession.sessionIdentifier() - - Timber.tag(loggerTag.value).v("## createOutboundSession() ; olmSession.sessionIdentifier: $sessionIdentifier") - return sessionIdentifier - } catch (e: Exception) { - Timber.tag(loggerTag.value).e(e, "## createOutboundSession() failed") - - olmSession?.releaseSession() - } - - return null - } - - /** - * Generate a new inbound session, given an incoming message. - * - * @param theirDeviceIdentityKey the remote user's Curve25519 identity key. - * @param messageType the message_type field from the received message (must be 0). - * @param ciphertext base64-encoded body from the received message. - * @return {{payload: string, session_id: string}} decrypted payload, and session id of new session. - */ - fun createInboundSession(theirDeviceIdentityKey: String, messageType: Int, ciphertext: String): Map? { - Timber.tag(loggerTag.value).d("## createInboundSession() : theirIdentityKey: $theirDeviceIdentityKey") - - var olmSession: OlmSession? = null - - try { - try { - olmSession = OlmSession() - store.doWithOlmAccount { olmAccount -> - olmSession.initInboundSessionFrom(olmAccount, theirDeviceIdentityKey, ciphertext) - } - } catch (e: Exception) { - Timber.tag(loggerTag.value).e(e, "## createInboundSession() : the session creation failed") - return null - } - - Timber.tag(loggerTag.value).v("## createInboundSession() : sessionId: ${olmSession.sessionIdentifier()}") - - try { - store.doWithOlmAccount { olmAccount -> - olmAccount.removeOneTimeKeys(olmSession) - store.saveOlmAccount() - } - } catch (e: Exception) { - Timber.tag(loggerTag.value).e(e, "## createInboundSession() : removeOneTimeKeys failed") - } - -// Timber.tag(loggerTag.value).v("## createInboundSession() : ciphertext: $ciphertext.") -// try { -// val sha256 = olmUtility!!.sha256(URLEncoder.encode(ciphertext, "utf-8")) -// Timber.tag(loggerTag.value).v("## createInboundSession() :ciphertext: SHA256: $sha256") -// } catch (e: Exception) { -// Timber.tag(loggerTag.value).e(e, "## createInboundSession() :ciphertext: cannot encode ciphertext") -// } - - val olmMessage = OlmMessage() - olmMessage.mCipherText = ciphertext - olmMessage.mType = messageType.toLong() - - var payloadString: String? = null - - try { - payloadString = olmSession.decryptMessage(olmMessage) - - val olmSessionWrapper = OlmSessionWrapper(olmSession, 0) - // This counts as a received message: set last received message time to now - olmSessionWrapper.onMessageReceived() - - olmSessionStore.storeSession(olmSessionWrapper, theirDeviceIdentityKey) - } catch (e: Exception) { - Timber.tag(loggerTag.value).e(e, "## createInboundSession() : decryptMessage failed") - } - - val res = HashMap() - - if (!payloadString.isNullOrEmpty()) { - res["payload"] = payloadString - } - - val sessionIdentifier = olmSession.sessionIdentifier() - - if (!sessionIdentifier.isNullOrEmpty()) { - res["session_id"] = sessionIdentifier - } - - return res - } catch (e: Exception) { - Timber.tag(loggerTag.value).e(e, "## createInboundSession() : OlmSession creation failed") - - olmSession?.releaseSession() - } - - return null - } - - /** - * Get a list of known session IDs for the given device. - * - * @param theirDeviceIdentityKey the Curve25519 identity key for the remote device. - * @return a list of known session ids for the device. - */ - fun getSessionIds(theirDeviceIdentityKey: String): List { - return olmSessionStore.getDeviceSessionIds(theirDeviceIdentityKey) - } - - /** - * Get the right olm session id for encrypting messages to the given identity key. - * - * @param theirDeviceIdentityKey the Curve25519 identity key for the remote device. - * @return the session id, or null if no established session. - */ - fun getSessionId(theirDeviceIdentityKey: String): String? { - return olmSessionStore.getLastUsedSessionId(theirDeviceIdentityKey) - } - - /** - * Encrypt an outgoing message using an existing session. - * - * @param theirDeviceIdentityKey the Curve25519 identity key for the remote device. - * @param sessionId the id of the active session - * @param payloadString the payload to be encrypted and sent - * @return the cipher text - */ - suspend fun encryptMessage(theirDeviceIdentityKey: String, sessionId: String, payloadString: String): Map? { - val olmSessionWrapper = getSessionForDevice(theirDeviceIdentityKey, sessionId) - - if (olmSessionWrapper != null) { - try { - Timber.tag(loggerTag.value).v("## encryptMessage() : olmSession.sessionIdentifier: $sessionId") - - val olmMessage = olmSessionWrapper.mutex.withLock { - olmSessionWrapper.olmSession.encryptMessage(payloadString) - } - return mapOf( - "body" to olmMessage.mCipherText, - "type" to olmMessage.mType, - ).also { - olmSessionStore.storeSession(olmSessionWrapper, theirDeviceIdentityKey) - } - } catch (e: Throwable) { - Timber.tag(loggerTag.value).e(e, "## encryptMessage() : failed to encrypt olm with device|session:$theirDeviceIdentityKey|$sessionId") - return null - } - } else { - Timber.tag(loggerTag.value).e("## encryptMessage() : Failed to encrypt unknown session $sessionId") - return null - } - } - - /** - * Decrypt an incoming message using an existing session. - * - * @param ciphertext the base64-encoded body from the received message. - * @param messageType message_type field from the received message. - * @param theirDeviceIdentityKey the Curve25519 identity key for the remote device. - * @param sessionId the id of the active session. - * @return the decrypted payload. - */ - @kotlin.jvm.Throws - suspend fun decryptMessage(ciphertext: String, messageType: Int, sessionId: String, theirDeviceIdentityKey: String): String? { - var payloadString: String? = null - - val olmSessionWrapper = getSessionForDevice(theirDeviceIdentityKey, sessionId) - - if (null != olmSessionWrapper) { - val olmMessage = OlmMessage() - olmMessage.mCipherText = ciphertext - olmMessage.mType = messageType.toLong() - - payloadString = - olmSessionWrapper.mutex.withLock { - olmSessionWrapper.olmSession.decryptMessage(olmMessage).also { - olmSessionWrapper.onMessageReceived() - } - } - olmSessionStore.storeSession(olmSessionWrapper, theirDeviceIdentityKey) - } - - return payloadString - } - - /** - * Determine if an incoming messages is a prekey message matching an existing session. - * - * @param theirDeviceIdentityKey the Curve25519 identity key for the remote device. - * @param sessionId the id of the active session. - * @param messageType message_type field from the received message. - * @param ciphertext the base64-encoded body from the received message. - * @return YES if the received message is a prekey message which matchesthe given session. - */ - fun matchesSession(theirDeviceIdentityKey: String, sessionId: String, messageType: Int, ciphertext: String): Boolean { - if (messageType != 0) { - return false - } - - val olmSessionWrapper = getSessionForDevice(theirDeviceIdentityKey, sessionId) - return null != olmSessionWrapper && olmSessionWrapper.olmSession.matchesInboundSession(ciphertext) - } - - // Outbound group session - - /** - * Generate a new outbound group session. - * - * @return the session id for the outbound session. - */ - fun createOutboundGroupSessionForRoom(roomId: String): String? { - var session: OlmOutboundGroupSession? = null - try { - session = OlmOutboundGroupSession() - outboundGroupSessionCache[session.sessionIdentifier()] = GroupSessionCacheItem(roomId, session) - store.storeCurrentOutboundGroupSessionForRoom(roomId, session) - return session.sessionIdentifier() - } catch (e: Exception) { - Timber.tag(loggerTag.value).e(e, "createOutboundGroupSession") - - session?.releaseSession() - } - - return null - } - - fun storeOutboundGroupSessionForRoom(roomId: String, sessionId: String) { - outboundGroupSessionCache[sessionId]?.let { - store.storeCurrentOutboundGroupSessionForRoom(roomId, it.groupSession) - } - } - - fun restoreOutboundGroupSessionForRoom(roomId: String): MXOutboundSessionInfo? { - val restoredOutboundGroupSession = store.getCurrentOutboundGroupSessionForRoom(roomId) - if (restoredOutboundGroupSession != null) { - val sessionId = restoredOutboundGroupSession.outboundGroupSession.sessionIdentifier() - // cache it - outboundGroupSessionCache[sessionId] = GroupSessionCacheItem(roomId, restoredOutboundGroupSession.outboundGroupSession) - - return MXOutboundSessionInfo( - sessionId = sessionId, - sharedWithHelper = SharedWithHelper(roomId, sessionId, store), - restoredOutboundGroupSession.creationTime - ) - } - return null - } - - fun discardOutboundGroupSessionForRoom(roomId: String) { - val toDiscard = outboundGroupSessionCache.filter { - it.value.groupId == roomId - } - toDiscard.forEach { (sessionId, cacheItem) -> - cacheItem.groupSession.releaseSession() - outboundGroupSessionCache.remove(sessionId) - } - store.storeCurrentOutboundGroupSessionForRoom(roomId, null) - } - - /** - * Get the current session key of an outbound group session. - * - * @param sessionId the id of the outbound group session. - * @return the base64-encoded secret key. - */ - fun getSessionKey(sessionId: String): String? { - if (sessionId.isNotEmpty()) { - try { - return outboundGroupSessionCache[sessionId]!!.groupSession.sessionKey() - } catch (e: Exception) { - Timber.tag(loggerTag.value).e(e, "## getSessionKey() : failed") - } - } - return null - } - - /** - * Get the current message index of an outbound group session. - * - * @param sessionId the id of the outbound group session. - * @return the current chain index. - */ - fun getMessageIndex(sessionId: String): Int { - return if (sessionId.isNotEmpty()) { - outboundGroupSessionCache[sessionId]!!.groupSession.messageIndex() - } else 0 - } - - /** - * Encrypt an outgoing message with an outbound group session. - * - * @param sessionId the id of the outbound group session. - * @param payloadString the payload to be encrypted and sent. - * @return ciphertext - */ - fun encryptGroupMessage(sessionId: String, payloadString: String): String? { - if (sessionId.isNotEmpty() && payloadString.isNotEmpty()) { - try { - return outboundGroupSessionCache[sessionId]!!.groupSession.encryptMessage(payloadString) - } catch (e: Throwable) { - Timber.tag(loggerTag.value).e(e, "## encryptGroupMessage() : failed") - } - } - return null - } - - // Inbound group session - - sealed class AddSessionResult { - data class Imported(val ratchetIndex: Int) : AddSessionResult() - abstract class Failure : AddSessionResult() - object NotImported : Failure() - data class NotImportedHigherIndex(val newIndex: Int) : AddSessionResult() - } - - /** - * Add an inbound group session to the session store. - * - * @param sessionId the session identifier. - * @param sessionKey base64-encoded secret key. - * @param roomId the id of the room in which this session will be used. - * @param senderKey the base64-encoded curve25519 key of the sender. - * @param forwardingCurve25519KeyChain Devices involved in forwarding this session to us. - * @param keysClaimed Other keys the sender claims. - * @param exportFormat true if the megolm keys are in export format - * @return true if the operation succeeds. - */ - fun addInboundGroupSession(sessionId: String, - sessionKey: String, - roomId: String, - senderKey: String, - forwardingCurve25519KeyChain: List, - keysClaimed: Map, - exportFormat: Boolean): AddSessionResult { - val candidateSession = OlmInboundGroupSessionWrapper2(sessionKey, exportFormat) - val existingSessionHolder = tryOrNull { getInboundGroupSession(sessionId, senderKey, roomId) } - val existingSession = existingSessionHolder?.wrapper - // If we have an existing one we should check if the new one is not better - if (existingSession != null) { - Timber.tag(loggerTag.value).d("## addInboundGroupSession() check if known session is better than candidate session") - try { - val existingFirstKnown = existingSession.firstKnownIndex ?: return AddSessionResult.NotImported.also { - // This is quite unexpected, could throw if native was released? - Timber.tag(loggerTag.value).e("## addInboundGroupSession() null firstKnownIndex on existing session") - candidateSession.olmInboundGroupSession?.releaseSession() - // Probably should discard it? - } - val newKnownFirstIndex = candidateSession.firstKnownIndex - // If our existing session is better we keep it - if (newKnownFirstIndex != null && existingFirstKnown <= newKnownFirstIndex) { - Timber.tag(loggerTag.value).d("## addInboundGroupSession() : ignore session our is better $senderKey/$sessionId") - candidateSession.olmInboundGroupSession?.releaseSession() - return AddSessionResult.NotImportedHigherIndex(newKnownFirstIndex.toInt()) - } - } catch (failure: Throwable) { - Timber.tag(loggerTag.value).e("## addInboundGroupSession() Failed to add inbound: ${failure.localizedMessage}") - candidateSession.olmInboundGroupSession?.releaseSession() - return AddSessionResult.NotImported - } - } - - Timber.tag(loggerTag.value).d("## addInboundGroupSession() : Candidate session should be added $senderKey/$sessionId") - - // sanity check on the new session - val candidateOlmInboundSession = candidateSession.olmInboundGroupSession - if (null == candidateOlmInboundSession) { - Timber.tag(loggerTag.value).e("## addInboundGroupSession : invalid session ") - return AddSessionResult.NotImported - } - - try { - if (candidateOlmInboundSession.sessionIdentifier() != sessionId) { - Timber.tag(loggerTag.value).e("## addInboundGroupSession : ERROR: Mismatched group session ID from senderKey: $senderKey") - candidateOlmInboundSession.releaseSession() - return AddSessionResult.NotImported - } - } catch (e: Throwable) { - candidateOlmInboundSession.releaseSession() - Timber.tag(loggerTag.value).e(e, "## addInboundGroupSession : sessionIdentifier() failed") - return AddSessionResult.NotImported - } - - candidateSession.senderKey = senderKey - candidateSession.roomId = roomId - candidateSession.keysClaimed = keysClaimed - candidateSession.forwardingCurve25519KeyChain = forwardingCurve25519KeyChain - - if (existingSession != null) { - inboundGroupSessionStore.replaceGroupSession(existingSessionHolder, InboundGroupSessionHolder(candidateSession), sessionId, senderKey) - } else { - inboundGroupSessionStore.storeInBoundGroupSession(InboundGroupSessionHolder(candidateSession), sessionId, senderKey) - } - - return AddSessionResult.Imported(candidateSession.firstKnownIndex?.toInt() ?: 0) - } - - /** - * Import an inbound group sessions to the session store. - * - * @param megolmSessionsData the megolm sessions data - * @return the successfully imported sessions. - */ - fun importInboundGroupSessions(megolmSessionsData: List): List { - val sessions = ArrayList(megolmSessionsData.size) - - for (megolmSessionData in megolmSessionsData) { - val sessionId = megolmSessionData.sessionId ?: continue - val senderKey = megolmSessionData.senderKey ?: continue - val roomId = megolmSessionData.roomId - - var candidateSessionToImport: OlmInboundGroupSessionWrapper2? = null - - try { - candidateSessionToImport = OlmInboundGroupSessionWrapper2(megolmSessionData) - } catch (e: Exception) { - Timber.tag(loggerTag.value).e(e, "## importInboundGroupSession() : Update for megolm session $senderKey/$sessionId") - } - - // sanity check - if (candidateSessionToImport?.olmInboundGroupSession == null) { - Timber.tag(loggerTag.value).e("## importInboundGroupSession : invalid session") - continue - } - - val candidateOlmInboundGroupSession = candidateSessionToImport.olmInboundGroupSession - try { - if (candidateOlmInboundGroupSession?.sessionIdentifier() != sessionId) { - Timber.tag(loggerTag.value).e("## importInboundGroupSession : ERROR: Mismatched group session ID from senderKey: $senderKey") - candidateOlmInboundGroupSession?.releaseSession() - continue - } - } catch (e: Exception) { - Timber.tag(loggerTag.value).e(e, "## importInboundGroupSession : sessionIdentifier() failed") - candidateOlmInboundGroupSession?.releaseSession() - continue - } - - val existingSessionHolder = tryOrNull { getInboundGroupSession(sessionId, senderKey, roomId) } - val existingSession = existingSessionHolder?.wrapper - - if (existingSession == null) { - // Session does not already exist, add it - Timber.tag(loggerTag.value).d("## importInboundGroupSession() : importing new megolm session $senderKey/$sessionId") - sessions.add(candidateSessionToImport) - } else { - Timber.tag(loggerTag.value).e("## importInboundGroupSession() : Update for megolm session $senderKey/$sessionId") - val existingFirstKnown = tryOrNull { existingSession.firstKnownIndex } - val candidateFirstKnownIndex = tryOrNull { candidateSessionToImport.firstKnownIndex } - - if (existingFirstKnown == null || candidateFirstKnownIndex == null) { - // should not happen? - candidateSessionToImport.olmInboundGroupSession?.releaseSession() - Timber.tag(loggerTag.value) - .w("## importInboundGroupSession() : Can't check session null index $existingFirstKnown/$candidateFirstKnownIndex") - } else { - if (existingFirstKnown <= candidateSessionToImport.firstKnownIndex!!) { - // Ignore this, keep existing - candidateOlmInboundGroupSession.releaseSession() - } else { - // update cache with better session - inboundGroupSessionStore.replaceGroupSession( - existingSessionHolder, - InboundGroupSessionHolder(candidateSessionToImport), - sessionId, - senderKey - ) - sessions.add(candidateSessionToImport) - } - } - } - } - - store.storeInboundGroupSessions(sessions) - - return sessions - } - - /** - * Decrypt a received message with an inbound group session. - * - * @param body the base64-encoded body of the encrypted message. - * @param roomId the room in which the message was received. - * @param timeline the id of the timeline where the event is decrypted. It is used to prevent replay attack. - * @param sessionId the session identifier. - * @param senderKey the base64-encoded curve25519 key of the sender. - * @return the decrypting result. Nil if the sessionId is unknown. - */ - @Throws(MXCryptoError::class) - suspend fun decryptGroupMessage(body: String, - roomId: String, - timeline: String?, - sessionId: String, - senderKey: String): OlmDecryptionResult { - val sessionHolder = getInboundGroupSession(sessionId, senderKey, roomId) - val wrapper = sessionHolder.wrapper - val inboundGroupSession = wrapper.olmInboundGroupSession - ?: throw MXCryptoError.Base(MXCryptoError.ErrorType.UNABLE_TO_DECRYPT, "Session is null") - // Check that the room id matches the original one for the session. This stops - // the HS pretending a message was targeting a different room. - if (roomId == wrapper.roomId) { - val decryptResult = try { - sessionHolder.mutex.withLock { - inboundGroupSession.decryptMessage(body) - } - } catch (e: OlmException) { - Timber.tag(loggerTag.value).e(e, "## decryptGroupMessage () : decryptMessage failed") - throw MXCryptoError.OlmError(e) - } - - if (timeline?.isNotBlank() == true) { - val timelineSet = inboundGroupSessionMessageIndexes.getOrPut(timeline) { mutableSetOf() } - - val messageIndexKey = senderKey + "|" + sessionId + "|" + decryptResult.mIndex - - if (timelineSet.contains(messageIndexKey)) { - val reason = String.format(MXCryptoError.DUPLICATE_MESSAGE_INDEX_REASON, decryptResult.mIndex) - Timber.tag(loggerTag.value).e("## decryptGroupMessage() timelineId=$timeline: $reason") - throw MXCryptoError.Base(MXCryptoError.ErrorType.DUPLICATED_MESSAGE_INDEX, reason) - } - - timelineSet.add(messageIndexKey) - } - - inboundGroupSessionStore.storeInBoundGroupSession(sessionHolder, sessionId, senderKey) - val payload = try { - val adapter = MoshiProvider.providesMoshi().adapter(JSON_DICT_PARAMETERIZED_TYPE) - val payloadString = convertFromUTF8(decryptResult.mDecryptedMessage) - adapter.fromJson(payloadString) - } catch (e: Exception) { - Timber.tag(loggerTag.value).e("## decryptGroupMessage() : fails to parse the payload") - throw MXCryptoError.Base(MXCryptoError.ErrorType.BAD_DECRYPTED_FORMAT, MXCryptoError.BAD_DECRYPTED_FORMAT_TEXT_REASON) - } - - return OlmDecryptionResult( - payload, - wrapper.keysClaimed, - senderKey, - wrapper.forwardingCurve25519KeyChain - ) - } else { - val reason = String.format(MXCryptoError.INBOUND_SESSION_MISMATCH_ROOM_ID_REASON, roomId, wrapper.roomId) - Timber.tag(loggerTag.value).e("## decryptGroupMessage() : $reason") - throw MXCryptoError.Base(MXCryptoError.ErrorType.INBOUND_SESSION_MISMATCH_ROOM_ID, reason) - } - } - - /** - * Reset replay attack data for the given timeline. - * - * @param timeline the id of the timeline. - */ - fun resetReplayAttackCheckInTimeline(timeline: String?) { - if (null != timeline) { - inboundGroupSessionMessageIndexes.remove(timeline) - } - } - -// Utilities - - /** - * Verify an ed25519 signature on a JSON object. - * - * @param key the ed25519 key. - * @param jsonDictionary the JSON object which was signed. - * @param signature the base64-encoded signature to be checked. - * @throws Exception the exception - */ - @Throws(Exception::class) - fun verifySignature(key: String, jsonDictionary: Map, signature: String) { - // Check signature on the canonical version of the JSON - olmUtility!!.verifyEd25519Signature(signature, key, JsonCanonicalizer.getCanonicalJson(Map::class.java, jsonDictionary)) - } - - /** - * Calculate the SHA-256 hash of the input and encodes it as base64. - * - * @param message the message to hash. - * @return the base64-encoded hash value. - */ - fun sha256(message: String): String { - return olmUtility!!.sha256(convertToUTF8(message)) - } - - /** - * Search an OlmSession - * - * @param theirDeviceIdentityKey the device key - * @param sessionId the session Id - * @return the olm session - */ - private fun getSessionForDevice(theirDeviceIdentityKey: String, sessionId: String): OlmSessionWrapper? { - // sanity check - return if (theirDeviceIdentityKey.isEmpty() || sessionId.isEmpty()) null else { - olmSessionStore.getDeviceSession(sessionId, theirDeviceIdentityKey) - } - } - - /** - * Extract an InboundGroupSession from the session store and do some check. - * inboundGroupSessionWithIdError describes the failure reason. - * - * @param roomId the room where the session is used. - * @param sessionId the session identifier. - * @param senderKey the base64-encoded curve25519 key of the sender. - * @return the inbound group session. - */ - fun getInboundGroupSession(sessionId: String?, senderKey: String?, roomId: String?): InboundGroupSessionHolder { - if (sessionId.isNullOrBlank() || senderKey.isNullOrBlank()) { - throw MXCryptoError.Base(MXCryptoError.ErrorType.MISSING_SENDER_KEY, MXCryptoError.ERROR_MISSING_PROPERTY_REASON) - } - - val holder = inboundGroupSessionStore.getInboundGroupSession(sessionId, senderKey) - val session = holder?.wrapper - - if (session != null) { - // Check that the room id matches the original one for the session. This stops - // the HS pretending a message was targeting a different room. - if (roomId != session.roomId) { - val errorDescription = String.format(MXCryptoError.INBOUND_SESSION_MISMATCH_ROOM_ID_REASON, roomId, session.roomId) - Timber.tag(loggerTag.value).e("## getInboundGroupSession() : $errorDescription") - throw MXCryptoError.Base(MXCryptoError.ErrorType.INBOUND_SESSION_MISMATCH_ROOM_ID, errorDescription) - } else { - return holder - } - } else { - Timber.tag(loggerTag.value).w("## getInboundGroupSession() : UISI $sessionId") - throw MXCryptoError.Base(MXCryptoError.ErrorType.UNKNOWN_INBOUND_SESSION_ID, MXCryptoError.UNKNOWN_INBOUND_SESSION_ID_REASON) - } - } - - /** - * Determine if we have the keys for a given megolm session. - * - * @param roomId room in which the message was received - * @param senderKey base64-encoded curve25519 key of the sender - * @param sessionId session identifier - * @return true if the unbound session keys are known. - */ - fun hasInboundSessionKeys(roomId: String, senderKey: String, sessionId: String): Boolean { - return runCatching { getInboundGroupSession(sessionId, senderKey, roomId) }.isSuccess - } - - @VisibleForTesting - fun clearOlmSessionCache() { - olmSessionStore.clear() - } -} +/* + * Copyright 2020 The Matrix.org Foundation C.I.C. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.matrix.android.sdk.internal.crypto + +import androidx.annotation.VisibleForTesting +import kotlinx.coroutines.sync.Mutex +import kotlinx.coroutines.sync.withLock +import org.matrix.android.sdk.api.extensions.tryOrNull +import org.matrix.android.sdk.api.logger.LoggerTag +import org.matrix.android.sdk.api.session.crypto.MXCryptoError +import org.matrix.android.sdk.api.session.crypto.model.OlmDecryptionResult +import org.matrix.android.sdk.api.util.JSON_DICT_PARAMETERIZED_TYPE +import org.matrix.android.sdk.api.util.JsonDict +import org.matrix.android.sdk.internal.crypto.algorithms.megolm.MXOutboundSessionInfo +import org.matrix.android.sdk.internal.crypto.algorithms.megolm.SharedWithHelper +import org.matrix.android.sdk.internal.crypto.model.OlmInboundGroupSessionWrapper2 +import org.matrix.android.sdk.internal.crypto.model.OlmSessionWrapper +import org.matrix.android.sdk.internal.crypto.store.IMXCryptoStore +import org.matrix.android.sdk.internal.di.MoshiProvider +import org.matrix.android.sdk.internal.session.SessionScope +import org.matrix.android.sdk.internal.util.JsonCanonicalizer +import org.matrix.android.sdk.internal.util.convertFromUTF8 +import org.matrix.android.sdk.internal.util.convertToUTF8 +import org.matrix.olm.OlmAccount +import org.matrix.olm.OlmException +import org.matrix.olm.OlmMessage +import org.matrix.olm.OlmOutboundGroupSession +import org.matrix.olm.OlmSession +import org.matrix.olm.OlmUtility +import timber.log.Timber +import javax.inject.Inject + +private val loggerTag = LoggerTag("MXOlmDevice", LoggerTag.CRYPTO) + +// The libolm wrapper. +@SessionScope +internal class MXOlmDevice @Inject constructor( + /** + * The store where crypto data is saved. + */ + private val store: IMXCryptoStore, + private val olmSessionStore: OlmSessionStore, + private val inboundGroupSessionStore: InboundGroupSessionStore +) { + + val mutex = Mutex() + + /** + * @return the Curve25519 key for the account. + */ + var deviceCurve25519Key: String? = null + private set + + /** + * @return the Ed25519 key for the account. + */ + var deviceEd25519Key: String? = null + private set + + // The OLM lib utility instance. + private var olmUtility: OlmUtility? = null + + private data class GroupSessionCacheItem( + val groupId: String, + val groupSession: OlmOutboundGroupSession + ) + + // The outbound group session. + // Caches active outbound session to avoid to sync with DB before read + // The key is the session id, the value the . + private val outboundGroupSessionCache: MutableMap = HashMap() + + // Store a set of decrypted message indexes for each group session. + // This partially mitigates a replay attack where a MITM resends a group + // message into the room. + // + // The Matrix SDK exposes events through MXEventTimelines. A developer can open several + // timelines from a same room so that a message can be decrypted several times but from + // a different timeline. + // So, store these message indexes per timeline id. + // + // The first level keys are timeline ids. + // The second level keys are strings of form "||" + private val inboundGroupSessionMessageIndexes: MutableMap> = HashMap() + + init { + // Retrieve the account from the store + try { + store.getOrCreateOlmAccount() + } catch (e: Exception) { + Timber.tag(loggerTag.value).e(e, "MXOlmDevice : cannot initialize olmAccount") + } + + try { + olmUtility = OlmUtility() + } catch (e: Exception) { + Timber.tag(loggerTag.value).e(e, "## MXOlmDevice : OlmUtility failed with error") + olmUtility = null + } + + try { + deviceCurve25519Key = store.doWithOlmAccount { it.identityKeys()[OlmAccount.JSON_KEY_IDENTITY_KEY] } + } catch (e: Exception) { + Timber.tag(loggerTag.value).e(e, "## MXOlmDevice : cannot find ${OlmAccount.JSON_KEY_IDENTITY_KEY} with error") + } + + try { + deviceEd25519Key = store.doWithOlmAccount { it.identityKeys()[OlmAccount.JSON_KEY_FINGER_PRINT_KEY] } + } catch (e: Exception) { + Timber.tag(loggerTag.value).e(e, "## MXOlmDevice : cannot find ${OlmAccount.JSON_KEY_FINGER_PRINT_KEY} with error") + } + } + + /** + * @return The current (unused, unpublished) one-time keys for this account. + */ + fun getOneTimeKeys(): Map>? { + try { + return store.doWithOlmAccount { it.oneTimeKeys() } + } catch (e: Exception) { + Timber.tag(loggerTag.value).e(e, "## getOneTimeKeys() : failed") + } + + return null + } + + /** + * @return The maximum number of one-time keys the olm account can store. + */ + fun getMaxNumberOfOneTimeKeys(): Long { + return store.doWithOlmAccount { it.maxOneTimeKeys() } + } + + /** + * Returns an unpublished fallback key + * A call to markKeysAsPublished will mark it as published and this + * call will return null (until a call to generateFallbackKey is made) + */ + fun getFallbackKey(): MutableMap>? { + try { + return store.doWithOlmAccount { it.fallbackKey() } + } catch (e: Exception) { + Timber.tag(loggerTag.value).e("## getFallbackKey() : failed") + } + return null + } + + /** + * Generates a new fallback key if there is not already + * an unpublished one. + * @return true if a new key was generated + */ + fun generateFallbackKeyIfNeeded(): Boolean { + try { + if (!hasUnpublishedFallbackKey()) { + store.doWithOlmAccount { + it.generateFallbackKey() + store.saveOlmAccount() + } + return true + } + } catch (e: Exception) { + Timber.tag(loggerTag.value).e("## generateFallbackKey() : failed") + } + return false + } + + internal fun hasUnpublishedFallbackKey(): Boolean { + return getFallbackKey()?.get(OlmAccount.JSON_KEY_ONE_TIME_KEY).orEmpty().isNotEmpty() + } + + fun forgetFallbackKey() { + try { + store.doWithOlmAccount { + it.forgetFallbackKey() + store.saveOlmAccount() + } + } catch (e: Exception) { + Timber.tag(loggerTag.value).e("## forgetFallbackKey() : failed") + } + } + + /** + * Release the instance + */ + fun release() { + olmUtility?.releaseUtility() + outboundGroupSessionCache.values.forEach { + it.groupSession.releaseSession() + } + outboundGroupSessionCache.clear() + inboundGroupSessionStore.clear() + olmSessionStore.clear() + } + + /** + * Signs a message with the ed25519 key for this account. + * + * @param message the message to be signed. + * @return the base64-encoded signature. + */ + fun signMessage(message: String): String? { + try { + return store.doWithOlmAccount { it.signMessage(message) } + } catch (e: Exception) { + Timber.tag(loggerTag.value).e(e, "## signMessage() : failed") + } + + return null + } + + /** + * Marks all of the one-time keys as published. + */ + fun markKeysAsPublished() { + try { + store.doWithOlmAccount { + it.markOneTimeKeysAsPublished() + store.saveOlmAccount() + } + } catch (e: Exception) { + Timber.tag(loggerTag.value).e(e, "## markKeysAsPublished() : failed") + } + } + + /** + * Generate some new one-time keys + * + * @param numKeys number of keys to generate + */ + fun generateOneTimeKeys(numKeys: Int) { + try { + store.doWithOlmAccount { + it.generateOneTimeKeys(numKeys) + store.saveOlmAccount() + } + } catch (e: Exception) { + Timber.tag(loggerTag.value).e(e, "## generateOneTimeKeys() : failed") + } + } + + /** + * Generate a new outbound session. + * The new session will be stored in the MXStore. + * + * @param theirIdentityKey the remote user's Curve25519 identity key + * @param theirOneTimeKey the remote user's one-time Curve25519 key + * @return the session id for the outbound session. + */ + fun createOutboundSession(theirIdentityKey: String, theirOneTimeKey: String): String? { + Timber.tag(loggerTag.value).d("## createOutboundSession() ; theirIdentityKey $theirIdentityKey theirOneTimeKey $theirOneTimeKey") + var olmSession: OlmSession? = null + + try { + olmSession = OlmSession() + store.doWithOlmAccount { olmAccount -> + olmSession.initOutboundSession(olmAccount, theirIdentityKey, theirOneTimeKey) + } + + val olmSessionWrapper = OlmSessionWrapper(olmSession, 0) + + // Pretend we've received a message at this point, otherwise + // if we try to send a message to the device, it won't use + // this session + olmSessionWrapper.onMessageReceived() + + olmSessionStore.storeSession(olmSessionWrapper, theirIdentityKey) + + val sessionIdentifier = olmSession.sessionIdentifier() + + Timber.tag(loggerTag.value).v("## createOutboundSession() ; olmSession.sessionIdentifier: $sessionIdentifier") + return sessionIdentifier + } catch (e: Exception) { + Timber.tag(loggerTag.value).e(e, "## createOutboundSession() failed") + + olmSession?.releaseSession() + } + + return null + } + + /** + * Generate a new inbound session, given an incoming message. + * + * @param theirDeviceIdentityKey the remote user's Curve25519 identity key. + * @param messageType the message_type field from the received message (must be 0). + * @param ciphertext base64-encoded body from the received message. + * @return {{payload: string, session_id: string}} decrypted payload, and session id of new session. + */ + fun createInboundSession(theirDeviceIdentityKey: String, messageType: Int, ciphertext: String): Map? { + Timber.tag(loggerTag.value).d("## createInboundSession() : theirIdentityKey: $theirDeviceIdentityKey") + + var olmSession: OlmSession? = null + + try { + try { + olmSession = OlmSession() + store.doWithOlmAccount { olmAccount -> + olmSession.initInboundSessionFrom(olmAccount, theirDeviceIdentityKey, ciphertext) + } + } catch (e: Exception) { + Timber.tag(loggerTag.value).e(e, "## createInboundSession() : the session creation failed") + return null + } + + Timber.tag(loggerTag.value).v("## createInboundSession() : sessionId: ${olmSession.sessionIdentifier()}") + + try { + store.doWithOlmAccount { olmAccount -> + olmAccount.removeOneTimeKeys(olmSession) + store.saveOlmAccount() + } + } catch (e: Exception) { + Timber.tag(loggerTag.value).e(e, "## createInboundSession() : removeOneTimeKeys failed") + } + + val olmMessage = OlmMessage() + olmMessage.mCipherText = ciphertext + olmMessage.mType = messageType.toLong() + + var payloadString: String? = null + + try { + payloadString = olmSession.decryptMessage(olmMessage) + + val olmSessionWrapper = OlmSessionWrapper(olmSession, 0) + // This counts as a received message: set last received message time to now + olmSessionWrapper.onMessageReceived() + + olmSessionStore.storeSession(olmSessionWrapper, theirDeviceIdentityKey) + } catch (e: Exception) { + Timber.tag(loggerTag.value).e(e, "## createInboundSession() : decryptMessage failed") + } + + val res = HashMap() + + if (!payloadString.isNullOrEmpty()) { + res["payload"] = payloadString + } + + val sessionIdentifier = olmSession.sessionIdentifier() + + if (!sessionIdentifier.isNullOrEmpty()) { + res["session_id"] = sessionIdentifier + } + + return res + } catch (e: Exception) { + Timber.tag(loggerTag.value).e(e, "## createInboundSession() : OlmSession creation failed") + + olmSession?.releaseSession() + } + + return null + } + + /** + * Get a list of known session IDs for the given device. + * + * @param theirDeviceIdentityKey the Curve25519 identity key for the remote device. + * @return a list of known session ids for the device. + */ + fun getSessionIds(theirDeviceIdentityKey: String): List { + return olmSessionStore.getDeviceSessionIds(theirDeviceIdentityKey) + } + + /** + * Get the right olm session id for encrypting messages to the given identity key. + * + * @param theirDeviceIdentityKey the Curve25519 identity key for the remote device. + * @return the session id, or null if no established session. + */ + fun getSessionId(theirDeviceIdentityKey: String): String? { + return olmSessionStore.getLastUsedSessionId(theirDeviceIdentityKey) + } + + /** + * Encrypt an outgoing message using an existing session. + * + * @param theirDeviceIdentityKey the Curve25519 identity key for the remote device. + * @param sessionId the id of the active session + * @param payloadString the payload to be encrypted and sent + * @return the cipher text + */ + suspend fun encryptMessage(theirDeviceIdentityKey: String, sessionId: String, payloadString: String): Map? { + val olmSessionWrapper = getSessionForDevice(theirDeviceIdentityKey, sessionId) + + if (olmSessionWrapper != null) { + try { + Timber.tag(loggerTag.value).v("## encryptMessage() : olmSession.sessionIdentifier: $sessionId") + + val olmMessage = olmSessionWrapper.mutex.withLock { + olmSessionWrapper.olmSession.encryptMessage(payloadString) + } + return mapOf( + "body" to olmMessage.mCipherText, + "type" to olmMessage.mType, + ).also { + olmSessionStore.storeSession(olmSessionWrapper, theirDeviceIdentityKey) + } + } catch (e: Throwable) { + Timber.tag(loggerTag.value).e(e, "## encryptMessage() : failed to encrypt olm with device|session:$theirDeviceIdentityKey|$sessionId") + return null + } + } else { + Timber.tag(loggerTag.value).e("## encryptMessage() : Failed to encrypt unknown session $sessionId") + return null + } + } + + /** + * Decrypt an incoming message using an existing session. + * + * @param ciphertext the base64-encoded body from the received message. + * @param messageType message_type field from the received message. + * @param theirDeviceIdentityKey the Curve25519 identity key for the remote device. + * @param sessionId the id of the active session. + * @return the decrypted payload. + */ + @kotlin.jvm.Throws + suspend fun decryptMessage(ciphertext: String, messageType: Int, sessionId: String, theirDeviceIdentityKey: String): String? { + var payloadString: String? = null + + val olmSessionWrapper = getSessionForDevice(theirDeviceIdentityKey, sessionId) + + if (null != olmSessionWrapper) { + val olmMessage = OlmMessage() + olmMessage.mCipherText = ciphertext + olmMessage.mType = messageType.toLong() + + payloadString = + olmSessionWrapper.mutex.withLock { + olmSessionWrapper.olmSession.decryptMessage(olmMessage).also { + olmSessionWrapper.onMessageReceived() + } + } + olmSessionStore.storeSession(olmSessionWrapper, theirDeviceIdentityKey) + } + + return payloadString + } + + /** + * Determine if an incoming messages is a prekey message matching an existing session. + * + * @param theirDeviceIdentityKey the Curve25519 identity key for the remote device. + * @param sessionId the id of the active session. + * @param messageType message_type field from the received message. + * @param ciphertext the base64-encoded body from the received message. + * @return YES if the received message is a prekey message which matchesthe given session. + */ + fun matchesSession(theirDeviceIdentityKey: String, sessionId: String, messageType: Int, ciphertext: String): Boolean { + if (messageType != 0) { + return false + } + + val olmSessionWrapper = getSessionForDevice(theirDeviceIdentityKey, sessionId) + return null != olmSessionWrapper && olmSessionWrapper.olmSession.matchesInboundSession(ciphertext) + } + + // Outbound group session + + /** + * Generate a new outbound group session. + * + * @return the session id for the outbound session. + */ + fun createOutboundGroupSessionForRoom(roomId: String): String? { + var session: OlmOutboundGroupSession? = null + try { + session = OlmOutboundGroupSession() + outboundGroupSessionCache[session.sessionIdentifier()] = GroupSessionCacheItem(roomId, session) + store.storeCurrentOutboundGroupSessionForRoom(roomId, session) + return session.sessionIdentifier() + } catch (e: Exception) { + Timber.tag(loggerTag.value).e(e, "createOutboundGroupSession") + + session?.releaseSession() + } + + return null + } + + fun storeOutboundGroupSessionForRoom(roomId: String, sessionId: String) { + outboundGroupSessionCache[sessionId]?.let { + store.storeCurrentOutboundGroupSessionForRoom(roomId, it.groupSession) + } + } + + fun restoreOutboundGroupSessionForRoom(roomId: String): MXOutboundSessionInfo? { + val restoredOutboundGroupSession = store.getCurrentOutboundGroupSessionForRoom(roomId) + if (restoredOutboundGroupSession != null) { + val sessionId = restoredOutboundGroupSession.outboundGroupSession.sessionIdentifier() + // cache it + outboundGroupSessionCache[sessionId] = GroupSessionCacheItem(roomId, restoredOutboundGroupSession.outboundGroupSession) + + return MXOutboundSessionInfo( + sessionId = sessionId, + sharedWithHelper = SharedWithHelper(roomId, sessionId, store), + restoredOutboundGroupSession.creationTime + ) + } + return null + } + + fun discardOutboundGroupSessionForRoom(roomId: String) { + val toDiscard = outboundGroupSessionCache.filter { + it.value.groupId == roomId + } + toDiscard.forEach { (sessionId, cacheItem) -> + cacheItem.groupSession.releaseSession() + outboundGroupSessionCache.remove(sessionId) + } + store.storeCurrentOutboundGroupSessionForRoom(roomId, null) + } + + /** + * Get the current session key of an outbound group session. + * + * @param sessionId the id of the outbound group session. + * @return the base64-encoded secret key. + */ + fun getSessionKey(sessionId: String): String? { + if (sessionId.isNotEmpty()) { + try { + return outboundGroupSessionCache[sessionId]!!.groupSession.sessionKey() + } catch (e: Exception) { + Timber.tag(loggerTag.value).e(e, "## getSessionKey() : failed") + } + } + return null + } + + /** + * Get the current message index of an outbound group session. + * + * @param sessionId the id of the outbound group session. + * @return the current chain index. + */ + fun getMessageIndex(sessionId: String): Int { + return if (sessionId.isNotEmpty()) { + outboundGroupSessionCache[sessionId]!!.groupSession.messageIndex() + } else 0 + } + + /** + * Encrypt an outgoing message with an outbound group session. + * + * @param sessionId the id of the outbound group session. + * @param payloadString the payload to be encrypted and sent. + * @return ciphertext + */ + fun encryptGroupMessage(sessionId: String, payloadString: String): String? { + if (sessionId.isNotEmpty() && payloadString.isNotEmpty()) { + try { + return outboundGroupSessionCache[sessionId]!!.groupSession.encryptMessage(payloadString) + } catch (e: Throwable) { + Timber.tag(loggerTag.value).e(e, "## encryptGroupMessage() : failed") + } + } + return null + } + + // Inbound group session + + sealed class AddSessionResult { + data class Imported(val ratchetIndex: Int) : AddSessionResult() + abstract class Failure : AddSessionResult() + object NotImported : Failure() + data class NotImportedHigherIndex(val newIndex: Int) : AddSessionResult() + } + + /** + * Add an inbound group session to the session store. + * + * @param sessionId the session identifier. + * @param sessionKey base64-encoded secret key. + * @param roomId the id of the room in which this session will be used. + * @param senderKey the base64-encoded curve25519 key of the sender. + * @param forwardingCurve25519KeyChain Devices involved in forwarding this session to us. + * @param keysClaimed Other keys the sender claims. + * @param exportFormat true if the megolm keys are in export format + * @return true if the operation succeeds. + */ + fun addInboundGroupSession(sessionId: String, + sessionKey: String, + roomId: String, + senderKey: String, + forwardingCurve25519KeyChain: List, + keysClaimed: Map, + exportFormat: Boolean): AddSessionResult { + val candidateSession = OlmInboundGroupSessionWrapper2(sessionKey, exportFormat) + val existingSessionHolder = tryOrNull { getInboundGroupSession(sessionId, senderKey, roomId) } + val existingSession = existingSessionHolder?.wrapper + // If we have an existing one we should check if the new one is not better + if (existingSession != null) { + Timber.tag(loggerTag.value).d("## addInboundGroupSession() check if known session is better than candidate session") + try { + val existingFirstKnown = existingSession.firstKnownIndex ?: return AddSessionResult.NotImported.also { + // This is quite unexpected, could throw if native was released? + Timber.tag(loggerTag.value).e("## addInboundGroupSession() null firstKnownIndex on existing session") + candidateSession.olmInboundGroupSession?.releaseSession() + // Probably should discard it? + } + val newKnownFirstIndex = candidateSession.firstKnownIndex + // If our existing session is better we keep it + if (newKnownFirstIndex != null && existingFirstKnown <= newKnownFirstIndex) { + Timber.tag(loggerTag.value).d("## addInboundGroupSession() : ignore session our is better $senderKey/$sessionId") + candidateSession.olmInboundGroupSession?.releaseSession() + return AddSessionResult.NotImportedHigherIndex(newKnownFirstIndex.toInt()) + } + } catch (failure: Throwable) { + Timber.tag(loggerTag.value).e("## addInboundGroupSession() Failed to add inbound: ${failure.localizedMessage}") + candidateSession.olmInboundGroupSession?.releaseSession() + return AddSessionResult.NotImported + } + } + + Timber.tag(loggerTag.value).d("## addInboundGroupSession() : Candidate session should be added $senderKey/$sessionId") + + // sanity check on the new session + val candidateOlmInboundSession = candidateSession.olmInboundGroupSession + if (null == candidateOlmInboundSession) { + Timber.tag(loggerTag.value).e("## addInboundGroupSession : invalid session ") + return AddSessionResult.NotImported + } + + try { + if (candidateOlmInboundSession.sessionIdentifier() != sessionId) { + Timber.tag(loggerTag.value).e("## addInboundGroupSession : ERROR: Mismatched group session ID from senderKey: $senderKey") + candidateOlmInboundSession.releaseSession() + return AddSessionResult.NotImported + } + } catch (e: Throwable) { + candidateOlmInboundSession.releaseSession() + Timber.tag(loggerTag.value).e(e, "## addInboundGroupSession : sessionIdentifier() failed") + return AddSessionResult.NotImported + } + + candidateSession.senderKey = senderKey + candidateSession.roomId = roomId + candidateSession.keysClaimed = keysClaimed + candidateSession.forwardingCurve25519KeyChain = forwardingCurve25519KeyChain + + if (existingSession != null) { + inboundGroupSessionStore.replaceGroupSession(existingSessionHolder, InboundGroupSessionHolder(candidateSession), sessionId, senderKey) + } else { + inboundGroupSessionStore.storeInBoundGroupSession(InboundGroupSessionHolder(candidateSession), sessionId, senderKey) + } + + return AddSessionResult.Imported(candidateSession.firstKnownIndex?.toInt() ?: 0) + } + + /** + * Import an inbound group sessions to the session store. + * + * @param megolmSessionsData the megolm sessions data + * @return the successfully imported sessions. + */ + fun importInboundGroupSessions(megolmSessionsData: List): List { + val sessions = ArrayList(megolmSessionsData.size) + + for (megolmSessionData in megolmSessionsData) { + val sessionId = megolmSessionData.sessionId ?: continue + val senderKey = megolmSessionData.senderKey ?: continue + val roomId = megolmSessionData.roomId + + var candidateSessionToImport: OlmInboundGroupSessionWrapper2? = null + + try { + candidateSessionToImport = OlmInboundGroupSessionWrapper2(megolmSessionData) + } catch (e: Exception) { + Timber.tag(loggerTag.value).e(e, "## importInboundGroupSession() : Update for megolm session $senderKey/$sessionId") + } + + // sanity check + if (candidateSessionToImport?.olmInboundGroupSession == null) { + Timber.tag(loggerTag.value).e("## importInboundGroupSession : invalid session") + continue + } + + val candidateOlmInboundGroupSession = candidateSessionToImport.olmInboundGroupSession + try { + if (candidateOlmInboundGroupSession?.sessionIdentifier() != sessionId) { + Timber.tag(loggerTag.value).e("## importInboundGroupSession : ERROR: Mismatched group session ID from senderKey: $senderKey") + candidateOlmInboundGroupSession?.releaseSession() + continue + } + } catch (e: Exception) { + Timber.tag(loggerTag.value).e(e, "## importInboundGroupSession : sessionIdentifier() failed") + candidateOlmInboundGroupSession?.releaseSession() + continue + } + + val existingSessionHolder = tryOrNull { getInboundGroupSession(sessionId, senderKey, roomId) } + val existingSession = existingSessionHolder?.wrapper + + if (existingSession == null) { + // Session does not already exist, add it + Timber.tag(loggerTag.value).d("## importInboundGroupSession() : importing new megolm session $senderKey/$sessionId") + sessions.add(candidateSessionToImport) + } else { + Timber.tag(loggerTag.value).e("## importInboundGroupSession() : Update for megolm session $senderKey/$sessionId") + val existingFirstKnown = tryOrNull { existingSession.firstKnownIndex } + val candidateFirstKnownIndex = tryOrNull { candidateSessionToImport.firstKnownIndex } + + if (existingFirstKnown == null || candidateFirstKnownIndex == null) { + // should not happen? + candidateSessionToImport.olmInboundGroupSession?.releaseSession() + Timber.tag(loggerTag.value) + .w("## importInboundGroupSession() : Can't check session null index $existingFirstKnown/$candidateFirstKnownIndex") + } else { + if (existingFirstKnown <= candidateSessionToImport.firstKnownIndex!!) { + // Ignore this, keep existing + candidateOlmInboundGroupSession.releaseSession() + } else { + // update cache with better session + inboundGroupSessionStore.replaceGroupSession( + existingSessionHolder, + InboundGroupSessionHolder(candidateSessionToImport), + sessionId, + senderKey + ) + sessions.add(candidateSessionToImport) + } + } + } + } + + store.storeInboundGroupSessions(sessions) + + return sessions + } + + /** + * Decrypt a received message with an inbound group session. + * + * @param body the base64-encoded body of the encrypted message. + * @param roomId the room in which the message was received. + * @param timeline the id of the timeline where the event is decrypted. It is used to prevent replay attack. + * @param sessionId the session identifier. + * @param senderKey the base64-encoded curve25519 key of the sender. + * @return the decrypting result. Nil if the sessionId is unknown. + */ + @Throws(MXCryptoError::class) + suspend fun decryptGroupMessage(body: String, + roomId: String, + timeline: String?, + sessionId: String, + senderKey: String): OlmDecryptionResult { + val sessionHolder = getInboundGroupSession(sessionId, senderKey, roomId) + val wrapper = sessionHolder.wrapper + val inboundGroupSession = wrapper.olmInboundGroupSession + ?: throw MXCryptoError.Base(MXCryptoError.ErrorType.UNABLE_TO_DECRYPT, "Session is null") + // Check that the room id matches the original one for the session. This stops + // the HS pretending a message was targeting a different room. + if (roomId == wrapper.roomId) { + val decryptResult = try { + sessionHolder.mutex.withLock { + inboundGroupSession.decryptMessage(body) + } + } catch (e: OlmException) { + Timber.tag(loggerTag.value).e(e, "## decryptGroupMessage () : decryptMessage failed") + throw MXCryptoError.OlmError(e) + } + + if (timeline?.isNotBlank() == true) { + val timelineSet = inboundGroupSessionMessageIndexes.getOrPut(timeline) { mutableSetOf() } + + val messageIndexKey = senderKey + "|" + sessionId + "|" + decryptResult.mIndex + + if (timelineSet.contains(messageIndexKey)) { + val reason = String.format(MXCryptoError.DUPLICATE_MESSAGE_INDEX_REASON, decryptResult.mIndex) + Timber.tag(loggerTag.value).e("## decryptGroupMessage() timelineId=$timeline: $reason") + throw MXCryptoError.Base(MXCryptoError.ErrorType.DUPLICATED_MESSAGE_INDEX, reason) + } + + timelineSet.add(messageIndexKey) + } + + inboundGroupSessionStore.storeInBoundGroupSession(sessionHolder, sessionId, senderKey) + val payload = try { + val adapter = MoshiProvider.providesMoshi().adapter(JSON_DICT_PARAMETERIZED_TYPE) + val payloadString = convertFromUTF8(decryptResult.mDecryptedMessage) + adapter.fromJson(payloadString) + } catch (e: Exception) { + Timber.tag(loggerTag.value).e("## decryptGroupMessage() : fails to parse the payload") + throw MXCryptoError.Base(MXCryptoError.ErrorType.BAD_DECRYPTED_FORMAT, MXCryptoError.BAD_DECRYPTED_FORMAT_TEXT_REASON) + } + + return OlmDecryptionResult( + payload, + wrapper.keysClaimed, + senderKey, + wrapper.forwardingCurve25519KeyChain + ) + } else { + val reason = String.format(MXCryptoError.INBOUND_SESSION_MISMATCH_ROOM_ID_REASON, roomId, wrapper.roomId) + Timber.tag(loggerTag.value).e("## decryptGroupMessage() : $reason") + throw MXCryptoError.Base(MXCryptoError.ErrorType.INBOUND_SESSION_MISMATCH_ROOM_ID, reason) + } + } + + /** + * Reset replay attack data for the given timeline. + * + * @param timeline the id of the timeline. + */ + fun resetReplayAttackCheckInTimeline(timeline: String?) { + if (null != timeline) { + inboundGroupSessionMessageIndexes.remove(timeline) + } + } + +// Utilities + + /** + * Verify an ed25519 signature on a JSON object. + * + * @param key the ed25519 key. + * @param jsonDictionary the JSON object which was signed. + * @param signature the base64-encoded signature to be checked. + * @throws Exception the exception + */ + @Throws(Exception::class) + fun verifySignature(key: String, jsonDictionary: Map, signature: String) { + // Check signature on the canonical version of the JSON + olmUtility!!.verifyEd25519Signature(signature, key, JsonCanonicalizer.getCanonicalJson(Map::class.java, jsonDictionary)) + } + + /** + * Calculate the SHA-256 hash of the input and encodes it as base64. + * + * @param message the message to hash. + * @return the base64-encoded hash value. + */ + fun sha256(message: String): String { + return olmUtility!!.sha256(convertToUTF8(message)) + } + + /** + * Search an OlmSession + * + * @param theirDeviceIdentityKey the device key + * @param sessionId the session Id + * @return the olm session + */ + private fun getSessionForDevice(theirDeviceIdentityKey: String, sessionId: String): OlmSessionWrapper? { + // sanity check + return if (theirDeviceIdentityKey.isEmpty() || sessionId.isEmpty()) null else { + olmSessionStore.getDeviceSession(sessionId, theirDeviceIdentityKey) + } + } + + /** + * Extract an InboundGroupSession from the session store and do some check. + * inboundGroupSessionWithIdError describes the failure reason. + * + * @param roomId the room where the session is used. + * @param sessionId the session identifier. + * @param senderKey the base64-encoded curve25519 key of the sender. + * @return the inbound group session. + */ + fun getInboundGroupSession(sessionId: String?, senderKey: String?, roomId: String?): InboundGroupSessionHolder { + if (sessionId.isNullOrBlank() || senderKey.isNullOrBlank()) { + throw MXCryptoError.Base(MXCryptoError.ErrorType.MISSING_SENDER_KEY, MXCryptoError.ERROR_MISSING_PROPERTY_REASON) + } + + val holder = inboundGroupSessionStore.getInboundGroupSession(sessionId, senderKey) + val session = holder?.wrapper + + if (session != null) { + // Check that the room id matches the original one for the session. This stops + // the HS pretending a message was targeting a different room. + if (roomId != session.roomId) { + val errorDescription = String.format(MXCryptoError.INBOUND_SESSION_MISMATCH_ROOM_ID_REASON, roomId, session.roomId) + Timber.tag(loggerTag.value).e("## getInboundGroupSession() : $errorDescription") + throw MXCryptoError.Base(MXCryptoError.ErrorType.INBOUND_SESSION_MISMATCH_ROOM_ID, errorDescription) + } else { + return holder + } + } else { + Timber.tag(loggerTag.value).w("## getInboundGroupSession() : UISI $sessionId") + throw MXCryptoError.Base(MXCryptoError.ErrorType.UNKNOWN_INBOUND_SESSION_ID, MXCryptoError.UNKNOWN_INBOUND_SESSION_ID_REASON) + } + } + + /** + * Determine if we have the keys for a given megolm session. + * + * @param roomId room in which the message was received + * @param senderKey base64-encoded curve25519 key of the sender + * @param sessionId session identifier + * @return true if the unbound session keys are known. + */ + fun hasInboundSessionKeys(roomId: String, senderKey: String, sessionId: String): Boolean { + return runCatching { getInboundGroupSession(sessionId, senderKey, roomId) }.isSuccess + } + + @VisibleForTesting + fun clearOlmSessionCache() { + olmSessionStore.clear() + } +} diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingKeyRequestManager.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingKeyRequestManager.kt index 037c8020d5..1e192393a2 100755 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingKeyRequestManager.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingKeyRequestManager.kt @@ -1,520 +1,519 @@ -/* - * Copyright 2020 The Matrix.org Foundation C.I.C. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.matrix.android.sdk.internal.crypto - -import kotlinx.coroutines.CoroutineScope -import kotlinx.coroutines.SupervisorJob -import kotlinx.coroutines.asCoroutineDispatcher -import kotlinx.coroutines.cancel -import kotlinx.coroutines.delay -import kotlinx.coroutines.launch -import kotlinx.coroutines.withContext -import org.matrix.android.sdk.api.MatrixCoroutineDispatchers -import org.matrix.android.sdk.api.crypto.MXCRYPTO_ALGORITHM_MEGOLM -import org.matrix.android.sdk.api.crypto.MXCryptoConfig -import org.matrix.android.sdk.api.extensions.tryOrNull -import org.matrix.android.sdk.api.logger.LoggerTag -import org.matrix.android.sdk.api.session.crypto.OutgoingKeyRequest -import org.matrix.android.sdk.api.session.crypto.OutgoingRoomKeyRequestState -import org.matrix.android.sdk.api.session.crypto.model.GossipingToDeviceObject -import org.matrix.android.sdk.api.session.crypto.model.MXUsersDevicesMap -import org.matrix.android.sdk.api.session.crypto.model.RoomKeyRequestBody -import org.matrix.android.sdk.api.session.crypto.model.RoomKeyShareRequest -import org.matrix.android.sdk.api.session.events.model.Event -import org.matrix.android.sdk.api.session.events.model.EventType -import org.matrix.android.sdk.api.session.events.model.content.EncryptedEventContent -import org.matrix.android.sdk.api.session.events.model.content.RoomKeyWithHeldContent -import org.matrix.android.sdk.api.session.events.model.toModel -import org.matrix.android.sdk.api.util.fromBase64 -import org.matrix.android.sdk.internal.crypto.store.IMXCryptoStore -import org.matrix.android.sdk.internal.crypto.tasks.DefaultSendToDeviceTask -import org.matrix.android.sdk.internal.crypto.tasks.SendToDeviceTask -import org.matrix.android.sdk.internal.di.SessionId -import org.matrix.android.sdk.internal.di.UserId -import org.matrix.android.sdk.internal.session.SessionScope -import org.matrix.android.sdk.internal.task.SemaphoreCoroutineSequencer -import timber.log.Timber -import java.util.Stack -import java.util.concurrent.Executors -import javax.inject.Inject -import kotlin.system.measureTimeMillis - -private val loggerTag = LoggerTag("OutgoingKeyRequestManager", LoggerTag.CRYPTO) - -/** - * This class is responsible for sending key requests to other devices when a message failed to decrypt. - * It's lifecycle is based on the sync pulse: - * - You can post queries for session, or report when you got a session - * - At the end of the sync (onSyncComplete) it will then process all the posted request and send to devices - * If a request failed it will be retried at the end of the next sync - */ -@SessionScope -internal class OutgoingKeyRequestManager @Inject constructor( - @SessionId private val sessionId: String, - @UserId private val myUserId: String, - private val cryptoStore: IMXCryptoStore, - private val coroutineDispatchers: MatrixCoroutineDispatchers, - private val cryptoConfig: MXCryptoConfig, - private val inboundGroupSessionStore: InboundGroupSessionStore, - private val sendToDeviceTask: DefaultSendToDeviceTask, - private val deviceListManager: DeviceListManager, - private val perSessionBackupQueryRateLimiter: PerSessionBackupQueryRateLimiter) { - - private val dispatcher = Executors.newSingleThreadExecutor().asCoroutineDispatcher() - private val outgoingRequestScope = CoroutineScope(SupervisorJob() + dispatcher) - private val sequencer = SemaphoreCoroutineSequencer() - - // We only have one active key request per session, so we don't request if it's already requested - // But it could make sense to check more the backup, as it's evolving. - // We keep a stack as we consider that the key requested last is more likely to be on screen? - private val requestDiscardedBecauseAlreadySentThatCouldBeTriedWithBackup = Stack>() - - fun requestKeyForEvent(event: Event, force: Boolean) { - val (targets, body) = getRoomKeyRequestTargetForEvent(event) ?: return - val index = ratchetIndexForMessage(event) ?: 0 - postRoomKeyRequest(body, targets, index, force) - } - - private fun getRoomKeyRequestTargetForEvent(event: Event): Pair>, RoomKeyRequestBody>? { - val sender = event.senderId ?: return null - val encryptedEventContent = event.content.toModel() ?: return null.also { - Timber.tag(loggerTag.value).e("getRoomKeyRequestTargetForEvent Failed to re-request key, null content") - } - if (encryptedEventContent.algorithm != MXCRYPTO_ALGORITHM_MEGOLM) return null - - val senderDevice = encryptedEventContent.deviceId - val recipients = if (cryptoConfig.limitRoomKeyRequestsToMyDevices) { - mapOf( - myUserId to listOf("*") - ) - } else { - if (event.senderId == myUserId) { - mapOf( - myUserId to listOf("*") - ) - } else { - // for the case where you share the key with a device that has a broken olm session - // The other user might Re-shares a megolm session key with devices if the key has already been - // sent to them. - mapOf( - myUserId to listOf("*"), - - // TODO we might not have deviceId in the future due to https://github.com/matrix-org/matrix-spec-proposals/pull/3700 - // so in this case query to all - sender to listOf(senderDevice ?: "*") - ) - } - } - - val requestBody = RoomKeyRequestBody( - roomId = event.roomId, - algorithm = encryptedEventContent.algorithm, - senderKey = encryptedEventContent.senderKey, - sessionId = encryptedEventContent.sessionId - ) - return recipients to requestBody - } - - private fun ratchetIndexForMessage(event: Event): Int? { - val encryptedContent = event.content.toModel() ?: return null - if (encryptedContent.algorithm != MXCRYPTO_ALGORITHM_MEGOLM) return null - return encryptedContent.ciphertext?.fromBase64()?.inputStream()?.reader()?.let { - tryOrNull { - val megolmVersion = it.read() - if (megolmVersion != 3) return@tryOrNull null - /** Int tag */ - /** Int tag */ - if (it.read() != 8) return@tryOrNull null - it.read() - } - } - } - - fun postRoomKeyRequest(requestBody: RoomKeyRequestBody, recipients: Map>, fromIndex: Int, force: Boolean = false) { - outgoingRequestScope.launch { - sequencer.post { - internalQueueRequest(requestBody, recipients, fromIndex, force) - } - } - } - - /** - * Typically called when we the session as been imported or received meanwhile - */ - fun postCancelRequestForSessionIfNeeded(sessionId: String, roomId: String, senderKey: String, fromIndex: Int) { - outgoingRequestScope.launch { - sequencer.post { - internalQueueCancelRequest(sessionId, roomId, senderKey, fromIndex) - } - } - } - - fun onSelfCrossSigningTrustChanged(newTrust: Boolean) { - if (newTrust) { - // we were previously not cross signed, but we are now - // so there is now more chances to get better replies for existing request - // Let's forget about sent request so that next time we try to decrypt we will resend requests - // We don't resend all because we don't want to generate a bulk of traffic - outgoingRequestScope.launch { - sequencer.post { - cryptoStore.deleteOutgoingRoomKeyRequestInState(OutgoingRoomKeyRequestState.SENT) - } - - sequencer.post { - delay(1000) - perSessionBackupQueryRateLimiter.refreshBackupInfoIfNeeded(true) - } - } - } - } - - fun onRoomKeyForwarded(sessionId: String, - algorithm: String, - roomId: String, - senderKey: String, - fromDevice: String?, - fromIndex: Int, - event: Event) { - Timber.tag(loggerTag.value).d("Key forwarded for $sessionId from ${event.senderId}|$fromDevice at index $fromIndex") - outgoingRequestScope.launch { - sequencer.post { - cryptoStore.updateOutgoingRoomKeyReply( - roomId = roomId, - sessionId = sessionId, - algorithm = algorithm, - senderKey = senderKey, - fromDevice = fromDevice, - // strip out encrypted stuff as it's just a trail? - event = event.copy( - type = event.getClearType(), - content = mapOf( - "chain_index" to fromIndex - ) - ) - ) - } - } - } - - fun onRoomKeyWithHeld(sessionId: String, - algorithm: String, - roomId: String, - senderKey: String, - fromDevice: String?, - event: Event) { - outgoingRequestScope.launch { - sequencer.post { - Timber.tag(loggerTag.value).d("Withheld received for $sessionId from ${event.senderId}|$fromDevice") - Timber.tag(loggerTag.value).v("Withheld content ${event.getClearContent()}") - - // We want to store withheld code from the sender of the message (owner of the megolm session), not from - // other devices that might gossip the key. If not the initial reason might be overridden - // by a request to one of our session. - event.getClearContent().toModel()?.let { withheld -> - withContext(coroutineDispatchers.crypto) { - tryOrNull { - deviceListManager.downloadKeys(listOf(event.senderId ?: ""), false) - } - cryptoStore.getUserDeviceList(event.senderId ?: "") - .also { devices -> - Timber.tag(loggerTag.value) - .v("Withheld Devices for ${event.senderId} are ${devices.orEmpty().joinToString { it.identityKey() ?: "" }}") - } - ?.firstOrNull { - it.identityKey() == senderKey - } - }.also { - Timber.tag(loggerTag.value).v("Withheld device for sender key $senderKey is from ${it?.shortDebugString()}") - }?.let { - if (it.userId == event.senderId) { - if (fromDevice != null) { - if (it.deviceId == fromDevice) { - Timber.tag(loggerTag.value).v("Storing sender Withheld code ${withheld.code} for ${withheld.sessionId}") - cryptoStore.addWithHeldMegolmSession(withheld) - } - } else { - Timber.tag(loggerTag.value).v("Storing sender Withheld code ${withheld.code} for ${withheld.sessionId}") - cryptoStore.addWithHeldMegolmSession(withheld) - } - } - } - } - - // Here we store the replies from a given request - cryptoStore.updateOutgoingRoomKeyReply( - roomId = roomId, - sessionId = sessionId, - algorithm = algorithm, - senderKey = senderKey, - fromDevice = fromDevice, - event = event - ) - } - } - } - - /** - * Should be called after a sync, ideally if no catchup sync needed (as keys might arrive in those) - */ - fun requireProcessAllPendingKeyRequests() { - outgoingRequestScope.launch { - sequencer.post { - internalProcessPendingKeyRequests() - } - } - } - - private fun internalQueueCancelRequest(sessionId: String, roomId: String, senderKey: String, localKnownChainIndex: Int) { - // do we have known requests for that session?? - Timber.tag(loggerTag.value).v("Cancel Key Request if needed for $sessionId") - val knownRequest = cryptoStore.getOutgoingRoomKeyRequest( - algorithm = MXCRYPTO_ALGORITHM_MEGOLM, - roomId = roomId, - sessionId = sessionId, - senderKey = senderKey - ) - if (knownRequest.isEmpty()) return Unit.also { - Timber.tag(loggerTag.value).v("Handle Cancel Key Request for $sessionId -- Was not currently requested") - } - if (knownRequest.size > 1) { - // It's worth logging, there should be only one - Timber.tag(loggerTag.value).w("Found multiple requests for same sessionId $sessionId") - } - knownRequest.forEach { request -> - when (request.state) { - OutgoingRoomKeyRequestState.UNSENT -> { - if (request.fromIndex >= localKnownChainIndex) { - // we have a good index we can cancel - cryptoStore.deleteOutgoingRoomKeyRequest(request.requestId) - } - } - OutgoingRoomKeyRequestState.SENT -> { - // It was already sent, and index satisfied we can cancel - if (request.fromIndex >= localKnownChainIndex) { - cryptoStore.updateOutgoingRoomKeyRequestState(request.requestId, OutgoingRoomKeyRequestState.CANCELLATION_PENDING) - } - } - OutgoingRoomKeyRequestState.CANCELLATION_PENDING -> { - // It is already marked to be cancelled - } - OutgoingRoomKeyRequestState.CANCELLATION_PENDING_AND_WILL_RESEND -> { - if (request.fromIndex >= localKnownChainIndex) { - // we just want to cancel now - cryptoStore.updateOutgoingRoomKeyRequestState(request.requestId, OutgoingRoomKeyRequestState.CANCELLATION_PENDING) - } - } - OutgoingRoomKeyRequestState.SENT_THEN_CANCELED -> { - // was already canceled - // if we need a better index, should we resend? - } - } - } - } - - fun close() { - try { - outgoingRequestScope.cancel("User Terminate") - requestDiscardedBecauseAlreadySentThatCouldBeTriedWithBackup.clear() - } catch (failure: Throwable) { - Timber.tag(loggerTag.value).w("Failed to shutDown request manager") - } - } - - private fun internalQueueRequest(requestBody: RoomKeyRequestBody, recipients: Map>, fromIndex: Int, force: Boolean) { - if (!cryptoStore.isKeyGossipingEnabled()) { - // we might want to try backup? - if (requestBody.roomId != null && requestBody.sessionId != null) { - requestDiscardedBecauseAlreadySentThatCouldBeTriedWithBackup.push(requestBody.roomId to requestBody.sessionId) - } - Timber.tag(loggerTag.value).d("discarding request for ${requestBody.sessionId} as gossiping is disabled") - return - } - - Timber.tag(loggerTag.value).d("Queueing key request for ${requestBody.sessionId} force:$force") - val existing = cryptoStore.getOutgoingRoomKeyRequest(requestBody) - Timber.tag(loggerTag.value).v("Queueing key request exiting is ${existing?.state}") - when (existing?.state) { - null -> { - // create a new one - cryptoStore.getOrAddOutgoingRoomKeyRequest(requestBody, recipients, fromIndex) - } - OutgoingRoomKeyRequestState.UNSENT -> { - // nothing it's new or not yet handled - } - OutgoingRoomKeyRequestState.SENT -> { - // it was already requested - Timber.tag(loggerTag.value).d("The session ${requestBody.sessionId} is already requested") - if (force) { - // update to UNSENT - Timber.tag(loggerTag.value).d(".. force to request ${requestBody.sessionId}") - cryptoStore.updateOutgoingRoomKeyRequestState(existing.requestId, OutgoingRoomKeyRequestState.CANCELLATION_PENDING_AND_WILL_RESEND) - } else { - if (existing.roomId != null && existing.sessionId != null) { - requestDiscardedBecauseAlreadySentThatCouldBeTriedWithBackup.push(existing.roomId to existing.sessionId) - } - } - } - OutgoingRoomKeyRequestState.CANCELLATION_PENDING -> { - // request is canceled only if I got the keys so what to do here... - if (force) { - cryptoStore.updateOutgoingRoomKeyRequestState(existing.requestId, OutgoingRoomKeyRequestState.CANCELLATION_PENDING_AND_WILL_RESEND) - } - } - OutgoingRoomKeyRequestState.CANCELLATION_PENDING_AND_WILL_RESEND -> { - // It's already going to resend - } - OutgoingRoomKeyRequestState.SENT_THEN_CANCELED -> { - if (force) { - cryptoStore.deleteOutgoingRoomKeyRequest(existing.requestId) - cryptoStore.getOrAddOutgoingRoomKeyRequest(requestBody, recipients, fromIndex) - } - } - } - - if (existing != null && existing.fromIndex >= fromIndex) { - // update the required index - cryptoStore.updateOutgoingRoomKeyRequiredIndex(existing.requestId, fromIndex) - } - } - - private suspend fun internalProcessPendingKeyRequests() { - val toProcess = cryptoStore.getOutgoingRoomKeyRequests(OutgoingRoomKeyRequestState.pendingStates()) - Timber.tag(loggerTag.value).v("Processing all pending key requests (found ${toProcess.size} pending)") - - measureTimeMillis { - toProcess.forEach { - when (it.state) { - OutgoingRoomKeyRequestState.UNSENT -> handleUnsentRequest(it) - OutgoingRoomKeyRequestState.CANCELLATION_PENDING -> handleRequestToCancel(it) - OutgoingRoomKeyRequestState.CANCELLATION_PENDING_AND_WILL_RESEND -> handleRequestToCancelWillResend(it) - OutgoingRoomKeyRequestState.SENT_THEN_CANCELED, - OutgoingRoomKeyRequestState.SENT -> { - // these are filtered out - } - } - } - }.let { - Timber.tag(loggerTag.value).v("Finish processing pending key request in $it ms") - } - - val maxBackupCallsBySync = 60 - var currentCalls = 0 - measureTimeMillis { - while (requestDiscardedBecauseAlreadySentThatCouldBeTriedWithBackup.isNotEmpty() && currentCalls < maxBackupCallsBySync) { - requestDiscardedBecauseAlreadySentThatCouldBeTriedWithBackup.pop().let { (roomId, sessionId) -> - // we want to rate limit that somehow :/ - perSessionBackupQueryRateLimiter.tryFromBackupIfPossible(sessionId, roomId) - } - currentCalls++ - } - }.let { - Timber.tag(loggerTag.value).v("Finish querying backup in $it ms") - } - } - - private suspend fun handleUnsentRequest(request: OutgoingKeyRequest) { - // In order to avoid generating to_device traffic, we can first check if the key is backed up - Timber.tag(loggerTag.value).v("Handling unsent request for megolm session ${request.sessionId} in ${request.roomId}") - val sessionId = request.sessionId ?: return - val roomId = request.roomId ?: return - if (perSessionBackupQueryRateLimiter.tryFromBackupIfPossible(sessionId, roomId)) { - // let's see what's the index - val knownIndex = tryOrNull { - inboundGroupSessionStore.getInboundGroupSession(sessionId, request.requestBody?.senderKey ?: "")?.wrapper?.firstKnownIndex - } - if (knownIndex != null && knownIndex <= request.fromIndex) { - // we found the key in backup with good enough index, so we can just mark as cancelled, no need to send request - Timber.tag(loggerTag.value).v("Megolm session $sessionId successfully restored from backup, do not send request") - cryptoStore.deleteOutgoingRoomKeyRequest(request.requestId) - return - } - } - - // we need to send the request - val toDeviceContent = RoomKeyShareRequest( - requestingDeviceId = cryptoStore.getDeviceId(), - requestId = request.requestId, - action = GossipingToDeviceObject.ACTION_SHARE_REQUEST, - body = request.requestBody - ) - val contentMap = MXUsersDevicesMap() - request.recipients.forEach { userToDeviceMap -> - userToDeviceMap.value.forEach { deviceId -> - contentMap.setObject(userToDeviceMap.key, deviceId, toDeviceContent) - } - } - - val params = SendToDeviceTask.Params( - eventType = EventType.ROOM_KEY_REQUEST, - contentMap = contentMap, - transactionId = request.requestId - ) - try { - withContext(coroutineDispatchers.io) { - sendToDeviceTask.executeRetry(params, 3) - } - Timber.tag(loggerTag.value).d("Key request sent for $sessionId in room $roomId to ${request.recipients}") - // The request was sent, so update state - cryptoStore.updateOutgoingRoomKeyRequestState(request.requestId, OutgoingRoomKeyRequestState.SENT) - // TODO update the audit trail - } catch (failure: Throwable) { - Timber.tag(loggerTag.value).v("Failed to request $sessionId targets:${request.recipients}") - } - } - - private suspend fun handleRequestToCancel(request: OutgoingKeyRequest): Boolean { - Timber.tag(loggerTag.value).v("handleRequestToCancel for megolm session ${request.sessionId}") - // we have to cancel this - val toDeviceContent = RoomKeyShareRequest( - requestingDeviceId = cryptoStore.getDeviceId(), - requestId = request.requestId, - action = GossipingToDeviceObject.ACTION_SHARE_CANCELLATION - ) - val contentMap = MXUsersDevicesMap() - request.recipients.forEach { userToDeviceMap -> - userToDeviceMap.value.forEach { deviceId -> - contentMap.setObject(userToDeviceMap.key, deviceId, toDeviceContent) - } - } - - val params = SendToDeviceTask.Params( - eventType = EventType.ROOM_KEY_REQUEST, - contentMap = contentMap, - transactionId = request.requestId - ) - return try { - withContext(coroutineDispatchers.io) { - sendToDeviceTask.executeRetry(params, 3) - } - // The request cancellation was sent, we don't delete yet because we want - // to keep trace of the sent replies - cryptoStore.updateOutgoingRoomKeyRequestState(request.requestId, OutgoingRoomKeyRequestState.SENT_THEN_CANCELED) - true - } catch (failure: Throwable) { - Timber.tag(loggerTag.value).v("Failed to cancel request ${request.requestId} for session $sessionId targets:${request.recipients}") - false - } - } - - private suspend fun handleRequestToCancelWillResend(request: OutgoingKeyRequest) { - if (handleRequestToCancel(request)) { - // this will create a new unsent request with no replies that will be process in the following call - cryptoStore.deleteOutgoingRoomKeyRequest(request.requestId) - request.requestBody?.let { cryptoStore.getOrAddOutgoingRoomKeyRequest(it, request.recipients, request.fromIndex) } - } - } -} +/* + * Copyright 2020 The Matrix.org Foundation C.I.C. