Add Qt olm binding

[CarlSchwan]

Start working on better Qt olm binding. The api and implementation is a plain port of the rust lib: olm-rs.

[TobiasFella]

Fails to build when building tests but not E2EE

[CarlSchwan]

Fails to build when building tests but not E2EE

This should now be fixed. I just needed to ifdef everything. A good goal would still be at some point to remove all this ifdef once this feature is stable and don't crash :)

[KitsuneRal]

I feel a bit uneasy about having olm/ directory inside libQuotient tree - it's not immediately clear whether a given header file comes from Olm itself or the wrapper. Perhaps rename it to e2ee/ or qolm?

Also: did I get it right that you plan to eventually get rid of QtOlm dependency, rather than rewrite it?

[CarlSchwan]

I feel a bit uneasy about having olm/ directory inside libQuotient tree - it's not immediately clear whether a given header file comes from Olm itself or the wrapper. Perhaps rename it to e2ee/ or qolm?

Yes, it's probably that I will do soon, even more as I'm adding stuff related to encryption but not to olm specific (e.g. key export)

Also: did I get it right that you plan to eventually get rid of QtOlm dependency, rather than rewrite it?

Yes, the goal is to get rid of QtOlm. For the moment, I still have dependencies to QtOlm but it's only to make sure the code still compiles but I think I will be soon at a point where I can replace it with the new API.

[nicolasfella]

unique_ptr?

[CarlSchwan]

An unique_ptr with its own custom deleter could work but it's more just add more complexity.

[nicolasfella]

Is this related?

[CarlSchwan]

it's for the test but need a better solution because we can't ignore the SSL errors in production...

[CarlSchwan]

Patch that should fix it but doesn't work. Probably because of a stupid error somewhere.

diff --git a/autotests/testolmaccount.cpp b/autotests/testolmaccount.cpp
index 9134224..eb44791 100644
--- a/autotests/testolmaccount.cpp
+++ b/autotests/testolmaccount.cpp
@@ -165,6 +165,7 @@ void TestOlmAccount::encryptedFile()
 
 #define CREATE_CONNECTION(VAR, USERNAME, SECRET, DEVICE_NAME) \
     auto VAR = std::make_shared<Connection>(); \
+    VAR->ignoreSslErrors(true); \
     (VAR) ->resolveServer("@alice:localhost:" + QString::number(443)); \
     connect( (VAR) .get(), &Connection::loginFlowsChanged, this, [this, VAR ] () { \
         (VAR) ->loginWithPassword( (USERNAME) , SECRET , DEVICE_NAME , ""); \
diff --git a/lib/connection.cpp b/lib/connection.cpp
index 070aac0..d01aab3 100644
--- a/lib/connection.cpp
+++ b/lib/connection.cpp
@@ -573,6 +573,11 @@ void Connection::sync(int timeout)
     });
 }
 
+void Connection::ignoreSslErrors(bool ignore)
+{
+    connectionData()->ignoreSslErrors(ignore);
+}
+
 void Connection::syncLoop(int timeout)
 {
     if (d->syncLoopConnection && d->syncTimeout == timeout) {
diff --git a/lib/connection.h b/lib/connection.h
index 9a952e0..f3a6b8c 100644
--- a/lib/connection.h
+++ b/lib/connection.h
@@ -481,6 +481,11 @@ public:
         setUserFactory(defaultUserFactory<T>());
     }
 
+    /// Ignore ssl errors (usefull for automated testing with local synapse
+    /// instance).
+    /// \internal
+    void ignoreSslErrors(bool ignore);
+
 public Q_SLOTS:
     /** Set the homeserver base URL */
     void setHomeserver(const QUrl& baseUrl);
diff --git a/lib/connectiondata.cpp b/lib/connectiondata.cpp
index e54d909..123febe 100644
--- a/lib/connectiondata.cpp
+++ b/lib/connectiondata.cpp
@@ -140,6 +140,12 @@ bool ConnectionData::needsToken(const QString& requestName) const
            != d->needToken.cend();
 }
 
