* tests: Cross-signing keys support in `E2EKeyReceiver`
Have `E2EKeyReceiver` collect uploaded cross-signing keys, so that they can be
returned by `E2EKeyResponder`.
* tests: Signature upload support in `E2EKeyReceiver`
Have `E2EKeyReceiver` collect uploaded device signatures, so that they can be
returned by `E2EKeyResponder`.
* tests: Implement `E2EOTKClaimResponder` class
A new test helper, which intercepts `/keys/claim`, allowing clients under test
to claim OTKs uploaded by other devices.
* Expose experimental settings for encrypted history sharing
Add options to `MatrixClient.invite` and `MatrixClient.joinRoom` to share and
accept encrypted history on invite, per MSC4268.
* Clarify pre-join-membership logic
* Improve tests
* Update spec/integ/crypto/cross-signing.spec.ts
Co-authored-by: Hubert Chathi <hubertc@matrix.org>
---------
Co-authored-by: Hubert Chathi <hubertc@matrix.org>
* test: add a flushPromises
this seems to be needed because `initRustCrypto` now ends up doing slightly
less awaiting
* Support new `ShieldStateCode.MismatchedSender`
* Update to matrix-sdk-crypto-wasm 15.1.0
* Add `waitFor` and use it instead of `flushPromises`
* minor lints and fixes
* another lint fix
* Add `DebugLogger` type for logging matrix-js-sdk to `debug`
* unit tests for DebugLogger
* Use `DebugLogger` in some tests
* Use `DebugLogger` in rust-crypto.spec
* test-utils: silence some logging
* Use client logger for `RustBackupManager`
* use client logger in `CrossSigningIdentity`
* use client logger in `OutgoingRequestProcessor`
* RoomEncryptor: use correct logger for logDuration
use the logger for this specific event, rather than the more general one for the room
* Use client logger in `RoomEncryptor`
* crypto: Add new ClientEvent.ReceivedToDeviceMessage
refactor rename ProcessedToDeviceEvent to ReceivedToDeviceEvent
* fix: Restore legacy isEncrypted() for to-device messages
* Update test for new preprocessToDeviceMessages API
* quick fix on doc
* quick update docs and renaming
* review: Better doc and names for OlmEncryptionInfo
* review: Remove IToDeviceMessage alias and only keep IToDeviceEvent
* review: improve comments of processToDeviceMessages
* review: pass up encrypted event when no crypto callbacks
* review: use single payload for ReceivedToDeviceMessage
* fix linter
* review: minor comment update
* Switch from defer to Promise.withResolvers
As supported by the outgoing LTS version (v22) which has 99% support of ES2024
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* delint
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Deprecate defer instead of killing it
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Knip
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Iterate based on review
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Iterate based on review
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Iterate based on review
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Improve coverage
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
---------
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Add disableKeyStorage() to crypto API
As an all-in-one method for deleting all server side key storage on
the user's account (as the doc hopefully explains).
* Add test
* const
* Can't be disabled here
* Bump rust sdk to 14.0.0
* Remove duplicate type declarations
These now match the types in the underlying library, so can be removed.
* bump to 14.0.1
* Use new `OutgoingRequest` type from wasm library
* fix types
* update lockfile
* Simplify bootstrapSecretStorage logic
might as well just export the keys immediately, rather than having multiple
tests.
* Clean up typescript types related to rust crypto
A forthcoming release of matrix-rust-sdk-crypto-wasm tightens up a number of
typescript types. In preparation, we need to get our house in order too.
* Remove deprecated calls in `webrtc/call.ts`
* Throw error when legacy call was used
* Remove `MatrixClient.initLegacyCrypto` (#4620)
* Remove `MatrixClient.initLegacyCrypto`
* Remove `MatrixClient.initLegacyCrypto` in README.md
* Remove tests using `MatrixClient.initLegacyCrypto`
* Remove legacy crypto support in `sync` api (#4622)
* Remove deprecated `DeviceInfo` in `webrtc/call.ts` (#4654)
* chore(legacy call): Remove `DeviceInfo` usage
* refactor(legacy call): throw `GroupCallUnknownDeviceError` at the end of `initOpponentCrypto`
* Remove deprecated methods and attributes of `MatrixClient` (#4659)
* feat(legacy crypto)!: remove deprecated methods of `MatrixClient`
* test(legacy crypto): update existing tests to not use legacy crypto
- `Embedded.spec.ts`: casting since `encryptAndSendToDevices` is removed from `MatrixClient`.