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.matrix.android.sdk.internal.crypto + +import kotlinx.coroutines.CoroutineScope +import kotlinx.coroutines.SupervisorJob +import kotlinx.coroutines.asCoroutineDispatcher +import kotlinx.coroutines.cancel +import kotlinx.coroutines.delay +import kotlinx.coroutines.launch +import kotlinx.coroutines.withContext +import org.matrix.android.sdk.api.MatrixCoroutineDispatchers +import org.matrix.android.sdk.api.crypto.MXCRYPTO_ALGORITHM_MEGOLM +import org.matrix.android.sdk.api.crypto.MXCryptoConfig +import org.matrix.android.sdk.api.extensions.tryOrNull +import org.matrix.android.sdk.api.logger.LoggerTag +import org.matrix.android.sdk.api.session.crypto.OutgoingKeyRequest +import org.matrix.android.sdk.api.session.crypto.OutgoingRoomKeyRequestState +import org.matrix.android.sdk.api.session.crypto.model.GossipingToDeviceObject +import org.matrix.android.sdk.api.session.crypto.model.MXUsersDevicesMap +import org.matrix.android.sdk.api.session.crypto.model.RoomKeyRequestBody +import org.matrix.android.sdk.api.session.crypto.model.RoomKeyShareRequest +import org.matrix.android.sdk.api.session.events.model.Event +import org.matrix.android.sdk.api.session.events.model.EventType +import org.matrix.android.sdk.api.session.events.model.content.EncryptedEventContent +import org.matrix.android.sdk.api.session.events.model.content.RoomKeyWithHeldContent +import org.matrix.android.sdk.api.session.events.model.toModel +import org.matrix.android.sdk.api.util.fromBase64 +import org.matrix.android.sdk.internal.crypto.store.IMXCryptoStore +import org.matrix.android.sdk.internal.crypto.tasks.DefaultSendToDeviceTask +import org.matrix.android.sdk.internal.crypto.tasks.SendToDeviceTask +import org.matrix.android.sdk.internal.di.SessionId +import org.matrix.android.sdk.internal.di.UserId +import org.matrix.android.sdk.internal.session.SessionScope +import org.matrix.android.sdk.internal.task.SemaphoreCoroutineSequencer +import timber.log.Timber +import java.util.Stack +import java.util.concurrent.Executors +import javax.inject.Inject +import kotlin.system.measureTimeMillis + +private val loggerTag = LoggerTag("OutgoingKeyRequestManager", LoggerTag.CRYPTO) + +/** + * This class is responsible for sending key requests to other devices when a message failed to decrypt. + * It's lifecycle is based on the sync pulse: + * - You can post queries for session, or report when you got a session + * - At the end of the sync (onSyncComplete) it will then process all the posted request and send to devices + * If a request failed it will be retried at the end of the next sync + */ +@SessionScope +internal class OutgoingKeyRequestManager @Inject constructor( + @SessionId private val sessionId: String, + @UserId private val myUserId: String, + private val cryptoStore: IMXCryptoStore, + private val coroutineDispatchers: MatrixCoroutineDispatchers, + private val cryptoConfig: MXCryptoConfig, + private val inboundGroupSessionStore: InboundGroupSessionStore, + private val sendToDeviceTask: DefaultSendToDeviceTask, + private val deviceListManager: DeviceListManager, + private val perSessionBackupQueryRateLimiter: PerSessionBackupQueryRateLimiter) { + + private val dispatcher = Executors.newSingleThreadExecutor().asCoroutineDispatcher() + private val outgoingRequestScope = CoroutineScope(SupervisorJob() + dispatcher) + private val sequencer = SemaphoreCoroutineSequencer() + + // We only have one active key request per session, so we don't request if it's already requested + // But it could make sense to check more the backup, as it's evolving. + // We keep a stack as we consider that the key requested last is more likely to be on screen? + private val requestDiscardedBecauseAlreadySentThatCouldBeTriedWithBackup = Stack>() + + fun requestKeyForEvent(event: Event, force: Boolean) { + val (targets, body) = getRoomKeyRequestTargetForEvent(event) ?: return + val index = ratchetIndexForMessage(event) ?: 0 + postRoomKeyRequest(body, targets, index, force) + } + + private fun getRoomKeyRequestTargetForEvent(event: Event): Pair>, RoomKeyRequestBody>? { + val sender = event.senderId ?: return null + val encryptedEventContent = event.content.toModel() ?: return null.also { + Timber.tag(loggerTag.value).e("getRoomKeyRequestTargetForEvent Failed to re-request key, null content") + } + if (encryptedEventContent.algorithm != MXCRYPTO_ALGORITHM_MEGOLM) return null + + val senderDevice = encryptedEventContent.deviceId + val recipients = if (cryptoConfig.limitRoomKeyRequestsToMyDevices) { + mapOf( + myUserId to listOf("*") + ) + } else { + if (event.senderId == myUserId) { + mapOf( + myUserId to listOf("*") + ) + } else { + // for the case where you share the key with a device that has a broken olm session + // The other user might Re-shares a megolm session key with devices if the key has already been + // sent to them. + mapOf( + myUserId to listOf("*"), + + // We might not have deviceId in the future due to https://github.com/matrix-org/matrix-spec-proposals/pull/3700 + // so in this case query to all + sender to listOf(senderDevice ?: "*") + ) + } + } + + val requestBody = RoomKeyRequestBody( + roomId = event.roomId, + algorithm = encryptedEventContent.algorithm, + senderKey = encryptedEventContent.senderKey, + sessionId = encryptedEventContent.sessionId + ) + return recipients to requestBody + } + + private fun ratchetIndexForMessage(event: Event): Int? { + val encryptedContent = event.content.toModel() ?: return null + if (encryptedContent.algorithm != MXCRYPTO_ALGORITHM_MEGOLM) return null + return encryptedContent.ciphertext?.fromBase64()?.inputStream()?.reader()?.let { + tryOrNull { + val megolmVersion = it.read() + if (megolmVersion != 3) return@tryOrNull null + /** Int tag */ + if (it.read() != 8) return@tryOrNull null + it.read() + } + } + } + + fun postRoomKeyRequest(requestBody: RoomKeyRequestBody, recipients: Map>, fromIndex: Int, force: Boolean = false) { + outgoingRequestScope.launch { + sequencer.post { + internalQueueRequest(requestBody, recipients, fromIndex, force) + } + } + } + + /** + * Typically called when we the session as been imported or received meanwhile + */ + fun postCancelRequestForSessionIfNeeded(sessionId: String, roomId: String, senderKey: String, fromIndex: Int) { + outgoingRequestScope.launch { + sequencer.post { + internalQueueCancelRequest(sessionId, roomId, senderKey, fromIndex) + } + } + } + + fun onSelfCrossSigningTrustChanged(newTrust: Boolean) { + if (newTrust) { + // we were previously not cross signed, but we are now + // so there is now more chances to get better replies for existing request + // Let's forget about sent request so that next time we try to decrypt we will resend requests + // We don't resend all because we don't want to generate a bulk of traffic + outgoingRequestScope.launch { + sequencer.post { + cryptoStore.deleteOutgoingRoomKeyRequestInState(OutgoingRoomKeyRequestState.SENT) + } + + sequencer.post { + delay(1000) + perSessionBackupQueryRateLimiter.refreshBackupInfoIfNeeded(true) + } + } + } + } + + fun onRoomKeyForwarded(sessionId: String, + algorithm: String, + roomId: String, + senderKey: String, + fromDevice: String?, + fromIndex: Int, + event: Event) { + Timber.tag(loggerTag.value).d("Key forwarded for $sessionId from ${event.senderId}|$fromDevice at index $fromIndex") + outgoingRequestScope.launch { + sequencer.post { + cryptoStore.updateOutgoingRoomKeyReply( + roomId = roomId, + sessionId = sessionId, + algorithm = algorithm, + senderKey = senderKey, + fromDevice = fromDevice, + // strip out encrypted stuff as it's just a trail? + event = event.copy( + type = event.getClearType(), + content = mapOf( + "chain_index" to fromIndex + ) + ) + ) + } + } + } + + fun onRoomKeyWithHeld(sessionId: String, + algorithm: String, + roomId: String, + senderKey: String, + fromDevice: String?, + event: Event) { + outgoingRequestScope.launch { + sequencer.post { + Timber.tag(loggerTag.value).d("Withheld received for $sessionId from ${event.senderId}|$fromDevice") + Timber.tag(loggerTag.value).v("Withheld content ${event.getClearContent()}") + + // We want to store withheld code from the sender of the message (owner of the megolm session), not from + // other devices that might gossip the key. If not the initial reason might be overridden + // by a request to one of our session. + event.getClearContent().toModel()?.let { withheld -> + withContext(coroutineDispatchers.crypto) { + tryOrNull { + deviceListManager.downloadKeys(listOf(event.senderId ?: ""), false) + } + cryptoStore.getUserDeviceList(event.senderId ?: "") + .also { devices -> + Timber.tag(loggerTag.value) + .v("Withheld Devices for ${event.senderId} are ${devices.orEmpty().joinToString { it.identityKey() ?: "" }}") + } + ?.firstOrNull { + it.identityKey() == senderKey + } + }.also { + Timber.tag(loggerTag.value).v("Withheld device for sender key $senderKey is from ${it?.shortDebugString()}") + }?.let { + if (it.userId == event.senderId) { + if (fromDevice != null) { + if (it.deviceId == fromDevice) { + Timber.tag(loggerTag.value).v("Storing sender Withheld code ${withheld.code} for ${withheld.sessionId}") + cryptoStore.addWithHeldMegolmSession(withheld) + } + } else { + Timber.tag(loggerTag.value).v("Storing sender Withheld code ${withheld.code} for ${withheld.sessionId}") + cryptoStore.addWithHeldMegolmSession(withheld) + } + } + } + } + + // Here we store the replies from a given request + cryptoStore.updateOutgoingRoomKeyReply( + roomId = roomId, + sessionId = sessionId, + algorithm = algorithm, + senderKey = senderKey, + fromDevice = fromDevice, + event = event + ) + } + } + } + + /** + * Should be called after a sync, ideally if no catchup sync needed (as keys might arrive in those) + */ + fun requireProcessAllPendingKeyRequests() { + outgoingRequestScope.launch { + sequencer.post { + internalProcessPendingKeyRequests() + } + } + } + + private fun internalQueueCancelRequest(sessionId: String, roomId: String, senderKey: String, localKnownChainIndex: Int) { + // do we have known requests for that session?? + Timber.tag(loggerTag.value).v("Cancel Key Request if needed for $sessionId") + val knownRequest = cryptoStore.getOutgoingRoomKeyRequest( + algorithm = MXCRYPTO_ALGORITHM_MEGOLM, + roomId = roomId, + sessionId = sessionId, + senderKey = senderKey + ) + if (knownRequest.isEmpty()) return Unit.also { + Timber.tag(loggerTag.value).v("Handle Cancel Key Request for $sessionId -- Was not currently requested") + } + if (knownRequest.size > 1) { + // It's worth logging, there should be only one + Timber.tag(loggerTag.value).w("Found multiple requests for same sessionId $sessionId") + } + knownRequest.forEach { request -> + when (request.state) { + OutgoingRoomKeyRequestState.UNSENT -> { + if (request.fromIndex >= localKnownChainIndex) { + // we have a good index we can cancel + cryptoStore.deleteOutgoingRoomKeyRequest(request.requestId) + } + } + OutgoingRoomKeyRequestState.SENT -> { + // It was already sent, and index satisfied we can cancel + if (request.fromIndex >= localKnownChainIndex) { + cryptoStore.updateOutgoingRoomKeyRequestState(request.requestId, OutgoingRoomKeyRequestState.CANCELLATION_PENDING) + } + } + OutgoingRoomKeyRequestState.CANCELLATION_PENDING -> { + // It is already marked to be cancelled + } + OutgoingRoomKeyRequestState.CANCELLATION_PENDING_AND_WILL_RESEND -> { + if (request.fromIndex >= localKnownChainIndex) { + // we just want to cancel now + cryptoStore.updateOutgoingRoomKeyRequestState(request.requestId, OutgoingRoomKeyRequestState.CANCELLATION_PENDING) + } + } + OutgoingRoomKeyRequestState.SENT_THEN_CANCELED -> { + // was already canceled + // if we need a better index, should we resend? + } + } + } + } + + fun close() { + try { + outgoingRequestScope.cancel("User Terminate") + requestDiscardedBecauseAlreadySentThatCouldBeTriedWithBackup.clear() + } catch (failure: Throwable) { + Timber.tag(loggerTag.value).w("Failed to shutDown request manager") + } + } + + private fun internalQueueRequest(requestBody: RoomKeyRequestBody, recipients: Map>, fromIndex: Int, force: Boolean) { + if (!cryptoStore.isKeyGossipingEnabled()) { + // we might want to try backup? + if (requestBody.roomId != null && requestBody.sessionId != null) { + requestDiscardedBecauseAlreadySentThatCouldBeTriedWithBackup.push(requestBody.roomId to requestBody.sessionId) + } + Timber.tag(loggerTag.value).d("discarding request for ${requestBody.sessionId} as gossiping is disabled") + return + } + + Timber.tag(loggerTag.value).d("Queueing key request for ${requestBody.sessionId} force:$force") + val existing = cryptoStore.getOutgoingRoomKeyRequest(requestBody) + Timber.tag(loggerTag.value).v("Queueing key request exiting is ${existing?.state}") + when (existing?.state) { + null -> { + // create a new one + cryptoStore.getOrAddOutgoingRoomKeyRequest(requestBody, recipients, fromIndex) + } + OutgoingRoomKeyRequestState.UNSENT -> { + // nothing it's new or not yet handled + } + OutgoingRoomKeyRequestState.SENT -> { + // it was already requested + Timber.tag(loggerTag.value).d("The session ${requestBody.sessionId} is already requested") + if (force) { + // update to UNSENT + Timber.tag(loggerTag.value).d(".. force to request ${requestBody.sessionId}") + cryptoStore.updateOutgoingRoomKeyRequestState(existing.requestId, OutgoingRoomKeyRequestState.CANCELLATION_PENDING_AND_WILL_RESEND) + } else { + if (existing.roomId != null && existing.sessionId != null) { + requestDiscardedBecauseAlreadySentThatCouldBeTriedWithBackup.push(existing.roomId to existing.sessionId) + } + } + } + OutgoingRoomKeyRequestState.CANCELLATION_PENDING -> { + // request is canceled only if I got the keys so what to do here... + if (force) { + cryptoStore.updateOutgoingRoomKeyRequestState(existing.requestId, OutgoingRoomKeyRequestState.CANCELLATION_PENDING_AND_WILL_RESEND) + } + } + OutgoingRoomKeyRequestState.CANCELLATION_PENDING_AND_WILL_RESEND -> { + // It's already going to resend + } + OutgoingRoomKeyRequestState.SENT_THEN_CANCELED -> { + if (force) { + cryptoStore.deleteOutgoingRoomKeyRequest(existing.requestId) + cryptoStore.getOrAddOutgoingRoomKeyRequest(requestBody, recipients, fromIndex) + } + } + } + + if (existing != null && existing.fromIndex >= fromIndex) { + // update the required index + cryptoStore.updateOutgoingRoomKeyRequiredIndex(existing.requestId, fromIndex) + } + } + + private suspend fun internalProcessPendingKeyRequests() { + val toProcess = cryptoStore.getOutgoingRoomKeyRequests(OutgoingRoomKeyRequestState.pendingStates()) + Timber.tag(loggerTag.value).v("Processing all pending key requests (found ${toProcess.size} pending)") + + measureTimeMillis { + toProcess.forEach { + when (it.state) { + OutgoingRoomKeyRequestState.UNSENT -> handleUnsentRequest(it) + OutgoingRoomKeyRequestState.CANCELLATION_PENDING -> handleRequestToCancel(it) + OutgoingRoomKeyRequestState.CANCELLATION_PENDING_AND_WILL_RESEND -> handleRequestToCancelWillResend(it) + OutgoingRoomKeyRequestState.SENT_THEN_CANCELED, + OutgoingRoomKeyRequestState.SENT -> { + // these are filtered out + } + } + } + }.let { + Timber.tag(loggerTag.value).v("Finish processing pending key request in $it ms") + } + + val maxBackupCallsBySync = 60 + var currentCalls = 0 + measureTimeMillis { + while (requestDiscardedBecauseAlreadySentThatCouldBeTriedWithBackup.isNotEmpty() && currentCalls < maxBackupCallsBySync) { + requestDiscardedBecauseAlreadySentThatCouldBeTriedWithBackup.pop().let { (roomId, sessionId) -> + // we want to rate limit that somehow :/ + perSessionBackupQueryRateLimiter.tryFromBackupIfPossible(sessionId, roomId) + } + currentCalls++ + } + }.let { + Timber.tag(loggerTag.value).v("Finish querying backup in $it ms") + } + } + + private suspend fun handleUnsentRequest(request: OutgoingKeyRequest) { + // In order to avoid generating to_device traffic, we can first check if the key is backed up + Timber.tag(loggerTag.value).v("Handling unsent request for megolm session ${request.sessionId} in ${request.roomId}") + val sessionId = request.sessionId ?: return + val roomId = request.roomId ?: return + if (perSessionBackupQueryRateLimiter.tryFromBackupIfPossible(sessionId, roomId)) { + // let's see what's the index + val knownIndex = tryOrNull { + inboundGroupSessionStore.getInboundGroupSession(sessionId, request.requestBody?.senderKey ?: "")?.wrapper?.firstKnownIndex + } + if (knownIndex != null && knownIndex <= request.fromIndex) { + // we found the key in backup with good enough index, so we can just mark as cancelled, no need to send request + Timber.tag(loggerTag.value).v("Megolm session $sessionId successfully restored from backup, do not send request") + cryptoStore.deleteOutgoingRoomKeyRequest(request.requestId) + return + } + } + + // we need to send the request + val toDeviceContent = RoomKeyShareRequest( + requestingDeviceId = cryptoStore.getDeviceId(), + requestId = request.requestId, + action = GossipingToDeviceObject.ACTION_SHARE_REQUEST, + body = request.requestBody + ) + val contentMap = MXUsersDevicesMap() + request.recipients.forEach { userToDeviceMap -> + userToDeviceMap.value.forEach { deviceId -> + contentMap.setObject(userToDeviceMap.key, deviceId, toDeviceContent) + } + } + + val params = SendToDeviceTask.Params( + eventType = EventType.ROOM_KEY_REQUEST, + contentMap = contentMap, + transactionId = request.requestId + ) + try { + withContext(coroutineDispatchers.io) { + sendToDeviceTask.executeRetry(params, 3) + } + Timber.tag(loggerTag.value).d("Key request sent for $sessionId in room $roomId to ${request.recipients}") + // The request was sent, so update state + cryptoStore.updateOutgoingRoomKeyRequestState(request.requestId, OutgoingRoomKeyRequestState.SENT) + // TODO update the audit trail + } catch (failure: Throwable) { + Timber.tag(loggerTag.value).v("Failed to request $sessionId targets:${request.recipients}") + } + } + + private suspend fun handleRequestToCancel(request: OutgoingKeyRequest): Boolean { + Timber.tag(loggerTag.value).v("handleRequestToCancel for megolm session ${request.sessionId}") + // we have to cancel this + val toDeviceContent = RoomKeyShareRequest( + requestingDeviceId = cryptoStore.getDeviceId(), + requestId = request.requestId, + action = GossipingToDeviceObject.ACTION_SHARE_CANCELLATION + ) + val contentMap = MXUsersDevicesMap() + request.recipients.forEach { userToDeviceMap -> + userToDeviceMap.value.forEach { deviceId -> + contentMap.setObject(userToDeviceMap.key, deviceId, toDeviceContent) + } + } + + val params = SendToDeviceTask.Params( + eventType = EventType.ROOM_KEY_REQUEST, + contentMap = contentMap, + transactionId = request.requestId + ) + return try { + withContext(coroutineDispatchers.io) { + sendToDeviceTask.executeRetry(params, 3) + } + // The request cancellation was sent, we don't delete yet because we want + // to keep trace of the sent replies + cryptoStore.updateOutgoingRoomKeyRequestState(request.requestId, OutgoingRoomKeyRequestState.SENT_THEN_CANCELED) + true + } catch (failure: Throwable) { + Timber.tag(loggerTag.value).v("Failed to cancel request ${request.requestId} for session $sessionId targets:${request.recipients}") + false + } + } + + private suspend fun handleRequestToCancelWillResend(request: OutgoingKeyRequest) { + if (handleRequestToCancel(request)) { + // this will create a new unsent request with no replies that will be process in the following call + cryptoStore.deleteOutgoingRoomKeyRequest(request.requestId) + request.requestBody?.let { cryptoStore.getOrAddOutgoingRoomKeyRequest(it, request.recipients, request.fromIndex) } + } + } +} diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/SecretShareManager.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/SecretShareManager.kt index 1bdf18b272..b10c77dfd3 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/SecretShareManager.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/SecretShareManager.kt @@ -1,294 +1,298 @@ -/* - * Copyright (c) 2022 The Matrix.org Foundation C.I.C. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.matrix.android.sdk.internal.crypto - -import kotlinx.coroutines.CoroutineScope -import kotlinx.coroutines.launch -import kotlinx.coroutines.sync.Mutex -import kotlinx.coroutines.sync.withLock -import kotlinx.coroutines.withContext -import org.matrix.android.sdk.api.MatrixCoroutineDispatchers -import org.matrix.android.sdk.api.auth.data.Credentials -import org.matrix.android.sdk.api.logger.LoggerTag -import org.matrix.android.sdk.api.session.crypto.crosssigning.KEYBACKUP_SECRET_SSSS_NAME -import org.matrix.android.sdk.api.session.crypto.crosssigning.MASTER_KEY_SSSS_NAME -import org.matrix.android.sdk.api.session.crypto.crosssigning.SELF_SIGNING_KEY_SSSS_NAME -import org.matrix.android.sdk.api.session.crypto.crosssigning.USER_SIGNING_KEY_SSSS_NAME -import org.matrix.android.sdk.api.session.crypto.keysbackup.extractCurveKeyFromRecoveryKey -import org.matrix.android.sdk.api.session.crypto.keyshare.GossipingRequestListener -import org.matrix.android.sdk.api.session.crypto.model.MXUsersDevicesMap -import org.matrix.android.sdk.api.session.crypto.model.SecretShareRequest -import org.matrix.android.sdk.api.session.events.model.Event -import org.matrix.android.sdk.api.session.events.model.EventType -import org.matrix.android.sdk.api.session.events.model.content.SecretSendEventContent -import org.matrix.android.sdk.api.session.events.model.toModel -import org.matrix.android.sdk.api.util.toBase64NoPadding -import org.matrix.android.sdk.internal.crypto.actions.EnsureOlmSessionsForDevicesAction -import org.matrix.android.sdk.internal.crypto.actions.MessageEncrypter -import org.matrix.android.sdk.internal.crypto.store.IMXCryptoStore -import org.matrix.android.sdk.internal.crypto.tasks.SendToDeviceTask -import org.matrix.android.sdk.internal.crypto.tasks.createUniqueTxnId -import org.matrix.android.sdk.internal.session.SessionScope -import timber.log.Timber -import javax.inject.Inject - -private val loggerTag = LoggerTag("SecretShareManager", LoggerTag.CRYPTO) - -@SessionScope -internal class SecretShareManager @Inject constructor( - private val credentials: Credentials, - private val cryptoStore: IMXCryptoStore, - private val cryptoCoroutineScope: CoroutineScope, - private val messageEncrypter: MessageEncrypter, - private val ensureOlmSessionsForDevicesAction: EnsureOlmSessionsForDevicesAction, - private val sendToDeviceTask: SendToDeviceTask, - private val coroutineDispatchers: MatrixCoroutineDispatchers -) { - - companion object { - private const val SECRET_SHARE_WINDOW_DURATION = 5 * 60 * 1000 // 5 minutes - } - - /** - * Secret gossiping only occurs during a limited window period after interactive verification. - * We keep track of recent verification in memory for that purpose (no need to persist) - */ - private val recentlyVerifiedDevices = mutableMapOf() - private val verifMutex = Mutex() - - /** - * Secrets are exchanged as part of interactive verification, - * so we can just store in memory. - */ - private val outgoingSecretRequests = mutableListOf() - - // the listeners - private val gossipingRequestListeners: MutableSet = HashSet() - - fun addListener(listener: GossipingRequestListener) { - synchronized(gossipingRequestListeners) { - gossipingRequestListeners.add(listener) - } - } - - fun removeRoomKeysRequestListener(listener: GossipingRequestListener) { - synchronized(gossipingRequestListeners) { - gossipingRequestListeners.remove(listener) - } - } - - /** - * Called when a session has been verified. - * This information can be used by the manager to decide whether or not to fullfill gossiping requests. - * This should be called as fast as possible after a successful self interactive verification - */ - fun onVerificationCompleteForDevice(deviceId: String) { - // For now we just keep an in memory cache - cryptoCoroutineScope.launch { - verifMutex.withLock { - recentlyVerifiedDevices[deviceId] = System.currentTimeMillis() - } - } - } - - suspend fun handleSecretRequest(toDevice: Event) { - val request = toDevice.getClearContent().toModel() - ?: return Unit.also { - Timber.tag(loggerTag.value) - .w("handleSecretRequest() : malformed request") - } - -// val (action, requestingDeviceId, requestId, secretName) = it - val secretName = request.secretName ?: return Unit.also { - Timber.tag(loggerTag.value) - .v("handleSecretRequest() : Missing secret name") - } - - val userId = toDevice.senderId ?: return Unit.also { - Timber.tag(loggerTag.value) - .v("handleSecretRequest() : Missing secret name") - } - - if (userId != credentials.userId) { - // secrets are only shared between our own devices - Timber.e("Ignoring secret share request from other users $userId") - return - } - - val deviceId = request.requestingDeviceId - ?: return Unit.also { - Timber.tag(loggerTag.value) - .w("handleSecretRequest() : malformed request norequestingDeviceId ") - } - - val device = cryptoStore.getUserDevice(credentials.userId, deviceId) - ?: return Unit.also { - Timber.e("Received secret share request from unknown device $deviceId") - } - - val isRequestingDeviceTrusted = device.isVerified - val isRecentInteractiveVerification = hasBeenVerifiedLessThanFiveMinutesFromNow(device.deviceId) - if (isRequestingDeviceTrusted && isRecentInteractiveVerification) { - // we can share the secret - - val secretValue = when (secretName) { - MASTER_KEY_SSSS_NAME -> cryptoStore.getCrossSigningPrivateKeys()?.master - SELF_SIGNING_KEY_SSSS_NAME -> cryptoStore.getCrossSigningPrivateKeys()?.selfSigned - USER_SIGNING_KEY_SSSS_NAME -> cryptoStore.getCrossSigningPrivateKeys()?.user - KEYBACKUP_SECRET_SSSS_NAME -> cryptoStore.getKeyBackupRecoveryKeyInfo()?.recoveryKey - ?.let { - extractCurveKeyFromRecoveryKey(it)?.toBase64NoPadding() - } - else -> null - } - if (secretValue == null) { - Timber.i("The secret is unknown $secretName, passing to app layer") - val toList = synchronized(gossipingRequestListeners) { gossipingRequestListeners.toList() } - toList.onEach { listener -> - listener.onSecretShareRequest(request) - } - return - } - - val payloadJson = mapOf( - "type" to EventType.SEND_SECRET, - "content" to mapOf( - "request_id" to request.requestId, - "secret" to secretValue - ) - ) - - // Is it possible that we don't have an olm session? - val devicesByUser = mapOf(device.userId to listOf(device)) - val usersDeviceMap = try { - ensureOlmSessionsForDevicesAction.handle(devicesByUser) - } catch (failure: Throwable) { - Timber.tag(loggerTag.value) - .w("Can't share secret ${request.secretName}: Failed to establish olm session") - return - } - - val olmSessionResult = usersDeviceMap.getObject(device.userId, device.deviceId) - if (olmSessionResult?.sessionId == null) { - Timber.tag(loggerTag.value) - .w("secret share: no session with this device $deviceId, probably because there were no one-time keys") - return - } - - val encodedPayload = messageEncrypter.encryptMessage(payloadJson, listOf(device)) - val sendToDeviceMap = MXUsersDevicesMap() - sendToDeviceMap.setObject(device.userId, device.deviceId, encodedPayload) - val sendToDeviceParams = SendToDeviceTask.Params(EventType.ENCRYPTED, sendToDeviceMap) - try { - // raise the retries for secret - sendToDeviceTask.executeRetry(sendToDeviceParams, 6) - Timber.tag(loggerTag.value) - .i("successfully shared secret $secretName to ${device.shortDebugString()}") - // TODO add a trail for that in audit logs - } catch (failure: Throwable) { - Timber.tag(loggerTag.value) - .e(failure, "failed to send shared secret $secretName to ${device.shortDebugString()}") - } - } else { - Timber.d(" Received secret share request from un-authorised device ${device.deviceId}") - } - } - - private suspend fun hasBeenVerifiedLessThanFiveMinutesFromNow(deviceId: String): Boolean { - val verifTimestamp = verifMutex.withLock { - recentlyVerifiedDevices[deviceId] - } ?: return false - - val age = System.currentTimeMillis() - verifTimestamp - - return age < SECRET_SHARE_WINDOW_DURATION - } - - suspend fun requestSecretTo(deviceId: String, secretName: String) { - val cryptoDeviceInfo = cryptoStore.getUserDevice(credentials.userId, deviceId) ?: return Unit.also { - Timber.tag(loggerTag.value) - .d("Can't request secret for $secretName unknown device $deviceId") - } - val toDeviceContent = SecretShareRequest( - requestingDeviceId = credentials.deviceId, - secretName = secretName, - requestId = createUniqueTxnId() - ) - - verifMutex.withLock { - outgoingSecretRequests.add(toDeviceContent) - } - - val contentMap = MXUsersDevicesMap() - contentMap.setObject(cryptoDeviceInfo.userId, cryptoDeviceInfo.deviceId, toDeviceContent) - - val params = SendToDeviceTask.Params( - eventType = EventType.REQUEST_SECRET, - contentMap = contentMap - ) - try { - withContext(coroutineDispatchers.io) { - sendToDeviceTask.executeRetry(params, 3) - } - Timber.tag(loggerTag.value) - .d("Secret request sent for $secretName to ${cryptoDeviceInfo.shortDebugString()}") - // TODO update the audit trail - } catch (failure: Throwable) { - Timber.tag(loggerTag.value) - .w("Failed to request secret $secretName to ${cryptoDeviceInfo.shortDebugString()}") - } - } - - suspend fun onSecretSendReceived(toDevice: Event, handleGossip: ((name: String, value: String) -> Boolean)) { - Timber.tag(loggerTag.value) - .i("onSecretSend() from ${toDevice.senderId} : onSecretSendReceived ${toDevice.content?.get("sender_key")}") - if (!toDevice.isEncrypted()) { - // secret send messages must be encrypted - Timber.tag(loggerTag.value).e("onSecretSend() :Received unencrypted secret send event") - return - } - - // Was that sent by us? - if (toDevice.senderId != credentials.userId) { - Timber.tag(loggerTag.value).e("onSecretSend() : Ignore secret from other user ${toDevice.senderId}") - return - } - - val secretContent = toDevice.getClearContent().toModel() ?: return - - val existingRequest = verifMutex.withLock { - outgoingSecretRequests.firstOrNull { it.requestId == secretContent.requestId } - } - - // As per spec: - // Clients should ignore m.secret.send events received from devices that it did not send an m.secret.request event to. - if (existingRequest?.secretName == null) { - Timber.tag(loggerTag.value).i("onSecretSend() : Ignore secret that was not requested: ${secretContent.requestId}") - return - } - // we don't need to cancel the request as we only request to one device - // just forget about the request now - verifMutex.withLock { - outgoingSecretRequests.remove(existingRequest) - } - - if (!handleGossip(existingRequest.secretName, secretContent.secretValue)) { - // TODO Ask to application layer? - Timber.tag(loggerTag.value).v("onSecretSend() : secret not handled by SDK") - } - } -} +/* + * Copyright (c) 2022 The Matrix.org Foundation C.I.C. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.matrix.android.sdk.internal.crypto + +import kotlinx.coroutines.CoroutineScope +import kotlinx.coroutines.launch +import kotlinx.coroutines.sync.Mutex +import kotlinx.coroutines.sync.withLock +import kotlinx.coroutines.withContext +import org.matrix.android.sdk.api.MatrixCoroutineDispatchers +import org.matrix.android.sdk.api.auth.data.Credentials +import org.matrix.android.sdk.api.logger.LoggerTag +import org.matrix.android.sdk.api.session.crypto.crosssigning.KEYBACKUP_SECRET_SSSS_NAME +import org.matrix.android.sdk.api.session.crypto.crosssigning.MASTER_KEY_SSSS_NAME +import org.matrix.android.sdk.api.session.crypto.crosssigning.SELF_SIGNING_KEY_SSSS_NAME +import org.matrix.android.sdk.api.session.crypto.crosssigning.USER_SIGNING_KEY_SSSS_NAME +import org.matrix.android.sdk.api.session.crypto.keysbackup.extractCurveKeyFromRecoveryKey +import org.matrix.android.sdk.api.session.crypto.keyshare.GossipingRequestListener +import org.matrix.android.sdk.api.session.crypto.model.MXUsersDevicesMap +import org.matrix.android.sdk.api.session.crypto.model.SecretShareRequest +import org.matrix.android.sdk.api.session.events.model.Event +import org.matrix.android.sdk.api.session.events.model.EventType +import org.matrix.android.sdk.api.session.events.model.content.SecretSendEventContent +import org.matrix.android.sdk.api.session.events.model.toModel +import org.matrix.android.sdk.api.util.toBase64NoPadding +import org.matrix.android.sdk.internal.crypto.actions.EnsureOlmSessionsForDevicesAction +import org.matrix.android.sdk.internal.crypto.actions.MessageEncrypter +import org.matrix.android.sdk.internal.crypto.store.IMXCryptoStore +import org.matrix.android.sdk.internal.crypto.tasks.SendToDeviceTask +import org.matrix.android.sdk.internal.crypto.tasks.createUniqueTxnId +import org.matrix.android.sdk.internal.session.SessionScope +import timber.log.Timber +import javax.inject.Inject + +private val loggerTag = LoggerTag("SecretShareManager", LoggerTag.CRYPTO) + +@SessionScope +internal class SecretShareManager @Inject constructor( + private val credentials: Credentials, + private val cryptoStore: IMXCryptoStore, + private val cryptoCoroutineScope: CoroutineScope, + private val messageEncrypter: MessageEncrypter, + private val ensureOlmSessionsForDevicesAction: EnsureOlmSessionsForDevicesAction, + private val sendToDeviceTask: SendToDeviceTask, + private val coroutineDispatchers: MatrixCoroutineDispatchers +) { + + companion object { + private const val SECRET_SHARE_WINDOW_DURATION = 5 * 60 * 1000 // 5 minutes + } + + /** + * Secret gossiping only occurs during a limited window period after interactive verification. + * We keep track of recent verification in memory for that purpose (no need to persist) + */ + private val recentlyVerifiedDevices = mutableMapOf() + private val verifMutex = Mutex() + + /** + * Secrets are exchanged as part of interactive verification, + * so we can just store in memory. + */ + private val outgoingSecretRequests = mutableListOf() + + // the listeners + private val gossipingRequestListeners: MutableSet = HashSet() + + fun addListener(listener: GossipingRequestListener) { + synchronized(gossipingRequestListeners) { + gossipingRequestListeners.add(listener) + } + } + + fun removeRoomKeysRequestListener(listener: GossipingRequestListener) { + synchronized(gossipingRequestListeners) { + gossipingRequestListeners.remove(listener) + } + } + + /** + * Called when a session has been verified. + * This information can be used by the manager to decide whether or not to fullfill gossiping requests. + * This should be called as fast as possible after a successful self interactive verification + */ + fun onVerificationCompleteForDevice(deviceId: String) { + // For now we just keep an in memory cache + cryptoCoroutineScope.launch { + verifMutex.withLock { + recentlyVerifiedDevices[deviceId] = System.currentTimeMillis() + } + } + } + + suspend fun handleSecretRequest(toDevice: Event) { + val request = toDevice.getClearContent().toModel() + ?: return Unit.also { + Timber.tag(loggerTag.value) + .w("handleSecretRequest() : malformed request") + } + +// val (action, requestingDeviceId, requestId, secretName) = it + val secretName = request.secretName ?: return Unit.also { + Timber.tag(loggerTag.value) + .v("handleSecretRequest() : Missing secret name") + } + + val userId = toDevice.senderId ?: return Unit.also { + Timber.tag(loggerTag.value) + .v("handleSecretRequest() : Missing secret name") + } + + if (userId != credentials.userId) { + // secrets are only shared between our own devices + Timber.tag(loggerTag.value) + .e("Ignoring secret share request from other users $userId") + return + } + + val deviceId = request.requestingDeviceId + ?: return Unit.also { + Timber.tag(loggerTag.value) + .w("handleSecretRequest() : malformed request norequestingDeviceId ") + } + + val device = cryptoStore.getUserDevice(credentials.userId, deviceId) + ?: return Unit.also { + Timber.tag(loggerTag.value) + .e("Received secret share request from unknown device $deviceId") + } + + val isRequestingDeviceTrusted = device.isVerified + val isRecentInteractiveVerification = hasBeenVerifiedLessThanFiveMinutesFromNow(device.deviceId) + if (isRequestingDeviceTrusted && isRecentInteractiveVerification) { + // we can share the secret + + val secretValue = when (secretName) { + MASTER_KEY_SSSS_NAME -> cryptoStore.getCrossSigningPrivateKeys()?.master + SELF_SIGNING_KEY_SSSS_NAME -> cryptoStore.getCrossSigningPrivateKeys()?.selfSigned + USER_SIGNING_KEY_SSSS_NAME -> cryptoStore.getCrossSigningPrivateKeys()?.user + KEYBACKUP_SECRET_SSSS_NAME -> cryptoStore.getKeyBackupRecoveryKeyInfo()?.recoveryKey + ?.let { + extractCurveKeyFromRecoveryKey(it)?.toBase64NoPadding() + } + else -> null + } + if (secretValue == null) { + Timber.tag(loggerTag.value) + .i("The secret is unknown $secretName, passing to app layer") + val toList = synchronized(gossipingRequestListeners) { gossipingRequestListeners.toList() } + toList.onEach { listener -> + listener.onSecretShareRequest(request) + } + return + } + + val payloadJson = mapOf( + "type" to EventType.SEND_SECRET, + "content" to mapOf( + "request_id" to request.requestId, + "secret" to secretValue + ) + ) + + // Is it possible that we don't have an olm session? + val devicesByUser = mapOf(device.userId to listOf(device)) + val usersDeviceMap = try { + ensureOlmSessionsForDevicesAction.handle(devicesByUser) + } catch (failure: Throwable) { + Timber.tag(loggerTag.value) + .w("Can't share secret ${request.secretName}: Failed to establish olm session") + return + } + + val olmSessionResult = usersDeviceMap.getObject(device.userId, device.deviceId) + if (olmSessionResult?.sessionId == null) { + Timber.tag(loggerTag.value) + .w("secret share: no session with this device $deviceId, probably because there were no one-time keys") + return + } + + val encodedPayload = messageEncrypter.encryptMessage(payloadJson, listOf(device)) + val sendToDeviceMap = MXUsersDevicesMap() + sendToDeviceMap.setObject(device.userId, device.deviceId, encodedPayload) + val sendToDeviceParams = SendToDeviceTask.Params(EventType.ENCRYPTED, sendToDeviceMap) + try { + // raise the retries for secret + sendToDeviceTask.executeRetry(sendToDeviceParams, 6) + Timber.tag(loggerTag.value) + .i("successfully shared secret $secretName to ${device.shortDebugString()}") + // TODO add a trail for that in audit logs + } catch (failure: Throwable) { + Timber.tag(loggerTag.value) + .e(failure, "failed to send shared secret $secretName to ${device.shortDebugString()}") + } + } else { + Timber.tag(loggerTag.value) + .d(" Received secret share request from un-authorised device ${device.deviceId}") + } + } + + private suspend fun hasBeenVerifiedLessThanFiveMinutesFromNow(deviceId: String): Boolean { + val verifTimestamp = verifMutex.withLock { + recentlyVerifiedDevices[deviceId] + } ?: return false + + val age = System.currentTimeMillis() - verifTimestamp + + return age < SECRET_SHARE_WINDOW_DURATION + } + + suspend fun requestSecretTo(deviceId: String, secretName: String) { + val cryptoDeviceInfo = cryptoStore.getUserDevice(credentials.userId, deviceId) ?: return Unit.also { + Timber.tag(loggerTag.value) + .d("Can't request secret for $secretName unknown device $deviceId") + } + val toDeviceContent = SecretShareRequest( + requestingDeviceId = credentials.deviceId, + secretName = secretName, + requestId = createUniqueTxnId() + ) + + verifMutex.withLock { + outgoingSecretRequests.add(toDeviceContent) + } + + val contentMap = MXUsersDevicesMap() + contentMap.setObject(cryptoDeviceInfo.userId, cryptoDeviceInfo.deviceId, toDeviceContent) + + val params = SendToDeviceTask.Params( + eventType = EventType.REQUEST_SECRET, + contentMap = contentMap + ) + try { + withContext(coroutineDispatchers.io) { + sendToDeviceTask.executeRetry(params, 3) + } + Timber.tag(loggerTag.value) + .d("Secret request sent for $secretName to ${cryptoDeviceInfo.shortDebugString()}") + // TODO update the audit trail + } catch (failure: Throwable) { + Timber.tag(loggerTag.value) + .w("Failed to request secret $secretName to ${cryptoDeviceInfo.shortDebugString()}") + } + } + + suspend fun onSecretSendReceived(toDevice: Event, handleGossip: ((name: String, value: String) -> Boolean)) { + Timber.tag(loggerTag.value) + .i("onSecretSend() from ${toDevice.senderId} : onSecretSendReceived ${toDevice.content?.get("sender_key")}") + if (!toDevice.isEncrypted()) { + // secret send messages must be encrypted + Timber.tag(loggerTag.value).e("onSecretSend() :Received unencrypted secret send event") + return + } + + // Was that sent by us? + if (toDevice.senderId != credentials.userId) { + Timber.tag(loggerTag.value).e("onSecretSend() : Ignore secret from other user ${toDevice.senderId}") + return + } + + val secretContent = toDevice.getClearContent().toModel() ?: return + + val existingRequest = verifMutex.withLock { + outgoingSecretRequests.firstOrNull { it.requestId == secretContent.requestId } + } + + // As per spec: + // Clients should ignore m.secret.send events received from devices that it did not send an m.secret.request event to. + if (existingRequest?.secretName == null) { + Timber.tag(loggerTag.value).i("onSecretSend() : Ignore secret that was not requested: ${secretContent.requestId}") + return + } + // we don't need to cancel the request as we only request to one device + // just forget about the request now + verifMutex.withLock { + outgoingSecretRequests.remove(existingRequest) + } + + if (!handleGossip(existingRequest.secretName, secretContent.secretValue)) { + // TODO Ask to application layer? + Timber.tag(loggerTag.value).v("onSecretSend() : secret not handled by SDK") + } + } +} diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/OutgoingGossipingRequestEntity.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/OutgoingGossipingRequestEntity.kt index cd3b21f7ba..1dd9cacb74 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/OutgoingGossipingRequestEntity.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/OutgoingGossipingRequestEntity.kt @@ -1,31 +1,31 @@ -// /* -// * Copyright 2020 The Matrix.org Foundation C.I.C. -// * -// * Licensed under the Apache License, Version 2.0 (the "License"); -// * you may not use this file except in compliance with the License. -// * You may obtain a copy of the License at -// * -// * http://www.apache.org/licenses/LICENSE-2.0 -// * -// * Unless required by applicable law or agreed to in writing, software -// * distributed under the License is distributed on an "AS IS" BASIS, -// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// * See the License for the specific language governing permissions and -// * limitations under the License. -// */ - -package org.matrix.android.sdk.internal.crypto.store.db.model - -import io.realm.RealmObject -import io.realm.annotations.Index - -// not used anymore, just here for db migration -internal open class OutgoingGossipingRequestEntity( - @Index var requestId: String? = null, - var recipientsData: String? = null, - var requestedInfoStr: String? = null, - @Index var typeStr: String? = null -) : RealmObject() { - - private var requestStateStr: String = "" -} + /* + * Copyright 2020 The Matrix.org Foundation C.I.C. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.matrix.android.sdk.internal.crypto.store.db.model + +import io.realm.RealmObject +import io.realm.annotations.Index + +// not used anymore, just here for db migration +internal open class OutgoingGossipingRequestEntity( + @Index var requestId: String? = null, + var recipientsData: String? = null, + var requestedInfoStr: String? = null, + @Index var typeStr: String? = null +) : RealmObject() { + + private var requestStateStr: String = "" +} diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/VerificationTransportRoomMessage.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/VerificationTransportRoomMessage.kt index b6eba6b3b4..dfdda4f1d8 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/VerificationTransportRoomMessage.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/VerificationTransportRoomMessage.kt @@ -1,315 +1,316 @@ -/* - * Copyright 2020 The Matrix.org Foundation C.I.C. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.matrix.android.sdk.internal.crypto.verification - -import kotlinx.coroutines.CoroutineScope -import kotlinx.coroutines.SupervisorJob -import kotlinx.coroutines.asCoroutineDispatcher -import kotlinx.coroutines.launch -import org.matrix.android.sdk.api.session.crypto.verification.CancelCode -import org.matrix.android.sdk.api.session.crypto.verification.ValidVerificationInfoRequest -import org.matrix.android.sdk.api.session.crypto.verification.VerificationTxState -import org.matrix.android.sdk.api.session.events.model.Content -import org.matrix.android.sdk.api.session.events.model.Event -import org.matrix.android.sdk.api.session.events.model.EventType -import org.matrix.android.sdk.api.session.events.model.LocalEcho -import org.matrix.android.sdk.api.session.events.model.RelationType -import org.matrix.android.sdk.api.session.events.model.UnsignedData -import org.matrix.android.sdk.api.session.events.model.toContent -import org.matrix.android.sdk.api.session.room.model.message.MessageVerificationAcceptContent -import org.matrix.android.sdk.api.session.room.model.message.MessageVerificationCancelContent -import org.matrix.android.sdk.api.session.room.model.message.MessageVerificationDoneContent -import org.matrix.android.sdk.api.session.room.model.message.MessageVerificationKeyContent -import org.matrix.android.sdk.api.session.room.model.message.MessageVerificationMacContent -import org.matrix.android.sdk.api.session.room.model.message.MessageVerificationReadyContent -import org.matrix.android.sdk.api.session.room.model.message.MessageVerificationRequestContent -import org.matrix.android.sdk.api.session.room.model.message.MessageVerificationStartContent -import org.matrix.android.sdk.api.session.room.model.relation.RelationDefaultContent -import org.matrix.android.sdk.internal.crypto.model.rest.VERIFICATION_METHOD_RECIPROCATE -import org.matrix.android.sdk.internal.crypto.model.rest.VERIFICATION_METHOD_SAS -import org.matrix.android.sdk.internal.crypto.tasks.SendVerificationMessageTask -import org.matrix.android.sdk.internal.session.room.send.LocalEchoEventFactory -import org.matrix.android.sdk.internal.task.SemaphoreCoroutineSequencer -import timber.log.Timber -import java.util.concurrent.Executors - -internal class VerificationTransportRoomMessage( - private val sendVerificationMessageTask: SendVerificationMessageTask, - private val userId: String, - private val userDeviceId: String?, - private val roomId: String, - private val localEchoEventFactory: LocalEchoEventFactory, - private val tx: DefaultVerificationTransaction? -) : VerificationTransport { - - private val dispatcher = Executors.newSingleThreadExecutor().asCoroutineDispatcher() - private val verificationSenderScope = CoroutineScope(SupervisorJob() + dispatcher) - private val sequencer = SemaphoreCoroutineSequencer() - - override fun sendToOther(type: String, - verificationInfo: VerificationInfo, - nextState: VerificationTxState, - onErrorReason: CancelCode, - onDone: (() -> Unit)?) { - Timber.d("## SAS sending msg type $type") - Timber.v("## SAS sending msg info $verificationInfo") - val event = createEventAndLocalEcho( - type = type, - roomId = roomId, - content = verificationInfo.toEventContent()!! - ) - - verificationSenderScope.launch { - sequencer.post { - try { - val params = SendVerificationMessageTask.Params(event) - sendVerificationMessageTask.executeRetry(params, 5) - // Do I need to update local echo state to sent? - if (onDone != null) { - onDone() - } else { - tx?.state = nextState - } - } catch (failure: Throwable) { - tx?.cancel(onErrorReason) - } - } - } - } - - override fun sendVerificationRequest(supportedMethods: List, - localId: String, - otherUserId: String, - roomId: String?, - toDevices: List?, - callback: (String?, ValidVerificationInfoRequest?) -> Unit) { - Timber.d("## SAS sending verification request with supported methods: $supportedMethods") - // This transport requires a room - requireNotNull(roomId) - - val validInfo = ValidVerificationInfoRequest( - transactionId = "", - fromDevice = userDeviceId ?: "", - methods = supportedMethods, - timestamp = System.currentTimeMillis() - ) - - val info = MessageVerificationRequestContent( - body = "$userId is requesting to verify your key, but your client does not support in-chat key verification." + - " You will need to use legacy key verification to verify keys.", - fromDevice = validInfo.fromDevice, - toUserId = otherUserId, - timestamp = validInfo.timestamp, - methods = validInfo.methods - ) - val content = info.toContent() - - val event = createEventAndLocalEcho( - localId = localId, - type = EventType.MESSAGE, - roomId = roomId, - content = content - ) - - verificationSenderScope.launch { - val params = SendVerificationMessageTask.Params(event) - sequencer.post { - try { - val eventId = sendVerificationMessageTask.executeRetry(params, 5) - // Do I need to update local echo state to sent? - callback(eventId, validInfo) - } catch (failure: Throwable) { - callback(null, null) - } - } - } - } - - override fun cancelTransaction(transactionId: String, otherUserId: String, otherUserDeviceId: String?, code: CancelCode) { - Timber.d("## SAS canceling transaction $transactionId for reason $code") - val event = createEventAndLocalEcho( - type = EventType.KEY_VERIFICATION_CANCEL, - roomId = roomId, - content = MessageVerificationCancelContent.create(transactionId, code).toContent() - ) - - verificationSenderScope.launch { - sequencer.post { - try { - val params = SendVerificationMessageTask.Params(event) - sendVerificationMessageTask.executeRetry(params, 5) - } catch (failure: Throwable) { - Timber.w("") - } - } - } - } - - override fun done(transactionId: String, - onDone: (() -> Unit)?) { - Timber.d("## SAS sending done for $transactionId") - val event = createEventAndLocalEcho( - type = EventType.KEY_VERIFICATION_DONE, - roomId = roomId, - content = MessageVerificationDoneContent( - relatesTo = RelationDefaultContent( - RelationType.REFERENCE, - transactionId - ) - ).toContent() - ) - verificationSenderScope.launch { - sequencer.post { - try { - val params = SendVerificationMessageTask.Params(event) - sendVerificationMessageTask.executeRetry(params, 5) - } catch (failure: Throwable) { - Timber.w("") - } finally { - onDone?.invoke() - } - } - } -// val workerParams = WorkerParamsFactory.toData(SendVerificationMessageWorker.Params( -// sessionId = sessionId, -// eventId = event.eventId ?: "" -// )) -// val enqueueInfo = enqueueSendWork(workerParams) -// -// val workLiveData = workManagerProvider.workManager -// .getWorkInfosForUniqueWorkLiveData(uniqueQueueName()) -// val observer = object : Observer> { -// override fun onChanged(workInfoList: List?) { -// workInfoList -// ?.filter { it.state == WorkInfo.State.SUCCEEDED } -// ?.firstOrNull { it.id == enqueueInfo.second } -// ?.let { _ -> -// onDone?.invoke() -// workLiveData.removeObserver(this) -// } -// } -// } -// -// // TODO listen to DB to get synced info -// coroutineScope.launch(Dispatchers.Main) { -// workLiveData.observeForever(observer) -// } - } - -// private fun enqueueSendWork(workerParams: Data): Pair { -// val workRequest = workManagerProvider.matrixOneTimeWorkRequestBuilder() -// .setConstraints(WorkManagerProvider.workConstraints) -// .setInputData(workerParams) -// .setBackoffCriteria(BackoffPolicy.LINEAR, WorkManagerProvider.BACKOFF_DELAY_MILLIS, TimeUnit.MILLISECONDS) -// .build() -// return workManagerProvider.workManager -// .beginUniqueWork(uniqueQueueName(), ExistingWorkPolicy.APPEND_OR_REPLACE, workRequest) -// .enqueue() to workRequest.id -// } - -// private fun uniqueQueueName() = "${roomId}_VerificationWork" - - override fun createAccept(tid: String, - keyAgreementProtocol: String, - hash: String, - commitment: String, - messageAuthenticationCode: String, - shortAuthenticationStrings: List): VerificationInfoAccept = - MessageVerificationAcceptContent.create( - tid, - keyAgreementProtocol, - hash, - commitment, - messageAuthenticationCode, - shortAuthenticationStrings - ) - - override fun createKey(tid: String, pubKey: String): VerificationInfoKey = MessageVerificationKeyContent.create(tid, pubKey) - - override fun createMac(tid: String, mac: Map, keys: String) = MessageVerificationMacContent.create(tid, mac, keys) - - override fun createStartForSas(fromDevice: String, - transactionId: String, - keyAgreementProtocols: List, - hashes: List, - messageAuthenticationCodes: List, - shortAuthenticationStrings: List): VerificationInfoStart { - return MessageVerificationStartContent( - fromDevice, - hashes, - keyAgreementProtocols, - messageAuthenticationCodes, - shortAuthenticationStrings, - VERIFICATION_METHOD_SAS, - RelationDefaultContent( - type = RelationType.REFERENCE, - eventId = transactionId - ), - null - ) - } - - override fun createStartForQrCode(fromDevice: String, - transactionId: String, - sharedSecret: String): VerificationInfoStart { - return MessageVerificationStartContent( - fromDevice, - null, - null, - null, - null, - VERIFICATION_METHOD_RECIPROCATE, - RelationDefaultContent( - type = RelationType.REFERENCE, - eventId = transactionId - ), - sharedSecret - ) - } - - override fun createReady(tid: String, fromDevice: String, methods: List): VerificationInfoReady { - return MessageVerificationReadyContent( - fromDevice = fromDevice, - relatesTo = RelationDefaultContent( - type = RelationType.REFERENCE, - eventId = tid - ), - methods = methods - ) - } - - private fun createEventAndLocalEcho(localId: String = LocalEcho.createLocalEchoId(), type: String, roomId: String, content: Content): Event { - return Event( - roomId = roomId, - originServerTs = System.currentTimeMillis(), - senderId = userId, - eventId = localId, - type = type, - content = content, - unsignedData = UnsignedData(age = null, transactionId = localId) - ).also { - localEchoEventFactory.createLocalEcho(it) - } - } - - override fun sendVerificationReady(keyReq: VerificationInfoReady, - otherUserId: String, - otherDeviceId: String?, - callback: (() -> Unit)?) { - // Not applicable (send event is called directly) - Timber.w("## SAS ignored verification ready with methods: ${keyReq.methods}") - } -} +/* + * Copyright 2020 The Matrix.org Foundation C.I.C. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.matrix.android.sdk.internal.crypto.verification + +import kotlinx.coroutines.CoroutineScope +import kotlinx.coroutines.SupervisorJob +import kotlinx.coroutines.asCoroutineDispatcher +import kotlinx.coroutines.launch +import org.matrix.android.sdk.api.session.crypto.verification.CancelCode +import org.matrix.android.sdk.api.session.crypto.verification.ValidVerificationInfoRequest +import org.matrix.android.sdk.api.session.crypto.verification.VerificationTxState +import org.matrix.android.sdk.api.session.events.model.Content +import org.matrix.android.sdk.api.session.events.model.Event +import org.matrix.android.sdk.api.session.events.model.EventType +import org.matrix.android.sdk.api.session.events.model.LocalEcho +import org.matrix.android.sdk.api.session.events.model.RelationType +import org.matrix.android.sdk.api.session.events.model.UnsignedData +import org.matrix.android.sdk.api.session.events.model.toContent +import org.matrix.android.sdk.api.session.room.model.message.MessageVerificationAcceptContent +import org.matrix.android.sdk.api.session.room.model.message.MessageVerificationCancelContent +import org.matrix.android.sdk.api.session.room.model.message.MessageVerificationDoneContent +import org.matrix.android.sdk.api.session.room.model.message.MessageVerificationKeyContent +import org.matrix.android.sdk.api.session.room.model.message.MessageVerificationMacContent +import org.matrix.android.sdk.api.session.room.model.message.MessageVerificationReadyContent +import org.matrix.android.sdk.api.session.room.model.message.MessageVerificationRequestContent +import org.matrix.android.sdk.api.session.room.model.message.MessageVerificationStartContent +import org.matrix.android.sdk.api.session.room.model.relation.RelationDefaultContent +import org.matrix.android.sdk.internal.crypto.model.rest.VERIFICATION_METHOD_RECIPROCATE +import org.matrix.android.sdk.internal.crypto.model.rest.VERIFICATION_METHOD_SAS +import org.matrix.android.sdk.internal.crypto.tasks.SendVerificationMessageTask +import org.matrix.android.sdk.internal.session.room.send.LocalEchoEventFactory +import org.matrix.android.sdk.internal.task.SemaphoreCoroutineSequencer +import timber.log.Timber +import java.util.concurrent.Executors + +internal class VerificationTransportRoomMessage( + private val sendVerificationMessageTask: SendVerificationMessageTask, + private val userId: String, + private val userDeviceId: String?, + private val roomId: String, + private val localEchoEventFactory: LocalEchoEventFactory, + private val tx: DefaultVerificationTransaction? +) : VerificationTransport { + + private val dispatcher = Executors.newSingleThreadExecutor().asCoroutineDispatcher() + private val verificationSenderScope = CoroutineScope(SupervisorJob() + dispatcher) + private val sequencer = SemaphoreCoroutineSequencer() + + override fun sendToOther(type: String, + verificationInfo: VerificationInfo, + nextState: VerificationTxState, + onErrorReason: CancelCode, + onDone: (() -> Unit)?) { + Timber.d("## SAS sending msg type $type") + Timber.v("## SAS sending msg info $verificationInfo") + val event = createEventAndLocalEcho( + type = type, + roomId = roomId, + content = verificationInfo.toEventContent()!! + ) + + verificationSenderScope.launch { + sequencer.post { + try { + val params = SendVerificationMessageTask.Params(event) + sendVerificationMessageTask.executeRetry(params, 5) + // Do I need to update local echo state to sent? + if (onDone != null) { + onDone() + } else { + tx?.state = nextState + } + } catch (failure: Throwable) { + tx?.cancel(onErrorReason) + } + } + } + } + + override fun sendVerificationRequest(supportedMethods: List, + localId: String, + otherUserId: String, + roomId: String?, + toDevices: List?, + callback: (String?, ValidVerificationInfoRequest?) -> Unit) { + Timber.d("## SAS sending verification request with supported methods: $supportedMethods") + // This transport requires a room + requireNotNull(roomId) + + val validInfo = ValidVerificationInfoRequest( + transactionId = "", + fromDevice = userDeviceId ?: "", + methods = supportedMethods, + timestamp = System.currentTimeMillis() + ) + + val info = MessageVerificationRequestContent( + body = "$userId is requesting to verify your key, but your client does not support in-chat key verification." + + " You will need to use legacy key verification to verify keys.", + fromDevice = validInfo.fromDevice, + toUserId = otherUserId, + timestamp = validInfo.timestamp, + methods = validInfo.methods + ) + val content = info.toContent() + + val event = createEventAndLocalEcho( + localId = localId, + type = EventType.MESSAGE, + roomId = roomId, + content = content + ) + + verificationSenderScope.launch { + val params = SendVerificationMessageTask.Params(event) + sequencer.post { + try { + val eventId = sendVerificationMessageTask.executeRetry(params, 5) + // Do I need to update local echo state to sent? + callback(eventId, validInfo) + } catch (failure: Throwable) { + callback(null, null) + } + } + } + } + + override fun cancelTransaction(transactionId: String, otherUserId: String, otherUserDeviceId: String?, code: CancelCode) { + Timber.d("## SAS canceling transaction $transactionId for reason $code") + val event = createEventAndLocalEcho( + type = EventType.KEY_VERIFICATION_CANCEL, + roomId = roomId, + content = MessageVerificationCancelContent.create(transactionId, code).toContent() + ) + + verificationSenderScope.launch { + sequencer.post { + try { + val params = SendVerificationMessageTask.Params(event) + sendVerificationMessageTask.executeRetry(params, 5) + } catch (failure: Throwable) { + Timber.w(failure, "Failed to cancel verification transaction") + } + } + } + } + + override fun done(transactionId: String, + onDone: (() -> Unit)?) { + Timber.d("## SAS sending done for $transactionId") + val event = createEventAndLocalEcho( + type = EventType.KEY_VERIFICATION_DONE, + roomId = roomId, + content = MessageVerificationDoneContent( + relatesTo = RelationDefaultContent( + RelationType.REFERENCE, + transactionId + ) + ).toContent() + ) + verificationSenderScope.launch { + sequencer.post { + try { + val params = SendVerificationMessageTask.Params(event) + sendVerificationMessageTask.executeRetry(params, 5) + } catch (failure: Throwable) { + Timber.w(failure, "Failed to complete (done) verification") + // should we call onDone? + } finally { + onDone?.invoke() + } + } + } +// val workerParams = WorkerParamsFactory.toData(SendVerificationMessageWorker.Params( +// sessionId = sessionId, +// eventId = event.eventId ?: "" +// )) +// val enqueueInfo = enqueueSendWork(workerParams) +// +// val workLiveData = workManagerProvider.workManager +// .getWorkInfosForUniqueWorkLiveData(uniqueQueueName()) +// val observer = object : Observer> { +// override fun onChanged(workInfoList: List?) { +// workInfoList +// ?.filter { it.state == WorkInfo.State.SUCCEEDED } +// ?.firstOrNull { it.id == enqueueInfo.second } +// ?.let { _ -> +// onDone?.invoke() +// workLiveData.removeObserver(this) +// } +// } +// } +// +// // TODO listen to DB to get synced info +// coroutineScope.launch(Dispatchers.Main) { +// workLiveData.observeForever(observer) +// } + } + +// private fun enqueueSendWork(workerParams: Data): Pair { +// val workRequest = workManagerProvider.matrixOneTimeWorkRequestBuilder() +// .setConstraints(WorkManagerProvider.workConstraints) +// .setInputData(workerParams) +// .setBackoffCriteria(BackoffPolicy.LINEAR, WorkManagerProvider.BACKOFF_DELAY_MILLIS, TimeUnit.MILLISECONDS) +// .build() +// return workManagerProvider.workManager +// .beginUniqueWork(uniqueQueueName(), ExistingWorkPolicy.APPEND_OR_REPLACE, workRequest) +// .enqueue() to workRequest.id +// } + +// private fun uniqueQueueName() = "${roomId}_VerificationWork" + + override fun createAccept(tid: String, + keyAgreementProtocol: String, + hash: String, + commitment: String, + messageAuthenticationCode: String, + shortAuthenticationStrings: List): VerificationInfoAccept = + MessageVerificationAcceptContent.create( + tid, + keyAgreementProtocol, + hash, + commitment, + messageAuthenticationCode, + shortAuthenticationStrings + ) + + override fun createKey(tid: String, pubKey: String): VerificationInfoKey = MessageVerificationKeyContent.create(tid, pubKey) + + override fun createMac(tid: String, mac: Map, keys: String) = MessageVerificationMacContent.create(tid, mac, keys) + + override fun createStartForSas(fromDevice: String, + transactionId: String, + keyAgreementProtocols: List, + hashes: List, + messageAuthenticationCodes: List, + shortAuthenticationStrings: List): VerificationInfoStart { + return MessageVerificationStartContent( + fromDevice, + hashes, + keyAgreementProtocols, + messageAuthenticationCodes, + shortAuthenticationStrings, + VERIFICATION_METHOD_SAS, + RelationDefaultContent( + type = RelationType.REFERENCE, + eventId = transactionId + ), + null + ) + } + + override fun createStartForQrCode(fromDevice: String, + transactionId: String, + sharedSecret: String): VerificationInfoStart { + return MessageVerificationStartContent( + fromDevice, + null, + null, + null, + null, + VERIFICATION_METHOD_RECIPROCATE, + RelationDefaultContent( + type = RelationType.REFERENCE, + eventId = transactionId + ), + sharedSecret + ) + } + + override fun createReady(tid: String, fromDevice: String, methods: List): VerificationInfoReady { + return MessageVerificationReadyContent( + fromDevice = fromDevice, + relatesTo = RelationDefaultContent( + type = RelationType.REFERENCE, + eventId = tid + ), + methods = methods + ) + } + + private fun createEventAndLocalEcho(localId: String = LocalEcho.createLocalEchoId(), type: String, roomId: String, content: Content): Event { + return Event( + roomId = roomId, + originServerTs = System.currentTimeMillis(), + senderId = userId, + eventId = localId, + type = type, + content = content, + unsignedData = UnsignedData(age = null, transactionId = localId) + ).also { + localEchoEventFactory.createLocalEcho(it) + } + } + + override fun sendVerificationReady(keyReq: VerificationInfoReady, + otherUserId: String, + otherDeviceId: String?, + callback: (() -> Unit)?) { + // Not applicable (send event is called directly) + Timber.w("## SAS ignored verification ready with methods: ${keyReq.methods}") + } +} From 058d2e6b72599bd16a97f536b79f93a07497616b Mon Sep 17 00:00:00 2001 From: Valere Date: Fri, 22 Apr 2022 11:38:29 +0200 Subject: [PATCH 021/433] Fix: ignore key request form self devices --- .../internal/crypto/DefaultCryptoService.kt | 2677 +++++++++-------- 1 file changed, 1343 insertions(+), 1334 deletions(-) diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/DefaultCryptoService.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/DefaultCryptoService.kt index f89927f9c2..98b5235e14 100755 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/DefaultCryptoService.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/DefaultCryptoService.kt @@ -1,1334 +1,1343 @@ -/* - * Copyright 2020 The Matrix.org Foundation C.I.C. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.matrix.android.sdk.internal.crypto - -import android.content.Context -import androidx.annotation.VisibleForTesting -import androidx.lifecycle.LiveData -import androidx.paging.PagedList -import com.squareup.moshi.Types -import dagger.Lazy -import kotlinx.coroutines.CancellationException -import kotlinx.coroutines.CoroutineScope -import kotlinx.coroutines.cancelChildren -import kotlinx.coroutines.launch -import kotlinx.coroutines.runBlocking -import kotlinx.coroutines.withContext -import org.matrix.android.sdk.api.MatrixCallback -import org.matrix.android.sdk.api.MatrixCoroutineDispatchers -import org.matrix.android.sdk.api.NoOpMatrixCallback -import org.matrix.android.sdk.api.auth.UserInteractiveAuthInterceptor -import org.matrix.android.sdk.api.crypto.MXCRYPTO_ALGORITHM_MEGOLM -import org.matrix.android.sdk.api.crypto.MXCRYPTO_ALGORITHM_OLM -import org.matrix.android.sdk.api.crypto.MXCryptoConfig -import org.matrix.android.sdk.api.extensions.tryOrNull -import org.matrix.android.sdk.api.failure.Failure -import org.matrix.android.sdk.api.listeners.ProgressListener -import org.matrix.android.sdk.api.logger.LoggerTag -import org.matrix.android.sdk.api.session.crypto.CryptoService -import org.matrix.android.sdk.api.session.crypto.MXCryptoError -import org.matrix.android.sdk.api.session.crypto.NewSessionListener -import org.matrix.android.sdk.api.session.crypto.OutgoingKeyRequest -import org.matrix.android.sdk.api.session.crypto.crosssigning.DeviceTrustLevel -import org.matrix.android.sdk.api.session.crypto.crosssigning.KEYBACKUP_SECRET_SSSS_NAME -import org.matrix.android.sdk.api.session.crypto.crosssigning.MASTER_KEY_SSSS_NAME -import org.matrix.android.sdk.api.session.crypto.crosssigning.SELF_SIGNING_KEY_SSSS_NAME -import org.matrix.android.sdk.api.session.crypto.crosssigning.USER_SIGNING_KEY_SSSS_NAME -import org.matrix.android.sdk.api.session.crypto.keyshare.GossipingRequestListener -import org.matrix.android.sdk.api.session.crypto.model.AuditTrail -import org.matrix.android.sdk.api.session.crypto.model.CryptoDeviceInfo -import org.matrix.android.sdk.api.session.crypto.model.DeviceInfo -import org.matrix.android.sdk.api.session.crypto.model.DevicesListResponse -import org.matrix.android.sdk.api.session.crypto.model.ImportRoomKeysResult -import org.matrix.android.sdk.api.session.crypto.model.IncomingRoomKeyRequest -import org.matrix.android.sdk.api.session.crypto.model.MXDeviceInfo -import org.matrix.android.sdk.api.session.crypto.model.MXEncryptEventContentResult -import org.matrix.android.sdk.api.session.crypto.model.MXEventDecryptionResult -import org.matrix.android.sdk.api.session.crypto.model.MXUsersDevicesMap -import org.matrix.android.sdk.api.session.crypto.model.RoomKeyShareRequest -import org.matrix.android.sdk.api.session.crypto.model.TrailType -import org.matrix.android.sdk.api.session.events.model.Content -import org.matrix.android.sdk.api.session.events.model.Event -import org.matrix.android.sdk.api.session.events.model.EventType -import org.matrix.android.sdk.api.session.events.model.content.RoomKeyContent -import org.matrix.android.sdk.api.session.events.model.content.RoomKeyWithHeldContent -import org.matrix.android.sdk.api.session.events.model.toModel -import org.matrix.android.sdk.api.session.room.model.Membership -import org.matrix.android.sdk.api.session.room.model.RoomHistoryVisibility -import org.matrix.android.sdk.api.session.room.model.RoomHistoryVisibilityContent -import org.matrix.android.sdk.api.session.room.model.RoomMemberContent -import org.matrix.android.sdk.api.session.sync.model.SyncResponse -import org.matrix.android.sdk.internal.crypto.actions.MegolmSessionDataImporter -import org.matrix.android.sdk.internal.crypto.actions.SetDeviceVerificationAction -import org.matrix.android.sdk.internal.crypto.algorithms.IMXEncrypting -import org.matrix.android.sdk.internal.crypto.algorithms.IMXGroupEncryption -import org.matrix.android.sdk.internal.crypto.algorithms.megolm.MXMegolmEncryptionFactory -import org.matrix.android.sdk.internal.crypto.algorithms.olm.MXOlmEncryptionFactory -import org.matrix.android.sdk.internal.crypto.crosssigning.DefaultCrossSigningService -import org.matrix.android.sdk.internal.crypto.keysbackup.DefaultKeysBackupService -import org.matrix.android.sdk.internal.crypto.model.MXKey.Companion.KEY_SIGNED_CURVE_25519_TYPE -import org.matrix.android.sdk.internal.crypto.model.toRest -import org.matrix.android.sdk.internal.crypto.repository.WarnOnUnknownDeviceRepository -import org.matrix.android.sdk.internal.crypto.store.IMXCryptoStore -import org.matrix.android.sdk.internal.crypto.tasks.DeleteDeviceTask -import org.matrix.android.sdk.internal.crypto.tasks.GetDeviceInfoTask -import org.matrix.android.sdk.internal.crypto.tasks.GetDevicesTask -import org.matrix.android.sdk.internal.crypto.tasks.SetDeviceNameTask -import org.matrix.android.sdk.internal.crypto.tasks.UploadKeysTask -import org.matrix.android.sdk.internal.crypto.verification.DefaultVerificationService -import org.matrix.android.sdk.internal.crypto.verification.VerificationMessageProcessor -import org.matrix.android.sdk.internal.di.DeviceId -import org.matrix.android.sdk.internal.di.MoshiProvider -import org.matrix.android.sdk.internal.di.UserId -import org.matrix.android.sdk.internal.extensions.foldToCallback -import org.matrix.android.sdk.internal.session.SessionScope -import org.matrix.android.sdk.internal.session.StreamEventsManager -import org.matrix.android.sdk.internal.session.room.membership.LoadRoomMembersTask -import org.matrix.android.sdk.internal.task.TaskExecutor -import org.matrix.android.sdk.internal.task.TaskThread -import org.matrix.android.sdk.internal.task.configureWith -import org.matrix.android.sdk.internal.task.launchToCallback -import org.matrix.android.sdk.internal.util.JsonCanonicalizer -import org.matrix.olm.OlmManager -import timber.log.Timber -import java.util.concurrent.atomic.AtomicBoolean -import javax.inject.Inject -import kotlin.math.max - -/** - * A `CryptoService` class instance manages the end-to-end crypto for a session. - * - * - * Messages posted by the user are automatically redirected to CryptoService in order to be encrypted - * before sending. - * In the other hand, received events goes through CryptoService for decrypting. - * CryptoService maintains all necessary keys and their sharing with other devices required for the crypto. - * Specially, it tracks all room membership changes events in order to do keys updates. - */ - -private val loggerTag = LoggerTag("DefaultCryptoService", LoggerTag.CRYPTO) - -@SessionScope -internal class DefaultCryptoService @Inject constructor( - // Olm Manager - private val olmManager: OlmManager, - @UserId - private val userId: String, - @DeviceId - private val deviceId: String?, - private val myDeviceInfoHolder: Lazy, - // the crypto store - private val cryptoStore: IMXCryptoStore, - // Room encryptors store - private val roomEncryptorsStore: RoomEncryptorsStore, - // Olm device - private val olmDevice: MXOlmDevice, - // Set of parameters used to configure/customize the end-to-end crypto. - private val mxCryptoConfig: MXCryptoConfig, - // Device list manager - private val deviceListManager: DeviceListManager, - // The key backup service. - private val keysBackupService: DefaultKeysBackupService, - // - private val objectSigner: ObjectSigner, - // - private val oneTimeKeysUploader: OneTimeKeysUploader, - // - private val roomDecryptorProvider: RoomDecryptorProvider, - // The verification service. - private val verificationService: DefaultVerificationService, - - private val crossSigningService: DefaultCrossSigningService, - // - private val incomingKeyRequestManager: IncomingKeyRequestManager, - private val secretShareManager: SecretShareManager, - // - private val outgoingKeyRequestManager: OutgoingKeyRequestManager, - // Actions - private val setDeviceVerificationAction: SetDeviceVerificationAction, - private val megolmSessionDataImporter: MegolmSessionDataImporter, - private val warnOnUnknownDevicesRepository: WarnOnUnknownDeviceRepository, - // Repository - private val megolmEncryptionFactory: MXMegolmEncryptionFactory, - private val olmEncryptionFactory: MXOlmEncryptionFactory, - // Tasks - private val deleteDeviceTask: DeleteDeviceTask, - private val getDevicesTask: GetDevicesTask, - private val getDeviceInfoTask: GetDeviceInfoTask, - private val setDeviceNameTask: SetDeviceNameTask, - private val uploadKeysTask: UploadKeysTask, - private val loadRoomMembersTask: LoadRoomMembersTask, - private val cryptoSessionInfoProvider: CryptoSessionInfoProvider, - private val coroutineDispatchers: MatrixCoroutineDispatchers, - private val taskExecutor: TaskExecutor, - private val cryptoCoroutineScope: CoroutineScope, - private val eventDecryptor: EventDecryptor, - private val verificationMessageProcessor: VerificationMessageProcessor, - private val liveEventManager: Lazy -) : CryptoService { - - private val isStarting = AtomicBoolean(false) - private val isStarted = AtomicBoolean(false) - - fun onStateEvent(roomId: String, event: Event) { - when (event.type) { - EventType.STATE_ROOM_ENCRYPTION -> onRoomEncryptionEvent(roomId, event) - EventType.STATE_ROOM_MEMBER -> onRoomMembershipEvent(roomId, event) - EventType.STATE_ROOM_HISTORY_VISIBILITY -> onRoomHistoryVisibilityEvent(roomId, event) - } - } - - fun onLiveEvent(roomId: String, event: Event, isInitialSync: Boolean) { - // handle state events - if (event.isStateEvent()) { - when (event.type) { - EventType.STATE_ROOM_ENCRYPTION -> onRoomEncryptionEvent(roomId, event) - EventType.STATE_ROOM_MEMBER -> onRoomMembershipEvent(roomId, event) - EventType.STATE_ROOM_HISTORY_VISIBILITY -> onRoomHistoryVisibilityEvent(roomId, event) - } - } - - // handle verification - if (!isInitialSync) { - if (event.type != null && verificationMessageProcessor.shouldProcess(event.type)) { - cryptoCoroutineScope.launch(coroutineDispatchers.dmVerif) { - verificationMessageProcessor.process(event) - } - } - } - } - -// val gossipingBuffer = mutableListOf() - - override fun setDeviceName(deviceId: String, deviceName: String, callback: MatrixCallback) { - setDeviceNameTask - .configureWith(SetDeviceNameTask.Params(deviceId, deviceName)) { - this.executionThread = TaskThread.CRYPTO - this.callback = object : MatrixCallback { - override fun onSuccess(data: Unit) { - // bg refresh of crypto device - downloadKeys(listOf(userId), true, NoOpMatrixCallback()) - callback.onSuccess(data) - } - - override fun onFailure(failure: Throwable) { - callback.onFailure(failure) - } - } - } - .executeBy(taskExecutor) - } - - override fun deleteDevice(deviceId: String, userInteractiveAuthInterceptor: UserInteractiveAuthInterceptor, callback: MatrixCallback) { - deleteDeviceTask - .configureWith(DeleteDeviceTask.Params(deviceId, userInteractiveAuthInterceptor, null)) { - this.executionThread = TaskThread.CRYPTO - this.callback = callback - } - .executeBy(taskExecutor) - } - - override fun getCryptoVersion(context: Context, longFormat: Boolean): String { - return if (longFormat) olmManager.getDetailedVersion(context) else olmManager.version - } - - override fun getMyDevice(): CryptoDeviceInfo { - return myDeviceInfoHolder.get().myDevice - } - - override fun fetchDevicesList(callback: MatrixCallback) { - getDevicesTask - .configureWith { - // this.executionThread = TaskThread.CRYPTO - this.callback = object : MatrixCallback { - override fun onFailure(failure: Throwable) { - callback.onFailure(failure) - } - - override fun onSuccess(data: DevicesListResponse) { - // Save in local DB - cryptoStore.saveMyDevicesInfo(data.devices.orEmpty()) - callback.onSuccess(data) - } - } - } - .executeBy(taskExecutor) - } - - override fun getLiveMyDevicesInfo(): LiveData> { - return cryptoStore.getLiveMyDevicesInfo() - } - - override fun getMyDevicesInfo(): List { - return cryptoStore.getMyDevicesInfo() - } - - override fun getDeviceInfo(deviceId: String, callback: MatrixCallback) { - getDeviceInfoTask - .configureWith(GetDeviceInfoTask.Params(deviceId)) { - this.executionThread = TaskThread.CRYPTO - this.callback = callback - } - .executeBy(taskExecutor) - } - - override fun inboundGroupSessionsCount(onlyBackedUp: Boolean): Int { - return cryptoStore.inboundGroupSessionsCount(onlyBackedUp) - } - - /** - * Provides the tracking status - * - * @param userId the user id - * @return the tracking status - */ - override fun getDeviceTrackingStatus(userId: String): Int { - return cryptoStore.getDeviceTrackingStatus(userId, DeviceListManager.TRACKING_STATUS_NOT_TRACKED) - } - - /** - * Tell if the MXCrypto is started - * - * @return true if the crypto is started - */ - fun isStarted(): Boolean { - return isStarted.get() - } - - /** - * Tells if the MXCrypto is starting. - * - * @return true if the crypto is starting - */ - fun isStarting(): Boolean { - return isStarting.get() - } - - /** - * Start the crypto module. - * Device keys will be uploaded, then one time keys if there are not enough on the homeserver - * and, then, if this is the first time, this new device will be announced to all other users - * devices. - * - */ - fun start() { - cryptoCoroutineScope.launch(coroutineDispatchers.crypto) { - internalStart() - } - // Just update - fetchDevicesList(NoOpMatrixCallback()) - - cryptoCoroutineScope.launch(coroutineDispatchers.crypto) { - cryptoStore.tidyUpDataBase() - } - } - - fun ensureDevice() { - cryptoCoroutineScope.launchToCallback(coroutineDispatchers.crypto, NoOpMatrixCallback()) { - // Open the store - cryptoStore.open() - - if (!cryptoStore.areDeviceKeysUploaded()) { - // Schedule upload of OTK - oneTimeKeysUploader.updateOneTimeKeyCount(0) - } - - // this can throw if no network - tryOrNull { - uploadDeviceKeys() - } - - oneTimeKeysUploader.maybeUploadOneTimeKeys() - // this can throw if no backup - tryOrNull { - keysBackupService.checkAndStartKeysBackup() - } - } - } - - fun onSyncWillProcess(isInitialSync: Boolean) { - cryptoCoroutineScope.launch(coroutineDispatchers.crypto) { - if (isInitialSync) { - try { - // On initial sync, we start all our tracking from - // scratch, so mark everything as untracked. onCryptoEvent will - // be called for all e2e rooms during the processing of the sync, - // at which point we'll start tracking all the users of that room. - deviceListManager.invalidateAllDeviceLists() - // always track my devices? - deviceListManager.startTrackingDeviceList(listOf(userId)) - deviceListManager.refreshOutdatedDeviceLists() - } catch (failure: Throwable) { - Timber.tag(loggerTag.value).e(failure, "onSyncWillProcess ") - } - } - } - } - - private fun internalStart() { - if (isStarted.get() || isStarting.get()) { - return - } - isStarting.set(true) - - // Open the store - cryptoStore.open() - - isStarting.set(false) - isStarted.set(true) - } - - /** - * Close the crypto - */ - fun close() = runBlocking(coroutineDispatchers.crypto) { - cryptoCoroutineScope.coroutineContext.cancelChildren(CancellationException("Closing crypto module")) - incomingKeyRequestManager.close() - outgoingKeyRequestManager.close() - olmDevice.release() - cryptoStore.close() - } - - // Always enabled on Matrix Android SDK2 - override fun isCryptoEnabled() = true - - /** - * @return the Keys backup Service - */ - override fun keysBackupService() = keysBackupService - - /** - * @return the VerificationService - */ - override fun verificationService() = verificationService - - override fun crossSigningService() = crossSigningService - - /** - * A sync response has been received - * - * @param syncResponse the syncResponse - */ - fun onSyncCompleted(syncResponse: SyncResponse) { - cryptoCoroutineScope.launch(coroutineDispatchers.crypto) { - runCatching { - if (syncResponse.deviceLists != null) { - deviceListManager.handleDeviceListsChanges(syncResponse.deviceLists.changed, syncResponse.deviceLists.left) - } - if (syncResponse.deviceOneTimeKeysCount != null) { - val currentCount = syncResponse.deviceOneTimeKeysCount.signedCurve25519 ?: 0 - oneTimeKeysUploader.updateOneTimeKeyCount(currentCount) - } - - // unwedge if needed - try { - eventDecryptor.unwedgeDevicesIfNeeded() - } catch (failure: Throwable) { - Timber.tag(loggerTag.value).w("unwedgeDevicesIfNeeded failed") - } - - // There is a limit of to_device events returned per sync. - // If we are in a case of such limited to_device sync we can't try to generate/upload - // new otk now, because there might be some pending olm pre-key to_device messages that would fail if we rotate - // the old otk too early. In this case we want to wait for the pending to_device before doing anything - // As per spec: - // If there is a large queue of send-to-device messages, the server should limit the number sent in each /sync response. - // 100 messages is recommended as a reasonable limit. - // The limit is not part of the spec, so it's probably safer to handle that when there are no more to_device ( so we are sure - // that there are no pending to_device - val toDevices = syncResponse.toDevice?.events.orEmpty() - if (isStarted() && toDevices.isEmpty()) { - // Make sure we process to-device messages before generating new one-time-keys #2782 - deviceListManager.refreshOutdatedDeviceLists() - // The presence of device_unused_fallback_key_types indicates that the server supports fallback keys. - // If there's no unused signed_curve25519 fallback key we need a new one. - if (syncResponse.deviceUnusedFallbackKeyTypes != null && - // Generate a fallback key only if the server does not already have an unused fallback key. - !syncResponse.deviceUnusedFallbackKeyTypes.contains(KEY_SIGNED_CURVE_25519_TYPE)) { - oneTimeKeysUploader.needsNewFallback() - } - - oneTimeKeysUploader.maybeUploadOneTimeKeys() - } - - // Process pending key requests - try { - if (toDevices.isEmpty()) { - // this is not blocking - outgoingKeyRequestManager.requireProcessAllPendingKeyRequests() - } else { - Timber.tag(loggerTag.value) - .w("Don't process key requests yet as there might be more to_device to catchup") - } - } catch (failure: Throwable) { - // just for safety but should not throw - Timber.tag(loggerTag.value).w("failed to process pending request") - } - - try { - incomingKeyRequestManager.processIncomingRequests() - } catch (failure: Throwable) { - // just for safety but should not throw - Timber.tag(loggerTag.value).w("failed to process incoming room key requests") - } - } - } - } - - /** - * Find a device by curve25519 identity key - * - * @param senderKey the curve25519 key to match. - * @param algorithm the encryption algorithm. - * @return the device info, or null if not found / unsupported algorithm / crypto released - */ - override fun deviceWithIdentityKey(senderKey: String, algorithm: String): CryptoDeviceInfo? { - return if (algorithm != MXCRYPTO_ALGORITHM_MEGOLM && algorithm != MXCRYPTO_ALGORITHM_OLM) { - // We only deal in olm keys - null - } else cryptoStore.deviceWithIdentityKey(senderKey) - } - - /** - * Provides the device information for a user id and a device Id - * - * @param userId the user id - * @param deviceId the device id - */ - override fun getDeviceInfo(userId: String, deviceId: String?): CryptoDeviceInfo? { - return if (userId.isNotEmpty() && !deviceId.isNullOrEmpty()) { - cryptoStore.getUserDevice(userId, deviceId) - } else { - null - } - } - - override fun getCryptoDeviceInfo(userId: String): List { - return cryptoStore.getUserDeviceList(userId).orEmpty() - } - - override fun getLiveCryptoDeviceInfo(): LiveData> { - return cryptoStore.getLiveDeviceList() - } - - override fun getLiveCryptoDeviceInfo(userId: String): LiveData> { - return cryptoStore.getLiveDeviceList(userId) - } - - override fun getLiveCryptoDeviceInfo(userIds: List): LiveData> { - return cryptoStore.getLiveDeviceList(userIds) - } - - /** - * Set the devices as known - * - * @param devices the devices. Note that the verified member of the devices in this list will not be updated by this method. - * @param callback the asynchronous callback - */ - override fun setDevicesKnown(devices: List, callback: MatrixCallback?) { - // build a devices map - val devicesIdListByUserId = devices.groupBy({ it.userId }, { it.deviceId }) - - for ((userId, deviceIds) in devicesIdListByUserId) { - val storedDeviceIDs = cryptoStore.getUserDevices(userId) - - // sanity checks - if (null != storedDeviceIDs) { - var isUpdated = false - - deviceIds.forEach { deviceId -> - val device = storedDeviceIDs[deviceId] - - // assume if the device is either verified or blocked - // it means that the device is known - if (device?.isUnknown == true) { - device.trustLevel = DeviceTrustLevel(crossSigningVerified = false, locallyVerified = false) - isUpdated = true - } - } - - if (isUpdated) { - cryptoStore.storeUserDevices(userId, storedDeviceIDs) - } - } - } - - callback?.onSuccess(Unit) - } - - /** - * Update the blocked/verified state of the given device. - * - * @param trustLevel the new trust level - * @param userId the owner of the device - * @param deviceId the unique identifier for the device. - */ - override fun setDeviceVerification(trustLevel: DeviceTrustLevel, userId: String, deviceId: String) { - setDeviceVerificationAction.handle(trustLevel, userId, deviceId) - } - - /** - * Configure a room to use encryption. - * - * @param roomId the room id to enable encryption in. - * @param algorithm the encryption config for the room. - * @param inhibitDeviceQuery true to suppress device list query for users in the room (for now) - * @param membersId list of members to start tracking their devices - * @return true if the operation succeeds. - */ - private suspend fun setEncryptionInRoom(roomId: String, - algorithm: String?, - inhibitDeviceQuery: Boolean, - membersId: List): Boolean { - // If we already have encryption in this room, we should ignore this event - // (for now at least. Maybe we should alert the user somehow?) - val existingAlgorithm = cryptoStore.getRoomAlgorithm(roomId) - - if (existingAlgorithm == algorithm) { - // ignore - Timber.tag(loggerTag.value).e("setEncryptionInRoom() : Ignoring m.room.encryption for same alg ($algorithm) in $roomId") - return false - } - - val encryptingClass = MXCryptoAlgorithms.hasEncryptorClassForAlgorithm(algorithm) - - // Always store even if not supported - cryptoStore.storeRoomAlgorithm(roomId, algorithm) - - if (!encryptingClass) { - Timber.tag(loggerTag.value).e("setEncryptionInRoom() : Unable to encrypt room $roomId with $algorithm") - return false - } - - val alg: IMXEncrypting? = when (algorithm) { - MXCRYPTO_ALGORITHM_MEGOLM -> megolmEncryptionFactory.create(roomId) - MXCRYPTO_ALGORITHM_OLM -> olmEncryptionFactory.create(roomId) - else -> null - } - - if (alg != null) { - roomEncryptorsStore.put(roomId, alg) - } - - // if encryption was not previously enabled in this room, we will have been - // ignoring new device events for these users so far. We may well have - // up-to-date lists for some users, for instance if we were sharing other - // e2e rooms with them, so there is room for optimisation here, but for now - // we just invalidate everyone in the room. - if (null == existingAlgorithm) { - Timber.tag(loggerTag.value).d("Enabling encryption in $roomId for the first time; invalidating device lists for all users therein") - - val userIds = ArrayList(membersId) - - deviceListManager.startTrackingDeviceList(userIds) - - if (!inhibitDeviceQuery) { - deviceListManager.refreshOutdatedDeviceLists() - } - } - - return true - } - - /** - * Tells if a room is encrypted with MXCRYPTO_ALGORITHM_MEGOLM - * - * @param roomId the room id - * @return true if the room is encrypted with algorithm MXCRYPTO_ALGORITHM_MEGOLM - */ - override fun isRoomEncrypted(roomId: String): Boolean { - return cryptoSessionInfoProvider.isRoomEncrypted(roomId) - } - - /** - * @return the stored device keys for a user. - */ - override fun getUserDevices(userId: String): MutableList { - return cryptoStore.getUserDevices(userId)?.values?.toMutableList() ?: ArrayList() - } - - private fun isEncryptionEnabledForInvitedUser(): Boolean { - return mxCryptoConfig.enableEncryptionForInvitedMembers - } - - override fun getEncryptionAlgorithm(roomId: String): String? { - return cryptoStore.getRoomAlgorithm(roomId) - } - - /** - * Determine whether we should encrypt messages for invited users in this room. - *