+void ConnectionData::ignoreSslErrors(bool ignore) const
+{
+    auto quotientNam = static_cast<NetworkAccessManager>(nam());
+    quotientNam.ignoreSslErrors(ignore);
+}
+
 void ConnectionData::setDeviceId(const QString& deviceId)
 {
     d->deviceId = deviceId;
diff --git a/lib/connectiondata.h b/lib/connectiondata.h
index 7dd96f2..00d056e 100644
--- a/lib/connectiondata.h
+++ b/lib/connectiondata.h
@@ -29,6 +29,7 @@ public:
     bool needsToken(const QString& requestName) const;
     QNetworkAccessManager* nam() const;
 
+    void ignoreSslErrors(bool ignore = true) const;
     void setBaseUrl(QUrl baseUrl);
     void setToken(QByteArray accessToken);
     [[deprecated("Use setBaseUrl() instead")]]
diff --git a/lib/networkaccessmanager.cpp b/lib/networkaccessmanager.cpp
index c6e761e..1276305 100644
--- a/lib/networkaccessmanager.cpp
+++ b/lib/networkaccessmanager.cpp
@@ -16,10 +16,6 @@ public:
 NetworkAccessManager::NetworkAccessManager(QObject* parent)
     : QNetworkAccessManager(parent), d(std::make_unique<Private>())
 {
-    connect(this, &QNetworkAccessManager::sslErrors, this, [](QNetworkReply *reply, const QList<QSslError> &errors)
-            {
-                reply->ignoreSslErrors();
-            });
 }
 
 QList<QSslError> NetworkAccessManager::ignoredSslErrors() const
@@ -27,6 +23,19 @@ QList<QSslError> NetworkAccessManager::ignoredSslErrors() const
     return d->ignoredSslErrors;
 }
 
+void NetworkAccessManager::ignoreSslErrors(bool ignore) const
+{
+    if (ignore) {
+        connect(this, &QNetworkAccessManager::sslErrors, this, [](QNetworkReply *reply, const QList<QSslError> &errors)
+                {
+    qDebug() << 24 / 0;
+                    reply->ignoreSslErrors();
+                });
+    } else {
+        disconnect(this, &QNetworkAccessManager::sslErrors, this, nullptr);
+    }
+}
+
 void NetworkAccessManager::addIgnoredSslError(const QSslError& error)
 {
     d->ignoredSslErrors << error;
diff --git a/lib/networkaccessmanager.h b/lib/networkaccessmanager.h
index 47729a1..22280e0 100644
--- a/lib/networkaccessmanager.h
+++ b/lib/networkaccessmanager.h
@@ -17,6 +17,7 @@ public:
     QList<QSslError> ignoredSslErrors() const;
     void addIgnoredSslError(const QSslError& error);
     void clearIgnoredSslErrors();
+    void ignoreSslErrors(bool ignore = true) const;
 
     /** Get a pointer to the singleton */
     static NetworkAccessManager* instance();

[TobiasFella]

That's a lot of '&' - is that something in C++ i don't know or an error?

[TobiasFella]

Should that be a member function of QOlmAccount instead?

[CarlSchwan]

it's an internal function, that could be a private method too but I don't really see an advantage.

[TobiasFella]

Can we not throw things?

[CarlSchwan]

Generally I tried to only throw for errors that can't and shouldn't be recovered. In that case, it should only throw when there was a problem when allocating the memory.

[TobiasFella]

is that a safe assumption?

[TobiasFella]

is that defined as the maximum somewhere or is it just what olm outputs currently?

[TobiasFella]

Suggested change

	connect(request, &BaseJob::result, this, [request, conn](BaseJob *job) {
	auto job2 = static_cast<UploadKeysJob *>(job);
	QCOMPARE(job2->oneTimeKeyCounts().size(), 0);
	connect(request, &BaseJob::result, this, [request]() {
	QCOMPARE(request->oneTimeKeyCounts().size(), 0);

should be the same

[TobiasFella]

Suggested change

	connect(request, &BaseJob::result, this, [request, conn](BaseJob *job) {
	auto job2 = static_cast<UploadKeysJob *>(job);
	QCOMPARE(job2->oneTimeKeyCounts().size(), 1);
	QCOMPARE(job2->oneTimeKeyCounts()["curve25519"], 5);
	connect(request, &BaseJob::result, this, [request]() {
	QCOMPARE(request->oneTimeKeyCounts().size(), 1);
	QCOMPARE(request->oneTimeKeyCounts()["curve25519"], 5);

[TobiasFella]

Suggested change

	QVariant var;
	var.setValue(key);
	oneTimeKeysHash[keyId] = var;
	oneTimeKeysHash[keyId] = QVariant::fromValue(key);