- `room.spec.ts`: remove deprecated usage of `MatrixClient.crypto`
- `matrix-client.spec.ts` & `matrix-client-methods.spec.ts`: remove calls of deprecated methods of `MatrixClient`
* test(legacy crypto): remove test files using `MatrixClient` deprecated methods
* test(legacy crypto): update existing integ tests to run successfully
* feat(legacy crypto!): remove `ICreateClientOpts.deviceToImport`.
`ICreateClientOpts.deviceToImport` was used in the legacy cryto. The rust crypto doesn't support to import devices in this way.
* feat(legacy crypto!): remove `{get,set}GlobalErrorOnUnknownDevices`
`globalErrorOnUnknownDevices` is not used in the rust-crypto. The API is marked as unstable, we can remove it.
* Remove usage of legacy crypto in `event.ts` (#4666)
* feat(legacy crypto!): remove legacy crypto usage in `event.ts`
* test(legacy crypto): update event.spec.ts to not use legacy crypto types
* Remove legacy crypto export in `matrix.ts` (#4667)
* feat(legacy crypto!): remove legacy crypto export in `matrix.ts`
* test(legacy crypto): update `megolm-backup.spec.ts` to import directly `CryptoApi`
* Remove usage of legacy crypto in integ tests (#4669)
* Clean up legacy stores (#4663)
* feat(legacy crypto!): keep legacy methods used in lib olm migration
The rust cryto needs these legacy stores in order to do the migration from the legacy crypto to the rust crypto. We keep the following methods of the stores:
- Used in `libolm_migration.ts`.
- Needed in the legacy store tests.
- Needed in the rust crypto test migration.
* feat(legacy crypto): extract legacy crypto types in legacy stores
In order to be able to delete the legacy crypto, these stores shouldn't rely on the legacy crypto. We need to extract the used types.
* feat(crypto store): remove `CryptoStore` functions used only by tests
* test(crypto store): use legacy `MemoryStore` type
* Remove deprecated methods of `CryptoBackend` (#4671)
* feat(CryptoBackend)!: remove deprecated methods
* feat(rust-crypto)!: remove deprecated methods of `CryptoBackend`
* test(rust-crypto): remove tests of deprecated methods of `CryptoBackend`
* Remove usage of legacy crypto in `embedded.ts` (#4668)
The interface of `encryptAndSendToDevices` changes because `DeviceInfo` is from the legacy crypto. In fact `encryptAndSendToDevices` only need pairs of userId and deviceId.
* Remove legacy crypto files (#4672)
* fix(legacy store): fix legacy store typing
In https://github.com/matrix-org/matrix-js-sdk/pull/4663, the storeXXX methods were removed of the CryptoStore interface but they are used internally by IndexedDBCryptoStore.
