crypto: Allow finding SenderData based on known DeviceKeys

matrix-org · Jun 27, 2024 · 289f653 · 289f653
1 parent 7152714
commit 289f653
Show file tree

Hide file tree

Showing 6 changed files with 192 additions and 80 deletions.
diff --git a/crates/matrix-sdk-crypto/src/gossiping/machine.rs b/crates/matrix-sdk-crypto/src/gossiping/machine.rs
@@ -1216,6 +1216,8 @@ mod tests {
         create_sessions: bool,
         algorithm: EventEncryptionAlgorithm,
     ) -> (GossipMachine, OutboundGroupSession, GossipMachine) {
+        use crate::olm::SenderData;
+
         let alice_machine = get_machine_test_helper().await;
         let alice_device = ReadOnlyDevice::from_account(
             &alice_machine.inner.store.cache().await.unwrap().account().await.unwrap(),
@@ -1268,7 +1270,7 @@ mod tests {
             .inner
             .store
             .static_account()
-            .create_group_session_pair(room_id(), settings)
+            .create_group_session_pair(room_id(), settings, SenderData::unknown())
             .await
             .unwrap();
 

diff --git a/crates/matrix-sdk-crypto/src/machine.rs b/crates/matrix-sdk-crypto/src/machine.rs
@@ -66,7 +66,7 @@ use crate::{
     identities::{user::UserIdentities, Device, IdentityManager, UserDevices},
     olm::{
         Account, CrossSigningStatus, EncryptionSettings, IdentityKeys, InboundGroupSession,
-        OlmDecryptionInfo, PrivateCrossSigningIdentity, SenderDataFinder, SessionType,
+        OlmDecryptionInfo, PrivateCrossSigningIdentity, SenderData, SenderDataFinder, SessionType,
         StaticAccountData,
     },
     requests::{IncomingResponse, OutgoingRequest, UploadSigningKeysRequest},
@@ -810,7 +810,8 @@ impl OlmMachine {
         event: &DecryptedRoomKeyEvent,
         content: &MegolmV1AesSha2Content,
     ) -> OlmResult<Option<InboundGroupSession>> {
-        let sender_data = SenderDataFinder::find(self, sender_key, event, content).await?;
+        let sender_data =
+            SenderDataFinder::find_using_event(self, sender_key, event, content).await?;
 
         let session = InboundGroupSession::new(
             sender_key,
@@ -894,7 +895,11 @@ impl OlmMachine {
         let (_, session) = self
             .inner
             .group_session_manager
-            .create_outbound_group_session(room_id, EncryptionSettings::default())
+            .create_outbound_group_session(
+                room_id,
+                EncryptionSettings::default(),
+                SenderData::unknown(),
+            )
             .await?;
 
         self.store().save_inbound_group_sessions(&[session]).await?;
@@ -911,7 +916,11 @@ impl OlmMachine {
         let (_, session) = self
             .inner
             .group_session_manager
-            .create_outbound_group_session(room_id, EncryptionSettings::default())
+            .create_outbound_group_session(
+                room_id,
+                EncryptionSettings::default(),
+                SenderData::unknown(),
+            )
             .await?;
 
         Ok(session)
@@ -1010,7 +1019,26 @@ impl OlmMachine {
         users: impl Iterator<Item = &UserId>,
         encryption_settings: impl Into<EncryptionSettings>,
     ) -> OlmResult<Vec<Arc<ToDeviceRequest>>> {
-        self.inner.group_session_manager.share_room_key(room_id, users, encryption_settings).await
+        // Use our own device info to populate the SenderData that validates the
+        // InboundGroupSession that we create as a pair to the OutboundGroupSession we
+        // are sending out.
+        let account = self.store().static_account();
+        let device = self.store().get_device(account.user_id(), account.device_id()).await;
+        let own_sender_data = match device {
+            Ok(Some(device)) => {
+                SenderDataFinder::find_using_device_keys(self, device.as_device_keys().clone())
+                    .await?
+            }
+            _ => {
+                error!("Unable to find our own device!");
+                SenderData::unknown()
+            }
+        };
+
+        self.inner
+            .group_session_manager
+            .share_room_key(room_id, users, encryption_settings, own_sender_data)
+            .await
     }
 
     /// Receive an unencrypted verification event.
@@ -4163,7 +4191,7 @@ pub(crate) mod tests {
         let (outbound, mut inbound) = alice
             .store()
             .static_account()
-            .create_group_session_pair(room_id, Default::default())
+            .create_group_session_pair(room_id, Default::default(), SenderData::unknown())
             .await
             .unwrap();
 

diff --git a/crates/matrix-sdk-crypto/src/olm/account.rs b/crates/matrix-sdk-crypto/src/olm/account.rs
@@ -198,6 +198,7 @@ impl StaticAccountData {
         &self,
         room_id: &RoomId,
         settings: EncryptionSettings,
+        own_sender_data: SenderData,
     ) -> Result<(OutboundGroupSession, InboundGroupSession), MegolmSessionCreationError> {
         trace!(?room_id, algorithm = settings.algorithm.as_str(), "Creating a new room key");
 
@@ -221,7 +222,7 @@ impl StaticAccountData {
             signing_key,
             room_id,
             &outbound.session_key().await,
-            SenderData::unknown(),
+            own_sender_data,
             algorithm,
             Some(visibility),
         )?;
@@ -237,9 +238,13 @@ impl StaticAccountData {
         &self,
         room_id: &RoomId,
     ) -> (OutboundGroupSession, InboundGroupSession) {
-        self.create_group_session_pair(room_id, EncryptionSettings::default())
-            .await
-            .expect("Can't create default group session pair")
+        self.create_group_session_pair(
+            room_id,
+            EncryptionSettings::default(),
+            SenderData::unknown(),
+        )
+        .await
+        .expect("Can't create default group session pair")
     }
 
     /// Get the key ID of our Ed25519 signing key.

diff --git a/crates/matrix-sdk-crypto/src/olm/group_sessions/outbound.rs b/crates/matrix-sdk-crypto/src/olm/group_sessions/outbound.rs
@@ -790,7 +790,10 @@ mod tests {
             user_id, SecondsSinceUnixEpoch,
         };
 
-        use crate::{olm::OutboundGroupSession, Account, EncryptionSettings, MegolmError};
+        use crate::{
+            olm::{OutboundGroupSession, SenderData},
+            Account, EncryptionSettings, MegolmError,
+        };
 
         const TWO_HOURS: Duration = Duration::from_secs(60 * 60 * 2);
 
@@ -978,7 +981,11 @@ mod tests {
                 Account::with_device_id(user_id!("@alice:example.org"), device_id!("DEVICEID"))
                     .static_data;
             let (session, _) = account
-                .create_group_session_pair(room_id!("!test_room:example.org"), settings)
+                .create_group_session_pair(
+                    room_id!("!test_room:example.org"),
+                    settings,
+                    SenderData::unknown(),
+                )
                 .await
                 .unwrap();
             session