- * Check here whether the invited members are allowed to read messages in the room history - * from the point they were invited onwards. - * - * @return true if we should encrypt messages for invited users. - */ - override fun shouldEncryptForInvitedMembers(roomId: String): Boolean { - return cryptoStore.shouldEncryptForInvitedMembers(roomId) - } - - /** - * Encrypt an event content according to the configuration of the room. - * - * @param eventContent the content of the event. - * @param eventType the type of the event. - * @param roomId the room identifier the event will be sent. - * @param callback the asynchronous callback - */ - override fun encryptEventContent(eventContent: Content, - eventType: String, - roomId: String, - callback: MatrixCallback) { - // moved to crypto scope to have uptodate values - cryptoCoroutineScope.launch(coroutineDispatchers.crypto) { - val userIds = getRoomUserIds(roomId) - var alg = roomEncryptorsStore.get(roomId) - if (alg == null) { - val algorithm = getEncryptionAlgorithm(roomId) - if (algorithm != null) { - if (setEncryptionInRoom(roomId, algorithm, false, userIds)) { - alg = roomEncryptorsStore.get(roomId) - } - } - } - val safeAlgorithm = alg - if (safeAlgorithm != null) { - val t0 = System.currentTimeMillis() - Timber.tag(loggerTag.value).v("encryptEventContent() starts") - runCatching { - val content = safeAlgorithm.encryptEventContent(eventContent, eventType, userIds) - Timber.tag(loggerTag.value).v("## CRYPTO | encryptEventContent() : succeeds after ${System.currentTimeMillis() - t0} ms") - MXEncryptEventContentResult(content, EventType.ENCRYPTED) - }.foldToCallback(callback) - } else { - val algorithm = getEncryptionAlgorithm(roomId) - val reason = String.format(MXCryptoError.UNABLE_TO_ENCRYPT_REASON, - algorithm ?: MXCryptoError.NO_MORE_ALGORITHM_REASON) - Timber.tag(loggerTag.value).e("encryptEventContent() : failed $reason") - callback.onFailure(Failure.CryptoError(MXCryptoError.Base(MXCryptoError.ErrorType.UNABLE_TO_ENCRYPT, reason))) - } - } - } - - override fun discardOutboundSession(roomId: String) { - cryptoCoroutineScope.launch(coroutineDispatchers.crypto) { - val roomEncryptor = roomEncryptorsStore.get(roomId) - if (roomEncryptor is IMXGroupEncryption) { - roomEncryptor.discardSessionKey() - } else { - Timber.tag(loggerTag.value).e("discardOutboundSession() for:$roomId: Unable to handle IMXGroupEncryption") - } - } - } - - /** - * Decrypt an event - * - * @param event the raw event. - * @param timeline the id of the timeline where the event is decrypted. It is used to prevent replay attack. - * @return the MXEventDecryptionResult data, or throw in case of error - */ - @Throws(MXCryptoError::class) - override suspend fun decryptEvent(event: Event, timeline: String): MXEventDecryptionResult { - return internalDecryptEvent(event, timeline) - } - - /** - * Decrypt an event asynchronously - * - * @param event the raw event. - * @param timeline the id of the timeline where the event is decrypted. It is used to prevent replay attack. - * @param callback the callback to return data or null - */ - override fun decryptEventAsync(event: Event, timeline: String, callback: MatrixCallback) { - eventDecryptor.decryptEventAsync(event, timeline, callback) - } - - /** - * Decrypt an event - * - * @param event the raw event. - * @param timeline the id of the timeline where the event is decrypted. It is used to prevent replay attack. - * @return the MXEventDecryptionResult data, or null in case of error - */ - @Throws(MXCryptoError::class) - private suspend fun internalDecryptEvent(event: Event, timeline: String): MXEventDecryptionResult { - return eventDecryptor.decryptEvent(event, timeline) - } - - /** - * Reset replay attack data for the given timeline. - * - * @param timelineId the timeline id - */ - fun resetReplayAttackCheckInTimeline(timelineId: String) { - olmDevice.resetReplayAttackCheckInTimeline(timelineId) - } - - /** - * Handle the 'toDevice' event - * - * @param event the event - */ - fun onToDeviceEvent(event: Event) { - // event have already been decrypted - cryptoCoroutineScope.launch(coroutineDispatchers.crypto) { - when (event.getClearType()) { - EventType.ROOM_KEY, EventType.FORWARDED_ROOM_KEY -> { - // Keys are imported directly, not waiting for end of sync - onRoomKeyEvent(event) - } - EventType.REQUEST_SECRET -> { - secretShareManager.handleSecretRequest(event) - } - EventType.ROOM_KEY_REQUEST -> { - event.getClearContent().toModel()?.let { req -> - event.senderId?.let { incomingKeyRequestManager.addNewIncomingRequest(it, req) } - } - } - EventType.SEND_SECRET -> { - onSecretSendReceived(event) - } - EventType.ROOM_KEY_WITHHELD -> { - onKeyWithHeldReceived(event) - } - else -> { - // ignore - } - } - } - liveEventManager.get().dispatchOnLiveToDevice(event) - } - - /** - * Handle a key event. - * - * @param event the key event. - */ - private fun onRoomKeyEvent(event: Event) { - val roomKeyContent = event.getClearContent().toModel() ?: return - Timber.tag(loggerTag.value).i("onRoomKeyEvent() from: ${event.senderId} type<${event.getClearType()}> , sessionId<${roomKeyContent.sessionId}>") - if (roomKeyContent.roomId.isNullOrEmpty() || roomKeyContent.algorithm.isNullOrEmpty()) { - Timber.tag(loggerTag.value).e("onRoomKeyEvent() : missing fields") - return - } - val alg = roomDecryptorProvider.getOrCreateRoomDecryptor(roomKeyContent.roomId, roomKeyContent.algorithm) - if (alg == null) { - Timber.tag(loggerTag.value).e("GOSSIP onRoomKeyEvent() : Unable to handle keys for ${roomKeyContent.algorithm}") - return - } - alg.onRoomKeyEvent(event, keysBackupService) - } - - private fun onKeyWithHeldReceived(event: Event) { - val withHeldContent = event.getClearContent().toModel() ?: return Unit.also { - Timber.tag(loggerTag.value).i("Malformed onKeyWithHeldReceived() : missing fields") - } - val senderId = event.senderId ?: return Unit.also { - Timber.tag(loggerTag.value).i("Malformed onKeyWithHeldReceived() : missing fields") - } - withHeldContent.sessionId ?: return - withHeldContent.algorithm ?: return - withHeldContent.roomId ?: return - withHeldContent.senderKey ?: return - outgoingKeyRequestManager.onRoomKeyWithHeld( - sessionId = withHeldContent.sessionId, - algorithm = withHeldContent.algorithm, - roomId = withHeldContent.roomId, - senderKey = withHeldContent.senderKey, - fromDevice = withHeldContent.fromDevice, - event = Event( - type = EventType.ROOM_KEY_WITHHELD, - senderId = senderId, - content = event.getClearContent() - ) - ) - } - - private suspend fun onSecretSendReceived(event: Event) { - secretShareManager.onSecretSendReceived(event) { secretName, secretValue -> - handleSDKLevelGossip(secretName, secretValue) - } - } - - /** - * Returns true if handled by SDK, otherwise should be sent to application layer - */ - private fun handleSDKLevelGossip(secretName: String?, - secretValue: String): Boolean { - return when (secretName) { - MASTER_KEY_SSSS_NAME -> { - crossSigningService.onSecretMSKGossip(secretValue) - true - } - SELF_SIGNING_KEY_SSSS_NAME -> { - crossSigningService.onSecretSSKGossip(secretValue) - true - } - USER_SIGNING_KEY_SSSS_NAME -> { - crossSigningService.onSecretUSKGossip(secretValue) - true - } - KEYBACKUP_SECRET_SSSS_NAME -> { - keysBackupService.onSecretKeyGossip(secretValue) - true - } - else -> false - } - } - - /** - * Handle an m.room.encryption event. - * - * @param event the encryption event. - */ - private fun onRoomEncryptionEvent(roomId: String, event: Event) { - if (!event.isStateEvent()) { - // Ignore - Timber.tag(loggerTag.value).w("Invalid encryption event") - return - } - cryptoCoroutineScope.launch(coroutineDispatchers.crypto) { - val userIds = getRoomUserIds(roomId) - setEncryptionInRoom(roomId, event.content?.get("algorithm")?.toString(), true, userIds) - } - } - - private fun getRoomUserIds(roomId: String): List { - val encryptForInvitedMembers = isEncryptionEnabledForInvitedUser() && - shouldEncryptForInvitedMembers(roomId) - return cryptoSessionInfoProvider.getRoomUserIds(roomId, encryptForInvitedMembers) - } - - /** - * Handle a change in the membership state of a member of a room. - * - * @param event the membership event causing the change - */ - private fun onRoomMembershipEvent(roomId: String, event: Event) { - roomEncryptorsStore.get(roomId) ?: /* No encrypting in this room */ return - - event.stateKey?.let { userId -> - val roomMember: RoomMemberContent? = event.content.toModel() - val membership = roomMember?.membership - if (membership == Membership.JOIN) { - // make sure we are tracking the deviceList for this user. - deviceListManager.startTrackingDeviceList(listOf(userId)) - } else if (membership == Membership.INVITE && - shouldEncryptForInvitedMembers(roomId) && - isEncryptionEnabledForInvitedUser()) { - // track the deviceList for this invited user. - // Caution: there's a big edge case here in that federated servers do not - // know what other servers are in the room at the time they've been invited. - // They therefore will not send device updates if a user logs in whilst - // their state is invite. - deviceListManager.startTrackingDeviceList(listOf(userId)) - } - } - } - - private fun onRoomHistoryVisibilityEvent(roomId: String, event: Event) { - if (!event.isStateEvent()) return - val eventContent = event.content.toModel() - eventContent?.historyVisibility?.let { - cryptoStore.setShouldEncryptForInvitedMembers(roomId, it != RoomHistoryVisibility.JOINED) - } - } - - /** - * Upload my user's device keys. - */ - private suspend fun uploadDeviceKeys() { - if (cryptoStore.areDeviceKeysUploaded()) { - Timber.tag(loggerTag.value).d("Keys already uploaded, nothing to do") - return - } - // Prepare the device keys data to send - // Sign it - val canonicalJson = JsonCanonicalizer.getCanonicalJson(Map::class.java, getMyDevice().signalableJSONDictionary()) - var rest = getMyDevice().toRest() - - rest = rest.copy( - signatures = objectSigner.signObject(canonicalJson) - ) - - val uploadDeviceKeysParams = UploadKeysTask.Params(rest, null, null) - uploadKeysTask.execute(uploadDeviceKeysParams) - - cryptoStore.setDeviceKeysUploaded(true) - } - - /** - * Export the crypto keys - * - * @param password the password - * @return the exported keys - */ - override suspend fun exportRoomKeys(password: String): ByteArray { - return exportRoomKeys(password, MXMegolmExportEncryption.DEFAULT_ITERATION_COUNT) - } - - /** - * Export the crypto keys - * - * @param password the password - * @param anIterationCount the encryption iteration count (0 means no encryption) - */ - private suspend fun exportRoomKeys(password: String, anIterationCount: Int): ByteArray { - return withContext(coroutineDispatchers.crypto) { - val iterationCount = max(0, anIterationCount) - - val exportedSessions = cryptoStore.getInboundGroupSessions().mapNotNull { it.exportKeys() } - - val adapter = MoshiProvider.providesMoshi() - .adapter(List::class.java) - - MXMegolmExportEncryption.encryptMegolmKeyFile(adapter.toJson(exportedSessions), password, iterationCount) - } - } - - /** - * Import the room keys - * - * @param roomKeysAsArray the room keys as array. - * @param password the password - * @param progressListener the progress listener - * @return the result ImportRoomKeysResult - */ - override suspend fun importRoomKeys(roomKeysAsArray: ByteArray, - password: String, - progressListener: ProgressListener?): ImportRoomKeysResult { - return withContext(coroutineDispatchers.crypto) { - Timber.tag(loggerTag.value).v("importRoomKeys starts") - - val t0 = System.currentTimeMillis() - val roomKeys = MXMegolmExportEncryption.decryptMegolmKeyFile(roomKeysAsArray, password) - val t1 = System.currentTimeMillis() - - Timber.tag(loggerTag.value).v("importRoomKeys : decryptMegolmKeyFile done in ${t1 - t0} ms") - - val importedSessions = MoshiProvider.providesMoshi() - .adapter>(Types.newParameterizedType(List::class.java, MegolmSessionData::class.java)) - .fromJson(roomKeys) - - val t2 = System.currentTimeMillis() - - Timber.tag(loggerTag.value).v("importRoomKeys : JSON parsing ${t2 - t1} ms") - - if (importedSessions == null) { - throw Exception("Error") - } - - megolmSessionDataImporter.handle( - megolmSessionsData = importedSessions, - fromBackup = false, - progressListener = progressListener - ) - } - } - - /** - * Update the warn status when some unknown devices are detected. - * - * @param warn true to warn when some unknown devices are detected. - */ - override fun setWarnOnUnknownDevices(warn: Boolean) { - warnOnUnknownDevicesRepository.setWarnOnUnknownDevices(warn) - } - - /** - * Check if the user ids list have some unknown devices. - * A success means there is no unknown devices. - * If there are some unknown devices, a MXCryptoError.UnknownDevice exception is triggered. - * - * @param userIds the user ids list - * @param callback the asynchronous callback. - */ - fun checkUnknownDevices(userIds: List, callback: MatrixCallback) { - // force the refresh to ensure that the devices list is up-to-date - cryptoCoroutineScope.launch(coroutineDispatchers.crypto) { - runCatching { - val keys = deviceListManager.downloadKeys(userIds, true) - val unknownDevices = getUnknownDevices(keys) - if (unknownDevices.map.isNotEmpty()) { - // trigger an an unknown devices exception - throw Failure.CryptoError(MXCryptoError.UnknownDevice(unknownDevices)) - } - }.foldToCallback(callback) - } - } - - /** - * Set the global override for whether the client should ever send encrypted - * messages to unverified devices. - * If false, it can still be overridden per-room. - * If true, it overrides the per-room settings. - * - * @param block true to unilaterally blacklist all - */ - override fun setGlobalBlacklistUnverifiedDevices(block: Boolean) { - cryptoStore.setGlobalBlacklistUnverifiedDevices(block) - } - - override fun enableKeyGossiping(enable: Boolean) { - cryptoStore.enableKeyGossiping(enable) - } - - override fun isKeyGossipingEnabled() = cryptoStore.isKeyGossipingEnabled() - - /** - * Tells whether the client should ever send encrypted messages to unverified devices. - * The default value is false. - * This function must be called in the getEncryptingThreadHandler() thread. - * - * @return true to unilaterally blacklist all unverified devices. - */ - override fun getGlobalBlacklistUnverifiedDevices(): Boolean { - return cryptoStore.getGlobalBlacklistUnverifiedDevices() - } - - /** - * Tells whether the client should encrypt messages only for the verified devices - * in this room. - * The default value is false. - * - * @param roomId the room id - * @return true if the client should encrypt messages only for the verified devices. - */ -// TODO add this info in CryptoRoomEntity? - override fun isRoomBlacklistUnverifiedDevices(roomId: String?): Boolean { - return roomId?.let { cryptoStore.getRoomsListBlacklistUnverifiedDevices().contains(it) } - ?: false - } - - /** - * Manages the room black-listing for unverified devices. - * - * @param roomId the room id - * @param add true to add the room id to the list, false to remove it. - */ - private fun setRoomBlacklistUnverifiedDevices(roomId: String, add: Boolean) { - val roomIds = cryptoStore.getRoomsListBlacklistUnverifiedDevices().toMutableList() - - if (add) { - if (roomId !in roomIds) { - roomIds.add(roomId) - } - } else { - roomIds.remove(roomId) - } - - cryptoStore.setRoomsListBlacklistUnverifiedDevices(roomIds) - } - - /** - * Add this room to the ones which don't encrypt messages to unverified devices. - * - * @param roomId the room id - */ - override fun setRoomBlacklistUnverifiedDevices(roomId: String) { - setRoomBlacklistUnverifiedDevices(roomId, true) - } - - /** - * Remove this room to the ones which don't encrypt messages to unverified devices. - * - * @param roomId the room id - */ - override fun setRoomUnBlacklistUnverifiedDevices(roomId: String) { - setRoomBlacklistUnverifiedDevices(roomId, false) - } - - /** - * Re request the encryption keys required to decrypt an event. - * - * @param event the event to decrypt again. - */ - override fun reRequestRoomKeyForEvent(event: Event) { - outgoingKeyRequestManager.requestKeyForEvent(event, true) - } - - override fun requestRoomKeyForEvent(event: Event) { - outgoingKeyRequestManager.requestKeyForEvent(event, false) - } - - /** - * Add a GossipingRequestListener listener. - * - * @param listener listener - */ - override fun addRoomKeysRequestListener(listener: GossipingRequestListener) { - incomingKeyRequestManager.addRoomKeysRequestListener(listener) - secretShareManager.addListener(listener) - } - - /** - * Add a GossipingRequestListener listener. - * - * @param listener listener - */ - override fun removeRoomKeysRequestListener(listener: GossipingRequestListener) { - incomingKeyRequestManager.removeRoomKeysRequestListener(listener) - secretShareManager.addListener(listener) - } - - /** - * Provides the list of unknown devices - * - * @param devicesInRoom the devices map - * @return the unknown devices map - */ - private fun getUnknownDevices(devicesInRoom: MXUsersDevicesMap): MXUsersDevicesMap { - val unknownDevices = MXUsersDevicesMap() - val userIds = devicesInRoom.userIds - for (userId in userIds) { - devicesInRoom.getUserDeviceIds(userId)?.forEach { deviceId -> - devicesInRoom.getObject(userId, deviceId) - ?.takeIf { it.isUnknown } - ?.let { - unknownDevices.setObject(userId, deviceId, it) - } - } - } - - return unknownDevices - } - - override fun downloadKeys(userIds: List, forceDownload: Boolean, callback: MatrixCallback>) { - cryptoCoroutineScope.launch(coroutineDispatchers.crypto) { - runCatching { - deviceListManager.downloadKeys(userIds, forceDownload) - }.foldToCallback(callback) - } - } - - override fun addNewSessionListener(newSessionListener: NewSessionListener) { - roomDecryptorProvider.addNewSessionListener(newSessionListener) - } - - override fun removeSessionListener(listener: NewSessionListener) { - roomDecryptorProvider.removeSessionListener(listener) - } -/* ========================================================================================== - * DEBUG INFO - * ========================================================================================== */ - - override fun toString(): String { - return "DefaultCryptoService of $userId ($deviceId)" - } - - override fun getOutgoingRoomKeyRequests(): List { - return cryptoStore.getOutgoingRoomKeyRequests() - } - - override fun getOutgoingRoomKeyRequestsPaged(): LiveData> { - return cryptoStore.getOutgoingRoomKeyRequestsPaged() - } - - override fun getIncomingRoomKeyRequests(): List { - return cryptoStore.getGossipingEvents() - .mapNotNull { - IncomingRoomKeyRequest.fromEvent(it) - } - } - - override fun getIncomingRoomKeyRequestsPaged(): LiveData> { - return cryptoStore.getGossipingEventsTrail(TrailType.IncomingKeyRequest) { - IncomingRoomKeyRequest.fromEvent(it) - ?: IncomingRoomKeyRequest(localCreationTimestamp = 0L) - } - } - - /** - * If you registered a `GossipingRequestListener`, you will be notified of key request - * that was not accepted by the SDK. You can call back this manually to accept anyhow. - */ - override suspend fun manuallyAcceptRoomKeyRequest(request: IncomingRoomKeyRequest) { - incomingKeyRequestManager.manuallyAcceptRoomKeyRequest(request) - } - - override fun getGossipingEventsTrail(): LiveData> { - return cryptoStore.getGossipingEventsTrail() - } - - override fun getGossipingEvents(): List { - return cryptoStore.getGossipingEvents() - } - - override fun getSharedWithInfo(roomId: String?, sessionId: String): MXUsersDevicesMap { - return cryptoStore.getSharedWithInfo(roomId, sessionId) - } - - override fun getWithHeldMegolmSession(roomId: String, sessionId: String): RoomKeyWithHeldContent? { - return cryptoStore.getWithHeldMegolmSession(roomId, sessionId) - } - - override fun logDbUsageInfo() { - cryptoStore.logDbUsageInfo() - } - - override fun prepareToEncrypt(roomId: String, callback: MatrixCallback) { - cryptoCoroutineScope.launch(coroutineDispatchers.crypto) { - Timber.tag(loggerTag.value).d("prepareToEncrypt() roomId:$roomId Check room members up to date") - // Ensure to load all room members - try { - loadRoomMembersTask.execute(LoadRoomMembersTask.Params(roomId)) - } catch (failure: Throwable) { - Timber.tag(loggerTag.value).e("prepareToEncrypt() : Failed to load room members") - // we probably shouldn't block sending on that (but questionable) - // but some members won't be able to decrypt - } - - val userIds = getRoomUserIds(roomId) - val alg = roomEncryptorsStore.get(roomId) - ?: getEncryptionAlgorithm(roomId) - ?.let { setEncryptionInRoom(roomId, it, false, userIds) } - ?.let { roomEncryptorsStore.get(roomId) } - - if (alg == null) { - val reason = String.format(MXCryptoError.UNABLE_TO_ENCRYPT_REASON, MXCryptoError.NO_MORE_ALGORITHM_REASON) - Timber.tag(loggerTag.value).e("prepareToEncrypt() : $reason") - callback.onFailure(IllegalArgumentException("Missing algorithm")) - return@launch - } - - runCatching { - (alg as? IMXGroupEncryption)?.preshareKey(userIds) - }.fold( - { callback.onSuccess(Unit) }, - { - Timber.tag(loggerTag.value).e(it, "prepareToEncrypt() failed.") - callback.onFailure(it) - } - ) - } - } - - /* ========================================================================================== - * For test only - * ========================================================================================== */ - - @VisibleForTesting - val cryptoStoreForTesting = cryptoStore - - @VisibleForTesting - val olmDeviceForTest = olmDevice - - companion object { - const val CRYPTO_MIN_FORCE_SESSION_PERIOD_MILLIS = 3_600_000 // one hour - } -} +/* + * Copyright 2020 The Matrix.org Foundation C.I.C. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.matrix.android.sdk.internal.crypto + +import android.content.Context +import androidx.annotation.VisibleForTesting +import androidx.lifecycle.LiveData +import androidx.paging.PagedList +import com.squareup.moshi.Types +import dagger.Lazy +import kotlinx.coroutines.CancellationException +import kotlinx.coroutines.CoroutineScope +import kotlinx.coroutines.cancelChildren +import kotlinx.coroutines.launch +import kotlinx.coroutines.runBlocking +import kotlinx.coroutines.withContext +import org.matrix.android.sdk.api.MatrixCallback +import org.matrix.android.sdk.api.MatrixCoroutineDispatchers +import org.matrix.android.sdk.api.NoOpMatrixCallback +import org.matrix.android.sdk.api.auth.UserInteractiveAuthInterceptor +import org.matrix.android.sdk.api.crypto.MXCRYPTO_ALGORITHM_MEGOLM +import org.matrix.android.sdk.api.crypto.MXCRYPTO_ALGORITHM_OLM +import org.matrix.android.sdk.api.crypto.MXCryptoConfig +import org.matrix.android.sdk.api.extensions.tryOrNull +import org.matrix.android.sdk.api.failure.Failure +import org.matrix.android.sdk.api.listeners.ProgressListener +import org.matrix.android.sdk.api.logger.LoggerTag +import org.matrix.android.sdk.api.session.crypto.CryptoService +import org.matrix.android.sdk.api.session.crypto.MXCryptoError +import org.matrix.android.sdk.api.session.crypto.NewSessionListener +import org.matrix.android.sdk.api.session.crypto.OutgoingKeyRequest +import org.matrix.android.sdk.api.session.crypto.crosssigning.DeviceTrustLevel +import org.matrix.android.sdk.api.session.crypto.crosssigning.KEYBACKUP_SECRET_SSSS_NAME +import org.matrix.android.sdk.api.session.crypto.crosssigning.MASTER_KEY_SSSS_NAME +import org.matrix.android.sdk.api.session.crypto.crosssigning.SELF_SIGNING_KEY_SSSS_NAME +import org.matrix.android.sdk.api.session.crypto.crosssigning.USER_SIGNING_KEY_SSSS_NAME +import org.matrix.android.sdk.api.session.crypto.keyshare.GossipingRequestListener +import org.matrix.android.sdk.api.session.crypto.model.AuditTrail +import org.matrix.android.sdk.api.session.crypto.model.CryptoDeviceInfo +import org.matrix.android.sdk.api.session.crypto.model.DeviceInfo +import org.matrix.android.sdk.api.session.crypto.model.DevicesListResponse +import org.matrix.android.sdk.api.session.crypto.model.ImportRoomKeysResult +import org.matrix.android.sdk.api.session.crypto.model.IncomingRoomKeyRequest +import org.matrix.android.sdk.api.session.crypto.model.MXDeviceInfo +import org.matrix.android.sdk.api.session.crypto.model.MXEncryptEventContentResult +import org.matrix.android.sdk.api.session.crypto.model.MXEventDecryptionResult +import org.matrix.android.sdk.api.session.crypto.model.MXUsersDevicesMap +import org.matrix.android.sdk.api.session.crypto.model.RoomKeyShareRequest +import org.matrix.android.sdk.api.session.crypto.model.TrailType +import org.matrix.android.sdk.api.session.events.model.Content +import org.matrix.android.sdk.api.session.events.model.Event +import org.matrix.android.sdk.api.session.events.model.EventType +import org.matrix.android.sdk.api.session.events.model.content.RoomKeyContent +import org.matrix.android.sdk.api.session.events.model.content.RoomKeyWithHeldContent +import org.matrix.android.sdk.api.session.events.model.toModel +import org.matrix.android.sdk.api.session.room.model.Membership +import org.matrix.android.sdk.api.session.room.model.RoomHistoryVisibility +import org.matrix.android.sdk.api.session.room.model.RoomHistoryVisibilityContent +import org.matrix.android.sdk.api.session.room.model.RoomMemberContent +import org.matrix.android.sdk.api.session.sync.model.SyncResponse +import org.matrix.android.sdk.internal.crypto.actions.MegolmSessionDataImporter +import org.matrix.android.sdk.internal.crypto.actions.SetDeviceVerificationAction +import org.matrix.android.sdk.internal.crypto.algorithms.IMXEncrypting +import org.matrix.android.sdk.internal.crypto.algorithms.IMXGroupEncryption +import org.matrix.android.sdk.internal.crypto.algorithms.megolm.MXMegolmEncryptionFactory +import org.matrix.android.sdk.internal.crypto.algorithms.olm.MXOlmEncryptionFactory +import org.matrix.android.sdk.internal.crypto.crosssigning.DefaultCrossSigningService +import org.matrix.android.sdk.internal.crypto.keysbackup.DefaultKeysBackupService +import org.matrix.android.sdk.internal.crypto.model.MXKey.Companion.KEY_SIGNED_CURVE_25519_TYPE +import org.matrix.android.sdk.internal.crypto.model.toRest +import org.matrix.android.sdk.internal.crypto.repository.WarnOnUnknownDeviceRepository +import org.matrix.android.sdk.internal.crypto.store.IMXCryptoStore +import org.matrix.android.sdk.internal.crypto.tasks.DeleteDeviceTask +import org.matrix.android.sdk.internal.crypto.tasks.GetDeviceInfoTask +import org.matrix.android.sdk.internal.crypto.tasks.GetDevicesTask +import org.matrix.android.sdk.internal.crypto.tasks.SetDeviceNameTask +import org.matrix.android.sdk.internal.crypto.tasks.UploadKeysTask +import org.matrix.android.sdk.internal.crypto.verification.DefaultVerificationService +import org.matrix.android.sdk.internal.crypto.verification.VerificationMessageProcessor +import org.matrix.android.sdk.internal.di.DeviceId +import org.matrix.android.sdk.internal.di.MoshiProvider +import org.matrix.android.sdk.internal.di.UserId +import org.matrix.android.sdk.internal.extensions.foldToCallback +import org.matrix.android.sdk.internal.session.SessionScope +import org.matrix.android.sdk.internal.session.StreamEventsManager +import org.matrix.android.sdk.internal.session.room.membership.LoadRoomMembersTask +import org.matrix.android.sdk.internal.task.TaskExecutor +import org.matrix.android.sdk.internal.task.TaskThread +import org.matrix.android.sdk.internal.task.configureWith +import org.matrix.android.sdk.internal.task.launchToCallback +import org.matrix.android.sdk.internal.util.JsonCanonicalizer +import org.matrix.olm.OlmManager +import timber.log.Timber +import java.util.concurrent.atomic.AtomicBoolean +import javax.inject.Inject +import kotlin.math.max + +/** + * A `CryptoService` class instance manages the end-to-end crypto for a session. + * + * + * Messages posted by the user are automatically redirected to CryptoService in order to be encrypted + * before sending. + * In the other hand, received events goes through CryptoService for decrypting. + * CryptoService maintains all necessary keys and their sharing with other devices required for the crypto. + * Specially, it tracks all room membership changes events in order to do keys updates. + */ + +private val loggerTag = LoggerTag("DefaultCryptoService", LoggerTag.CRYPTO) + +@SessionScope +internal class DefaultCryptoService @Inject constructor( + // Olm Manager + private val olmManager: OlmManager, + @UserId + private val userId: String, + @DeviceId + private val deviceId: String?, + private val myDeviceInfoHolder: Lazy, + // the crypto store + private val cryptoStore: IMXCryptoStore, + // Room encryptors store + private val roomEncryptorsStore: RoomEncryptorsStore, + // Olm device + private val olmDevice: MXOlmDevice, + // Set of parameters used to configure/customize the end-to-end crypto. + private val mxCryptoConfig: MXCryptoConfig, + // Device list manager + private val deviceListManager: DeviceListManager, + // The key backup service. + private val keysBackupService: DefaultKeysBackupService, + // + private val objectSigner: ObjectSigner, + // + private val oneTimeKeysUploader: OneTimeKeysUploader, + // + private val roomDecryptorProvider: RoomDecryptorProvider, + // The verification service. + private val verificationService: DefaultVerificationService, + + private val crossSigningService: DefaultCrossSigningService, + // + private val incomingKeyRequestManager: IncomingKeyRequestManager, + private val secretShareManager: SecretShareManager, + // + private val outgoingKeyRequestManager: OutgoingKeyRequestManager, + // Actions + private val setDeviceVerificationAction: SetDeviceVerificationAction, + private val megolmSessionDataImporter: MegolmSessionDataImporter, + private val warnOnUnknownDevicesRepository: WarnOnUnknownDeviceRepository, + // Repository + private val megolmEncryptionFactory: MXMegolmEncryptionFactory, + private val olmEncryptionFactory: MXOlmEncryptionFactory, + // Tasks + private val deleteDeviceTask: DeleteDeviceTask, + private val getDevicesTask: GetDevicesTask, + private val getDeviceInfoTask: GetDeviceInfoTask, + private val setDeviceNameTask: SetDeviceNameTask, + private val uploadKeysTask: UploadKeysTask, + private val loadRoomMembersTask: LoadRoomMembersTask, + private val cryptoSessionInfoProvider: CryptoSessionInfoProvider, + private val coroutineDispatchers: MatrixCoroutineDispatchers, + private val taskExecutor: TaskExecutor, + private val cryptoCoroutineScope: CoroutineScope, + private val eventDecryptor: EventDecryptor, + private val verificationMessageProcessor: VerificationMessageProcessor, + private val liveEventManager: Lazy +) : CryptoService { + + private val isStarting = AtomicBoolean(false) + private val isStarted = AtomicBoolean(false) + + fun onStateEvent(roomId: String, event: Event) { + when (event.type) { + EventType.STATE_ROOM_ENCRYPTION -> onRoomEncryptionEvent(roomId, event) + EventType.STATE_ROOM_MEMBER -> onRoomMembershipEvent(roomId, event) + EventType.STATE_ROOM_HISTORY_VISIBILITY -> onRoomHistoryVisibilityEvent(roomId, event) + } + } + + fun onLiveEvent(roomId: String, event: Event, isInitialSync: Boolean) { + // handle state events + if (event.isStateEvent()) { + when (event.type) { + EventType.STATE_ROOM_ENCRYPTION -> onRoomEncryptionEvent(roomId, event) + EventType.STATE_ROOM_MEMBER -> onRoomMembershipEvent(roomId, event) + EventType.STATE_ROOM_HISTORY_VISIBILITY -> onRoomHistoryVisibilityEvent(roomId, event) + } + } + + // handle verification + if (!isInitialSync) { + if (event.type != null && verificationMessageProcessor.shouldProcess(event.type)) { + cryptoCoroutineScope.launch(coroutineDispatchers.dmVerif) { + verificationMessageProcessor.process(event) + } + } + } + } + +// val gossipingBuffer = mutableListOf() + + override fun setDeviceName(deviceId: String, deviceName: String, callback: MatrixCallback) { + setDeviceNameTask + .configureWith(SetDeviceNameTask.Params(deviceId, deviceName)) { + this.executionThread = TaskThread.CRYPTO + this.callback = object : MatrixCallback { + override fun onSuccess(data: Unit) { + // bg refresh of crypto device + downloadKeys(listOf(userId), true, NoOpMatrixCallback()) + callback.onSuccess(data) + } + + override fun onFailure(failure: Throwable) { + callback.onFailure(failure) + } + } + } + .executeBy(taskExecutor) + } + + override fun deleteDevice(deviceId: String, userInteractiveAuthInterceptor: UserInteractiveAuthInterceptor, callback: MatrixCallback) { + deleteDeviceTask + .configureWith(DeleteDeviceTask.Params(deviceId, userInteractiveAuthInterceptor, null)) { + this.executionThread = TaskThread.CRYPTO + this.callback = callback + } + .executeBy(taskExecutor) + } + + override fun getCryptoVersion(context: Context, longFormat: Boolean): String { + return if (longFormat) olmManager.getDetailedVersion(context) else olmManager.version + } + + override fun getMyDevice(): CryptoDeviceInfo { + return myDeviceInfoHolder.get().myDevice + } + + override fun fetchDevicesList(callback: MatrixCallback) { + getDevicesTask + .configureWith { + // this.executionThread = TaskThread.CRYPTO + this.callback = object : MatrixCallback { + override fun onFailure(failure: Throwable) { + callback.onFailure(failure) + } + + override fun onSuccess(data: DevicesListResponse) { + // Save in local DB + cryptoStore.saveMyDevicesInfo(data.devices.orEmpty()) + callback.onSuccess(data) + } + } + } + .executeBy(taskExecutor) + } + + override fun getLiveMyDevicesInfo(): LiveData> { + return cryptoStore.getLiveMyDevicesInfo() + } + + override fun getMyDevicesInfo(): List { + return cryptoStore.getMyDevicesInfo() + } + + override fun getDeviceInfo(deviceId: String, callback: MatrixCallback) { + getDeviceInfoTask + .configureWith(GetDeviceInfoTask.Params(deviceId)) { + this.executionThread = TaskThread.CRYPTO + this.callback = callback + } + .executeBy(taskExecutor) + } + + override fun inboundGroupSessionsCount(onlyBackedUp: Boolean): Int { + return cryptoStore.inboundGroupSessionsCount(onlyBackedUp) + } + + /** + * Provides the tracking status + * + * @param userId the user id + * @return the tracking status + */ + override fun getDeviceTrackingStatus(userId: String): Int { + return cryptoStore.getDeviceTrackingStatus(userId, DeviceListManager.TRACKING_STATUS_NOT_TRACKED) + } + + /** + * Tell if the MXCrypto is started + * + * @return true if the crypto is started + */ + fun isStarted(): Boolean { + return isStarted.get() + } + + /** + * Tells if the MXCrypto is starting. + * + * @return true if the crypto is starting + */ + fun isStarting(): Boolean { + return isStarting.get() + } + + /** + * Start the crypto module. + * Device keys will be uploaded, then one time keys if there are not enough on the homeserver + * and, then, if this is the first time, this new device will be announced to all other users + * devices. + * + */ + fun start() { + cryptoCoroutineScope.launch(coroutineDispatchers.crypto) { + internalStart() + } + // Just update + fetchDevicesList(NoOpMatrixCallback()) + + cryptoCoroutineScope.launch(coroutineDispatchers.crypto) { + cryptoStore.tidyUpDataBase() + } + } + + fun ensureDevice() { + cryptoCoroutineScope.launchToCallback(coroutineDispatchers.crypto, NoOpMatrixCallback()) { + // Open the store + cryptoStore.open() + + if (!cryptoStore.areDeviceKeysUploaded()) { + // Schedule upload of OTK + oneTimeKeysUploader.updateOneTimeKeyCount(0) + } + + // this can throw if no network + tryOrNull { + uploadDeviceKeys() + } + + oneTimeKeysUploader.maybeUploadOneTimeKeys() + // this can throw if no backup + tryOrNull { + keysBackupService.checkAndStartKeysBackup() + } + } + } + + fun onSyncWillProcess(isInitialSync: Boolean) { + cryptoCoroutineScope.launch(coroutineDispatchers.crypto) { + if (isInitialSync) { + try { + // On initial sync, we start all our tracking from + // scratch, so mark everything as untracked. onCryptoEvent will + // be called for all e2e rooms during the processing of the sync, + // at which point we'll start tracking all the users of that room. + deviceListManager.invalidateAllDeviceLists() + // always track my devices? + deviceListManager.startTrackingDeviceList(listOf(userId)) + deviceListManager.refreshOutdatedDeviceLists() + } catch (failure: Throwable) { + Timber.tag(loggerTag.value).e(failure, "onSyncWillProcess ") + } + } + } + } + + private fun internalStart() { + if (isStarted.get() || isStarting.get()) { + return + } + isStarting.set(true) + + // Open the store + cryptoStore.open() + + isStarting.set(false) + isStarted.set(true) + } + + /** + * Close the crypto + */ + fun close() = runBlocking(coroutineDispatchers.crypto) { + cryptoCoroutineScope.coroutineContext.cancelChildren(CancellationException("Closing crypto module")) + incomingKeyRequestManager.close() + outgoingKeyRequestManager.close() + olmDevice.release() + cryptoStore.close() + } + + // Always enabled on Matrix Android SDK2 + override fun isCryptoEnabled() = true + + /** + * @return the Keys backup Service + */ + override fun keysBackupService() = keysBackupService + + /** + * @return the VerificationService + */ + override fun verificationService() = verificationService + + override fun crossSigningService() = crossSigningService + + /** + * A sync response has been received + * + * @param syncResponse the syncResponse + */ + fun onSyncCompleted(syncResponse: SyncResponse) { + cryptoCoroutineScope.launch(coroutineDispatchers.crypto) { + runCatching { + if (syncResponse.deviceLists != null) { + deviceListManager.handleDeviceListsChanges(syncResponse.deviceLists.changed, syncResponse.deviceLists.left) + } + if (syncResponse.deviceOneTimeKeysCount != null) { + val currentCount = syncResponse.deviceOneTimeKeysCount.signedCurve25519 ?: 0 + oneTimeKeysUploader.updateOneTimeKeyCount(currentCount) + } + + // unwedge if needed + try { + eventDecryptor.unwedgeDevicesIfNeeded() + } catch (failure: Throwable) { + Timber.tag(loggerTag.value).w("unwedgeDevicesIfNeeded failed") + } + + // There is a limit of to_device events returned per sync. + // If we are in a case of such limited to_device sync we can't try to generate/upload + // new otk now, because there might be some pending olm pre-key to_device messages that would fail if we rotate + // the old otk too early. In this case we want to wait for the pending to_device before doing anything + // As per spec: + // If there is a large queue of send-to-device messages, the server should limit the number sent in each /sync response. + // 100 messages is recommended as a reasonable limit. + // The limit is not part of the spec, so it's probably safer to handle that when there are no more to_device ( so we are sure + // that there are no pending to_device + val toDevices = syncResponse.toDevice?.events.orEmpty() + if (isStarted() && toDevices.isEmpty()) { + // Make sure we process to-device messages before generating new one-time-keys #2782 + deviceListManager.refreshOutdatedDeviceLists() + // The presence of device_unused_fallback_key_types indicates that the server supports fallback keys. + // If there's no unused signed_curve25519 fallback key we need a new one. + if (syncResponse.deviceUnusedFallbackKeyTypes != null && + // Generate a fallback key only if the server does not already have an unused fallback key. + !syncResponse.deviceUnusedFallbackKeyTypes.contains(KEY_SIGNED_CURVE_25519_TYPE)) { + oneTimeKeysUploader.needsNewFallback() + } + + oneTimeKeysUploader.maybeUploadOneTimeKeys() + } + + // Process pending key requests + try { + if (toDevices.isEmpty()) { + // this is not blocking + outgoingKeyRequestManager.requireProcessAllPendingKeyRequests() + } else { + Timber.tag(loggerTag.value) + .w("Don't process key requests yet as there might be more to_device to catchup") + } + } catch (failure: Throwable) { + // just for safety but should not throw + Timber.tag(loggerTag.value).w("failed to process pending request") + } + + try { + incomingKeyRequestManager.processIncomingRequests() + } catch (failure: Throwable) { + // just for safety but should not throw + Timber.tag(loggerTag.value).w("failed to process incoming room key requests") + } + } + } + } + + /** + * Find a device by curve25519 identity key + * + * @param senderKey the curve25519 key to match. + * @param algorithm the encryption algorithm. + * @return the device info, or null if not found / unsupported algorithm / crypto released + */ + override fun deviceWithIdentityKey(senderKey: String, algorithm: String): CryptoDeviceInfo? { + return if (algorithm != MXCRYPTO_ALGORITHM_MEGOLM && algorithm != MXCRYPTO_ALGORITHM_OLM) { + // We only deal in olm keys + null + } else cryptoStore.deviceWithIdentityKey(senderKey) + } + + /** + * Provides the device information for a user id and a device Id + * + * @param userId the user id + * @param deviceId the device id + */ + override fun getDeviceInfo(userId: String, deviceId: String?): CryptoDeviceInfo? { + return if (userId.isNotEmpty() && !deviceId.isNullOrEmpty()) { + cryptoStore.getUserDevice(userId, deviceId) + } else { + null + } + } + + override fun getCryptoDeviceInfo(userId: String): List { + return cryptoStore.getUserDeviceList(userId).orEmpty() + } + + override fun getLiveCryptoDeviceInfo(): LiveData> { + return cryptoStore.getLiveDeviceList() + } + + override fun getLiveCryptoDeviceInfo(userId: String): LiveData> { + return cryptoStore.getLiveDeviceList(userId) + } + + override fun getLiveCryptoDeviceInfo(userIds: List): LiveData> { + return cryptoStore.getLiveDeviceList(userIds) + } + + /** + * Set the devices as known + * + * @param devices the devices. Note that the verified member of the devices in this list will not be updated by this method. + * @param callback the asynchronous callback + */ + override fun setDevicesKnown(devices: List, callback: MatrixCallback?) { + // build a devices map + val devicesIdListByUserId = devices.groupBy({ it.userId }, { it.deviceId }) + + for ((userId, deviceIds) in devicesIdListByUserId) { + val storedDeviceIDs = cryptoStore.getUserDevices(userId) + + // sanity checks + if (null != storedDeviceIDs) { + var isUpdated = false + + deviceIds.forEach { deviceId -> + val device = storedDeviceIDs[deviceId] + + // assume if the device is either verified or blocked + // it means that the device is known + if (device?.isUnknown == true) { + device.trustLevel = DeviceTrustLevel(crossSigningVerified = false, locallyVerified = false) + isUpdated = true + } + } + + if (isUpdated) { + cryptoStore.storeUserDevices(userId, storedDeviceIDs) + } + } + } + + callback?.onSuccess(Unit) + } + + /** + * Update the blocked/verified state of the given device. + * + * @param trustLevel the new trust level + * @param userId the owner of the device + * @param deviceId the unique identifier for the device. + */ + override fun setDeviceVerification(trustLevel: DeviceTrustLevel, userId: String, deviceId: String) { + setDeviceVerificationAction.handle(trustLevel, userId, deviceId) + } + + /** + * Configure a room to use encryption. + * + * @param roomId the room id to enable encryption in. + * @param algorithm the encryption config for the room. + * @param inhibitDeviceQuery true to suppress device list query for users in the room (for now) + * @param membersId list of members to start tracking their devices + * @return true if the operation succeeds. + */ + private suspend fun setEncryptionInRoom(roomId: String, + algorithm: String?, + inhibitDeviceQuery: Boolean, + membersId: List): Boolean { + // If we already have encryption in this room, we should ignore this event + // (for now at least. Maybe we should alert the user somehow?) + val existingAlgorithm = cryptoStore.getRoomAlgorithm(roomId) + + if (existingAlgorithm == algorithm) { + // ignore + Timber.tag(loggerTag.value).e("setEncryptionInRoom() : Ignoring m.room.encryption for same alg ($algorithm) in $roomId") + return false + } + + val encryptingClass = MXCryptoAlgorithms.hasEncryptorClassForAlgorithm(algorithm) + + // Always store even if not supported + cryptoStore.storeRoomAlgorithm(roomId, algorithm) + + if (!encryptingClass) { + Timber.tag(loggerTag.value).e("setEncryptionInRoom() : Unable to encrypt room $roomId with $algorithm") + return false + } + + val alg: IMXEncrypting? = when (algorithm) { + MXCRYPTO_ALGORITHM_MEGOLM -> megolmEncryptionFactory.create(roomId) + MXCRYPTO_ALGORITHM_OLM -> olmEncryptionFactory.create(roomId) + else -> null + } + + if (alg != null) { + roomEncryptorsStore.put(roomId, alg) + } + + // if encryption was not previously enabled in this room, we will have been + // ignoring new device events for these users so far. We may well have + // up-to-date lists for some users, for instance if we were sharing other + // e2e rooms with them, so there is room for optimisation here, but for now + // we just invalidate everyone in the room. + if (null == existingAlgorithm) { + Timber.tag(loggerTag.value).d("Enabling encryption in $roomId for the first time; invalidating device lists for all users therein") + + val userIds = ArrayList(membersId) + + deviceListManager.startTrackingDeviceList(userIds) + + if (!inhibitDeviceQuery) { + deviceListManager.refreshOutdatedDeviceLists() + } + } + + return true + } + + /** + * Tells if a room is encrypted with MXCRYPTO_ALGORITHM_MEGOLM + * + * @param roomId the room id + * @return true if the room is encrypted with algorithm MXCRYPTO_ALGORITHM_MEGOLM + */ + override fun isRoomEncrypted(roomId: String): Boolean { + return cryptoSessionInfoProvider.isRoomEncrypted(roomId) + } + + /** + * @return the stored device keys for a user. + */ + override fun getUserDevices(userId: String): MutableList { + return cryptoStore.getUserDevices(userId)?.values?.toMutableList() ?: ArrayList() + } + + private fun isEncryptionEnabledForInvitedUser(): Boolean { + return mxCryptoConfig.enableEncryptionForInvitedMembers + } + + override fun getEncryptionAlgorithm(roomId: String): String? { + return cryptoStore.getRoomAlgorithm(roomId) + } + + /** + * Determine whether we should encrypt messages for invited users in this room. + *

+ * Check here whether the invited members are allowed to read messages in the room history + * from the point they were invited onwards. + * + * @return true if we should encrypt messages for invited users. + */ + override fun shouldEncryptForInvitedMembers(roomId: String): Boolean { + return cryptoStore.shouldEncryptForInvitedMembers(roomId) + } + + /** + * Encrypt an event content according to the configuration of the room. + * + * @param eventContent the content of the event. + * @param eventType the type of the event. + * @param roomId the room identifier the event will be sent. + * @param callback the asynchronous callback + */ + override fun encryptEventContent(eventContent: Content, + eventType: String, + roomId: String, + callback: MatrixCallback) { + // moved to crypto scope to have uptodate values + cryptoCoroutineScope.launch(coroutineDispatchers.crypto) { + val userIds = getRoomUserIds(roomId) + var alg = roomEncryptorsStore.get(roomId) + if (alg == null) { + val algorithm = getEncryptionAlgorithm(roomId) + if (algorithm != null) { + if (setEncryptionInRoom(roomId, algorithm, false, userIds)) { + alg = roomEncryptorsStore.get(roomId) + } + } + } + val safeAlgorithm = alg + if (safeAlgorithm != null) { + val t0 = System.currentTimeMillis() + Timber.tag(loggerTag.value).v("encryptEventContent() starts") + runCatching { + val content = safeAlgorithm.encryptEventContent(eventContent, eventType, userIds) + Timber.tag(loggerTag.value).v("## CRYPTO | encryptEventContent() : succeeds after ${System.currentTimeMillis() - t0} ms") + MXEncryptEventContentResult(content, EventType.ENCRYPTED) + }.foldToCallback(callback) + } else { + val algorithm = getEncryptionAlgorithm(roomId) + val reason = String.format( + MXCryptoError.UNABLE_TO_ENCRYPT_REASON, + algorithm ?: MXCryptoError.NO_MORE_ALGORITHM_REASON + ) + Timber.tag(loggerTag.value).e("encryptEventContent() : failed $reason") + callback.onFailure(Failure.CryptoError(MXCryptoError.Base(MXCryptoError.ErrorType.UNABLE_TO_ENCRYPT, reason))) + } + } + } + + override fun discardOutboundSession(roomId: String) { + cryptoCoroutineScope.launch(coroutineDispatchers.crypto) { + val roomEncryptor = roomEncryptorsStore.get(roomId) + if (roomEncryptor is IMXGroupEncryption) { + roomEncryptor.discardSessionKey() + } else { + Timber.tag(loggerTag.value).e("discardOutboundSession() for:$roomId: Unable to handle IMXGroupEncryption") + } + } + } + + /** + * Decrypt an event + * + * @param event the raw event. + * @param timeline the id of the timeline where the event is decrypted. It is used to prevent replay attack. + * @return the MXEventDecryptionResult data, or throw in case of error + */ + @Throws(MXCryptoError::class) + override suspend fun decryptEvent(event: Event, timeline: String): MXEventDecryptionResult { + return internalDecryptEvent(event, timeline) + } + + /** + * Decrypt an event asynchronously + * + * @param event the raw event. + * @param timeline the id of the timeline where the event is decrypted. It is used to prevent replay attack. + * @param callback the callback to return data or null + */ + override fun decryptEventAsync(event: Event, timeline: String, callback: MatrixCallback) { + eventDecryptor.decryptEventAsync(event, timeline, callback) + } + + /** + * Decrypt an event + * + * @param event the raw event. + * @param timeline the id of the timeline where the event is decrypted. It is used to prevent replay attack. + * @return the MXEventDecryptionResult data, or null in case of error + */ + @Throws(MXCryptoError::class) + private suspend fun internalDecryptEvent(event: Event, timeline: String): MXEventDecryptionResult { + return eventDecryptor.decryptEvent(event, timeline) + } + + /** + * Reset replay attack data for the given timeline. + * + * @param timelineId the timeline id + */ + fun resetReplayAttackCheckInTimeline(timelineId: String) { + olmDevice.resetReplayAttackCheckInTimeline(timelineId) + } + + /** + * Handle the 'toDevice' event + * + * @param event the event + */ + fun onToDeviceEvent(event: Event) { + // event have already been decrypted + cryptoCoroutineScope.launch(coroutineDispatchers.crypto) { + when (event.getClearType()) { + EventType.ROOM_KEY, EventType.FORWARDED_ROOM_KEY -> { + // Keys are imported directly, not waiting for end of sync + onRoomKeyEvent(event) + } + EventType.REQUEST_SECRET -> { + secretShareManager.handleSecretRequest(event) + } + EventType.ROOM_KEY_REQUEST -> { + event.getClearContent().toModel()?.let { req -> + // We'll always get these because we send room key requests to + // '*' (ie. 'all devices') which includes the sending device, + // so ignore requests from ourself because apart from it being + // very silly, it won't work because an Olm session cannot send + // messages to itself. + if (req.requestingDeviceId != deviceId) { // ignore self requests + event.senderId?.let { incomingKeyRequestManager.addNewIncomingRequest(it, req) } + } + } + } + EventType.SEND_SECRET -> { + onSecretSendReceived(event) + } + EventType.ROOM_KEY_WITHHELD -> { + onKeyWithHeldReceived(event) + } + else -> { + // ignore + } + } + } + liveEventManager.get().dispatchOnLiveToDevice(event) + } + + /** + * Handle a key event. + * + * @param event the key event. + */ + private fun onRoomKeyEvent(event: Event) { + val roomKeyContent = event.getClearContent().toModel() ?: return + Timber.tag(loggerTag.value).i("onRoomKeyEvent() from: ${event.senderId} type<${event.getClearType()}> , sessionId<${roomKeyContent.sessionId}>") + if (roomKeyContent.roomId.isNullOrEmpty() || roomKeyContent.algorithm.isNullOrEmpty()) { + Timber.tag(loggerTag.value).e("onRoomKeyEvent() : missing fields") + return + } + val alg = roomDecryptorProvider.getOrCreateRoomDecryptor(roomKeyContent.roomId, roomKeyContent.algorithm) + if (alg == null) { + Timber.tag(loggerTag.value).e("GOSSIP onRoomKeyEvent() : Unable to handle keys for ${roomKeyContent.algorithm}") + return + } + alg.onRoomKeyEvent(event, keysBackupService) + } + + private fun onKeyWithHeldReceived(event: Event) { + val withHeldContent = event.getClearContent().toModel() ?: return Unit.also { + Timber.tag(loggerTag.value).i("Malformed onKeyWithHeldReceived() : missing fields") + } + val senderId = event.senderId ?: return Unit.also { + Timber.tag(loggerTag.value).i("Malformed onKeyWithHeldReceived() : missing fields") + } + withHeldContent.sessionId ?: return + withHeldContent.algorithm ?: return + withHeldContent.roomId ?: return + withHeldContent.senderKey ?: return + outgoingKeyRequestManager.onRoomKeyWithHeld( + sessionId = withHeldContent.sessionId, + algorithm = withHeldContent.algorithm, + roomId = withHeldContent.roomId, + senderKey = withHeldContent.senderKey, + fromDevice = withHeldContent.fromDevice, + event = Event( + type = EventType.ROOM_KEY_WITHHELD, + senderId = senderId, + content = event.getClearContent() + ) + ) + } + + private suspend fun onSecretSendReceived(event: Event) { + secretShareManager.onSecretSendReceived(event) { secretName, secretValue -> + handleSDKLevelGossip(secretName, secretValue) + } + } + + /** + * Returns true if handled by SDK, otherwise should be sent to application layer + */ + private fun handleSDKLevelGossip(secretName: String?, + secretValue: String): Boolean { + return when (secretName) { + MASTER_KEY_SSSS_NAME -> { + crossSigningService.onSecretMSKGossip(secretValue) + true + } + SELF_SIGNING_KEY_SSSS_NAME -> { + crossSigningService.onSecretSSKGossip(secretValue) + true + } + USER_SIGNING_KEY_SSSS_NAME -> { + crossSigningService.onSecretUSKGossip(secretValue) + true + } + KEYBACKUP_SECRET_SSSS_NAME -> { + keysBackupService.onSecretKeyGossip(secretValue) + true + } + else -> false + } + } + + /** + * Handle an m.room.encryption event. + * + * @param event the encryption event. + */ + private fun onRoomEncryptionEvent(roomId: String, event: Event) { + if (!event.isStateEvent()) { + // Ignore + Timber.tag(loggerTag.value).w("Invalid encryption event") + return + } + cryptoCoroutineScope.launch(coroutineDispatchers.crypto) { + val userIds = getRoomUserIds(roomId) + setEncryptionInRoom(roomId, event.content?.get("algorithm")?.toString(), true, userIds) + } + } + + private fun getRoomUserIds(roomId: String): List { + val encryptForInvitedMembers = isEncryptionEnabledForInvitedUser() && + shouldEncryptForInvitedMembers(roomId) + return cryptoSessionInfoProvider.getRoomUserIds(roomId, encryptForInvitedMembers) + } + + /** + * Handle a change in the membership state of a member of a room. + * + * @param event the membership event causing the change + */ + private fun onRoomMembershipEvent(roomId: String, event: Event) { + roomEncryptorsStore.get(roomId) ?: /* No encrypting in this room */ return + + event.stateKey?.let { userId -> + val roomMember: RoomMemberContent? = event.content.toModel() + val membership = roomMember?.membership + if (membership == Membership.JOIN) { + // make sure we are tracking the deviceList for this user. + deviceListManager.startTrackingDeviceList(listOf(userId)) + } else if (membership == Membership.INVITE && + shouldEncryptForInvitedMembers(roomId) && + isEncryptionEnabledForInvitedUser()) { + // track the deviceList for this invited user. + // Caution: there's a big edge case here in that federated servers do not + // know what other servers are in the room at the time they've been invited. + // They therefore will not send device updates if a user logs in whilst + // their state is invite. + deviceListManager.startTrackingDeviceList(listOf(userId)) + } + } + } + + private fun onRoomHistoryVisibilityEvent(roomId: String, event: Event) { + if (!event.isStateEvent()) return + val eventContent = event.content.toModel() + eventContent?.historyVisibility?.let { + cryptoStore.setShouldEncryptForInvitedMembers(roomId, it != RoomHistoryVisibility.JOINED) + } + } + + /** + * Upload my user's device keys. + */ + private suspend fun uploadDeviceKeys() { + if (cryptoStore.areDeviceKeysUploaded()) { + Timber.tag(loggerTag.value).d("Keys already uploaded, nothing to do") + return + } + // Prepare the device keys data to send + // Sign it + val canonicalJson = JsonCanonicalizer.getCanonicalJson(Map::class.java, getMyDevice().signalableJSONDictionary()) + var rest = getMyDevice().toRest() + + rest = rest.copy( + signatures = objectSigner.signObject(canonicalJson) + ) + + val uploadDeviceKeysParams = UploadKeysTask.Params(rest, null, null) + uploadKeysTask.execute(uploadDeviceKeysParams) + + cryptoStore.setDeviceKeysUploaded(true) + } + + /** + * Export the crypto keys + * + * @param password the password + * @return the exported keys + */ + override suspend fun exportRoomKeys(password: String): ByteArray { + return exportRoomKeys(password, MXMegolmExportEncryption.DEFAULT_ITERATION_COUNT) + } + + /** + * Export the crypto keys + * + * @param password the password + * @param anIterationCount the encryption iteration count (0 means no encryption) + */ + private suspend fun exportRoomKeys(password: String, anIterationCount: Int): ByteArray { + return withContext(coroutineDispatchers.crypto) { + val iterationCount = max(0, anIterationCount) + + val exportedSessions = cryptoStore.getInboundGroupSessions().mapNotNull { it.exportKeys() } + + val adapter = MoshiProvider.providesMoshi() + .adapter(List::class.java) + + MXMegolmExportEncryption.encryptMegolmKeyFile(adapter.toJson(exportedSessions), password, iterationCount) + } + } + + /** + * Import the room keys + * + * @param roomKeysAsArray the room keys as array. + * @param password the password + * @param progressListener the progress listener + * @return the result ImportRoomKeysResult + */ + override suspend fun importRoomKeys(roomKeysAsArray: ByteArray, + password: String, + progressListener: ProgressListener?): ImportRoomKeysResult { + return withContext(coroutineDispatchers.crypto) { + Timber.tag(loggerTag.value).v("importRoomKeys starts") + + val t0 = System.currentTimeMillis() + val roomKeys = MXMegolmExportEncryption.decryptMegolmKeyFile(roomKeysAsArray, password) + val t1 = System.currentTimeMillis() + + Timber.tag(loggerTag.value).v("importRoomKeys : decryptMegolmKeyFile done in ${t1 - t0} ms") + + val importedSessions = MoshiProvider.providesMoshi() + .adapter>(Types.newParameterizedType(List::class.java, MegolmSessionData::class.java)) + .fromJson(roomKeys) + + val t2 = System.currentTimeMillis() + + Timber.tag(loggerTag.value).v("importRoomKeys : JSON parsing ${t2 - t1} ms") + + if (importedSessions == null) { + throw Exception("Error") + } + + megolmSessionDataImporter.handle( + megolmSessionsData = importedSessions, + fromBackup = false, + progressListener = progressListener + ) + } + } + + /** + * Update the warn status when some unknown devices are detected. + * + * @param warn true to warn when some unknown devices are detected. + */ + override fun setWarnOnUnknownDevices(warn: Boolean) { + warnOnUnknownDevicesRepository.setWarnOnUnknownDevices(warn) + } + + /** + * Check if the user ids list have some unknown devices. + * A success means there is no unknown devices. + * If there are some unknown devices, a MXCryptoError.UnknownDevice exception is triggered. + * + * @param userIds the user ids list + * @param callback the asynchronous callback. + */ + fun checkUnknownDevices(userIds: List, callback: MatrixCallback) { + // force the refresh to ensure that the devices list is up-to-date + cryptoCoroutineScope.launch(coroutineDispatchers.crypto) { + runCatching { + val keys = deviceListManager.downloadKeys(userIds, true) + val unknownDevices = getUnknownDevices(keys) + if (unknownDevices.map.isNotEmpty()) { + // trigger an an unknown devices exception + throw Failure.CryptoError(MXCryptoError.UnknownDevice(unknownDevices)) + } + }.foldToCallback(callback) + } + } + + /** + * Set the global override for whether the client should ever send encrypted + * messages to unverified devices. + * If false, it can still be overridden per-room. + * If true, it overrides the per-room settings. + * + * @param block true to unilaterally blacklist all + */ + override fun setGlobalBlacklistUnverifiedDevices(block: Boolean) { + cryptoStore.setGlobalBlacklistUnverifiedDevices(block) + } + + override fun enableKeyGossiping(enable: Boolean) { + cryptoStore.enableKeyGossiping(enable) + } + + override fun isKeyGossipingEnabled() = cryptoStore.isKeyGossipingEnabled() + + /** + * Tells whether the client should ever send encrypted messages to unverified devices. + * The default value is false. + * This function must be called in the getEncryptingThreadHandler() thread. + * + * @return true to unilaterally blacklist all unverified devices. + */ + override fun getGlobalBlacklistUnverifiedDevices(): Boolean { + return cryptoStore.getGlobalBlacklistUnverifiedDevices() + } + + /** + * Tells whether the client should encrypt messages only for the verified devices + * in this room. + * The default value is false. + * + * @param roomId the room id + * @return true if the client should encrypt messages only for the verified devices. + */ +// TODO add this info in CryptoRoomEntity? + override fun isRoomBlacklistUnverifiedDevices(roomId: String?): Boolean { + return roomId?.let { cryptoStore.getRoomsListBlacklistUnverifiedDevices().contains(it) } + ?: false + } + + /** + * Manages the room black-listing for unverified devices. + * + * @param roomId the room id + * @param add true to add the room id to the list, false to remove it. + */ + private fun setRoomBlacklistUnverifiedDevices(roomId: String, add: Boolean) { + val roomIds = cryptoStore.getRoomsListBlacklistUnverifiedDevices().toMutableList() + + if (add) { + if (roomId !in roomIds) { + roomIds.add(roomId) + } + } else { + roomIds.remove(roomId) + } + + cryptoStore.setRoomsListBlacklistUnverifiedDevices(roomIds) + } + + /** + * Add this room to the ones which don't encrypt messages to unverified devices. + * + * @param roomId the room id + */ + override fun setRoomBlacklistUnverifiedDevices(roomId: String) { + setRoomBlacklistUnverifiedDevices(roomId, true) + } + + /** + * Remove this room to the ones which don't encrypt messages to unverified devices. + * + * @param roomId the room id + */ + override fun setRoomUnBlacklistUnverifiedDevices(roomId: String) { + setRoomBlacklistUnverifiedDevices(roomId, false) + } + + /** + * Re request the encryption keys required to decrypt an event. + * + * @param event the event to decrypt again. + */ + override fun reRequestRoomKeyForEvent(event: Event) { + outgoingKeyRequestManager.requestKeyForEvent(event, true) + } + + override fun requestRoomKeyForEvent(event: Event) { + outgoingKeyRequestManager.requestKeyForEvent(event, false) + } + + /** + * Add a GossipingRequestListener listener. + * + * @param listener listener + */ + override fun addRoomKeysRequestListener(listener: GossipingRequestListener) { + incomingKeyRequestManager.addRoomKeysRequestListener(listener) + secretShareManager.addListener(listener) + } + + /** + * Add a GossipingRequestListener listener. + * + * @param listener listener + */ + override fun removeRoomKeysRequestListener(listener: GossipingRequestListener) { + incomingKeyRequestManager.removeRoomKeysRequestListener(listener) + secretShareManager.addListener(listener) + } + + /** + * Provides the list of unknown devices + * + * @param devicesInRoom the devices map + * @return the unknown devices map + */ + private fun getUnknownDevices(devicesInRoom: MXUsersDevicesMap): MXUsersDevicesMap { + val unknownDevices = MXUsersDevicesMap() + val userIds = devicesInRoom.userIds + for (userId in userIds) { + devicesInRoom.getUserDeviceIds(userId)?.forEach { deviceId -> + devicesInRoom.getObject(userId, deviceId) + ?.takeIf { it.isUnknown } + ?.let { + unknownDevices.setObject(userId, deviceId, it) + } + } + } + + return unknownDevices + } + + override fun downloadKeys(userIds: List, forceDownload: Boolean, callback: MatrixCallback>) { + cryptoCoroutineScope.launch(coroutineDispatchers.crypto) { + runCatching { + deviceListManager.downloadKeys(userIds, forceDownload) + }.foldToCallback(callback) + } + } + + override fun addNewSessionListener(newSessionListener: NewSessionListener) { + roomDecryptorProvider.addNewSessionListener(newSessionListener) + } + + override fun removeSessionListener(listener: NewSessionListener) { + roomDecryptorProvider.removeSessionListener(listener) + } +/* ========================================================================================== + * DEBUG INFO + * ========================================================================================== */ + + override fun toString(): String { + return "DefaultCryptoService of $userId ($deviceId)" + } + + override fun getOutgoingRoomKeyRequests(): List { + return cryptoStore.getOutgoingRoomKeyRequests() + } + + override fun getOutgoingRoomKeyRequestsPaged(): LiveData> { + return cryptoStore.getOutgoingRoomKeyRequestsPaged() + } + + override fun getIncomingRoomKeyRequests(): List { + return cryptoStore.getGossipingEvents() + .mapNotNull { + IncomingRoomKeyRequest.fromEvent(it) + } + } + + override fun getIncomingRoomKeyRequestsPaged(): LiveData> { + return cryptoStore.getGossipingEventsTrail(TrailType.IncomingKeyRequest) { + IncomingRoomKeyRequest.fromEvent(it) + ?: IncomingRoomKeyRequest(localCreationTimestamp = 0L) + } + } + + /** + * If you registered a `GossipingRequestListener`, you will be notified of key request + * that was not accepted by the SDK. You can call back this manually to accept anyhow. + */ + override suspend fun manuallyAcceptRoomKeyRequest(request: IncomingRoomKeyRequest) { + incomingKeyRequestManager.manuallyAcceptRoomKeyRequest(request) + } + + override fun getGossipingEventsTrail(): LiveData> { + return cryptoStore.getGossipingEventsTrail() + } + + override fun getGossipingEvents(): List { + return cryptoStore.getGossipingEvents() + } + + override fun getSharedWithInfo(roomId: String?, sessionId: String): MXUsersDevicesMap { + return cryptoStore.getSharedWithInfo(roomId, sessionId) + } + + override fun getWithHeldMegolmSession(roomId: String, sessionId: String): RoomKeyWithHeldContent? { + return cryptoStore.getWithHeldMegolmSession(roomId, sessionId) + } + + override fun logDbUsageInfo() { + cryptoStore.logDbUsageInfo() + } + + override fun prepareToEncrypt(roomId: String, callback: MatrixCallback) { + cryptoCoroutineScope.launch(coroutineDispatchers.crypto) { + Timber.tag(loggerTag.value).d("prepareToEncrypt() roomId:$roomId Check room members up to date") + // Ensure to load all room members + try { + loadRoomMembersTask.execute(LoadRoomMembersTask.Params(roomId)) + } catch (failure: Throwable) { + Timber.tag(loggerTag.value).e("prepareToEncrypt() : Failed to load room members") + // we probably shouldn't block sending on that (but questionable) + // but some members won't be able to decrypt + } + + val userIds = getRoomUserIds(roomId) + val alg = roomEncryptorsStore.get(roomId) + ?: getEncryptionAlgorithm(roomId) + ?.let { setEncryptionInRoom(roomId, it, false, userIds) } + ?.let { roomEncryptorsStore.get(roomId) } + + if (alg == null) { + val reason = String.format(MXCryptoError.UNABLE_TO_ENCRYPT_REASON, MXCryptoError.NO_MORE_ALGORITHM_REASON) + Timber.tag(loggerTag.value).e("prepareToEncrypt() : $reason") + callback.onFailure(IllegalArgumentException("Missing algorithm")) + return@launch + } + + runCatching { + (alg as? IMXGroupEncryption)?.preshareKey(userIds) + }.fold( + { callback.onSuccess(Unit) }, + { + Timber.tag(loggerTag.value).e(it, "prepareToEncrypt() failed.") + callback.onFailure(it) + } + ) + } + } + + /* ========================================================================================== + * For test only + * ========================================================================================== */ + + @VisibleForTesting + val cryptoStoreForTesting = cryptoStore + + @VisibleForTesting + val olmDeviceForTest = olmDevice + + companion object { + const val CRYPTO_MIN_FORCE_SESSION_PERIOD_MILLIS = 3_600_000 // one hour + } +} From 9385d19ad0c2f128baf9beb15eae3063048ee708 Mon Sep 17 00:00:00 2001 From: Valere Date: Fri, 22 Apr 2022 11:38:50 +0200 Subject: [PATCH 022/433] Fix trail display (from instead of to for incoming types) --- .../devtools/GossipingTrailPagedEpoxyController.kt | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/vector/src/main/java/im/vector/app/features/settings/devtools/GossipingTrailPagedEpoxyController.kt b/vector/src/main/java/im/vector/app/features/settings/devtools/GossipingTrailPagedEpoxyController.kt index b6e7a3c88b..6a45968916 100644 --- a/vector/src/main/java/im/vector/app/features/settings/devtools/GossipingTrailPagedEpoxyController.kt +++ b/vector/src/main/java/im/vector/app/features/settings/devtools/GossipingTrailPagedEpoxyController.kt @@ -55,7 +55,7 @@ class GossipingTrailPagedEpoxyController @Inject constructor( description( span { +host.vectorDateFormatter.format(event.ageLocalTs, DateFormatKind.DEFAULT_DATE_AND_TIME) - span("\nfrom: ") { + span("\n${host.senderFromTo(event.type)}: ") { textStyle = "bold" } +"${event.info.userId}|${event.info.deviceId}" @@ -101,4 +101,14 @@ class GossipingTrailPagedEpoxyController @Inject constructor( ) } } + + private fun senderFromTo(type: TrailType): String { + return when (type) { + TrailType.OutgoingKeyWithheld, + TrailType.OutgoingKeyForward -> "to" + TrailType.IncomingKeyRequest, + TrailType.IncomingKeyForward -> "from" + TrailType.Unknown -> "" + } + } } From eaf104495db24c0d6bd5f9ebb2c3f685eb3e8b60 Mon Sep 17 00:00:00 2001 From: Valere Date: Mon, 25 Apr 2022 10:44:38 +0200 Subject: [PATCH 023/433] Cleaning, code review --- .../sdk/internal/crypto/E2eeSanityTests.kt | 9 +- .../crypto/gossiping/WithHeldTests.kt | 24 +++-- .../store/db/migration/MigrateCryptoTo005.kt | 58 ++++++------ .../store/db/migration/MigrateCryptoTo016.kt | 2 +- .../store/db/model/GossipingEventEntity.kt | 90 ------------------- .../model/IncomingGossipingRequestEntity.kt | 34 ------- .../model/OutgoingGossipingRequestEntity.kt | 31 ------- .../VerificationBottomSheetViewModel.kt | 2 +- 8 files changed, 51 insertions(+), 199 deletions(-) delete mode 100644 matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/GossipingEventEntity.kt delete mode 100644 matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/IncomingGossipingRequestEntity.kt delete mode 100644 matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/OutgoingGossipingRequestEntity.kt diff --git a/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/E2eeSanityTests.kt b/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/E2eeSanityTests.kt index 6fdcf53478..9274a09044 100644 --- a/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/E2eeSanityTests.kt +++ b/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/E2eeSanityTests.kt @@ -322,11 +322,13 @@ class E2eeSanityTests : InstrumentedTest { } val importedResult = testHelper.doSync { - kbs.restoreKeyBackupWithPassword(keyVersionResult!!, + kbs.restoreKeyBackupWithPassword( + keyVersionResult!!, keyBackupPassword, null, null, - null, it) + null, it + ) } assertEquals(3, importedResult.totalNumberOfKeys) @@ -724,7 +726,8 @@ class E2eeSanityTests : InstrumentedTest { assertEquals( "USK Private parts should be the same", aliceSession.cryptoService().crossSigningService().getCrossSigningPrivateKeys()!!.user, - aliceNewSession.cryptoService().crossSigningService().getCrossSigningPrivateKeys()!!.user) + aliceNewSession.cryptoService().crossSigningService().getCrossSigningPrivateKeys()!!.user + ) assertEquals( "SSK Private parts should be the same", diff --git a/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/gossiping/WithHeldTests.kt b/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/gossiping/WithHeldTests.kt index 63c856d0f1..0e4dea8d91 100644 --- a/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/gossiping/WithHeldTests.kt +++ b/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/gossiping/WithHeldTests.kt @@ -113,7 +113,7 @@ class WithHeldTests : InstrumentedTest { ?.firstOrNull { it.fromDevice == bobSession.sessionParams.deviceId } ?.result ?.let { - it as? RequestResult.Failure + it as? RequestResult.Failure } ?.code == WithHeldCode.UNVERIFIED } @@ -161,13 +161,15 @@ class WithHeldTests : InstrumentedTest { val aliceInterceptor = testHelper.getTestInterceptor(aliceSession) // Simulate no OTK - aliceInterceptor!!.addRule(MockOkHttpInterceptor.SimpleRule( - "/keys/claim", - 200, - """ + aliceInterceptor!!.addRule( + MockOkHttpInterceptor.SimpleRule( + "/keys/claim", + 200, + """ { "one_time_keys" : {} } """ - )) + ) + ) Log.d("#TEST", "Recovery :${aliceSession.sessionParams.credentials.accessToken}") val roomAlicePov = aliceSession.getRoom(testData.roomId)!! @@ -198,7 +200,10 @@ class WithHeldTests : InstrumentedTest { // Ensure that alice has marked the session to be shared with bob val sessionId = eventBobPOV!!.root.content.toModel()!!.sessionId!! - val chainIndex = aliceSession.cryptoService().getSharedWithInfo(testData.roomId, sessionId).getObject(bobSession.myUserId, bobSession.sessionParams.credentials.deviceId) + val chainIndex = aliceSession.cryptoService().getSharedWithInfo(testData.roomId, sessionId).getObject( + bobSession.myUserId, + bobSession.sessionParams.credentials.deviceId + ) Assert.assertEquals("Alice should have marked bob's device for this session", 0, chainIndex) // Add a new device for bob @@ -216,7 +221,10 @@ class WithHeldTests : InstrumentedTest { } } - val chainIndex2 = aliceSession.cryptoService().getSharedWithInfo(testData.roomId, sessionId).getObject(bobSecondSession.myUserId, bobSecondSession.sessionParams.credentials.deviceId) + val chainIndex2 = aliceSession.cryptoService().getSharedWithInfo(testData.roomId, sessionId).getObject( + bobSecondSession.myUserId, + bobSecondSession.sessionParams.credentials.deviceId + ) Assert.assertEquals("Alice should have marked bob's device for this session", 1, chainIndex2) diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/migration/MigrateCryptoTo005.