-
Notifications
You must be signed in to change notification settings - Fork 252
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Embed device keys in Olm-encrypted messages #3517
Conversation
A couple issues with the current approach:
|
We do, well we do if a
I think that letting stores cross-sign should not happen at all, we don't control all store implementations and this is an obvious shift of responsiblity where store implementations need to care about cryptography to get things working correctly. |
I think that this is ready to be reviewed now. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks good, with some minor comments and questions scattered around.
My main question is: if we don't find the device keys in the store, we generate them. Shouldn't we save them to the store at that point, so we don't end up generating them multiple times and risking inconsistency as @poljar mentioned in his previous comment?
I don't feel confident to give this full approval so will ask @poljar to take a look.
@@ -1377,6 +1409,42 @@ mod encrypted_tests { | |||
); | |||
} | |||
|
|||
#[async_test] | |||
async fn cache_cleared_after_device_update() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there some test we can add to cryptostore_integration_tests
for this? Then it would cover indexeddb, which I think is not covered so far in this PR.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think we can add this to cryptostore_integration_tests
because memorystore
works differently, and always keeps the sessions in cache (the cache can't be cleared). (But yes, I should add a test for indexeddb -- once I figure out how to run the indexeddb tests locally)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Here is now I ran the tests locally here:
cd crates/matrix-sdk-indexeddb/
WASM_BINDGEN_TEST_TIMEOUT=2400 CARGO_TARGET_DIR=/tmp/andyb-rust-target wasm-pack test --firefox --headless -- --no-default-features --features e2e-encryption
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I tried that, but it gave me an error saying:
Try find `webdriver.json` for configure browser's capabilities:
Not found
driver status: signal: 9 (SIGKILL)
I wrote a test anyways and it seems to pass CI, so I'll ignore it for now, and try to figure it out later if needed.
Have not looked at the whole PR yet, but please take a look at our constructor: matrix-rust-sdk/crates/matrix-sdk-crypto/src/machine.rs Lines 297 to 311 in abda959
We are guaranteed to have our own device keys and device in the store. We can add a method to the store called |
@andybalaam I think that I've addressed your comments. There's some CI issues that I still need to look into, but it should be reviewable otherwise. Oh, I also need to change it to not generate a device key, since we're always guaranteed to have our own device key in the store. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good from my point of view, when the not generating device key part is done. Thanks!
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #3517 +/- ##
==========================================
- Coverage 84.14% 84.11% -0.04%
==========================================
Files 255 255
Lines 26345 26369 +24
==========================================
+ Hits 22168 22180 +12
- Misses 4177 4189 +12 ☔ View full report in Codecov by Sentry. |
@poljar I think this is ready for review from you now. Some notes
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the general direction is good, left some questions/nits/suggestions.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Left some final nits, we should revert the SQLite query patch since it doesn't help.
Approving ahead of time, feel free to merge once the final nits have been resolved.
/// Error type describing different errors that can happen when we create an | ||
/// Olm session from a pickle. | ||
#[derive(Error, Debug)] | ||
pub enum SessionPickleError { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think SessionUnpickleError
might be marginally better, feel free to disagree.
This reverts commit 2d66041. Since it doesn't make enough of a performance difference.
Signed-off-by: Hubert Chathi <[email protected]>
…st-sdk into embed_device_key_in_olm
I think I've addressed all outstanding comments. I don't have permissions to hit the merge button. Can someone do so for me? |
}, | ||
"device_keys": self.our_device_keys, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Doesn't this property need a different name:
Until this MSC is accepted, the new property should be named org.matrix.msc4147.device_keys.
We can do this in a follow up, so we don't risk more merge conflicts.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It was added as a regular dependency in #3517 but it is only used in tests. Signed-off-by: Kévin Commaille <[email protected]>
For some reason it doesn't seem to be mentioned in the PR 😠 but I believe this is implementing MSC4147. |
Signed-off-by: