MatrixRTC: Refactor | Introduce a new Encryption manager (used with experimental to device transport) (#4799)

* refactor: New encryption manager BasicEncryptionManager for todevice fixup: bad do not commit * fix: ToDevice transport not setting the sent_ts * test: BasicEncryptionManager add statistics tests * code review * feat: Encryption manager just reshare on new joiner * refactor: Rename BasicEncryptionManger to RTCEncryptionManager * fixup: RTC experimental todevice should use new encryption mgr * fixup: use proper logger hierarchy * fixup: RTC rollout first key asap even if no members to send to * fixup: RTC add test for first key use * fixup! emitting outbound key before anyone registered * fix: quick patch for transport switch, need test * test: RTC encryption manager, add test for transport switch * post rebase fix * Remove bad corepack commit * review: cleaning, renaming * review: cleaning and renaming * stop using root logger in favor of a parent logger * post merge fix broken test * remove corepack again * fix reverted changes after a merge * review: Properly deprecate getEncryptionKeys * review: rename ensureMediaKeyDistribution to ensureKeyDistribution * review: use OutdatedKeyFilter instead of KeyBuffer
2025-11-25 05:23:13 +03:00 · 2025-07-08 14:43:16 +02:00
parent 137379b7b7
commit e5c8c20a34
14 changed files with 1165 additions and 65 deletions
--- a/src/matrixrtc/types.ts
+++ b/src/matrixrtc/types.ts
@@ -16,11 +16,44 @@ limitations under the License.
 import type { IMentions } from "../matrix.ts";
 import type { CallMembership } from "./CallMembership.ts";

+export type ParticipantId = string;
+
 export interface EncryptionKeyEntry {
    index: number;
    key: string;
 }

+/**
+ * The mxID, deviceId and membership timestamp of a RTC session participant.
+ */
+export type ParticipantDeviceInfo = {
+    userId: string;
+    deviceId: string;
+    membershipTs: number;
+};
+
+/**
+ * A type representing the information needed to decrypt video streams.
+ */
+export type InboundEncryptionSession = {
+    key: Uint8Array;
+    participantId: ParticipantId;
+    keyIndex: number;
+    creationTS: number;
+};
+
+/**
+ * The information about the key used to encrypt video streams.
+ */
+export type OutboundEncryptionSession = {
+    key: Uint8Array;
+    creationTS: number;
+    // The devices that this key is shared with.
+    sharedWith: Array<ParticipantDeviceInfo>;
+    // This is an index acting as the id of the key
+    keyId: number;
+};
+
 export interface EncryptionKeysEventContent {
    keys: EncryptionKeyEntry[];
    device_id: string;
@@ -28,13 +61,15 @@ export interface EncryptionKeysEventContent {
    sent_ts?: number;
 }

+/**
+ * THe content of a to-device event that contains encryption keys.
+ */
 export interface EncryptionKeysToDeviceEventContent {
    keys: { index: number; key: string };
    member: {
-        // id: ParticipantId,
        // TODO Remove that it is claimed, need to get the sealed sender from decryption info
+        // Or add some validation on it based on the encryption info
        claimed_device_id: string;
-        // user_id: string
    };
    room_id: string;
    session: {