* feat(legacy crypto)!: remove content of `crypto/*` except legacy stores
* test(legacy crypto): remove `spec/unit/crypto/*` except legacy store tests
* refactor: remove unused types
* doc: fix broken link
* doc: remove link tag when typedoc is unable to find the CryptoApi
* Clean up integ test after legacy crypto removal (#4682)
* test(crypto): remove `newBackendOnly` test closure
* test(crypto): fix duplicate test name
* test(crypto): remove `oldBackendOnly` test closure
* test(crypto): remove `rust-sdk` comparison
* test(crypto): remove iteration on `CRYPTO_BACKEND`
* test(crypto): remove old legacy comments and tests
* test(crypto): fix documentations and removed unused expect
* Restore broken link to `CryptoApi` (#4692)
* chore: fix linting and formatting due to merge
* Remove unused crypto type and missing doc (#4696)
* chore(crypto): remove unused types
* doc(crypto): add missing link
* test(call): add test when crypto is enabled
* fix(crypto): `resetEncryption` remove secrets in 4S
Remove the cross signing keys and the backup decryption key of the 4S when calling `resetEncryption`
* test(crypto): expect secrets to be deleted in 4S when `resetEncryption` is called
* test(secret storage): add test case when the secret is set at null
* fix(crypto): remove default key in 4S
* test(crypto): default key should be removed from 4S
* feat(dehydrated): Use the dehydrated key cache API
* feat(dehydrated): Add signalling to device dehydration manager
* feat(dehydrated): fix unneeded call getCachedKey
* Upgrade to `matrix-sdk-crypto-wasm` v13.0.0
* review: quick fix and doc
* apply changes from review
* apply changes from review
* fix comment
* add some tests and emit an event on rehydration failure
* factor out event counter into a test util, since it may be useful elsewhere
* adjust test to cover a few more lines
* fix documentation
* Apply suggestions from code review
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* fix missing bracket
* add test for getting the dehydration key from SSSS
---------
Co-authored-by: Hubert Chathi <hubertc@matrix.org>
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Save the key backup key to secret storage
When setting up secret storage, if we have a key backup key in cache
(like we do for the cross signing secrets).
* Add test
* Get the key directly from the olmMachine
saves converting it needlessly into a buffer to turn it back into
a base64 string
* Overwrite backup keyin storage if different
* Fix test
* Add integ test
* Test failure case for sonar
* Unused import
* Missed return
* Also check active backup version
* Update src with globalThis
* Update spec with globalThis
* Replace in more spec/ places
* More changes to src/
* Add a linter rule for global
* Prettify
* lint
* Add CryptoApi. encryptToDeviceMessages
Deprecate Crypto. encryptAndSendToDevices and MatrixClient. encryptAndSendToDevices
* Overload MatrixClient. encryptAndSendToDevices instead of deprecating
* Revert "Overload MatrixClient. encryptAndSendToDevices instead of deprecating"
This reverts commit 6a0d8e2638.
* Feedback from code review
* Use temporary pre-release build of @matrix-org/matrix-sdk-crypto-wasm
* Deduplicate user IDs
* Test for RustCrypto implementation
* Use ensureSessionsForUsers()
* Encrypt to-device messages in parallel
* Use release version of matrix-sdk-crypto-wasm
* Upgrade matrix-sdk-crypto-wasm to v8
* Sync with develop
* Add test for olmlib CryptoApi
* Fix link
* Feedback from review
* Move libolm implementation to better place in file
* FIx doc
* Integration test
* Make sure test device is known to client
* Feedback from review
* Move used Crypto event into crypto api
* Use new crypto events in rust crypto
* Remove `WillUpdateDevices` event from CryptoApi
* Use new crypto events in old crypto events
* Compute type of CryptoEvent enum
* Rename CryptoEvent and CryptoEventHandlerMap as legacy
* - Rename `RustCryptoEvent` as `CryptoEvent`
- Declare `CryptoEventHandlerMap` into the crypto api
* Add `WillUpdateDevices` back to new crypto events to avoid circular imports between old crypto and the cryto api
* Extends old crypto handler map with the new crypto map
* Review fixes
* Add more explicit documentations
* Move `SecretEncryptedPayload` in `src/utils/@types`
* Move `encryptAES` to a dedicated file. Moved in a utils folder.
* Move `deriveKeys` to a dedicated file in order to share it
* Move `decryptAES` to a dedicated file. Moved in a utils folder.
* Move `calculateKeyCheck` to a dedicated file. Moved in a utils folder.
* Remove AES functions in `aes.ts` and export new ones for backward compatibility
* Update import to use new functions
* Add `src/utils` entrypoint in `README.md`
* - Rename `SecretEncryptedPayload` to `AESEncryptedSecretStoragePayload`.
- Move into `src/@types`
* Move `calculateKeyCheck` into `secret-storage.ts`.
* Move `deriveKeys` into `src/utils/internal` folder.
