Skip to content
This repository has been archived by the owner on Sep 11, 2024. It is now read-only.

Commit

Permalink
Element-R: pass pickleKey in as raw key for indexeddb encryption
Browse files Browse the repository at this point in the history
Currently, we pass the `pickleKey` to the rust library for use as a passphrase
for encrypting its crypto store. The Rust libary then passes that passphrase
through 200000 rounds of PBKDF2 to generate an encryption key, which is
(deliberately) slow.

However, the pickleKey is actually 32 bytes of random data (base64-encoded). By
passing the raw key into the rust library, we can therefore save the PBKDF
operation.

Backwards-compatibility with existing sessions is maintained, because if the
rust library discovers that the store was previously encrypted with a key based
on a PBKDF, it will re-base64 and PBKDF the key we provide, thus reconstructing
the right key.
  • Loading branch information
richvdh committed May 16, 2024
1 parent 4e91d8b commit 2587615
Show file tree
Hide file tree
Showing 3 changed files with 48 additions and 20 deletions.
23 changes: 16 additions & 7 deletions src/Lifecycle.ts
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ limitations under the License.
*/

import { ReactNode } from "react";
import { createClient, MatrixClient, SSOAction, OidcTokenRefresher } from "matrix-js-sdk/src/matrix";
import { createClient, MatrixClient, SSOAction, OidcTokenRefresher, decodeBase64 } from "matrix-js-sdk/src/matrix";
import { IEncryptedPayload } from "matrix-js-sdk/src/crypto/aes";
import { QueryDict } from "matrix-js-sdk/src/utils";
import { logger } from "matrix-js-sdk/src/logger";
Expand Down Expand Up @@ -821,7 +821,10 @@ async function doSetLoggedIn(credentials: IMatrixClientCreds, clearStorageEnable
checkSessionLock();

dis.fire(Action.OnLoggedIn);
await startMatrixClient(client, /*startSyncing=*/ !softLogout);
// The pickleKey, if provided, is a base64-encoded 256-bit key, so can be used for the crypto store.
const storageKey = credentials.pickleKey ? decodeBase64(credentials.pickleKey) : undefined;
await startMatrixClient(client, /*startSyncing=*/ !softLogout, storageKey);
storageKey?.fill(0);

return client;
}
Expand Down Expand Up @@ -955,11 +958,17 @@ export function isLoggingOut(): boolean {
/**
* Starts the matrix client and all other react-sdk services that
* listen for events while a session is logged in.
*
* @param client the matrix client to start
* @param {boolean} startSyncing True (default) to actually start
* syncing the client.
* @param startSyncing True to actually start syncing the client.
* @param rustCryptoStoreKey - If we are using Rust Crypto, a key to encrypt the store with.
* If undefined, the store will be unencrypted.
*/
async function startMatrixClient(client: MatrixClient, startSyncing = true): Promise<void> {
async function startMatrixClient(
client: MatrixClient,
startSyncing: boolean,
rustCryptoStoreKey?: Uint8Array,
): Promise<void> {
logger.log(`Lifecycle: Starting MatrixClient`);

// dispatch this before starting the matrix client: it's used
Expand Down Expand Up @@ -990,10 +999,10 @@ async function startMatrixClient(client: MatrixClient, startSyncing = true): Pro
// index (e.g. the FilePanel), therefore initialize the event index
// before the client.
await EventIndexPeg.init();
await MatrixClientPeg.start();
await MatrixClientPeg.start(rustCryptoStoreKey);
} else {
logger.warn("Caller requested only auxiliary services be started");
await MatrixClientPeg.assign();
await MatrixClientPeg.assign(rustCryptoStoreKey);
}

checkSessionLock();
Expand Down
38 changes: 28 additions & 10 deletions src/MatrixClientPeg.ts
Original file line number Diff line number Diff line change
Expand Up @@ -103,14 +103,20 @@ export interface IMatrixClientPeg {
unset(): void;

/**
* Prepare the MatrixClient for use, including initialising the store and crypto, but do not start it
* Prepare the MatrixClient for use, including initialising the store and crypto, but do not start it.
*
* @param rustCryptoStoreKey - If we are using Rust crypto, a key with which to encrypt the indexeddb.
* If undefined, the store will be unencrypted.
*/
assign(): Promise<IStartClientOpts>;
assign(rustCryptoStoreKey?: Uint8Array): Promise<IStartClientOpts>;

