rust backup restore support (#3709)

* Refactor key backup recovery to prepare for rust * rust backup restore support * Move export out of old crypto to api with re-export * extract base64 utility * add tests for base64 util * more efficient regex * fix typo
2025-11-23 17:02:25 +03:00 · 2023-09-13 11:08:26 +02:00
parent 1b8507c060
commit 1503acb30a
12 changed files with 318 additions and 46 deletions
--- a/src/rust-crypto/rust-crypto.ts
+++ b/src/rust-crypto/rust-crypto.ts
@@ -38,6 +38,7 @@ import {
    CrossSigningKeyInfo,
    CrossSigningStatus,
    CryptoCallbacks,
+    Curve25519AuthData,
    DeviceVerificationStatus,
    EventEncryptionInfo,
    EventShieldColour,
@@ -62,11 +63,12 @@ import { isVerificationEvent, RustVerificationRequest, verificationMethodIdentif
 import { EventType } from "../@types/event";
 import { CryptoEvent } from "../crypto";
 import { TypedEventEmitter } from "../models/typed-event-emitter";
-import { RustBackupCryptoEventMap, RustBackupCryptoEvents, RustBackupManager } from "./backup";
+import { RustBackupCryptoEventMap, RustBackupCryptoEvents, RustBackupDecryptor, RustBackupManager } from "./backup";
 import { TypedReEmitter } from "../ReEmitter";
 import { randomString } from "../randomstring";
 import { ClientStoppedError } from "../errors";
 import { ISignatures } from "../@types/signed";
+import { encodeBase64 } from "../common-crypto/base64";

 const ALL_VERIFICATION_METHODS = ["m.sas.v1", "m.qr_code.scan.v1", "m.qr_code.show.v1", "m.reciprocate.v1"];

@@ -941,7 +943,7 @@ export class RustCrypto extends TypedEventEmitter<RustCryptoEvents, RustCryptoEv
     * @param key - the backup decryption key
     */
    public async storeSessionBackupPrivateKey(key: Uint8Array): Promise<void> {
-        const base64Key = Buffer.from(key).toString("base64");
+        const base64Key = encodeBase64(key);

        // TODO get version from backupManager
        await this.olmMachine.saveBackupDecryptionKey(RustSdkCryptoJs.BackupDecryptionKey.fromBase64(base64Key), "");
@@ -1027,7 +1029,23 @@ export class RustCrypto extends TypedEventEmitter<RustCryptoEvents, RustCryptoEv
     * Implementation of {@link CryptoBackend#getBackupDecryptor}.
     */
    public async getBackupDecryptor(backupInfo: KeyBackupInfo, privKey: ArrayLike<number>): Promise<BackupDecryptor> {
-        throw new Error("Stub not yet implemented");
+        if (backupInfo.algorithm != "m.megolm_backup.v1.curve25519-aes-sha2") {
+            throw new Error(`getBackupDecryptor Unsupported algorithm ${backupInfo.algorithm}`);
+        }
+
+        const authData = <Curve25519AuthData>backupInfo.auth_data;
+
+        if (!(privKey instanceof Uint8Array)) {
+            throw new Error(`getBackupDecryptor expects Uint8Array`);
+        }
+
+        const backupDecryptionKey = RustSdkCryptoJs.BackupDecryptionKey.fromBase64(encodeBase64(privKey));
+
+        if (authData.public_key != backupDecryptionKey.megolmV1PublicKey.publicKeyBase64) {
+            throw new Error(`getBackupDecryptor key mismatch error`);
+        }
+
+        return new RustBackupDecryptor(backupDecryptionKey);
    }

    ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////