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/migration/MigrateCryptoTo005.kt index e1d7598767..8ec2932a8f 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/migration/MigrateCryptoTo005.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/migration/MigrateCryptoTo005.kt @@ -17,9 +17,6 @@ package org.matrix.android.sdk.internal.crypto.store.db.migration import io.realm.DynamicRealm -import org.matrix.android.sdk.internal.crypto.store.db.model.GossipingEventEntityFields -import org.matrix.android.sdk.internal.crypto.store.db.model.IncomingGossipingRequestEntityFields -import org.matrix.android.sdk.internal.crypto.store.db.model.OutgoingGossipingRequestEntityFields import org.matrix.android.sdk.internal.util.database.RealmMigrator internal class MigrateCryptoTo005(realm: DynamicRealm) : RealmMigrator(realm, 5) { @@ -29,38 +26,37 @@ internal class MigrateCryptoTo005(realm: DynamicRealm) : RealmMigrator(realm, 5) realm.schema.remove("IncomingRoomKeyRequestEntity") // Not need to migrate existing request, just start fresh? - realm.schema.create("GossipingEventEntity") - .addField(GossipingEventEntityFields.TYPE, String::class.java) - .addIndex(GossipingEventEntityFields.TYPE) - .addField(GossipingEventEntityFields.CONTENT, String::class.java) - .addField(GossipingEventEntityFields.SENDER, String::class.java) - .addIndex(GossipingEventEntityFields.SENDER) - .addField(GossipingEventEntityFields.DECRYPTION_RESULT_JSON, String::class.java) - .addField(GossipingEventEntityFields.DECRYPTION_ERROR_CODE, String::class.java) - .addField(GossipingEventEntityFields.AGE_LOCAL_TS, Long::class.java) - .setNullable(GossipingEventEntityFields.AGE_LOCAL_TS, true) - .addField(GossipingEventEntityFields.SEND_STATE_STR, String::class.java) + .addField("type", String::class.java) + .addIndex("type") + .addField("content", String::class.java) + .addField("sender", String::class.java) + .addIndex("sender") + .addField("decryptionResultJson", String::class.java) + .addField("decryptionErrorCode", String::class.java) + .addField("ageLocalTs", Long::class.java) + .setNullable("ageLocalTs", true) + .addField("sendStateStr", String::class.java) realm.schema.create("IncomingGossipingRequestEntity") - .addField(IncomingGossipingRequestEntityFields.REQUEST_ID, String::class.java) - .addIndex(IncomingGossipingRequestEntityFields.REQUEST_ID) - .addField(IncomingGossipingRequestEntityFields.TYPE_STR, String::class.java) - .addIndex(IncomingGossipingRequestEntityFields.TYPE_STR) - .addField(IncomingGossipingRequestEntityFields.OTHER_USER_ID, String::class.java) - .addField(IncomingGossipingRequestEntityFields.REQUESTED_INFO_STR, String::class.java) - .addField(IncomingGossipingRequestEntityFields.OTHER_DEVICE_ID, String::class.java) - .addField(IncomingGossipingRequestEntityFields.REQUEST_STATE_STR, String::class.java) - .addField(IncomingGossipingRequestEntityFields.LOCAL_CREATION_TIMESTAMP, Long::class.java) - .setNullable(IncomingGossipingRequestEntityFields.LOCAL_CREATION_TIMESTAMP, true) + .addField("requestId", String::class.java) + .addIndex("requestId") + .addField("typeStr", String::class.java) + .addIndex("typeStr") + .addField("otherUserId", String::class.java) + .addField("requestedInfoStr", String::class.java) + .addField("otherDeviceId", String::class.java) + .addField("requestStateStr", String::class.java) + .addField("localCreationTimestamp", Long::class.java) + .setNullable("localCreationTimestamp", true) realm.schema.create("OutgoingGossipingRequestEntity") - .addField(OutgoingGossipingRequestEntityFields.REQUEST_ID, String::class.java) - .addIndex(OutgoingGossipingRequestEntityFields.REQUEST_ID) - .addField(OutgoingGossipingRequestEntityFields.RECIPIENTS_DATA, String::class.java) - .addField(OutgoingGossipingRequestEntityFields.REQUESTED_INFO_STR, String::class.java) - .addField(OutgoingGossipingRequestEntityFields.TYPE_STR, String::class.java) - .addIndex(OutgoingGossipingRequestEntityFields.TYPE_STR) - .addField(OutgoingGossipingRequestEntityFields.REQUEST_STATE_STR, String::class.java) + .addField("requestId", String::class.java) + .addIndex("requestId") + .addField("recipientsData", String::class.java) + .addField("requestedInfoStr", String::class.java) + .addField("typeStr", String::class.java) + .addIndex("typeStr") + .addField("requestStateStr", String::class.java) } } diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/migration/MigrateCryptoTo016.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/migration/MigrateCryptoTo016.kt index 8d79ba3075..edc8b566ad 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/migration/MigrateCryptoTo016.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/migration/MigrateCryptoTo016.kt @@ -23,7 +23,7 @@ import org.matrix.android.sdk.internal.crypto.store.db.model.KeyRequestReplyEnti import org.matrix.android.sdk.internal.crypto.store.db.model.OutgoingKeyRequestEntityFields import org.matrix.android.sdk.internal.util.database.RealmMigrator -internal class MigrateCryptoTo016(realm: DynamicRealm) : RealmMigrator(realm, 15) { +internal class MigrateCryptoTo016(realm: DynamicRealm) : RealmMigrator(realm, 16) { override fun doMigrate(realm: DynamicRealm) { realm.schema.remove("OutgoingGossipingRequestEntity") diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/GossipingEventEntity.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/GossipingEventEntity.kt deleted file mode 100644 index 31b141014b..0000000000 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/GossipingEventEntity.kt +++ /dev/null @@ -1,90 +0,0 @@ -/* - * Copyright 2020 The Matrix.org Foundation C.I.C. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.matrix.android.sdk.internal.crypto.store.db.model - -import com.squareup.moshi.JsonDataException -import io.realm.RealmObject -import io.realm.annotations.Index -import org.matrix.android.sdk.api.session.crypto.MXCryptoError -import org.matrix.android.sdk.api.session.crypto.model.MXEventDecryptionResult -import org.matrix.android.sdk.api.session.crypto.model.OlmDecryptionResult -import org.matrix.android.sdk.api.session.events.model.Event -import org.matrix.android.sdk.api.session.room.send.SendState -import org.matrix.android.sdk.internal.database.mapper.ContentMapper -import org.matrix.android.sdk.internal.di.MoshiProvider -import timber.log.Timber - -/** - * Keep track of gossiping event received in toDevice messages - * (room key request, or sss secret sharing, as well as cancellations) - * - */ - -// not used anymore, just here for db migration -internal open class GossipingEventEntity(@Index var type: String? = "", - var content: String? = null, - @Index var sender: String? = null, - var decryptionResultJson: String? = null, - var decryptionErrorCode: String? = null, - var ageLocalTs: Long? = null) : RealmObject() { - - private var sendStateStr: String = SendState.UNKNOWN.name - - var sendState: SendState - get() { - return SendState.valueOf(sendStateStr) - } - set(value) { - sendStateStr = value.name - } - - companion object - - fun setDecryptionResult(result: MXEventDecryptionResult) { - val decryptionResult = OlmDecryptionResult( - payload = result.clearEvent, - senderKey = result.senderCurve25519Key, - keysClaimed = result.claimedEd25519Key?.let { mapOf("ed25519" to it) }, - forwardingCurve25519KeyChain = result.forwardingCurve25519KeyChain - ) - val adapter = MoshiProvider.providesMoshi().adapter(OlmDecryptionResult::class.java) - decryptionResultJson = adapter.toJson(decryptionResult) - decryptionErrorCode = null - } - - fun toModel(): Event { - return Event( - type = this.type ?: "", - content = ContentMapper.map(this.content), - senderId = this.sender - ).also { - it.ageLocalTs = this.ageLocalTs - it.sendState = this.sendState - this.decryptionResultJson?.let { json -> - try { - it.mxDecryptionResult = MoshiProvider.providesMoshi().adapter(OlmDecryptionResult::class.java).fromJson(json) - } catch (t: JsonDataException) { - Timber.e(t, "Failed to parse decryption result") - } - } - // TODO get the full crypto error object - it.mCryptoError = this.decryptionErrorCode?.let { errorCode -> - MXCryptoError.ErrorType.valueOf(errorCode) - } - } - } -} diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/IncomingGossipingRequestEntity.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/IncomingGossipingRequestEntity.kt deleted file mode 100644 index 5ac659d327..0000000000 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/IncomingGossipingRequestEntity.kt +++ /dev/null @@ -1,34 +0,0 @@ -/* - * Copyright 2020 The Matrix.org Foundation C.I.C. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.matrix.android.sdk.internal.crypto.store.db.model - -import io.realm.RealmObject -import io.realm.annotations.Index - -// not used anymore, just here for db migration -internal open class IncomingGossipingRequestEntity(@Index var requestId: String? = "", - @Index var typeStr: String? = null, - var otherUserId: String? = null, - var requestedInfoStr: String? = null, - var otherDeviceId: String? = null, - var localCreationTimestamp: Long? = null -) : RealmObject() { - - private var requestStateStr: String = "" - - companion object -} diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/OutgoingGossipingRequestEntity.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/OutgoingGossipingRequestEntity.kt deleted file mode 100644 index 1dd9cacb74..0000000000 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/OutgoingGossipingRequestEntity.kt +++ /dev/null @@ -1,31 +0,0 @@ - /* - * Copyright 2020 The Matrix.org Foundation C.I.C. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.matrix.android.sdk.internal.crypto.store.db.model - -import io.realm.RealmObject -import io.realm.annotations.Index - -// not used anymore, just here for db migration -internal open class OutgoingGossipingRequestEntity( - @Index var requestId: String? = null, - var recipientsData: String? = null, - var requestedInfoStr: String? = null, - @Index var typeStr: String? = null -) : RealmObject() { - - private var requestStateStr: String = "" -} diff --git a/vector/src/main/java/im/vector/app/features/crypto/verification/VerificationBottomSheetViewModel.kt b/vector/src/main/java/im/vector/app/features/crypto/verification/VerificationBottomSheetViewModel.kt index 1e14d0a2ed..4c144d2e9f 100644 --- a/vector/src/main/java/im/vector/app/features/crypto/verification/VerificationBottomSheetViewModel.kt +++ b/vector/src/main/java/im/vector/app/features/crypto/verification/VerificationBottomSheetViewModel.kt @@ -423,7 +423,7 @@ class VerificationBottomSheetViewModel @AssistedInject constructor( private fun tentativeRestoreBackup(res: Map?) { // It's not a good idea to download the full backup, it might take very long // and use a lot of resources - // Just check that the ey is valid and store it, the backup will be used megolm session per + // Just check that the key is valid and store it, the backup will be used megolm session per // megolm session when an UISI is encountered viewModelScope.launch(Dispatchers.IO) { From 012dfeb715f34015dd2ef6addf61c97b26643c4f Mon Sep 17 00:00:00 2001 From: Valere Date: Mon, 25 Apr 2022 18:04:24 +0200 Subject: [PATCH 024/433] Change log for SDK apis --- changelog.d/5559.sdk | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 changelog.d/5559.sdk diff --git a/changelog.d/5559.sdk b/changelog.d/5559.sdk new file mode 100644 index 0000000000..2466fcef48 --- /dev/null +++ b/changelog.d/5559.sdk @@ -0,0 +1,4 @@ +- New API to enable/disable key forwarding CryptoService#enableKeyGossiping() +- New API to limit room key request only to own devices MXCryptoConfig#limitRoomKeyRequestsToMyDevices +- Event Trail API has changed, now using AuditTrail events +- New API to manually accept an incoming key request CryptoService#manuallyAcceptRoomKeyRequest() From 728faaee19511e1575cc383fd1c2e182ed9b45ff Mon Sep 17 00:00:00 2001 From: Valere Date: Tue, 26 Apr 2022 14:46:52 +0200 Subject: [PATCH 025/433] Fix missing mapper for incoming key forward trail --- .../crypto/store/db/model/AuditTrailMapper.kt | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/AuditTrailMapper.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/AuditTrailMapper.kt index 465837bc81..16d08784eb 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/AuditTrailMapper.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/AuditTrailMapper.kt @@ -30,7 +30,7 @@ internal object AuditTrailMapper { fun map(entity: AuditTrailEntity): AuditTrail? { val contentJson = entity.contentJson ?: return null return when (entity.type) { - TrailType.OutgoingKeyForward.name -> { + TrailType.OutgoingKeyForward.name -> { val info = tryOrNull { MoshiProvider.providesMoshi().adapter(ForwardInfo::class.java).fromJson(contentJson) } ?: return null @@ -60,7 +60,17 @@ internal object AuditTrailMapper { info = info ) } - else -> { + TrailType.IncomingKeyForward.name -> { + val info = tryOrNull { + MoshiProvider.providesMoshi().adapter(ForwardInfo::class.java).fromJson(contentJson) + } ?: return null + AuditTrail( + ageLocalTs = entity.ageLocalTs ?: 0, + type = TrailType.IncomingKeyForward, + info = info + ) + } + else -> { AuditTrail( ageLocalTs = entity.ageLocalTs ?: 0, type = TrailType.Unknown, From 8920ed3de813d93d13a2d573d29dc61d17bf3f4c Mon Sep 17 00:00:00 2001 From: Valere Date: Wed, 27 Apr 2022 09:45:26 +0200 Subject: [PATCH 026/433] Code review --- .../crypto/gossiping/KeyShareTests.kt | 3 + .../android/sdk/api/crypto/MXCryptoConfig.kt | 2 +- .../internal/crypto/DefaultCryptoService.kt | 2 +- .../sdk/internal/crypto/MXOlmDevice.kt | 1836 ++++++++--------- .../crypto/OutgoingGossipingRequest.kt | 27 - .../crypto/OutgoingKeyRequestManager.kt | 1037 +++++----- .../internal/crypto/OutgoingSecretRequest.kt | 39 - .../PerSessionBackupQueryRateLimiter.kt | 2 +- .../internal/crypto/RoomEncryptorsStore.kt | 1 - .../sdk/internal/crypto/SecretShareManager.kt | 596 +++--- .../algorithms/megolm/MXMegolmDecryption.kt | 10 +- .../crypto/store/db/RealmCryptoStore.kt | 90 +- .../db/model/OutgoingKeyRequestEntity.kt | 4 +- .../room/membership/joining/JoinRoomTask.kt | 13 +- 14 files changed, 1797 insertions(+), 1865 deletions(-) delete mode 100644 matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingGossipingRequest.kt delete mode 100755 matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingSecretRequest.kt diff --git a/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/gossiping/KeyShareTests.kt b/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/gossiping/KeyShareTests.kt index bc286a75be..1e2aa8621d 100644 --- a/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/gossiping/KeyShareTests.kt +++ b/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/gossiping/KeyShareTests.kt @@ -432,6 +432,7 @@ class KeyShareTests : InstrumentedTest { .markedLocallyAsManuallyVerified(aliceNewSession.myUserId, aliceNewSession.sessionParams.deviceId!!) // /!\ Stop initial alice session syncing so that it can't reply + aliceSession.cryptoService().enableKeyGossiping(false) aliceSession.stopSync() // Let's now try to request @@ -440,6 +441,7 @@ class KeyShareTests : InstrumentedTest { // Should get a reply from bob and not from alice commonTestHelper.waitWithLatch { latch -> commonTestHelper.retryPeriodicallyWithLatch(latch) { + // Log.d("#TEST", "outgoing key requests :${aliceNewSession.cryptoService().getOutgoingRoomKeyRequests().joinToString { it.sessionId ?: "?" }}") val outgoing = aliceNewSession.cryptoService().getOutgoingRoomKeyRequests().firstOrNull { it.sessionId == sentEventMegolmSession } val bobReply = outgoing?.results?.firstOrNull { it.userId == bobSession.myUserId } val result = bobReply?.result @@ -453,6 +455,7 @@ class KeyShareTests : InstrumentedTest { assertEquals("The request should not be canceled", OutgoingRoomKeyRequestState.SENT, outgoingReq.state) // let's wake up alice + aliceSession.cryptoService().enableKeyGossiping(true) aliceSession.startSync(true) // We should now get a reply from first session diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/crypto/MXCryptoConfig.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/crypto/MXCryptoConfig.kt index a0e1011aba..9507ddda65 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/crypto/MXCryptoConfig.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/crypto/MXCryptoConfig.kt @@ -37,5 +37,5 @@ data class MXCryptoConfig constructor( * Currently megolm keys are requested to the sender device and to all of our devices. * You can limit request only to your sessions by turning this setting to `true` */ - val limitRoomKeyRequestsToMyDevices: Boolean = false + val limitRoomKeyRequestsToMyDevices: Boolean = false, ) diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/DefaultCryptoService.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/DefaultCryptoService.kt index 98b5235e14..4418b18c73 100755 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/DefaultCryptoService.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/DefaultCryptoService.kt @@ -1192,7 +1192,7 @@ internal class DefaultCryptoService @Inject constructor( */ override fun removeRoomKeysRequestListener(listener: GossipingRequestListener) { incomingKeyRequestManager.removeRoomKeysRequestListener(listener) - secretShareManager.addListener(listener) + secretShareManager.removeListener(listener) } /** diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/MXOlmDevice.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/MXOlmDevice.kt index b91a970fc1..79c5c0bd41 100755 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/MXOlmDevice.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/MXOlmDevice.kt @@ -1,918 +1,918 @@ -/* - * Copyright 2020 The Matrix.org Foundation C.I.C. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.matrix.android.sdk.internal.crypto - -import androidx.annotation.VisibleForTesting -import kotlinx.coroutines.sync.Mutex -import kotlinx.coroutines.sync.withLock -import org.matrix.android.sdk.api.extensions.tryOrNull -import org.matrix.android.sdk.api.logger.LoggerTag -import org.matrix.android.sdk.api.session.crypto.MXCryptoError -import org.matrix.android.sdk.api.session.crypto.model.OlmDecryptionResult -import org.matrix.android.sdk.api.util.JSON_DICT_PARAMETERIZED_TYPE -import org.matrix.android.sdk.api.util.JsonDict -import org.matrix.android.sdk.internal.crypto.algorithms.megolm.MXOutboundSessionInfo -import org.matrix.android.sdk.internal.crypto.algorithms.megolm.SharedWithHelper -import org.matrix.android.sdk.internal.crypto.model.OlmInboundGroupSessionWrapper2 -import org.matrix.android.sdk.internal.crypto.model.OlmSessionWrapper -import org.matrix.android.sdk.internal.crypto.store.IMXCryptoStore -import org.matrix.android.sdk.internal.di.MoshiProvider -import org.matrix.android.sdk.internal.session.SessionScope -import org.matrix.android.sdk.internal.util.JsonCanonicalizer -import org.matrix.android.sdk.internal.util.convertFromUTF8 -import org.matrix.android.sdk.internal.util.convertToUTF8 -import org.matrix.olm.OlmAccount -import org.matrix.olm.OlmException -import org.matrix.olm.OlmMessage -import org.matrix.olm.OlmOutboundGroupSession -import org.matrix.olm.OlmSession -import org.matrix.olm.OlmUtility -import timber.log.Timber -import javax.inject.Inject - -private val loggerTag = LoggerTag("MXOlmDevice", LoggerTag.CRYPTO) - -// The libolm wrapper. -@SessionScope -internal class MXOlmDevice @Inject constructor( - /** - * The store where crypto data is saved. - */ - private val store: IMXCryptoStore, - private val olmSessionStore: OlmSessionStore, - private val inboundGroupSessionStore: InboundGroupSessionStore -) { - - val mutex = Mutex() - - /** - * @return the Curve25519 key for the account. - */ - var deviceCurve25519Key: String? = null - private set - - /** - * @return the Ed25519 key for the account. - */ - var deviceEd25519Key: String? = null - private set - - // The OLM lib utility instance. - private var olmUtility: OlmUtility? = null - - private data class GroupSessionCacheItem( - val groupId: String, - val groupSession: OlmOutboundGroupSession - ) - - // The outbound group session. - // Caches active outbound session to avoid to sync with DB before read - // The key is the session id, the value the . - private val outboundGroupSessionCache: MutableMap = HashMap() - - // Store a set of decrypted message indexes for each group session. - // This partially mitigates a replay attack where a MITM resends a group - // message into the room. - // - // The Matrix SDK exposes events through MXEventTimelines. A developer can open several - // timelines from a same room so that a message can be decrypted several times but from - // a different timeline. - // So, store these message indexes per timeline id. - // - // The first level keys are timeline ids. - // The second level keys are strings of form "||" - private val inboundGroupSessionMessageIndexes: MutableMap> = HashMap() - - init { - // Retrieve the account from the store - try { - store.getOrCreateOlmAccount() - } catch (e: Exception) { - Timber.tag(loggerTag.value).e(e, "MXOlmDevice : cannot initialize olmAccount") - } - - try { - olmUtility = OlmUtility() - } catch (e: Exception) { - Timber.tag(loggerTag.value).e(e, "## MXOlmDevice : OlmUtility failed with error") - olmUtility = null - } - - try { - deviceCurve25519Key = store.doWithOlmAccount { it.identityKeys()[OlmAccount.JSON_KEY_IDENTITY_KEY] } - } catch (e: Exception) { - Timber.tag(loggerTag.value).e(e, "## MXOlmDevice : cannot find ${OlmAccount.JSON_KEY_IDENTITY_KEY} with error") - } - - try { - deviceEd25519Key = store.doWithOlmAccount { it.identityKeys()[OlmAccount.JSON_KEY_FINGER_PRINT_KEY] } - } catch (e: Exception) { - Timber.tag(loggerTag.value).e(e, "## MXOlmDevice : cannot find ${OlmAccount.JSON_KEY_FINGER_PRINT_KEY} with error") - } - } - - /** - * @return The current (unused, unpublished) one-time keys for this account. - */ - fun getOneTimeKeys(): Map>? { - try { - return store.doWithOlmAccount { it.oneTimeKeys() } - } catch (e: Exception) { - Timber.tag(loggerTag.value).e(e, "## getOneTimeKeys() : failed") - } - - return null - } - - /** - * @return The maximum number of one-time keys the olm account can store. - */ - fun getMaxNumberOfOneTimeKeys(): Long { - return store.doWithOlmAccount { it.maxOneTimeKeys() } - } - - /** - * Returns an unpublished fallback key - * A call to markKeysAsPublished will mark it as published and this - * call will return null (until a call to generateFallbackKey is made) - */ - fun getFallbackKey(): MutableMap>? { - try { - return store.doWithOlmAccount { it.fallbackKey() } - } catch (e: Exception) { - Timber.tag(loggerTag.value).e("## getFallbackKey() : failed") - } - return null - } - - /** - * Generates a new fallback key if there is not already - * an unpublished one. - * @return true if a new key was generated - */ - fun generateFallbackKeyIfNeeded(): Boolean { - try { - if (!hasUnpublishedFallbackKey()) { - store.doWithOlmAccount { - it.generateFallbackKey() - store.saveOlmAccount() - } - return true - } - } catch (e: Exception) { - Timber.tag(loggerTag.value).e("## generateFallbackKey() : failed") - } - return false - } - - internal fun hasUnpublishedFallbackKey(): Boolean { - return getFallbackKey()?.get(OlmAccount.JSON_KEY_ONE_TIME_KEY).orEmpty().isNotEmpty() - } - - fun forgetFallbackKey() { - try { - store.doWithOlmAccount { - it.forgetFallbackKey() - store.saveOlmAccount() - } - } catch (e: Exception) { - Timber.tag(loggerTag.value).e("## forgetFallbackKey() : failed") - } - } - - /** - * Release the instance - */ - fun release() { - olmUtility?.releaseUtility() - outboundGroupSessionCache.values.forEach { - it.groupSession.releaseSession() - } - outboundGroupSessionCache.clear() - inboundGroupSessionStore.clear() - olmSessionStore.clear() - } - - /** - * Signs a message with the ed25519 key for this account. - * - * @param message the message to be signed. - * @return the base64-encoded signature. - */ - fun signMessage(message: String): String? { - try { - return store.doWithOlmAccount { it.signMessage(message) } - } catch (e: Exception) { - Timber.tag(loggerTag.value).e(e, "## signMessage() : failed") - } - - return null - } - - /** - * Marks all of the one-time keys as published. - */ - fun markKeysAsPublished() { - try { - store.doWithOlmAccount { - it.markOneTimeKeysAsPublished() - store.saveOlmAccount() - } - } catch (e: Exception) { - Timber.tag(loggerTag.value).e(e, "## markKeysAsPublished() : failed") - } - } - - /** - * Generate some new one-time keys - * - * @param numKeys number of keys to generate - */ - fun generateOneTimeKeys(numKeys: Int) { - try { - store.doWithOlmAccount { - it.generateOneTimeKeys(numKeys) - store.saveOlmAccount() - } - } catch (e: Exception) { - Timber.tag(loggerTag.value).e(e, "## generateOneTimeKeys() : failed") - } - } - - /** - * Generate a new outbound session. - * The new session will be stored in the MXStore. - * - * @param theirIdentityKey the remote user's Curve25519 identity key - * @param theirOneTimeKey the remote user's one-time Curve25519 key - * @return the session id for the outbound session. - */ - fun createOutboundSession(theirIdentityKey: String, theirOneTimeKey: String): String? { - Timber.tag(loggerTag.value).d("## createOutboundSession() ; theirIdentityKey $theirIdentityKey theirOneTimeKey $theirOneTimeKey") - var olmSession: OlmSession? = null - - try { - olmSession = OlmSession() - store.doWithOlmAccount { olmAccount -> - olmSession.initOutboundSession(olmAccount, theirIdentityKey, theirOneTimeKey) - } - - val olmSessionWrapper = OlmSessionWrapper(olmSession, 0) - - // Pretend we've received a message at this point, otherwise - // if we try to send a message to the device, it won't use - // this session - olmSessionWrapper.onMessageReceived() - - olmSessionStore.storeSession(olmSessionWrapper, theirIdentityKey) - - val sessionIdentifier = olmSession.sessionIdentifier() - - Timber.tag(loggerTag.value).v("## createOutboundSession() ; olmSession.sessionIdentifier: $sessionIdentifier") - return sessionIdentifier - } catch (e: Exception) { - Timber.tag(loggerTag.value).e(e, "## createOutboundSession() failed") - - olmSession?.releaseSession() - } - - return null - } - - /** - * Generate a new inbound session, given an incoming message. - * - * @param theirDeviceIdentityKey the remote user's Curve25519 identity key. - * @param messageType the message_type field from the received message (must be 0). - * @param ciphertext base64-encoded body from the received message. - * @return {{payload: string, session_id: string}} decrypted payload, and session id of new session. - */ - fun createInboundSession(theirDeviceIdentityKey: String, messageType: Int, ciphertext: String): Map? { - Timber.tag(loggerTag.value).d("## createInboundSession() : theirIdentityKey: $theirDeviceIdentityKey") - - var olmSession: OlmSession? = null - - try { - try { - olmSession = OlmSession() - store.doWithOlmAccount { olmAccount -> - olmSession.initInboundSessionFrom(olmAccount, theirDeviceIdentityKey, ciphertext) - } - } catch (e: Exception) { - Timber.tag(loggerTag.value).e(e, "## createInboundSession() : the session creation failed") - return null - } - - Timber.tag(loggerTag.value).v("## createInboundSession() : sessionId: ${olmSession.sessionIdentifier()}") - - try { - store.doWithOlmAccount { olmAccount -> - olmAccount.removeOneTimeKeys(olmSession) - store.saveOlmAccount() - } - } catch (e: Exception) { - Timber.tag(loggerTag.value).e(e, "## createInboundSession() : removeOneTimeKeys failed") - } - - val olmMessage = OlmMessage() - olmMessage.mCipherText = ciphertext - olmMessage.mType = messageType.toLong() - - var payloadString: String? = null - - try { - payloadString = olmSession.decryptMessage(olmMessage) - - val olmSessionWrapper = OlmSessionWrapper(olmSession, 0) - // This counts as a received message: set last received message time to now - olmSessionWrapper.onMessageReceived() - - olmSessionStore.storeSession(olmSessionWrapper, theirDeviceIdentityKey) - } catch (e: Exception) { - Timber.tag(loggerTag.value).e(e, "## createInboundSession() : decryptMessage failed") - } - - val res = HashMap() - - if (!payloadString.isNullOrEmpty()) { - res["payload"] = payloadString - } - - val sessionIdentifier = olmSession.sessionIdentifier() - - if (!sessionIdentifier.isNullOrEmpty()) { - res["session_id"] = sessionIdentifier - } - - return res - } catch (e: Exception) { - Timber.tag(loggerTag.value).e(e, "## createInboundSession() : OlmSession creation failed") - - olmSession?.releaseSession() - } - - return null - } - - /** - * Get a list of known session IDs for the given device. - * - * @param theirDeviceIdentityKey the Curve25519 identity key for the remote device. - * @return a list of known session ids for the device. - */ - fun getSessionIds(theirDeviceIdentityKey: String): List { - return olmSessionStore.getDeviceSessionIds(theirDeviceIdentityKey) - } - - /** - * Get the right olm session id for encrypting messages to the given identity key. - * - * @param theirDeviceIdentityKey the Curve25519 identity key for the remote device. - * @return the session id, or null if no established session. - */ - fun getSessionId(theirDeviceIdentityKey: String): String? { - return olmSessionStore.getLastUsedSessionId(theirDeviceIdentityKey) - } - - /** - * Encrypt an outgoing message using an existing session. - * - * @param theirDeviceIdentityKey the Curve25519 identity key for the remote device. - * @param sessionId the id of the active session - * @param payloadString the payload to be encrypted and sent - * @return the cipher text - */ - suspend fun encryptMessage(theirDeviceIdentityKey: String, sessionId: String, payloadString: String): Map? { - val olmSessionWrapper = getSessionForDevice(theirDeviceIdentityKey, sessionId) - - if (olmSessionWrapper != null) { - try { - Timber.tag(loggerTag.value).v("## encryptMessage() : olmSession.sessionIdentifier: $sessionId") - - val olmMessage = olmSessionWrapper.mutex.withLock { - olmSessionWrapper.olmSession.encryptMessage(payloadString) - } - return mapOf( - "body" to olmMessage.mCipherText, - "type" to olmMessage.mType, - ).also { - olmSessionStore.storeSession(olmSessionWrapper, theirDeviceIdentityKey) - } - } catch (e: Throwable) { - Timber.tag(loggerTag.value).e(e, "## encryptMessage() : failed to encrypt olm with device|session:$theirDeviceIdentityKey|$sessionId") - return null - } - } else { - Timber.tag(loggerTag.value).e("## encryptMessage() : Failed to encrypt unknown session $sessionId") - return null - } - } - - /** - * Decrypt an incoming message using an existing session. - * - * @param ciphertext the base64-encoded body from the received message. - * @param messageType message_type field from the received message. - * @param theirDeviceIdentityKey the Curve25519 identity key for the remote device. - * @param sessionId the id of the active session. - * @return the decrypted payload. - */ - @kotlin.jvm.Throws - suspend fun decryptMessage(ciphertext: String, messageType: Int, sessionId: String, theirDeviceIdentityKey: String): String? { - var payloadString: String? = null - - val olmSessionWrapper = getSessionForDevice(theirDeviceIdentityKey, sessionId) - - if (null != olmSessionWrapper) { - val olmMessage = OlmMessage() - olmMessage.mCipherText = ciphertext - olmMessage.mType = messageType.toLong() - - payloadString = - olmSessionWrapper.mutex.withLock { - olmSessionWrapper.olmSession.decryptMessage(olmMessage).also { - olmSessionWrapper.onMessageReceived() - } - } - olmSessionStore.storeSession(olmSessionWrapper, theirDeviceIdentityKey) - } - - return payloadString - } - - /** - * Determine if an incoming messages is a prekey message matching an existing session. - * - * @param theirDeviceIdentityKey the Curve25519 identity key for the remote device. - * @param sessionId the id of the active session. - * @param messageType message_type field from the received message. - * @param ciphertext the base64-encoded body from the received message. - * @return YES if the received message is a prekey message which matchesthe given session. - */ - fun matchesSession(theirDeviceIdentityKey: String, sessionId: String, messageType: Int, ciphertext: String): Boolean { - if (messageType != 0) { - return false - } - - val olmSessionWrapper = getSessionForDevice(theirDeviceIdentityKey, sessionId) - return null != olmSessionWrapper && olmSessionWrapper.olmSession.matchesInboundSession(ciphertext) - } - - // Outbound group session - - /** - * Generate a new outbound group session. - * - * @return the session id for the outbound session. - */ - fun createOutboundGroupSessionForRoom(roomId: String): String? { - var session: OlmOutboundGroupSession? = null - try { - session = OlmOutboundGroupSession() - outboundGroupSessionCache[session.sessionIdentifier()] = GroupSessionCacheItem(roomId, session) - store.storeCurrentOutboundGroupSessionForRoom(roomId, session) - return session.sessionIdentifier() - } catch (e: Exception) { - Timber.tag(loggerTag.value).e(e, "createOutboundGroupSession") - - session?.releaseSession() - } - - return null - } - - fun storeOutboundGroupSessionForRoom(roomId: String, sessionId: String) { - outboundGroupSessionCache[sessionId]?.let { - store.storeCurrentOutboundGroupSessionForRoom(roomId, it.groupSession) - } - } - - fun restoreOutboundGroupSessionForRoom(roomId: String): MXOutboundSessionInfo? { - val restoredOutboundGroupSession = store.getCurrentOutboundGroupSessionForRoom(roomId) - if (restoredOutboundGroupSession != null) { - val sessionId = restoredOutboundGroupSession.outboundGroupSession.sessionIdentifier() - // cache it - outboundGroupSessionCache[sessionId] = GroupSessionCacheItem(roomId, restoredOutboundGroupSession.outboundGroupSession) - - return MXOutboundSessionInfo( - sessionId = sessionId, - sharedWithHelper = SharedWithHelper(roomId, sessionId, store), - restoredOutboundGroupSession.creationTime - ) - } - return null - } - - fun discardOutboundGroupSessionForRoom(roomId: String) { - val toDiscard = outboundGroupSessionCache.filter { - it.value.groupId == roomId - } - toDiscard.forEach { (sessionId, cacheItem) -> - cacheItem.groupSession.releaseSession() - outboundGroupSessionCache.remove(sessionId) - } - store.storeCurrentOutboundGroupSessionForRoom(roomId, null) - } - - /** - * Get the current session key of an outbound group session. - * - * @param sessionId the id of the outbound group session. - * @return the base64-encoded secret key. - */ - fun getSessionKey(sessionId: String): String? { - if (sessionId.isNotEmpty()) { - try { - return outboundGroupSessionCache[sessionId]!!.groupSession.sessionKey() - } catch (e: Exception) { - Timber.tag(loggerTag.value).e(e, "## getSessionKey() : failed") - } - } - return null - } - - /** - * Get the current message index of an outbound group session. - * - * @param sessionId the id of the outbound group session. - * @return the current chain index. - */ - fun getMessageIndex(sessionId: String): Int { - return if (sessionId.isNotEmpty()) { - outboundGroupSessionCache[sessionId]!!.groupSession.messageIndex() - } else 0 - } - - /** - * Encrypt an outgoing message with an outbound group session. - * - * @param sessionId the id of the outbound group session. - * @param payloadString the payload to be encrypted and sent. - * @return ciphertext - */ - fun encryptGroupMessage(sessionId: String, payloadString: String): String? { - if (sessionId.isNotEmpty() && payloadString.isNotEmpty()) { - try { - return outboundGroupSessionCache[sessionId]!!.groupSession.encryptMessage(payloadString) - } catch (e: Throwable) { - Timber.tag(loggerTag.value).e(e, "## encryptGroupMessage() : failed") - } - } - return null - } - - // Inbound group session - - sealed class AddSessionResult { - data class Imported(val ratchetIndex: Int) : AddSessionResult() - abstract class Failure : AddSessionResult() - object NotImported : Failure() - data class NotImportedHigherIndex(val newIndex: Int) : AddSessionResult() - } - - /** - * Add an inbound group session to the session store. - * - * @param sessionId the session identifier. - * @param sessionKey base64-encoded secret key. - * @param roomId the id of the room in which this session will be used. - * @param senderKey the base64-encoded curve25519 key of the sender. - * @param forwardingCurve25519KeyChain Devices involved in forwarding this session to us. - * @param keysClaimed Other keys the sender claims. - * @param exportFormat true if the megolm keys are in export format - * @return true if the operation succeeds. - */ - fun addInboundGroupSession(sessionId: String, - sessionKey: String, - roomId: String, - senderKey: String, - forwardingCurve25519KeyChain: List, - keysClaimed: Map, - exportFormat: Boolean): AddSessionResult { - val candidateSession = OlmInboundGroupSessionWrapper2(sessionKey, exportFormat) - val existingSessionHolder = tryOrNull { getInboundGroupSession(sessionId, senderKey, roomId) } - val existingSession = existingSessionHolder?.wrapper - // If we have an existing one we should check if the new one is not better - if (existingSession != null) { - Timber.tag(loggerTag.value).d("## addInboundGroupSession() check if known session is better than candidate session") - try { - val existingFirstKnown = existingSession.firstKnownIndex ?: return AddSessionResult.NotImported.also { - // This is quite unexpected, could throw if native was released? - Timber.tag(loggerTag.value).e("## addInboundGroupSession() null firstKnownIndex on existing session") - candidateSession.olmInboundGroupSession?.releaseSession() - // Probably should discard it? - } - val newKnownFirstIndex = candidateSession.firstKnownIndex - // If our existing session is better we keep it - if (newKnownFirstIndex != null && existingFirstKnown <= newKnownFirstIndex) { - Timber.tag(loggerTag.value).d("## addInboundGroupSession() : ignore session our is better $senderKey/$sessionId") - candidateSession.olmInboundGroupSession?.releaseSession() - return AddSessionResult.NotImportedHigherIndex(newKnownFirstIndex.toInt()) - } - } catch (failure: Throwable) { - Timber.tag(loggerTag.value).e("## addInboundGroupSession() Failed to add inbound: ${failure.localizedMessage}") - candidateSession.olmInboundGroupSession?.releaseSession() - return AddSessionResult.NotImported - } - } - - Timber.tag(loggerTag.value).d("## addInboundGroupSession() : Candidate session should be added $senderKey/$sessionId") - - // sanity check on the new session - val candidateOlmInboundSession = candidateSession.olmInboundGroupSession - if (null == candidateOlmInboundSession) { - Timber.tag(loggerTag.value).e("## addInboundGroupSession : invalid session ") - return AddSessionResult.NotImported - } - - try { - if (candidateOlmInboundSession.sessionIdentifier() != sessionId) { - Timber.tag(loggerTag.value).e("## addInboundGroupSession : ERROR: Mismatched group session ID from senderKey: $senderKey") - candidateOlmInboundSession.releaseSession() - return AddSessionResult.NotImported - } - } catch (e: Throwable) { - candidateOlmInboundSession.releaseSession() - Timber.tag(loggerTag.value).e(e, "## addInboundGroupSession : sessionIdentifier() failed") - return AddSessionResult.NotImported - } - - candidateSession.senderKey = senderKey - candidateSession.roomId = roomId - candidateSession.keysClaimed = keysClaimed - candidateSession.forwardingCurve25519KeyChain = forwardingCurve25519KeyChain - - if (existingSession != null) { - inboundGroupSessionStore.replaceGroupSession(existingSessionHolder, InboundGroupSessionHolder(candidateSession), sessionId, senderKey) - } else { - inboundGroupSessionStore.storeInBoundGroupSession(InboundGroupSessionHolder(candidateSession), sessionId, senderKey) - } - - return AddSessionResult.Imported(candidateSession.firstKnownIndex?.toInt() ?: 0) - } - - /** - * Import an inbound group sessions to the session store. - * - * @param megolmSessionsData the megolm sessions data - * @return the successfully imported sessions. - */ - fun importInboundGroupSessions(megolmSessionsData: List): List { - val sessions = ArrayList(megolmSessionsData.size) - - for (megolmSessionData in megolmSessionsData) { - val sessionId = megolmSessionData.sessionId ?: continue - val senderKey = megolmSessionData.senderKey ?: continue - val roomId = megolmSessionData.roomId - - var candidateSessionToImport: OlmInboundGroupSessionWrapper2? = null - - try { - candidateSessionToImport = OlmInboundGroupSessionWrapper2(megolmSessionData) - } catch (e: Exception) { - Timber.tag(loggerTag.value).e(e, "## importInboundGroupSession() : Update for megolm session $senderKey/$sessionId") - } - - // sanity check - if (candidateSessionToImport?.olmInboundGroupSession == null) { - Timber.tag(loggerTag.value).e("## importInboundGroupSession : invalid session") - continue - } - - val candidateOlmInboundGroupSession = candidateSessionToImport.olmInboundGroupSession - try { - if (candidateOlmInboundGroupSession?.sessionIdentifier() != sessionId) { - Timber.tag(loggerTag.value).e("## importInboundGroupSession : ERROR: Mismatched group session ID from senderKey: $senderKey") - candidateOlmInboundGroupSession?.releaseSession() - continue - } - } catch (e: Exception) { - Timber.tag(loggerTag.value).e(e, "## importInboundGroupSession : sessionIdentifier() failed") - candidateOlmInboundGroupSession?.releaseSession() - continue - } - - val existingSessionHolder = tryOrNull { getInboundGroupSession(sessionId, senderKey, roomId) } - val existingSession = existingSessionHolder?.wrapper - - if (existingSession == null) { - // Session does not already exist, add it - Timber.tag(loggerTag.value).d("## importInboundGroupSession() : importing new megolm session $senderKey/$sessionId") - sessions.add(candidateSessionToImport) - } else { - Timber.tag(loggerTag.value).e("## importInboundGroupSession() : Update for megolm session $senderKey/$sessionId") - val existingFirstKnown = tryOrNull { existingSession.firstKnownIndex } - val candidateFirstKnownIndex = tryOrNull { candidateSessionToImport.firstKnownIndex } - - if (existingFirstKnown == null || candidateFirstKnownIndex == null) { - // should not happen? - candidateSessionToImport.olmInboundGroupSession?.releaseSession() - Timber.tag(loggerTag.value) - .w("## importInboundGroupSession() : Can't check session null index $existingFirstKnown/$candidateFirstKnownIndex") - } else { - if (existingFirstKnown <= candidateSessionToImport.firstKnownIndex!!) { - // Ignore this, keep existing - candidateOlmInboundGroupSession.releaseSession() - } else { - // update cache with better session - inboundGroupSessionStore.replaceGroupSession( - existingSessionHolder, - InboundGroupSessionHolder(candidateSessionToImport), - sessionId, - senderKey - ) - sessions.add(candidateSessionToImport) - } - } - } - } - - store.storeInboundGroupSessions(sessions) - - return sessions - } - - /** - * Decrypt a received message with an inbound group session. - * - * @param body the base64-encoded body of the encrypted message. - * @param roomId the room in which the message was received. - * @param timeline the id of the timeline where the event is decrypted. It is used to prevent replay attack. - * @param sessionId the session identifier. - * @param senderKey the base64-encoded curve25519 key of the sender. - * @return the decrypting result. Nil if the sessionId is unknown. - */ - @Throws(MXCryptoError::class) - suspend fun decryptGroupMessage(body: String, - roomId: String, - timeline: String?, - sessionId: String, - senderKey: String): OlmDecryptionResult { - val sessionHolder = getInboundGroupSession(sessionId, senderKey, roomId) - val wrapper = sessionHolder.wrapper - val inboundGroupSession = wrapper.olmInboundGroupSession - ?: throw MXCryptoError.Base(MXCryptoError.ErrorType.UNABLE_TO_DECRYPT, "Session is null") - // Check that the room id matches the original one for the session. This stops - // the HS pretending a message was targeting a different room. - if (roomId == wrapper.roomId) { - val decryptResult = try { - sessionHolder.mutex.withLock { - inboundGroupSession.decryptMessage(body) - } - } catch (e: OlmException) { - Timber.tag(loggerTag.value).e(e, "## decryptGroupMessage () : decryptMessage failed") - throw MXCryptoError.OlmError(e) - } - - if (timeline?.isNotBlank() == true) { - val timelineSet = inboundGroupSessionMessageIndexes.getOrPut(timeline) { mutableSetOf() } - - val messageIndexKey = senderKey + "|" + sessionId + "|" + decryptResult.mIndex - - if (timelineSet.contains(messageIndexKey)) { - val reason = String.format(MXCryptoError.DUPLICATE_MESSAGE_INDEX_REASON, decryptResult.mIndex) - Timber.tag(loggerTag.value).e("## decryptGroupMessage() timelineId=$timeline: $reason") - throw MXCryptoError.Base(MXCryptoError.ErrorType.DUPLICATED_MESSAGE_INDEX, reason) - } - - timelineSet.add(messageIndexKey) - } - - inboundGroupSessionStore.storeInBoundGroupSession(sessionHolder, sessionId, senderKey) - val payload = try { - val adapter = MoshiProvider.providesMoshi().adapter(JSON_DICT_PARAMETERIZED_TYPE) - val payloadString = convertFromUTF8(decryptResult.mDecryptedMessage) - adapter.fromJson(payloadString) - } catch (e: Exception) { - Timber.tag(loggerTag.value).e("## decryptGroupMessage() : fails to parse the payload") - throw MXCryptoError.Base(MXCryptoError.ErrorType.BAD_DECRYPTED_FORMAT, MXCryptoError.BAD_DECRYPTED_FORMAT_TEXT_REASON) - } - - return OlmDecryptionResult( - payload, - wrapper.keysClaimed, - senderKey, - wrapper.forwardingCurve25519KeyChain - ) - } else { - val reason = String.format(MXCryptoError.INBOUND_SESSION_MISMATCH_ROOM_ID_REASON, roomId, wrapper.roomId) - Timber.tag(loggerTag.value).e("## decryptGroupMessage() : $reason") - throw MXCryptoError.Base(MXCryptoError.ErrorType.INBOUND_SESSION_MISMATCH_ROOM_ID, reason) - } - } - - /** - * Reset replay attack data for the given timeline. - * - * @param timeline the id of the timeline. - */ - fun resetReplayAttackCheckInTimeline(timeline: String?) { - if (null != timeline) { - inboundGroupSessionMessageIndexes.remove(timeline) - } - } - -// Utilities - - /** - * Verify an ed25519 signature on a JSON object. - * - * @param key the ed25519 key. - * @param jsonDictionary the JSON object which was signed. - * @param signature the base64-encoded signature to be checked. - * @throws Exception the exception - */ - @Throws(Exception::class) - fun verifySignature(key: String, jsonDictionary: Map, signature: String) { - // Check signature on the canonical version of the JSON - olmUtility!!.verifyEd25519Signature(signature, key, JsonCanonicalizer.getCanonicalJson(Map::class.java, jsonDictionary)) - } - - /** - * Calculate the SHA-256 hash of the input and encodes it as base64. - * - * @param message the message to hash. - * @return the base64-encoded hash value. - */ - fun sha256(message: String): String { - return olmUtility!!.sha256(convertToUTF8(message)) - } - - /** - * Search an OlmSession - * - * @param theirDeviceIdentityKey the device key - * @param sessionId the session Id - * @return the olm session - */ - private fun getSessionForDevice(theirDeviceIdentityKey: String, sessionId: String): OlmSessionWrapper? { - // sanity check - return if (theirDeviceIdentityKey.isEmpty() || sessionId.isEmpty()) null else { - olmSessionStore.getDeviceSession(sessionId, theirDeviceIdentityKey) - } - } - - /** - * Extract an InboundGroupSession from the session store and do some check. - * inboundGroupSessionWithIdError describes the failure reason. - * - * @param roomId the room where the session is used. - * @param sessionId the session identifier. - * @param senderKey the base64-encoded curve25519 key of the sender. - * @return the inbound group session. - */ - fun getInboundGroupSession(sessionId: String?, senderKey: String?, roomId: String?): InboundGroupSessionHolder { - if (sessionId.isNullOrBlank() || senderKey.isNullOrBlank()) { - throw MXCryptoError.Base(MXCryptoError.ErrorType.MISSING_SENDER_KEY, MXCryptoError.ERROR_MISSING_PROPERTY_REASON) - } - - val holder = inboundGroupSessionStore.getInboundGroupSession(sessionId, senderKey) - val session = holder?.wrapper - - if (session != null) { - // Check that the room id matches the original one for the session. This stops - // the HS pretending a message was targeting a different room. - if (roomId != session.roomId) { - val errorDescription = String.format(MXCryptoError.INBOUND_SESSION_MISMATCH_ROOM_ID_REASON, roomId, session.roomId) - Timber.tag(loggerTag.value).e("## getInboundGroupSession() : $errorDescription") - throw MXCryptoError.Base(MXCryptoError.ErrorType.INBOUND_SESSION_MISMATCH_ROOM_ID, errorDescription) - } else { - return holder - } - } else { - Timber.tag(loggerTag.value).w("## getInboundGroupSession() : UISI $sessionId") - throw MXCryptoError.Base(MXCryptoError.ErrorType.UNKNOWN_INBOUND_SESSION_ID, MXCryptoError.UNKNOWN_INBOUND_SESSION_ID_REASON) - } - } - - /** - * Determine if we have the keys for a given megolm session. - * - * @param roomId room in which the message was received - * @param senderKey base64-encoded curve25519 key of the sender - * @param sessionId session identifier - * @return true if the unbound session keys are known. - */ - fun hasInboundSessionKeys(roomId: String, senderKey: String, sessionId: String): Boolean { - return runCatching { getInboundGroupSession(sessionId, senderKey, roomId) }.isSuccess - } - - @VisibleForTesting - fun clearOlmSessionCache() { - olmSessionStore.clear() - } -} +/* + * Copyright 2020 The Matrix.org Foundation C.I.C. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.matrix.android.sdk.internal.crypto + +import androidx.annotation.VisibleForTesting +import kotlinx.coroutines.sync.Mutex +import kotlinx.coroutines.sync.withLock +import org.matrix.android.sdk.api.extensions.tryOrNull +import org.matrix.android.sdk.api.logger.LoggerTag +import org.matrix.android.sdk.api.session.crypto.MXCryptoError +import org.matrix.android.sdk.api.session.crypto.model.OlmDecryptionResult +import org.matrix.android.sdk.api.util.JSON_DICT_PARAMETERIZED_TYPE +import org.matrix.android.sdk.api.util.JsonDict +import org.matrix.android.sdk.internal.crypto.algorithms.megolm.MXOutboundSessionInfo +import org.matrix.android.sdk.internal.crypto.algorithms.megolm.SharedWithHelper +import org.matrix.android.sdk.internal.crypto.model.OlmInboundGroupSessionWrapper2 +import org.matrix.android.sdk.internal.crypto.model.OlmSessionWrapper +import org.matrix.android.sdk.internal.crypto.store.IMXCryptoStore +import org.matrix.android.sdk.internal.di.MoshiProvider +import org.matrix.android.sdk.internal.session.SessionScope +import org.matrix.android.sdk.internal.util.JsonCanonicalizer +import org.matrix.android.sdk.internal.util.convertFromUTF8 +import org.matrix.android.sdk.internal.util.convertToUTF8 +import org.matrix.olm.OlmAccount +import org.matrix.olm.OlmException +import org.matrix.olm.OlmMessage +import org.matrix.olm.OlmOutboundGroupSession +import org.matrix.olm.OlmSession +import org.matrix.olm.OlmUtility +import timber.log.Timber +import javax.inject.Inject + +private val loggerTag = LoggerTag("MXOlmDevice", LoggerTag.CRYPTO) + +// The libolm wrapper. +@SessionScope +internal class MXOlmDevice @Inject constructor( + /** + * The store where crypto data is saved. + */ + private val store: IMXCryptoStore, + private val olmSessionStore: OlmSessionStore, + private val inboundGroupSessionStore: InboundGroupSessionStore +) { + + val mutex = Mutex() + + /** + * @return the Curve25519 key for the account. + */ + var deviceCurve25519Key: String? = null + private set + + /** + * @return the Ed25519 key for the account. + */ + var deviceEd25519Key: String? = null + private set + + // The OLM lib utility instance. + private var olmUtility: OlmUtility? = null + + private data class GroupSessionCacheItem( + val groupId: String, + val groupSession: OlmOutboundGroupSession + ) + + // The outbound group session. + // Caches active outbound session to avoid to sync with DB before read + // The key is the session id, the value the . + private val outboundGroupSessionCache: MutableMap = HashMap() + + // Store a set of decrypted message indexes for each group session. + // This partially mitigates a replay attack where a MITM resends a group + // message into the room. + // + // The Matrix SDK exposes events through MXEventTimelines. A developer can open several + // timelines from a same room so that a message can be decrypted several times but from + // a different timeline. + // So, store these message indexes per timeline id. + // + // The first level keys are timeline ids. + // The second level keys are strings of form "||" + private val inboundGroupSessionMessageIndexes: MutableMap> = HashMap() + + init { + // Retrieve the account from the store + try { + store.getOrCreateOlmAccount() + } catch (e: Exception) { + Timber.tag(loggerTag.value).e(e, "MXOlmDevice : cannot initialize olmAccount") + } + + try { + olmUtility = OlmUtility() + } catch (e: Exception) { + Timber.tag(loggerTag.value).e(e, "## MXOlmDevice : OlmUtility failed with error") + olmUtility = null + } + + try { + deviceCurve25519Key = store.doWithOlmAccount { it.identityKeys()[OlmAccount.JSON_KEY_IDENTITY_KEY] } + } catch (e: Exception) { + Timber.tag(loggerTag.value).e(e, "## MXOlmDevice : cannot find ${OlmAccount.JSON_KEY_IDENTITY_KEY} with error") + } + + try { + deviceEd25519Key = store.doWithOlmAccount { it.identityKeys()[OlmAccount.JSON_KEY_FINGER_PRINT_KEY] } + } catch (e: Exception) { + Timber.tag(loggerTag.value).e(e, "## MXOlmDevice : cannot find ${OlmAccount.JSON_KEY_FINGER_PRINT_KEY} with error") + } + } + + /** + * @return The current (unused, unpublished) one-time keys for this account. + */ + fun getOneTimeKeys(): Map>? { + try { + return store.doWithOlmAccount { it.oneTimeKeys() } + } catch (e: Exception) { + Timber.tag(loggerTag.value).e(e, "## getOneTimeKeys() : failed") + } + + return null + } + + /** + * @return The maximum number of one-time keys the olm account can store. + */ + fun getMaxNumberOfOneTimeKeys(): Long { + return store.doWithOlmAccount { it.maxOneTimeKeys() } + } + + /** + * Returns an unpublished fallback key + * A call to markKeysAsPublished will mark it as published and this + * call will return null (until a call to generateFallbackKey is made) + */ + fun getFallbackKey(): MutableMap>? { + try { + return store.doWithOlmAccount { it.fallbackKey() } + } catch (e: Exception) { + Timber.tag(loggerTag.value).e("## getFallbackKey() : failed") + } + return null + } + + /** + * Generates a new fallback key if there is not already + * an unpublished one. + * @return true if a new key was generated + */ + fun generateFallbackKeyIfNeeded(): Boolean { + try { + if (!hasUnpublishedFallbackKey()) { + store.doWithOlmAccount { + it.generateFallbackKey() + store.saveOlmAccount() + } + return true + } + } catch (e: Exception) { + Timber.tag(loggerTag.value).e("## generateFallbackKey() : failed") + } + return false + } + + internal fun hasUnpublishedFallbackKey(): Boolean { + return getFallbackKey()?.get(OlmAccount.JSON_KEY_ONE_TIME_KEY).orEmpty().isNotEmpty() + } + + fun forgetFallbackKey() { + try { + store.doWithOlmAccount { + it.forgetFallbackKey() + store.saveOlmAccount() + } + } catch (e: Exception) { + Timber.tag(loggerTag.value).e("## forgetFallbackKey() : failed") + } + } + + /** + * Release the instance + */ + fun release() { + olmUtility?.releaseUtility() + outboundGroupSessionCache.values.forEach { + it.groupSession.releaseSession() + } + outboundGroupSessionCache.clear() + inboundGroupSessionStore.clear() + olmSessionStore.clear() + } + + /** + * Signs a message with the ed25519 key for this account. + * + * @param message the message to be signed. + * @return the base64-encoded signature. + */ + fun signMessage(message: String): String? { + try { + return store.doWithOlmAccount { it.signMessage(message) } + } catch (e: Exception) { + Timber.tag(loggerTag.value).e(e, "## signMessage() : failed") + } + + return null + } + + /** + * Marks all of the one-time keys as published. + */ + fun markKeysAsPublished() { + try { + store.doWithOlmAccount { + it.markOneTimeKeysAsPublished() + store.saveOlmAccount() + } + } catch (e: Exception) { + Timber.tag(loggerTag.value).e(e, "## markKeysAsPublished() : failed") + } + } + + /** + * Generate some new one-time keys + * + * @param numKeys number of keys to generate + */ + fun generateOneTimeKeys(numKeys: Int) { + try { + store.doWithOlmAccount { + it.generateOneTimeKeys(numKeys) + store.saveOlmAccount() + } + } catch (e: Exception) { + Timber.tag(loggerTag.value).e(e, "## generateOneTimeKeys() : failed") + } + } + + /** + * Generate a new outbound session. + * The new session will be stored in the MXStore. + * + * @param theirIdentityKey the remote user's Curve25519 identity key + * @param theirOneTimeKey the remote user's one-time Curve25519 key + * @return the session id for the outbound session. + */ + fun createOutboundSession(theirIdentityKey: String, theirOneTimeKey: String): String? { + Timber.tag(loggerTag.value).d("## createOutboundSession() ; theirIdentityKey $theirIdentityKey theirOneTimeKey $theirOneTimeKey") + var olmSession: OlmSession? = null + + try { + olmSession = OlmSession() + store.doWithOlmAccount { olmAccount -> + olmSession.initOutboundSession(olmAccount, theirIdentityKey, theirOneTimeKey) + } + + val olmSessionWrapper = OlmSessionWrapper(olmSession, 0) + + // Pretend we've received a message at this point, otherwise + // if we try to send a message to the device, it won't use + // this session + olmSessionWrapper.onMessageReceived() + + olmSessionStore.storeSession(olmSessionWrapper, theirIdentityKey) + + val sessionIdentifier = olmSession.sessionIdentifier() + + Timber.tag(loggerTag.value).v("## createOutboundSession() ; olmSession.sessionIdentifier: $sessionIdentifier") + return sessionIdentifier + } catch (e: Exception) { + Timber.tag(loggerTag.value).e(e, "## createOutboundSession() failed") + + olmSession?.releaseSession() + } + + return null + } + + /** + * Generate a new inbound session, given an incoming message. + * + * @param theirDeviceIdentityKey the remote user's Curve25519 identity key. + * @param messageType the message_type field from the received message (must be 0). + * @param ciphertext base64-encoded body from the received message. + * @return {{payload: string, session_id: string}} decrypted payload, and session id of new session. + */ + fun createInboundSession(theirDeviceIdentityKey: String, messageType: Int, ciphertext: String): Map? { + Timber.tag(loggerTag.value).d("## createInboundSession() : theirIdentityKey: $theirDeviceIdentityKey") + + var olmSession: OlmSession? = null + + try { + try { + olmSession = OlmSession() + store.doWithOlmAccount { olmAccount -> + olmSession.initInboundSessionFrom(olmAccount, theirDeviceIdentityKey, ciphertext) + } + } catch (e: Exception) { + Timber.tag(loggerTag.value).e(e, "## createInboundSession() : the session creation failed") + return null + } + + Timber.tag(loggerTag.value).v("## createInboundSession() : sessionId: ${olmSession.sessionIdentifier()}") + + try { + store.doWithOlmAccount { olmAccount -> + olmAccount.removeOneTimeKeys(olmSession) + store.saveOlmAccount() + } + } catch (e: Exception) { + Timber.tag(loggerTag.value).e(e, "## createInboundSession() : removeOneTimeKeys failed") + } + + val olmMessage = OlmMessage() + olmMessage.mCipherText = ciphertext + olmMessage.mType = messageType.toLong() + + var payloadString: String? = null + + try { + payloadString = olmSession.decryptMessage(olmMessage) + + val olmSessionWrapper = OlmSessionWrapper(olmSession, 0) + // This counts as a received message: set last received message time to now + olmSessionWrapper.onMessageReceived() + + olmSessionStore.storeSession(olmSessionWrapper, theirDeviceIdentityKey) + } catch (e: Exception) { + Timber.tag(loggerTag.value).e(e, "## createInboundSession() : decryptMessage failed") + } + + val res = HashMap() + + if (!payloadString.isNullOrEmpty()) { + res["payload"] = payloadString + } + + val sessionIdentifier = olmSession.sessionIdentifier() + + if (!sessionIdentifier.isNullOrEmpty()) { + res["session_id"] = sessionIdentifier + } + + return res + } catch (e: Exception) { + Timber.tag(loggerTag.value).e(e, "## createInboundSession() : OlmSession creation failed") + + olmSession?.releaseSession() + } + + return null + } + + /** + * Get a list of known session IDs for the given device. + * + * @param theirDeviceIdentityKey the Curve25519 identity key for the remote device. + * @return a list of known session ids for the device. + */ + fun getSessionIds(theirDeviceIdentityKey: String): List { + return olmSessionStore.getDeviceSessionIds(theirDeviceIdentityKey) + } + + /** + * Get the right olm session id for encrypting messages to the given identity key. + * + * @param theirDeviceIdentityKey the Curve25519 identity key for the remote device. + * @return the session id, or null if no established session. + */ + fun getSessionId(theirDeviceIdentityKey: String): String? { + return olmSessionStore.getLastUsedSessionId(theirDeviceIdentityKey) + } + + /** + * Encrypt an outgoing message using an existing session. + * + * @param theirDeviceIdentityKey the Curve25519 identity key for the remote device. + * @param sessionId the id of the active session + * @param payloadString the payload to be encrypted and sent + * @return the cipher text + */ + suspend fun encryptMessage(theirDeviceIdentityKey: String, sessionId: String, payloadString: String): Map? { + val olmSessionWrapper = getSessionForDevice(theirDeviceIdentityKey, sessionId) + + if (olmSessionWrapper != null) { + try { + Timber.tag(loggerTag.value).v("## encryptMessage() : olmSession.sessionIdentifier: $sessionId") + + val olmMessage = olmSessionWrapper.mutex.withLock { + olmSessionWrapper.olmSession.encryptMessage(payloadString) + } + return mapOf( + "body" to olmMessage.mCipherText, + "type" to olmMessage.mType, + ).also { + olmSessionStore.storeSession(olmSessionWrapper, theirDeviceIdentityKey) + } + } catch (e: Throwable) { + Timber.tag(loggerTag.value).e(e, "## encryptMessage() : failed to encrypt olm with device|session:$theirDeviceIdentityKey|$sessionId") + return null + } + } else { + Timber.tag(loggerTag.value).e("## encryptMessage() : Failed to encrypt unknown session $sessionId") + return null + } + } + + /** + * Decrypt an incoming message using an existing session. + * + * @param ciphertext the base64-encoded body from the received message. + * @param messageType message_type field from the received message. + * @param theirDeviceIdentityKey the Curve25519 identity key for the remote device. + * @param sessionId the id of the active session. + * @return the decrypted payload. + */ + @kotlin.jvm.Throws + suspend fun decryptMessage(ciphertext: String, messageType: Int, sessionId: String, theirDeviceIdentityKey: String): String? { + var payloadString: String? = null + + val olmSessionWrapper = getSessionForDevice(theirDeviceIdentityKey, sessionId) + + if (null != olmSessionWrapper) { + val olmMessage = OlmMessage() + olmMessage.mCipherText = ciphertext + olmMessage.mType = messageType.toLong() + + payloadString = + olmSessionWrapper.mutex.withLock { + olmSessionWrapper.olmSession.decryptMessage(olmMessage).also { + olmSessionWrapper.onMessageReceived() + } + } + olmSessionStore.storeSession(olmSessionWrapper, theirDeviceIdentityKey) + } + + return payloadString + } + + /** + * Determine if an incoming messages is a prekey message matching an existing session. + * + * @param theirDeviceIdentityKey the Curve25519 identity key for the remote device. + * @param sessionId the id of the active session. + * @param messageType message_type field from the received message. + * @param ciphertext the base64-encoded body from the received message. + * @return YES if the received message is a prekey message which matchesthe given session. + */ + fun matchesSession(theirDeviceIdentityKey: String, sessionId: String, messageType: Int, ciphertext: String): Boolean { + if (messageType != 0) { + return false + } + + val olmSessionWrapper = getSessionForDevice(theirDeviceIdentityKey, sessionId) + return null != olmSessionWrapper && olmSessionWrapper.olmSession.matchesInboundSession(ciphertext) + } + + // Outbound group session + + /** + * Generate a new outbound group session. + * + * @return the session id for the outbound session. + */ + fun createOutboundGroupSessionForRoom(roomId: String): String? { + var session: OlmOutboundGroupSession? = null + try { + session = OlmOutboundGroupSession() + outboundGroupSessionCache[session.sessionIdentifier()] = GroupSessionCacheItem(roomId, session) + store.storeCurrentOutboundGroupSessionForRoom(roomId, session) + return session.sessionIdentifier() + } catch (e: Exception) { + Timber.tag(loggerTag.value).e(e, "createOutboundGroupSession") + + session?.releaseSession() + } + + return null + } + + fun storeOutboundGroupSessionForRoom(roomId: String, sessionId: String) { + outboundGroupSessionCache[sessionId]?.let { + store.storeCurrentOutboundGroupSessionForRoom(roomId, it.groupSession) + } + } + + fun restoreOutboundGroupSessionForRoom(roomId: String): MXOutboundSessionInfo? { + val restoredOutboundGroupSession = store.getCurrentOutboundGroupSessionForRoom(roomId) + if (restoredOutboundGroupSession != null) { + val sessionId = restoredOutboundGroupSession.outboundGroupSession.sessionIdentifier() + // cache it + outboundGroupSessionCache[sessionId] = GroupSessionCacheItem(roomId, restoredOutboundGroupSession.outboundGroupSession) + + return MXOutboundSessionInfo( + sessionId = sessionId, + sharedWithHelper = SharedWithHelper(roomId, sessionId, store), + restoredOutboundGroupSession.creationTime + ) + } + return null + } + + fun discardOutboundGroupSessionForRoom(roomId: String) { + val toDiscard = outboundGroupSessionCache.filter { + it.value.groupId == roomId + } + toDiscard.forEach { (sessionId, cacheItem) -> + cacheItem.groupSession.releaseSession() + outboundGroupSessionCache.remove(sessionId) + } + store.storeCurrentOutboundGroupSessionForRoom(roomId, null) + } + + /** + * Get the current session key of an outbound group session. + * + * @param sessionId the id of the outbound group session. + * @return the base64-encoded secret key. + */ + fun getSessionKey(sessionId: String): String? { + if (sessionId.isNotEmpty()) { + try { + return outboundGroupSessionCache[sessionId]!!.groupSession.sessionKey() + } catch (e: Exception) { + Timber.tag(loggerTag.value).e(e, "## getSessionKey() : failed") + } + } + return null + } + + /** + * Get the current message index of an outbound group session. + * + * @param sessionId the id of the outbound group session. + * @return the current chain index. + */ + fun getMessageIndex(sessionId: String): Int { + return if (sessionId.isNotEmpty()) { + outboundGroupSessionCache[sessionId]!!.groupSession.messageIndex() + } else 0 + } + + /** + * Encrypt an outgoing message with an outbound group session. + * + * @param sessionId the id of the outbound group session. + * @param payloadString the payload to be encrypted and sent. + * @return ciphertext + */ + fun encryptGroupMessage(sessionId: String, payloadString: String): String? { + if (sessionId.isNotEmpty() && payloadString.isNotEmpty()) { + try { + return outboundGroupSessionCache[sessionId]!!.groupSession.encryptMessage(payloadString) + } catch (e: Throwable) { + Timber.tag(loggerTag.value).e(e, "## encryptGroupMessage() : failed") + } + } + return null + } + + // Inbound group session + + sealed interface AddSessionResult { + data class Imported(val ratchetIndex: Int) : AddSessionResult + abstract class Failure : AddSessionResult + object NotImported : Failure() + data class NotImportedHigherIndex(val newIndex: Int) : Failure() + } + + /** + * Add an inbound group session to the session store. + * + * @param sessionId the session identifier. + * @param sessionKey base64-encoded secret key. + * @param roomId the id of the room in which this session will be used. + * @param senderKey the base64-encoded curve25519 key of the sender. + * @param forwardingCurve25519KeyChain Devices involved in forwarding this session to us. + * @param keysClaimed Other keys the sender claims. + * @param exportFormat true if the megolm keys are in export format + * @return true if the operation succeeds. + */ + fun addInboundGroupSession(sessionId: String, + sessionKey: String, + roomId: String, + senderKey: String, + forwardingCurve25519KeyChain: List, + keysClaimed: Map, + exportFormat: Boolean): AddSessionResult { + val candidateSession = OlmInboundGroupSessionWrapper2(sessionKey, exportFormat) + val existingSessionHolder = tryOrNull { getInboundGroupSession(sessionId, senderKey, roomId) } + val existingSession = existingSessionHolder?.wrapper + // If we have an existing one we should check if the new one is not better + if (existingSession != null) { + Timber.tag(loggerTag.value).d("## addInboundGroupSession() check if known session is better than candidate session") + try { + val existingFirstKnown = existingSession.firstKnownIndex ?: return AddSessionResult.NotImported.also { + // This is quite unexpected, could throw if native was released? + Timber.tag(loggerTag.value).e("## addInboundGroupSession() null firstKnownIndex on existing session") + candidateSession.olmInboundGroupSession?.releaseSession() + // Probably should discard it? + } + val newKnownFirstIndex = candidateSession.firstKnownIndex + // If our existing session is better we keep it + if (newKnownFirstIndex != null && existingFirstKnown <= newKnownFirstIndex) { + Timber.tag(loggerTag.value).d("## addInboundGroupSession() : ignore session our is better $senderKey/$sessionId") + candidateSession.olmInboundGroupSession?.releaseSession() + return AddSessionResult.NotImportedHigherIndex(newKnownFirstIndex.toInt()) + } + } catch (failure: Throwable) { + Timber.tag(loggerTag.value).e("## addInboundGroupSession() Failed to add inbound: ${failure.localizedMessage}") + candidateSession.olmInboundGroupSession?.releaseSession() + return AddSessionResult.NotImported + } + } + + Timber.tag(loggerTag.value).d("## addInboundGroupSession() : Candidate session should be added $senderKey/$sessionId") + + // sanity check on the new session + val candidateOlmInboundSession = candidateSession.olmInboundGroupSession + if (null == candidateOlmInboundSession) { + Timber.tag(loggerTag.value).e("## addInboundGroupSession : invalid session ") + return AddSessionResult.NotImported + } + + try { + if (candidateOlmInboundSession.sessionIdentifier() != sessionId) { + Timber.tag(loggerTag.value).e("## addInboundGroupSession : ERROR: Mismatched group session ID from senderKey: $senderKey") + candidateOlmInboundSession.releaseSession() + return AddSessionResult.NotImported + } + } catch (e: Throwable) { + candidateOlmInboundSession.releaseSession() + Timber.tag(loggerTag.value).e(e, "## addInboundGroupSession : sessionIdentifier() failed") + return AddSessionResult.NotImported + } + + candidateSession.senderKey = senderKey + candidateSession.roomId = roomId + candidateSession.keysClaimed = keysClaimed + candidateSession.forwardingCurve25519KeyChain = forwardingCurve25519KeyChain + + if (existingSession != null) { + inboundGroupSessionStore.replaceGroupSession(existingSessionHolder, InboundGroupSessionHolder(candidateSession), sessionId, senderKey) + } else { + inboundGroupSessionStore.storeInBoundGroupSession(InboundGroupSessionHolder(candidateSession), sessionId, senderKey) + } + + return AddSessionResult.Imported(candidateSession.firstKnownIndex?.toInt() ?: 0) + } + + /** + * Import an inbound group sessions to the session store. + * + * @param megolmSessionsData the megolm sessions data + * @return the successfully imported sessions. + */ + fun importInboundGroupSessions(megolmSessionsData: List): List { + val sessions = ArrayList(megolmSessionsData.size) + + for (megolmSessionData in megolmSessionsData) { + val sessionId = megolmSessionData.sessionId ?: continue + val senderKey = megolmSessionData.senderKey ?: continue + val roomId = megolmSessionData.roomId + + var candidateSessionToImport: OlmInboundGroupSessionWrapper2? = null + + try { + candidateSessionToImport = OlmInboundGroupSessionWrapper2(megolmSessionData) + } catch (e: Exception) { + Timber.tag(loggerTag.value).e(e, "## importInboundGroupSession() : Update for megolm session $senderKey/$sessionId") + } + + // sanity check + if (candidateSessionToImport?.olmInboundGroupSession == null) { + Timber.tag(loggerTag.value).e("## importInboundGroupSession : invalid session") + continue + } + + val candidateOlmInboundGroupSession = candidateSessionToImport.olmInboundGroupSession + try { + if (candidateOlmInboundGroupSession?.sessionIdentifier() != sessionId) { + Timber.tag(loggerTag.value).e("## importInboundGroupSession : ERROR: Mismatched group session ID from senderKey: $senderKey") + candidateOlmInboundGroupSession?.releaseSession() + continue + } + } catch (e: Exception) { + Timber.tag(loggerTag.value).e(e, "## importInboundGroupSession : sessionIdentifier() failed") + candidateOlmInboundGroupSession?.releaseSession() + continue + } + + val existingSessionHolder = tryOrNull { getInboundGroupSession(sessionId, senderKey, roomId) } + val existingSession = existingSessionHolder?.wrapper + + if (existingSession == null) { + // Session does not already exist, add it + Timber.tag(loggerTag.value).d("## importInboundGroupSession() : importing new megolm session $senderKey/$sessionId") + sessions.add(candidateSessionToImport) + } else { + Timber.tag(loggerTag.value).e("## importInboundGroupSession() : Update for megolm session $senderKey/$sessionId") + val existingFirstKnown = tryOrNull { existingSession.firstKnownIndex } + val candidateFirstKnownIndex = tryOrNull { candidateSessionToImport.firstKnownIndex } + + if (existingFirstKnown == null || candidateFirstKnownIndex == null) { + // should not happen? + candidateSessionToImport.olmInboundGroupSession?.releaseSession() + Timber.tag(loggerTag.value) + .w("## importInboundGroupSession() : Can't check session null index $existingFirstKnown/$candidateFirstKnownIndex") + } else { + if (existingFirstKnown <= candidateSessionToImport.firstKnownIndex!!) { + // Ignore this, keep existing + candidateOlmInboundGroupSession.releaseSession() + } else { + // update cache with better session + inboundGroupSessionStore.replaceGroupSession( + existingSessionHolder, + InboundGroupSessionHolder(candidateSessionToImport), + sessionId, + senderKey + ) + sessions.add(candidateSessionToImport) + } + } + } + } + + store.storeInboundGroupSessions(sessions) + + return sessions + } + + /** + * Decrypt a received message with an inbound group session. + * + * @param body the base64-encoded body of the encrypted message. + * @param roomId the room in which the message was received. + * @param timeline the id of the timeline where the event is decrypted. It is used to prevent replay attack. + * @param sessionId the session identifier. + * @param senderKey the base64-encoded curve25519 key of the sender. + * @return the decrypting result. Nil if the sessionId is unknown. + */ + @Throws(MXCryptoError::class) + suspend fun decryptGroupMessage(body: String, + roomId: String, + timeline: String?, + sessionId: String, + senderKey: String): OlmDecryptionResult { + val sessionHolder = getInboundGroupSession(sessionId, senderKey, roomId) + val wrapper = sessionHolder.wrapper + val inboundGroupSession = wrapper.olmInboundGroupSession + ?: throw MXCryptoError.Base(MXCryptoError.ErrorType.UNABLE_TO_DECRYPT, "Session is null") + // Check that the room id matches the original one for the session. This stops + // the HS pretending a message was targeting a different room. + if (roomId == wrapper.roomId) { + val decryptResult = try { + sessionHolder.mutex.withLock { + inboundGroupSession.decryptMessage(body) + } + } catch (e: OlmException) { + Timber.tag(loggerTag.value).e(e, "## decryptGroupMessage () : decryptMessage failed") + throw MXCryptoError.OlmError(e) + } + + if (timeline?.isNotBlank() == true) { + val timelineSet = inboundGroupSessionMessageIndexes.getOrPut(timeline) { mutableSetOf() } + + val messageIndexKey = senderKey + "|" + sessionId + "|" + decryptResult.mIndex + + if (timelineSet.contains(messageIndexKey)) { + val reason = String.format(MXCryptoError.DUPLICATE_MESSAGE_INDEX_REASON, decryptResult.mIndex) + Timber.tag(loggerTag.value).e("## decryptGroupMessage() timelineId=$timeline: $reason") + throw MXCryptoError.Base(MXCryptoError.ErrorType.DUPLICATED_MESSAGE_INDEX, reason) + } + + timelineSet.add(messageIndexKey) + } + + inboundGroupSessionStore.storeInBoundGroupSession(sessionHolder, sessionId, senderKey) + val payload = try { + val adapter = MoshiProvider.providesMoshi().adapter(JSON_DICT_PARAMETERIZED_TYPE) + val payloadString = convertFromUTF8(decryptResult.mDecryptedMessage) + adapter.fromJson(payloadString) + } catch (e: Exception) { + Timber.tag(loggerTag.value).e("## decryptGroupMessage() : fails to parse the payload") + throw MXCryptoError.Base(MXCryptoError.ErrorType.BAD_DECRYPTED_FORMAT, MXCryptoError.BAD_DECRYPTED_FORMAT_TEXT_REASON) + } + + return OlmDecryptionResult( + payload, + wrapper.keysClaimed, + senderKey, + wrapper.forwardingCurve25519KeyChain + ) + } else { + val reason = String.format(MXCryptoError.INBOUND_SESSION_MISMATCH_ROOM_ID_REASON, roomId, wrapper.roomId) + Timber.tag(loggerTag.value).e("## decryptGroupMessage() : $reason") + throw MXCryptoError.Base(MXCryptoError.ErrorType.INBOUND_SESSION_MISMATCH_ROOM_ID, reason) + } + } + + /** + * Reset replay attack data for the given timeline. + * + * @param timeline the id of the timeline. + */ + fun resetReplayAttackCheckInTimeline(timeline: String?) { + if (null != timeline) { + inboundGroupSessionMessageIndexes.remove(timeline) + } + } + +// Utilities + + /** + * Verify an ed25519 signature on a JSON object. + * + * @param key the ed25519 key. + * @param jsonDictionary the JSON object which was signed. + * @param signature the base64-encoded signature to be checked. + * @throws Exception the exception + */ + @Throws(Exception::class) + fun verifySignature(key: String, jsonDictionary: Map, signature: String) { + // Check signature on the canonical version of the JSON + olmUtility!!.verifyEd25519Signature(signature, key, JsonCanonicalizer.getCanonicalJson(Map::class.java, jsonDictionary)) + } + + /** + * Calculate the SHA-256 hash of the input and encodes it as base64. + * + * @param message the message to hash. + * @return the base64-encoded hash value. + */ + fun sha256(message: String): String { + return olmUtility!!.sha256(convertToUTF8(message)) + } + + /** + * Search an OlmSession + * + * @param theirDeviceIdentityKey the device key + * @param sessionId the session Id + * @return the olm session + */ + private fun getSessionForDevice(theirDeviceIdentityKey: String, sessionId: String): OlmSessionWrapper? { + // sanity check + return if (theirDeviceIdentityKey.isEmpty() || sessionId.isEmpty()) null else { + olmSessionStore.getDeviceSession(sessionId, theirDeviceIdentityKey) + } + } + + /** + * Extract an InboundGroupSession from the session store and do some check. + * inboundGroupSessionWithIdError describes the failure reason. + * + * @param roomId the room where the session is used. + * @param sessionId the session identifier. + * @param senderKey the base64-encoded curve25519 key of the sender. + * @return the inbound group session. + */ + fun getInboundGroupSession(sessionId: String?, senderKey: String?, roomId: String?): InboundGroupSessionHolder { + if (sessionId.isNullOrBlank() || senderKey.isNullOrBlank()) { + throw MXCryptoError.Base(MXCryptoError.ErrorType.MISSING_SENDER_KEY, MXCryptoError.ERROR_MISSING_PROPERTY_REASON) + } + + val holder = inboundGroupSessionStore.getInboundGroupSession(sessionId, senderKey) + val session = holder?.wrapper + + if (session != null) { + // Check that the room id matches the original one for the session. This stops + // the HS pretending a message was targeting a different room. + if (roomId != session.roomId) { + val errorDescription = String.format(MXCryptoError.INBOUND_SESSION_MISMATCH_ROOM_ID_REASON, roomId, session.roomId) + Timber.tag(loggerTag.value).e("## getInboundGroupSession() : $errorDescription") + throw MXCryptoError.Base(MXCryptoError.ErrorType.INBOUND_SESSION_MISMATCH_ROOM_ID, errorDescription) + } else { + return holder + } + } else { + Timber.tag(loggerTag.value).w("## getInboundGroupSession() : UISI $sessionId") + throw MXCryptoError.Base(MXCryptoError.ErrorType.UNKNOWN_INBOUND_SESSION_ID, MXCryptoError.UNKNOWN_INBOUND_SESSION_ID_REASON) + } + } + + /** + * Determine if we have the keys for a given megolm session. + * + * @param roomId room in which the message was received + * @param senderKey base64-encoded curve25519 key of the sender + * @param sessionId session identifier + * @return true if the unbound session keys are known. + */ + fun hasInboundSessionKeys(roomId: String, senderKey: String, sessionId: String): Boolean { + return runCatching { getInboundGroupSession(sessionId, senderKey, roomId) }.isSuccess + } + + @VisibleForTesting + fun clearOlmSessionCache() { + olmSessionStore.clear() + } +} diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingGossipingRequest.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingGossipingRequest.kt deleted file mode 100644 index 16e520c668..0000000000 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingGossipingRequest.kt +++ /dev/null @@ -1,27 +0,0 @@ -/* - * Copyright 2020 The Matrix.org Foundation C.I.C. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.matrix.android.sdk.internal.crypto - -import org.matrix.android.sdk.api.session.crypto.OutgoingRoomKeyRequestState - -interface OutgoingGossipingRequest { - var recipients: Map> - var requestId: String - var state: OutgoingRoomKeyRequestState - // transaction id for the cancellation, if any - // var cancellationTxnId: String? -} diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingKeyRequestManager.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingKeyRequestManager.kt index 1e192393a2..09a9868428 100755 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingKeyRequestManager.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingKeyRequestManager.kt @@ -1,519 +1,518 @@ -/* - * Copyright 2020 The Matrix.org Foundation C.I.C. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.matrix.android.sdk.internal.crypto - -import kotlinx.coroutines.CoroutineScope -import kotlinx.coroutines.SupervisorJob -import kotlinx.coroutines.asCoroutineDispatcher -import kotlinx.coroutines.cancel -import kotlinx.coroutines.delay -import kotlinx.coroutines.launch -import kotlinx.coroutines.withContext -import org.matrix.android.sdk.api.MatrixCoroutineDispatchers -import org.matrix.android.sdk.api.crypto.MXCRYPTO_ALGORITHM_MEGOLM -import org.matrix.android.sdk.api.crypto.MXCryptoConfig -import org.matrix.android.sdk.api.extensions.tryOrNull -import org.matrix.android.sdk.api.logger.LoggerTag -import org.matrix.android.sdk.api.session.crypto.OutgoingKeyRequest -import org.matrix.android.sdk.api.session.crypto.OutgoingRoomKeyRequestState -import org.matrix.android.sdk.api.session.crypto.model.GossipingToDeviceObject -import org.matrix.android.sdk.api.session.crypto.model.MXUsersDevicesMap -import org.matrix.android.sdk.api.session.crypto.model.RoomKeyRequestBody -import org.matrix.android.sdk.api.session.crypto.model.RoomKeyShareRequest -import org.matrix.android.sdk.api.session.events.model.Event -import org.matrix.android.sdk.api.session.events.model.EventType -import org.matrix.android.sdk.api.session.events.model.content.EncryptedEventContent -import org.matrix.android.sdk.api.session.events.model.content.RoomKeyWithHeldContent -import org.matrix.android.sdk.api.session.events.model.toModel -import org.matrix.android.sdk.api.util.fromBase64 -import org.matrix.android.sdk.internal.crypto.store.IMXCryptoStore -import org.matrix.android.sdk.internal.crypto.tasks.DefaultSendToDeviceTask -import org.matrix.android.sdk.internal.crypto.tasks.SendToDeviceTask -import org.matrix.android.sdk.internal.di.SessionId -import org.matrix.android.sdk.internal.di.UserId -import org.matrix.android.sdk.internal.session.SessionScope -import org.matrix.android.sdk.internal.task.SemaphoreCoroutineSequencer -import timber.log.Timber -import java.util.Stack -import java.util.concurrent.Executors -import javax.inject.Inject -import kotlin.system.measureTimeMillis - -private val loggerTag = LoggerTag("OutgoingKeyRequestManager", LoggerTag.CRYPTO) - -/** - * This class is responsible for sending key requests to other devices when a message failed to decrypt. - * It's lifecycle is based on the sync pulse: - * - You can post queries for session, or report when you got a session - * - At the end of the sync (onSyncComplete) it will then process all the posted request and send to devices - * If a request failed it will be retried at the end of the next sync - */ -@SessionScope -internal class OutgoingKeyRequestManager @Inject constructor( - @SessionId private val sessionId: String, - @UserId private val myUserId: String, - private val cryptoStore: IMXCryptoStore, - private val coroutineDispatchers: MatrixCoroutineDispatchers, - private val cryptoConfig: MXCryptoConfig, - private val inboundGroupSessionStore: InboundGroupSessionStore, - private val sendToDeviceTask: DefaultSendToDeviceTask, - private val deviceListManager: DeviceListManager, - private val perSessionBackupQueryRateLimiter: PerSessionBackupQueryRateLimiter) { - - private val dispatcher = Executors.newSingleThreadExecutor().asCoroutineDispatcher() - private val outgoingRequestScope = CoroutineScope(SupervisorJob() + dispatcher) - private val sequencer = SemaphoreCoroutineSequencer() - - // We only have one active key request per session, so we don't request if it's already requested - // But it could make sense to check more the backup, as it's evolving. - // We keep a stack as we consider that the key requested last is more likely to be on screen? - private val requestDiscardedBecauseAlreadySentThatCouldBeTriedWithBackup = Stack>() - - fun requestKeyForEvent(event: Event, force: Boolean) { - val (targets, body) = getRoomKeyRequestTargetForEvent(event) ?: return - val index = ratchetIndexForMessage(event) ?: 0 - postRoomKeyRequest(body, targets, index, force) - } - - private fun getRoomKeyRequestTargetForEvent(event: Event): Pair>, RoomKeyRequestBody>? { - val sender = event.senderId ?: return null - val encryptedEventContent = event.content.toModel() ?: return null.also { - Timber.tag(loggerTag.value).e("getRoomKeyRequestTargetForEvent Failed to re-request key, null content") - } - if (encryptedEventContent.algorithm != MXCRYPTO_ALGORITHM_MEGOLM) return null - - val senderDevice = encryptedEventContent.deviceId - val recipients = if (cryptoConfig.limitRoomKeyRequestsToMyDevices) { - mapOf( - myUserId to listOf("*") - ) - } else { - if (event.senderId == myUserId) { - mapOf( - myUserId to listOf("*") - ) - } else { - // for the case where you share the key with a device that has a broken olm session - // The other user might Re-shares a megolm session key with devices if the key has already been - // sent to them. - mapOf( - myUserId to listOf("*"), - - // We might not have deviceId in the future due to https://github.com/matrix-org/matrix-spec-proposals/pull/3700 - // so in this case query to all - sender to listOf(senderDevice ?: "*") - ) - } - } - - val requestBody = RoomKeyRequestBody( - roomId = event.roomId, - algorithm = encryptedEventContent.algorithm, - senderKey = encryptedEventContent.senderKey, - sessionId = encryptedEventContent.sessionId - ) - return recipients to requestBody - } - - private fun ratchetIndexForMessage(event: Event): Int? { - val encryptedContent = event.content.toModel() ?: return null - if (encryptedContent.algorithm != MXCRYPTO_ALGORITHM_MEGOLM) return null - return encryptedContent.ciphertext?.fromBase64()?.inputStream()?.reader()?.let { - tryOrNull { - val megolmVersion = it.read() - if (megolmVersion != 3) return@tryOrNull null - /** Int tag */ - if (it.read() != 8) return@tryOrNull null - it.read() - } - } - } - - fun postRoomKeyRequest(requestBody: RoomKeyRequestBody, recipients: Map>, fromIndex: Int, force: Boolean = false) { - outgoingRequestScope.launch { - sequencer.post { - internalQueueRequest(requestBody, recipients, fromIndex, force) - } - } - } - - /** - * Typically called when we the session as been imported or received meanwhile - */ - fun postCancelRequestForSessionIfNeeded(sessionId: String, roomId: String, senderKey: String, fromIndex: Int) { - outgoingRequestScope.launch { - sequencer.post { - internalQueueCancelRequest(sessionId, roomId, senderKey, fromIndex) - } - } - } - - fun onSelfCrossSigningTrustChanged(newTrust: Boolean) { - if (newTrust) { - // we were previously not cross signed, but we are now - // so there is now more chances to get better replies for existing request - // Let's forget about sent request so that next time we try to decrypt we will resend requests - // We don't resend all because we don't want to generate a bulk of traffic - outgoingRequestScope.launch { - sequencer.post { - cryptoStore.deleteOutgoingRoomKeyRequestInState(OutgoingRoomKeyRequestState.SENT) - } - - sequencer.post { - delay(1000) - perSessionBackupQueryRateLimiter.refreshBackupInfoIfNeeded(true) - } - } - } - } - - fun onRoomKeyForwarded(sessionId: String, - algorithm: String, - roomId: String, - senderKey: String, - fromDevice: String?, - fromIndex: Int, - event: Event) { - Timber.tag(loggerTag.value).d("Key forwarded for $sessionId from ${event.senderId}|$fromDevice at index $fromIndex") - outgoingRequestScope.launch { - sequencer.post { - cryptoStore.updateOutgoingRoomKeyReply( - roomId = roomId, - sessionId = sessionId, - algorithm = algorithm, - senderKey = senderKey, - fromDevice = fromDevice, - // strip out encrypted stuff as it's just a trail? - event = event.copy( - type = event.getClearType(), - content = mapOf( - "chain_index" to fromIndex - ) - ) - ) - } - } - } - - fun onRoomKeyWithHeld(sessionId: String, - algorithm: String, - roomId: String, - senderKey: String, - fromDevice: String?, - event: Event) { - outgoingRequestScope.launch { - sequencer.post { - Timber.tag(loggerTag.value).d("Withheld received for $sessionId from ${event.senderId}|$fromDevice") - Timber.tag(loggerTag.value).v("Withheld content ${event.getClearContent()}") - - // We want to store withheld code from the sender of the message (owner of the megolm session), not from - // other devices that might gossip the key. If not the initial reason might be overridden - // by a request to one of our session. - event.getClearContent().toModel()?.let { withheld -> - withContext(coroutineDispatchers.crypto) { - tryOrNull { - deviceListManager.downloadKeys(listOf(event.senderId ?: ""), false) - } - cryptoStore.getUserDeviceList(event.senderId ?: "") - .also { devices -> - Timber.tag(loggerTag.value) - .v("Withheld Devices for ${event.senderId} are ${devices.orEmpty().joinToString { it.identityKey() ?: "" }}") - } - ?.firstOrNull { - it.identityKey() == senderKey - } - }.also { - Timber.tag(loggerTag.value).v("Withheld device for sender key $senderKey is from ${it?.shortDebugString()}") - }?.let { - if (it.userId == event.senderId) { - if (fromDevice != null) { - if (it.deviceId == fromDevice) { - Timber.tag(loggerTag.value).v("Storing sender Withheld code ${withheld.code} for ${withheld.sessionId}") - cryptoStore.addWithHeldMegolmSession(withheld) - } - } else { - Timber.tag(loggerTag.value).v("Storing sender Withheld code ${withheld.code} for ${withheld.sessionId}") - cryptoStore.addWithHeldMegolmSession(withheld) - } - } - } - } - - // Here we store the replies from a given request - cryptoStore.updateOutgoingRoomKeyReply( - roomId = roomId, - sessionId = sessionId, - algorithm = algorithm, - senderKey = senderKey, - fromDevice = fromDevice, - event = event - ) - } - } - } - - /** - * Should be called after a sync, ideally if no catchup sync needed (as keys might arrive in those) - */ - fun requireProcessAllPendingKeyRequests() { - outgoingRequestScope.launch { - sequencer.post { - internalProcessPendingKeyRequests() - } - } - } - - private fun internalQueueCancelRequest(sessionId: String, roomId: String, senderKey: String, localKnownChainIndex: Int) { - // do we have known requests for that session?? - Timber.tag(loggerTag.value).v("Cancel Key Request if needed for $sessionId") - val knownRequest = cryptoStore.getOutgoingRoomKeyRequest( - algorithm = MXCRYPTO_ALGORITHM_MEGOLM, - roomId = roomId, - sessionId = sessionId, - senderKey = senderKey - ) - if (knownRequest.isEmpty()) return Unit.also { - Timber.tag(loggerTag.value).v("Handle Cancel Key Request for $sessionId -- Was not currently requested") - } - if (knownRequest.size > 1) { - // It's worth logging, there should be only one - Timber.tag(loggerTag.value).w("Found multiple requests for same sessionId $sessionId") - } - knownRequest.forEach { request -> - when (request.state) { - OutgoingRoomKeyRequestState.UNSENT -> { - if (request.fromIndex >= localKnownChainIndex) { - // we have a good index we can cancel - cryptoStore.deleteOutgoingRoomKeyRequest(request.requestId) - } - } - OutgoingRoomKeyRequestState.SENT -> { - // It was already sent, and index satisfied we can cancel - if (request.fromIndex >= localKnownChainIndex) { - cryptoStore.updateOutgoingRoomKeyRequestState(request.requestId, OutgoingRoomKeyRequestState.CANCELLATION_PENDING) - } - } - OutgoingRoomKeyRequestState.CANCELLATION_PENDING -> { - // It is already marked to be cancelled - } - OutgoingRoomKeyRequestState.CANCELLATION_PENDING_AND_WILL_RESEND -> { - if (request.fromIndex >= localKnownChainIndex) { - // we just want to cancel now - cryptoStore.updateOutgoingRoomKeyRequestState(request.requestId, OutgoingRoomKeyRequestState.CANCELLATION_PENDING) - } - } - OutgoingRoomKeyRequestState.SENT_THEN_CANCELED -> { - // was already canceled - // if we need a better index, should we resend? - } - } - } - } - - fun close() { - try { - outgoingRequestScope.cancel("User Terminate") - requestDiscardedBecauseAlreadySentThatCouldBeTriedWithBackup.clear() - } catch (failure: Throwable) { - Timber.tag(loggerTag.value).w("Failed to shutDown request manager") - } - } - - private fun internalQueueRequest(requestBody: RoomKeyRequestBody, recipients: Map>, fromIndex: Int, force: Boolean) { - if (!cryptoStore.isKeyGossipingEnabled()) { - // we might want to try backup? - if (requestBody.roomId != null && requestBody.sessionId != null) { - requestDiscardedBecauseAlreadySentThatCouldBeTriedWithBackup.push(requestBody.roomId to requestBody.sessionId) - } - Timber.tag(loggerTag.value).d("discarding request for ${requestBody.sessionId} as gossiping is disabled") - return - } - - Timber.tag(loggerTag.value).d("Queueing key request for ${requestBody.sessionId} force:$force") - val existing = cryptoStore.getOutgoingRoomKeyRequest(requestBody) - Timber.tag(loggerTag.value).v("Queueing key request exiting is ${existing?.state}") - when (existing?.state) { - null -> { - // create a new one - cryptoStore.getOrAddOutgoingRoomKeyRequest(requestBody, recipients, fromIndex) - } - OutgoingRoomKeyRequestState.UNSENT -> { - // nothing it's new or not yet handled - } - OutgoingRoomKeyRequestState.SENT -> { - // it was already requested - Timber.tag(loggerTag.value).d("The session ${requestBody.sessionId} is already requested") - if (force) { - // update to UNSENT - Timber.tag(loggerTag.value).d(".. force to request ${requestBody.sessionId}") - cryptoStore.updateOutgoingRoomKeyRequestState(existing.requestId, OutgoingRoomKeyRequestState.CANCELLATION_PENDING_AND_WILL_RESEND) - } else { - if (existing.roomId != null && existing.sessionId != null) { - requestDiscardedBecauseAlreadySentThatCouldBeTriedWithBackup.push(existing.roomId to existing.sessionId) - } - } - } - OutgoingRoomKeyRequestState.CANCELLATION_PENDING -> { - // request is canceled only if I got the keys so what to do here... - if (force) { - cryptoStore.updateOutgoingRoomKeyRequestState(existing.requestId, OutgoingRoomKeyRequestState.CANCELLATION_PENDING_AND_WILL_RESEND) - } - } - OutgoingRoomKeyRequestState.CANCELLATION_PENDING_AND_WILL_RESEND -> { - // It's already going to resend - } - OutgoingRoomKeyRequestState.SENT_THEN_CANCELED -> { - if (force) { - cryptoStore.deleteOutgoingRoomKeyRequest(existing.requestId) - cryptoStore.getOrAddOutgoingRoomKeyRequest(requestBody, recipients, fromIndex) - } - } - } - - if (existing != null && existing.fromIndex >= fromIndex) { - // update the required index - cryptoStore.updateOutgoingRoomKeyRequiredIndex(existing.requestId, fromIndex) - } - } - - private suspend fun internalProcessPendingKeyRequests() { - val toProcess = cryptoStore.getOutgoingRoomKeyRequests(OutgoingRoomKeyRequestState.pendingStates()) - Timber.tag(loggerTag.value).v("Processing all pending key requests (found ${toProcess.size} pending)") - - measureTimeMillis { - toProcess.forEach { - when (it.state) { - OutgoingRoomKeyRequestState.UNSENT -> handleUnsentRequest(it) - OutgoingRoomKeyRequestState.CANCELLATION_PENDING -> handleRequestToCancel(it) - OutgoingRoomKeyRequestState.CANCELLATION_PENDING_AND_WILL_RESEND -> handleRequestToCancelWillResend(it) - OutgoingRoomKeyRequestState.SENT_THEN_CANCELED, - OutgoingRoomKeyRequestState.SENT -> { - // these are filtered out - } - } - } - }.let { - Timber.tag(loggerTag.value).v("Finish processing pending key request in $it ms") - } - - val maxBackupCallsBySync = 60 - var currentCalls = 0 - measureTimeMillis { - while (requestDiscardedBecauseAlreadySentThatCouldBeTriedWithBackup.isNotEmpty() && currentCalls < maxBackupCallsBySync) { - requestDiscardedBecauseAlreadySentThatCouldBeTriedWithBackup.pop().let { (roomId, sessionId) -> - // we want to rate limit that somehow :/ - perSessionBackupQueryRateLimiter.tryFromBackupIfPossible(sessionId, roomId) - } - currentCalls++ - } - }.let { - Timber.tag(loggerTag.value).v("Finish querying backup in $it ms") - } - } - - private suspend fun handleUnsentRequest(request: OutgoingKeyRequest) { - // In order to avoid generating to_device traffic, we can first check if the key is backed up - Timber.tag(loggerTag.value).v("Handling unsent request for megolm session ${request.sessionId} in ${request.roomId}") - val sessionId = request.sessionId ?: return - val roomId = request.roomId ?: return - if (perSessionBackupQueryRateLimiter.tryFromBackupIfPossible(sessionId, roomId)) { - // let's see what's the index - val knownIndex = tryOrNull { - inboundGroupSessionStore.getInboundGroupSession(sessionId, request.requestBody?.senderKey ?: "")?.wrapper?.firstKnownIndex - } - if (knownIndex != null && knownIndex <= request.fromIndex) { - // we found the key in backup with good enough index, so we can just mark as cancelled, no need to send request - Timber.tag(loggerTag.value).v("Megolm session $sessionId successfully restored from backup, do not send request") - cryptoStore.deleteOutgoingRoomKeyRequest(request.requestId) - return - } - } - - // we need to send the request - val toDeviceContent = RoomKeyShareRequest( - requestingDeviceId = cryptoStore.getDeviceId(), - requestId = request.requestId, - action = GossipingToDeviceObject.ACTION_SHARE_REQUEST, - body = request.requestBody - ) - val contentMap = MXUsersDevicesMap() - request.recipients.forEach { userToDeviceMap -> - userToDeviceMap.value.forEach { deviceId -> - contentMap.setObject(userToDeviceMap.key, deviceId, toDeviceContent) - } - } - - val params = SendToDeviceTask.Params( - eventType = EventType.ROOM_KEY_REQUEST, - contentMap = contentMap, - transactionId = request.requestId - ) - try { - withContext(coroutineDispatchers.io) { - sendToDeviceTask.executeRetry(params, 3) - } - Timber.tag(loggerTag.value).d("Key request sent for $sessionId in room $roomId to ${request.recipients}") - // The request was sent, so update state - cryptoStore.updateOutgoingRoomKeyRequestState(request.requestId, OutgoingRoomKeyRequestState.SENT) - // TODO update the audit trail - } catch (failure: Throwable) { - Timber.tag(loggerTag.value).v("Failed to request $sessionId targets:${request.recipients}") - } - } - - private suspend fun handleRequestToCancel(request: OutgoingKeyRequest): Boolean { - Timber.tag(loggerTag.value).v("handleRequestToCancel for megolm session ${request.sessionId}") - // we have to cancel this - val toDeviceContent = RoomKeyShareRequest( - requestingDeviceId = cryptoStore.getDeviceId(), - requestId = request.requestId, - action = GossipingToDeviceObject.ACTION_SHARE_CANCELLATION - ) - val contentMap = MXUsersDevicesMap() - request.recipients.forEach { userToDeviceMap -> - userToDeviceMap.value.forEach { deviceId -> - contentMap.setObject(userToDeviceMap.key, deviceId, toDeviceContent) - } - } - - val params = SendToDeviceTask.Params( - eventType = EventType.ROOM_KEY_REQUEST, - contentMap = contentMap, - transactionId = request.requestId - ) - return try { - withContext(coroutineDispatchers.io) { - sendToDeviceTask.executeRetry(params, 3) - } - // The request cancellation was sent, we don't delete yet because we want - // to keep trace of the sent replies - cryptoStore.updateOutgoingRoomKeyRequestState(request.requestId, OutgoingRoomKeyRequestState.SENT_THEN_CANCELED) - true - } catch (failure: Throwable) { - Timber.tag(loggerTag.value).v("Failed to cancel request ${request.requestId} for session $sessionId targets:${request.recipients}") - false - } - } - - private suspend fun handleRequestToCancelWillResend(request: OutgoingKeyRequest) { - if (handleRequestToCancel(request)) { - // this will create a new unsent request with no replies that will be process in the following call - cryptoStore.deleteOutgoingRoomKeyRequest(request.requestId) - request.requestBody?.let { cryptoStore.getOrAddOutgoingRoomKeyRequest(it, request.recipients, request.fromIndex) } - } - } -} +/* + * Copyright 2020 The Matrix.org Foundation C.I.C. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.matrix.android.sdk.internal.crypto + +import kotlinx.coroutines.CoroutineScope +import kotlinx.coroutines.SupervisorJob +import kotlinx.coroutines.asCoroutineDispatcher +import kotlinx.coroutines.cancel +import kotlinx.coroutines.delay +import kotlinx.coroutines.launch +import kotlinx.coroutines.withContext +import org.matrix.android.sdk.api.MatrixCoroutineDispatchers +import org.matrix.android.sdk.api.crypto.MXCRYPTO_ALGORITHM_MEGOLM +import org.matrix.android.sdk.api.crypto.MXCryptoConfig +import org.matrix.android.sdk.api.extensions.tryOrNull +import org.matrix.android.sdk.api.logger.LoggerTag +import org.matrix.android.sdk.api.session.crypto.OutgoingKeyRequest +import org.matrix.android.sdk.api.session.crypto.OutgoingRoomKeyRequestState +import org.matrix.android.sdk.api.session.crypto.model.GossipingToDeviceObject +import org.matrix.android.sdk.api.session.crypto.model.MXUsersDevicesMap +import org.matrix.android.sdk.api.session.crypto.model.RoomKeyRequestBody +import org.matrix.android.sdk.api.session.crypto.model.RoomKeyShareRequest +import org.matrix.android.sdk.api.session.events.model.Event +import org.matrix.android.sdk.api.session.events.model.EventType +import org.matrix.android.sdk.api.session.events.model.content.EncryptedEventContent +import org.matrix.android.sdk.api.session.events.model.content.RoomKeyWithHeldContent +import org.matrix.android.sdk.api.session.events.model.toModel +import org.matrix.android.sdk.api.util.fromBase64 +import org.matrix.android.sdk.internal.crypto.store.IMXCryptoStore +import org.matrix.android.sdk.internal.crypto.tasks.SendToDeviceTask +import org.matrix.android.sdk.internal.di.SessionId +import org.matrix.android.sdk.internal.di.UserId +import org.matrix.android.sdk.internal.session.SessionScope +import org.matrix.android.sdk.internal.task.SemaphoreCoroutineSequencer +import timber.log.Timber +import java.util.Stack +import java.util.concurrent.Executors +import javax.inject.Inject +import kotlin.system.measureTimeMillis + +private val loggerTag = LoggerTag("OutgoingKeyRequestManager", LoggerTag.CRYPTO) + +/** + * This class is responsible for sending key requests to other devices when a message failed to decrypt. + * It's lifecycle is based on the sync pulse: + * - You can post queries for session, or report when you got a session + * - At the end of the sync (onSyncComplete) it will then process all the posted request and send to devices + * If a request failed it will be retried at the end of the next sync + */ +@SessionScope +internal class OutgoingKeyRequestManager @Inject constructor( + @SessionId private val sessionId: String, + @UserId private val myUserId: String, + private val cryptoStore: IMXCryptoStore, + private val coroutineDispatchers: MatrixCoroutineDispatchers, + private val cryptoConfig: MXCryptoConfig, + private val inboundGroupSessionStore: InboundGroupSessionStore, + private val sendToDeviceTask: SendToDeviceTask, + private val deviceListManager: DeviceListManager, + private val perSessionBackupQueryRateLimiter: PerSessionBackupQueryRateLimiter) { + + private val dispatcher = Executors.newSingleThreadExecutor().asCoroutineDispatcher() + private val outgoingRequestScope = CoroutineScope(SupervisorJob() + dispatcher) + private val sequencer = SemaphoreCoroutineSequencer() + + // We only have one active key request per session, so we don't request if it's already requested + // But it could make sense to check more the backup, as it's evolving. + // We keep a stack as we consider that the key requested last is more likely to be on screen? + private val requestDiscardedBecauseAlreadySentThatCouldBeTriedWithBackup = Stack>() + + fun requestKeyForEvent(event: Event, force: Boolean) { + val (targets, body) = getRoomKeyRequestTargetForEvent(event) ?: return + val index = ratchetIndexForMessage(event) ?: 0 + postRoomKeyRequest(body, targets, index, force) + } + + private fun getRoomKeyRequestTargetForEvent(event: Event): Pair>, RoomKeyRequestBody>? { + val sender = event.senderId ?: return null + val encryptedEventContent = event.content.toModel() ?: return null.also { + Timber.tag(loggerTag.value).e("getRoomKeyRequestTargetForEvent Failed to re-request key, null content") + } + if (encryptedEventContent.algorithm != MXCRYPTO_ALGORITHM_MEGOLM) return null + + val senderDevice = encryptedEventContent.deviceId + val recipients = if (cryptoConfig.limitRoomKeyRequestsToMyDevices) { + mapOf( + myUserId to listOf("*") + ) + } else { + if (event.senderId == myUserId) { + mapOf( + myUserId to listOf("*") + ) + } else { + // for the case where you share the key with a device that has a broken olm session + // The other user might Re-shares a megolm session key with devices if the key has already been + // sent to them. + mapOf( + myUserId to listOf("*"), + + // We might not have deviceId in the future due to https://github.com/matrix-org/matrix-spec-proposals/pull/3700 + // so in this case query to all + sender to listOf(senderDevice ?: "*") + ) + } + } + + val requestBody = RoomKeyRequestBody( + roomId = event.roomId, + algorithm = encryptedEventContent.algorithm, + senderKey = encryptedEventContent.senderKey, + sessionId = encryptedEventContent.sessionId + ) + return recipients to requestBody + } + + private fun ratchetIndexForMessage(event: Event): Int? { + val encryptedContent = event.content.toModel() ?: return null + if (encryptedContent.algorithm != MXCRYPTO_ALGORITHM_MEGOLM) return null + return encryptedContent.ciphertext?.fromBase64()?.inputStream()?.reader()?.let { + tryOrNull { + val megolmVersion = it.read() + if (megolmVersion != 3) return@tryOrNull null + /** Int tag */ + if (it.read() != 8) return@tryOrNull null + it.read() + } + } + } + + fun postRoomKeyRequest(requestBody: RoomKeyRequestBody, recipients: Map>, fromIndex: Int, force: Boolean = false) { + outgoingRequestScope.launch { + sequencer.post { + internalQueueRequest(requestBody, recipients, fromIndex, force) + } + } + } + + /** + * Typically called when we the session as been imported or received meanwhile + */ + fun postCancelRequestForSessionIfNeeded(sessionId: String, roomId: String, senderKey: String, fromIndex: Int) { + outgoingRequestScope.launch { + sequencer.post { + internalQueueCancelRequest(sessionId, roomId, senderKey, fromIndex) + } + } + } + + fun onSelfCrossSigningTrustChanged(newTrust: Boolean) { + if (newTrust) { + // we were previously not cross signed, but we are now + // so there is now more chances to get better replies for existing request + // Let's forget about sent request so that next time we try to decrypt we will resend requests + // We don't resend all because we don't want to generate a bulk of traffic + outgoingRequestScope.launch { + sequencer.post { + cryptoStore.deleteOutgoingRoomKeyRequestInState(OutgoingRoomKeyRequestState.SENT) + } + + sequencer.post { + delay(1000) + perSessionBackupQueryRateLimiter.refreshBackupInfoIfNeeded(true) + } + } + } + } + + fun onRoomKeyForwarded(sessionId: String, + algorithm: String, + roomId: String, + senderKey: String, + fromDevice: String?, + fromIndex: Int, + event: Event) { + Timber.tag(loggerTag.value).d("Key forwarded for $sessionId from ${event.senderId}|$fromDevice at index $fromIndex") + outgoingRequestScope.launch { + sequencer.post { + cryptoStore.updateOutgoingRoomKeyReply( + roomId = roomId, + sessionId = sessionId, + algorithm = algorithm, + senderKey = senderKey, + fromDevice = fromDevice, + // strip out encrypted stuff as it's just a trail? + event = event.copy( + type = event.getClearType(), + content = mapOf( + "chain_index" to fromIndex + ) + ) + ) + } + } + } + + fun onRoomKeyWithHeld(sessionId: String, + algorithm: String, + roomId: String, + senderKey: String, + fromDevice: String?, + event: Event) { + outgoingRequestScope.launch { + sequencer.post { + Timber.tag(loggerTag.value).d("Withheld received for $sessionId from ${event.senderId}|$fromDevice") + Timber.tag(loggerTag.value).v("Withheld content ${event.getClearContent()}") + + // We want to store withheld code from the sender of the message (owner of the megolm session), not from + // other devices that might gossip the key. If not the initial reason might be overridden + // by a request to one of our session. + event.getClearContent().toModel()?.let { withheld -> + withContext(coroutineDispatchers.crypto) { + tryOrNull { + deviceListManager.downloadKeys(listOf(event.senderId ?: ""), false) + } + cryptoStore.getUserDeviceList(event.senderId ?: "") + .also { devices -> + Timber.tag(loggerTag.value) + .v("Withheld Devices for ${event.senderId} are ${devices.orEmpty().joinToString { it.identityKey() ?: "" }}") + } + ?.firstOrNull { + it.identityKey() == senderKey + } + }.also { + Timber.tag(loggerTag.value).v("Withheld device for sender key $senderKey is from ${it?.shortDebugString()}") + }?.let { + if (it.userId == event.senderId) { + if (fromDevice != null) { + if (it.deviceId == fromDevice) { + Timber.tag(loggerTag.value).v("Storing sender Withheld code ${withheld.code} for ${withheld.sessionId}") + cryptoStore.addWithHeldMegolmSession(withheld) + } + } else { + Timber.tag(loggerTag.value).v("Storing sender Withheld code ${withheld.code} for ${withheld.sessionId}") + cryptoStore.addWithHeldMegolmSession(withheld) + } + } + } + } + + // Here we store the replies from a given request + cryptoStore.updateOutgoingRoomKeyReply( + roomId = roomId, + sessionId = sessionId, + algorithm = algorithm, + senderKey = senderKey, + fromDevice = fromDevice, + event = event + ) + } + } + } + + /** + * Should be called after a sync, ideally if no catchup sync needed (as keys might arrive in those) + */ + fun requireProcessAllPendingKeyRequests() { + outgoingRequestScope.launch { + sequencer.post { + internalProcessPendingKeyRequests() + } + } + } + + private fun internalQueueCancelRequest(sessionId: String, roomId: String, senderKey: String, localKnownChainIndex: Int) { + // do we have known requests for that session?? + Timber.tag(loggerTag.value).v("Cancel Key Request if needed for $sessionId") + val knownRequest = cryptoStore.getOutgoingRoomKeyRequest( + algorithm = MXCRYPTO_ALGORITHM_MEGOLM, + roomId = roomId, + sessionId = sessionId, + senderKey = senderKey + ) + if (knownRequest.isEmpty()) return Unit.also { + Timber.tag(loggerTag.value).v("Handle Cancel Key Request for $sessionId -- Was not currently requested") + } + if (knownRequest.size > 1) { + // It's worth logging, there should be only one + Timber.tag(loggerTag.value).w("Found multiple requests for same sessionId $sessionId") + } + knownRequest.forEach { request -> + when (request.state) { + OutgoingRoomKeyRequestState.UNSENT -> { + if (request.fromIndex >= localKnownChainIndex) { + // we have a good index we can cancel + cryptoStore.deleteOutgoingRoomKeyRequest(request.requestId) + } + } + OutgoingRoomKeyRequestState.SENT -> { + // It was already sent, and index satisfied we can cancel + if (request.fromIndex >= localKnownChainIndex) { + cryptoStore.updateOutgoingRoomKeyRequestState(request.requestId, OutgoingRoomKeyRequestState.CANCELLATION_PENDING) + } + } + OutgoingRoomKeyRequestState.CANCELLATION_PENDING -> { + // It is already marked to be cancelled + } + OutgoingRoomKeyRequestState.CANCELLATION_PENDING_AND_WILL_RESEND -> { + if (request.fromIndex >= localKnownChainIndex) { + // we just want to cancel now + cryptoStore.updateOutgoingRoomKeyRequestState(request.requestId, OutgoingRoomKeyRequestState.CANCELLATION_PENDING) + } + } + OutgoingRoomKeyRequestState.SENT_THEN_CANCELED -> { + // was already canceled + // if we need a better index, should we resend? + } + } + } + } + + fun close() { + try { + outgoingRequestScope.cancel("User Terminate") + requestDiscardedBecauseAlreadySentThatCouldBeTriedWithBackup.clear() + } catch (failure: Throwable) { + Timber.tag(loggerTag.value).w("Failed to shutDown request manager") + } + } + + private fun internalQueueRequest(requestBody: RoomKeyRequestBody, recipients: Map>, fromIndex: Int, force: Boolean) { + if (!cryptoStore.isKeyGossipingEnabled()) { + // we might want to try backup? + if (requestBody.roomId != null && requestBody.sessionId != null) { + requestDiscardedBecauseAlreadySentThatCouldBeTriedWithBackup.push(requestBody.roomId to requestBody.sessionId) + } + Timber.tag(loggerTag.value).d("discarding request for ${requestBody.sessionId} as gossiping is disabled") + return + } + + Timber.tag(loggerTag.value).d("Queueing key request for ${requestBody.sessionId} force:$force") + val existing = cryptoStore.getOutgoingRoomKeyRequest(requestBody) + Timber.tag(loggerTag.value).v("Queueing key request exiting is ${existing?.state}") + when (existing?.state) { + null -> { + // create a new one + cryptoStore.getOrAddOutgoingRoomKeyRequest(requestBody, recipients, fromIndex) + } + OutgoingRoomKeyRequestState.UNSENT -> { + // nothing it's new or not yet handled + } + OutgoingRoomKeyRequestState.SENT -> { + // it was already requested + Timber.tag(loggerTag.value).d("The session ${requestBody.sessionId} is already requested") + if (force) { + // update to UNSENT + Timber.tag(loggerTag.value).d(".. force to request ${requestBody.sessionId}") + cryptoStore.updateOutgoingRoomKeyRequestState(existing.requestId, OutgoingRoomKeyRequestState.CANCELLATION_PENDING_AND_WILL_RESEND) + } else { + if (existing.roomId != null && existing.sessionId != null) { + requestDiscardedBecauseAlreadySentThatCouldBeTriedWithBackup.push(existing.roomId to existing.sessionId) + } + } + } + OutgoingRoomKeyRequestState.CANCELLATION_PENDING -> { + // request is canceled only if I got the keys so what to do here... + if (force) { + cryptoStore.updateOutgoingRoomKeyRequestState(existing.requestId, OutgoingRoomKeyRequestState.CANCELLATION_PENDING_AND_WILL_RESEND) + } + } + OutgoingRoomKeyRequestState.CANCELLATION_PENDING_AND_WILL_RESEND -> { + // It's already going to resend + } + OutgoingRoomKeyRequestState.SENT_THEN_CANCELED -> { + if (force) { + cryptoStore.deleteOutgoingRoomKeyRequest(existing.requestId) + cryptoStore.getOrAddOutgoingRoomKeyRequest(requestBody, recipients, fromIndex) + } + } + } + + if (existing != null && existing.fromIndex >= fromIndex) { + // update the required index + cryptoStore.updateOutgoingRoomKeyRequiredIndex(existing.requestId, fromIndex) + } + } + + private suspend fun internalProcessPendingKeyRequests() { + val toProcess = cryptoStore.getOutgoingRoomKeyRequests(OutgoingRoomKeyRequestState.pendingStates()) + Timber.tag(loggerTag.value).v("Processing all pending key requests (found ${toProcess.size} pending)") + + measureTimeMillis { + toProcess.forEach { + when (it.state) { + OutgoingRoomKeyRequestState.UNSENT -> handleUnsentRequest(it) + OutgoingRoomKeyRequestState.CANCELLATION_PENDING -> handleRequestToCancel(it) + OutgoingRoomKeyRequestState.CANCELLATION_PENDING_AND_WILL_RESEND -> handleRequestToCancelWillResend(it) + OutgoingRoomKeyRequestState.SENT_THEN_CANCELED, + OutgoingRoomKeyRequestState.SENT -> { + // these are filtered out + } + } + } + }.let { + Timber.tag(loggerTag.value).v("Finish processing pending key request in $it ms") + } + + val maxBackupCallsBySync = 60 + var currentCalls = 0 + measureTimeMillis { + while (requestDiscardedBecauseAlreadySentThatCouldBeTriedWithBackup.isNotEmpty() && currentCalls < maxBackupCallsBySync) { + requestDiscardedBecauseAlreadySentThatCouldBeTriedWithBackup.pop().let { (roomId, sessionId) -> + // we want to rate limit that somehow :/ + perSessionBackupQueryRateLimiter.tryFromBackupIfPossible(sessionId, roomId) + } + currentCalls++ + } + }.let { + Timber.tag(loggerTag.value).v("Finish querying backup in $it ms") + } + } + + private suspend fun handleUnsentRequest(request: OutgoingKeyRequest) { + // In order to avoid generating to_device traffic, we can first check if the key is backed up + Timber.tag(loggerTag.value).v("Handling unsent request for megolm session ${request.sessionId} in ${request.roomId}") + val sessionId = request.sessionId ?: return + val roomId = request.roomId ?: return + if (perSessionBackupQueryRateLimiter.tryFromBackupIfPossible(sessionId, roomId)) { + // let's see what's the index + val knownIndex = tryOrNull { + inboundGroupSessionStore.getInboundGroupSession(sessionId, request.requestBody?.senderKey ?: "")?.wrapper?.firstKnownIndex + } + if (knownIndex != null && knownIndex <= request.fromIndex) { + // we found the key in backup with good enough index, so we can just mark as cancelled, no need to send request + Timber.tag(loggerTag.value).v("Megolm session $sessionId successfully restored from backup, do not send request") + cryptoStore.deleteOutgoingRoomKeyRequest(request.requestId) + return + } + } + + // we need to send the request + val toDeviceContent = RoomKeyShareRequest( + requestingDeviceId = cryptoStore.getDeviceId(), + requestId = request.requestId, + action = GossipingToDeviceObject.ACTION_SHARE_REQUEST, + body = request.requestBody + ) + val contentMap = MXUsersDevicesMap() + request.recipients.forEach { userToDeviceMap -> + userToDeviceMap.value.forEach { deviceId -> + contentMap.setObject(userToDeviceMap.key, deviceId, toDeviceContent) + } + } + + val params = SendToDeviceTask.Params( + eventType = EventType.ROOM_KEY_REQUEST, + contentMap = contentMap, + transactionId = request.requestId + ) + try { + withContext(coroutineDispatchers.io) { + sendToDeviceTask.executeRetry(params, 3) + } + Timber.tag(loggerTag.value).d("Key request sent for $sessionId in room $roomId to ${request.recipients}") + // The request was sent, so update state + cryptoStore.updateOutgoingRoomKeyRequestState(request.requestId, OutgoingRoomKeyRequestState.SENT) + // TODO update the audit trail + } catch (failure: Throwable) { + Timber.tag(loggerTag.value).v("Failed to request $sessionId targets:${request.recipients}") + } + } + + private suspend fun handleRequestToCancel(request: OutgoingKeyRequest): Boolean { + Timber.tag(loggerTag.value).v("handleRequestToCancel for megolm session ${request.sessionId}") + // we have to cancel this + val toDeviceContent = RoomKeyShareRequest( + requestingDeviceId = cryptoStore.getDeviceId(), + requestId = request.requestId, + action = GossipingToDeviceObject.ACTION_SHARE_CANCELLATION + ) + val contentMap = MXUsersDevicesMap() + request.recipients.forEach { userToDeviceMap -> + userToDeviceMap.value.forEach { deviceId -> + contentMap.setObject(userToDeviceMap.key, deviceId, toDeviceContent) + } + } + + val params = SendToDeviceTask.Params( + eventType = EventType.ROOM_KEY_REQUEST, + contentMap = contentMap, + transactionId = request.requestId + ) + return try { + withContext(coroutineDispatchers.io) { + sendToDeviceTask.executeRetry(params, 3) + } + // The request cancellation was sent, we don't delete yet because we want + // to keep trace of the sent replies + cryptoStore.updateOutgoingRoomKeyRequestState(request.requestId, OutgoingRoomKeyRequestState.SENT_THEN_CANCELED) + true + } catch (failure: Throwable) { + Timber.tag(loggerTag.value).v("Failed to cancel request ${request.requestId} for session $sessionId targets:${request.recipients}") + false + } + } + + private suspend fun handleRequestToCancelWillResend(request: OutgoingKeyRequest) { + if (handleRequestToCancel(request)) { + // this will create a new unsent request with no replies that will be process in the following call + cryptoStore.deleteOutgoingRoomKeyRequest(request.requestId) + request.requestBody?.let { cryptoStore.getOrAddOutgoingRoomKeyRequest(it, request.recipients, request.fromIndex) } + } + } +} diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingSecretRequest.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingSecretRequest.kt deleted file mode 100755 index fae7a2f1c4..0000000000 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OutgoingSecretRequest.kt +++ /dev/null @@ -1,39 +0,0 @@ -/* - * Copyright 2020 The Matrix.org Foundation C.I.C. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.matrix.android.sdk.internal.crypto - -import com.squareup.moshi.JsonClass -import org.matrix.android.sdk.api.session.crypto.OutgoingRoomKeyRequestState - -/** - * Represents an outgoing room key request - */ -@JsonClass(generateAdapter = true) -internal class OutgoingSecretRequest( - // Secret Name - val secretName: String?, - // list of recipients for the request - override var recipients: Map>, - // Unique id for this request. Used for both - // an id within the request for later pairing with a cancellation, and for - // the transaction id when sending the to_device messages to our local - override var requestId: String, - // current state of this request - override var state: OutgoingRoomKeyRequestState) : OutgoingGossipingRequest { - - // transaction id for the cancellation, if any -} diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/PerSessionBackupQueryRateLimiter.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/PerSessionBackupQueryRateLimiter.kt index 8e0def5b76..292ba02ecd 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/PerSessionBackupQueryRateLimiter.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/PerSessionBackupQueryRateLimiter.kt @@ -66,7 +66,7 @@ internal class PerSessionBackupQueryRateLimiter @Inject constructor( private var backupVersion: KeysVersionResult? = null private var savedKeyBackupKeyInfo: SavedKeyBackupKeyInfo? = null var backupWasCheckedFromServer: Boolean = false - var now = System.currentTimeMillis() + val now = System.currentTimeMillis() fun refreshBackupInfoIfNeeded(force: Boolean = false) { if (backupWasCheckedFromServer && !force) return diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/RoomEncryptorsStore.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/RoomEncryptorsStore.kt index 58378e556a..1a8c160d9c 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/RoomEncryptorsStore.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/RoomEncryptorsStore.kt @@ -28,7 +28,6 @@ import javax.inject.Inject @SessionScope internal class RoomEncryptorsStore @Inject constructor( private val cryptoStore: IMXCryptoStore, - // Repository private val megolmEncryptionFactory: MXMegolmEncryptionFactory, private val olmEncryptionFactory: MXOlmEncryptionFactory, ) { diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/SecretShareManager.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/SecretShareManager.kt index b10c77dfd3..dca4b07416 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/SecretShareManager.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/SecretShareManager.kt @@ -1,298 +1,298 @@ -/* - * Copyright (c) 2022 The Matrix.org Foundation C.I.C. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.matrix.android.sdk.internal.crypto - -import kotlinx.coroutines.CoroutineScope -import kotlinx.coroutines.launch -import kotlinx.coroutines.sync.Mutex -import kotlinx.coroutines.sync.withLock -import kotlinx.coroutines.withContext -import org.matrix.android.sdk.api.MatrixCoroutineDispatchers -import org.matrix.android.sdk.api.auth.data.Credentials -import org.matrix.android.sdk.api.logger.LoggerTag -import org.matrix.android.sdk.api.session.crypto.crosssigning.KEYBACKUP_SECRET_SSSS_NAME -import org.matrix.android.sdk.api.session.crypto.crosssigning.MASTER_KEY_SSSS_NAME -import org.matrix.android.sdk.api.session.crypto.crosssigning.SELF_SIGNING_KEY_SSSS_NAME -import org.matrix.android.sdk.api.session.crypto.crosssigning.USER_SIGNING_KEY_SSSS_NAME -import org.matrix.android.sdk.api.session.crypto.keysbackup.extractCurveKeyFromRecoveryKey -import org.matrix.android.sdk.api.session.crypto.keyshare.GossipingRequestListener -import org.matrix.android.sdk.api.session.crypto.model.MXUsersDevicesMap -import org.matrix.android.sdk.api.session.crypto.model.SecretShareRequest -import org.matrix.android.sdk.api.session.events.model.Event -import org.matrix.android.sdk.api.session.events.model.EventType -import org.matrix.android.sdk.api.session.events.model.content.SecretSendEventContent -import org.matrix.android.sdk.api.session.events.model.toModel -import org.matrix.android.sdk.api.util.toBase64NoPadding -import org.matrix.android.sdk.internal.crypto.actions.EnsureOlmSessionsForDevicesAction -import org.matrix.android.sdk.internal.crypto.actions.MessageEncrypter -import org.matrix.android.sdk.internal.crypto.store.IMXCryptoStore -import org.matrix.android.sdk.internal.crypto.tasks.SendToDeviceTask -import org.matrix.android.sdk.internal.crypto.tasks.createUniqueTxnId -import org.matrix.android.sdk.internal.session.SessionScope -import timber.log.Timber -import javax.inject.Inject - -private val loggerTag = LoggerTag("SecretShareManager", LoggerTag.CRYPTO) - -@SessionScope -internal class SecretShareManager @Inject constructor( - private val credentials: Credentials, - private val cryptoStore: IMXCryptoStore, - private val cryptoCoroutineScope: CoroutineScope, - private val messageEncrypter: MessageEncrypter, - private val ensureOlmSessionsForDevicesAction: EnsureOlmSessionsForDevicesAction, - private val sendToDeviceTask: SendToDeviceTask, - private val coroutineDispatchers: MatrixCoroutineDispatchers -) { - - companion object { - private const val SECRET_SHARE_WINDOW_DURATION = 5 * 60 * 1000 // 5 minutes - } - - /** - * Secret gossiping only occurs during a limited window period after interactive verification. - * We keep track of recent verification in memory for that purpose (no need to persist) - */ - private val recentlyVerifiedDevices = mutableMapOf() - private val verifMutex = Mutex() - - /** - * Secrets are exchanged as part of interactive verification, - * so we can just store in memory. - */ - private val outgoingSecretRequests = mutableListOf() - - // the listeners - private val gossipingRequestListeners: MutableSet = HashSet() - - fun addListener(listener: GossipingRequestListener) { - synchronized(gossipingRequestListeners) { - gossipingRequestListeners.add(listener) - } - } - - fun removeRoomKeysRequestListener(listener: GossipingRequestListener) { - synchronized(gossipingRequestListeners) { - gossipingRequestListeners.remove(listener) - } - } - - /** - * Called when a session has been verified. - * This information can be used by the manager to decide whether or not to fullfill gossiping requests. - * This should be called as fast as possible after a successful self interactive verification - */ - fun onVerificationCompleteForDevice(deviceId: String) { - // For now we just keep an in memory cache - cryptoCoroutineScope.launch { - verifMutex.withLock { - recentlyVerifiedDevices[deviceId] = System.currentTimeMillis() - } - } - } - - suspend fun handleSecretRequest(toDevice: Event) { - val request = toDevice.getClearContent().toModel() - ?: return Unit.also { - Timber.tag(loggerTag.value) - .w("handleSecretRequest() : malformed request") - } - -// val (action, requestingDeviceId, requestId, secretName) = it - val secretName = request.secretName ?: return Unit.also { - Timber.tag(loggerTag.value) - .v("handleSecretRequest() : Missing secret name") - } - - val userId = toDevice.senderId ?: return Unit.also { - Timber.tag(loggerTag.value) - .v("handleSecretRequest() : Missing secret name") - } - - if (userId != credentials.userId) { - // secrets are only shared between our own devices - Timber.tag(loggerTag.value) - .e("Ignoring secret share request from other users $userId") - return - } - - val deviceId = request.requestingDeviceId - ?: return Unit.also { - Timber.tag(loggerTag.value) - .w("handleSecretRequest() : malformed request norequestingDeviceId ") - } - - val device = cryptoStore.getUserDevice(credentials.userId, deviceId) - ?: return Unit.also { - Timber.tag(loggerTag.value) - .e("Received secret share request from unknown device $deviceId") - } - - val isRequestingDeviceTrusted = device.isVerified - val isRecentInteractiveVerification = hasBeenVerifiedLessThanFiveMinutesFromNow(device.deviceId) - if (isRequestingDeviceTrusted && isRecentInteractiveVerification) { - // we can share the secret - - val secretValue = when (secretName) { - MASTER_KEY_SSSS_NAME -> cryptoStore.getCrossSigningPrivateKeys()?.master - SELF_SIGNING_KEY_SSSS_NAME -> cryptoStore.getCrossSigningPrivateKeys()?.selfSigned - USER_SIGNING_KEY_SSSS_NAME -> cryptoStore.getCrossSigningPrivateKeys()?.user - KEYBACKUP_SECRET_SSSS_NAME -> cryptoStore.getKeyBackupRecoveryKeyInfo()?.recoveryKey - ?.let { - extractCurveKeyFromRecoveryKey(it)?.toBase64NoPadding() - } - else -> null - } - if (secretValue == null) { - Timber.tag(loggerTag.value) - .i("The secret is unknown $secretName, passing to app layer") - val toList = synchronized(gossipingRequestListeners) { gossipingRequestListeners.toList() } - toList.onEach { listener -> - listener.onSecretShareRequest(request) - } - return - } - - val payloadJson = mapOf( - "type" to EventType.SEND_SECRET, - "content" to mapOf( - "request_id" to request.requestId, - "secret" to secretValue - ) - ) - - // Is it possible that we don't have an olm session? - val devicesByUser = mapOf(device.userId to listOf(device)) - val usersDeviceMap = try { - ensureOlmSessionsForDevicesAction.handle(devicesByUser) - } catch (failure: Throwable) { - Timber.tag(loggerTag.value) - .w("Can't share secret ${request.secretName}: Failed to establish olm session") - return - } - - val olmSessionResult = usersDeviceMap.getObject(device.userId, device.deviceId) - if (olmSessionResult?.sessionId == null) { - Timber.tag(loggerTag.value) - .w("secret share: no session with this device $deviceId, probably because there were no one-time keys") - return - } - - val encodedPayload = messageEncrypter.encryptMessage(payloadJson, listOf(device)) - val sendToDeviceMap = MXUsersDevicesMap() - sendToDeviceMap.setObject(device.userId, device.deviceId, encodedPayload) - val sendToDeviceParams = SendToDeviceTask.Params(EventType.ENCRYPTED, sendToDeviceMap) - try { - // raise the retries for secret - sendToDeviceTask.executeRetry(sendToDeviceParams, 6) - Timber.tag(loggerTag.value) - .i("successfully shared secret $secretName to ${device.shortDebugString()}") - // TODO add a trail for that in audit logs - } catch (failure: Throwable) { - Timber.tag(loggerTag.value) - .e(failure, "failed to send shared secret $secretName to ${device.shortDebugString()}") - } - } else { - Timber.tag(loggerTag.value) - .d(" Received secret share request from un-authorised device ${device.deviceId}") - } - } - - private suspend fun hasBeenVerifiedLessThanFiveMinutesFromNow(deviceId: String): Boolean { - val verifTimestamp = verifMutex.withLock { - recentlyVerifiedDevices[deviceId] - } ?: return false - - val age = System.currentTimeMillis() - verifTimestamp - - return age < SECRET_SHARE_WINDOW_DURATION - } - - suspend fun requestSecretTo(deviceId: String, secretName: String) { - val cryptoDeviceInfo = cryptoStore.getUserDevice(credentials.userId, deviceId) ?: return Unit.also { - Timber.tag(loggerTag.value) - .d("Can't request secret for $secretName unknown device $deviceId") - } - val toDeviceContent = SecretShareRequest( - requestingDeviceId = credentials.deviceId, - secretName = secretName, - requestId = createUniqueTxnId() - ) - - verifMutex.withLock { - outgoingSecretRequests.add(toDeviceContent) - } - - val contentMap = MXUsersDevicesMap() - contentMap.setObject(cryptoDeviceInfo.userId, cryptoDeviceInfo.deviceId, toDeviceContent) - - val params = SendToDeviceTask.Params( - eventType = EventType.REQUEST_SECRET, - contentMap = contentMap - ) - try { - withContext(coroutineDispatchers.io) { - sendToDeviceTask.executeRetry(params, 3) - } - Timber.tag(loggerTag.value) - .d("Secret request sent for $secretName to ${cryptoDeviceInfo.shortDebugString()}") - // TODO update the audit trail - } catch (failure: Throwable) { - Timber.tag(loggerTag.value) - .w("Failed to request secret $secretName to ${cryptoDeviceInfo.shortDebugString()}") - } - } - - suspend fun onSecretSendReceived(toDevice: Event, handleGossip: ((name: String, value: String) -> Boolean)) { - Timber.tag(loggerTag.value) - .i("onSecretSend() from ${toDevice.senderId} : onSecretSendReceived ${toDevice.content?.get("sender_key")}") - if (!toDevice.isEncrypted()) { - // secret send messages must be encrypted - Timber.tag(loggerTag.value).e("onSecretSend() :Received unencrypted secret send event") - return - } - - // Was that sent by us? - if (toDevice.senderId != credentials.userId) { - Timber.tag(loggerTag.value).e("onSecretSend() : Ignore secret from other user ${toDevice.senderId}") - return - } - - val secretContent = toDevice.getClearContent().toModel() ?: return - - val existingRequest = verifMutex.withLock { - outgoingSecretRequests.firstOrNull { it.requestId == secretContent.requestId } - } - - // As per spec: - // Clients should ignore m.secret.send events received from devices that it did not send an m.secret.request event to. - if (existingRequest?.secretName == null) { - Timber.tag(loggerTag.value).i("onSecretSend() : Ignore secret that was not requested: ${secretContent.requestId}") - return - } - // we don't need to cancel the request as we only request to one device - // just forget about the request now - verifMutex.withLock { - outgoingSecretRequests.remove(existingRequest) - } - - if (!handleGossip(existingRequest.secretName, secretContent.secretValue)) { - // TODO Ask to application layer? - Timber.tag(loggerTag.value).v("onSecretSend() : secret not handled by SDK") - } - } -} +/* + * Copyright (c) 2022 The Matrix.org Foundation C.I.C. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.matrix.android.sdk.internal.crypto + +import kotlinx.coroutines.CoroutineScope +import kotlinx.coroutines.launch +import kotlinx.coroutines.sync.Mutex +import kotlinx.coroutines.sync.withLock +import kotlinx.coroutines.withContext +import org.matrix.android.sdk.api.MatrixCoroutineDispatchers +import org.matrix.android.sdk.api.auth.data.Credentials +import org.matrix.android.sdk.api.logger.LoggerTag +import org.matrix.android.sdk.api.session.crypto.crosssigning.KEYBACKUP_SECRET_SSSS_NAME +import org.matrix.android.sdk.api.session.crypto.crosssigning.MASTER_KEY_SSSS_NAME +import org.matrix.android.sdk.api.session.crypto.crosssigning.SELF_SIGNING_KEY_SSSS_NAME +import org.matrix.android.sdk.api.session.crypto.crosssigning.USER_SIGNING_KEY_SSSS_NAME +import org.matrix.android.sdk.api.session.crypto.keysbackup.extractCurveKeyFromRecoveryKey +import org.matrix.android.sdk.api.session.crypto.keyshare.GossipingRequestListener +import org.matrix.android.sdk.api.session.crypto.model.MXUsersDevicesMap +import org.matrix.android.sdk.api.session.crypto.model.SecretShareRequest +import org.matrix.android.sdk.api.session.events.model.Event +import org.matrix.android.sdk.api.session.events.model.EventType +import org.matrix.android.sdk.api.session.events.model.content.SecretSendEventContent +import org.matrix.android.sdk.api.session.events.model.toModel +import org.matrix.android.sdk.api.util.toBase64NoPadding +import org.matrix.android.sdk.internal.crypto.actions.EnsureOlmSessionsForDevicesAction +import org.matrix.android.sdk.internal.crypto.actions.MessageEncrypter +import org.matrix.android.sdk.internal.crypto.store.IMXCryptoStore +import org.matrix.android.sdk.internal.crypto.tasks.SendToDeviceTask +import org.matrix.android.sdk.internal.crypto.tasks.createUniqueTxnId +import org.matrix.android.sdk.internal.session.SessionScope +import timber.log.Timber +import javax.inject.Inject + +private val loggerTag = LoggerTag("SecretShareManager", LoggerTag.CRYPTO) + +@SessionScope +internal class SecretShareManager @Inject constructor( + private val credentials: Credentials, + private val cryptoStore: IMXCryptoStore, + private val cryptoCoroutineScope: CoroutineScope, + private val messageEncrypter: MessageEncrypter, + private val ensureOlmSessionsForDevicesAction: EnsureOlmSessionsForDevicesAction, + private val sendToDeviceTask: SendToDeviceTask, + private val coroutineDispatchers: MatrixCoroutineDispatchers +) { + + companion object { + private const val SECRET_SHARE_WINDOW_DURATION = 5 * 60 * 1000 // 5 minutes + } + + /** + * Secret gossiping only occurs during a limited window period after interactive verification. + * We keep track of recent verification in memory for that purpose (no need to persist) + */ + private val recentlyVerifiedDevices = mutableMapOf() + private val verifMutex = Mutex() + + /** + * Secrets are exchanged as part of interactive verification, + * so we can just store in memory. + */ + private val outgoingSecretRequests = mutableListOf() + + // the listeners + private val gossipingRequestListeners: MutableSet = HashSet() + + fun addListener(listener: GossipingRequestListener) { + synchronized(gossipingRequestListeners) { + gossipingRequestListeners.add(listener) + } + } + + fun removeListener(listener: GossipingRequestListener) { + synchronized(gossipingRequestListeners) { + gossipingRequestListeners.remove(listener) + } + } + + /** + * Called when a session has been verified. + * This information can be used by the manager to decide whether or not to fullfill gossiping requests. + * This should be called as fast as possible after a successful self interactive verification + */ + fun onVerificationCompleteForDevice(deviceId: String) { + // For now we just keep an in memory cache + cryptoCoroutineScope.launch { + verifMutex.withLock { + recentlyVerifiedDevices[deviceId] = System.currentTimeMillis() + } + } + } + + suspend fun handleSecretRequest(toDevice: Event) { + val request = toDevice.getClearContent().toModel() + ?: return Unit.also { + Timber.tag(loggerTag.value) + .w("handleSecretRequest() : malformed request") + } + +// val (action, requestingDeviceId, requestId, secretName) = it + val secretName = request.secretName ?: return Unit.also { + Timber.tag(loggerTag.value) + .v("handleSecretRequest() : Missing secret name") + } + + val userId = toDevice.senderId ?: return Unit.also { + Timber.tag(loggerTag.value) + .v("handleSecretRequest() : Missing senderId") + } + + if (userId != credentials.userId) { + // secrets are only shared between our own devices + Timber.tag(loggerTag.value) + .e("Ignoring secret share request from other users $userId") + return + } + + val deviceId = request.requestingDeviceId + ?: return Unit.also { + Timber.tag(loggerTag.value) + .w("handleSecretRequest() : malformed request norequestingDeviceId ") + } + + val device = cryptoStore.getUserDevice(credentials.userId, deviceId) + ?: return Unit.also { + Timber.tag(loggerTag.value) + .e("Received secret share request from unknown device $deviceId") + } + + val isRequestingDeviceTrusted = device.isVerified + val isRecentInteractiveVerification = hasBeenVerifiedLessThanFiveMinutesFromNow(device.deviceId) + if (isRequestingDeviceTrusted && isRecentInteractiveVerification) { + // we can share the secret + + val secretValue = when (secretName) { + MASTER_KEY_SSSS_NAME -> cryptoStore.getCrossSigningPrivateKeys()?.master + SELF_SIGNING_KEY_SSSS_NAME -> cryptoStore.getCrossSigningPrivateKeys()?.selfSigned + USER_SIGNING_KEY_SSSS_NAME -> cryptoStore.getCrossSigningPrivateKeys()?.user + KEYBACKUP_SECRET_SSSS_NAME -> cryptoStore.getKeyBackupRecoveryKeyInfo()?.recoveryKey + ?.let { + extractCurveKeyFromRecoveryKey(it)?.toBase64NoPadding() + } + else -> null + } + if (secretValue == null) { + Timber.tag(loggerTag.value) + .i("The secret is unknown $secretName, passing to app layer") + val toList = synchronized(gossipingRequestListeners) { gossipingRequestListeners.toList() } + toList.onEach { listener -> + listener.onSecretShareRequest(request) + } + return + } + + val payloadJson = mapOf( + "type" to EventType.SEND_SECRET, + "content" to mapOf( + "request_id" to request.requestId, + "secret" to secretValue + ) + ) + + // Is it possible that we don't have an olm session? + val devicesByUser = mapOf(device.userId to listOf(device)) + val usersDeviceMap = try { + ensureOlmSessionsForDevicesAction.handle(devicesByUser) + } catch (failure: Throwable) { + Timber.tag(loggerTag.value) + .w("Can't share secret ${request.secretName}: Failed to establish olm session") + return + } + + val olmSessionResult = usersDeviceMap.getObject(device.userId, device.deviceId) + if (olmSessionResult?.sessionId == null) { + Timber.tag(loggerTag.value) + .w("secret share: no session with this device $deviceId, probably because there were no one-time keys") + return + } + + val encodedPayload = messageEncrypter.encryptMessage(payloadJson, listOf(device)) + val sendToDeviceMap = MXUsersDevicesMap() + sendToDeviceMap.setObject(device.userId, device.deviceId, encodedPayload) + val sendToDeviceParams = SendToDeviceTask.Params(EventType.ENCRYPTED, sendToDeviceMap) + try { + // raise the retries for secret + sendToDeviceTask.executeRetry(sendToDeviceParams, 6) + Timber.tag(loggerTag.value) + .i("successfully shared secret $secretName to ${device.shortDebugString()}") + // TODO add a trail for that in audit logs + } catch (failure: Throwable) { + Timber.tag(loggerTag.value) + .e(failure, "failed to send shared secret $secretName to ${device.shortDebugString()}") + } + } else { + Timber.tag(loggerTag.value) + .d(" Received secret share request from un-authorised device ${device.deviceId}") + } + } + + private suspend fun hasBeenVerifiedLessThanFiveMinutesFromNow(deviceId: String): Boolean { + val verifTimestamp = verifMutex.withLock { + recentlyVerifiedDevices[deviceId] + } ?: return false + + val age = System.currentTimeMillis() - verifTimestamp + + return age < SECRET_SHARE_WINDOW_DURATION + } + + suspend fun requestSecretTo(deviceId: String, secretName: String) { + val cryptoDeviceInfo = cryptoStore.getUserDevice(credentials.userId, deviceId) ?: return Unit.also { + Timber.tag(loggerTag.value) + .d("Can't request secret for $secretName unknown device $deviceId") + } + val toDeviceContent = SecretShareRequest( + requestingDeviceId = credentials.deviceId, + secretName = secretName, + requestId = createUniqueTxnId() + ) + + verifMutex.withLock { + outgoingSecretRequests.add(toDeviceContent) + } + + val contentMap = MXUsersDevicesMap() + contentMap.setObject(cryptoDeviceInfo.userId, cryptoDeviceInfo.deviceId, toDeviceContent) + + val params = SendToDeviceTask.Params( + eventType = EventType.REQUEST_SECRET, + contentMap = contentMap + ) + try { + withContext(coroutineDispatchers.io) { + sendToDeviceTask.executeRetry(params, 3) + } + Timber.tag(loggerTag.value) + .d("Secret request sent for $secretName to ${cryptoDeviceInfo.shortDebugString()}") + // TODO update the audit trail + } catch (failure: Throwable) { + Timber.tag(loggerTag.value) + .w("Failed to request secret $secretName to ${cryptoDeviceInfo.shortDebugString()}") + } + } + + suspend fun onSecretSendReceived(toDevice: Event, handleGossip: ((name: String, value: String) -> Boolean)) { + Timber.tag(loggerTag.value) + .i("onSecretSend() from ${toDevice.senderId} : onSecretSendReceived ${toDevice.content?.get("sender_key")}") + if (!toDevice.isEncrypted()) { + // secret send messages must be encrypted + Timber.tag(loggerTag.value).e("onSecretSend() :Received unencrypted secret send event") + return + } + + // Was that sent by us? + if (toDevice.senderId != credentials.userId) { + Timber.tag(loggerTag.value).e("onSecretSend() : Ignore secret from other user ${toDevice.senderId}") + return + } + + val secretContent = toDevice.getClearContent().toModel() ?: return + + val existingRequest = verifMutex.withLock { + outgoingSecretRequests.firstOrNull { it.requestId == secretContent.requestId } + } + + // As per spec: + // Clients should ignore m.secret.send events received from devices that it did not send an m.secret.request event to. + if (existingRequest?.secretName == null) { + Timber.tag(loggerTag.value).i("onSecretSend() : Ignore secret that was not requested: ${secretContent.requestId}") + return + } + // we don't need to cancel the request as we only request to one device + // just forget about the request now + verifMutex.withLock { + outgoingSecretRequests.remove(existingRequest) + } + + if (!handleGossip(existingRequest.secretName, secretContent.secretValue)) { + // TODO Ask to application layer? + Timber.tag(loggerTag.value).v("onSecretSend() : secret not handled by SDK") + } + } +} diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/algorithms/megolm/MXMegolmDecryption.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/algorithms/megolm/MXMegolmDecryption.kt index 37fb8ba0f9..1daf2d2617 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/algorithms/megolm/MXMegolmDecryption.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/algorithms/megolm/MXMegolmDecryption.kt @@ -229,7 +229,7 @@ internal class MXMegolmDecryption( } Timber.tag(loggerTag.value).i("onRoomKeyEvent addInboundGroupSession ${roomKeyContent.sessionId}") - val added = olmDevice.addInboundGroupSession(roomKeyContent.sessionId, + val addSessionResult = olmDevice.addInboundGroupSession(roomKeyContent.sessionId, roomKeyContent.sessionKey, roomKeyContent.roomId, senderKey, @@ -237,9 +237,9 @@ internal class MXMegolmDecryption( keysClaimed, exportFormat) - when (added) { - is MXOlmDevice.AddSessionResult.Imported -> added.ratchetIndex - is MXOlmDevice.AddSessionResult.NotImportedHigherIndex -> added.newIndex + when (addSessionResult) { + is MXOlmDevice.AddSessionResult.Imported -> addSessionResult.ratchetIndex + is MXOlmDevice.AddSessionResult.NotImportedHigherIndex -> addSessionResult.newIndex else -> null }?.let { index -> if (event.getClearType() == EventType.FORWARDED_ROOM_KEY) { @@ -273,7 +273,7 @@ internal class MXMegolmDecryption( } } - if (added is MXOlmDevice.AddSessionResult.Imported) { + if (addSessionResult is MXOlmDevice.AddSessionResult.Imported) { Timber.tag(loggerTag.value) .d("onRoomKeyEvent(${event.getClearType()}) : Added megolm session ${roomKeyContent.sessionId} in ${roomKeyContent.roomId}") defaultKeysBackupService.maybeBackupKeys() diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/RealmCryptoStore.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/RealmCryptoStore.kt index 2db3dba50d..7e69c2114a 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/RealmCryptoStore.