* - Rename `encryptAES` on `encryptAESSecretStorageItem`
- Change named export by default export
* - Rename `decryptAES` on `decryptAESSecretStorageItem`
- Change named export by default export
* Update documentation
* Update `decryptAESSecretStorageItem` doc
* Add lnk to spec for `calculateKeyCheck`
* Fix downstream tests
* crypto: configure key sharing strategy based on deviceIsolationMode
fix eslint import error
cryptoMode was renamed to deviceIsolationMode
post rebase fix: Device Isolation mode name changes
* Fix outdated docs referring to old cryptomode
* code review: better comment for globalBlacklistUnverifiedDevices option
* RoomEncryptor: Use appropriate default for getBlacklistUnverifiedDevices
* do not provide a default value for DeviceIsolationMode for encryption
* Update src/rust-crypto/RoomEncryptor.ts
---------
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Implement `UserVerificationStatus.needsUserApproval`
Expose the `identityNeedsUserApproval` flag from the rust crypto crate.
* Add CryptoApi.pinCurrentUserIdentity
Expose `pinCurrentMasterKey` from the rust crypto api.
* Test data: add second cross-signing key for Bob
* Add tests for verification status
* Restructure eventsPendingKey to remove sender key
For withheld notices, we don't necessarily receive the sender key, so we'll
jhave to do without it.
* Re-decrypt events when we receive a withheld notice
* Extend test to cover late-arriving withheld notices
* update unit tests
* Add crypto methods for OIDC QR code login
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Improve test
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Revert test due to hang inside Rust.
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Iterate
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Update test name
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Update test name
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
---------
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
Slightly more involved than normal because it requires us to pass a backup version into OlmMachine.importBackedUpRoomKeys.
On the other hand we can now re-enable the test that was disabled in #4214 due to matrix-org/matrix-rust-sdk#3447Fixes: element-hq/element-web#27165
* `initRustCrypto`: allow app to pass in the store key directly
... instead of using the pickleKey. This allows us to avoid a slow PBKDF
operation.
* Fix link in doc-comment
* Add `PerSessionKeyBackupDownloader.isKeyBackupDownloadConfigured()`
* Add new `RustBackupManager.getServerBackupInfo`
... and a convenience method in PerSessionKeyBackupDownloader to access it.
* Crypto.spec: move `useRealTimers` to global `afterEach`
... so that we don't need to remember to do it everywhere.
* Use fake timers for UTD error code tests
This doesn't have any effect on the tests, but *does* stop jest from hanging
when you run the tests in in-band mode. It shouldn't *really* be needed, but
using fake timers gives more reproducible tests, and I don't have the
time/patience to debug why it is needed.
* Use new error codes for UTDs from historical events
* Migrate own identity trust to rust crypto
* Fix gendoc not happy if msk of IDownloadKeyResult has a signature
* add missing mock
* code review
* Code review
* Review gh suggestion
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Review gh suggestion
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Review gh suggestion
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Review gh suggestion
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* review move function down in file
* Review gh suggestion
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Review gh suggestion
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Review: Cleaning tests, renaming
* Review: better comment
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Comment paragraphs
* retry until initial key query is successfull
* Validate backup private key before migrating it
* post merge fix
* Fix test, missing mock
* Use crypto wasm instead of lib olm to check backup key
* typo
* code review
* quick lint
---------
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* initial implementation of device dehydration
* add dehydrated flag for devices
* add missing dehydration.ts file, add test, add function to schedule dehydration
* add more dehydration utility functions
* stop scheduled dehydration when crypto stops
* bump matrix-crypto-sdk-wasm version, and fix tests
* adding dehydratedDevices member to mock OlmDevice isn't necessary any more
* fix yarn lock file
* more tests
* fix test
* more tests
* fix typo
* fix logic for checking if dehydration supported
* make changes from review
* add missing file
* move setup into another function
* apply changes from review
* implement simpler API
* fix type and move the code to the right spot
* apply suggestions from review
* make sure that cross-signing and secret storage are set up
* Introduce Membership TS type
* Adapt the Membership TS type to be an enum
* Add docstrings for KnownMembership and Membership
* Move Membership types into a separate file, exported from types.ts
---------
Co-authored-by: Stanislav Demydiuk <s.demydiuk@gmail.com>