[TobiasFella]

Suggested change

	connect(request, &BaseJob::result, this, [request, nKeys, conn](BaseJob *job) {
	auto job2 = static_cast<UploadKeysJob *>(job);
	QCOMPARE(job2->oneTimeKeyCounts().size(), 1);
	QCOMPARE(job2->oneTimeKeyCounts()["signed_curve25519"], nKeys);
	connect(request, &BaseJob::result, this, [request, nKeys]() {
	QCOMPARE(request->oneTimeKeyCounts().size(), 1);
	QCOMPARE(request->oneTimeKeyCounts()["signed_curve25519"], nKeys);

[TobiasFella]

Suggested change

	connect(request, &BaseJob::result, this, [request, conn](BaseJob *job) {
	auto job2 = static_cast<UploadKeysJob *>(job);
	QCOMPARE(job2->oneTimeKeyCounts().size(), 1);
	QCOMPARE(job2->oneTimeKeyCounts()["signed_curve25519"], 1);
	connect(request, &BaseJob::result, this, [request]() {
	QCOMPARE(request->oneTimeKeyCounts().size(), 1);
	QCOMPARE(request->oneTimeKeyCounts()["signed_curve25519"], 1);

[TobiasFella]

Not sure if it's important, but should bob maybe log in as "bob" instead of "alice"?

[TobiasFella]

Suggested change

const auto deviceId = bob->deviceId();

[TobiasFella]

Why is this copy needed?

[CarlSchwan]

If I remember correctly olm_ed25519_verify will modify sig and we still need the original sig later.

[TobiasFella]

The content doesn't really fit to the method name

[TobiasFella]

This looks like it shouldn't be necessary. is it just some hack or is there a deeper reason for it?

[CarlSchwan]

It's a hack, unfortunately, the JSON /C++ bridge can't really handle the case where something is either an object or a string.

[TobiasFella]

I know that this is not new code, but is it a good idea to log keys?

[CarlSchwan]

I guess this is just debugging code, for the moment I completely disabled this code since it was crashy

[TobiasFella]

why?

[CarlSchwan]

yeah, that stuff should be simplified (same with the if condition underneath)

[TobiasFella]

Since there will probably be other E2EE encryption systems in matrix sooner or later, should the olm stuff be moved to crypto/qolm or something?

[TobiasFella]

some of the errors thrown by olm_unpickle_account (invalid base64, bad account key) are probably recoverable

[TobiasFella]

we probably shouldn't fail completely for these errors

[TobiasFella]

same here

[TobiasFella]

Can we assume that this will never happen if the client uses this correctly?

[TobiasFella]

The olm documentation does not specify which errors might happen here. we should look into the implementation to figure out if we should handle them or not

[TobiasFella]

we could also assert the unrecoverable errors instead of throwing them, since they should not happen if the program is reasonably correct

[KitsuneRal]

Upon a quick look-through, without really analysing the code:

• Please double-check the code is formatted according to .clang-format.
• Please indicate the Qt module of the header: #include <QtCore/QDebug>, not #include <QDebug>.
• I understand the idea of throwing when things are utterly grim and irrecoverable; but in some cases throw is combined with the error object, which is very confusing from the API standpoint. Please let's really try to go without exceptions, as long as there's QOlmError.

I will look closer into the code; it would help if you could clearly declare the scope of the work accomplished by now (what is supposed to work, namely).

[CarlSchwan]

I pushed this to the work/olm branch. I will close this MR and new E2EE related MR should be done against the work/olm branch. Once everything is working we can merge the work/olm branch inside master. :)

[hugohn]

Hi guys, is this still ongoing work? was there an MR that replaced this MR?

[CarlSchwan]

Hi guys, is this still ongoing work? was there an MR that replaced this MR?

This was merged in another mr. Message decryption should now work if the compile flag is set

[hugohn]

Hi guys, is this still ongoing work? was there an MR that replaced this MR?

This was merged in another mr. Message decryption should now work if the compile flag is set

Awesome! Since 0.7 is not out yet, I assume message decryption is currently available only in the dev branch, correct?

Also do you know when will 0.7 be released?

[KitsuneRal]

Hopefully sometime later in the summer, contingent on me having at least some reasonable time for the project (and in any case it likely won't have complete E2EE, rather an early beta of sorts).