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/RealmCryptoStore.kt @@ -892,7 +892,8 @@ internal class RealmCryptoStore @Inject constructor( val sessionIdentifier = olmInboundGroupSessionWrapper.olmInboundGroupSession?.sessionIdentifier() val key = OlmInboundGroupSessionEntity.createPrimaryKey( sessionIdentifier, - olmInboundGroupSessionWrapper.senderKey) + olmInboundGroupSessionWrapper.senderKey + ) val existing = realm.where() .equalTo(OlmInboundGroupSessionEntityFields.PRIMARY_KEY, key) @@ -1049,7 +1050,7 @@ internal class RealmCryptoStore @Inject constructor( .equalTo(OutgoingKeyRequestEntityFields.ROOM_ID, requestBody.roomId) .equalTo(OutgoingKeyRequestEntityFields.MEGOLM_SESSION_ID, requestBody.sessionId) }.map { - it.toOutgoingGossipingRequest() + it.toOutgoingKeyRequest() }.firstOrNull { it.requestBody?.algorithm == requestBody.algorithm && it.requestBody?.roomId == requestBody.roomId && @@ -1063,7 +1064,7 @@ internal class RealmCryptoStore @Inject constructor( realm.where() .equalTo(OutgoingKeyRequestEntityFields.REQUEST_ID, requestId) }.map { - it.toOutgoingGossipingRequest() + it.toOutgoingKeyRequest() }.firstOrNull() } @@ -1074,7 +1075,7 @@ internal class RealmCryptoStore @Inject constructor( .equalTo(OutgoingKeyRequestEntityFields.ROOM_ID, roomId) .equalTo(OutgoingKeyRequestEntityFields.MEGOLM_SESSION_ID, sessionId) }.map { - it.toOutgoingGossipingRequest() + it.toOutgoingKeyRequest() }.filter { it.requestBody?.algorithm == algorithm && it.requestBody?.senderKey == senderKey @@ -1088,30 +1089,35 @@ internal class RealmCryptoStore @Inject constructor( val dataSourceFactory = realmDataSourceFactory.map { AuditTrailMapper.map(it) // mm we can't map not null... - ?: AuditTrail( - System.currentTimeMillis(), - TrailType.Unknown, - IncomingKeyRequestInfo( - "", - "", - "", - "", - "", - "", - "", - ) - ) + ?: createUnknownTrail() } - return monarchy.findAllPagedWithChanges(realmDataSourceFactory, - LivePagedListBuilder(dataSourceFactory, + return monarchy.findAllPagedWithChanges( + realmDataSourceFactory, + LivePagedListBuilder( + dataSourceFactory, PagedList.Config.Builder() .setPageSize(20) .setEnablePlaceholders(false) .setPrefetchDistance(1) - .build()) + .build() + ) ) } + private fun createUnknownTrail() = AuditTrail( + System.currentTimeMillis(), + TrailType.Unknown, + IncomingKeyRequestInfo( + "", + "", + "", + "", + "", + "", + "", + ) + ) + override fun getGossipingEventsTrail(type: TrailType, mapper: ((AuditTrail) -> T)): LiveData> { val realmDataSourceFactory = monarchy.createDataSourceFactory { realm -> realm.where() @@ -1121,28 +1127,19 @@ internal class RealmCryptoStore @Inject constructor( val dataSourceFactory = realmDataSourceFactory.map { entity -> (AuditTrailMapper.map(entity) // mm we can't map not null... - ?: AuditTrail( - System.currentTimeMillis(), - type, - IncomingKeyRequestInfo( - "", - "", - "", - "", - "", - "", - "", - ) - ) + ?: createUnknownTrail() ).let { mapper.invoke(it) } } - return monarchy.findAllPagedWithChanges(realmDataSourceFactory, - LivePagedListBuilder(dataSourceFactory, + return monarchy.findAllPagedWithChanges( + realmDataSourceFactory, + LivePagedListBuilder( + dataSourceFactory, PagedList.Config.Builder() .setPageSize(20) .setEnablePlaceholders(false) .setPrefetchDistance(1) - .build()) + .build() + ) ) } @@ -1166,7 +1163,7 @@ internal class RealmCryptoStore @Inject constructor( .equalTo(OutgoingKeyRequestEntityFields.ROOM_ID, requestBody.roomId) .findAll() .map { - it.toOutgoingGossipingRequest() + it.toOutgoingKeyRequest() }.also { if (it.size > 1) { // there should be one or zero but not more, worth warning @@ -1188,7 +1185,7 @@ internal class RealmCryptoStore @Inject constructor( this.requestState = OutgoingRoomKeyRequestState.UNSENT this.setRequestBody(requestBody) this.creationTimeStamp = System.currentTimeMillis() - }.toOutgoingGossipingRequest() + }.toOutgoingKeyRequest() } else { request = existing } @@ -1231,7 +1228,7 @@ internal class RealmCryptoStore @Inject constructor( .equalTo(OutgoingKeyRequestEntityFields.ROOM_ID, roomId) .equalTo(OutgoingKeyRequestEntityFields.MEGOLM_SESSION_ID, sessionId) .findAll().firstOrNull { entity -> - entity.toOutgoingGossipingRequest().let { + entity.toOutgoingKeyRequest().let { it.requestBody?.senderKey == senderKey && it.requestBody?.algorithm == algorithm } @@ -1473,7 +1470,7 @@ internal class RealmCryptoStore @Inject constructor( realm .where(OutgoingKeyRequestEntity::class.java) }, { entity -> - entity.toOutgoingGossipingRequest() + entity.toOutgoingKeyRequest() }) .filterNotNull() } @@ -1484,7 +1481,7 @@ internal class RealmCryptoStore @Inject constructor( .where(OutgoingKeyRequestEntity::class.java) .`in`(OutgoingKeyRequestEntityFields.REQUEST_STATE_STR, inStates.map { it.name }.toTypedArray()) }, { entity -> - entity.toOutgoingGossipingRequest() + entity.toOutgoingKeyRequest() }) .filterNotNull() } @@ -1495,15 +1492,18 @@ internal class RealmCryptoStore @Inject constructor( .where(OutgoingKeyRequestEntity::class.java) } val dataSourceFactory = realmDataSourceFactory.map { - it.toOutgoingGossipingRequest() + it.toOutgoingKeyRequest() } - val trail = monarchy.findAllPagedWithChanges(realmDataSourceFactory, - LivePagedListBuilder(dataSourceFactory, + val trail = monarchy.findAllPagedWithChanges( + realmDataSourceFactory, + LivePagedListBuilder( + dataSourceFactory, PagedList.Config.Builder() .setPageSize(20) .setEnablePlaceholders(false) .setPrefetchDistance(1) - .build()) + .build() + ) ) return trail } diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/OutgoingKeyRequestEntity.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/OutgoingKeyRequestEntity.kt index 11c2514845..7a8ba18809 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/OutgoingKeyRequestEntity.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/OutgoingKeyRequestEntity.kt @@ -58,7 +58,7 @@ internal open class OutgoingKeyRequestEntity( ) } - fun getRequestedKeyInfo(): RoomKeyRequestBody? = RoomKeyRequestBody.fromJson(requestedInfoStr) + private fun getRequestedKeyInfo(): RoomKeyRequestBody? = RoomKeyRequestBody.fromJson(requestedInfoStr) fun setRequestBody(body: RoomKeyRequestBody) { requestedInfoStr = body.toJson() @@ -92,7 +92,7 @@ internal open class OutgoingKeyRequestEntity( replies.add(newReply) } - fun toOutgoingGossipingRequest(): OutgoingKeyRequest { + fun toOutgoingKeyRequest(): OutgoingKeyRequest { return OutgoingKeyRequest( requestBody = getRequestedKeyInfo(), recipients = getRecipients().orEmpty(), diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/session/room/membership/joining/JoinRoomTask.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/session/room/membership/joining/JoinRoomTask.kt index fa7dfd8726..c9f86baa29 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/session/room/membership/joining/JoinRoomTask.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/session/room/membership/joining/JoinRoomTask.kt @@ -18,7 +18,6 @@ package org.matrix.android.sdk.internal.session.room.membership.joining import io.realm.RealmConfiguration import kotlinx.coroutines.TimeoutCancellationException -import kotlinx.coroutines.withContext import org.matrix.android.sdk.api.MatrixCoroutineDispatchers import org.matrix.android.sdk.api.session.events.model.toContent import org.matrix.android.sdk.api.session.identity.model.SignInvitationResult @@ -71,13 +70,11 @@ internal class DefaultJoinRoomTask @Inject constructor( } val joinRoomResponse = try { executeRequest(globalErrorReceiver) { - withContext(coroutineDispatcher.io) { - roomAPI.join( - roomIdOrAlias = params.roomIdOrAlias, - viaServers = params.viaServers.take(3), - params = extraParams - ) - } + roomAPI.join( + roomIdOrAlias = params.roomIdOrAlias, + viaServers = params.viaServers.take(3), + params = extraParams + ) } } catch (failure: Throwable) { roomChangeMembershipStateDataSource.updateState(params.roomIdOrAlias, ChangeMembershipState.FailedJoining(failure)) From 45afc044212ffb3a71818f8266c769d3e0d7496e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Olive=CC=81r=20Falvai?= Date: Wed, 27 Apr 2022 20:24:57 +0200 Subject: [PATCH 027/433] Use fixed text size in read receipt counter --- vector/src/main/res/layout/view_read_receipts.xml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/vector/src/main/res/layout/view_read_receipts.xml b/vector/src/main/res/layout/view_read_receipts.xml index 907f1ec0e3..e8101ec28d 100644 --- a/vector/src/main/res/layout/view_read_receipts.xml +++ b/vector/src/main/res/layout/view_read_receipts.xml @@ -16,6 +16,8 @@ android:paddingStart="4dp" android:paddingEnd="4dp" android:textColor="?vctr_content_primary" + android:textSize="12dp" + tools:ignore="SpUsage" tools:text="999+" /> Date: Wed, 27 Apr 2022 20:34:03 +0200 Subject: [PATCH 028/433] Add changelog --- changelog.d/5856.bugfix | 1 + 1 file changed, 1 insertion(+) create mode 100644 changelog.d/5856.bugfix diff --git a/changelog.d/5856.bugfix b/changelog.d/5856.bugfix new file mode 100644 index 0000000000..87f10ac9b2 --- /dev/null +++ b/changelog.d/5856.bugfix @@ -0,0 +1 @@ +Use fixed text size in read receipt counter From 0f06368027f0910a3e05d1b80dd977492ab545b1 Mon Sep 17 00:00:00 2001 From: Valere Date: Thu, 28 Apr 2022 09:09:38 +0200 Subject: [PATCH 029/433] Code review --- .../api/session/crypto/model/AuditTrail.kt | 161 +++++++++--------- .../crypto/IncomingKeyRequestManager.kt | 12 +- .../crypto/store/db/RealmCryptoStore.kt | 4 +- .../store/db/migration/MigrateCryptoTo016.kt | 4 +- .../crypto/store/db/model/AuditTrailMapper.kt | 25 +-- .../store/db/model/CryptoMetadataEntity.kt | 2 +- 6 files changed, 105 insertions(+), 103 deletions(-) diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/model/AuditTrail.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/model/AuditTrail.kt index c479ee8146..861f3bd30b 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/model/AuditTrail.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/crypto/model/AuditTrail.kt @@ -1,76 +1,85 @@ -/* - * Copyright 2022 The Matrix.org Foundation C.I.C. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.matrix.android.sdk.api.session.crypto.model - -import com.squareup.moshi.JsonClass -import org.matrix.android.sdk.api.session.events.model.content.WithHeldCode - -enum class TrailType { - OutgoingKeyForward, - IncomingKeyForward, - OutgoingKeyWithheld, - IncomingKeyRequest, - Unknown -} - -interface AuditInfo { - val roomId: String - val sessionId: String - val senderKey: String - val alg: String - val userId: String - val deviceId: String -} - -@JsonClass(generateAdapter = true) -data class ForwardInfo( - override val roomId: String, - override val sessionId: String, - override val senderKey: String, - override val alg: String, - override val userId: String, - override val deviceId: String, - val chainIndex: Long? -) : AuditInfo - -@JsonClass(generateAdapter = true) -data class WithheldInfo( - override val roomId: String, - override val sessionId: String, - override val senderKey: String, - override val alg: String, - val code: WithHeldCode, - override val userId: String, - override val deviceId: String -) : AuditInfo - -@JsonClass(generateAdapter = true) -data class IncomingKeyRequestInfo( - override val roomId: String, - override val sessionId: String, - override val senderKey: String, - override val alg: String, - override val userId: String, - override val deviceId: String, - val requestId: String -) : AuditInfo - -data class AuditTrail( - val ageLocalTs: Long, - val type: TrailType, - val info: AuditInfo -) +/* + * Copyright 2022 The Matrix.org Foundation C.I.C. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.matrix.android.sdk.api.session.crypto.model + +import com.squareup.moshi.JsonClass +import org.matrix.android.sdk.api.session.events.model.content.WithHeldCode + +enum class TrailType { + OutgoingKeyForward, + IncomingKeyForward, + OutgoingKeyWithheld, + IncomingKeyRequest, + Unknown +} + +interface AuditInfo { + val roomId: String + val sessionId: String + val senderKey: String + val alg: String + val userId: String + val deviceId: String +} + +@JsonClass(generateAdapter = true) +data class ForwardInfo( + override val roomId: String, + override val sessionId: String, + override val senderKey: String, + override val alg: String, + override val userId: String, + override val deviceId: String, + val chainIndex: Long? +) : AuditInfo + +object UnknownInfo : AuditInfo { + override val roomId: String = "" + override val sessionId: String = "" + override val senderKey: String = "" + override val alg: String = "" + override val userId: String = "" + override val deviceId: String = "" +} + +@JsonClass(generateAdapter = true) +data class WithheldInfo( + override val roomId: String, + override val sessionId: String, + override val senderKey: String, + override val alg: String, + val code: WithHeldCode, + override val userId: String, + override val deviceId: String +) : AuditInfo + +@JsonClass(generateAdapter = true) +data class IncomingKeyRequestInfo( + override val roomId: String, + override val sessionId: String, + override val senderKey: String, + override val alg: String, + override val userId: String, + override val deviceId: String, + val requestId: String +) : AuditInfo + +data class AuditTrail( + val ageLocalTs: Long, + val type: TrailType, + val info: AuditInfo +) diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/IncomingKeyRequestManager.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/IncomingKeyRequestManager.kt index 3766e5f5a3..19965f0ba2 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/IncomingKeyRequestManager.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/IncomingKeyRequestManager.kt @@ -96,9 +96,9 @@ internal class IncomingKeyRequestManager @Inject constructor( val requestId = this.requestId ?: return null if (body.algorithm != MXCRYPTO_ALGORITHM_MEGOLM) return null val action = when (this.action) { - "request" -> MegolmRequestAction.Request + "request" -> MegolmRequestAction.Request "request_cancellation" -> MegolmRequestAction.Cancel - else -> null + else -> null } ?: return null return ValidMegolmRequestBody( requestId = requestId, @@ -112,6 +112,11 @@ internal class IncomingKeyRequestManager @Inject constructor( } fun addNewIncomingRequest(senderId: String, request: RoomKeyShareRequest) { + if (!cryptoStore.isKeyGossipingEnabled()) { + Timber.tag(loggerTag.value) + .i("Ignore incoming key request as per crypto config in room ${request.body?.roomId}") + return + } outgoingRequestScope.launch { // It is important to handle requests in order sequencer.post { @@ -422,7 +427,8 @@ internal class IncomingKeyRequestManager @Inject constructor( MXCRYPTO_ALGORITHM_MEGOLM, requestingDevice.userId, requestingDevice.deviceId, - chainIndex) + chainIndex + ) true } catch (failure: Throwable) { Timber.tag(loggerTag.value) diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/RealmCryptoStore.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/RealmCryptoStore.kt index 7e69c2114a..c545c59413 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/RealmCryptoStore.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/RealmCryptoStore.kt @@ -953,13 +953,13 @@ internal class RealmCryptoStore @Inject constructor( override fun enableKeyGossiping(enable: Boolean) { doRealmTransaction(realmConfiguration) { - it.where().findFirst()?.globalEnableKeyRequestingAndSharing = enable + it.where().findFirst()?.globalEnableKeyGossiping = enable } } override fun isKeyGossipingEnabled(): Boolean { return doWithRealm(realmConfiguration) { - it.where().findFirst()?.globalEnableKeyRequestingAndSharing + it.where().findFirst()?.globalEnableKeyGossiping } ?: true } diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/migration/MigrateCryptoTo016.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/migration/MigrateCryptoTo016.kt index edc8b566ad..5a14ebf85a 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/migration/MigrateCryptoTo016.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/migration/MigrateCryptoTo016.kt @@ -61,10 +61,10 @@ internal class MigrateCryptoTo016(realm: DynamicRealm) : RealmMigrator(realm, 16 .addIndex(AuditTrailEntityFields.TYPE) realm.schema.get("CryptoMetadataEntity") - ?.addField(CryptoMetadataEntityFields.GLOBAL_ENABLE_KEY_REQUESTING_AND_SHARING, Boolean::class.java) + ?.addField(CryptoMetadataEntityFields.GLOBAL_ENABLE_KEY_GOSSIPING, Boolean::class.java) ?.transform { // set the default value to true - it.setBoolean(CryptoMetadataEntityFields.GLOBAL_ENABLE_KEY_REQUESTING_AND_SHARING, true) + it.setBoolean(CryptoMetadataEntityFields.GLOBAL_ENABLE_KEY_GOSSIPING, true) } } } diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/AuditTrailMapper.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/AuditTrailMapper.kt index 16d08784eb..80ae4a8d0d 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/AuditTrailMapper.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/AuditTrailMapper.kt @@ -17,11 +17,11 @@ package org.matrix.android.sdk.internal.crypto.store.db.model import org.matrix.android.sdk.api.extensions.tryOrNull -import org.matrix.android.sdk.api.session.crypto.model.AuditInfo import org.matrix.android.sdk.api.session.crypto.model.AuditTrail import org.matrix.android.sdk.api.session.crypto.model.ForwardInfo import org.matrix.android.sdk.api.session.crypto.model.IncomingKeyRequestInfo import org.matrix.android.sdk.api.session.crypto.model.TrailType +import org.matrix.android.sdk.api.session.crypto.model.UnknownInfo import org.matrix.android.sdk.api.session.crypto.model.WithheldInfo import org.matrix.android.sdk.internal.di.MoshiProvider @@ -30,7 +30,7 @@ internal object AuditTrailMapper { fun map(entity: AuditTrailEntity): AuditTrail? { val contentJson = entity.contentJson ?: return null return when (entity.type) { - TrailType.OutgoingKeyForward.name -> { + TrailType.OutgoingKeyForward.name -> { val info = tryOrNull { MoshiProvider.providesMoshi().adapter(ForwardInfo::class.java).fromJson(contentJson) } ?: return null @@ -50,7 +50,7 @@ internal object AuditTrailMapper { info = info ) } - TrailType.IncomingKeyRequest.name -> { + TrailType.IncomingKeyRequest.name -> { val info = tryOrNull { MoshiProvider.providesMoshi().adapter(IncomingKeyRequestInfo::class.java).fromJson(contentJson) } ?: return null @@ -60,7 +60,7 @@ internal object AuditTrailMapper { info = info ) } - TrailType.IncomingKeyForward.name -> { + TrailType.IncomingKeyForward.name -> { val info = tryOrNull { MoshiProvider.providesMoshi().adapter(ForwardInfo::class.java).fromJson(contentJson) } ?: return null @@ -70,24 +70,11 @@ internal object AuditTrailMapper { info = info ) } - else -> { + else -> { AuditTrail( ageLocalTs = entity.ageLocalTs ?: 0, type = TrailType.Unknown, - info = object : AuditInfo { - override val roomId: String - get() = "" - override val sessionId: String - get() = "" - override val senderKey: String - get() = "" - override val alg: String - get() = "" - override val userId: String - get() = "" - override val deviceId: String - get() = "" - } + info = UnknownInfo ) } } diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/CryptoMetadataEntity.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/CryptoMetadataEntity.kt index 9776d2073a..63ed0e537e 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/CryptoMetadataEntity.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/store/db/model/CryptoMetadataEntity.kt @@ -34,7 +34,7 @@ internal open class CryptoMetadataEntity( // Settings for blacklisting unverified devices. var globalBlacklistUnverifiedDevices: Boolean = false, // setting to enable or disable key gossiping - var globalEnableKeyRequestingAndSharing: Boolean = true, + var globalEnableKeyGossiping: Boolean = true, // The keys backup version currently used. Null means no backup. var backupVersion: String? = null, From 042ec3628fc7caed9c15a936036f36a2ef64f79a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Olive=CC=81r=20Falvai?= Date: Thu, 28 Apr 2022 19:02:48 +0200 Subject: [PATCH 030/433] Extract text size to style --- library/ui-styles/src/main/res/values/styles_timeline.xml | 7 +++++-- vector/src/main/res/layout/view_read_receipts.xml | 4 +--- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/library/ui-styles/src/main/res/values/styles_timeline.xml b/library/ui-styles/src/main/res/values/styles_timeline.xml index c86eeb8efb..20c375c2d6 100644 --- a/library/ui-styles/src/main/res/values/styles_timeline.xml +++ b/library/ui-styles/src/main/res/values/styles_timeline.xml @@ -1,5 +1,5 @@ - + + - \ No newline at end of file + diff --git a/vector/src/main/res/layout/view_read_receipts.xml b/vector/src/main/res/layout/view_read_receipts.xml index e8101ec28d..11fdeb74d5 100644 --- a/vector/src/main/res/layout/view_read_receipts.xml +++ b/vector/src/main/res/layout/view_read_receipts.xml @@ -7,7 +7,7 @@ Date: Fri, 29 Apr 2022 09:42:56 +0200 Subject: [PATCH 031/433] Fix make verif scope as a child of crypto scope --- .../VerificationTransportRoomMessage.kt | 632 +++++++++--------- ...VerificationTransportRoomMessageFactory.kt | 8 +- 2 files changed, 322 insertions(+), 318 deletions(-) diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/VerificationTransportRoomMessage.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/VerificationTransportRoomMessage.kt index dfdda4f1d8..69ad3dd1b7 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/VerificationTransportRoomMessage.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/VerificationTransportRoomMessage.kt @@ -1,316 +1,316 @@ -/* - * Copyright 2020 The Matrix.org Foundation C.I.C. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.matrix.android.sdk.internal.crypto.verification - -import kotlinx.coroutines.CoroutineScope -import kotlinx.coroutines.SupervisorJob -import kotlinx.coroutines.asCoroutineDispatcher -import kotlinx.coroutines.launch -import org.matrix.android.sdk.api.session.crypto.verification.CancelCode -import org.matrix.android.sdk.api.session.crypto.verification.ValidVerificationInfoRequest -import org.matrix.android.sdk.api.session.crypto.verification.VerificationTxState -import org.matrix.android.sdk.api.session.events.model.Content -import org.matrix.android.sdk.api.session.events.model.Event -import org.matrix.android.sdk.api.session.events.model.EventType -import org.matrix.android.sdk.api.session.events.model.LocalEcho -import org.matrix.android.sdk.api.session.events.model.RelationType -import org.matrix.android.sdk.api.session.events.model.UnsignedData -import org.matrix.android.sdk.api.session.events.model.toContent -import org.matrix.android.sdk.api.session.room.model.message.MessageVerificationAcceptContent -import org.matrix.android.sdk.api.session.room.model.message.MessageVerificationCancelContent -import org.matrix.android.sdk.api.session.room.model.message.MessageVerificationDoneContent -import org.matrix.android.sdk.api.session.room.model.message.MessageVerificationKeyContent -import org.matrix.android.sdk.api.session.room.model.message.MessageVerificationMacContent -import org.matrix.android.sdk.api.session.room.model.message.MessageVerificationReadyContent -import org.matrix.android.sdk.api.session.room.model.message.MessageVerificationRequestContent -import org.matrix.android.sdk.api.session.room.model.message.MessageVerificationStartContent -import org.matrix.android.sdk.api.session.room.model.relation.RelationDefaultContent -import org.matrix.android.sdk.internal.crypto.model.rest.VERIFICATION_METHOD_RECIPROCATE -import org.matrix.android.sdk.internal.crypto.model.rest.VERIFICATION_METHOD_SAS -import org.matrix.android.sdk.internal.crypto.tasks.SendVerificationMessageTask -import org.matrix.android.sdk.internal.session.room.send.LocalEchoEventFactory -import org.matrix.android.sdk.internal.task.SemaphoreCoroutineSequencer -import timber.log.Timber -import java.util.concurrent.Executors - -internal class VerificationTransportRoomMessage( - private val sendVerificationMessageTask: SendVerificationMessageTask, - private val userId: String, - private val userDeviceId: String?, - private val roomId: String, - private val localEchoEventFactory: LocalEchoEventFactory, - private val tx: DefaultVerificationTransaction? -) : VerificationTransport { - - private val dispatcher = Executors.newSingleThreadExecutor().asCoroutineDispatcher() - private val verificationSenderScope = CoroutineScope(SupervisorJob() + dispatcher) - private val sequencer = SemaphoreCoroutineSequencer() - - override fun sendToOther(type: String, - verificationInfo: VerificationInfo, - nextState: VerificationTxState, - onErrorReason: CancelCode, - onDone: (() -> Unit)?) { - Timber.d("## SAS sending msg type $type") - Timber.v("## SAS sending msg info $verificationInfo") - val event = createEventAndLocalEcho( - type = type, - roomId = roomId, - content = verificationInfo.toEventContent()!! - ) - - verificationSenderScope.launch { - sequencer.post { - try { - val params = SendVerificationMessageTask.Params(event) - sendVerificationMessageTask.executeRetry(params, 5) - // Do I need to update local echo state to sent? - if (onDone != null) { - onDone() - } else { - tx?.state = nextState - } - } catch (failure: Throwable) { - tx?.cancel(onErrorReason) - } - } - } - } - - override fun sendVerificationRequest(supportedMethods: List, - localId: String, - otherUserId: String, - roomId: String?, - toDevices: List?, - callback: (String?, ValidVerificationInfoRequest?) -> Unit) { - Timber.d("## SAS sending verification request with supported methods: $supportedMethods") - // This transport requires a room - requireNotNull(roomId) - - val validInfo = ValidVerificationInfoRequest( - transactionId = "", - fromDevice = userDeviceId ?: "", - methods = supportedMethods, - timestamp = System.currentTimeMillis() - ) - - val info = MessageVerificationRequestContent( - body = "$userId is requesting to verify your key, but your client does not support in-chat key verification." + - " You will need to use legacy key verification to verify keys.", - fromDevice = validInfo.fromDevice, - toUserId = otherUserId, - timestamp = validInfo.timestamp, - methods = validInfo.methods - ) - val content = info.toContent() - - val event = createEventAndLocalEcho( - localId = localId, - type = EventType.MESSAGE, - roomId = roomId, - content = content - ) - - verificationSenderScope.launch { - val params = SendVerificationMessageTask.Params(event) - sequencer.post { - try { - val eventId = sendVerificationMessageTask.executeRetry(params, 5) - // Do I need to update local echo state to sent? - callback(eventId, validInfo) - } catch (failure: Throwable) { - callback(null, null) - } - } - } - } - - override fun cancelTransaction(transactionId: String, otherUserId: String, otherUserDeviceId: String?, code: CancelCode) { - Timber.d("## SAS canceling transaction $transactionId for reason $code") - val event = createEventAndLocalEcho( - type = EventType.KEY_VERIFICATION_CANCEL, - roomId = roomId, - content = MessageVerificationCancelContent.create(transactionId, code).toContent() - ) - - verificationSenderScope.launch { - sequencer.post { - try { - val params = SendVerificationMessageTask.Params(event) - sendVerificationMessageTask.executeRetry(params, 5) - } catch (failure: Throwable) { - Timber.w(failure, "Failed to cancel verification transaction") - } - } - } - } - - override fun done(transactionId: String, - onDone: (() -> Unit)?) { - Timber.d("## SAS sending done for $transactionId") - val event = createEventAndLocalEcho( - type = EventType.KEY_VERIFICATION_DONE, - roomId = roomId, - content = MessageVerificationDoneContent( - relatesTo = RelationDefaultContent( - RelationType.REFERENCE, - transactionId - ) - ).toContent() - ) - verificationSenderScope.launch { - sequencer.post { - try { - val params = SendVerificationMessageTask.Params(event) - sendVerificationMessageTask.executeRetry(params, 5) - } catch (failure: Throwable) { - Timber.w(failure, "Failed to complete (done) verification") - // should we call onDone? - } finally { - onDone?.invoke() - } - } - } -// val workerParams = WorkerParamsFactory.toData(SendVerificationMessageWorker.Params( -// sessionId = sessionId, -// eventId = event.eventId ?: "" -// )) -// val enqueueInfo = enqueueSendWork(workerParams) -// -// val workLiveData = workManagerProvider.workManager -// .getWorkInfosForUniqueWorkLiveData(uniqueQueueName()) -// val observer = object : Observer> { -// override fun onChanged(workInfoList: List?) { -// workInfoList -// ?.filter { it.state == WorkInfo.State.SUCCEEDED } -// ?.firstOrNull { it.id == enqueueInfo.second } -// ?.let { _ -> -// onDone?.invoke() -// workLiveData.removeObserver(this) -// } -// } -// } -// -// // TODO listen to DB to get synced info -// coroutineScope.launch(Dispatchers.Main) { -// workLiveData.observeForever(observer) -// } - } - -// private fun enqueueSendWork(workerParams: Data): Pair { -// val workRequest = workManagerProvider.matrixOneTimeWorkRequestBuilder() -// .setConstraints(WorkManagerProvider.workConstraints) -// .setInputData(workerParams) -// .setBackoffCriteria(BackoffPolicy.LINEAR, WorkManagerProvider.BACKOFF_DELAY_MILLIS, TimeUnit.MILLISECONDS) -// .build() -// return workManagerProvider.workManager -// .beginUniqueWork(uniqueQueueName(), ExistingWorkPolicy.APPEND_OR_REPLACE, workRequest) -// .enqueue() to workRequest.id -// } - -// private fun uniqueQueueName() = "${roomId}_VerificationWork" - - override fun createAccept(tid: String, - keyAgreementProtocol: String, - hash: String, - commitment: String, - messageAuthenticationCode: String, - shortAuthenticationStrings: List): VerificationInfoAccept = - MessageVerificationAcceptContent.create( - tid, - keyAgreementProtocol, - hash, - commitment, - messageAuthenticationCode, - shortAuthenticationStrings - ) - - override fun createKey(tid: String, pubKey: String): VerificationInfoKey = MessageVerificationKeyContent.create(tid, pubKey) - - override fun createMac(tid: String, mac: Map, keys: String) = MessageVerificationMacContent.create(tid, mac, keys) - - override fun createStartForSas(fromDevice: String, - transactionId: String, - keyAgreementProtocols: List, - hashes: List, - messageAuthenticationCodes: List, - shortAuthenticationStrings: List): VerificationInfoStart { - return MessageVerificationStartContent( - fromDevice, - hashes, - keyAgreementProtocols, - messageAuthenticationCodes, - shortAuthenticationStrings, - VERIFICATION_METHOD_SAS, - RelationDefaultContent( - type = RelationType.REFERENCE, - eventId = transactionId - ), - null - ) - } - - override fun createStartForQrCode(fromDevice: String, - transactionId: String, - sharedSecret: String): VerificationInfoStart { - return MessageVerificationStartContent( - fromDevice, - null, - null, - null, - null, - VERIFICATION_METHOD_RECIPROCATE, - RelationDefaultContent( - type = RelationType.REFERENCE, - eventId = transactionId - ), - sharedSecret - ) - } - - override fun createReady(tid: String, fromDevice: String, methods: List): VerificationInfoReady { - return MessageVerificationReadyContent( - fromDevice = fromDevice, - relatesTo = RelationDefaultContent( - type = RelationType.REFERENCE, - eventId = tid - ), - methods = methods - ) - } - - private fun createEventAndLocalEcho(localId: String = LocalEcho.createLocalEchoId(), type: String, roomId: String, content: Content): Event { - return Event( - roomId = roomId, - originServerTs = System.currentTimeMillis(), - senderId = userId, - eventId = localId, - type = type, - content = content, - unsignedData = UnsignedData(age = null, transactionId = localId) - ).also { - localEchoEventFactory.createLocalEcho(it) - } - } - - override fun sendVerificationReady(keyReq: VerificationInfoReady, - otherUserId: String, - otherDeviceId: String?, - callback: (() -> Unit)?) { - // Not applicable (send event is called directly) - Timber.w("## SAS ignored verification ready with methods: ${keyReq.methods}") - } -} +/* + * Copyright 2020 The Matrix.org Foundation C.I.C. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.matrix.android.sdk.internal.crypto.verification + +import kotlinx.coroutines.CoroutineScope +import kotlinx.coroutines.asCoroutineDispatcher +import kotlinx.coroutines.launch +import org.matrix.android.sdk.api.session.crypto.verification.CancelCode +import org.matrix.android.sdk.api.session.crypto.verification.ValidVerificationInfoRequest +import org.matrix.android.sdk.api.session.crypto.verification.VerificationTxState +import org.matrix.android.sdk.api.session.events.model.Content +import org.matrix.android.sdk.api.session.events.model.Event +import org.matrix.android.sdk.api.session.events.model.EventType +import org.matrix.android.sdk.api.session.events.model.LocalEcho +import org.matrix.android.sdk.api.session.events.model.RelationType +import org.matrix.android.sdk.api.session.events.model.UnsignedData +import org.matrix.android.sdk.api.session.events.model.toContent +import org.matrix.android.sdk.api.session.room.model.message.MessageVerificationAcceptContent +import org.matrix.android.sdk.api.session.room.model.message.MessageVerificationCancelContent +import org.matrix.android.sdk.api.session.room.model.message.MessageVerificationDoneContent +import org.matrix.android.sdk.api.session.room.model.message.MessageVerificationKeyContent +import org.matrix.android.sdk.api.session.room.model.message.MessageVerificationMacContent +import org.matrix.android.sdk.api.session.room.model.message.MessageVerificationReadyContent +import org.matrix.android.sdk.api.session.room.model.message.MessageVerificationRequestContent +import org.matrix.android.sdk.api.session.room.model.message.MessageVerificationStartContent +import org.matrix.android.sdk.api.session.room.model.relation.RelationDefaultContent +import org.matrix.android.sdk.internal.crypto.model.rest.VERIFICATION_METHOD_RECIPROCATE +import org.matrix.android.sdk.internal.crypto.model.rest.VERIFICATION_METHOD_SAS +import org.matrix.android.sdk.internal.crypto.tasks.SendVerificationMessageTask +import org.matrix.android.sdk.internal.session.room.send.LocalEchoEventFactory +import org.matrix.android.sdk.internal.task.SemaphoreCoroutineSequencer +import timber.log.Timber +import java.util.concurrent.Executors + +internal class VerificationTransportRoomMessage( + private val sendVerificationMessageTask: SendVerificationMessageTask, + private val userId: String, + private val userDeviceId: String?, + private val roomId: String, + private val localEchoEventFactory: LocalEchoEventFactory, + private val tx: DefaultVerificationTransaction?, + cryptoCoroutineScope: CoroutineScope, +) : VerificationTransport { + + private val dispatcher = Executors.newSingleThreadExecutor().asCoroutineDispatcher() + private val verificationSenderScope = CoroutineScope(cryptoCoroutineScope.coroutineContext + dispatcher) + private val sequencer = SemaphoreCoroutineSequencer() + + override fun sendToOther(type: String, + verificationInfo: VerificationInfo, + nextState: VerificationTxState, + onErrorReason: CancelCode, + onDone: (() -> Unit)?) { + Timber.d("## SAS sending msg type $type") + Timber.v("## SAS sending msg info $verificationInfo") + val event = createEventAndLocalEcho( + type = type, + roomId = roomId, + content = verificationInfo.toEventContent()!! + ) + + verificationSenderScope.launch { + sequencer.post { + try { + val params = SendVerificationMessageTask.Params(event) + sendVerificationMessageTask.executeRetry(params, 5) + // Do I need to update local echo state to sent? + if (onDone != null) { + onDone() + } else { + tx?.state = nextState + } + } catch (failure: Throwable) { + tx?.cancel(onErrorReason) + } + } + } + } + + override fun sendVerificationRequest(supportedMethods: List, + localId: String, + otherUserId: String, + roomId: String?, + toDevices: List?, + callback: (String?, ValidVerificationInfoRequest?) -> Unit) { + Timber.d("## SAS sending verification request with supported methods: $supportedMethods") + // This transport requires a room + requireNotNull(roomId) + + val validInfo = ValidVerificationInfoRequest( + transactionId = "", + fromDevice = userDeviceId ?: "", + methods = supportedMethods, + timestamp = System.currentTimeMillis() + ) + + val info = MessageVerificationRequestContent( + body = "$userId is requesting to verify your key, but your client does not support in-chat key verification." + + " You will need to use legacy key verification to verify keys.", + fromDevice = validInfo.fromDevice, + toUserId = otherUserId, + timestamp = validInfo.timestamp, + methods = validInfo.methods + ) + val content = info.toContent() + + val event = createEventAndLocalEcho( + localId = localId, + type = EventType.MESSAGE, + roomId = roomId, + content = content + ) + + verificationSenderScope.launch { + val params = SendVerificationMessageTask.Params(event) + sequencer.post { + try { + val eventId = sendVerificationMessageTask.executeRetry(params, 5) + // Do I need to update local echo state to sent? + callback(eventId, validInfo) + } catch (failure: Throwable) { + callback(null, null) + } + } + } + } + + override fun cancelTransaction(transactionId: String, otherUserId: String, otherUserDeviceId: String?, code: CancelCode) { + Timber.d("## SAS canceling transaction $transactionId for reason $code") + val event = createEventAndLocalEcho( + type = EventType.KEY_VERIFICATION_CANCEL, + roomId = roomId, + content = MessageVerificationCancelContent.create(transactionId, code).toContent() + ) + + verificationSenderScope.launch { + sequencer.post { + try { + val params = SendVerificationMessageTask.Params(event) + sendVerificationMessageTask.executeRetry(params, 5) + } catch (failure: Throwable) { + Timber.w(failure, "Failed to cancel verification transaction") + } + } + } + } + + override fun done(transactionId: String, + onDone: (() -> Unit)?) { + Timber.d("## SAS sending done for $transactionId") + val event = createEventAndLocalEcho( + type = EventType.KEY_VERIFICATION_DONE, + roomId = roomId, + content = MessageVerificationDoneContent( + relatesTo = RelationDefaultContent( + RelationType.REFERENCE, + transactionId + ) + ).toContent() + ) + verificationSenderScope.launch { + sequencer.post { + try { + val params = SendVerificationMessageTask.Params(event) + sendVerificationMessageTask.executeRetry(params, 5) + } catch (failure: Throwable) { + Timber.w(failure, "Failed to complete (done) verification") + // should we call onDone? + } finally { + onDone?.invoke() + } + } + } +// val workerParams = WorkerParamsFactory.toData(SendVerificationMessageWorker.Params( +// sessionId = sessionId, +// eventId = event.eventId ?: "" +// )) +// val enqueueInfo = enqueueSendWork(workerParams) +// +// val workLiveData = workManagerProvider.workManager +// .getWorkInfosForUniqueWorkLiveData(uniqueQueueName()) +// val observer = object : Observer> { +// override fun onChanged(workInfoList: List?) { +// workInfoList +// ?.filter { it.state == WorkInfo.State.SUCCEEDED } +// ?.firstOrNull { it.id == enqueueInfo.second } +// ?.let { _ -> +// onDone?.invoke() +// workLiveData.removeObserver(this) +// } +// } +// } +// +// // TODO listen to DB to get synced info +// coroutineScope.launch(Dispatchers.Main) { +// workLiveData.observeForever(observer) +// } + } + +// private fun enqueueSendWork(workerParams: Data): Pair { +// val workRequest = workManagerProvider.matrixOneTimeWorkRequestBuilder() +// .setConstraints(WorkManagerProvider.workConstraints) +// .setInputData(workerParams) +// .setBackoffCriteria(BackoffPolicy.LINEAR, WorkManagerProvider.BACKOFF_DELAY_MILLIS, TimeUnit.MILLISECONDS) +// .build() +// return workManagerProvider.workManager +// .beginUniqueWork(uniqueQueueName(), ExistingWorkPolicy.APPEND_OR_REPLACE, workRequest) +// .enqueue() to workRequest.id +// } + +// private fun uniqueQueueName() = "${roomId}_VerificationWork" + + override fun createAccept(tid: String, + keyAgreementProtocol: String, + hash: String, + commitment: String, + messageAuthenticationCode: String, + shortAuthenticationStrings: List): VerificationInfoAccept = + MessageVerificationAcceptContent.create( + tid, + keyAgreementProtocol, + hash, + commitment, + messageAuthenticationCode, + shortAuthenticationStrings + ) + + override fun createKey(tid: String, pubKey: String): VerificationInfoKey = MessageVerificationKeyContent.create(tid, pubKey) + + override fun createMac(tid: String, mac: Map, keys: String) = MessageVerificationMacContent.create(tid, mac, keys) + + override fun createStartForSas(fromDevice: String, + transactionId: String, + keyAgreementProtocols: List, + hashes: List, + messageAuthenticationCodes: List, + shortAuthenticationStrings: List): VerificationInfoStart { + return MessageVerificationStartContent( + fromDevice, + hashes, + keyAgreementProtocols, + messageAuthenticationCodes, + shortAuthenticationStrings, + VERIFICATION_METHOD_SAS, + RelationDefaultContent( + type = RelationType.REFERENCE, + eventId = transactionId + ), + null + ) + } + + override fun createStartForQrCode(fromDevice: String, + transactionId: String, + sharedSecret: String): VerificationInfoStart { + return MessageVerificationStartContent( + fromDevice, + null, + null, + null, + null, + VERIFICATION_METHOD_RECIPROCATE, + RelationDefaultContent( + type = RelationType.REFERENCE, + eventId = transactionId + ), + sharedSecret + ) + } + + override fun createReady(tid: String, fromDevice: String, methods: List): VerificationInfoReady { + return MessageVerificationReadyContent( + fromDevice = fromDevice, + relatesTo = RelationDefaultContent( + type = RelationType.REFERENCE, + eventId = tid + ), + methods = methods + ) + } + + private fun createEventAndLocalEcho(localId: String = LocalEcho.createLocalEchoId(), type: String, roomId: String, content: Content): Event { + return Event( + roomId = roomId, + originServerTs = System.currentTimeMillis(), + senderId = userId, + eventId = localId, + type = type, + content = content, + unsignedData = UnsignedData(age = null, transactionId = localId) + ).also { + localEchoEventFactory.createLocalEcho(it) + } + } + + override fun sendVerificationReady(keyReq: VerificationInfoReady, + otherUserId: String, + otherDeviceId: String?, + callback: (() -> Unit)?) { + // Not applicable (send event is called directly) + Timber.w("## SAS ignored verification ready with methods: ${keyReq.methods}") + } +} diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/VerificationTransportRoomMessageFactory.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/VerificationTransportRoomMessageFactory.kt index efbdd9c175..37e6a56715 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/VerificationTransportRoomMessageFactory.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/VerificationTransportRoomMessageFactory.kt @@ -16,6 +16,7 @@ package org.matrix.android.sdk.internal.crypto.verification +import kotlinx.coroutines.CoroutineScope import org.matrix.android.sdk.internal.crypto.tasks.SendVerificationMessageTask import org.matrix.android.sdk.internal.di.DeviceId import org.matrix.android.sdk.internal.di.UserId @@ -28,7 +29,8 @@ internal class VerificationTransportRoomMessageFactory @Inject constructor( private val userId: String, @DeviceId private val deviceId: String?, - private val localEchoEventFactory: LocalEchoEventFactory + private val localEchoEventFactory: LocalEchoEventFactory, + private val cryptoCoroutineScope: CoroutineScope, ) { fun createTransport(roomId: String, tx: DefaultVerificationTransaction?): VerificationTransportRoomMessage { @@ -38,6 +40,8 @@ internal class VerificationTransportRoomMessageFactory @Inject constructor( userDeviceId = deviceId, roomId = roomId, localEchoEventFactory = localEchoEventFactory, - tx = tx) + tx = tx, + cryptoCoroutineScope + ) } } From fb7533b59155958328509f78f0e55697fb101c3c Mon Sep 17 00:00:00 2001 From: Onuray Sahin Date: Tue, 3 May 2022 15:11:49 +0300 Subject: [PATCH 032/433] Remove current video capturer and then share screen. --- .../im/vector/app/features/VectorFeatures.kt | 2 +- .../app/features/call/VectorCallActivity.kt | 2 +- .../app/features/call/VectorCallViewModel.kt | 1 + .../app/features/call/webrtc/WebRtcCall.kt | 44 ++++++++++++------- 4 files changed, 30 insertions(+), 19 deletions(-) diff --git a/vector/src/main/java/im/vector/app/features/VectorFeatures.kt b/vector/src/main/java/im/vector/app/features/VectorFeatures.kt index 9d54475e8c..42693a53f9 100644 --- a/vector/src/main/java/im/vector/app/features/VectorFeatures.kt +++ b/vector/src/main/java/im/vector/app/features/VectorFeatures.kt @@ -44,5 +44,5 @@ class DefaultVectorFeatures : VectorFeatures { override fun isOnboardingPersonalizeEnabled() = false override fun isOnboardingCombinedRegisterEnabled() = false override fun isLiveLocationEnabled(): Boolean = false - override fun isScreenSharingEnabled(): Boolean = false + override fun isScreenSharingEnabled(): Boolean = true } diff --git a/vector/src/main/java/im/vector/app/features/call/VectorCallActivity.kt b/vector/src/main/java/im/vector/app/features/call/VectorCallActivity.kt index 1ab423d541..3fdf983c16 100644 --- a/vector/src/main/java/im/vector/app/features/call/VectorCallActivity.kt +++ b/vector/src/main/java/im/vector/app/features/call/VectorCallActivity.kt @@ -664,7 +664,7 @@ class VectorCallActivity : VectorBaseActivity(), CallContro ) screenCaptureServiceConnection.bind(object : ScreenCaptureServiceConnection.Callback { override fun onServiceConnected() { - startScreenSharingService(activityResult) + startScreenSharing(activityResult) } }) } diff --git a/vector/src/main/java/im/vector/app/features/call/VectorCallViewModel.kt b/vector/src/main/java/im/vector/app/features/call/VectorCallViewModel.kt index 3b6ff9997b..68de00fb2b 100644 --- a/vector/src/main/java/im/vector/app/features/call/VectorCallViewModel.kt +++ b/vector/src/main/java/im/vector/app/features/call/VectorCallViewModel.kt @@ -147,6 +147,7 @@ class VectorCallViewModel @AssistedInject constructor( setState { copy(otherKnownCallInfo = null) } } } + _viewEvents.post(VectorCallViewEvents.StopScreenSharingService) } override fun onCurrentCallChange(call: WebRtcCall?) { diff --git a/vector/src/main/java/im/vector/app/features/call/webrtc/WebRtcCall.kt b/vector/src/main/java/im/vector/app/features/call/webrtc/WebRtcCall.kt index aac5ecc962..0b9f9a665e 100644 --- a/vector/src/main/java/im/vector/app/features/call/webrtc/WebRtcCall.kt +++ b/vector/src/main/java/im/vector/app/features/call/webrtc/WebRtcCall.kt @@ -80,6 +80,7 @@ import org.webrtc.MediaConstraints import org.webrtc.MediaStream import org.webrtc.PeerConnection import org.webrtc.PeerConnectionFactory +import org.webrtc.RtpSender import org.webrtc.RtpTransceiver import org.webrtc.SessionDescription import org.webrtc.SurfaceTextureHelper @@ -154,13 +155,16 @@ class WebRtcCall( private var makingOffer: Boolean = false private var ignoreOffer: Boolean = false - private var videoCapturer: CameraVideoCapturer? = null + private var videoCapturer: VideoCapturer? = null private val availableCamera = ArrayList() private var cameraInUse: CameraProxy? = null private var currentCaptureFormat: CaptureFormat = CaptureFormat.HD private var cameraAvailabilityCallback: CameraManager.AvailabilityCallback? = null + private var videoSender: RtpSender? = null + private var screenSender: RtpSender? = null + private val timer = CountUpTimer(1000L).apply { tickListener = object : CountUpTimer.TickListener { override fun onTick(milliseconds: Long) { @@ -618,7 +622,7 @@ class WebRtcCall( val videoTrack = peerConnectionFactory.createVideoTrack(VIDEO_TRACK_ID, videoSource) Timber.tag(loggerTag.value).v("Add video track $VIDEO_TRACK_ID to call ${mxCall.callId}") videoTrack.setEnabled(true) - peerConnection?.addTrack(videoTrack, listOf(STREAM_ID)) + videoSender = peerConnection?.addTrack(videoTrack, listOf(STREAM_ID)) localVideoSource = videoSource localVideoTrack = videoTrack } @@ -723,7 +727,7 @@ class WebRtcCall( Timber.tag(loggerTag.value).v("switchCamera") if (mxCall.state is CallState.Connected && mxCall.isVideoCall) { val oppositeCamera = getOppositeCameraIfAny() ?: return@launch - videoCapturer?.switchCamera( + (videoCapturer as? CameraVideoCapturer)?.switchCamera( object : CameraVideoCapturer.CameraSwitchHandler { // Invoked on success. |isFrontCamera| is true if the new camera is front facing. override fun onCameraSwitchDone(isFrontCamera: Boolean) { @@ -773,29 +777,35 @@ class WebRtcCall( fun startSharingScreen(videoCapturer: VideoCapturer) { val factory = peerConnectionFactoryProvider.get() ?: return - val videoSource = factory.createVideoSource(true) - val audioSource = factory.createAudioSource(DEFAULT_AUDIO_CONSTRAINTS) + + this.videoCapturer = videoCapturer + + val localMediaStream = factory.createLocalMediaStream(STREAM_ID) + val videoSource = factory.createVideoSource(videoCapturer.isScreencast) + + // Start capturing screen val surfaceTextureHelper = SurfaceTextureHelper.create("CaptureThread", rootEglBase!!.eglBaseContext) videoCapturer.initialize(surfaceTextureHelper, context, videoSource.capturerObserver) videoCapturer.startCapture(currentCaptureFormat.width, currentCaptureFormat.height, currentCaptureFormat.fps) - val videoTrack = factory.createVideoTrack("ARDAMSv0", videoSource).apply { setEnabled(true) } - val audioTrack = factory.createAudioTrack("ARDAMSa0", audioSource).apply { setEnabled(true) } + // Remove local camera previews + localSurfaceRenderers.forEach { it.get()?.let { localVideoTrack?.removeSink(it) } } - val localMediaStream = factory.createLocalMediaStream("ARDAMS") - peerConnection?.addTrack(videoTrack) - peerConnection?.addTrack(audioTrack) - localMediaStream.addTrack(videoTrack) - localMediaStream.addTrack(audioTrack) + // Show screen preview locally + localVideoTrack = factory.createVideoTrack(VIDEO_TRACK_ID, videoSource).apply { setEnabled(true) } + localMediaStream?.addTrack(localVideoTrack) + localSurfaceRenderers.forEach { it.get()?.let { localVideoTrack?.addSink(it) } } - localAudioSource = audioSource - localVideoSource = videoSource - localAudioTrack = audioTrack - localVideoTrack = videoTrack + // Remove camera stream + peerConnection?.removeTrack(videoSender) + + screenSender = peerConnection?.addTrack(localVideoTrack, listOf(STREAM_ID)) } fun stopSharingScreen() { - // TODO. Will be handled within the next PR. + screenSender?.let { peerConnection?.removeTrack(it) } + peerConnectionFactoryProvider.get()?.let { configureVideoTrack(it) } + sessionScope?.launch(dispatcher) { attachViewRenderersInternal() } } private suspend fun release() { From dd5d263847aeb0983e0399f99c4db38119d6a2d6 Mon Sep 17 00:00:00 2001 From: Onuray Sahin Date: Tue, 3 May 2022 15:17:20 +0300 Subject: [PATCH 033/433] Changelog added. --- changelog.d/5911.feature | 1 + 1 file changed, 1 insertion(+) create mode 100644 changelog.d/5911.feature diff --git a/changelog.d/5911.feature b/changelog.d/5911.feature new file mode 100644 index 0000000000..368a3b4056 --- /dev/null +++ b/changelog.d/5911.feature @@ -0,0 +1 @@ +Screen sharing over WebRTC From 166be43f230f185e0a8f76ebe23169e6b731b57f Mon Sep 17 00:00:00 2001 From: Onuray Sahin Date: Tue, 3 May 2022 16:25:19 +0300 Subject: [PATCH 034/433] Code review fixes. --- .../app/features/call/VectorCallActivity.kt | 2 +- .../app/features/call/webrtc/WebRtcCall.kt | 38 ++++++++++++------- 2 files changed, 26 insertions(+), 14 deletions(-) diff --git a/vector/src/main/java/im/vector/app/features/call/VectorCallActivity.kt b/vector/src/main/java/im/vector/app/features/call/VectorCallActivity.kt index 3fdf983c16..e176102b82 100644 --- a/vector/src/main/java/im/vector/app/features/call/VectorCallActivity.kt +++ b/vector/src/main/java/im/vector/app/features/call/VectorCallActivity.kt @@ -651,7 +651,7 @@ class VectorCallActivity : VectorBaseActivity(), CallContro private fun startScreenSharing(activityResult: ActivityResult) { val videoCapturer = ScreenCapturerAndroid(activityResult.data, object : MediaProjection.Callback() { override fun onStop() { - Timber.v("User revoked the screen capturing permission") + Timber.i("User revoked the screen capturing permission") } }) callViewModel.handle(VectorCallViewActions.StartScreenSharing(videoCapturer)) diff --git a/vector/src/main/java/im/vector/app/features/call/webrtc/WebRtcCall.kt b/vector/src/main/java/im/vector/app/features/call/webrtc/WebRtcCall.kt index 0b9f9a665e..ad57119442 100644 --- a/vector/src/main/java/im/vector/app/features/call/webrtc/WebRtcCall.kt +++ b/vector/src/main/java/im/vector/app/features/call/webrtc/WebRtcCall.kt @@ -783,31 +783,43 @@ class WebRtcCall( val localMediaStream = factory.createLocalMediaStream(STREAM_ID) val videoSource = factory.createVideoSource(videoCapturer.isScreencast) - // Start capturing screen - val surfaceTextureHelper = SurfaceTextureHelper.create("CaptureThread", rootEglBase!!.eglBaseContext) - videoCapturer.initialize(surfaceTextureHelper, context, videoSource.capturerObserver) - videoCapturer.startCapture(currentCaptureFormat.width, currentCaptureFormat.height, currentCaptureFormat.fps) + startCapturingScreen(videoCapturer, videoSource) - // Remove local camera previews - localSurfaceRenderers.forEach { it.get()?.let { localVideoTrack?.removeSink(it) } } + removeLocalSurfaceRenderers() - // Show screen preview locally - localVideoTrack = factory.createVideoTrack(VIDEO_TRACK_ID, videoSource).apply { setEnabled(true) } - localMediaStream?.addTrack(localVideoTrack) - localSurfaceRenderers.forEach { it.get()?.let { localVideoTrack?.addSink(it) } } + showScreenLocally(factory, videoSource, localMediaStream) - // Remove camera stream - peerConnection?.removeTrack(videoSender) + videoSender?.let { removeStream(it) } screenSender = peerConnection?.addTrack(localVideoTrack, listOf(STREAM_ID)) } fun stopSharingScreen() { - screenSender?.let { peerConnection?.removeTrack(it) } + screenSender?.let { removeStream(it) } peerConnectionFactoryProvider.get()?.let { configureVideoTrack(it) } sessionScope?.launch(dispatcher) { attachViewRenderersInternal() } } + private fun removeStream(sender: RtpSender) { + peerConnection?.removeTrack(sender) + } + + private fun showScreenLocally(factory: PeerConnectionFactory, videoSource: VideoSource?, localMediaStream: MediaStream?) { + localVideoTrack = factory.createVideoTrack(VIDEO_TRACK_ID, videoSource).apply { setEnabled(true) } + localMediaStream?.addTrack(localVideoTrack) + localSurfaceRenderers.forEach { it.get()?.let { localVideoTrack?.addSink(it) } } + } + + private fun removeLocalSurfaceRenderers() { + localSurfaceRenderers.forEach { it.get()?.let { localVideoTrack?.removeSink(it) } } + } + + private fun startCapturingScreen(videoCapturer: VideoCapturer, videoSource: VideoSource) { + val surfaceTextureHelper = SurfaceTextureHelper.create("CaptureThread", rootEglBase!!.eglBaseContext) + videoCapturer.initialize(surfaceTextureHelper, context, videoSource.capturerObserver) + videoCapturer.startCapture(currentCaptureFormat.width, currentCaptureFormat.height, currentCaptureFormat.fps) + } + private suspend fun release() { listeners.clear() mxCall.removeListener(this) From b358863a1ed99790eedcc3ea73755ff06d4669f1 Mon Sep 17 00:00:00 2001 From: Onuray Sahin Date: Wed, 4 May 2022 13:43:44 +0300 Subject: [PATCH 035/433] Code review fixes. --- .../java/im/vector/app/features/call/VectorCallViewModel.kt | 2 +- .../app/features/call/webrtc/ScreenCaptureServiceConnection.kt | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/vector/src/main/java/im/vector/app/features/call/VectorCallViewModel.kt b/vector/src/main/java/im/vector/app/features/call/VectorCallViewModel.kt index 68de00fb2b..7cbc8ca622 100644 --- a/vector/src/main/java/im/vector/app/features/call/VectorCallViewModel.kt +++ b/vector/src/main/java/im/vector/app/features/call/VectorCallViewModel.kt @@ -144,7 +144,7 @@ class VectorCallViewModel @AssistedInject constructor( override fun onCallEnded(callId: String) { withState { state -> if (state.otherKnownCallInfo?.callId == callId) { - setState { copy(otherKnownCallInfo = null) } + setState { copy(otherKnownCallInfo = null, isSharingScreen = false) } } } _viewEvents.post(VectorCallViewEvents.StopScreenSharingService) diff --git a/vector/src/main/java/im/vector/app/features/call/webrtc/ScreenCaptureServiceConnection.kt b/vector/src/main/java/im/vector/app/features/call/webrtc/ScreenCaptureServiceConnection.kt index b8d28791b5..7c5ae462b7 100644 --- a/vector/src/main/java/im/vector/app/features/call/webrtc/ScreenCaptureServiceConnection.kt +++ b/vector/src/main/java/im/vector/app/features/call/webrtc/ScreenCaptureServiceConnection.kt @@ -58,5 +58,6 @@ class ScreenCaptureServiceConnection @Inject constructor( override fun onServiceDisconnected(className: ComponentName) { isBound = false screenCaptureService = null + callback = null } } From 4b746ee34561546690292af1c93281b9dac96445 Mon Sep 17 00:00:00 2001 From: ariskotsomitopoulos Date: Wed, 4 May 2022 13:55:53 +0300 Subject: [PATCH 036/433] Reduce thread list menu icon size --- library/ui-styles/src/main/res/values/dimens.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ui-styles/src/main/res/values/dimens.xml b/library/ui-styles/src/main/res/values/dimens.xml index 81d5a77297..826cde5eba 100644 --- a/library/ui-styles/src/main/res/values/dimens.xml +++ b/library/ui-styles/src/main/res/values/dimens.xml @@ -40,7 +40,7 @@ 24dp 48dp 48dp - 38dp + 34dp 56dp From 88babbb17c89138998e7816ef7f0d8cd109d87ce Mon Sep 17 00:00:00 2001 From: ariskotsomitopoulos Date: Wed, 4 May 2022 14:11:48 +0300 Subject: [PATCH 037/433] Show room name instead of root message author in thread timeline toolbar --- .../room/threads/list/views/ThreadListFragment.kt | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/vector/src/main/java/im/vector/app/features/home/room/threads/list/views/ThreadListFragment.kt b/vector/src/main/java/im/vector/app/features/home/room/threads/list/views/ThreadListFragment.kt index c90ad542c0..5fd0d65167 100644 --- a/vector/src/main/java/im/vector/app/features/home/room/threads/list/views/ThreadListFragment.kt +++ b/vector/src/main/java/im/vector/app/features/home/room/threads/list/views/ThreadListFragment.kt @@ -145,9 +145,9 @@ class ThreadListFragment @Inject constructor( override fun onThreadSummaryClicked(threadSummary: ThreadSummary) { val roomThreadDetailArgs = ThreadTimelineArgs( - roomId = threadSummary.roomId, - displayName = threadSummary.rootThreadSenderInfo.displayName, - avatarUrl = threadSummary.rootThreadSenderInfo.avatarUrl, + roomId = threadListArgs.roomId, + displayName = threadListArgs.displayName, + avatarUrl = threadListArgs.avatarUrl, roomEncryptionTrustLevel = null, rootThreadEventId = threadSummary.rootEventId) (activity as? ThreadsActivity)?.navigateToThreadTimeline(roomThreadDetailArgs) @@ -155,9 +155,9 @@ class ThreadListFragment @Inject constructor( override fun onThreadListClicked(timelineEvent: TimelineEvent) { val threadTimelineArgs = ThreadTimelineArgs( - roomId = timelineEvent.roomId, - displayName = timelineEvent.senderInfo.displayName, - avatarUrl = timelineEvent.senderInfo.avatarUrl, + roomId = threadListArgs.roomId, + displayName = threadListArgs.displayName, + avatarUrl = threadListArgs.avatarUrl, roomEncryptionTrustLevel = null, rootThreadEventId = timelineEvent.eventId) (activity as? ThreadsActivity)?.navigateToThreadTimeline(threadTimelineArgs) From f4b1e06ad1b80b3268751de3953611b0f171553c Mon Sep 17 00:00:00 2001 From: ariskotsomitopoulos Date: Wed, 4 May 2022 14:27:34 +0300 Subject: [PATCH 038/433] Open thread timeline keyboard when user navigates from reply in thread action --- .../app/features/home/room/detail/TimelineFragment.kt | 10 ++++++---- .../home/room/threads/arguments/ThreadTimelineArgs.kt | 3 ++- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/vector/src/main/java/im/vector/app/features/home/room/detail/TimelineFragment.kt b/vector/src/main/java/im/vector/app/features/home/room/detail/TimelineFragment.kt index 4603793bd5..00857ccffe 100644 --- a/vector/src/main/java/im/vector/app/features/home/room/detail/TimelineFragment.kt +++ b/vector/src/main/java/im/vector/app/features/home/room/detail/TimelineFragment.kt @@ -1517,7 +1517,7 @@ class TimelineFragment @Inject constructor( views.composerLayout.views.composerEmojiButton.isVisible = vectorPreferences.showEmojiKeyboard() - if (isThreadTimeLine() && timelineArgs.threadTimelineArgs?.startsThread == true) { + if (isThreadTimeLine() && timelineArgs.threadTimelineArgs?.showKeyboard == true) { // Show keyboard when the user started a thread views.composerLayout.views.composerEditText.showKeyboard(andRequestFocus = true) } @@ -2422,7 +2422,7 @@ class TimelineFragment @Inject constructor( private fun onReplyInThreadClicked(action: EventSharedAction.ReplyInThread) { if (vectorPreferences.areThreadMessagesEnabled()) { - navigateToThreadTimeline(action.eventId, action.startsThread) + navigateToThreadTimeline(action.eventId, action.startsThread, true) } else { displayThreadsBetaOptInDialog() } @@ -2433,7 +2433,7 @@ class TimelineFragment @Inject constructor( * using the ThreadsActivity */ - private fun navigateToThreadTimeline(rootThreadEventId: String, startsThread: Boolean = false) { + private fun navigateToThreadTimeline(rootThreadEventId: String, startsThread: Boolean = false, showKeyboard: Boolean = false) { analyticsTracker.capture(Interaction.Name.MobileRoomThreadSummaryItem.toAnalyticsInteraction()) context?.let { val roomThreadDetailArgs = ThreadTimelineArgs( @@ -2442,7 +2442,9 @@ class TimelineFragment @Inject constructor( displayName = timelineViewModel.getRoomSummary()?.displayName, avatarUrl = timelineViewModel.getRoomSummary()?.avatarUrl, roomEncryptionTrustLevel = timelineViewModel.getRoomSummary()?.roomEncryptionTrustLevel, - rootThreadEventId = rootThreadEventId) + rootThreadEventId = rootThreadEventId, + showKeyboard = showKeyboard + ) navigator.openThread(it, roomThreadDetailArgs) } } diff --git a/vector/src/main/java/im/vector/app/features/home/room/threads/arguments/ThreadTimelineArgs.kt b/vector/src/main/java/im/vector/app/features/home/room/threads/arguments/ThreadTimelineArgs.kt index 19419e52de..7756c3c5a5 100644 --- a/vector/src/main/java/im/vector/app/features/home/room/threads/arguments/ThreadTimelineArgs.kt +++ b/vector/src/main/java/im/vector/app/features/home/room/threads/arguments/ThreadTimelineArgs.kt @@ -27,5 +27,6 @@ data class ThreadTimelineArgs( val avatarUrl: String?, val roomEncryptionTrustLevel: RoomEncryptionTrustLevel?, val rootThreadEventId: String? = null, - val startsThread: Boolean = false + val startsThread: Boolean = false, + val showKeyboard: Boolean = false ) : Parcelable From 48554a47699fa7ab0a74f1d1a458692f648b45d2 Mon Sep 17 00:00:00 2001 From: Michael Kaye <1917473+michaelkaye@users.noreply.github.com> Date: Wed, 4 May 2022 14:57:08 +0100 Subject: [PATCH 039/433] Update version to fix name of parameter 'ratelimit' --- .github/workflows/nightly.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index 502e3e275f..200e81787c 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -43,7 +43,7 @@ jobs: restore-keys: | ${{ runner.os }}-gradle- - name: Start synapse server - uses: michaelkaye/setup-matrix-synapse@v1.0.1 + uses: michaelkaye/setup-matrix-synapse@v1.0.2 with: uploadLogs: true httpPort: 8080 @@ -230,7 +230,7 @@ jobs: restore-keys: | ${{ runner.os }}-gradle- - name: Start synapse server - uses: michaelkaye/setup-matrix-synapse@v1.0.1 + uses: michaelkaye/setup-matrix-synapse@v1.0.2 with: uploadLogs: true httpPort: 8080 From ad50c22e9737a0b5aa8572644d97bd799a4a99b1 Mon Sep 17 00:00:00 2001 From: ariskotsomitopoulos Date: Wed, 4 May 2022 17:06:18 +0300 Subject: [PATCH 040/433] Add navigate to thread functionality on search results thread summary --- .../home/room/detail/search/SearchFragment.kt | 21 +++++++++++++++---- .../detail/search/SearchResultController.kt | 5 ++++- .../room/detail/search/SearchResultItem.kt | 2 ++ 3 files changed, 23 insertions(+), 5 deletions(-) diff --git a/vector/src/main/java/im/vector/app/features/home/room/detail/search/SearchFragment.kt b/vector/src/main/java/im/vector/app/features/home/room/detail/search/SearchFragment.kt index c11fa276f6..011258f126 100644 --- a/vector/src/main/java/im/vector/app/features/home/room/detail/search/SearchFragment.kt +++ b/vector/src/main/java/im/vector/app/features/home/room/detail/search/SearchFragment.kt @@ -98,7 +98,8 @@ class SearchFragment @Inject constructor( is Success -> { views.stateView.state = StateView.State.Empty( title = getString(R.string.search_no_results), - image = ContextCompat.getDrawable(requireContext(), R.drawable.ic_search_no_results)) + image = ContextCompat.getDrawable(requireContext(), R.drawable.ic_search_no_results) + ) } else -> Unit } @@ -120,20 +121,32 @@ class SearchFragment @Inject constructor( override fun onItemClicked(event: Event) = navigateToEvent(event) + override fun onThreadSummaryClicked(event: Event) { + navigateToEvent(event, true) + } + /** * Navigate and highlight the event. If this is a thread event, * user will be redirected to the appropriate thread room * @param event the event to navigate and highlight + * @param forceNavigateToThread force navigate within the thread (ex. when user clicks on thread summary) */ - private fun navigateToEvent(event: Event) { + private fun navigateToEvent(event: Event, forceNavigateToThread: Boolean = false) { val roomId = event.roomId ?: return - event.getRootThreadEventId()?.let { + val rootThreadEventId = if (forceNavigateToThread) { + event.eventId + } else { + event.getRootThreadEventId() + } + + rootThreadEventId?.let { val threadTimelineArgs = ThreadTimelineArgs( roomId = roomId, displayName = fragmentArgs.roomDisplayName, avatarUrl = fragmentArgs.roomAvatarUrl, roomEncryptionTrustLevel = null, - rootThreadEventId = it) + rootThreadEventId = it + ) navigator.openThread(requireContext(), threadTimelineArgs, event.eventId) } ?: openRoom(roomId, event.eventId) } diff --git a/vector/src/main/java/im/vector/app/features/home/room/detail/search/SearchResultController.kt b/vector/src/main/java/im/vector/app/features/home/room/detail/search/SearchResultController.kt index 4f951dfecb..0db5e7f177 100644 --- a/vector/src/main/java/im/vector/app/features/home/room/detail/search/SearchResultController.kt +++ b/vector/src/main/java/im/vector/app/features/home/room/detail/search/SearchResultController.kt @@ -56,6 +56,7 @@ class SearchResultController @Inject constructor( interface Listener { fun onItemClicked(event: Event) + fun onThreadSummaryClicked(event: Event) fun loadMore() } @@ -125,11 +126,13 @@ class SearchResultController @Inject constructor( .formattedDate(dateFormatter.format(event.originServerTs, DateFormatKind.MESSAGE_SIMPLE)) .spannable(spannable.toEpoxyCharSequence()) .sender(eventAndSender.sender - ?: eventAndSender.event.senderId?.let { session.roomService().getRoomMember(it, data.roomId) }?.toMatrixItem()) + ?: eventAndSender.event.senderId?.let { session.roomService().getRoomMember(it, data.roomId) }?.toMatrixItem() + ) .threadDetails(event.threadDetails) .threadSummaryFormatted(displayableEventFormatter.formatThreadSummary(event.threadDetails?.threadSummaryLatestEvent).toString()) .areThreadMessagesEnabled(userPreferencesProvider.areThreadMessagesEnabled()) .listener { listener?.onItemClicked(eventAndSender.event) } + .threadSummaryListener { listener?.onThreadSummaryClicked(eventAndSender.event) } .let { result.add(it) } } diff --git a/vector/src/main/java/im/vector/app/features/home/room/detail/search/SearchResultItem.kt b/vector/src/main/java/im/vector/app/features/home/room/detail/search/SearchResultItem.kt index 3e141ab0e9..1fd099aced 100644 --- a/vector/src/main/java/im/vector/app/features/home/room/detail/search/SearchResultItem.kt +++ b/vector/src/main/java/im/vector/app/features/home/room/detail/search/SearchResultItem.kt @@ -46,6 +46,7 @@ abstract class SearchResultItem : VectorEpoxyModel() { @EpoxyAttribute var areThreadMessagesEnabled: Boolean = false @EpoxyAttribute(EpoxyAttribute.Option.DoNotHash) var listener: ClickListener? = null + @EpoxyAttribute(EpoxyAttribute.Option.DoNotHash) var threadSummaryListener: ClickListener? = null override fun bind(holder: Holder) { super.bind(holder) @@ -66,6 +67,7 @@ abstract class SearchResultItem : VectorEpoxyModel() { val displayName = it.threadSummarySenderInfo?.displayName val avatarUrl = it.threadSummarySenderInfo?.avatarUrl avatarRenderer.render(MatrixItem.UserItem(userId, displayName, avatarUrl), holder.threadSummaryAvatarImageView) + holder.threadSummaryConstraintLayout.onClick(threadSummaryListener) } else { showFromThread(holder) } From faf5fc0012c9ec0bc67f1a362a0fc5ffc507ad4f Mon Sep 17 00:00:00 2001 From: ariskotsomitopoulos Date: Wed, 4 May 2022 17:10:09 +0300 Subject: [PATCH 041/433] Remove thread summary counter minEms --- vector/src/main/res/layout/view_thread_room_summary.xml | 1 - 1 file changed, 1 deletion(-) diff --git a/vector/src/main/res/layout/view_thread_room_summary.xml b/vector/src/main/res/layout/view_thread_room_summary.xml index 6eeb62974d..e432f0fa35 100644 --- a/vector/src/main/res/layout/view_thread_room_summary.xml +++ b/vector/src/main/res/layout/view_thread_room_summary.xml @@ -21,7 +21,6 @@ android:layout_width="wrap_content" android:layout_height="wrap_content" android:layout_marginStart="4dp" - android:minEms="1" android:textColor="?vctr_content_secondary" app:layout_constraintBottom_toBottomOf="parent" app:layout_constraintStart_toEndOf="@id/messageThreadSummaryImageView" From 3a9f0232f00e940988fb7b64845056476af779b1 Mon Sep 17 00:00:00 2001 From: Michael Kaye <1917473+michaelkaye@users.noreply.github.com> Date: Wed, 4 May 2022 16:13:44 +0100 Subject: [PATCH 042/433] Fix nightly build test report message. --- .github/workflows/nightly.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index 200e81787c..961e130afe 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -334,5 +334,5 @@ jobs: with: github_token: ${{ secrets.GITHUB_TOKEN }} hookshot_url: ${{ secrets.ELEMENT_ANDROID_HOOKSHOT_URL }} - text_template: "{{#if '${{ github.event_name }}' == 'schedule' }}Nightly test run{{else}}Test run (on ${{ github.ref }}){{/if }}: {{#each job_statuses }}{{#with this }}{{#if completed }} {{name}} {{conclusion}} at {{completed_at}}, {{/if}}{{/with}}{{/each}}" - html_template: "{{#if '${{ github.event_name }}' == 'schedule' }}Nightly test run{{else}}Test run (on ${{ github.ref }}){{/if }}: {{#each job_statuses }}{{#with this }}{{#if completed }}
{{icon conclusion}} {{name}} {{conclusion}} at {{completed_at}} [details]{{/if}}{{/with}}{{/each}}" + text_template: "{{#if '${{ github.event_name == 'schedule' }}' }}Nightly test run{{else}}Test run (on ${{ github.ref }}){{/if }}: {{#each job_statuses }}{{#with this }}{{#if completed }} {{name}} {{conclusion}} at {{completed_at}}, {{/if}}{{/with}}{{/each}}" + html_template: "{{#if '${{ github.event_name == 'schedule' }}' }}Nightly test run{{else}}Test run (on ${{ github.ref }}){{/if }}: {{#each job_statuses }}{{#with this }}{{#if completed }}
{{icon conclusion}} {{name}} {{conclusion}} at {{completed_at}} [details]{{/if}}{{/with}}{{/each}}" From 7a8565db5df322736ec65a5a2317c21ebd5a9b75 Mon Sep 17 00:00:00 2001 From: emotionalamoeba Date: Wed, 4 May 2022 16:27:13 +0100 Subject: [PATCH 043/433] Update vector/src/main/res/values/strings.xml Co-authored-by: Benoit Marty --- vector/src/main/res/values/strings.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vector/src/main/res/values/strings.xml b/vector/src/main/res/values/strings.xml index ed5809ad60..e07247e8d4 100644 --- a/vector/src/main/res/values/strings.xml +++ b/vector/src/main/res/values/strings.xml @@ -2179,7 +2179,7 @@ Leave "Leaving the room…" - Override display name colour + Override display name color Admins Moderators From 5ebc70e4bbad67a5a1f8aa055c6fcc0d7a908c51 Mon Sep 17 00:00:00 2001 From: Henry Jackson Date: Wed, 4 May 2022 16:38:12 +0100 Subject: [PATCH 044/433] Returned string references to the original name --- .../features/roommemberprofile/RoomMemberProfileController.kt | 2 +- .../app/features/roommemberprofile/RoomMemberProfileFragment.kt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/vector/src/main/java/im/vector/app/features/roommemberprofile/RoomMemberProfileController.kt b/vector/src/main/java/im/vector/app/features/roommemberprofile/RoomMemberProfileController.kt index 6d9f798543..adc720b0a5 100644 --- a/vector/src/main/java/im/vector/app/features/roommemberprofile/RoomMemberProfileController.kt +++ b/vector/src/main/java/im/vector/app/features/roommemberprofile/RoomMemberProfileController.kt @@ -194,7 +194,7 @@ class RoomMemberProfileController @Inject constructor( buildProfileAction( id = "overrideColor", editable = false, - title = stringProvider.getString(R.string.room_member_override_display_name_colour), + title = stringProvider.getString(R.string.room_member_override_nick_color), subtitle = state.userColorOverride, divider = !state.isMine, action = { callback?.onOverrideColorClicked() } diff --git a/vector/src/main/java/im/vector/app/features/roommemberprofile/RoomMemberProfileFragment.kt b/vector/src/main/java/im/vector/app/features/roommemberprofile/RoomMemberProfileFragment.kt index 5d82cd855f..760bbe9353 100644 --- a/vector/src/main/java/im/vector/app/features/roommemberprofile/RoomMemberProfileFragment.kt +++ b/vector/src/main/java/im/vector/app/features/roommemberprofile/RoomMemberProfileFragment.kt @@ -345,7 +345,7 @@ class RoomMemberProfileFragment @Inject constructor( views.editText.hint = "#000000" MaterialAlertDialogBuilder(requireContext()) - .setTitle(R.string.room_member_override_display_name_colour) + .setTitle(R.string.room_member_override_nick_color) .setView(layout) .setPositiveButton(R.string.ok) { _, _ -> val newColor = views.editText.text.toString() From 3faf0a238ce29c90f6866128cb97a1158089fa7d Mon Sep 17 00:00:00 2001 From: Benoit Marty Date: Wed, 4 May 2022 17:57:47 +0200 Subject: [PATCH 045/433] Update after PR reviews --- docs/pull_request.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/pull_request.md b/docs/pull_request.md index e5c3e910f4..9bfdd82d4d 100644 --- a/docs/pull_request.md +++ b/docs/pull_request.md @@ -37,9 +37,9 @@ The `develop` branch is generally the base branch for every PRs. Exceptions can occur: - if a feature implementation is split into multiple PRs. We can have a chain of PRs in this case. PR can be merged one by one on develop, and GitHub change the target branch to `develop` for the next PR automatically. -- we want to merge a PR from the community, but there is still work to do, and the PR is not updated by the submitter. In this case, we can create a new branch, push it, and change the target branch of the PR to this new branch. The PR can then be merged, and we can add more commits to fix the issues. After that a new PR can be created with `develop` as a target branch. +- we want to merge a PR from the community, but there is still work to do, and the PR is not updated by the submitter. First, we can kindly ask the submitter if they will update their PR, by commenting it. If there is no answer after a few days (including a week-end), we can create a new branch, push it, and change the target branch of the PR to this new branch. The PR can then be merged, and we can add more commits to fix the issues. After that a new PR can be created with `develop` as a target branch. -**Important notice 1:** Releases are created from the `develop` branch. So `develop` branch should always contain a "releasable" source code. So when a feature is being implemented with several PRs, it has to be disabled by default, until the feature is fully implemented. A last PR to enable the feature can then be created. +**Important notice 1:** Releases are created from the `develop` branch. So `develop` branch should always contain a "releasable" source code. So when a feature is being implemented with several PRs, it has to be disabled by default (using a feature flag for instance), until the feature is fully implemented. A last PR to enable the feature can then be created. **Important notice 2:** Database migration: some developers and some people from the community are using the nightly build from `develop`. Multiple database migrations should be properly handled for them. This is OK to have multiple migrations between 2 releases, this is not OK to add steps to the pending database migration on `develop`. So for instance `develop` users will migrate from version 11 to version 12, then 13, then 14, and `main` users will do all those steps after they get the app upgrade. From b3b07752e21b82db03ea848ab490a01ebbcddeef Mon Sep 17 00:00:00 2001 From: hanthor Date: Wed, 4 May 2022 12:11:07 -0400 Subject: [PATCH 046/433] Added themed icon for Android 13 --- vector/src/main/res/mipmap-anydpi-v26/ic_launcher.xml | 1 + vector/src/main/res/mipmap-anydpi-v26/ic_launcher_round.xml | 1 + 2 files changed, 2 insertions(+) diff --git a/vector/src/main/res/mipmap-anydpi-v26/ic_launcher.xml b/vector/src/main/res/mipmap-anydpi-v26/ic_launcher.xml index eca70cfe52..6f3b755bf5 100644 --- a/vector/src/main/res/mipmap-anydpi-v26/ic_launcher.xml +++ b/vector/src/main/res/mipmap-anydpi-v26/ic_launcher.xml @@ -2,4 +2,5 @@ + \ No newline at end of file diff --git a/vector/src/main/res/mipmap-anydpi-v26/ic_launcher_round.xml b/vector/src/main/res/mipmap-anydpi-v26/ic_launcher_round.xml index eca70cfe52..6f3b755bf5 100644 --- a/vector/src/main/res/mipmap-anydpi-v26/ic_launcher_round.xml +++ b/vector/src/main/res/mipmap-anydpi-v26/ic_launcher_round.xml @@ -2,4 +2,5 @@ + \ No newline at end of file From c5fc1e579d77a07197e64ec75344874ea1dda55d Mon Sep 17 00:00:00 2001 From: ariskotsomitopoulos Date: Wed, 4 May 2022 19:24:31 +0300 Subject: [PATCH 047/433] Add badge in thread list filtering --- .../ui-styles/src/main/res/values/colors.xml | 5 +++ .../src/main/res/values/theme_dark.xml | 1 + .../src/main/res/values/theme_light.xml | 1 + .../threads/list/views/ThreadListFragment.kt | 23 +++++++++-- .../main/res/drawable/thread_filter_badge.xml | 29 ++++++++++++++ vector/src/main/res/layout/item_thread.xml | 4 +- .../res/layout/view_thread_list_filter.xml | 38 +++++++++++++++++++ vector/src/main/res/menu/menu_thread_list.xml | 7 ++-- 8 files changed, 100 insertions(+), 8 deletions(-) create mode 100644 vector/src/main/res/drawable/thread_filter_badge.xml create mode 100644 vector/src/main/res/layout/view_thread_list_filter.xml diff --git a/library/ui-styles/src/main/res/values/colors.xml b/library/ui-styles/src/main/res/values/colors.xml index d887e7774e..3217622ed0 100644 --- a/library/ui-styles/src/main/res/values/colors.xml +++ b/library/ui-styles/src/main/res/values/colors.xml @@ -136,4 +136,9 @@ #17191C #FF4B55 + + + #FFFFFF + #21262C + diff --git a/library/ui-styles/src/main/res/values/theme_dark.xml b/library/ui-styles/src/main/res/values/theme_dark.xml index 7177687fdd..63237ae8f8 100644 --- a/library/ui-styles/src/main/res/values/theme_dark.xml +++ b/library/ui-styles/src/main/res/values/theme_dark.xml @@ -30,6 +30,7 @@ @color/element_system_dark @color/vctr_message_bubble_inbound_dark @color/vctr_message_bubble_outbound_dark + @color/vctr_badge_color_border_dark #61708B diff --git a/library/ui-styles/src/main/res/values/theme_light.xml b/library/ui-styles/src/main/res/values/theme_light.xml index c90c021591..5015c93ca9 100644 --- a/library/ui-styles/src/main/res/values/theme_light.xml +++ b/library/ui-styles/src/main/res/values/theme_light.xml @@ -30,6 +30,7 @@ @color/element_background_light @color/vctr_message_bubble_inbound_light @color/vctr_message_bubble_outbound_light + @color/vctr_badge_color_border_light #61708B diff --git a/vector/src/main/java/im/vector/app/features/home/room/threads/list/views/ThreadListFragment.kt b/vector/src/main/java/im/vector/app/features/home/room/threads/list/views/ThreadListFragment.kt index 5fd0d65167..8e762fda96 100644 --- a/vector/src/main/java/im/vector/app/features/home/room/threads/list/views/ThreadListFragment.kt +++ b/vector/src/main/java/im/vector/app/features/home/room/threads/list/views/ThreadListFragment.kt @@ -19,6 +19,7 @@ package im.vector.app.features.home.room.threads.list.views import android.os.Bundle import android.view.LayoutInflater import android.view.Menu +import android.view.MenuInflater import android.view.MenuItem import android.view.View import android.view.ViewGroup @@ -70,6 +71,16 @@ class ThreadListFragment @Inject constructor( analyticsScreenName = MobileScreen.ScreenName.ThreadList } + override fun onCreateOptionsMenu(menu: Menu, inflater: MenuInflater) { + super.onCreateOptionsMenu(menu, inflater) + + menu.findItem(R.id.menu_thread_list_filter)?.let { menuItem -> + menuItem.actionView.setOnClickListener { + onOptionsItemSelected(menuItem) + } + } + } + override fun onOptionsItemSelected(item: MenuItem): Boolean { return when (item.itemId) { R.id.menu_thread_list_filter -> { @@ -82,6 +93,9 @@ class ThreadListFragment @Inject constructor( override fun onPrepareOptionsMenu(menu: Menu) { withState(threadListViewModel) { state -> + val filterIcon = menu.findItem(R.id.menu_thread_list_filter).actionView + val filterBadge = filterIcon.findViewById(R.id.threadListFilterBadge) + filterBadge.isVisible = state.shouldFilterThreads when (threadListViewModel.canHomeserverUseThreading()) { true -> menu.findItem(R.id.menu_thread_list_filter).isVisible = !state.threadSummaryList.invoke().isNullOrEmpty() false -> menu.findItem(R.id.menu_thread_list_filter).isVisible = !state.rootThreadEventList.invoke().isNullOrEmpty() @@ -112,7 +126,8 @@ class ThreadListFragment @Inject constructor( private fun initTextConstants() { views.threadListEmptyNoticeTextView.text = String.format( resources.getString(R.string.thread_list_empty_notice), - resources.getString(R.string.reply_in_thread)) + resources.getString(R.string.reply_in_thread) + ) } private fun initBetaFeedback() { @@ -149,7 +164,8 @@ class ThreadListFragment @Inject constructor( displayName = threadListArgs.displayName, avatarUrl = threadListArgs.avatarUrl, roomEncryptionTrustLevel = null, - rootThreadEventId = threadSummary.rootEventId) + rootThreadEventId = threadSummary.rootEventId + ) (activity as? ThreadsActivity)?.navigateToThreadTimeline(roomThreadDetailArgs) } @@ -159,7 +175,8 @@ class ThreadListFragment @Inject constructor( displayName = threadListArgs.displayName, avatarUrl = threadListArgs.avatarUrl, roomEncryptionTrustLevel = null, - rootThreadEventId = timelineEvent.eventId) + rootThreadEventId = timelineEvent.eventId + ) (activity as? ThreadsActivity)?.navigateToThreadTimeline(threadTimelineArgs) } diff --git a/vector/src/main/res/drawable/thread_filter_badge.xml b/vector/src/main/res/drawable/thread_filter_badge.xml new file mode 100644 index 0000000000..c9a01197c8 --- /dev/null +++ b/vector/src/main/res/drawable/thread_filter_badge.xml @@ -0,0 +1,29 @@ + + + + + + + + + + + + + + + + + + diff --git a/vector/src/main/res/layout/item_thread.xml b/vector/src/main/res/layout/item_thread.xml index 921f0663b1..9199a72628 100644 --- a/vector/src/main/res/layout/item_thread.xml +++ b/vector/src/main/res/layout/item_thread.xml @@ -92,7 +92,7 @@ android:maxWidth="496dp" android:minWidth="144dp" android:paddingTop="8dp" - android:paddingBottom="8dp" + android:paddingBottom="12dp" app:layout_constraintEnd_toEndOf="parent" app:layout_constraintStart_toStartOf="@id/threadSummaryTitleTextView" app:layout_constraintTop_toBottomOf="@id/threadSummaryRootMessageTextView" @@ -108,4 +108,4 @@ app:layout_constraintEnd_toEndOf="parent" app:layout_constraintStart_toStartOf="@id/threadSummaryConstraintLayout" app:layout_constraintTop_toBottomOf="@id/threadSummaryConstraintLayout" /> - \ No newline at end of file + diff --git a/vector/src/main/res/layout/view_thread_list_filter.xml b/vector/src/main/res/layout/view_thread_list_filter.xml new file mode 100644 index 0000000000..7bdc994f43 --- /dev/null +++ b/vector/src/main/res/layout/view_thread_list_filter.xml @@ -0,0 +1,38 @@ + + + + + + + + + + + + diff --git a/vector/src/main/res/menu/menu_thread_list.xml b/vector/src/main/res/menu/menu_thread_list.xml index 6da0f80112..d9fb1e7997 100644 --- a/vector/src/main/res/menu/menu_thread_list.xml +++ b/vector/src/main/res/menu/menu_thread_list.xml @@ -5,9 +5,10 @@ + app:showAsAction="always" + tools:visible="true" /> - \ No newline at end of file + From 766e8a8076a6212d22cf77a03bad6299be224404 Mon Sep 17 00:00:00 2001 From: hanthor Date: Wed, 4 May 2022 13:56:15 -0400 Subject: [PATCH 048/433] Added file to changelog.d --- changelog.d/5936.feature | 1 + 1 file changed, 1 insertion(+) create mode 100644 changelog.d/5936.feature diff --git a/changelog.d/5936.feature b/changelog.d/5936.feature new file mode 100644 index 0000000000..cbf14aaba1 --- /dev/null +++ b/changelog.d/5936.feature @@ -0,0 +1 @@ +Added themed launch icons for Android 13 \ No newline at end of file From ba4413e702162eb67a482bd4567d4e199c3c94f4 Mon Sep 17 00:00:00 2001 From: Onuray Sahin Date: Thu, 5 May 2022 12:57:53 +0300 Subject: [PATCH 049/433] Fix stop sharing button state. --- .../im/vector/app/features/call/VectorCallViewModel.kt | 3 ++- .../im/vector/app/features/call/webrtc/WebRtcCall.kt | 10 +++++++++- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/vector/src/main/java/im/vector/app/features/call/VectorCallViewModel.kt b/vector/src/main/java/im/vector/app/features/call/VectorCallViewModel.kt index 7cbc8ca622..880dcf6e33 100644 --- a/vector/src/main/java/im/vector/app/features/call/VectorCallViewModel.kt +++ b/vector/src/main/java/im/vector/app/features/call/VectorCallViewModel.kt @@ -224,7 +224,8 @@ class VectorCallViewModel @AssistedInject constructor( formattedDuration = webRtcCall.formattedDuration(), isHD = webRtcCall.mxCall.isVideoCall && webRtcCall.currentCaptureFormat() is CaptureFormat.HD, canOpponentBeTransferred = webRtcCall.mxCall.capabilities.supportCallTransfer(), - transferee = computeTransfereeState(webRtcCall.mxCall) + transferee = computeTransfereeState(webRtcCall.mxCall), + isSharingScreen = webRtcCall.isSharingScreen() ) } updateOtherKnownCall(webRtcCall) diff --git a/vector/src/main/java/im/vector/app/features/call/webrtc/WebRtcCall.kt b/vector/src/main/java/im/vector/app/features/call/webrtc/WebRtcCall.kt index ad57119442..c0c7dc97f4 100644 --- a/vector/src/main/java/im/vector/app/features/call/webrtc/WebRtcCall.kt +++ b/vector/src/main/java/im/vector/app/features/call/webrtc/WebRtcCall.kt @@ -97,6 +97,7 @@ import kotlin.coroutines.CoroutineContext private const val STREAM_ID = "userMedia" private const val AUDIO_TRACK_ID = "${STREAM_ID}a0" private const val VIDEO_TRACK_ID = "${STREAM_ID}v0" +private const val SCREEN_TRACK_ID = "${STREAM_ID}s0" private val DEFAULT_AUDIO_CONSTRAINTS = MediaConstraints() private const val INVITE_TIMEOUT_IN_MS = 60_000L @@ -805,7 +806,7 @@ class WebRtcCall( } private fun showScreenLocally(factory: PeerConnectionFactory, videoSource: VideoSource?, localMediaStream: MediaStream?) { - localVideoTrack = factory.createVideoTrack(VIDEO_TRACK_ID, videoSource).apply { setEnabled(true) } + localVideoTrack = factory.createVideoTrack(SCREEN_TRACK_ID, videoSource).apply { setEnabled(true) } localMediaStream?.addTrack(localVideoTrack) localSurfaceRenderers.forEach { it.get()?.let { localVideoTrack?.addSink(it) } } } @@ -820,6 +821,13 @@ class WebRtcCall( videoCapturer.startCapture(currentCaptureFormat.width, currentCaptureFormat.height, currentCaptureFormat.fps) } + /** + * Returns true if the user is sharing the screen, false otherwise. + */ + fun isSharingScreen(): Boolean { + return localVideoTrack?.id() == SCREEN_TRACK_ID + } + private suspend fun release() { listeners.clear() mxCall.removeListener(this) From 66b32a74d571733aed34b21cbd53ed703ee925b7 Mon Sep 17 00:00:00 2001 From: Benoit Marty Date: Thu, 5 May 2022 11:57:54 +0200 Subject: [PATCH 050/433] Convert some fun to Context extensions --- .../troubleshoot/TestBatteryOptimization.kt | 2 +- .../java/im/vector/app/core/utils/SystemUtils.kt | 13 ++++++------- .../vector/app/features/popup/PopupAlertManager.kt | 2 +- .../VectorSettingsNotificationPreferenceFragment.kt | 2 +- .../app/features/sync/widget/SyncStateView.kt | 2 +- 5 files changed, 10 insertions(+), 11 deletions(-) diff --git a/vector/src/fdroid/java/im/vector/app/fdroid/features/settings/troubleshoot/TestBatteryOptimization.kt b/vector/src/fdroid/java/im/vector/app/fdroid/features/settings/troubleshoot/TestBatteryOptimization.kt index a5154c7483..57bdf721a2 100644 --- a/vector/src/fdroid/java/im/vector/app/fdroid/features/settings/troubleshoot/TestBatteryOptimization.kt +++ b/vector/src/fdroid/java/im/vector/app/fdroid/features/settings/troubleshoot/TestBatteryOptimization.kt @@ -31,7 +31,7 @@ class TestBatteryOptimization @Inject constructor( ) : TroubleshootTest(R.string.settings_troubleshoot_test_battery_title) { override fun perform(activityResultLauncher: ActivityResultLauncher) { - if (isIgnoringBatteryOptimizations(context)) { + if (context.isIgnoringBatteryOptimizations()) { description = stringProvider.getString(R.string.settings_troubleshoot_test_battery_success) status = TestStatus.SUCCESS quickFix = null diff --git a/vector/src/main/java/im/vector/app/core/utils/SystemUtils.kt b/vector/src/main/java/im/vector/app/core/utils/SystemUtils.kt index 1fa2b8151a..2db7f5407d 100644 --- a/vector/src/main/java/im/vector/app/core/utils/SystemUtils.kt +++ b/vector/src/main/java/im/vector/app/core/utils/SystemUtils.kt @@ -43,21 +43,20 @@ import im.vector.app.features.notifications.NotificationUtils * This user option appears on Android M but Android O enforces its usage and kills apps not * authorised by the user to run in background. * - * @param context the context * @return true if battery optimisations are ignored */ -fun isIgnoringBatteryOptimizations(context: Context): Boolean { +fun Context.isIgnoringBatteryOptimizations(): Boolean { // no issue before Android M, battery optimisations did not exist return Build.VERSION.SDK_INT < Build.VERSION_CODES.M || - context.getSystemService()?.isIgnoringBatteryOptimizations(context.packageName) == true + getSystemService()?.isIgnoringBatteryOptimizations(packageName) == true } -fun isAirplaneModeOn(context: Context): Boolean { - return Settings.Global.getInt(context.contentResolver, Settings.Global.AIRPLANE_MODE_ON, 0) != 0 +fun Context.isAirplaneModeOn(): Boolean { + return Settings.Global.getInt(contentResolver, Settings.Global.AIRPLANE_MODE_ON, 0) != 0 } -fun isAnimationDisabled(context: Context): Boolean { - return Settings.Global.getFloat(context.contentResolver, Settings.Global.ANIMATOR_DURATION_SCALE, 1f) == 0f +fun Context.isAnimationDisabled(): Boolean { + return Settings.Global.getFloat(contentResolver, Settings.Global.ANIMATOR_DURATION_SCALE, 1f) == 0f } /** diff --git a/vector/src/main/java/im/vector/app/features/popup/PopupAlertManager.kt b/vector/src/main/java/im/vector/app/features/popup/PopupAlertManager.kt index 91292e42e5..85fa9ceebd 100644 --- a/vector/src/main/java/im/vector/app/features/popup/PopupAlertManager.kt +++ b/vector/src/main/java/im/vector/app/features/popup/PopupAlertManager.kt @@ -218,7 +218,7 @@ class PopupAlertManager @Inject constructor( if (!alert.isLight) { clearLightStatusBar() } - val noAnimation = !animate || isAnimationDisabled(activity) + val noAnimation = !animate || activity.isAnimationDisabled() alert.weakCurrentActivity = WeakReference(activity) val alerter = Alerter.create(activity, alert.layoutRes) diff --git a/vector/src/main/java/im/vector/app/features/settings/notifications/VectorSettingsNotificationPreferenceFragment.kt b/vector/src/main/java/im/vector/app/features/settings/notifications/VectorSettingsNotificationPreferenceFragment.kt index d9cd5b3461..0d250e645d 100644 --- a/vector/src/main/java/im/vector/app/features/settings/notifications/VectorSettingsNotificationPreferenceFragment.kt +++ b/vector/src/main/java/im/vector/app/features/settings/notifications/VectorSettingsNotificationPreferenceFragment.kt @@ -204,7 +204,7 @@ class VectorSettingsNotificationPreferenceFragment @Inject constructor( // Important, Battery optim white listing is needed in this mode; // Even if using foreground service with foreground notif, it stops to work // in doze mode for certain devices :/ - if (!isIgnoringBatteryOptimizations(requireContext())) { + if (!requireContext().isIgnoringBatteryOptimizations()) { requestDisablingBatteryOptimization(requireActivity(), batteryStartForActivityResult) } } diff --git a/vector/src/main/java/im/vector/app/features/sync/widget/SyncStateView.kt b/vector/src/main/java/im/vector/app/features/sync/widget/SyncStateView.kt index 01e933e446..27116093d2 100755 --- a/vector/src/main/java/im/vector/app/features/sync/widget/SyncStateView.kt +++ b/vector/src/main/java/im/vector/app/features/sync/widget/SyncStateView.kt @@ -54,7 +54,7 @@ class SyncStateView @JvmOverloads constructor(context: Context, attrs: Attribute views.syncStateProgressBar.isVisible = newState is SyncState.Running && newState.afterPause if (newState == SyncState.NoNetwork) { - val isAirplaneModeOn = isAirplaneModeOn(context) + val isAirplaneModeOn = context.isAirplaneModeOn() views.syncStateNoNetwork.isVisible = isAirplaneModeOn.not() views.syncStateNoNetworkAirplane.isVisible = isAirplaneModeOn } else { From 67bc7c93e6f217dd09b25dc32d4acb908c6db968 Mon Sep 17 00:00:00 2001 From: Benoit Marty Date: Thu, 5 May 2022 12:01:33 +0200 Subject: [PATCH 051/433] Format file --- .../home/room/detail/TimelineFragment.kt | 53 ++++++++++++------- 1 file changed, 35 insertions(+), 18 deletions(-) diff --git a/vector/src/main/java/im/vector/app/features/home/room/detail/TimelineFragment.kt b/vector/src/main/java/im/vector/app/features/home/room/detail/TimelineFragment.kt index 099f3779ee..38b657a073 100644 --- a/vector/src/main/java/im/vector/app/features/home/room/detail/TimelineFragment.kt +++ b/vector/src/main/java/im/vector/app/features/home/room/detail/TimelineFragment.kt @@ -666,11 +666,13 @@ class TimelineFragment @Inject constructor( ).apply { directListener = { granted -> if (granted) { - timelineViewModel.handle(RoomDetailAction.EnsureNativeWidgetAllowed( - widget = it.widget, - userJustAccepted = true, - grantedEvents = it.grantedEvents - )) + timelineViewModel.handle( + RoomDetailAction.EnsureNativeWidgetAllowed( + widget = it.widget, + userJustAccepted = true, + grantedEvents = it.grantedEvents + ) + ) } } } @@ -791,25 +793,29 @@ class TimelineFragment @Inject constructor( override fun onSendVoiceMessage() { messageComposerViewModel.handle( - MessageComposerAction.EndRecordingVoiceMessage(isCancelled = false, rootThreadEventId = getRootThreadEventId())) + MessageComposerAction.EndRecordingVoiceMessage(isCancelled = false, rootThreadEventId = getRootThreadEventId()) + ) updateRecordingUiState(RecordingUiState.Idle) } override fun onDeleteVoiceMessage() { messageComposerViewModel.handle( - MessageComposerAction.EndRecordingVoiceMessage(isCancelled = true, rootThreadEventId = getRootThreadEventId())) + MessageComposerAction.EndRecordingVoiceMessage(isCancelled = true, rootThreadEventId = getRootThreadEventId()) + ) updateRecordingUiState(RecordingUiState.Idle) } override fun onRecordingLimitReached() { messageComposerViewModel.handle( - MessageComposerAction.PauseRecordingVoiceMessage) + MessageComposerAction.PauseRecordingVoiceMessage + ) updateRecordingUiState(RecordingUiState.Draft) } override fun onRecordingWaveformClicked() { messageComposerViewModel.handle( - MessageComposerAction.PauseRecordingVoiceMessage) + MessageComposerAction.PauseRecordingVoiceMessage + ) updateRecordingUiState(RecordingUiState.Draft) } @@ -827,7 +833,8 @@ class TimelineFragment @Inject constructor( private fun updateRecordingUiState(state: RecordingUiState) { messageComposerViewModel.handle( - MessageComposerAction.OnVoiceRecordingUiStateChanged(state)) + MessageComposerAction.OnVoiceRecordingUiStateChanged(state) + ) } } } @@ -1527,9 +1534,11 @@ class TimelineFragment @Inject constructor( attachmentTypeSelector = AttachmentTypeSelectorView(vectorBaseActivity, vectorBaseActivity.layoutInflater, this@TimelineFragment) attachmentTypeSelector.setAttachmentVisibility( AttachmentTypeSelectorView.Type.LOCATION, - vectorPreferences.isLocationSharingEnabled()) + vectorPreferences.isLocationSharingEnabled() + ) attachmentTypeSelector.setAttachmentVisibility( - AttachmentTypeSelectorView.Type.POLL, !isThreadTimeLine()) + AttachmentTypeSelectorView.Type.POLL, !isThreadTimeLine() + ) } attachmentTypeSelector.show(views.composerLayout.views.attachmentButton) } @@ -2292,12 +2301,18 @@ class TimelineFragment @Inject constructor( handleCancelSend(action) } is EventSharedAction.ReportContentSpam -> { - timelineViewModel.handle(RoomDetailAction.ReportContent( - action.eventId, action.senderId, "This message is spam", spam = true)) + timelineViewModel.handle( + RoomDetailAction.ReportContent( + action.eventId, action.senderId, "This message is spam", spam = true + ) + ) } is EventSharedAction.ReportContentInappropriate -> { - timelineViewModel.handle(RoomDetailAction.ReportContent( - action.eventId, action.senderId, "This message is inappropriate", inappropriate = true)) + timelineViewModel.handle( + RoomDetailAction.ReportContent( + action.eventId, action.senderId, "This message is inappropriate", inappropriate = true + ) + ) } is EventSharedAction.ReportContentCustom -> { promptReasonToReportContent(action) @@ -2443,7 +2458,8 @@ class TimelineFragment @Inject constructor( displayName = timelineViewModel.getRoomSummary()?.displayName, avatarUrl = timelineViewModel.getRoomSummary()?.avatarUrl, roomEncryptionTrustLevel = timelineViewModel.getRoomSummary()?.roomEncryptionTrustLevel, - rootThreadEventId = rootThreadEventId) + rootThreadEventId = rootThreadEventId + ) navigator.openThread(it, roomThreadDetailArgs) } } @@ -2479,7 +2495,8 @@ class TimelineFragment @Inject constructor( roomId = timelineArgs.roomId, displayName = timelineViewModel.getRoomSummary()?.displayName, roomEncryptionTrustLevel = timelineViewModel.getRoomSummary()?.roomEncryptionTrustLevel, - avatarUrl = timelineViewModel.getRoomSummary()?.avatarUrl) + avatarUrl = timelineViewModel.getRoomSummary()?.avatarUrl + ) navigator.openThreadList(it, roomThreadDetailArgs) } } From d454e3fd20520e5429ae762202f89f95f1440bf3 Mon Sep 17 00:00:00 2001 From: Benoit Marty Date: Thu, 5 May 2022 12:02:44 +0200 Subject: [PATCH 052/433] Disable chat effect and confetti if animation are disabled on the system It will speed up the sanity test --- .../vector/app/features/home/room/detail/TimelineFragment.kt | 5 +++++ .../onboarding/ftueauth/FtueAuthAccountCreatedFragment.kt | 3 ++- .../ftueauth/FtueAuthPersonalizationCompleteFragment.kt | 3 ++- 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/vector/src/main/java/im/vector/app/features/home/room/detail/TimelineFragment.kt b/vector/src/main/java/im/vector/app/features/home/room/detail/TimelineFragment.kt index 38b657a073..6559c99338 100644 --- a/vector/src/main/java/im/vector/app/features/home/room/detail/TimelineFragment.kt +++ b/vector/src/main/java/im/vector/app/features/home/room/detail/TimelineFragment.kt @@ -105,6 +105,7 @@ import im.vector.app.core.utils.colorizeMatchingText import im.vector.app.core.utils.copyToClipboard import im.vector.app.core.utils.createJSonViewerStyleProvider import im.vector.app.core.utils.createUIHandler +import im.vector.app.core.utils.isAnimationDisabled import im.vector.app.core.utils.isValidUrl import im.vector.app.core.utils.onPermissionDeniedDialog import im.vector.app.core.utils.onPermissionDeniedSnackbar @@ -586,6 +587,10 @@ class TimelineFragment @Inject constructor( } private fun handleChatEffect(chatEffect: ChatEffect) { + if (requireContext().isAnimationDisabled()) { + Timber.d("Do not perform chat effect, animations are disabled.") + return + } when (chatEffect) { ChatEffect.CONFETTI -> { views.viewKonfetti.isVisible = true diff --git a/vector/src/main/java/im/vector/app/features/onboarding/ftueauth/FtueAuthAccountCreatedFragment.kt b/vector/src/main/java/im/vector/app/features/onboarding/ftueauth/FtueAuthAccountCreatedFragment.kt index 49db52da67..0050cd581b 100644 --- a/vector/src/main/java/im/vector/app/features/onboarding/ftueauth/FtueAuthAccountCreatedFragment.kt +++ b/vector/src/main/java/im/vector/app/features/onboarding/ftueauth/FtueAuthAccountCreatedFragment.kt @@ -24,6 +24,7 @@ import androidx.core.view.isVisible import im.vector.app.R import im.vector.app.core.animations.play import im.vector.app.core.di.ActiveSessionHolder +import im.vector.app.core.utils.isAnimationDisabled import im.vector.app.databinding.FragmentFtueAccountCreatedBinding import im.vector.app.features.onboarding.OnboardingAction import im.vector.app.features.onboarding.OnboardingViewEvents @@ -57,7 +58,7 @@ class FtueAuthAccountCreatedFragment @Inject constructor( views.personalizeButtonGroup.isVisible = canPersonalize views.takeMeHomeButtonGroup.isVisible = !canPersonalize - if (!hasPlayedConfetti && !canPersonalize) { + if (!hasPlayedConfetti && !canPersonalize && !requireContext().isAnimationDisabled()) { hasPlayedConfetti = true views.viewKonfetti.isVisible = true views.viewKonfetti.play() diff --git a/vector/src/main/java/im/vector/app/features/onboarding/ftueauth/FtueAuthPersonalizationCompleteFragment.kt b/vector/src/main/java/im/vector/app/features/onboarding/ftueauth/FtueAuthPersonalizationCompleteFragment.kt index 6b47b9830c..1bb22805de 100644 --- a/vector/src/main/java/im/vector/app/features/onboarding/ftueauth/FtueAuthPersonalizationCompleteFragment.kt +++ b/vector/src/main/java/im/vector/app/features/onboarding/ftueauth/FtueAuthPersonalizationCompleteFragment.kt @@ -22,6 +22,7 @@ import android.view.View import android.view.ViewGroup import androidx.core.view.isVisible import im.vector.app.core.animations.play +import im.vector.app.core.utils.isAnimationDisabled import im.vector.app.databinding.FragmentFtuePersonalizationCompleteBinding import im.vector.app.features.onboarding.OnboardingAction import im.vector.app.features.onboarding.OnboardingViewEvents @@ -43,7 +44,7 @@ class FtueAuthPersonalizationCompleteFragment @Inject constructor() : AbstractFt private fun setupViews() { views.personalizationCompleteCta.debouncedClicks { viewModel.handle(OnboardingAction.PostViewEvent(OnboardingViewEvents.OnTakeMeHome)) } - if (!hasPlayedConfetti) { + if (!hasPlayedConfetti && !requireContext().isAnimationDisabled()) { hasPlayedConfetti = true views.viewKonfetti.isVisible = true views.viewKonfetti.play() From ced4146350b2d8507bc63fe3003bff3631acad5c Mon Sep 17 00:00:00 2001 From: Benoit Marty Date: Thu, 5 May 2022 12:06:55 +0200 Subject: [PATCH 053/433] Changelog --- changelog.d/5941.bugfix | 1 + 1 file changed, 1 insertion(+) create mode 100644 changelog.d/5941.bugfix diff --git a/changelog.d/5941.bugfix b/changelog.d/5941.bugfix new file mode 100644 index 0000000000..0ea17668c6 --- /dev/null +++ b/changelog.d/5941.bugfix @@ -0,0 +1 @@ +If animations are disable on the System, chat effects and confetti will be disabled too From 0b30c28fe4f893d9beabb026f47e99e90a448ccc Mon Sep 17 00:00:00 2001 From: Benoit Marty Date: Thu, 5 May 2022 12:15:10 +0200 Subject: [PATCH 054/433] Opposite if for better code clarity --- vector/src/main/java/im/vector/app/core/utils/SystemUtils.kt | 4 ++-- .../vector/app/features/home/room/detail/TimelineFragment.kt | 4 ++-- .../onboarding/ftueauth/FtueAuthAccountCreatedFragment.kt | 4 ++-- .../ftueauth/FtueAuthPersonalizationCompleteFragment.kt | 4 ++-- .../java/im/vector/app/features/popup/PopupAlertManager.kt | 4 ++-- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/vector/src/main/java/im/vector/app/core/utils/SystemUtils.kt b/vector/src/main/java/im/vector/app/core/utils/SystemUtils.kt index 2db7f5407d..f8ff12ddb2 100644 --- a/vector/src/main/java/im/vector/app/core/utils/SystemUtils.kt +++ b/vector/src/main/java/im/vector/app/core/utils/SystemUtils.kt @@ -55,8 +55,8 @@ fun Context.isAirplaneModeOn(): Boolean { return Settings.Global.getInt(contentResolver, Settings.Global.AIRPLANE_MODE_ON, 0) != 0 } -fun Context.isAnimationDisabled(): Boolean { - return Settings.Global.getFloat(contentResolver, Settings.Global.ANIMATOR_DURATION_SCALE, 1f) == 0f +fun Context.isAnimationEnabled(): Boolean { + return Settings.Global.getFloat(contentResolver, Settings.Global.ANIMATOR_DURATION_SCALE, 1f) != 0f } /** diff --git a/vector/src/main/java/im/vector/app/features/home/room/detail/TimelineFragment.kt b/vector/src/main/java/im/vector/app/features/home/room/detail/TimelineFragment.kt index 6559c99338..de1d512c75 100644 --- a/vector/src/main/java/im/vector/app/features/home/room/detail/TimelineFragment.kt +++ b/vector/src/main/java/im/vector/app/features/home/room/detail/TimelineFragment.kt @@ -105,7 +105,7 @@ import im.vector.app.core.utils.colorizeMatchingText import im.vector.app.core.utils.copyToClipboard import im.vector.app.core.utils.createJSonViewerStyleProvider import im.vector.app.core.utils.createUIHandler -import im.vector.app.core.utils.isAnimationDisabled +import im.vector.app.core.utils.isAnimationEnabled import im.vector.app.core.utils.isValidUrl import im.vector.app.core.utils.onPermissionDeniedDialog import im.vector.app.core.utils.onPermissionDeniedSnackbar @@ -587,7 +587,7 @@ class TimelineFragment @Inject constructor( } private fun handleChatEffect(chatEffect: ChatEffect) { - if (requireContext().isAnimationDisabled()) { + if (!requireContext().isAnimationEnabled()) { Timber.d("Do not perform chat effect, animations are disabled.") return } diff --git a/vector/src/main/java/im/vector/app/features/onboarding/ftueauth/FtueAuthAccountCreatedFragment.kt b/vector/src/main/java/im/vector/app/features/onboarding/ftueauth/FtueAuthAccountCreatedFragment.kt index 0050cd581b..b8114b5d94 100644 --- a/vector/src/main/java/im/vector/app/features/onboarding/ftueauth/FtueAuthAccountCreatedFragment.kt +++ b/vector/src/main/java/im/vector/app/features/onboarding/ftueauth/FtueAuthAccountCreatedFragment.kt @@ -24,7 +24,7 @@ import androidx.core.view.isVisible import im.vector.app.R import im.vector.app.core.animations.play import im.vector.app.core.di.ActiveSessionHolder -import im.vector.app.core.utils.isAnimationDisabled +import im.vector.app.core.utils.isAnimationEnabled import im.vector.app.databinding.FragmentFtueAccountCreatedBinding import im.vector.app.features.onboarding.OnboardingAction import im.vector.app.features.onboarding.OnboardingViewEvents @@ -58,7 +58,7 @@ class FtueAuthAccountCreatedFragment @Inject constructor( views.personalizeButtonGroup.isVisible = canPersonalize views.takeMeHomeButtonGroup.isVisible = !canPersonalize - if (!hasPlayedConfetti && !canPersonalize && !requireContext().isAnimationDisabled()) { + if (!hasPlayedConfetti && !canPersonalize && requireContext().isAnimationEnabled()) { hasPlayedConfetti = true views.viewKonfetti.isVisible = true views.viewKonfetti.play() diff --git a/vector/src/main/java/im/vector/app/features/onboarding/ftueauth/FtueAuthPersonalizationCompleteFragment.kt b/vector/src/main/java/im/vector/app/features/onboarding/ftueauth/FtueAuthPersonalizationCompleteFragment.kt index 1bb22805de..074f58864e 100644 --- a/vector/src/main/java/im/vector/app/features/onboarding/ftueauth/FtueAuthPersonalizationCompleteFragment.kt +++ b/vector/src/main/java/im/vector/app/features/onboarding/ftueauth/FtueAuthPersonalizationCompleteFragment.kt @@ -22,7 +22,7 @@ import android.view.View import android.view.ViewGroup import androidx.core.view.isVisible import im.vector.app.core.animations.play -import im.vector.app.core.utils.isAnimationDisabled +import im.vector.app.core.utils.isAnimationEnabled import im.vector.app.databinding.FragmentFtuePersonalizationCompleteBinding import im.vector.app.features.onboarding.OnboardingAction import im.vector.app.features.onboarding.OnboardingViewEvents @@ -44,7 +44,7 @@ class FtueAuthPersonalizationCompleteFragment @Inject constructor() : AbstractFt private fun setupViews() { views.personalizationCompleteCta.debouncedClicks { viewModel.handle(OnboardingAction.PostViewEvent(OnboardingViewEvents.OnTakeMeHome)) } - if (!hasPlayedConfetti && !requireContext().isAnimationDisabled()) { + if (!hasPlayedConfetti && requireContext().isAnimationEnabled()) { hasPlayedConfetti = true views.viewKonfetti.isVisible = true views.viewKonfetti.play() diff --git a/vector/src/main/java/im/vector/app/features/popup/PopupAlertManager.kt b/vector/src/main/java/im/vector/app/features/popup/PopupAlertManager.kt index 85fa9ceebd..5d16fabbfd 100644 --- a/vector/src/main/java/im/vector/app/features/popup/PopupAlertManager.kt +++ b/vector/src/main/java/im/vector/app/features/popup/PopupAlertManager.kt @@ -25,7 +25,7 @@ import com.tapadoo.alerter.Alerter import im.vector.app.R import im.vector.app.core.platform.VectorBaseActivity import im.vector.app.core.time.Clock -import im.vector.app.core.utils.isAnimationDisabled +import im.vector.app.core.utils.isAnimationEnabled import im.vector.app.features.analytics.ui.consent.AnalyticsOptInActivity import im.vector.app.features.pin.PinActivity import im.vector.app.features.signout.hard.SignedOutActivity @@ -218,7 +218,7 @@ class PopupAlertManager @Inject constructor( if (!alert.isLight) { clearLightStatusBar() } - val noAnimation = !animate || activity.isAnimationDisabled() + val noAnimation = !(animate && activity.isAnimationEnabled()) alert.weakCurrentActivity = WeakReference(activity) val alerter = Alerter.create(activity, alert.layoutRes) From 754208e164d617e6dbc0263e36981751d0c52175 Mon Sep 17 00:00:00 2001 From: Onuray Sahin Date: Thu, 5 May 2022 14:02:19 +0300 Subject: [PATCH 055/433] Don't enable video after stopping screen sharing for audio calls. --- .../java/im/vector/app/features/call/webrtc/WebRtcCall.kt | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/vector/src/main/java/im/vector/app/features/call/webrtc/WebRtcCall.kt b/vector/src/main/java/im/vector/app/features/call/webrtc/WebRtcCall.kt index c0c7dc97f4..48a1b7e1e2 100644 --- a/vector/src/main/java/im/vector/app/features/call/webrtc/WebRtcCall.kt +++ b/vector/src/main/java/im/vector/app/features/call/webrtc/WebRtcCall.kt @@ -796,8 +796,11 @@ class WebRtcCall( } fun stopSharingScreen() { + localVideoTrack?.setEnabled(false) screenSender?.let { removeStream(it) } - peerConnectionFactoryProvider.get()?.let { configureVideoTrack(it) } + if (mxCall.isVideoCall) { + peerConnectionFactoryProvider.get()?.let { configureVideoTrack(it) } + } sessionScope?.launch(dispatcher) { attachViewRenderersInternal() } } @@ -825,7 +828,7 @@ class WebRtcCall( * Returns true if the user is sharing the screen, false otherwise. */ fun isSharingScreen(): Boolean { - return localVideoTrack?.id() == SCREEN_TRACK_ID + return localVideoTrack?.enabled().orFalse() && localVideoTrack?.id() == SCREEN_TRACK_ID } private suspend fun release() { From b486559469f9ec5213ba4718b84e6c0fa0c7aad2 Mon Sep 17 00:00:00 2001 From: Onuray Sahin Date: Thu, 5 May 2022 14:15:17 +0300 Subject: [PATCH 056/433] Update video mute status after stopping screen sharing. --- .../main/java/im/vector/app/features/call/webrtc/WebRtcCall.kt | 1 + 1 file changed, 1 insertion(+) diff --git a/vector/src/main/java/im/vector/app/features/call/webrtc/WebRtcCall.kt b/vector/src/main/java/im/vector/app/features/call/webrtc/WebRtcCall.kt index 48a1b7e1e2..21982d12b8 100644 --- a/vector/src/main/java/im/vector/app/features/call/webrtc/WebRtcCall.kt +++ b/vector/src/main/java/im/vector/app/features/call/webrtc/WebRtcCall.kt @@ -801,6 +801,7 @@ class WebRtcCall( if (mxCall.isVideoCall) { peerConnectionFactoryProvider.get()?.let { configureVideoTrack(it) } } + updateMuteStatus() sessionScope?.launch(dispatcher) { attachViewRenderersInternal() } } From 7a01e1bf65aadc66d869bdca695d0b4535510c6a Mon Sep 17 00:00:00 2001 From: Benoit Marty Date: Thu, 5 May 2022 14:55:34 +0200 Subject: [PATCH 057/433] Add small step at the beginning of the release flow --- .github/ISSUE_TEMPLATE/release.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/ISSUE_TEMPLATE/release.yml b/.github/ISSUE_TEMPLATE/release.yml index 50a9cdf5fc..7cb47fa952 100644 --- a/.github/ISSUE_TEMPLATE/release.yml +++ b/.github/ISSUE_TEMPLATE/release.yml @@ -23,7 +23,8 @@ body: ### Do the release - - [ ] Create release with gitflow, branch name `release/1.2.3` + - [ ] Make sure `develop` and `main` are up to date (git pull) + - [ ] Checkout develop and create a release with gitflow, branch name `release/1.2.3` - [ ] Check the crashes from the PlayStore - [ ] Check the rageshake with the current dev version: https://github.com/matrix-org/element-android-rageshakes/labels/1.2.3-dev - [ ] Run the integration test, and especially `UiAllScreensSanityTest.allScreensTest()` From 133d1972a370939438c9011d294b97f4801674b9 Mon Sep 17 00:00:00 2001 From: Benoit Marty Date: Thu, 17 Feb 2022 21:21:30 +0100 Subject: [PATCH 058/433] Check more modules --- tools/check/check_code_quality.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tools/check/check_code_quality.sh b/tools/check/check_code_quality.sh index e40d3635e8..910616176c 100755 --- a/tools/check/check_code_quality.sh +++ b/tools/check/check_code_quality.sh @@ -67,6 +67,9 @@ echo "Search for forbidden patterns in code..." ${searchForbiddenStringsScript} ./tools/check/forbidden_strings_in_code.txt \ ./matrix-sdk-android/src/main/java \ ./matrix-sdk-android-flow/src/main/java \ + ./library/core-utils/src/main/java \ + ./library/jsonviewer/src/main/java \ + ./library/ui-styles/src/main/java \ ./vector/src/main/java \ ./vector/src/debug/java \ ./vector/src/release/java \ @@ -100,6 +103,7 @@ echo echo "Search for forbidden patterns in resources..." ${searchForbiddenStringsScript} ./tools/check/forbidden_strings_in_resources.txt \ + ./library/ui-styles/src/main/res/values \ ./vector/src/main/res/color \ ./vector/src/main/res/layout \ ./vector/src/main/res/values \ From 26edf79aa2fbc824c3537ab1dbacc0999021967f Mon Sep 17 00:00:00 2001 From: Benoit Marty Date: Thu, 17 Feb 2022 21:25:09 +0100 Subject: [PATCH 059/433] Fix detected issues --- .../src/main/java/org/billcarsonfr/jsonviewer/ValueItem.kt | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/library/jsonviewer/src/main/java/org/billcarsonfr/jsonviewer/ValueItem.kt b/library/jsonviewer/src/main/java/org/billcarsonfr/jsonviewer/ValueItem.kt index fac7099b37..66dfcc5dc3 100644 --- a/library/jsonviewer/src/main/java/org/billcarsonfr/jsonviewer/ValueItem.kt +++ b/library/jsonviewer/src/main/java/org/billcarsonfr/jsonviewer/ValueItem.kt @@ -18,11 +18,11 @@ package org.billcarsonfr.jsonviewer import android.content.ClipData import android.content.ClipboardManager -import android.content.Context import android.view.ContextMenu import android.view.View import android.widget.LinearLayout import android.widget.TextView +import androidx.core.content.getSystemService import com.airbnb.epoxy.EpoxyAttribute import com.airbnb.epoxy.EpoxyHolder import com.airbnb.epoxy.EpoxyModelClass @@ -77,8 +77,7 @@ internal abstract class ValueItem : EpoxyModelWithHolder() { ) { if (copyValue != null) { val menuItem = menu?.add(R.string.copy_value) - val clipService = - v?.context?.getSystemService(Context.CLIPBOARD_SERVICE) as? ClipboardManager + val clipService = v?.context?.getSystemService() menuItem?.setOnMenuItemClickListener { clipService?.setPrimaryClip(ClipData.newPlainText("", copyValue)) true From e45c79378f04639ba19380f6068381ff04b8045b Mon Sep 17 00:00:00 2001 From: Benoit Marty Date: Thu, 17 Feb 2022 21:39:49 +0100 Subject: [PATCH 060/433] Use fatalError and add missing `return` statement --- .../java/im/vector/app/core/platform/VectorBaseActivity.kt | 7 ++----- .../im/vector/app/features/navigation/DefaultNavigator.kt | 1 + 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/vector/src/main/java/im/vector/app/core/platform/VectorBaseActivity.kt b/vector/src/main/java/im/vector/app/core/platform/VectorBaseActivity.kt index febcfc5ef2..e90c1954c4 100644 --- a/vector/src/main/java/im/vector/app/core/platform/VectorBaseActivity.kt +++ b/vector/src/main/java/im/vector/app/core/platform/VectorBaseActivity.kt @@ -55,6 +55,7 @@ import im.vector.app.core.di.ActiveSessionHolder import im.vector.app.core.di.ActivityEntryPoint import im.vector.app.core.dialogs.DialogLocker import im.vector.app.core.dialogs.UnrecognizedCertificateDialog +import im.vector.app.core.error.fatalError import im.vector.app.core.extensions.observeEvent import im.vector.app.core.extensions.observeNotNull import im.vector.app.core.extensions.registerStartForActivityResult @@ -608,11 +609,7 @@ abstract class VectorBaseActivity : AppCompatActivity(), Maver } }.show() } else { - if (vectorPreferences.failFast()) { - error("No CoordinatorLayout to display this snackbar!") - } else { - Timber.w("No CoordinatorLayout to display this snackbar!") - } + fatalError("No CoordinatorLayout to display this snackbar!", vectorPreferences.failFast()) } } diff --git a/vector/src/main/java/im/vector/app/features/navigation/DefaultNavigator.kt b/vector/src/main/java/im/vector/app/features/navigation/DefaultNavigator.kt index 94aee1ba1a..1e33f2224b 100644 --- a/vector/src/main/java/im/vector/app/features/navigation/DefaultNavigator.kt +++ b/vector/src/main/java/im/vector/app/features/navigation/DefaultNavigator.kt @@ -316,6 +316,7 @@ class DefaultNavigator @Inject constructor( if (context is AppCompatActivity) { if (context !is MatrixToBottomSheet.InteractionListener) { fatalError("Caller context should implement MatrixToBottomSheet.InteractionListener", vectorPreferences.failFast()) + return } // TODO check if there is already one?? MatrixToBottomSheet.withLink(link, origin) From 8e319067ada4b93f1df726846bd2536f2b24a16d Mon Sep 17 00:00:00 2001 From: Benoit Marty Date: Thu, 11 Feb 2021 15:43:48 +0100 Subject: [PATCH 061/433] Add diag request for Synapse --- tools/hs_diag.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tools/hs_diag.py b/tools/hs_diag.py index 50f117bc8e..8651321fa3 100755 --- a/tools/hs_diag.py +++ b/tools/hs_diag.py @@ -58,6 +58,9 @@ items = [ # Need token , ["Capability", baseUrl + "_matrix/client/r0/capabilities", True] # Need token , ["Media config", baseUrl + "_matrix/media/r0/config", True] # Need token , ["Turn", baseUrl + "_matrix/client/r0/voip/turnServer", True] + + # Only for Synapse + , ["Synapse version", baseUrl + "_synapse/admin/v1/server_version", True] ] for item in items: From fb19d6b83cd84412e9c6167a7c702806b4f50e6a Mon Sep 17 00:00:00 2001 From: Michael Kaye <1917473+michaelkaye@users.noreply.github.com> Date: Thu, 5 May 2022 14:35:54 +0100 Subject: [PATCH 062/433] Try ensuring public_baseurl set correctly. --- .github/workflows/nightly.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index 961e130afe..40fbac2bf5 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -43,11 +43,12 @@ jobs: restore-keys: | ${{ runner.os }}-gradle- - name: Start synapse server - uses: michaelkaye/setup-matrix-synapse@v1.0.2 + uses: michaelkaye/setup-matrix-synapse@v1.0.3 with: uploadLogs: true httpPort: 8080 disableRateLimiting: true + public_baseurl: "http://10.0.2.2:8080/" # package: org.matrix.android.sdk.session - name: Run integration tests for Matrix SDK [org.matrix.android.sdk.session] API[${{ matrix.api-level }}] uses: reactivecircus/android-emulator-runner@v2 @@ -230,11 +231,12 @@ jobs: restore-keys: | ${{ runner.os }}-gradle- - name: Start synapse server - uses: michaelkaye/setup-matrix-synapse@v1.0.2 + uses: michaelkaye/setup-matrix-synapse@v1.0.3 with: uploadLogs: true httpPort: 8080 disableRateLimiting: true + public_baseurl: "http://10.0.2.2:8080/" - uses: actions/setup-java@v3 with: distribution: 'adopt' From 135d56489d39cdfbc72f1319bc317c0a2c2adc8a Mon Sep 17 00:00:00 2001 From: trongtran810 Date: Thu, 5 May 2022 16:56:39 +0000 Subject: [PATCH 063/433] Translated using Weblate (Vietnamese) Currently translated at 92.4% (2057 of 2224 strings) Translation: Element Android/Element Android App Translate-URL: https://translate.element.io/projects/element-android/element-app/vi/ --- vector/src/main/res/values-vi/strings.xml | 75 +++++------------------ 1 file changed, 17 insertions(+), 58 deletions(-) diff --git a/vector/src/main/res/values-vi/strings.xml b/vector/src/main/res/values-vi/strings.xml index 310c35d496..1697dcfc7c 100644 --- a/vector/src/main/res/values-vi/strings.xml +++ b/vector/src/main/res/values-vi/strings.xml @@ -9,7 +9,6 @@ Gửi ảnh chụp màn hình Gửi lịch sử yêu cầu chia sẻ khóa Cộng đồng - Phòng Không còn kết quả nào nữa Bỏ qua @@ -58,7 +57,6 @@ Bạn không có quyền bắt đầu cuộc gọi trong phòng này Bạn không có quyền bắt đầu cuộc gọi hội thoại Bạn không có quyền bắt đầu cuộc gọi hội thoại trong phòng này - Bắt đầu trò chuyện Cài lại Bỏ @@ -125,7 +123,6 @@ Điện thoại Chọn thiết bị âm thanh Cuộc gọi ${app_name} thất bại - Bạn có chắc bạn muốn bắt đầu một cuộc gọi video\? Bạn có chắc bạn muốn bắt đầu một cuộc gọi bằng giọng nói\? Gửi giọng nói @@ -156,7 +153,7 @@ Chương trình đã gặp sự cố lần trước. Bạn có muốn mở trang tường thuật sự cố không\? Tiến độ (%s%%) Gửi nhật ký dừng đột ngột - Gửi nhật ký + Gửi logs Gửi Quản lý cài đặt khám phá của bạn. Khám phá @@ -333,7 +330,6 @@ %1$s đã rời phòng. Lý do: %2$s Địa chỉ email được liên kết đến tài khoản của bạn phải được nhập. Máy chủ nhà này muốn chắc chắn bạn không phải rô bốt - Số điện thoại này đã được định nghĩa rồi. Địa chỉ email này đã được định nghĩa rồi. Đăng nhập bằng đăng nhập một lần @@ -354,7 +350,6 @@ Phục hồi các tin nhắn được mã hoá Xuất các mã khoá thành công - Vui lòng tạo một mật khẩu để mã hoá các mã khoá được xuất. Bạn sẽ cần nhập mật khẩu đó để có thể nhập các mã khoá đó. Xuất Xuất các mã khoá ra tệp cục bộ @@ -366,22 +361,15 @@ Nhập các mã khoá phòng E2E Quản lý bản sao lưu mã khoá ip không xác định - Nếu chúng không khớp, sự bảo mật của việc giao tiếp của bạn có thể bị can thiệp. Xác nhận bằng cách so sánh những điều sau đây với Cài đặt người dùng trong phiên làm việc kia của bạn: Xác minh URL máy chủ nhà Bạn có chắc bạn muốn rời khỏi phòng không\? Rời khỏi phòng - - - - %d thành viên - - Nhảy đến tin nhắn chưa đọc. Liệt kê các thành viên Từ chối @@ -392,14 +380,10 @@ Cho phép quyền truy cập danh bạ của bạn. Để quét mã QR, bạn cần cho phép quyền truy cập máy ảnh. - ${app_name} cần quyền truy cập máy ảnh và micro của bạn để thực hiện các cuộc gọi video. \n \nVui lòng cho phép quyền truy cập trên các cửa sổ popup tiếp theo để có thể thực hiện cuộc gọi. - ${app_name} cần quyền truy cập micro của bạn để thực hiện các cuộc gọi âm thanh. - - Thông tin Bên kia không thể nhấc máy. Giữ máy @@ -427,7 +411,6 @@ Không thể kết nối đến máy chủ nhà tại URL này, vui lòng kiểm tra nó Vui lòng nhập URL hợp lệ Vui lòng xem xét và chấp nhận chính sách của máy chủ nhà này: - Xác minh địa chỉ email thất bại: hãy chắc chắn là bạn đã nhấn vào liên kết trong email Hiện tất cả phòng trong thư mục phòng, bao gồm cả các phòng có nội dung phản cảm. Hiện các phòng có nội dung phản cảm @@ -529,7 +512,6 @@ \nĐang đợi phản hồi từ máy chủ… Phòng trống (đã là %s) Phòng trống - %1$s, %2$s, %3$s và %4$d người khác @@ -721,7 +703,6 @@ Tất cả tin nhắn Tất cả tin nhắn (ầm ĩ) Lơ người dùng - Nội dung này bị báo cáo không phù hợp. \n \nNếu bạn không muốn thấy thêm nội dung từ người dùng này, bạn có thể lơ họ để ẩn nội dung tin nhắn. @@ -816,9 +797,7 @@ Chọn quốc gia Quản lý email và số điện thoại liên kết với tài khoản Matrix Email và số điện thoại - Hiện tất cả tin nhắn từ %s\? -\n -\nLưu ý rằng hành động này sẽ khởi động App và có thể mất nhiều thời gian. + Hiện tất cả tin nhắn từ %s\? Mật khẩu của bạn vừa được cập nhật Mật khẩu này không hợp lệ Cập nhật mật khẩu thất bại @@ -839,7 +818,6 @@ Máy chủ Đăng nhập tài khoản Đăng nhập - %1$s @ %2$s Thấy lần cuối Cập nhật Tên công khai @@ -871,7 +849,7 @@ Hiện thông báo tin đã đọc Hiện dấu thời gian theo chuẩn 12-giờ Hiện Dấu thời gian cho tất cả tin nhắn - Định dạng tin nhắn theo chuẩn Markdown trước khi gửi. + Định dạng tin nhắn bằng cú pháp của markdown trước khi chúng được gửi đi. Điều này cho phép định dạng nâng cao, chẳng hạn như sử dụng dấu hoa thị để hiển thị văn bản in nghiêng. Sử dụng định dạng Markdown Cho người dùng khác biết bạn đã gõ phím. Gửi thông báo đang gõ tin nhắn @@ -905,7 +883,6 @@ %d giây Thời gian chờ giữa 2 lần đồng bộ - Mã nhập vào không hợp lệ. Vui lòng kiểm tra. Chúng tôi vừa gửi email tới %1$s. \nClick vào đường link trong email để tiếp tục quá trình tạo tài khoản. @@ -1029,13 +1006,10 @@ Không Được đề cập và đúng từ khóa Tất cả tin - - Không có kết quả Lọc người dùng bị cấm Lọc thành viên phòng Tìm kiếm - %d được chọn @@ -1095,7 +1069,6 @@ Truy cập không gian Ai có quyền truy cập\? Vui lòng kiểm tra email và bấm vào liên kết trong đó. Một khi xong, bấm tiếp tục. - Sử dụng trình quản lý chung để quản lý bot, các cầu nối, widget và các gói nhãn dán. \nTrình quản lý chung sẽ nhận được dữ liệu hiệu chỉnh, và sẽ có thể điều chỉnh các widget, gửi lời mời vào phòng và thiết lập các mốc quyền lợi theo ý bạn. ${app_name} sẽ đồng bộ hóa dưới nền trong một khoảng thời gian nhất định (có thể điều chỉnh thời gian). @@ -1173,7 +1146,6 @@ hành động của bạn sẽ xóa họ khỏi không gian này. \n \nTrong trường hợp không muốn họ quay lại, bạn nên cấm họ tham gia lần nữa. - %d mục @@ -1202,10 +1174,8 @@ %d khóa mới vừa được thêm vào phiên này. - Đã khôi phục bản sao lưu với % d chìa khóa. + Đã khôi phục bản sao lưu với %d chìa khóa. - - %d widget hoạt động @@ -1221,7 +1191,6 @@ %d phòng - %d tin nhắn được thông báo chưa đọc @@ -1263,7 +1232,7 @@ Phát Tin nhắn Thoại Vuốt để hủy Ghi âm tin nhắn thoại - Xin lỗi, lỗi đã xảy ra trong khi cố gắng gia nhập: %s + Xin lỗi, đã có lỗi đã xảy ra trong khi cố gắng gia nhập: %s Nâng cấp lên phiên bản phòng được đề xuất Phòng này đang chạy phiên bản phòng %s, mà homeerver này đã đánh dấu là không ổn định. Bạn cần sự cho phép để nâng cấp một phòng @@ -1278,7 +1247,6 @@ Nâng cấp Hãy kiên nhẫn, có thể mất một thời gian. Tham gia phòng thay thế - Phòng không tên Một số phòng có thể bị ẩn vì chúng riêng tư và bạn cần một lời mời. Một số phòng có thể bị ẩn vì chúng riêng tư và bạn cần một lời mời. @@ -1541,13 +1509,13 @@ \n${app_name} Android ${app_name} Web \n${app_name} Desktop - Sử dụng ${app_name} mới nhất trên các thiết bị khác của bạn, Web ${app_name}, Máy tính để bàn ${app_name}, ${app_name} iOS, ${app_name} cho Android hoặc một máy khách Matrix có khả năng xác thực chéo khác + Sử dụng ${app_name} mới nhất trên các thiết bị khác của bạn, Web ${app_name}, Máy tính để bàn ${app_name}, iOS ${app_name}, ${app_name} cho Android hoặc một máy khách Matrix có khả năng xác thực chéo khác Đặt mật khẩu tài khoản mới… Không thể lưu tệp Media Bật thiết đặt này thêm FLAG_SECURE cho tất cả các Hoạt động. Khởi động lại ứng dụng để thay đổi có hiệu lực. Ngăn ảnh chụp màn hình của ứng dụng Khóa khôi phục Sao lưu Chính - Không biết cụm mật khẩu Sao lưu Khóa của bạn, bạn có thể %s. + Cụm Mã Khóa Sao lưu của bạn không xác định, bạn có thể %s. sử dụng khóa khôi phục Sao lưu Khóa của bạn Nhập chìa khóa Cụm mật khẩu Sao lưu của bạn để tiếp tục. Lưu trữ bí mật khóa sao lưu trong SSSS @@ -1593,7 +1561,6 @@ %1$d cuộc gọi đang hoạt động · - Gần xong! Thiết bị khác có hiển thị dấu tick không\? "Chủ đề: " Thêm chủ đề @@ -1613,7 +1580,6 @@ Nếu bạn hủy ngay bây giờ, bạn có thể mất tin nhắn và dữ liệu được mã hóa nếu bạn mất quyền truy cập vào thông tin đăng nhập của mình. \n \nBạn cũng có thể thiết lập Sao lưu Bảo mật và quản lý khóa của mình trong Cài đặt. - Sao chép nó vào bộ nhớ đám mây cá nhân của bạn Lưu nó trên khóa USB hoặc ổ đĩa sao lưu In nó và lưu trữ nó ở đâu đó an toàn @@ -1635,9 +1601,9 @@ Xác thực chéo không được bật Xác thực chéo được kích hoạt. \nCác khóa không đáng tin cậy - Xác thực chéo chéo được kích hoạt -\nChìa khóa được tin cậy. -\nKhóa riêng tư không được biết + Xác thực chéo được kích hoạt +\nCác mã khóa là đáng tin cậy. +\nCác khóa riêng tư không xác định Xác thực chéo được kích hoạt \nKhóa riêng trên thiết bị. Xác thực chéo @@ -1691,7 +1657,6 @@ \nTin nhắn của bạn được bảo mật bằng khóa và chỉ có bạn và người nhận có các khóa duy nhất để mở khóa chúng. Tin nhắn ở đây không được mã hóa đầu cuối. Tin nhắn trong phòng này không được mã hóa đầu cuối. - Đang chờ %s… Đã xác minh %s Xác minh %s @@ -1749,7 +1714,7 @@ Hiện thông tin debug trên màn hình ${app_name} có thể gặp sự cố thường xuyên hơn khi một lỗi bất ngờ xảy ra Thất bại nhanh - Chỉ hiển thị kết quả đầu tiên, nhập thêm chữ cái + Chỉ hiển thị kết quả đầu tiên, nhập thêm chữ cái… Các phiên khác Phiên hiện tại Cài đặt @@ -1848,8 +1813,6 @@ Nhập URL máy chủ xác thực Bạn có đồng ý gửi thông tin này không\? Để khám phá các liên hệ hiện có, bạn cần gửi thông tin liên hệ (email và số điện thoại) đến máy chủ nhận dạng của mình. Chúng tôi băm dữ liệu của bạn trước khi gửi cho quyền riêng tư. - - Gửi email và số điện thoại đến %s Đồng ý Thu hồi sự đồng ý của tôi @@ -1873,7 +1836,7 @@ Phiên bản Matrix SDK Nhập khóa e2e từ tệp \"%1$s\". Lỗi xảy ra khi nhận được dữ liệu sao lưu khóa - Lỗi xảy ra khi nhận được thông tin tin cậy + Lỗi xảy ra khi nhận được thông tin xác thực Căn phòng đã được tạo ra, nhưng một số lời mời đã không được gửi vì lý do sau: \n \n%s @@ -1917,11 +1880,8 @@ Lỗi không xác định %s muốn xác minh phiên của bạn Yêu cầu xác minh - - Đã nhận được Đã xác minh! - Chữ ký Thuật toán Phiên bản @@ -1934,7 +1894,6 @@ Không bao giờ mất tin nhắn được mã hóa Bảo vệ chống mất quyền truy cập vào tin nhắn và dữ liệu được mã hóa Sao lưu An toàn - Xóa khóa mã hóa đã sao lưu của bạn khỏi máy chủ\? Bạn sẽ không còn có thể sử dụng khóa khôi phục của mình để đọc lịch sử tin nhắn được mã hóa. Xóa Sao lưu Kiểm tra trạng thái sao lưu @@ -1964,7 +1923,7 @@ Mất chìa khóa phục hồi\? Bạn có thể thiết lập một cái mới trong cài đặt. Nhập Khóa Khôi phục Sử dụng Khóa Khôi phục của bạn để mở khóa lịch sử tin nhắn được mã hóa của bạn - Không biết cụm mật khẩu phục hồi của bạn, bạn có thể %s. + Cụm mật khẩu phục hồi của bạn chưa xác định, bạn có thể %s. sử dụng khóa khôi phục của bạn Sử dụng cụm mật khẩu khôi phục của bạn để mở khóa lịch sử tin nhắn được mã hóa của bạn Đang tìm phiên bản sao lưu… @@ -1980,7 +1939,6 @@ Có vẻ như bạn đã thiết lập bản sao lưu khóa từ một phiên khác. Bạn có muốn thay thế nó bằng cái mà bạn đang tạo ra không\? Một bản sao lưu đã tồn tại trên homeerver của bạn Khóa phục hồi đã được lưu. - Lưu dưới dạng Tệp Chia sẻ Lưu Khóa Khôi phục @@ -2051,7 +2009,7 @@ Bạn có chắc chắn muốn loại bỏ (xóa) sự kiện này không\? Lưu ý rằng nếu bạn xóa tên phòng hoặc thay đổi chủ đề, nó có thể hoàn tác thay đổi. Xác nhận Loại bỏ Gửi media với kích thước ban đầu - Bạn có muốn gửi phần đính kèm này đến %1$s không\? + Bạn có muốn gửi tệp đính kèm này đến %1$s\? Xóa… Không thể tìm thấy bí mật trong kho Nếu bạn không thể truy nhập phiên hiện có @@ -2065,7 +2023,7 @@ Kết nối với máy chủ đã bị mất Không - Gần xong! %s có hiển thị dấu tích không + Đã gần xong! %s Có hiển thị dấu tích không\? Mã QR Đặt lại khóa Khởi tạo xác thực chéo @@ -2202,7 +2160,8 @@ Thu hồi quyền truy cập cho tôi Mở trong trình duyệt Tải lại widget - Thất bại trong việc tải widget.%s + Thất bại trong việc tải widget. +\n%s Sử dụng nó có thể chia sẻ dữ liệu với %s: Sử dụng nó có thể đặt cookie và chia sẻ dữ liệu với %s: Widget này được thêm vào bởi: From 87c42898ee8fd8756fcfe76578ee5a523e7c5449 Mon Sep 17 00:00:00 2001 From: ariskotsomitopoulos Date: Fri, 6 May 2022 12:16:10 +0300 Subject: [PATCH 064/433] Add changelog --- changelog.d/5959.bugfix | 1 + 1 file changed, 1 insertion(+) create mode 100644 changelog.d/5959.bugfix diff --git a/changelog.d/5959.bugfix b/changelog.d/5959.bugfix new file mode 100644 index 0000000000..c4d20b7f39 --- /dev/null +++ b/changelog.d/5959.bugfix @@ -0,0 +1 @@ +Multiple threads improvement (mainly UI) From cf3d145cd69aebd89cd1575fe0ef82f5b96976a9 Mon Sep 17 00:00:00 2001 From: Onuray Sahin Date: Fri, 6 May 2022 13:21:33 +0300 Subject: [PATCH 065/433] Bind to screen sharing service after app killed and relaunched. --- .../im/vector/app/features/call/VectorCallActivity.kt | 9 ++++++++- .../call/webrtc/ScreenCaptureServiceConnection.kt | 4 +++- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/vector/src/main/java/im/vector/app/features/call/VectorCallActivity.kt b/vector/src/main/java/im/vector/app/features/call/VectorCallActivity.kt index e176102b82..a904658e9c 100644 --- a/vector/src/main/java/im/vector/app/features/call/VectorCallActivity.kt +++ b/vector/src/main/java/im/vector/app/features/call/VectorCallActivity.kt @@ -164,6 +164,9 @@ class VectorCallActivity : VectorBaseActivity(), CallContro } } } + + // Bind to service in case of user killed the app while there is an ongoing call + bindToScreenCaptureService() } override fun onNewIntent(intent: Intent?) { @@ -662,9 +665,13 @@ class VectorCallActivity : VectorBaseActivity(), CallContro this, Intent(this, ScreenCaptureService::class.java) ) + bindToScreenCaptureService(activityResult) + } + + private fun bindToScreenCaptureService(activityResult: ActivityResult? = null) { screenCaptureServiceConnection.bind(object : ScreenCaptureServiceConnection.Callback { override fun onServiceConnected() { - startScreenSharing(activityResult) + activityResult?.let { startScreenSharing(it) } } }) } diff --git a/vector/src/main/java/im/vector/app/features/call/webrtc/ScreenCaptureServiceConnection.kt b/vector/src/main/java/im/vector/app/features/call/webrtc/ScreenCaptureServiceConnection.kt index 7c5ae462b7..aa7c7f450a 100644 --- a/vector/src/main/java/im/vector/app/features/call/webrtc/ScreenCaptureServiceConnection.kt +++ b/vector/src/main/java/im/vector/app/features/call/webrtc/ScreenCaptureServiceConnection.kt @@ -38,7 +38,9 @@ class ScreenCaptureServiceConnection @Inject constructor( fun bind(callback: Callback) { this.callback = callback - if (!isBound) { + if (isBound) { + callback.onServiceConnected() + } else { Intent(context, ScreenCaptureService::class.java).also { intent -> context.bindService(intent, this, 0) } From bf8b534c82e3b19166b5f81913e8626417de142f Mon Sep 17 00:00:00 2001 From: Benoit Marty Date: Fri, 6 May 2022 15:31:58 +0200 Subject: [PATCH 066/433] Dependabot PR assign to the reviewers team --- .github/dependabot.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 0573461e7a..5c18ac4087 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -19,6 +19,6 @@ updates: interval: "daily" open-pull-requests-limit: 200 reviewers: - - "bmarty" + - "vector-im/element-android-reviewers" ignore: - dependency-name: com.google.zxing:core From 0138341486846115f134e68ed3ca96ff1c239bbd Mon Sep 17 00:00:00 2001 From: Benoit Marty Date: Fri, 6 May 2022 15:34:26 +0200 Subject: [PATCH 067/433] Also assign reviewers for the github-actions update --- .github/dependabot.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 5c18ac4087..b6746c77d3 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -10,6 +10,8 @@ updates: directory: "/" schedule: interval: "weekly" + reviewers: + - "vector-im/element-android-reviewers" ignore: - dependency-name: "*github-script*" # Updates for Gradle dependencies used in the app From e97cdb03fa9e92b88d57337b4c12c6369897e193 Mon Sep 17 00:00:00 2001 From: Adam Brown Date: Fri, 6 May 2022 16:19:06 +0100 Subject: [PATCH 068/433] updating the well known lookup to take into account certificate errors when triggered via the sign in with matrix id flow --- changelog.d/5965.sdk | 1 + .../auth/DefaultAuthenticationService.kt | 7 ++++++- .../sdk/internal/wellknown/GetWellknownTask.kt | 16 ++++++---------- 3 files changed, 13 insertions(+), 11 deletions(-) create mode 100644 changelog.d/5965.sdk diff --git a/changelog.d/5965.sdk b/changelog.d/5965.sdk new file mode 100644 index 0000000000..5bb6c3aac4 --- /dev/null +++ b/changelog.d/5965.sdk @@ -0,0 +1 @@ +Including SSL/TLS error handing when doing WellKnown lookups without a custom HomeServerConnectionConfig diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/auth/DefaultAuthenticationService.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/auth/DefaultAuthenticationService.kt index 946f882f1a..f1cfe3fee5 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/auth/DefaultAuthenticationService.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/auth/DefaultAuthenticationService.kt @@ -382,11 +382,16 @@ internal class DefaultAuthenticationService @Inject constructor( return getWellknownTask.execute( GetWellknownTask.Params( domain = matrixId.getDomain(), - homeServerConnectionConfig = homeServerConnectionConfig + homeServerConnectionConfig = homeServerConnectionConfig.orWellKnownDefaults() ) ) } + private fun HomeServerConnectionConfig?.orWellKnownDefaults() = this ?: HomeServerConnectionConfig.Builder() + // server uri is ignored when doing a wellknown lookup as we use the matrix id domain instead + .withHomeServerUri("https://dummy.org") + .build() + override suspend fun directAuthentication(homeServerConnectionConfig: HomeServerConnectionConfig, matrixId: String, password: String, diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/wellknown/GetWellknownTask.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/wellknown/GetWellknownTask.kt index 82ff9a321f..a6b398f6f5 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/wellknown/GetWellknownTask.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/wellknown/GetWellknownTask.kt @@ -43,7 +43,7 @@ internal interface GetWellknownTask : Task Date: Fri, 6 May 2022 18:23:58 +0200 Subject: [PATCH 069/433] Fixed dependabot --- build.gradle | 3 ++- library/jsonviewer/build.gradle | 2 +- matrix-sdk-android/build.gradle | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/build.gradle b/build.gradle index 1d86f482da..badc1da569 100644 --- a/build.gradle +++ b/build.gradle @@ -47,7 +47,8 @@ allprojects { apply plugin: "org.jlleitschuh.gradle.ktlint" repositories { - mavenCentral { + maven { + url 'https://repo1.maven.org/maven2' content { groups.mavenCentral.regex.each { includeGroupByRegex it } groups.mavenCentral.group.each { includeGroup it } diff --git a/library/jsonviewer/build.gradle b/library/jsonviewer/build.gradle index 0cad8ac171..d5486911bc 100644 --- a/library/jsonviewer/build.gradle +++ b/library/jsonviewer/build.gradle @@ -7,7 +7,7 @@ apply plugin: 'com.jakewharton.butterknife' buildscript { repositories { google() - mavenCentral() + maven { url 'https://repo1.maven.org/maven2' } } dependencies { classpath 'com.jakewharton:butterknife-gradle-plugin:10.2.3' diff --git a/matrix-sdk-android/build.gradle b/matrix-sdk-android/build.gradle index 65824476a0..f0a8e33124 100644 --- a/matrix-sdk-android/build.gradle +++ b/matrix-sdk-android/build.gradle @@ -7,7 +7,7 @@ apply plugin: "org.jetbrains.dokka" buildscript { repositories { - mavenCentral() + maven { url 'https://repo1.maven.org/maven2' } } dependencies { classpath "io.realm:realm-gradle-plugin:10.9.0" From 83f8c3144889a27d58a86ca03387c2874f4d49c0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Priit=20J=C3=B5er=C3=BC=C3=BCt?= Date: Wed, 4 May 2022 19:47:50 +0000 Subject: [PATCH 070/433] Translated using Weblate (Estonian) Currently translated at 100.0% (59 of 59 strings) Translation: Element Android/Element Android Store Translate-URL: https://translate.element.io/projects/element-android/element-store/et/ --- fastlane/metadata/android/et/changelogs/40104120.txt | 2 ++ fastlane/metadata/android/et/changelogs/40104130.txt | 2 ++ 2 files changed, 4 insertions(+) create mode 100644 fastlane/metadata/android/et/changelogs/40104120.txt create mode 100644 fastlane/metadata/android/et/changelogs/40104130.txt diff --git a/fastlane/metadata/android/et/changelogs/40104120.txt b/fastlane/metadata/android/et/changelogs/40104120.txt new file mode 100644 index 0000000000..1a7d3ae979 --- /dev/null +++ b/fastlane/metadata/android/et/changelogs/40104120.txt @@ -0,0 +1,2 @@ +Põhilised muutused selles versioonis: kasutajate võrguolekud ning helisõnumite esitaja. +Kogu ingliskeelne muudatuste logi: https://github.com/vector-im/element-android/releases diff --git a/fastlane/metadata/android/et/changelogs/40104130.txt b/fastlane/metadata/android/et/changelogs/40104130.txt new file mode 100644 index 0000000000..1a7d3ae979 --- /dev/null +++ b/fastlane/metadata/android/et/changelogs/40104130.txt @@ -0,0 +1,2 @@ +Põhilised muutused selles versioonis: kasutajate võrguolekud ning helisõnumite esitaja. +Kogu ingliskeelne muudatuste logi: https://github.com/vector-im/element-android/releases From 6a4f41345942aee81f2e3df5d204fa3c75b28d79 Mon Sep 17 00:00:00 2001 From: trongtran810 Date: Thu, 5 May 2022 17:05:07 +0000 Subject: [PATCH 071/433] Translated using Weblate (Vietnamese) Currently translated at 92.9% (2068 of 2224 strings) Translation: Element Android/Element Android App Translate-URL: https://translate.element.io/projects/element-android/element-app/vi/ --- vector/src/main/res/values-vi/strings.xml | 28 +++++++++++------------ 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/vector/src/main/res/values-vi/strings.xml b/vector/src/main/res/values-vi/strings.xml index 1697dcfc7c..3fff1fa34f 100644 --- a/vector/src/main/res/values-vi/strings.xml +++ b/vector/src/main/res/values-vi/strings.xml @@ -371,7 +371,7 @@ %d thành viên Nhảy đến tin nhắn chưa đọc. - Liệt kê các thành viên + Các thành viên Từ chối Tham gia Xoá @@ -563,10 +563,10 @@ Được tối ưu cho pin Bạn sẽ không nhận được thông báo khi được đề cập tới trong phòng chat mã hóa trên mobile. Nâng cấp phòng - Tin nhắn gửi bởi bot - Lời mời cuộc gọi - Lời mời vào phòng - Từ khóa + Các tin nhắn gửi bởi bot + Các lời mời cuộc gọi + Các lời mời vào phòng + Các từ khóa \@room Tin nhắn trong chat nhóm được mã hóa Tin nhắn trong chat nhóm @@ -841,7 +841,7 @@ Rung khi đề cập tên người dùng Bao gồm thay đổi tên hiển thị và hình đại diện. Hiện các sự kiện của tài khoản - Sự kiện mời, loại hoặc cấm thành viên không bị ảnh hưởng. + Sự kiện mời, gỡ hoặc cấm thành viên không bị ảnh hưởng. Hiện sự kiện tham gia hoặc rời phòng Gõ lệnh /confetti hoặc gửi tin chứa ❄️ hoặc 🎉 Hiện hiệu ứng chat @@ -1049,7 +1049,7 @@ %1$s & %2$s đang gõ… %s đang gõ… Việc hủy cấm người dùng sẽ cho phép họ tham gia lại phòng. - Việc cấm người dùng sẽ đá họ ra khỏi phòng này và ngăn họ tham gia lại. + Việc cấm người dùng sẽ gỡ họ ra khỏi phòng này và ngăn họ tham gia lại. Hủy cấm người dùng Lý do cấm Cấm người dùng @@ -1061,7 +1061,7 @@ Bạn có chắc bạn muốn hủy lời mời đối với người dùng này không\? Hủy lời mời Hủy làm ngơ - Việc hủy làm ngơ người dùng này sẽ hiện lại tất cả tin nhắn từ họ. + Việc bỏ làm ngơ người dùng này sẽ hiện lại tất cả tin nhắn từ họ. Cuộc gọi âm thanh với %s Cuộc gọi video với %s Cuộc gọi đang reo… @@ -1142,7 +1142,7 @@ Chứng chỉ đã bị thay đổi từ một thiết bị được tin cậy của bạn. Điều này RẤT BẤT THƯỜNG. Chúng tôi khuyên bạn KHÔNG NÊN CHẤP NHẬN chứng chỉ mới này. Nếu quản trị viên của máy chủ đã nói rằng điều này có thể xảy ra, hãy chắc chắn rằng dấu vân tay phía dưới trùng với dấu vân tay được họ cung cấp. Hủy cấm người dùng sẽ cho phép họ tham gia không gian này lần nữa. - Cấm người dùng này sẽ đá họ khỏi không gian này và ngăn chặn họ tiếp tục tham gia. + Cấm người dùng này sẽ gỡ họ khỏi không gian này và ngăn chặn họ tiếp tục tham gia. hành động của bạn sẽ xóa họ khỏi không gian này. \n \nTrong trường hợp không muốn họ quay lại, bạn nên cấm họ tham gia lần nữa. @@ -1279,7 +1279,7 @@ Bạn sẽ không thể tham gia lại trừ khi bạn được mời lại. Bạn là người duy nhất ở đây. Nếu bạn rời đi, sẽ không ai có thể tham gia trong tương lai, kể cả bạn Bạn có chắc chắn muốn rời khỏi %s không\? - Rời khỏi Space + Rời khỏi Thêm phòng Khám phá phòng Khám phá (%s) @@ -1288,7 +1288,7 @@ Hoàn tất việc cài đặt khám phá. Hiện tại bạn không sử dụng máy chủ xác thực. Để mời đồng đội và có thể khám phá bởi họ, hãy cấu hình một bên dưới. Tham gia Space - Tạo Space + Tạo space Bỏ qua ngay bây giờ Gia nhập Space của tôi %1$s %2$s Mời theo tên người dùng hoặc thư @@ -1319,14 +1319,14 @@ Tôi và các đồng đội Một Space riêng tư để sắp xếp các phòng của bạn Chỉ tôi - Đảm bảo đúng người có quyền truy nhập vào %s. Bạn có thể thay đổi điều này sau. + Đảm bảo đúng người có quyền truy nhập vào %s. Bạn làm việc với ai\? Để tham gia một Space hiện có, bạn cần một lời mời. Bạn có thể thay đổi điều này sau Bạn muốn tạo ra loại Space nào\? Space riêng tư của bạn Space công cộng của bạn - Thêm Space + Thêm space Space riêng tư Space công cộng Tin nhắn gửi thất bại @@ -1544,7 +1544,7 @@ Kết quả cuối cùng dựa trên %1$d phiếu bầu - Đã bỏ %1$d phiếu bầu. Bỏ phiếu để xem kết quả + %1$d phiếu bầu. Bỏ phiếu để xem kết quả Dựa trên %1$d phiếu bầu From 35bdc0acb66dab8abccb797a1bb60c3fd5ab72b9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ng=C3=B4=20Ng=E1=BB=8Dc=20=C4=90=E1=BB=A9c=20Huy?= Date: Thu, 5 May 2022 16:57:08 +0000 Subject: [PATCH 072/433] Translated using Weblate (Vietnamese) Currently translated at 92.9% (2068 of 2224 strings) Translation: Element Android/Element Android App Translate-URL: https://translate.element.io/projects/element-android/element-app/vi/ --- vector/src/main/res/values-vi/strings.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vector/src/main/res/values-vi/strings.xml b/vector/src/main/res/values-vi/strings.xml index 3fff1fa34f..47d3640c82 100644 --- a/vector/src/main/res/values-vi/strings.xml +++ b/vector/src/main/res/values-vi/strings.xml @@ -153,7 +153,7 @@ Chương trình đã gặp sự cố lần trước. Bạn có muốn mở trang tường thuật sự cố không\? Tiến độ (%s%%) Gửi nhật ký dừng đột ngột - Gửi logs + Gửi log Gửi Quản lý cài đặt khám phá của bạn. Khám phá From 1e13fac37548fd6edd1d0ab6d38fe1510e32c944 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Priit=20J=C3=B5er=C3=BC=C3=BCt?= Date: Wed, 4 May 2022 19:59:02 +0000 Subject: [PATCH 073/433] Translated using Weblate (Estonian) Currently translated at 100.0% (2224 of 2224 strings) Translation: Element Android/Element Android App Translate-URL: https://translate.element.io/projects/element-android/element-app/et/ --- vector/src/main/res/values-et/strings.xml | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/vector/src/main/res/values-et/strings.xml b/vector/src/main/res/values-et/strings.xml index 79eee81fa9..29d098620a 100644 --- a/vector/src/main/res/values-et/strings.xml +++ b/vector/src/main/res/values-et/strings.xml @@ -743,9 +743,7 @@ \nÜldistest seadistustest saad seda alati muuta. Eira selle kasutaja sõnumeid Lõpeta selle kasutaja eiramine - Selle kasutaja eiramise lõpetamine teeb tema sõnumid uuesti nähtavaks. -\n -\nPalun arvesta, et samaga käivitud rakendub uuesti ning andmete sünkroniseerimiseks kulub natuke aega. + Selle kasutaja eiramise lõpetamine teeb tema sõnumid uuesti nähtavaks. Lõpeta eiramine Tühista kutse Kas oled kindel et sa soovid tühistada kutse sellele kasutajale\? @@ -971,9 +969,7 @@ Salasõna uuendamine ei õnnestunud Salasõna ei ole sobilik Sinu salasõna on muudetud - Kas sa soovid näha kasutaja %s kõiki sõnumeid\? -\n -\nPane tähele, et antud toiming taaskäivitab rakenduse ja see võib võtta veidi aega. + Kas sa soovid näha kasutaja %s kõiki sõnumeid\? Vali riik Eksporditavate võtmete krüptimiseks palun sisesta paroolifraas. Võtmete importimisel pead kasutama sama paroolifraasi. Võtmete eksportimine õnnestus @@ -2487,4 +2483,14 @@ Proovi nüüd Jutulõngad on hetkel arendusjärgus funktsionaalsus ning samaga lisandub ka senisest parem versioon teavitustest. Me hea meelega tahaksime kuulda, mida sa nendest muutustest arvad! Jutulõngad aitavad hoida sinu vestlusi teemakohastena ning kergesti jälgitavatena.%sJutulõngade kasutusele võtmisel laadime rakenduse uuesti. Kui sul on väga mahukad kontod, siis võib natuke aega kuluda. + Ekraanijagamine on hetkel kasutusel + ${app_name} ekraanijagamine + Lõpeta ekraani jagamine + Jaga ekraani + - Sa oled lõpetanud mõnede kasutajate eiramise + ${app_name} peab andmete korrektsuse tagamiseks kustutama puhverdatud teabe. Toimingu põhjus on: +\n%s +\n +\nPalun arvesta, et selle käigus rakendus käivitub uuesti ja see võib aega võtta. + Alusandmete sünkroniseerimise päring \ No newline at end of file From 95e7ca544bfc8cb375b7bf45e882de3340a47db6 Mon Sep 17 00:00:00 2001 From: libexus Date: Wed, 4 May 2022 17:20:01 +0000 Subject: [PATCH 074/433] Translated using Weblate (German) Currently translated at 96.9% (2156 of 2224 strings) Translation: Element Android/Element Android App Translate-URL: https://translate.element.io/projects/element-android/element-app/de/ --- vector/src/main/res/values-de/strings.xml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/vector/src/main/res/values-de/strings.xml b/vector/src/main/res/values-de/strings.xml index d463276bb1..2086914c9d 100644 --- a/vector/src/main/res/values-de/strings.xml +++ b/vector/src/main/res/values-de/strings.xml @@ -2429,4 +2429,11 @@ Live-Standort teilen Threads nähern sich der Beta 🎉 Deaktivieren + BETA + Feedback geben + BETA + Threads Beta + Threads Beta + Bildschirm teilen + Ausprobieren \ No newline at end of file From 0080ae494f65d14fe0dcab020b70793138eb98ba Mon Sep 17 00:00:00 2001 From: libexus Date: Wed, 4 May 2022 17:18:17 +0000 Subject: [PATCH 075/433] Translated using Weblate (German) Currently translated at 100.0% (59 of 59 strings) Translation: Element Android/Element Android Store Translate-URL: https://translate.element.io/projects/element-android/element-store/de/ --- fastlane/metadata/android/de-DE/changelogs/40104060.txt | 2 ++ fastlane/metadata/android/de-DE/changelogs/40104070.txt | 2 ++ fastlane/metadata/android/de-DE/changelogs/40104080.txt | 2 ++ fastlane/metadata/android/de-DE/changelogs/40104100.txt | 2 ++ fastlane/metadata/android/de-DE/changelogs/40104110.txt | 2 ++ fastlane/metadata/android/de-DE/changelogs/40104120.txt | 2 ++ fastlane/metadata/android/de-DE/changelogs/40104130.txt | 2 ++ 7 files changed, 14 insertions(+) create mode 100644 fastlane/metadata/android/de-DE/changelogs/40104060.txt create mode 100644 fastlane/metadata/android/de-DE/changelogs/40104070.txt create mode 100644 fastlane/metadata/android/de-DE/changelogs/40104080.txt create mode 100644 fastlane/metadata/android/de-DE/changelogs/40104100.txt create mode 100644 fastlane/metadata/android/de-DE/changelogs/40104110.txt create mode 100644 fastlane/metadata/android/de-DE/changelogs/40104120.txt create mode 100644 fastlane/metadata/android/de-DE/changelogs/40104130.txt diff --git a/fastlane/metadata/android/de-DE/changelogs/40104060.txt b/fastlane/metadata/android/de-DE/changelogs/40104060.txt new file mode 100644 index 0000000000..17cfdd26cc --- /dev/null +++ b/fastlane/metadata/android/de-DE/changelogs/40104060.txt @@ -0,0 +1,2 @@ +Hauptänderungen: Threads sind jetzt schneller, Fehlerbehebungen. +Alle Änderungen: https://github.com/vector-im/element-android/releases diff --git a/fastlane/metadata/android/de-DE/changelogs/40104070.txt b/fastlane/metadata/android/de-DE/changelogs/40104070.txt new file mode 100644 index 0000000000..30da225add --- /dev/null +++ b/fastlane/metadata/android/de-DE/changelogs/40104070.txt @@ -0,0 +1,2 @@ +Änderungen: Fehlerbehebungen +Alle Änderungen: https://github.com/vector-im/element-android/releases/tag/v1.4.7 diff --git a/fastlane/metadata/android/de-DE/changelogs/40104080.txt b/fastlane/metadata/android/de-DE/changelogs/40104080.txt new file mode 100644 index 0000000000..902e1d27f7 --- /dev/null +++ b/fastlane/metadata/android/de-DE/changelogs/40104080.txt @@ -0,0 +1,2 @@ +Hauptänderungen: Schnellere Threads, Fehlerbehebungen. +Alle Änderungen: https://github.com/vector-im/element-android/releases diff --git a/fastlane/metadata/android/de-DE/changelogs/40104100.txt b/fastlane/metadata/android/de-DE/changelogs/40104100.txt new file mode 100644 index 0000000000..2de5ec1d6a --- /dev/null +++ b/fastlane/metadata/android/de-DE/changelogs/40104100.txt @@ -0,0 +1,2 @@ +Hauptänderungen: Scrollen in Sprachnachrichten, Fehlerbehebungen. +Alle Änderungen: https://github.com/vector-im/element-android/releases diff --git a/fastlane/metadata/android/de-DE/changelogs/40104110.txt b/fastlane/metadata/android/de-DE/changelogs/40104110.txt new file mode 100644 index 0000000000..bde9f04e11 --- /dev/null +++ b/fastlane/metadata/android/de-DE/changelogs/40104110.txt @@ -0,0 +1,2 @@ +Änderungen: Fehlerbehebungen und Stabilitätsverbesserungen +Alle Änderungen: https://github.com/vector-im/element-android/releases diff --git a/fastlane/metadata/android/de-DE/changelogs/40104120.txt b/fastlane/metadata/android/de-DE/changelogs/40104120.txt new file mode 100644 index 0000000000..e0ce944874 --- /dev/null +++ b/fastlane/metadata/android/de-DE/changelogs/40104120.txt @@ -0,0 +1,2 @@ +Hauptänderungen: Nutzer können ihren Status auf „Offline“ setzen, Gesendete Audiodateien können nun in der App abgespielt werden +Alle Änderungen: https://github.com/vector-im/element-android/releases diff --git a/fastlane/metadata/android/de-DE/changelogs/40104130.txt b/fastlane/metadata/android/de-DE/changelogs/40104130.txt new file mode 100644 index 0000000000..e0ce944874 --- /dev/null +++ b/fastlane/metadata/android/de-DE/changelogs/40104130.txt @@ -0,0 +1,2 @@ +Hauptänderungen: Nutzer können ihren Status auf „Offline“ setzen, Gesendete Audiodateien können nun in der App abgespielt werden +Alle Änderungen: https://github.com/vector-im/element-android/releases From 5bb725a21e9551063c0105a4496a43e92daaf576 Mon Sep 17 00:00:00 2001 From: Ildar Nigamatov Date: Fri, 6 May 2022 11:06:30 +0000 Subject: [PATCH 076/433] Translated using Weblate (Russian) Currently translated at 96.4% (2145 of 2224 strings) Translation: Element Android/Element Android App Translate-URL: https://translate.element.io/projects/element-android/element-app/ru/ --- vector/src/main/res/values-ru/strings.