/**
* Prepare the MatrixClient for use, including initialising the store and crypto, and start it
* Prepare the MatrixClient for use, including initialising the store and crypto, and start it.
*
* @param rustCryptoStoreKey - If we are using Rust crypto, a key with which to encrypt the indexeddb.
* If undefined, the store will be unencrypted.
*/
start(): Promise<void>;
start(rustCryptoStoreKey?: Uint8Array): Promise<void>;

/**
* If we've registered a user ID we set this to the ID of the
Expand Down Expand Up @@ -257,7 +263,10 @@ class MatrixClientPegClass implements IMatrixClientPeg {
PlatformPeg.get()?.reload();
};

public async assign(): Promise<IStartClientOpts> {
/**
* Implementation of {@link IMatrixClientPeg.assign}.
*/
public async assign(rustCryptoStoreKey?: Uint8Array): Promise<IStartClientOpts> {
if (!this.matrixClient) {
throw new Error("createClient must be called first");
}
Expand All @@ -284,7 +293,7 @@ class MatrixClientPegClass implements IMatrixClientPeg {

// try to initialise e2e on the new client
if (!SettingsStore.getValue("lowBandwidth")) {
await this.initClientCrypto();
await this.initClientCrypto(rustCryptoStoreKey);
}

const opts = utils.deepCopy(this.opts);
Expand All @@ -310,8 +319,11 @@ class MatrixClientPegClass implements IMatrixClientPeg {

/**
* Attempt to initialize the crypto layer on a newly-created MatrixClient
*
* @param rustCryptoStoreKey - If we are using Rust crypto, a key with which to encrypt the indexeddb.
* If undefined, the store will be unencrypted.
*/
private async initClientCrypto(): Promise<void> {
private async initClientCrypto(rustCryptoStoreKey?: Uint8Array): Promise<void> {
if (!this.matrixClient) {
throw new Error("createClient must be called first");
}
Expand Down Expand Up @@ -347,7 +359,10 @@ class MatrixClientPegClass implements IMatrixClientPeg {

// Now we can initialise the right crypto impl.
if (useRustCrypto) {
await this.matrixClient.initRustCrypto();
if (!rustCryptoStoreKey) {
logger.error("Warning! Not using an encryption key for rust crypto store.");
}
await this.matrixClient.initRustCrypto({ storageKey: rustCryptoStoreKey });

StorageManager.setCryptoInitialised(true);
// TODO: device dehydration and whathaveyou
Expand Down Expand Up @@ -376,8 +391,11 @@ class MatrixClientPegClass implements IMatrixClientPeg {
}
}

public async start(): Promise<void> {
const opts = await this.assign();
/**
* Implementation of {@link IMatrixClientPeg.start}.
*/
public async start(rustCryptoStoreKey?: Uint8Array): Promise<void> {
const opts = await this.assign(rustCryptoStoreKey);

logger.log(`MatrixClientPeg: really starting MatrixClient`);
await this.matrixClient!.startClient(opts);
Expand Down
7 changes: 4 additions & 3 deletions test/MatrixClientPeg-test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -243,9 +243,10 @@ describe("MatrixClientPeg", () => {
const mockInitCrypto = jest.spyOn(testPeg.safeGet(), "initCrypto").mockResolvedValue(undefined);
const mockInitRustCrypto = jest.spyOn(testPeg.safeGet(), "initRustCrypto").mockResolvedValue(undefined);

await testPeg.start();
const cryptoStoreKey = new Uint8Array([1, 2, 3, 4]);
await testPeg.start(cryptoStoreKey);
expect(mockInitCrypto).not.toHaveBeenCalled();
expect(mockInitRustCrypto).toHaveBeenCalledTimes(1);
expect(mockInitRustCrypto).toHaveBeenCalledWith({ storageKey: cryptoStoreKey });

// we should have stashed the setting in the settings store
expect(mockSetValue).toHaveBeenCalledWith("feature_rust_crypto", null, SettingLevel.DEVICE, true);
Expand All @@ -271,7 +272,7 @@ describe("MatrixClientPeg", () => {

await testPeg.start();
expect(mockInitCrypto).toHaveBeenCalled();
expect(mockInitRustCrypto).not.toHaveBeenCalledTimes(1);
expect(mockInitRustCrypto).not.toHaveBeenCalled();

// we should have stashed the setting in the settings store
expect(mockSetValue).toHaveBeenCalledWith("feature_rust_crypto", null, SettingLevel.DEVICE, false);
Expand Down

0 comments on commit 2587615

Please sign in to comment.