Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Nheko Possibly Causes Key Backup Error in Element #1830

Open
1 task
wj25czxj47bu6q opened this issue Oct 15, 2024 · 3 comments
Open
1 task

Nheko Possibly Causes Key Backup Error in Element #1830

wj25czxj47bu6q opened this issue Oct 15, 2024 · 3 comments
Labels
bug Something isn't working

Comments

@wj25czxj47bu6q
Copy link

Describe the bug

There are at least two known cases where use of Nheko is correlated with the error "Unable to query secret storage status" in Element. A more verbose error message "Error: Failed decoding Curve25519 key from base64: Invalid number of bytes for Curve25519, expected 32, got 45." is printed by Element to the console. This also prevents Element from resetting key backup ("secure backup"), because apparently Element validates the existing key backup before allowing the user to reset it.

element-hq/element-meta#2471

After using the DELETE /_matrix/client/v3/room_keys/version/{version} API to manually erase the existing key backup, Element no longer gives the error and allows setting up a fresh key backup.

Obviously Element's unnecessary validation problem is not relevant to Nheko, but the root cause whereby Element believes the key backup created from Nheko is malformed probably deserves further investigation.

To Reproduce

Exact details unknown. The issue is most likely reproducible by setting up key backup in Nheko and then attempting to reset it in Element.

What happened?

No response

Expected behavior

No response

Screenshots

No response

Version

Unknown

Operating system

No response

Installation method

No response

Qt version

No response

C++ compiler

No response

Desktop Environment

No response

Did you use profiles?

  • Profiles used?

Relevant log output

No response

Backtrace

No response
@wj25czxj47bu6q wj25czxj47bu6q added the bug Something isn't working label Oct 15, 2024
@deepbluev7
Copy link
Member

Well, the spec doesn't define a limit for the automatically generated key. Since we need to provide it in base64 and need 32 bytes of entropy (iirc), we base64 encode the random number, which causes the 45 bytes, since there is a 30% overhead to base64 encoding. I'm not sure if that is an issue on our end, having extra bytes isn't really an error usually.

@richvdh
Copy link

richvdh commented Oct 31, 2024

Since we need to provide it in base64 and need 32 bytes of entropy (iirc),

Yes, 32 bytes. The key that is causing the problem is a public Curve25519 key, which is 32 bytes in length.

we base64 encode the random number, which causes the 45 bytes, since there is a 30% overhead to base64 encoding.

32 bytes in base64 is 44 bytes:

echo "01234567890123456789012345678901" | base64 -w0  | wc -c
44

TBH I'm not entirely sure which key is causing the problem. Any ideas?

@richvdh
Copy link

richvdh commented Oct 31, 2024

oh, it's the public_key in the auth_data for the backup.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@richvdh @deepbluev7 @wj25czxj47bu6q