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vector/src/main/res/values-ru/strings.xml b/vector/src/main/res/values-ru/strings.xml index 9a925ecaa7..617b449027 100644 --- a/vector/src/main/res/values-ru/strings.xml +++ b/vector/src/main/res/values-ru/strings.xml @@ -2444,7 +2444,7 @@ Не могу связаться с домашним сервером на URL %s. Пожалуйста, проверьте вашу ссылку или выберите домашний сервер вручную. Не сейчас Включить - Слежка за уведомлениями + Поиск уведомлений Вам не разрешено подключаться к этой комнате Организуйте обсуждение с помощью веток Показать все ветки, в которых вы участвуете From e088b503e1146a7d523f9ca0713401fca1e1e30d Mon Sep 17 00:00:00 2001 From: waclaw66 Date: Wed, 4 May 2022 21:16:07 +0000 Subject: [PATCH 077/433] Translated using Weblate (Czech) Currently translated at 100.0% (2224 of 2224 strings) Translation: Element Android/Element Android App Translate-URL: https://translate.element.io/projects/element-android/element-app/cs/ --- vector/src/main/res/values-cs/strings.xml | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/vector/src/main/res/values-cs/strings.xml b/vector/src/main/res/values-cs/strings.xml index 61be21b7bf..19742aa389 100644 --- a/vector/src/main/res/values-cs/strings.xml +++ b/vector/src/main/res/values-cs/strings.xml @@ -610,9 +610,7 @@ Aktualizace hesla se nezdařila Heslo není správné Vaše heslo bylo aktualizováno - Ukázat všechny zprávy od %s\? -\n -\nPřipomínám, že tato akce restartuje aplikaci a může chvíli trvat. + Ukázat všechny zprávy od %s\? Vybrat zemi Média Výchozí komprese @@ -1566,9 +1564,7 @@ \n \nMůžete tuto akci kdykoli zvrátit v obecných nastaveních. Odignorovat uživatele - Zrušení ignorování tohoto uživatele opět ukáže všechny jejich zprávy. -\n -\nTato akce povede k restartování aplikace a může trvat nějakou dobu. + Zrušení ignorování tohoto uživatele opět ukáže všechny jejich zprávy. Zrušit pozvánku Jste si jisti, že chcete zrušit pozvánku tomuto uživateli\? Vykopnout uživatele @@ -2534,4 +2530,14 @@ Vlákna Beta Zjistit více Vyzkoušet to + Probíhá sdílení obrazovky + Sdílení obrazovky aplikace ${app_name} + Zastavit sdílení obrazovky + Sdílet obrazovku + - Některý uživatelům bylo zrušeno ignorování + ${app_name} potřebuje vymazat mezipaměť, aby byla aktuální, a to z následujícího důvodu: +\n%s +\n +\nTato akce povede k restartování aplikace a může trvat nějakou dobu. + Požadavek na počáteční synchronizaci \ No newline at end of file From f1c9e63002ceb0f7c3ba65ba5c8d7759a815863a Mon Sep 17 00:00:00 2001 From: lvre <7uu3qrbvm@relay.firefox.com> Date: Thu, 5 May 2022 04:24:55 +0000 Subject: [PATCH 078/433] Translated using Weblate (Portuguese (Brazil)) Currently translated at 100.0% (59 of 59 strings) Translation: Element Android/Element Android Store Translate-URL: https://translate.element.io/projects/element-android/element-store/pt_BR/ --- fastlane/metadata/android/pt-BR/changelogs/40104120.txt | 2 ++ fastlane/metadata/android/pt-BR/changelogs/40104130.txt | 2 ++ 2 files changed, 4 insertions(+) create mode 100644 fastlane/metadata/android/pt-BR/changelogs/40104120.txt create mode 100644 fastlane/metadata/android/pt-BR/changelogs/40104130.txt diff --git a/fastlane/metadata/android/pt-BR/changelogs/40104120.txt b/fastlane/metadata/android/pt-BR/changelogs/40104120.txt new file mode 100644 index 0000000000..f77d426d99 --- /dev/null +++ b/fastlane/metadata/android/pt-BR/changelogs/40104120.txt @@ -0,0 +1,2 @@ +Principais mudanças nesta versão: Permite usuárias(os) aparecer offline e adiciona um tocador de áudio para anexos de áudio +Changelog completo: https://github.com/vector-im/element-android/releases diff --git a/fastlane/metadata/android/pt-BR/changelogs/40104130.txt b/fastlane/metadata/android/pt-BR/changelogs/40104130.txt new file mode 100644 index 0000000000..f77d426d99 --- /dev/null +++ b/fastlane/metadata/android/pt-BR/changelogs/40104130.txt @@ -0,0 +1,2 @@ +Principais mudanças nesta versão: Permite usuárias(os) aparecer offline e adiciona um tocador de áudio para anexos de áudio +Changelog completo: https://github.com/vector-im/element-android/releases From ec0e6691af82df70b688edcbbd9f5b1b8f1cce49 Mon Sep 17 00:00:00 2001 From: anoloth Date: Thu, 5 May 2022 22:06:14 +0000 Subject: [PATCH 079/433] Translated using Weblate (Lao) Currently translated at 100.0% (59 of 59 strings) Translation: Element Android/Element Android Store Translate-URL: https://translate.element.io/projects/element-android/element-store/lo/ --- fastlane/metadata/android/lo/changelogs/40104120.txt | 2 ++ fastlane/metadata/android/lo/changelogs/40104130.txt | 2 ++ 2 files changed, 4 insertions(+) create mode 100644 fastlane/metadata/android/lo/changelogs/40104120.txt create mode 100644 fastlane/metadata/android/lo/changelogs/40104130.txt diff --git a/fastlane/metadata/android/lo/changelogs/40104120.txt b/fastlane/metadata/android/lo/changelogs/40104120.txt new file mode 100644 index 0000000000..36c6d678f7 --- /dev/null +++ b/fastlane/metadata/android/lo/changelogs/40104120.txt @@ -0,0 +1,2 @@ +ການປ່ຽນແປງຫຼັກໃນສະບັບນີ້: ໃຫ້ຜູ້ໃຊ້ສາມາດສະແດງຕົວເປັນ offline ແລະສາມາດຫຼິ້ນສຽງໄດ້ສຳລັບການແນບສຽງ +ບັນທຶກການປ່ຽນແປງສະບັບເຕັມ: https://github.com/vector-im/element-android/releases diff --git a/fastlane/metadata/android/lo/changelogs/40104130.txt b/fastlane/metadata/android/lo/changelogs/40104130.txt new file mode 100644 index 0000000000..36c6d678f7 --- /dev/null +++ b/fastlane/metadata/android/lo/changelogs/40104130.txt @@ -0,0 +1,2 @@ +ການປ່ຽນແປງຫຼັກໃນສະບັບນີ້: ໃຫ້ຜູ້ໃຊ້ສາມາດສະແດງຕົວເປັນ offline ແລະສາມາດຫຼິ້ນສຽງໄດ້ສຳລັບການແນບສຽງ +ບັນທຶກການປ່ຽນແປງສະບັບເຕັມ: https://github.com/vector-im/element-android/releases From 725f2c97a1751f13dd033b97ac7505c7dd608b20 Mon Sep 17 00:00:00 2001 From: Danial Behzadi Date: Wed, 4 May 2022 18:06:11 +0000 Subject: [PATCH 080/433] Translated using Weblate (Persian) Currently translated at 100.0% (59 of 59 strings) Translation: Element Android/Element Android Store Translate-URL: https://translate.element.io/projects/element-android/element-store/fa/ --- fastlane/metadata/android/fa/changelogs/40104120.txt | 2 ++ fastlane/metadata/android/fa/changelogs/40104130.txt | 2 ++ 2 files changed, 4 insertions(+) create mode 100644 fastlane/metadata/android/fa/changelogs/40104120.txt create mode 100644 fastlane/metadata/android/fa/changelogs/40104130.txt diff --git a/fastlane/metadata/android/fa/changelogs/40104120.txt b/fastlane/metadata/android/fa/changelogs/40104120.txt new file mode 100644 index 0000000000..4f730e52dc --- /dev/null +++ b/fastlane/metadata/android/fa/changelogs/40104120.txt @@ -0,0 +1,2 @@ +تغییرات عمده در این نگارش: اجازه به کاربران برای برون‌خط ظاهر شدن و افزودن یک پخش‌کنندهٔ صدا برای پیوست‌های صوتی +گزارش دگرگونی کامل: https://github.com/vector-im/element-android/releases diff --git a/fastlane/metadata/android/fa/changelogs/40104130.txt b/fastlane/metadata/android/fa/changelogs/40104130.txt new file mode 100644 index 0000000000..4f730e52dc --- /dev/null +++ b/fastlane/metadata/android/fa/changelogs/40104130.txt @@ -0,0 +1,2 @@ +تغییرات عمده در این نگارش: اجازه به کاربران برای برون‌خط ظاهر شدن و افزودن یک پخش‌کنندهٔ صدا برای پیوست‌های صوتی +گزارش دگرگونی کامل: https://github.com/vector-im/element-android/releases From d2454e37a88db552cf0f56df507e44fa561d1827 Mon Sep 17 00:00:00 2001 From: Ihor Hordiichuk Date: Wed, 4 May 2022 22:52:29 +0000 Subject: [PATCH 081/433] Translated using Weblate (Ukrainian) Currently translated at 100.0% (2224 of 2224 strings) Translation: Element Android/Element Android App Translate-URL: https://translate.element.io/projects/element-android/element-app/uk/ --- vector/src/main/res/values-uk/strings.xml | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/vector/src/main/res/values-uk/strings.xml b/vector/src/main/res/values-uk/strings.xml index 85900a392e..9696e0af0f 100644 --- a/vector/src/main/res/values-uk/strings.xml +++ b/vector/src/main/res/values-uk/strings.xml @@ -333,9 +333,7 @@ Новий пароль Не вдалося оновити пароль Пароль успішно оновлено - Показувати всі повідомлення %s\? -\n -\nЗауважте, що це перезавантажить застосунок та може тривати деякий час. + Показувати всі повідомлення %s\? Оберіть країну 3 дні 1 тиждень @@ -1002,9 +1000,7 @@ Вилучити користувача Ви впевнені, що бажаєте скасувати запрошення для цього користувача\? Скасувати запрошення - Якщо перестати нехтувати цього користувача, усі його повідомлення стануть знову видимими. -\n -\nЗауважте, що ця дія перезапустить застосунок, а це може тривати деякий час. + Якщо перестати нехтувати цього користувача, усі його повідомлення стануть знову видимими. Рознехтувати користувача Нехтування цього користувача призведе до вилучення його повідомлень з усіх спільних кімнат. \n @@ -2579,4 +2575,14 @@ Треди бета Докладніше Спробувати + Триває трансляція з екрана + Трансляція з екрана ${app_name} + Припинити ділитися екраном + Поділитися екраном + - Деякі користувачі нехтуються + Щоб оновитися, ${app_name} потребує очищення кешу з такої причини: +\n%s +\n +\nЗауважте, що ця дія перезапустить застосунок, і це може тривати деякий час. + Початковий запит синхронізації \ No newline at end of file From d03e3d6cc43d03cec61c7587ade77ac4b4782617 Mon Sep 17 00:00:00 2001 From: Linerly Date: Thu, 5 May 2022 05:48:29 +0000 Subject: [PATCH 082/433] Translated using Weblate (Indonesian) Currently translated at 100.0% (2224 of 2224 strings) Translation: Element Android/Element Android App Translate-URL: https://translate.element.io/projects/element-android/element-app/id/ --- vector/src/main/res/values-in/strings.xml | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/vector/src/main/res/values-in/strings.xml b/vector/src/main/res/values-in/strings.xml index f0533eba10..c38e8966c7 100644 --- a/vector/src/main/res/values-in/strings.xml +++ b/vector/src/main/res/values-in/strings.xml @@ -361,9 +361,7 @@ Di masa mendatang proses verifikasi ini akan dimutakhirkan. Sandi baru Gagal memperbaharui kata sandi Kata sandi Anda telah diperbaharui - Tunjukkan semua pesan dari %s\? -\n -\nMohon perhatikan bahwa tindakan ini akan me-restart aplikasi dan mungkin akan membutuhkan waktu. + Tampilkan semua pesan dari %s\? Pilih negara Flair 3 hari @@ -590,9 +588,7 @@ Di masa mendatang proses verifikasi ini akan dimutakhirkan. Keluarkan pengguna Apakah Anda yakin ingin membatalkan undangan untuk pengguna ini\? Batalkan undangan - Membatalkan abaian pengguna ini akan menampilkan semua pesan dari mereka. -\n -\nDicatat bahwa tindakan ini akan memulai ulang aplikasi dan mungkin membutuhkan beberapa waktu. + Membatalkan abaian pengguna ini akan menampilkan semua pesan dari mereka. Batal pengabaian pengguna Mengabaikan pengguna ini akan menghilangkan pesan mereka dari ruangan yang Anda bagikan. \n @@ -2442,4 +2438,14 @@ Di masa mendatang proses verifikasi ini akan dimutakhirkan. Utasan Beta Pelajari lebih lanjut Coba + Sedang membagikan layar + Pembagian Layar ${app_name} + Berhenti membagikan layar + Bagikan layar + - Beberapa pengguna telah dibatalkan pengabaiannya + ${app_name} membutuhkan sebuah penghapusan cache supaya bisa diperbarui, untuk alasan berikut: +\n%s +\n +\nDicatat bahwa tindakan ini akan memulai ulang aplikasinya dan mungkin membutuhkan beberapa waktu. + Permintaan sinkronisasi awal \ No newline at end of file From 99c6cda2fda6045172c8f69c82f46594f2f1f1c0 Mon Sep 17 00:00:00 2001 From: random Date: Thu, 5 May 2022 08:58:52 +0000 Subject: [PATCH 083/433] Translated using Weblate (Italian) Currently translated at 100.0% (2224 of 2224 strings) Translation: Element Android/Element Android App Translate-URL: https://translate.element.io/projects/element-android/element-app/it/ --- vector/src/main/res/values-it/strings.xml | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/vector/src/main/res/values-it/strings.xml b/vector/src/main/res/values-it/strings.xml index 66fff2077e..096776a9a4 100644 --- a/vector/src/main/res/values-it/strings.xml +++ b/vector/src/main/res/values-it/strings.xml @@ -410,9 +410,7 @@ Nuova password L\'aggiornamento della password è fallito La tua password è stata aggiornata - Mostra tutti i messaggi di %s\? -\n -\nTieni presente che questa azione riavvierà l\'app e ciò potrebbe richiedere molto tempo. + Mostrare tutti i messaggi di %s\? Scegli un paese 3 giorni 1 settimana @@ -1519,9 +1517,7 @@ \n \nPuoi annullare questa azione in qualsiasi momento nelle impostazioni generali. Non ignorare più - Se non ignori più l\'utente vedrai di nuovo tutti i suoi messaggi. -\n -\nNota che quest\'azione riavvierà l\'app e potrebbe richiedere del tempo. + Se non ignori più l\'utente vedrai di nuovo tutti i suoi messaggi. Annulla invito Sei sicuro di voler annullare l\'invito per questo utente\? Butta fuori l\'utente @@ -2478,4 +2474,14 @@ Beta conversazioni Maggiori informazioni Provalo + Stai condividendo lo schermo + ${app_name} - Condivisione schermo + Ferma condivisione schermo + Condividi schermo + - Alcuni utenti non vengono più ignorati + ${app_name} ha bisogno di eseguire una pulizia della cache per aggiornarsi, per il seguente motivo: +\n%s +\n +\nNota che questa azione riavvierà l\'app e potrebbe richiedere del tempo. + Richiesta di sincronizzazione iniziale \ No newline at end of file From 25122db3dadec31242e8d1225c46eb81f8d0f85f Mon Sep 17 00:00:00 2001 From: Jozef Gaal Date: Wed, 4 May 2022 20:04:55 +0000 Subject: [PATCH 084/433] Translated using Weblate (Slovak) Currently translated at 100.0% (2224 of 2224 strings) Translation: Element Android/Element Android App Translate-URL: https://translate.element.io/projects/element-android/element-app/sk/ --- vector/src/main/res/values-sk/strings.xml | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/vector/src/main/res/values-sk/strings.xml b/vector/src/main/res/values-sk/strings.xml index a2c1404d2f..23e37acb67 100644 --- a/vector/src/main/res/values-sk/strings.xml +++ b/vector/src/main/res/values-sk/strings.xml @@ -368,9 +368,7 @@ Nové heslo Nepodarilo sa zmeniť heslo Vaše heslo bolo aktualizované - Zobraziť všetky správy od %s\? -\n -\nUpozorňujeme, že táto akcia spôsobí reštart aplikácie a môže chvíľu trvať. + Zobraziť všetky správy od %s\? Vyberte si krajinu 3 dni 1 týždeň @@ -751,9 +749,7 @@ \n \nTúto akciu môžete kedykoľvek zmeniť späť vo všeobecných nastaveniach. Neignorovať používateľa - Zrušením ignorovania tohto používateľa sa opäť zobrazia všetky správy od neho. -\n -\nUpozorňujeme, že táto akcia spôsobí reštart aplikácie a môže chvíľu trvať. + Zrušením ignorovania tohto používateľa sa opäť zobrazia všetky správy od neho. Zrušiť pozvanie Ste si istí, že chcete zrušiť pozvanie tohoto používateľa\? Vykázať používateľa @@ -2534,4 +2530,14 @@ Vlákna Beta Zistiť viac Vyskúšajte si to + Prebieha zdieľanie obrazovky + Zdieľanie obrazovky aplikácie ${app_name} + Zastaviť zdieľanie obrazovky + Zdieľať obrazovku + - Pre niektorých používateľov bolo zrušené ignorovanie + ${app_name} potrebuje vyčistiť vyrovnávaciu pamäť, aby bola aktuálna, a to z nasledujúceho dôvodu: +\n%s +\n +\nUpozorňujeme, že táto akcia spôsobí reštart aplikácie a môže chvíľu trvať. + Úvodná žiadosť o synchronizáciu \ No newline at end of file From d8b23d41ffbffadd96106c580b976e8941f32896 Mon Sep 17 00:00:00 2001 From: Benoit Marty Date: Fri, 6 May 2022 15:41:15 +0000 Subject: [PATCH 085/433] Translated using Weblate (French) Currently translated at 98.2% (2186 of 2224 strings) Translation: Element Android/Element Android App Translate-URL: https://translate.element.io/projects/element-android/element-app/fr/ --- vector/src/main/res/values-fr/strings.xml | 1 + 1 file changed, 1 insertion(+) diff --git a/vector/src/main/res/values-fr/strings.xml b/vector/src/main/res/values-fr/strings.xml index ce69d574ba..fb1948f59a 100644 --- a/vector/src/main/res/values-fr/strings.xml +++ b/vector/src/main/res/values-fr/strings.xml @@ -2457,4 +2457,5 @@ \nPour nous y préparer, nous avons besoin de faire certains changements : les fils créés avant maintenant seront affichés comme des réponses classiques. \n \nCette transition sera unique, maintenant que les fils de discussions ont intégré la spécification de Matrix. + \ No newline at end of file From 186c507e9d4b650e749c45971377431a0ef4bb6e Mon Sep 17 00:00:00 2001 From: Jeff Huang Date: Thu, 5 May 2022 01:28:52 +0000 Subject: [PATCH 086/433] Translated using Weblate (Chinese (Traditional)) Currently translated at 100.0% (59 of 59 strings) Translation: Element Android/Element Android Store Translate-URL: https://translate.element.io/projects/element-android/element-store/zh_Hant/ --- fastlane/metadata/android/zh-TW/changelogs/40104120.txt | 2 ++ fastlane/metadata/android/zh-TW/changelogs/40104130.txt | 2 ++ 2 files changed, 4 insertions(+) create mode 100644 fastlane/metadata/android/zh-TW/changelogs/40104120.txt create mode 100644 fastlane/metadata/android/zh-TW/changelogs/40104130.txt diff --git a/fastlane/metadata/android/zh-TW/changelogs/40104120.txt b/fastlane/metadata/android/zh-TW/changelogs/40104120.txt new file mode 100644 index 0000000000..d3d48abab9 --- /dev/null +++ b/fastlane/metadata/android/zh-TW/changelogs/40104120.txt @@ -0,0 +1,2 @@ +此版本中的主要變動:允許使用者顯示為離線並為音訊附件新增音訊播放器 +完整的變更紀錄:https://github.com/vector-im/element-android/releases diff --git a/fastlane/metadata/android/zh-TW/changelogs/40104130.txt b/fastlane/metadata/android/zh-TW/changelogs/40104130.txt new file mode 100644 index 0000000000..d3d48abab9 --- /dev/null +++ b/fastlane/metadata/android/zh-TW/changelogs/40104130.txt @@ -0,0 +1,2 @@ +此版本中的主要變動:允許使用者顯示為離線並為音訊附件新增音訊播放器 +完整的變更紀錄:https://github.com/vector-im/element-android/releases From 06cfdb607651f0eaa62228e6f04c68ebcb05266f Mon Sep 17 00:00:00 2001 From: Ihor Hordiichuk Date: Wed, 4 May 2022 19:25:20 +0000 Subject: [PATCH 087/433] Translated using Weblate (Ukrainian) Currently translated at 100.0% (59 of 59 strings) Translation: Element Android/Element Android Store Translate-URL: https://translate.element.io/projects/element-android/element-store/uk/ --- fastlane/metadata/android/uk/changelogs/40104120.txt | 2 ++ fastlane/metadata/android/uk/changelogs/40104130.txt | 2 ++ 2 files changed, 4 insertions(+) create mode 100644 fastlane/metadata/android/uk/changelogs/40104120.txt create mode 100644 fastlane/metadata/android/uk/changelogs/40104130.txt diff --git a/fastlane/metadata/android/uk/changelogs/40104120.txt b/fastlane/metadata/android/uk/changelogs/40104120.txt new file mode 100644 index 0000000000..aa075bd42e --- /dev/null +++ b/fastlane/metadata/android/uk/changelogs/40104120.txt @@ -0,0 +1,2 @@ +Основні зміни у цій версії: Дозволяє користувачам з’являтися в режимі офлайн та додає аудіопрогравач для аудіовкладень +Вичерпний перелік змін: https://github.com/vector-im/element-android/releases diff --git a/fastlane/metadata/android/uk/changelogs/40104130.txt b/fastlane/metadata/android/uk/changelogs/40104130.txt new file mode 100644 index 0000000000..aa075bd42e --- /dev/null +++ b/fastlane/metadata/android/uk/changelogs/40104130.txt @@ -0,0 +1,2 @@ +Основні зміни у цій версії: Дозволяє користувачам з’являтися в режимі офлайн та додає аудіопрогравач для аудіовкладень +Вичерпний перелік змін: https://github.com/vector-im/element-android/releases From eceaf9b150313ee5695eff62a4d73e7435395210 Mon Sep 17 00:00:00 2001 From: Jeff Huang Date: Thu, 5 May 2022 01:31:35 +0000 Subject: [PATCH 088/433] Translated using Weblate (Chinese (Traditional)) Currently translated at 100.0% (2224 of 2224 strings) Translation: Element Android/Element Android App Translate-URL: https://translate.element.io/projects/element-android/element-app/zh_Hant/ --- vector/src/main/res/values-zh-rTW/strings.xml | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/vector/src/main/res/values-zh-rTW/strings.xml b/vector/src/main/res/values-zh-rTW/strings.xml index f93374acdb..c8fa6410e2 100644 --- a/vector/src/main/res/values-zh-rTW/strings.xml +++ b/vector/src/main/res/values-zh-rTW/strings.xml @@ -450,9 +450,7 @@ 新密碼 更新密碼失敗 您的密碼已經更新 - 顯示所有來自 %s 的訊息? -\n -\n注意此動作將會重新啟動應用程式,而其可能需要一點時間。 + 顯示所有來自 %s 的訊息? 選擇國家 特色 3 天 @@ -1501,9 +1499,7 @@ \n \n您隨時都可以在一般設定中撤銷此動作。 取消忽略使用者 - 取消忽略此使用者將再次顯示從他們而來的所有訊息。 -\n -\n注意,此動作將會重新啟動應用程式,且可能需要一些時間。 + 取消忽略此使用者將再次顯示從他們而來的所有訊息。 取消邀請 您確定您想要取消對此使用者的邀請嗎? 踢除使用者 @@ -2440,4 +2436,14 @@ 討論串測試版 取得更多資訊 試試看 + 正在分享畫面 + ${app_name} 分享畫面中 + 停止分享畫面 + 分享畫面 + - 部份使用者已被取消忽略 + ${app_name} 需要執行清除快取以保持最新狀態,原因如下: +\n%s +\n +\n注意,此動作將會重新啟動應用程式,並可能需要一些時間。 + 初始同步請求 \ No newline at end of file From eb53022c777670f834897fbfa4936cd06cf70d75 Mon Sep 17 00:00:00 2001 From: Danial Behzadi Date: Wed, 4 May 2022 18:25:16 +0000 Subject: [PATCH 089/433] Translated using Weblate (Persian) Currently translated at 100.0% (2224 of 2224 strings) Translation: Element Android/Element Android App Translate-URL: https://translate.element.io/projects/element-android/element-app/fa/ --- vector/src/main/res/values-fa/strings.xml | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/vector/src/main/res/values-fa/strings.xml b/vector/src/main/res/values-fa/strings.xml index 4d01fe269b..59c944b8e1 100644 --- a/vector/src/main/res/values-fa/strings.xml +++ b/vector/src/main/res/values-fa/strings.xml @@ -662,9 +662,7 @@ حسابم را غیرفعال کن کشف مدیریت تنظیمات کشفتان. - نمایش همهٔ پیام‌ها از %s؟ -\n -\nبه خاطر داشته باشید این عمل، کاره را دوباره شروع خواهد کرد و ممکن است کمی زمان ببرد. + نمایش همهٔ پیام‌ها از %s؟ رایانامه‌ها و شماره تلفن‌ها مدیریت رایانامه‌ها و شماره تلفن‌های پیوسته به حساب ماتریکستان ۳ روز @@ -1256,9 +1254,7 @@ اگر مدیر کارساز خبر از مورد انتظار بودنش داده، مطمئن شوید که اثر انگشت زیر با اثر انگشت ارائه شده به دستشان مطابق است. می‌تواند به این معنی باشد که کسی شدامدتان را بدخواهانه دستکاری کرده یا تلفنتان، به گواهی فراهم‌شده به دست کارساز دوردست، اطمینان ندارد. با لغو مسدودیت، کاربر می‌تواند مجددا به اتاق اضافه شود. - ناچشم‌پوشی این کاربر موجب نمایانی تمامی پیام‌ها از سویش خواهد شد. -\n -\nبه خاطر داشته باشید که این کنش کاره را دوباره آغاز خواهد کرد و ممکن است مدّتی زمان ببرد. + ناچشم‌پوشی این کاربر موجب نمایانی تمامی پیام‌ها از سویش خواهد شد. نادیده‌گرفتن این کاربر پیام‌هایش را از اتاق‌های مشترکتان حذف خواهد کرد. \n \nهرگاه که بخواهید می‌توانید این کنش را در تنظیمات کلی لغو کنید. @@ -2378,7 +2374,7 @@ شکست در بار کردن نقشه نقشه نکته: کاره دوباره آغاز خواهد شد - به کار انداختن ویام‌های رشته‌ای + به کار انداختن پیام‌های رشته‌ای وصل شدن به کارساز دنبال پیوستن به کارسازهای موجودید؟ از این پرسش بگذرید @@ -2487,4 +2483,14 @@ رشته‌های آزمایشی بیش تر بدانید بیازماییدش + لازم است به این دلیل، ${app_name} انباره را برای به‌روز بودن خالی کند: +\n%s +\n +\nبه خاطر داشته باشید این عمل، کاره را دوباره شروع خواهد کرد و ممکن است کمی زمان ببرد. + هم‌رسانی صفحه در حال پیشرفت است + هم‌رسانی صفحهٔ ${app_name} + توقّف هم‌رسانی صفحه + هم‌رسانی صفحه + - برخی کاربران ناچشم‌پوشی شده‌اند + درخواست همگام سازی نخستین \ No newline at end of file From 5fde962cead6f4e8e54e8347f94476b85212a995 Mon Sep 17 00:00:00 2001 From: lvre <7uu3qrbvm@relay.firefox.com> Date: Thu, 5 May 2022 04:22:20 +0000 Subject: [PATCH 090/433] Translated using Weblate (Portuguese (Brazil)) Currently translated at 100.0% (2224 of 2224 strings) Translation: Element Android/Element Android App Translate-URL: https://translate.element.io/projects/element-android/element-app/pt_BR/ --- vector/src/main/res/values-pt-rBR/strings.xml | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/vector/src/main/res/values-pt-rBR/strings.xml b/vector/src/main/res/values-pt-rBR/strings.xml index 21ea05a47c..37f0038bf1 100644 --- a/vector/src/main/res/values-pt-rBR/strings.xml +++ b/vector/src/main/res/values-pt-rBR/strings.xml @@ -403,9 +403,7 @@ Senha nova Falha para atualizar senha Sua senha tem sido atualizada - Mostrar todas as mensagens de %s\? -\n -\nNote que esta ação vai recomeçar o app e pode levar algum tempo. + Mostrar todas as mensagens de %s\? Escolha um país Tópico Legibilidade de Histórico de Sala @@ -757,9 +755,7 @@ \n \nVocê pode reverter esta ação a qualquer momento nas configurações gerais. Designorar usuária(o) - Designorar esta(e) usuária(o) vai mostrar todas as mensagens dela(e) de novo. -\n -\nNote que esta ação vai recomeçar o app e pode levar algum tempo. + Designorar esta(e) usuária(o) vai mostrar todas as mensagens dela(e) de novo. Cancelar convite Você tem certeza que você quer cancelar o convite para esta(e) usuária(o)\? Expulsar usuária(o) @@ -2487,4 +2483,14 @@ Threads Beta Saber mais Teste aí + Compartilhamento de tela está em progresso + ${app_name} Compartilhamento de Tela + Parar compartilhamento de tela + Compartilhar tela + - Algumas(ns) usuárias(os) têm sido designoradas(os) + ${app_name} precisa performar um cache limpo para estar atualizado, pela seguinte razão: +\n%s +\n +\nNote que esta ação vai recomeçar o app e pode levar algum tempo. + Requisição de sinc inicial \ No newline at end of file From 7d16b557d4093cf62ee543a9919cae7ff3a2d270 Mon Sep 17 00:00:00 2001 From: Jozef Gaal Date: Wed, 4 May 2022 20:00:49 +0000 Subject: [PATCH 091/433] Translated using Weblate (Slovak) Currently translated at 100.0% (59 of 59 strings) Translation: Element Android/Element Android Store Translate-URL: https://translate.element.io/projects/element-android/element-store/sk/ --- fastlane/metadata/android/sk/changelogs/40104120.txt | 2 ++ fastlane/metadata/android/sk/changelogs/40104130.txt | 2 ++ 2 files changed, 4 insertions(+) create mode 100644 fastlane/metadata/android/sk/changelogs/40104120.txt create mode 100644 fastlane/metadata/android/sk/changelogs/40104130.txt diff --git a/fastlane/metadata/android/sk/changelogs/40104120.txt b/fastlane/metadata/android/sk/changelogs/40104120.txt new file mode 100644 index 0000000000..2279ddc574 --- /dev/null +++ b/fastlane/metadata/android/sk/changelogs/40104120.txt @@ -0,0 +1,2 @@ +Hlavné zmeny v tejto verzii: Umožňuje používateľom zobrazovať sa v režime offline a pridáva zvukový prehrávač pre zvukové prílohy +Úplný zoznam zmien: https://github.com/vector-im/element-android/releases diff --git a/fastlane/metadata/android/sk/changelogs/40104130.txt b/fastlane/metadata/android/sk/changelogs/40104130.txt new file mode 100644 index 0000000000..2279ddc574 --- /dev/null +++ b/fastlane/metadata/android/sk/changelogs/40104130.txt @@ -0,0 +1,2 @@ +Hlavné zmeny v tejto verzii: Umožňuje používateľom zobrazovať sa v režime offline a pridáva zvukový prehrávač pre zvukové prílohy +Úplný zoznam zmien: https://github.com/vector-im/element-android/releases From 45706760424da434dac2124d8379b9013915a617 Mon Sep 17 00:00:00 2001 From: waclaw66 Date: Thu, 5 May 2022 03:24:44 +0000 Subject: [PATCH 092/433] Translated using Weblate (Czech) Currently translated at 100.0% (59 of 59 strings) Translation: Element Android/Element Android Store Translate-URL: https://translate.element.io/projects/element-android/element-store/cs/ --- fastlane/metadata/android/cs-CZ/changelogs/40104120.txt | 2 ++ fastlane/metadata/android/cs-CZ/changelogs/40104130.txt | 2 ++ 2 files changed, 4 insertions(+) create mode 100644 fastlane/metadata/android/cs-CZ/changelogs/40104120.txt create mode 100644 fastlane/metadata/android/cs-CZ/changelogs/40104130.txt diff --git a/fastlane/metadata/android/cs-CZ/changelogs/40104120.txt b/fastlane/metadata/android/cs-CZ/changelogs/40104120.txt new file mode 100644 index 0000000000..7867646fe5 --- /dev/null +++ b/fastlane/metadata/android/cs-CZ/changelogs/40104120.txt @@ -0,0 +1,2 @@ +Hlavní změny v této verzi: Umožňuje uživatelům zobrazovat se offline a přidává zvukový přehrávač pro zvukové přílohy +Úplný seznam změn: https://github.com/vector-im/element-android/releases diff --git a/fastlane/metadata/android/cs-CZ/changelogs/40104130.txt b/fastlane/metadata/android/cs-CZ/changelogs/40104130.txt new file mode 100644 index 0000000000..7867646fe5 --- /dev/null +++ b/fastlane/metadata/android/cs-CZ/changelogs/40104130.txt @@ -0,0 +1,2 @@ +Hlavní změny v této verzi: Umožňuje uživatelům zobrazovat se offline a přidává zvukový přehrávač pro zvukové přílohy +Úplný seznam změn: https://github.com/vector-im/element-android/releases From d5560db45cd83159301bef6e0cc5a67a15fb8da8 Mon Sep 17 00:00:00 2001 From: Modificator Date: Fri, 6 May 2022 02:21:21 +0000 Subject: [PATCH 093/433] Translated using Weblate (Chinese (Simplified)) Currently translated at 92.9% (2067 of 2224 strings) Translation: Element Android/Element Android App Translate-URL: https://translate.element.io/projects/element-android/element-app/zh_Hans/ --- vector/src/main/res/values-zh-rCN/strings.xml | 1 + 1 file changed, 1 insertion(+) diff --git a/vector/src/main/res/values-zh-rCN/strings.xml b/vector/src/main/res/values-zh-rCN/strings.xml index ec3045ec22..58ed38816c 100644 --- a/vector/src/main/res/values-zh-rCN/strings.xml +++ b/vector/src/main/res/values-zh-rCN/strings.xml @@ -2294,4 +2294,5 @@ 在房间中筛选子区 复制子区的链接 在房间中查看 + 群组通知 \ No newline at end of file From 257492d94e14f8e16fb17ae38f18deefa4d6ff9e Mon Sep 17 00:00:00 2001 From: random Date: Thu, 5 May 2022 09:00:45 +0000 Subject: [PATCH 094/433] Translated using Weblate (Italian) Currently translated at 100.0% (59 of 59 strings) Translation: Element Android/Element Android Store Translate-URL: https://translate.element.io/projects/element-android/element-store/it/ --- fastlane/metadata/android/it-IT/changelogs/40104120.txt | 2 ++ fastlane/metadata/android/it-IT/changelogs/40104130.txt | 2 ++ 2 files changed, 4 insertions(+) create mode 100644 fastlane/metadata/android/it-IT/changelogs/40104120.txt create mode 100644 fastlane/metadata/android/it-IT/changelogs/40104130.txt diff --git a/fastlane/metadata/android/it-IT/changelogs/40104120.txt b/fastlane/metadata/android/it-IT/changelogs/40104120.txt new file mode 100644 index 0000000000..fa015ae564 --- /dev/null +++ b/fastlane/metadata/android/it-IT/changelogs/40104120.txt @@ -0,0 +1,2 @@ +Modifiche principali in questa versione: consente agli utenti di apparire offline e aggiunge un player audio per gli allegati audio +Cronologia completa: https://github.com/vector-im/element-android/releases diff --git a/fastlane/metadata/android/it-IT/changelogs/40104130.txt b/fastlane/metadata/android/it-IT/changelogs/40104130.txt new file mode 100644 index 0000000000..fa015ae564 --- /dev/null +++ b/fastlane/metadata/android/it-IT/changelogs/40104130.txt @@ -0,0 +1,2 @@ +Modifiche principali in questa versione: consente agli utenti di apparire offline e aggiunge un player audio per gli allegati audio +Cronologia completa: https://github.com/vector-im/element-android/releases From bb636380754dcfad2330287dcd434f40a5db01f2 Mon Sep 17 00:00:00 2001 From: Linerly Date: Thu, 5 May 2022 05:51:06 +0000 Subject: [PATCH 095/433] Translated using Weblate (Indonesian) Currently translated at 100.0% (59 of 59 strings) Translation: Element Android/Element Android Store Translate-URL: https://translate.element.io/projects/element-android/element-store/id/ --- fastlane/metadata/android/id/changelogs/40104120.txt | 2 ++ fastlane/metadata/android/id/changelogs/40104130.txt | 2 ++ 2 files changed, 4 insertions(+) create mode 100644 fastlane/metadata/android/id/changelogs/40104120.txt create mode 100644 fastlane/metadata/android/id/changelogs/40104130.txt diff --git a/fastlane/metadata/android/id/changelogs/40104120.txt b/fastlane/metadata/android/id/changelogs/40104120.txt new file mode 100644 index 0000000000..ce1a4a4d84 --- /dev/null +++ b/fastlane/metadata/android/id/changelogs/40104120.txt @@ -0,0 +1,2 @@ +Perubahan utama dalam versi ini: Diperbolehkan pengguna untuk terlihat luring dan ditambahkan sebuah pemain audio untuk lampiran audio +Catatan perubahan lanjutan: https://github.com/vector-im/element-android/releases diff --git a/fastlane/metadata/android/id/changelogs/40104130.txt b/fastlane/metadata/android/id/changelogs/40104130.txt new file mode 100644 index 0000000000..ce1a4a4d84 --- /dev/null +++ b/fastlane/metadata/android/id/changelogs/40104130.txt @@ -0,0 +1,2 @@ +Perubahan utama dalam versi ini: Diperbolehkan pengguna untuk terlihat luring dan ditambahkan sebuah pemain audio untuk lampiran audio +Catatan perubahan lanjutan: https://github.com/vector-im/element-android/releases From 89d0f7838a933479a4465951e7f02165bded47a7 Mon Sep 17 00:00:00 2001 From: chanthajohn keoviengkhone Date: Thu, 5 May 2022 00:51:49 +0000 Subject: [PATCH 096/433] Translated using Weblate (Lao) Currently translated at 100.0% (2224 of 2224 strings) Translation: Element Android/Element Android App Translate-URL: https://translate.element.io/projects/element-android/element-app/lo/ --- vector/src/main/res/values-lo/strings.xml | 172 +++++++++++++++++++--- 1 file changed, 148 insertions(+), 24 deletions(-) diff --git a/vector/src/main/res/values-lo/strings.xml b/vector/src/main/res/values-lo/strings.xml index 72b2ae1d21..cf7e2b82e3 100644 --- a/vector/src/main/res/values-lo/strings.xml +++ b/vector/src/main/res/values-lo/strings.xml @@ -169,9 +169,7 @@ ທ່ານແນ່ໃຈບໍ່ວ່າຕ້ອງການຍົກເລີກການເຊີນຜູ້ໃຊ້ນີ້\? ຍົກເລີກການເຊີນ ຍົກເລີກການບໍ່ສົນໃຈ - ການບໍ່ສົນໃຈຜູ້ໃຊ້ນີ້ຈະສະແດງຂໍ້ຄວາມທັງໝົດຈາກເຂົາເຈົ້າອີກຄັ້ງ. -\n -\nກະລຸນາຮັບຊາບວ່າຄຳສັ່ງນີ້ຈະປິດເປີດແອັບຄືນໃໝ່ ແລະ ມັນອາດຈະໃຊ້ເວລາຄາວໜຶ່ງ. + ການຍົກເລີກບໍ່ສົນໃຈຜູ້ໃຊ້ນີ້ຈະສະແດງຂໍ້ຄວາມທັງໝົດຈາກພວກເຂົາອີກຄັ້ງ. ບໍ່ສົນໃຈຜູ້ໃຊ້ ບໍ່ສົນໃຈ ການບໍ່ສົນໃຈຜູ້ໃຊ້ນີ້ຈະລຶບຂໍ້ຄວາມຂອງເຂົາເຈົ້າອອກຈາກຫ້ອງທີ່ທ່ານແບ່ງປັນ. @@ -747,10 +745,10 @@ ສ້າງຫ້ອງໃຫມ່ ເຫດການບໍ່ຖືກຕ້ອງ, ບໍ່ສາມາດສະແດງໄດ້ ຄວບຄຸມເຫດການໂດຍຜູ້ເບິ່ງແຍງຫ້ອງ - ເຫດການຖືກລຶບໂດຍຜູ້ໃຊ້ + ເຫດການທີ່ຖືກລຶບໂດຍຜູ້ໃຊ້ ສະແດງຕົວຍຶດສໍາລັບຂໍ້ຄວາມທີ່ຖືກລົບອອກ ສະແດງຂໍ້ຄວາມທີ່ຖືກລືບອອກ - ຂໍ້ຄວາມຖືກລຶບ + ລຶບຂໍ້ຄວາມອອກແລ້ວ ການໂຕ້ຕອບ ເບິ່ງການໂຕ້ຕອບ ເພີ່ມປະຕິກິລິຍາ @@ -1006,9 +1004,7 @@ ເລືອກປະເທດ ຈັດການອີເມວ ແລະເບີໂທລະສັບທີ່ເຊື່ອມຕໍ່ກັບບັນຊີ Matrix ຂອງທ່ານ ອີເມວ ແລະເບີໂທລະສັບ - ສະແດງຂໍ້ຄວາມທັງໝົດຈາກ %s ບໍ\? -\n -\nກະລຸນາຮັບຊາບວ່າຄຳສັ່ງນີ້ຈະປິດເປີດແອັບຄືນໃໝ່ ແລະ ມັນອາດຈະໃຊ້ເວລາຄາວໜຶ່ງ. + ສະແດງຂໍ້ຄວາມທັງໝົດຈາກ %s \? ລະຫັດຜ່ານຂອງທ່ານໄດ້ຮັບການປັບປຸງ ລະຫັດຜ່ານບໍ່ຖືກຕ້ອງ ອັບເດດລະຫັດຜ່ານບໍ່ສຳເລັດ @@ -1449,7 +1445,7 @@ ກະລຸນາລໍຖ້າ, ມັນອາດຈະໃຊ້ເວລາຄາວໜຶ່ງ. ເຂົ້າຮ່ວມຫ້ອງແທນ ບໍ່ມີຊື່ຫ້ອງ - ບາງຫ້ອງອາດຈະຖືກເຊື່ອງໄວ້ເພາະວ່າເປັນສ່ວນຕົວ ແລະ ທ່ານຕ້ອງໄດ້ຮັບການເຊີນ + ບາງຫ້ອງອາດຈະຖືກເຊື່ອງໄວ້ເພາະວ່າເປັນສ່ວນຕົວ ແລະ ທ່ານຕ້ອງໄດ້ຮັບການເຊີນ. ບາງຫ້ອງອາດຈະຖືກເຊື່ອງໄວ້ເພາະວ່າເປັນສ່ວນຕົວ ແລະ ທ່ານຕ້ອງການການເຊີນ. \nທ່ານບໍ່ໄດ້ຮັບອະນຸຍາດໃຫ້ເພີ່ມຫ້ອງ. ພື້ນທີ່ນີ້ບໍ່ມີຫ້ອງ @@ -1782,7 +1778,7 @@ "ຫນຶ່ງໃນຕໍ່ໄປນີ້ອາດຈະຖືກທໍາລາຍ: \n \n - homeserver ຂອງທ່ານ -\n - homeserver ທີ່ຜູ້ໃຊ້ທີ່ທ່ານກໍາລັງກວດສອບແມ່ນໄດ້ເຊື່ອມຕໍ່ກັບ +\n - homeserver ທີ່ຜູ້ໃຊ້ທີ່ທ່ານກໍາລັງກວດສອບການເຊື່ອມຕໍ່ຢູ່ \n - ຂອງທ່ານ, ຫຼື ການເຊື່ອມຕໍ່ອິນເຕີເນັດຂອງຜູ້ໃຊ້ອື່ນໆ \n - ຂອງທ່ານ, ຫຼື ອຸປະກອນຂອງຜູ້ໃຊ້ອື່ນ" ບໍ່ປອດໄພ @@ -1994,9 +1990,9 @@ ເພີ່ມພື້ນທີ່ ພື້ນທີ່ສ່ວນຕົວ ພື້ນທີ່ສາທາລະນະ - ທ່ານແນ່ໃຈບໍ່ວ່າຕ້ອງການລຶບຂໍ້ຄວາມທີ່ຍັງບໍ່ໄດ້ສົ່ງທັງໝົດຢູ່ໃນຫ້ອງນີ້\? - ລຶບຂໍ້ຄວາມທີ່ຍັງບໍ່ໄດ້ສົ່ງ - ສົ່ງຂໍ້ຄວາມບໍ່ສຳເລັດ + ທ່ານແນ່ໃຈບໍ່ວ່າທ່ານຕ້ອງການລຶບຂໍ້ຄວາມທີ່ຍັງບໍ່ໄດ້ສົ່ງທັງໝົດຢູ່ໃນຫ້ອງນີ້\? + ລຶບຂໍ້ຄວາມທີ່ຍັງບໍ່ໄດ້ສົ່ງອອກ + ບໍ່ສາມາດສົ່ງຂໍ້ຄວາມ ທ່ານຕ້ອງການຍົກເລີກການສົ່ງຂໍ້ຄວາມບໍ\? ລຶບຂໍ້ຄວາມທີ່ບໍ່ສຳເລັດທັງໝົດອອກ ບໍ່ສຳເລັດ @@ -2007,20 +2003,20 @@ ເຂົ້າຮ່ວມພື້ນທີ່ກັບ id ທີ່ກຳນົດໃຫ້ ເພີ່ມໃສ່ພື້ນທີ່ທີ່ກຳນົດໃຫ້ ສ້າງພື້ນທີ່ - ເນື້ອໃນການນັດໝາຍ - ສົ່ງການນັດໝາຍຂອງລັດ! - ສົ່ງນັດໝາຍ! + ເນື້ອໃນຂອງເຫດການ + ສົ່ງຖະແຫຼງການຂອງເຫດການ! + ສົ່ງເຫດການແລ້ວ! ເຫດການຜິດປົກກະຕິ ບໍ່ມີປະເພດຂໍ້ຄວາມ ບໍ່ມີເນື້ອຫາ - ເນື້ອໃນການນັດໝາຍ + ເນື້ອໃນຂອງເຫດການ ສະຖານະຂອງກະເເຈ ປະເພດ - ສົ່ງນັດໝາຍຂອງລັດແບບກຳນົດເອງ + ສົ່ງຖະແຫຼງການຂອງເຫດການທີ່ກຳນົດເອງ ແກ້ໄຂເນື້ອຫາ - ການນັດໝາຍຂອງລັດ - ສົ່ງນັດມາຍຂອງລັດ - ສົ່ງນັດໝາຍທີ່ກຳນົດເອງ + ຖະແຫຼງການຂອງເຫດການ + ສົ່ງສະຖານະຂອງເຫດການ + ສົ່ງເຫດການທີ່ກຳນົດເອງ ສຳຫຼວດສະຖານະຫ້ອງ ເຄື່ອງມືພັດທະນາ ບໍ່ສາມາດໃຊ້ໄດ້ @@ -2147,7 +2143,7 @@ ${app_name} Android ລະຫັດແມ່ນທັນສະໄຫມແລ້ວ! ເຫດການຖືກກວດສອບໂດຍຜູ້ເບິ່ງແຍງຫ້ອງ, ເຫດຜົນ: %1$s - ເຫດການທີ່ລຶບໂດຍຜູ້ໃຊ້, ເຫດຜົນ: %1$s + ເຫດການທີ່ຖືກລຶບໂດຍຜູ້ໃຊ້, ເຫດຜົນ: %1$s ເຫດຜົນສໍາລັບການແກ້ໄຂ ລວມທັງເຫດຜົນ ທ່ານແນ່ໃຈບໍ່ວ່າຕ້ອງການລຶບ (ລຶບ) ເຫດການນີ້ອອກ\? ກະລຸນາຮັບຊາບວ່າຖ້າຫາກທ່ານລຶບຊື່ຫ້ອງ ຫຼື ການປ່ຽນຫົວຂໍ້, ມັນສາມາດຍົກເລີກການປ່ຽນແປງໄດ້. @@ -2236,7 +2232,7 @@ \nການຢັ້ງຢືນຈະຖືກບັນທຶກໄວ້ໃນເຄື່ອງ ແລະ ແບ່ງປັນໃນເວີຊັນຂອງແອັບໃນອະນາຄົດ. ບໍ່ສົນໃຈ ${app_name} ປະສົບບັນຫາໃນເວລາສະແດງເນື້ອຫາຂອງເຫດການດ້ວຍ id \'%1$s\' - ${app_name} ບໍ່ໄດ້ຈັດການເຫດການຂອງປະເພດ \'%1$s\' + ${app_name} ບໍ່ໄດ້ຈັດການ ເຫດການຂອງປະເພດ \'%1$s\' ໄປເພື່ອອ່ານ ຂໍ້ຄວາມໂດຍກົງ ກຳນົດເອງ (%1$d) ໃນ %2$s @@ -2320,4 +2316,132 @@ ລາຍງານເນື້ອຫານີ້ ລາຍງານທີ່ກຳນົດເອງ… ບໍ່ເຫມາະສົມ - + ເຫຼືອ %1$ds + ເລື່ອນເພື່ອຍົກເລີກ + ບັນທຶກຂໍ້ຄວາມສຽງ + ຂໍອະໄພ, ເກີດຄວາມຜິດພາດຂຶ້ນໃນຂະນະທີ່ພະຍາຍາມເຂົ້າຮ່ວມ: %s + ຍົກລະດັບເປັນເວີຊັນຫ້ອງທີ່ແນະນຳ + ຢຸດການແບ່ງປັນໜ້າຈໍ + ແບ່ງປັນຫນ້າຈໍ + - ຜູ້ໃຊ້ບາງຄົນໄດ້ຖືກສົນໃຈ + ${app_name} ຕ້ອງດໍາເນີນການ cache ທີ່ຊັດເຈນເພື່ອໃຫ້ທັນສະໄຫມ, ສໍາລັບເຫດຜົນດັ່ງຕໍ່ໄປນີ້: +\n%s +\n +\nກະລຸນາຮັບຊາບວ່າຄຳສັ່ງນີ້ຈະປິດເປີດແອັບຄືນໃໝ່ ແລະ ມັນອາດຈະໃຊ້ເວລາຄາວໜຶ່ງ. + ການຮ້ອງຂໍການຊິງຄ໌ເບື້ອງຕົ້ນ + ການແບ່ງປັນໜ້າຈໍກຳລັງດຳເນີນຢູ່ + ${app_name} ການແບ່ງປັນໜ້າຈໍ + ການແຈ້ງເຕືອນຫ້ອງ + ຜູ້ໃຊ້ + ແຈ້ງໃຫ້ຫ້ອງໍທັງຫມົດ + + %1$d ເພີ່ມເຕີມ + + ສະແດງໜ້ອຍລົງ + ແບ່ງປັນສະຖານທີ່ + ສ້າງແບບສຳຫຼວດ + ເປີດລາຍຊື່ຜູ້ຕິດຕໍ່ + ສົ່ງສະຕິກເກີ + ອັບໂຫຼດໄຟລ໌ + ສົ່ງຮູບພາບ ແລະ ວິດີໂອ + ເປີດກ້ອງຖ່າຍຮູບ + ສະແດງຟອງຂໍ້ຄວາມ + ການແບ່ງປັນສະຖານທີ່ກຳລັງດຳເນີນຢູ່ + ${app_name} ສະຖານທີ່ປັດຈຸບັນ + ຢຸດ + ກຳລັງໂຫຼດສະຖານທີ່ປັດຈຸບັນ… + ເປີດໃຊ້ສະຖານທີ່ປັດຈຸບັນແລ້ວ + ໂຫຼດແຜນທີ່ບໍ່ສຳເລັດ + ສະແດງສະຖານທີ່ຂອງຜູ້ໃຊ້ໃນທາມລາຍ + ເມື່ອເປີດໃຊ້ແລ້ວທ່ານຈະສາມາດສົ່ງສະຖານທີ່ຂອງທ່ານໄປຫາຫ້ອງໃດກໍໄດ້ + ເປີດໃຊ້ການແບ່ງປັນສະຖານທີ່ + ເປີດດ້ວຍ + ${app_name} ບໍ່ສາມາດເຂົ້າເຖິງສະຖານທີ່ຂອງທ່ານໄດ້. ກະລຸນາລອງໃໝ່ໃນພາຍຫຼັງ. + ${app_name} ບໍ່ສາມາດເຂົ້າເຖິງສະຖານທີ່ຂອງທ່ານໄດ້ + ຖ້າທ່ານຕ້ອງການແບ່ງປັນສະຖານທີ່ປັດຈຸບັນຂອງທ່ານ, ${app_name} ຕ້ອງການການເຂົ້າເຖິງສະຖານທີ່ຕະຫຼອດເວລາທີ່ແອັບຯຢູ່ໃນພື້ນຫຼັງ. +\nພວກເຮົາຈະເຂົ້າເຖິງສະຖານທີ່ຂອງທ່ານສະເພາະໄລຍະເວລາທີ່ທ່ານເລືອກ. + ອະນຸຍາດໃຫ້ເຂົ້າເຖິງ + 8 ຊົ່ວໂມງ + 1 ຊົ່ວໂມງ + 15 ນາທີ + ແບ່ງປັນສະຖານທີ່ປັດຈຸບັນຂອງທ່ານສໍາລັບ + ແບ່ງປັນສະຖານທີ່ນີ້ + ແບ່ງປັນສະຖານທີ່ນີ້ + ແບ່ງປັນສະຖານທີ່ປັດຈຸບັນ + ແບ່ງປັນສະຖານທີ່ປັດຈຸບັນ + ແບ່ງປັນສະຖານທີ່ປະຈຸບັນຂອງຂ້ອຍ + ແບ່ງປັນສະຖານທີ່ປະຈຸບັນຂອງຂ້ອຍ + ຂະຫຍາຍໄປຫາສະຖານທີ່ປັດຈຸບັນ + ປັກໝຸດຂອງສະຖານທີ່ທີ່ເລືອກຢູ່ໃນແຜນທີ່ + ແບ່ງປັນສະຖານທີ່ + ແຜນທີ່ + ແບ່ງປັນສະຖານທີ່ + ສະຖານທີ່ + ແບ່ງປັນສະຖານທີ່ + ຜົນໄດ້ຮັບຈະຖືກເປີດເຜີຍເມື່ອທ່ານສິ້ນສຸດແບບສຳຫຼວດເທົ່ານັ້ນ + ປິດແບບສຳຫຼວດ + ຜູ້ລົງຄະແນນສຽງເຫັນຜົນທັນທີທີ່ເຂົາເຈົ້າລົງຄະແນນສຽງ + ເປີດແບບສຳຫຼວດ + ປະເພດແບບສຳຫຼວດ + ແກ້ໄຂແບບສຳຫຼວດ + ທ່ານແນ່ໃຈບໍ່ວ່າຕ້ອງການລຶບແບບສຳຫຼວດນີ້ອອກ\? ທ່ານຈະບໍ່ສາມາດກູ້ມັນຄືນໄດ້ເມື່ອລຶບອອກແລ້ວ. + ລຶບການສຳຫຼວດ + ແບບສຳຫຼວດສິ້ນສຸດລົງ + ລົງຄະແນນສຽງ + ສິ້ນສຸດແບບສຳຫຼວດ + ອັນນີ້ຈະຢຸດບໍ່ໃຫ້ຜູ້ຄົນສາມາດລົງຄະແນນສຽງໄດ້ ແລະຈະສະແດງຜົນສຸດທ້າຍຂອງການສຳຫຼວດຄວາມຄິດເຫັນ. + ສິ້ນສຸດແບບສຳຫຼວດນີ້ບໍ\? + ເລືອກຜູ້ຊະນະ + ສິ້ນສຸດແບບສຳຫຼວດ + + ຜົນສຸດທ້າຍໂດຍອີງໃສ່ %1$d ຄະແນນສຽງ + + + %1$dຄະແນນສຽງ. ລົງຄະແນນສຽງເພື່ອເບິ່ງຜົນໄດ້ຮັບ + + ບໍ່ມີການລົງຄະແນນສຽງ + + ອີງຕາມ %1$d ຄະແນນສຽງ + + + %1$d ຄະແນນສຽງ + + + ຢ່າງໜ້ອຍຕ້ອງເລືອກ %1$s + + ຄຳຖາມບໍ່ສາມາດຫວ່າງເປົ່າໄດ້ + ສ້າງແບບສຳຫຼວດ + ເພີ່ມຕົວເລືອກ + ທາງເລືອກ %1$d + ສ້າງທາງເລືອກ + ຄໍາຖາມ ຫຼື ຫົວຂໍ້ + ຄຳຖາມ ຫຼື ຫົວຂໍ້ການສຳຫຼວດ + ສ້າງແບບສຳຫຼວດ + ປິດເປີດແອັບພລິເຄຊັນຄືນໃໝ່ ເພື່ອໃຫ້ການປ່ຽນແປງ. + ເປີດໃຊ້ຄະນິດສາດ LaTeX + %s ໃນການຕັ້ງຄ່າເພື່ອຮັບຄຳເຊີນໂດຍກົງໃນ ${app_name}. + ເຊື່ອມຕໍ່ອີເມວນີ້ກັບບັນຊີຂອງທ່ານ + ການເຊີນໄປຫາພື້ນທີ່ນີ້ຖືກສົ່ງໄປຫາ %s ທີ່ບໍ່ກ່ຽວຂ້ອງກັບບັນຊີຂອງທ່ານ + ການເຊີນເຂົ້າຫ້ອງນີ້ຖືກສົ່ງໄປໃຫ້ %s ເຊິ່ງບໍ່ໄດ້ເຊື່ອມໂຍງກັບບັນຊີຂອງທ່ານ + ກະລຸນາຮັບຊາບວ່າການຍົກລະດັບຈະເຮັດໃຫ້ຫ້ອງເປັນເວີຊັນໃໝ່. ຂໍ້ຄວາມປັດຈຸບັນທັງໝົດຈະຢູ່ໃນຫ້ອງເກັບມ້ຽນນີ້. + ທຸກຄົນທີ່ຢູ່ໃນແຫຼ່ງພື້ນທີ່ຈະສາມາດຊອກຫາ ແລະ ເຂົ້າຮ່ວມຫ້ອງນີ້ໄດ້ - ບໍ່ຈໍາເປັນຕ້ອງເຊີນທຸກຄົນດ້ວຍຕົນເອງ. ທ່ານສາມາດປ່ຽນສີ່ງນີ້ໃນການຕັ້ງຄ່າຫ້ອງໄດ້ທຸກເວລາ. + ທຸກຄົນໃນ %s ຈະສາມາດຊອກຫາ ແລະ ເຂົ້າຮ່ວມຫ້ອງນີ້ໄດ້ - ບໍ່ຈໍາເປັນຕ້ອງເຊີນທຸກຄົນດ້ວຍຕົນເອງ. ທ່ານຈະສາມາດປ່ຽນສິ່ງນີ້ໃນການຕັ້ງຄ່າຫ້ອງໄດ້ທຸກເວລາ. + (%1$s) + %1$s (%2$s) + ບໍ່ສາມາດຫຼິ້ນໄດ້ %1$s + ຢຸດ %1$s ໄວ້ຊົ່ວຄາວ + ຫຼິ້ນ %1$s + %1$d ນາທີ %2$d ວິນາທີ + %1$s, %2$s, %3$s + ຂໍ້ຄວາມສຽງ (%1$s) + ບໍ່ສາມາດຕອບ ຫຼື ແກ້ໄຂໄດ້ ໃນຂະນະທີ່ຂໍ້ຄວາມສຽງເປີດຢູ່ + ບໍ່ສາມາດບັນທຶກຂໍ້ຄວາມສຽງໄດ້ + ບໍ່ສາມາດຫຼິ້ນຂໍ້ຄວາມສຽງນີ້ໄດ້ + ແຕະໃສ່ການບັນທຶກຂອງທ່ານເພື່ອຢຸດ ຫຼືຟັງ + ກົດຄ້າງໄວ້ເພື່ອບັນທຶກ, ປ່ອຍເພື່ອສົ່ງ + ລຶບການບັນທຶກ + ການບັນທຶກຂໍ້ຄວາມສຽງ + ຢຸດການບັນທຶກ + ຢຸດຂໍ້ຄວາມສຽງຊົ່ວຄາວ + ຫຼິ້ນຂໍ້ຄວາມສຽງ + \ No newline at end of file From a04b8985c60a80a9708a58998a9138d3a068ad72 Mon Sep 17 00:00:00 2001 From: LinAGKar Date: Sat, 7 May 2022 12:35:07 +0000 Subject: [PATCH 097/433] Translated using Weblate (Swedish) Currently translated at 100.0% (2224 of 2224 strings) Translation: Element Android/Element Android App Translate-URL: https://translate.element.io/projects/element-android/element-app/sv/ --- vector/src/main/res/values-sv/strings.xml | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/vector/src/main/res/values-sv/strings.xml b/vector/src/main/res/values-sv/strings.xml index a7400528fa..d596e91798 100644 --- a/vector/src/main/res/values-sv/strings.xml +++ b/vector/src/main/res/values-sv/strings.xml @@ -524,9 +524,7 @@ Identitetsserver Vänligen kolla din e-post klicka på länken i den. När du är klar med detta, klicka på fortsätt. Den här e-postadressen är upptagen. - Visa alla meddelanden från %s\? -\n -\nObservera att den har handlingen kommer att starta om appen, och det kan ta lite tid. + Visa alla meddelanden från %s\? Media Förvald mediakälla Emblem @@ -837,9 +835,7 @@ Degradera Ignorera användare Avignorera användare - Att avignorera den här användaren kommer att visa alla meddelanden från denne igen. -\n -\nObservera att detta kräver en omstart av appen och kan ta en stund. + Att avignorera den här användaren kommer att visa alla meddelanden från denne igen. Avbryt inbjudan Är du säker på att du vill avbryta inbjudan för den här användaren\? Kicka användaren @@ -2487,4 +2483,14 @@ Trådar Beta Läs mer Prova + Skärmdelning pågår + ${app_name} delar skärm + Avsluta skärmdelning + Dela skärm + - Vissa användare har avignorerats + ${app_name} behöver rensa cache för att uppdateras, av följande anledning: +\n%s +\n +\nObservera att detta startar om appen, och kan ta ett tag. + Förfrågan om inledande synk \ No newline at end of file From 4ffd495811d653a78eabdb15d796e400afe5deb3 Mon Sep 17 00:00:00 2001 From: LinAGKar Date: Sat, 7 May 2022 12:37:45 +0000 Subject: [PATCH 098/433] Translated using Weblate (Swedish) Currently translated at 100.0% (59 of 59 strings) Translation: Element Android/Element Android Store Translate-URL: https://translate.element.io/projects/element-android/element-store/sv/ --- fastlane/metadata/android/sv-SE/changelogs/40104120.txt | 2 ++ fastlane/metadata/android/sv-SE/changelogs/40104130.txt | 2 ++ 2 files changed, 4 insertions(+) create mode 100644 fastlane/metadata/android/sv-SE/changelogs/40104120.txt create mode 100644 fastlane/metadata/android/sv-SE/changelogs/40104130.txt diff --git a/fastlane/metadata/android/sv-SE/changelogs/40104120.txt b/fastlane/metadata/android/sv-SE/changelogs/40104120.txt new file mode 100644 index 0000000000..6692768e1e --- /dev/null +++ b/fastlane/metadata/android/sv-SE/changelogs/40104120.txt @@ -0,0 +1,2 @@ +Huvudsakliga ändringar i den här versionen: Låter användare visas offline och lägger till en ljudspelare för ljudbilagor +Full ändringslogg: https://github.com/vector-im/element-android/releases diff --git a/fastlane/metadata/android/sv-SE/changelogs/40104130.txt b/fastlane/metadata/android/sv-SE/changelogs/40104130.txt new file mode 100644 index 0000000000..6692768e1e --- /dev/null +++ b/fastlane/metadata/android/sv-SE/changelogs/40104130.txt @@ -0,0 +1,2 @@ +Huvudsakliga ändringar i den här versionen: Låter användare visas offline och lägger till en ljudspelare för ljudbilagor +Full ändringslogg: https://github.com/vector-im/element-android/releases From c0ed25c41be188144f0597d41c65ac76d25960f1 Mon Sep 17 00:00:00 2001 From: worldspeak Date: Sat, 7 May 2022 04:53:56 +0000 Subject: [PATCH 099/433] Translated using Weblate (Esperanto) Currently translated at 87.9% (1956 of 2224 strings) Translation: Element Android/Element Android App Translate-URL: https://translate.element.io/projects/element-android/element-app/eo/ --- vector/src/main/res/values-eo/strings.xml | 49 +++-------------------- 1 file changed, 6 insertions(+), 43 deletions(-) diff --git a/vector/src/main/res/values-eo/strings.xml b/vector/src/main/res/values-eo/strings.xml index cf61116477..38e4ef01e9 100644 --- a/vector/src/main/res/values-eo/strings.xml +++ b/vector/src/main/res/values-eo/strings.xml @@ -37,7 +37,6 @@ Telefonnumero Invito al ĉambro %1$s kaj %2$s - Malplena ĉambro Komenca spegulado: \nEnportante konton… @@ -46,7 +45,8 @@ Komenca spegulado: \nEnportante ĉambrojn Komenca spegulado: -\nEnportante aliĝitajn ĉambrojn +\nEnportante viajn konversaciojn +\nSe vi aliĝis tre multaj ĉambroj, tiu eble daŭras longe Komenca spegulado: \nEnportante ĉambrojn de invitoj Komenca spegulado: @@ -204,9 +204,8 @@ Vidi malĉifritan fonton Forigi Alinomi - Raporti enhavon + Raporti Enhavon Raporti eraron - Inviti Voĉvoko @@ -252,7 +251,6 @@ Interparoloj Neniuj rezultoj Ĉambroj - Komunumoj Sendi protokolon Sendi protokolon pri fiasko @@ -273,7 +271,6 @@ Sendi voĉon Ĉu vi certe volas komenci novan voĉvokon\? Ĉu vi certe volas komenci novan vidvokon\? - Sendi dosierojn Sendi glumarkon Foti aŭ filmi @@ -289,11 +286,9 @@ Ĉi tio ne ŝajnas esti valida retpoŝtadreso Ĉi tiu retpoŝtadreso jam estas difinita. Ĉu vi forgesis pasvorton\? - Ĉi tiu hejmservilo volas certiĝi, ke vi ne estas roboto Necesas enigi la retpoŝtadreson ligitan al via konto. Malsukcesis kontroli retpoŝtadreson: certiĝu, ke vi klakis la ligilon en la retletero - Bonvolu tralegi kaj akcepti la politikojn de ĉi tiu hejmservilo: Originala Granda @@ -304,11 +299,9 @@ %d elektita %d elektitaj - Serĉi Filtri ĉambranojn Neniuj rezultoj - Ĉiuj mesaĝoj Kiam mi estas invitita al ĉambro Invitoj al vokoj @@ -325,7 +318,6 @@ Vi ne sciiĝos pri envenaj mesaĝoj dum la aplikaĵo estas fone. Ruliĝi je eko de sistemo Tempolimo de petoj por spegulado - Prokrasto inter ĉiu spegulado Versio Versio de olm @@ -398,14 +390,10 @@ Voko progresas… Vidvoko progresas… Informoj - - ${app_name} bezonas permeson aliri vian mikrofonon por fari voĉvokojn. - ${app_name} bezonas premeson aliri viajn filmilon kaj mikrofonon por fari vidvokojn. \n \nBonvolu permesi aliron per la sekva ŝprucpeto, por ebligi la vokon. - JES NE Daŭrigi @@ -413,15 +401,10 @@ Aliĝi Rifuzi Listigi ĉambranojn - %d ĉambrano %d ĉambranoj - - - - Foriri de ĉambro Ĉu vi certe volas foriri de la ĉambro\? Inviti @@ -496,7 +479,6 @@ \nViaj mesaĝoj estas sekurigitaj per seruroj, kaj nur vi kaj la adresato havas la unikajn ŝlosilojn por ilin malŝlosi. Mesaĝoj ĉi tie ne estas tutvoje ĉifrataj. Mesaĝoj en ĉi tiu ĉambro ne estas tutvoje ĉifrataj. - Atendante je %s… %s kontroliĝis Kontroli %s @@ -683,7 +665,6 @@ Ĉiuj mesaĝoj Ĉiuj mesaĝoj (laŭte) Malatenti uzanton - Ĉi tiu enhavo estis raportita kiel maltaŭga. \n \nSe vi ne plu volas vidi enhavon de ĉi tiu uzanto, vi povas malatenti ĝin por kaŝi ĝiajn mesaĝojn. @@ -843,8 +824,6 @@ Nekonata eraro %s volas kontroli vian salutaĵon Kontrolpeto - - Komprenite Kontrolite! Subskribo @@ -863,7 +842,6 @@ Neniam perdu ĉifritajn mesaĝojn Malhelpu perdon de aliro al ĉifritaj mesaĝoj kaj datumoj Sekura savkopio - Ĉu forigi viajn savkopiitajn ĉifrajn ŝlosilojn de la servilo\? Vi ne plu povos uzi vian rehavan ŝlosilon por legi historion de ĉifritaj mesaĝoj. Forigi savkopion Kontrolante staton de savkopio @@ -917,7 +895,6 @@ Ŝajnas, ke vi jam agordis savkopiadon de ŝlosiloj el alia salutaĵo. Ĉu vi volas anstataŭigi ĝin per tiu, kiun vi nun kreas\? Savkopio jam ekzistas en via hejmservilo La rehava ŝlosilo estas konservita. - Konservi kiel dosieron Havigi Konservi rehavan ŝlosilon @@ -975,8 +952,6 @@ Kialo: %1$s %2$s vin forbaris de %1$s %2$s vin forpelis de %1$s - - Ŝanĝas vian prezentan nomon Forpelas uzanton kun la donita identigilo Agordi temon por la ĉambro @@ -1085,7 +1060,6 @@ %d ĉambro %d ĉambroj - %d nelegita mesaĝo sciigita %d nelegitaj mesaĝoj sciigitaj @@ -1093,7 +1067,6 @@ Ĉiuj propraj ĉambroj de %s Ĉiuj ĉambroj de servilo %s Nomo de servilo - Se ili ne akordas, la sekureco de via komunikado eble estas rompita. Konfirmu per komparo de la jeno kun la agordoj de uzanto en alia via salutaĵo: Kontroli @@ -1109,7 +1082,6 @@ Enporti Enporti la ŝlosilojn el loka dosiero Enporti ŝlosilojn de ĉambroj - Enporti tutvoje ĉifrajn ŝlosilojn de ĉambroj Administri savkopiadon de ŝlosiloj Rehavo de ĉifritaj mesaĝoj @@ -1124,7 +1096,6 @@ Publika nomo Eraris malĉifrado Haŭto - session_name: app_display_name: push_key: @@ -1185,7 +1156,6 @@ Hejmservilo Salutinta kiel Aŭtentikigo - %1$s @ %2$s Lastatempe vidita Ĝisdatigi publikan nomon @@ -1194,7 +1164,6 @@ ${app_name} kolektas sennomajn analizojn por helpi al ni plibonigi la aplikaĵon. Sendi datumojn de analizo Analizo - Administri viajn agordojn de trovado. Trovado Malŝalti mian konton @@ -1333,7 +1302,6 @@ Aldoni retpoŝtadreson Prezenta nomo Profilbildo - Filtri forbaritajn uzantojn Akceptu la atestilon nur se administranto de la servilo publikigis fingrospuron akordan kun tiu ĉi-supre. La atestilo ŝanĝiĝis de antaŭe fidata al alia, nefidata. Eble la servilo renovigis sian atestilon. Kontaktu la administranton de la servilo por ricevi la ĝustan fingrospuron. @@ -1364,7 +1332,6 @@ Ĉu malaltigi vian propran povnivelon\? Nuligi inviton Individuaj ĉambroj - La alia flanko ne respondis la vokon. Voko finiĝis Konektante vokon… @@ -1701,7 +1668,6 @@ Se vi nuligos nun, vi eble perdos ĉifritajn mesaĝojn kaj datumojn, se vi perdos aliron al viaj salutoj. \n \nVi povas agordi sekuran savkopiadon kaj administri viajn ŝlosilojn per la agordoj. - Kopiu ĝin al via persona fora deponejo Konservu ĝin en USB-memorilo aŭ savkopia disko Presu ĝin kaj deponu ĝin en sekura loko @@ -1730,7 +1696,6 @@ Temo Temo de ĉambro (malnepra) Nomo de ĉambro - Elektu la rolojn bezonatajn por ŝanĝi diversajn partojn de la ĉambro Permesoj Montri kaj ĝisdatigi la rolojn bezonatajn por ŝanĝi diversajn partojn de la ĉambro. @@ -1804,7 +1769,7 @@ Komenca spegulado: \nElŝutante datumojn… - Komenca spegulado: + Komenca Spegulado: \nAtendante respondon de servilo… Malplena ĉambro (estis %s) @@ -1833,8 +1798,6 @@ Eraris transdonado de voko Transdonu Unue konsulti - - Aktiva voko (%1$s) Eraris serĉado de la telefonnumero Ciferplato @@ -1913,7 +1876,6 @@ Oni ne povas antaŭrigardi ĉi tiun ĉambron. Ĉu vi volas eniri\? Ĉi tiu ĉambro nun ne estas disponebla. \nReprovu poste, aŭ petu administranton de ĉambro kontroli, ĉu vi rajtas aliri. - Konsenti Nuligi mian konsenton Vi konsentis sendi retpoŝtadresojn kaj telefonnumerojn al ĉi tiu identiga servilo por trovi aliajn uzantojn el viaj kontaktoj. @@ -2220,7 +2182,7 @@ Sciigu min pri VI ne ricevos sciigojn al poŝtelefono pri mencioj kaj ĉefvortoj en ĉifritaj ĉambroj. Ĉefvortoj - + Ĉefvortoj ne povas enhavi «%s» Ĉefvortoj ne povas eki per «.» Aldoni novan ĉefvorton @@ -2252,4 +2214,5 @@ Vidvoko kun %s Sonorante… Aroj + - Iom uzantoj reatentita \ No newline at end of file From e35ee031785653b1969c5e4bc3bd824ab91c8250 Mon Sep 17 00:00:00 2001 From: Benoit Marty Date: Fri, 6 May 2022 18:40:38 +0200 Subject: [PATCH 100/433] Try to workaround Dependabot issue #5961 --- build.gradle | 14 +++++++++++--- library/jsonviewer/build.gradle | 10 ++++++++-- matrix-sdk-android/build.gradle | 5 ++++- 3 files changed, 23 insertions(+), 6 deletions(-) diff --git a/build.gradle b/build.gradle index badc1da569..bf7f622380 100644 --- a/build.gradle +++ b/build.gradle @@ -5,7 +5,10 @@ buildscript { apply from: 'dependencies_groups.gradle' repositories { - google() + // Do not use `google()`, it prevents Dependabot from working properly + maven { + url 'https://maven.google.com' + } maven { url "https://plugins.gradle.org/m2/" } @@ -47,6 +50,7 @@ allprojects { apply plugin: "org.jlleitschuh.gradle.ktlint" repositories { + // Do not use `mavenCentral()`, it prevents Dependabot from working properly maven { url 'https://repo1.maven.org/maven2' content { @@ -71,14 +75,18 @@ allprojects { groups.jitsi.group.each { includeGroup it } } } - google { + // Do not use `google()`, it prevents Dependabot from working properly + maven { + url 'https://maven.google.com' content { groups.google.regex.each { includeGroupByRegex it } groups.google.group.each { includeGroup it } } } //noinspection JcenterRepositoryObsolete - jcenter { + // Do not use `jcenter`, it prevents Dependabot from working properly + maven { + url 'https://jcenter.bintray.com' content { groups.jcenter.regex.each { includeGroupByRegex it } groups.jcenter.group.each { includeGroup it } diff --git a/library/jsonviewer/build.gradle b/library/jsonviewer/build.gradle index d5486911bc..2110747feb 100644 --- a/library/jsonviewer/build.gradle +++ b/library/jsonviewer/build.gradle @@ -6,8 +6,14 @@ apply plugin: 'com.jakewharton.butterknife' buildscript { repositories { - google() - maven { url 'https://repo1.maven.org/maven2' } + // Do not use `google()`, it prevents Dependabot from working properly + maven { + url 'https://maven.google.com' + } + // Do not use `mavenCentral()`, it prevents Dependabot from working properly + maven { + url 'https://repo1.maven.org/maven2' + } } dependencies { classpath 'com.jakewharton:butterknife-gradle-plugin:10.2.3' diff --git a/matrix-sdk-android/build.gradle b/matrix-sdk-android/build.gradle index f0a8e33124..14b9bd008c 100644 --- a/matrix-sdk-android/build.gradle +++ b/matrix-sdk-android/build.gradle @@ -7,7 +7,10 @@ apply plugin: "org.jetbrains.dokka" buildscript { repositories { - maven { url 'https://repo1.maven.org/maven2' } + // Do not use `mavenCentral()`, it prevents Dependabot from working properly + maven { + url 'https://repo1.maven.org/maven2' + } } dependencies { classpath "io.realm:realm-gradle-plugin:10.9.0" From 9a1dbb27d43db58780d5193310e354ca50c33506 Mon Sep 17 00:00:00 2001 From: Onuray Sahin Date: Mon, 9 May 2022 13:25:00 +0300 Subject: [PATCH 101/433] Stop proximity sensor while sharing screen. --- .../app/features/call/VectorCallViewModel.kt | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/vector/src/main/java/im/vector/app/features/call/VectorCallViewModel.kt b/vector/src/main/java/im/vector/app/features/call/VectorCallViewModel.kt index 880dcf6e33..eca4a1b7db 100644 --- a/vector/src/main/java/im/vector/app/features/call/VectorCallViewModel.kt +++ b/vector/src/main/java/im/vector/app/features/call/VectorCallViewModel.kt @@ -156,9 +156,10 @@ class VectorCallViewModel @AssistedInject constructor( } } - override fun onAudioDevicesChange() { - val currentSoundDevice = callManager.audioManager.selectedDevice ?: return - if (currentSoundDevice == CallAudioManager.Device.Phone) { + override fun onAudioDevicesChange() = withState { state -> + val currentSoundDevice = callManager.audioManager.selectedDevice ?: return@withState + val webRtcCall = callManager.getCallById(state.callId) + if (webRtcCall != null && shouldActivateProximitySensor(webRtcCall)) { proximityManager.start() } else { proximityManager.stop() @@ -205,7 +206,7 @@ class VectorCallViewModel @AssistedInject constructor( callManager.addListener(callManagerListener) webRtcCall.addListener(callListener) val currentSoundDevice = callManager.audioManager.selectedDevice - if (currentSoundDevice == CallAudioManager.Device.Phone) { + if (shouldActivateProximitySensor(webRtcCall)) { proximityManager.start() } setState { @@ -232,6 +233,10 @@ class VectorCallViewModel @AssistedInject constructor( } } + private fun shouldActivateProximitySensor(webRtcCall: WebRtcCall): Boolean { + return callManager.audioManager.selectedDevice == CallAudioManager.Device.Phone && !webRtcCall.isSharingScreen() + } + private fun WebRtcCall.extractCallInfo(): VectorCallViewState.CallInfo { val assertedIdentity = this.remoteAssertedIdentity val matrixItem = if (assertedIdentity != null) { @@ -351,6 +356,7 @@ class VectorCallViewModel @AssistedInject constructor( } is VectorCallViewActions.StartScreenSharing -> { call?.startSharingScreen(action.videoCapturer) + proximityManager.stop() setState { copy(isSharingScreen = true) } @@ -367,6 +373,9 @@ class VectorCallViewModel @AssistedInject constructor( _viewEvents.post( VectorCallViewEvents.StopScreenSharingService ) + if (callManager.audioManager.selectedDevice == CallAudioManager.Device.Phone) { + proximityManager.start() + } } else { _viewEvents.post( VectorCallViewEvents.ShowScreenSharingPermissionDialog From 867bd363fd49f23ba7ae9dfc25c23af7fe34fb1a Mon Sep 17 00:00:00 2001 From: Michael Kaye <1917473+michaelkaye@users.noreply.github.com> Date: Mon, 9 May 2022 11:48:40 +0100 Subject: [PATCH 102/433] Document need for public_baseurl to be correctly set. --- docs/integration_tests.md | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/docs/integration_tests.md b/docs/integration_tests.md index 0fa1998499..b528724444 100644 --- a/docs/integration_tests.md +++ b/docs/integration_tests.md @@ -43,14 +43,17 @@ virtualenv -p python3 env source env/bin/activate pip install -e . demo/start.sh --no-rate-limit + ``` -Alternatively, to install the latest Synapse release package (and not a cloned branch) you can run the following instead of `pip install -e .`: +Alternatively, to install the latest Synapse release package (and not a cloned branch) you can run the following instead of `git clone` and `pip install -e .`: ```bash pip install matrix-synapse ``` +### Integration test failures + You should now have 3 running federated Synapse instances 🎉, at http://127.0.0.1:8080/, http://127.0.0.1:8081/ and http://127.0.0.1:8082/, which should display a "It Works! Synapse is running" message. ## Run the test @@ -87,6 +90,18 @@ You'll need python3 to be able to run synapse Try on the Emulator browser to open "http://10.0.2.2:8080". You should see the "Synapse is running" message. +### Tests partially run but some fail with "Unable to contact localhost:8080" + +This is because the `public_baseurl` of synapse is not consistent with the endpoint that the tests are connecting to. + +Ensure you have the following configuration in `demo/etc/8080.config`. + +``` +public_baseurl: http://10.0.2.2:8080/ +``` + +After changing this you will need to restart synapse using `demo/stop.sh` and `demo/start.sh` to load the new configuration. + ### virtualenv command fails You can try using From 21fc4e31b4adea5f5a7432230121d97d2b569a22 Mon Sep 17 00:00:00 2001 From: Michael Kaye <1917473+michaelkaye@users.noreply.github.com> Date: Mon, 9 May 2022 11:54:59 +0100 Subject: [PATCH 103/433] Towncrier --- changelog.d/5973.doc | 1 + 1 file changed, 1 insertion(+) create mode 100644 changelog.d/5973.doc diff --git a/changelog.d/5973.doc b/changelog.d/5973.doc new file mode 100644 index 0000000000..cd3b31dd21 --- /dev/null +++ b/changelog.d/5973.doc @@ -0,0 +1 @@ +Note public_baseurl requirement in integration tests documentation. From 90aad44edfc6beafe151c66dbeb2ca2db1bcc5f6 Mon Sep 17 00:00:00 2001 From: Maxime NATUREL Date: Fri, 29 Apr 2022 16:28:34 +0200 Subject: [PATCH 104/433] Adding live location summary data into MessageInformationData --- .../helper/MessageInformationDataFactory.kt | 17 ++++++++++++++--- .../timeline/item/MessageInformationData.kt | 12 +++++++++++- 2 files changed, 25 insertions(+), 4 deletions(-) diff --git a/vector/src/main/java/im/vector/app/features/home/room/detail/timeline/helper/MessageInformationDataFactory.kt b/vector/src/main/java/im/vector/app/features/home/room/detail/timeline/helper/MessageInformationDataFactory.kt index f882840eee..8fb7aea7e4 100644 --- a/vector/src/main/java/im/vector/app/features/home/room/detail/timeline/helper/MessageInformationDataFactory.kt +++ b/vector/src/main/java/im/vector/app/features/home/room/detail/timeline/helper/MessageInformationDataFactory.kt @@ -21,6 +21,7 @@ import im.vector.app.core.date.VectorDateFormatter import im.vector.app.core.extensions.localDateTime import im.vector.app.features.home.room.detail.timeline.factory.TimelineItemFactoryParams import im.vector.app.features.home.room.detail.timeline.item.E2EDecoration +import im.vector.app.features.home.room.detail.timeline.item.LiveLocationShareSummaryData import im.vector.app.features.home.room.detail.timeline.item.MessageInformationData import im.vector.app.features.home.room.detail.timeline.item.PollResponseData import im.vector.app.features.home.room.detail.timeline.item.PollVoteSummaryData @@ -44,8 +45,7 @@ import org.matrix.android.sdk.api.session.room.timeline.hasBeenEdited import javax.inject.Inject /** - * TODO Update this comment - * This class compute if data of an event (such has avatar, display name, ...) should be displayed, depending on the previous event in the timeline + * This class is responsible of building extra information data associated to a given event. */ class MessageInformationDataFactory @Inject constructor(private val session: Session, private val dateFormatter: VectorDateFormatter, @@ -119,7 +119,8 @@ class MessageInformationDataFactory @Inject constructor(private val session: Ses isFirstFromThisSender = isFirstFromThisSender, isLastFromThisSender = isLastFromThisSender, e2eDecoration = e2eDecoration, - sendStateDecoration = sendStateDecoration + sendStateDecoration = sendStateDecoration, + liveLocationShareSummaryData = getLiveLocationShareSummaryData(event) ) } @@ -188,6 +189,16 @@ class MessageInformationDataFactory @Inject constructor(private val session: Ses } } + private fun getLiveLocationShareSummaryData(event: TimelineEvent): LiveLocationShareSummaryData? { + return event.annotations?.liveLocationShareAggregatedSummary?.let { summary -> + LiveLocationShareSummaryData( + isActive = summary.isActive, + endOfLiveTimestampAsMilliseconds = summary.endOfLiveTimestampAsMilliseconds, + lastGeoUri = summary.lastLocationDataContent?.getBestLocationInfo()?.geoUri + ) + } + } + /** * Tiles type message never show the sender information (like verification request), so we should repeat it for next message * even if same sender diff --git a/vector/src/main/java/im/vector/app/features/home/room/detail/timeline/item/MessageInformationData.kt b/vector/src/main/java/im/vector/app/features/home/room/detail/timeline/item/MessageInformationData.kt index 9620077fd8..8ad4034a32 100644 --- a/vector/src/main/java/im/vector/app/features/home/room/detail/timeline/item/MessageInformationData.kt +++ b/vector/src/main/java/im/vector/app/features/home/room/detail/timeline/item/MessageInformationData.kt @@ -20,6 +20,8 @@ import android.os.Parcelable import im.vector.app.features.home.room.detail.timeline.style.TimelineMessageLayout import kotlinx.parcelize.Parcelize import org.matrix.android.sdk.api.session.crypto.verification.VerificationState +import org.matrix.android.sdk.api.session.room.model.message.LocationInfo +import org.matrix.android.sdk.api.session.room.model.message.MessageBeaconLocationDataContent import org.matrix.android.sdk.api.session.room.send.SendState import org.matrix.android.sdk.api.util.MatrixItem @@ -42,7 +44,8 @@ data class MessageInformationData( val e2eDecoration: E2EDecoration = E2EDecoration.NONE, val sendStateDecoration: SendStateDecoration = SendStateDecoration.NONE, val isFirstFromThisSender: Boolean = false, - val isLastFromThisSender: Boolean = false + val isLastFromThisSender: Boolean = false, + val liveLocationShareSummaryData: LiveLocationShareSummaryData? = null, ) : Parcelable { val matrixItem: MatrixItem @@ -98,6 +101,13 @@ data class PollVoteSummaryData( val percentage: Double = 0.0 ) : Parcelable +@Parcelize +data class LiveLocationShareSummaryData( + val isActive: Boolean?, + val endOfLiveTimestampAsMilliseconds: Long?, + val lastGeoUri: String?, +) : Parcelable + enum class E2EDecoration { NONE, WARN_IN_CLEAR, From 0561fe5b08fd52baee71b3ad3fd3c81d1289cfd6 Mon Sep 17 00:00:00 2001 From: Maxime NATUREL Date: Fri, 29 Apr 2022 17:00:32 +0200 Subject: [PATCH 105/433] Using information data in message factory --- .../factory/LiveLocationMessageItemFactory.kt | 16 ++++++++++------ .../timeline/factory/MessageItemFactory.kt | 2 +- 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/vector/src/main/java/im/vector/app/features/home/room/detail/timeline/factory/LiveLocationMessageItemFactory.kt b/vector/src/main/java/im/vector/app/features/home/room/detail/timeline/factory/LiveLocationMessageItemFactory.kt index d233deffb8..3656b86b79 100644 --- a/vector/src/main/java/im/vector/app/features/home/room/detail/timeline/factory/LiveLocationMessageItemFactory.kt +++ b/vector/src/main/java/im/vector/app/features/home/room/detail/timeline/factory/LiveLocationMessageItemFactory.kt @@ -21,9 +21,11 @@ import im.vector.app.core.utils.DimensionConverter import im.vector.app.features.home.room.detail.timeline.helper.AvatarSizeProvider import im.vector.app.features.home.room.detail.timeline.helper.TimelineMediaSizeProvider import im.vector.app.features.home.room.detail.timeline.item.AbsMessageItem +import im.vector.app.features.home.room.detail.timeline.item.LiveLocationShareSummaryData import im.vector.app.features.home.room.detail.timeline.item.MessageLiveLocationStartItem import im.vector.app.features.home.room.detail.timeline.item.MessageLiveLocationStartItem_ import org.matrix.android.sdk.api.extensions.orFalse +import org.matrix.android.sdk.api.extensions.orTrue import org.matrix.android.sdk.api.session.room.model.message.MessageBeaconInfoContent import javax.inject.Inject @@ -34,20 +36,22 @@ class LiveLocationMessageItemFactory @Inject constructor( ) { fun create( - beaconInfoContent: MessageBeaconInfoContent, + liveLocationShareSummaryData: LiveLocationShareSummaryData?, highlight: Boolean, attributes: AbsMessageItem.Attributes, ): VectorEpoxyModel<*>? { // TODO handle location received and stopped states + // TODO create a dedicated ViewState return when { - isLiveRunning(beaconInfoContent) -> buildStartLiveItem(highlight, attributes) - else -> null + liveLocationShareSummaryData == null -> null + isLiveRunning(liveLocationShareSummaryData) -> buildStartLiveItem(highlight, attributes) + else -> null } } - private fun isLiveRunning(beaconInfoContent: MessageBeaconInfoContent): Boolean { - // TODO when we will use aggregatedSummary, check if the live has timed out as well - return beaconInfoContent.isLive.orFalse() + private fun isLiveRunning(liveLocationShareSummaryData: LiveLocationShareSummaryData): Boolean { + // TODO check if the live has timed out as well + return liveLocationShareSummaryData.isActive.orFalse() } private fun buildStartLiveItem( diff --git a/vector/src/main/java/im/vector/app/features/home/room/detail/timeline/factory/MessageItemFactory.kt b/vector/src/main/java/im/vector/app/features/home/room/detail/timeline/factory/MessageItemFactory.kt index b960e2c6a9..953c45f07e 100644 --- a/vector/src/main/java/im/vector/app/features/home/room/detail/timeline/factory/MessageItemFactory.kt +++ b/vector/src/main/java/im/vector/app/features/home/room/detail/timeline/factory/MessageItemFactory.kt @@ -216,7 +216,7 @@ class MessageItemFactory @Inject constructor( buildMessageTextItem(messageContent.body, false, informationData, highlight, callback, attributes) } } - is MessageBeaconInfoContent -> liveLocationMessageItemFactory.create(messageContent, highlight, attributes) + is MessageBeaconInfoContent -> liveLocationMessageItemFactory.create(informationData.liveLocationShareSummaryData, highlight, attributes) else -> buildNotHandledMessageItem(messageContent, informationData, highlight, callback, attributes) } return messageItem?.apply { From d89d6bc1623f8df0d0f5943ec2bfd2c748d77997 Mon Sep 17 00:00:00 2001 From: Maxime NATUREL Date: Mon, 2 May 2022 09:13:05 +0200 Subject: [PATCH 106/433] Adding view state class --- .../factory/LiveLocationMessageItemFactory.kt | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/vector/src/main/java/im/vector/app/features/home/room/detail/timeline/factory/LiveLocationMessageItemFactory.kt b/vector/src/main/java/im/vector/app/features/home/room/detail/timeline/factory/LiveLocationMessageItemFactory.kt index 3656b86b79..86a5847605 100644 --- a/vector/src/main/java/im/vector/app/features/home/room/detail/timeline/factory/LiveLocationMessageItemFactory.kt +++ b/vector/src/main/java/im/vector/app/features/home/room/detail/timeline/factory/LiveLocationMessageItemFactory.kt @@ -25,8 +25,8 @@ import im.vector.app.features.home.room.detail.timeline.item.LiveLocationShareSu import im.vector.app.features.home.room.detail.timeline.item.MessageLiveLocationStartItem import im.vector.app.features.home.room.detail.timeline.item.MessageLiveLocationStartItem_ import org.matrix.android.sdk.api.extensions.orFalse -import org.matrix.android.sdk.api.extensions.orTrue -import org.matrix.android.sdk.api.session.room.model.message.MessageBeaconInfoContent +import org.matrix.android.sdk.api.session.room.model.message.LocationInfo +import java.time.LocalDateTime import javax.inject.Inject class LiveLocationMessageItemFactory @Inject constructor( @@ -68,4 +68,11 @@ class LiveLocationMessageItemFactory @Inject constructor( .highlighted(highlight) .leftGuideline(avatarSizeProvider.leftGuideline) } + + private sealed class LiveLocationShareViewState { + object Loading : LiveLocationShareViewState() + data class Running(val locationInfo: LocationInfo, val endOfLiveDateTime: LocalDateTime?) : LiveLocationShareViewState() + object Inactive : LiveLocationShareViewState() + object Unkwown : LiveLocationShareViewState() + } } From 68a44c4cc77e85bbfd983b4aee3043a2dd7fe40d Mon Sep 17 00:00:00 2001 From: Maxime NATUREL Date: Mon, 2 May 2022 09:13:59 +0200 Subject: [PATCH 107/433] Renaming message item factory --- ...eItemFactory.kt => LiveLocationShareMessageItemFactory.kt} | 2 +- .../home/room/detail/timeline/factory/MessageItemFactory.kt | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) rename vector/src/main/java/im/vector/app/features/home/room/detail/timeline/factory/{LiveLocationMessageItemFactory.kt => LiveLocationShareMessageItemFactory.kt} (98%) diff --git a/vector/src/main/java/im/vector/app/features/home/room/detail/timeline/factory/LiveLocationMessageItemFactory.kt b/vector/src/main/java/im/vector/app/features/home/room/detail/timeline/factory/LiveLocationShareMessageItemFactory.kt similarity index 98% rename from vector/src/main/java/im/vector/app/features/home/room/detail/timeline/factory/LiveLocationMessageItemFactory.kt rename to vector/src/main/java/im/vector/app/features/home/room/detail/timeline/factory/LiveLocationShareMessageItemFactory.kt index 86a5847605..f243da7c81 100644 --- a/vector/src/main/java/im/vector/app/features/home/room/detail/timeline/factory/LiveLocationMessageItemFactory.kt +++ b/vector/src/main/java/im/vector/app/features/home/room/detail/timeline/factory/LiveLocationShareMessageItemFactory.kt @@ -29,7 +29,7 @@ import org.matrix.android.sdk.api.session.room.model.message.LocationInfo import java.time.LocalDateTime import javax.inject.Inject -class LiveLocationMessageItemFactory @Inject constructor( +class LiveLocationShareMessageItemFactory @Inject constructor( private val dimensionConverter: DimensionConverter, private val timelineMediaSizeProvider: TimelineMediaSizeProvider, private val avatarSizeProvider: AvatarSizeProvider, diff --git a/vector/src/main/java/im/vector/app/features/home/room/detail/timeline/factory/MessageItemFactory.kt b/vector/src/main/java/im/vector/app/features/home/room/detail/timeline/factory/MessageItemFactory.kt index 953c45f07e..6f22b3eff4 100644 --- a/vector/src/main/java/im/vector/app/features/home/room/detail/timeline/factory/MessageItemFactory.kt +++ b/vector/src/main/java/im/vector/app/features/home/room/detail/timeline/factory/MessageItemFactory.kt @@ -148,7 +148,7 @@ class MessageItemFactory @Inject constructor( private val locationPinProvider: LocationPinProvider, private val vectorPreferences: VectorPreferences, private val urlMapProvider: UrlMapProvider, - private val liveLocationMessageItemFactory: LiveLocationMessageItemFactory, + private val liveLocationShareMessageItemFactory: LiveLocationShareMessageItemFactory, ) { // TODO inject this properly? @@ -216,7 +216,7 @@ class MessageItemFactory @Inject constructor( buildMessageTextItem(messageContent.body, false, informationData, highlight, callback, attributes) } } - is MessageBeaconInfoContent -> liveLocationMessageItemFactory.create(informationData.liveLocationShareSummaryData, highlight, attributes) + is MessageBeaconInfoContent -> liveLocationShareMessageItemFactory.create(informationData.liveLocationShareSummaryData, highlight, attributes) else -> buildNotHandledMessageItem(messageContent, informationData, highlight, callback, attributes) } return messageItem?.apply { From d44a6c50f1f4b5623c4688103a8621eaf139150c Mon Sep 17 00:00:00 2001 From: Maxime NATUREL Date: Mon, 2 May 2022 09:47:07 +0200 Subject: [PATCH 108/433] Fixes in DateProvider --- .../vector/app/core/resources/DateProvider.kt | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/vector/src/main/java/im/vector/app/core/resources/DateProvider.kt b/vector/src/main/java/im/vector/app/core/resources/DateProvider.kt index 30cb1dcae4..6762bd68da 100644 --- a/vector/src/main/java/im/vector/app/core/resources/DateProvider.kt +++ b/vector/src/main/java/im/vector/app/core/resources/DateProvider.kt @@ -19,27 +19,30 @@ package im.vector.app.core.resources import org.threeten.bp.Instant import org.threeten.bp.LocalDateTime import org.threeten.bp.ZoneId +import org.threeten.bp.ZoneOffset object DateProvider { - private val zoneId = ZoneId.systemDefault() - private val zoneOffset by lazy { - val now = currentLocalDateTime() - zoneId.rules.getOffset(now) - } + // recompute the zoneId each time we access it to handle change of timezones + private val defaultZoneId: ZoneId + get() = ZoneId.systemDefault() + + // recompute the zoneOffset each time we access it to handle change of timezones + private val defaultZoneOffset: ZoneOffset + get() = defaultZoneId.rules.getOffset(currentLocalDateTime()) fun toLocalDateTime(timestamp: Long?): LocalDateTime { val instant = Instant.ofEpochMilli(timestamp ?: 0) - return LocalDateTime.ofInstant(instant, zoneId) + return LocalDateTime.ofInstant(instant, defaultZoneId) } fun currentLocalDateTime(): LocalDateTime { val instant = Instant.now() - return LocalDateTime.ofInstant(instant, zoneId) + return LocalDateTime.ofInstant(instant, defaultZoneId) } fun toTimestamp(localDateTime: LocalDateTime): Long { - return localDateTime.toInstant(zoneOffset).toEpochMilli() + return localDateTime.toInstant(defaultZoneOffset).toEpochMilli() } } From 431d86166ff0ffa93fbe73d645856fd098e7c185 Mon Sep 17 00:00:00 2001 From: Maxime NATUREL Date: Mon, 2 May 2022 09:47:48 +0200 Subject: [PATCH 109/433] Building correct item depending on the state of the live --- .../LiveLocationShareMessageItemFactory.kt | 56 ++++++++++++++----- 1 file changed, 41 insertions(+), 15 deletions(-) diff --git a/vector/src/main/java/im/vector/app/features/home/room/detail/timeline/factory/LiveLocationShareMessageItemFactory.kt b/vector/src/main/java/im/vector/app/features/home/room/detail/timeline/factory/LiveLocationShareMessageItemFactory.kt index f243da7c81..760ec92cd6 100644 --- a/vector/src/main/java/im/vector/app/features/home/room/detail/timeline/factory/LiveLocationShareMessageItemFactory.kt +++ b/vector/src/main/java/im/vector/app/features/home/room/detail/timeline/factory/LiveLocationShareMessageItemFactory.kt @@ -17,6 +17,7 @@ package im.vector.app.features.home.room.detail.timeline.factory import im.vector.app.core.epoxy.VectorEpoxyModel +import im.vector.app.core.resources.DateProvider import im.vector.app.core.utils.DimensionConverter import im.vector.app.features.home.room.detail.timeline.helper.AvatarSizeProvider import im.vector.app.features.home.room.detail.timeline.helper.TimelineMediaSizeProvider @@ -25,8 +26,8 @@ import im.vector.app.features.home.room.detail.timeline.item.LiveLocationShareSu import im.vector.app.features.home.room.detail.timeline.item.MessageLiveLocationStartItem import im.vector.app.features.home.room.detail.timeline.item.MessageLiveLocationStartItem_ import org.matrix.android.sdk.api.extensions.orFalse -import org.matrix.android.sdk.api.session.room.model.message.LocationInfo -import java.time.LocalDateTime +import org.threeten.bp.LocalDateTime +import timber.log.Timber import javax.inject.Inject class LiveLocationShareMessageItemFactory @Inject constructor( @@ -40,21 +41,15 @@ class LiveLocationShareMessageItemFactory @Inject constructor( highlight: Boolean, attributes: AbsMessageItem.Attributes, ): VectorEpoxyModel<*>? { - // TODO handle location received and stopped states - // TODO create a dedicated ViewState - return when { - liveLocationShareSummaryData == null -> null - isLiveRunning(liveLocationShareSummaryData) -> buildStartLiveItem(highlight, attributes) - else -> null + return when (getViewState(liveLocationShareSummaryData)) { + LiveLocationShareViewState.Loading -> buildLoadingItem(highlight, attributes) + LiveLocationShareViewState.Inactive -> buildInactiveItem() + is LiveLocationShareViewState.Running -> buildRunningItem() + LiveLocationShareViewState.Unkwown -> null } } - private fun isLiveRunning(liveLocationShareSummaryData: LiveLocationShareSummaryData): Boolean { - // TODO check if the live has timed out as well - return liveLocationShareSummaryData.isActive.orFalse() - } - - private fun buildStartLiveItem( + private fun buildLoadingItem( highlight: Boolean, attributes: AbsMessageItem.Attributes, ): MessageLiveLocationStartItem { @@ -69,9 +64,40 @@ class LiveLocationShareMessageItemFactory @Inject constructor( .leftGuideline(avatarSizeProvider.leftGuideline) } + private fun buildRunningItem() = null + + private fun buildInactiveItem() = null + + private fun getViewState(liveLocationShareSummaryData: LiveLocationShareSummaryData?): LiveLocationShareViewState { + return when { + liveLocationShareSummaryData?.isActive == null -> LiveLocationShareViewState.Unkwown + liveLocationShareSummaryData.isActive && liveLocationShareSummaryData.lastGeoUri.isNullOrEmpty() -> LiveLocationShareViewState.Loading + liveLocationShareSummaryData.isActive.not() || isLiveTimedOut(liveLocationShareSummaryData) -> LiveLocationShareViewState.Inactive + else -> + LiveLocationShareViewState.Running( + liveLocationShareSummaryData.lastGeoUri.orEmpty(), + getEndOfLiveDateTime(liveLocationShareSummaryData) + ) + }.also { viewState -> Timber.d("computed viewState: $viewState") } + } + + private fun isLiveTimedOut(liveLocationShareSummaryData: LiveLocationShareSummaryData): Boolean { + return getEndOfLiveDateTime(liveLocationShareSummaryData) + ?.let { endOfLive -> + // this will only cover users with different timezones but not users with manually time set + val now = LocalDateTime.now() + now.isAfter(endOfLive) + } + .orFalse() + } + + private fun getEndOfLiveDateTime(liveLocationShareSummaryData: LiveLocationShareSummaryData): LocalDateTime? { + return liveLocationShareSummaryData.endOfLiveTimestampAsMilliseconds?.let { DateProvider.toLocalDateTime(timestamp = it) } + } + private sealed class LiveLocationShareViewState { object Loading : LiveLocationShareViewState() - data class Running(val locationInfo: LocationInfo, val endOfLiveDateTime: LocalDateTime?) : LiveLocationShareViewState() + data class Running(val lastGeoUri: String, val endOfLiveDateTime: LocalDateTime?) : LiveLocationShareViewState() object Inactive : LiveLocationShareViewState() object Unkwown : LiveLocationShareViewState() } From df1ba8ec88f6295b6df663071a113ccf8ee52a10 Mon Sep 17 00:00:00 2001 From: Maxime NATUREL Date: Mon, 4 Apr 2022 18:14:51 +0200 Subject: [PATCH 110/433] Custom view for the banner --- .../src/main/res/values/styles_location.xml | 8 +++ .../live/LocationLiveMessageBannerView.kt | 40 +++++++++++ .../view_location_live_message_banner.xml | 67 +++++++++++++++++++ vector/src/main/res/values/strings.xml | 1 + 4 files changed, 116 insertions(+) create mode 100644 vector/src/main/java/im/vector/app/features/location/live/LocationLiveMessageBannerView.kt create mode 100644 vector/src/main/res/layout/view_location_live_message_banner.xml diff --git a/library/ui-styles/src/main/res/values/styles_location.xml b/library/ui-styles/src/main/res/values/styles_location.xml index 5563d28342..8f76ed469e 100644 --- a/library/ui-styles/src/main/res/values/styles_location.xml +++ b/library/ui-styles/src/main/res/values/styles_location.xml @@ -8,4 +8,12 @@ center + + diff --git a/vector/src/main/java/im/vector/app/features/location/live/LocationLiveMessageBannerView.kt b/vector/src/main/java/im/vector/app/features/location/live/LocationLiveMessageBannerView.kt new file mode 100644 index 0000000000..95805d5b7d --- /dev/null +++ b/vector/src/main/java/im/vector/app/features/location/live/LocationLiveMessageBannerView.kt @@ -0,0 +1,40 @@ +/* + * Copyright (c) 2022 New Vector Ltd + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package im.vector.app.features.location.live + +import android.content.Context +import android.util.AttributeSet +import android.view.LayoutInflater +import android.widget.Button +import androidx.constraintlayout.widget.ConstraintLayout +import im.vector.app.databinding.ViewLocationLiveMessageBannerBinding +import im.vector.app.databinding.ViewLocationLiveStatusBinding + +class LocationLiveMessageBannerView @JvmOverloads constructor( + context: Context, + attrs: AttributeSet? = null, + defStyleAttr: Int = 0 +) : ConstraintLayout(context, attrs, defStyleAttr) { + + private val binding = ViewLocationLiveMessageBannerBinding.inflate( + LayoutInflater.from(context), + this + ) + + val stopButton: Button + get() = binding.locationLiveMessageBannerStop +} diff --git a/vector/src/main/res/layout/view_location_live_message_banner.xml b/vector/src/main/res/layout/view_location_live_message_banner.xml new file mode 100644 index 0000000000..f3345bac05 --- /dev/null +++ b/vector/src/main/res/layout/view_location_live_message_banner.xml @@ -0,0 +1,67 @@ + + + + + + + + + + + +