From 89d298443231ab22b188c580ad865087c377a1e7 Mon Sep 17 00:00:00 2001
From: David Baker <dave@matrix.org>
Date: Fri, 13 Jan 2023 18:24:33 +0000
Subject: [PATCH 1/2] Add some debugging & a debug event for decryption

Adds a log line whenever we save a session and also adds an event
that's fired whenever we get a to-device event we can't decrypt
(hopefully the comment explains all).
---
 src/client.ts           | 13 +++++++++++++
 src/crypto/OlmDevice.ts |  5 +++++
 src/crypto/index.ts     |  2 ++
 3 files changed, 20 insertions(+)

diff --git a/src/client.ts b/src/client.ts
index 91cc21be0..c64795bd8 100644
--- a/src/client.ts
+++ b/src/client.ts
@@ -855,6 +855,7 @@ export enum ClientEvent {
     SyncUnexpectedError = "sync.unexpectedError",
     ClientWellKnown = "WellKnown.client",
     ReceivedVoipEvent = "received_voip_event",
+    UndecryptableToDeviceEvent = "toDeviceEvent.undecryptable",
     TurnServers = "turnServers",
     TurnServersError = "turnServers.error",
 }
@@ -1063,6 +1064,18 @@ export type ClientEventHandlerMap = {
      * ```
      */
     [ClientEvent.ToDeviceEvent]: (event: MatrixEvent) => void;
+    /**
+     * Fires if a to-device event is received that cannot be decrypted.
+     * Encrypted to-device events will (generally) use plain Olm encryption,
+     * in which case decryption failures are fatal: the event will never be
+     * decryptable, unlike Megolm encrypted events where the key may simply
+     * arrive later.
+     *
+     * An undecryptable to-device event is therefore likley to indicate problems.
+     *
+     * @param event - The undecyptable to-device event
+     */
+    [ClientEvent.UndecryptableToDeviceEvent]: (event: MatrixEvent) => void;
     /**
      * Fires whenever new user-scoped account_data is added.
      * @param event - The event describing the account_data just added
diff --git a/src/crypto/OlmDevice.ts b/src/crypto/OlmDevice.ts
index 1ade98988..82a0a9a46 100644
--- a/src/crypto/OlmDevice.ts
+++ b/src/crypto/OlmDevice.ts
@@ -368,6 +368,11 @@ export class OlmDevice {
      */
     private saveSession(deviceKey: string, sessionInfo: IUnpickledSessionInfo, txn: unknown): void {
         const sessionId = sessionInfo.session.session_id();
+        logger.debug(`Saving Olm session ${sessionId} with device ${deviceKey}: ${sessionInfo.session.describe()}`);
+
+        // Why do we re-use the input object for this, overwriting the same key with a different
+        // type? Is it because we want to erase the unpickled session to enforce that it's no longer
+        // used? A comment would be great.
         const pickledSessionInfo = Object.assign(sessionInfo, {
             session: sessionInfo.session.pickle(this.pickleKey),
         });
diff --git a/src/crypto/index.ts b/src/crypto/index.ts
index 441d569c4..b0a5783b3 100644
--- a/src/crypto/index.ts
+++ b/src/crypto/index.ts
@@ -3433,6 +3433,8 @@ export class Crypto extends TypedEventEmitter<CryptoEvent, CryptoEventHandlerMap
         const algorithm = content.algorithm;
         const deviceKey = content.sender_key;
 
+        this.baseApis.emit(ClientEvent.UndecryptableToDeviceEvent, event);
+
         // retry decryption for all events sent by the sender_key.  This will
         // update the events to show a message indicating that the olm session was
         // wedged.

From 79faee7a67f2cefa2a605aad1fad785b75e459c5 Mon Sep 17 00:00:00 2001
From: David Baker <dave@matrix.org>
Date: Fri, 13 Jan 2023 18:32:21 +0000
Subject: [PATCH 2/2] Add emit so tests don't throw

---
 spec/unit/crypto.spec.ts | 1 +
 1 file changed, 1 insertion(+)

diff --git a/spec/unit/crypto.spec.ts b/spec/unit/crypto.spec.ts
index 36a746078..4bb5b58ca 100644
--- a/spec/unit/crypto.spec.ts
+++ b/spec/unit/crypto.spec.ts
@@ -254,6 +254,7 @@ describe("Crypto", function () {
                 sendToDevice: jest.fn(),
                 getKeyBackupVersion: jest.fn(),
                 isGuest: jest.fn(),
+                emit: jest.fn(),
             } as unknown as MatrixClient;
             mockRoomList = {} as unknown as RoomList;