* Move `SecretEncryptedPayload` in `src/utils/@types`
* Move `encryptAES` to a dedicated file. Moved in a utils folder.
* Move `deriveKeys` to a dedicated file in order to share it
* Move `decryptAES` to a dedicated file. Moved in a utils folder.
* Move `calculateKeyCheck` to a dedicated file. Moved in a utils folder.
* Remove AES functions in `aes.ts` and export new ones for backward compatibility
* Update import to use new functions
* Add `src/utils` entrypoint in `README.md`
* - Rename `SecretEncryptedPayload` to `AESEncryptedSecretStoragePayload`.
- Move into `src/@types`
* Move `calculateKeyCheck` into `secret-storage.ts`.
* Move `deriveKeys` into `src/utils/internal` folder.
* - Rename `encryptAES` on `encryptAESSecretStorageItem`
- Change named export by default export
* - Rename `decryptAES` on `decryptAESSecretStorageItem`
- Change named export by default export
* Update documentation
* Update `decryptAESSecretStorageItem` doc
* Add lnk to spec for `calculateKeyCheck`
* Fix downstream tests
* crypto: configure key sharing strategy based on deviceIsolationMode
fix eslint import error
cryptoMode was renamed to deviceIsolationMode
post rebase fix: Device Isolation mode name changes
* Fix outdated docs referring to old cryptomode
* code review: better comment for globalBlacklistUnverifiedDevices option
* RoomEncryptor: Use appropriate default for getBlacklistUnverifiedDevices
* do not provide a default value for DeviceIsolationMode for encryption
* Update src/rust-crypto/RoomEncryptor.ts
---------
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Implement `UserVerificationStatus.needsUserApproval`
Expose the `identityNeedsUserApproval` flag from the rust crypto crate.
* Add CryptoApi.pinCurrentUserIdentity
Expose `pinCurrentMasterKey` from the rust crypto api.
* Test data: add second cross-signing key for Bob
* Add tests for verification status
* Don't share full key history for RTC per-participant encryption
Also record stats for how many keys have been sent/received and age of those received
* Update src/matrixrtc/MatrixRTCSession.ts
Co-authored-by: Robin <robin@robin.town>
* Add comment about why we track total age of events
---------
Co-authored-by: Robin <robin@robin.town>
* Retry event decryption failures on first failure
* Suggestion from code review
Co-authored-by: Andrew Ferrazzutti <andrewf@element.io>
---------
Co-authored-by: Andrew Ferrazzutti <andrewf@element.io>
* Use origin server timestamp for calculating group call membership expiry
* Fix tests
* Docs
* Refactor comments to reflect that the logic hasn't changed
* Make comment maintainable
* Fix up merge
* Fix test
* Handle MatrixRTC encryption keys arriving out of order
* Apply suggestions from code review
Co-authored-by: Andrew Ferrazzutti <andrewf@element.io>
* Suggestion from code review
---------
Co-authored-by: Andrew Ferrazzutti <andrewf@element.io>
* Resend MatrixRTC encryption keys if a membership has changed
* JSDoc
* Update src/matrixrtc/MatrixRTCSession.ts
Co-authored-by: Andrew Ferrazzutti <andrewf@element.io>
* Add note about using Set. symmetricDifference() when available
* Always store latest fingerprints
Should reduce unnecessary retransmits
* Refactor
---------
Co-authored-by: Andrew Ferrazzutti <andrewf@element.io>
* Fix hashed ID server lookups with no Olm
It used the hash function from Olm (presumably to work cross-platform)
but subtle crypto is available on node nowadays so we can just use
that.
Refactor existing code that did this out to a common function, add
tests.
* Test the code when crypto is available
* Test case of no crypto available
* Move digest file to src to get it out of the way of the olm / e2e stuff
* Fix import
* Fix error string & doc
* subtle crypto, not webcrypto
* Extract the base64 part
* Fix test
* Move test file too
* Add more doc
* Fix imports
and use them for more reliable MatrixRTC session membership events.
Also implement "parent" delayed events, which were in a previous version
of the MSC and may be reintroduced or be part of a new MSC later.
NOTE: Still missing is support for sending encrypted delayed events.
* Restructure eventsPendingKey to remove sender key
For withheld notices, we don't necessarily receive the sender key, so we'll
jhave to do without it.
* Re-decrypt events when we receive a withheld notice
* Extend test to cover late-arriving withheld notices
* update unit tests
* Update all non-major dependencies
* Prettier
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Fix types for widget API update
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
---------
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Michael Telatynski <7t3chguy@gmail.com>
* Remove the compare function from utils
and change the one use of it to just intantiate a collator and use
it.
This was marked as internal module so this shouldn't be a breaking change.
Of course, react-sdk was using it.
Requires: https://github.com/matrix-org/matrix-react-sdk/pull/12782
* Add simple not-a-perf-test test
* recalculate repeatedly
otherwise we aren't testing anything different
* Use fewer members as it was making the test take a bit too long
* Inline subtlecrypto shim
The presence of this thing just makes code more confusing.
* Remove pre-node-20 webcrypto hack
Until node 20.0, the webcrypto API lived at `crypto.webCrypto`. It's now
available at the same place as in web -- `globalThis.crypto`.
See: https://nodejs.org/docs/latest-v20.x/api/webcrypto.html#web-crypto-api
* oidc auth test: Clean up mocking
THe previous reset code wasn't really resetting the right thing. Let's just
re-init `window.crypto` on each test.
* Remove `crypto` shim
This isn't very useful any more.
* Fix room state being updated with old (now overwritten) state and emitting for those updates.
* remove timestamp condition
Add configuration for toStartOfTimeline
* fix timeline tests
* only skip event adding if event_id and replaces_state is set.
* fix room tests
* test skipping insertion
* rename back to lastStateEvent
* store if a state is at the start of a timeline in the RoomState class
* make `isStartTimelineState` a `public readonly` and fix condition.
* Prefix the user+device state key if needed
No need to prefix it for rooms that use MSC3779.
Otherwise, prefix it to bypass the auth rule for state events with keys
starting with @.
* Use RegExp.exec() method instead
Sonar typescript:S6594
* Split nested ternary operator into method
Sonar typescript:S3358
* Add test coverage
* Use legacy call membership if anyone else is
* Convert nullish to boolean
* Update tests
* Lint
* Use computed decision to use legacy events or not
* Check if discovered legacy sessions are ongoing
* Lint
* Lint again
* Increase test coverage
* Fetch capabilities in the background
& keep them up to date
* Add missed await
* Replace some more runAllTimers
and round down the wait time for sanity
* Remove double comment
* Typo
* Add a method back that will fetch capabilities if they're not already there
* Add tests
* Catch exception here too
* Add test for room version code
* Use server name instead of homeserver url to allow well-known lookups during QR OIDC reciprocation
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Iterate
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Iterate
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Iterate
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Iterate
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
---------
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Refactor to preferred and active foci.
Signed-off-by: Timo K <toger5@hotmail.de>
* make the sdk compatible with MSC4143 but still be backwards compatible
* comment fixes
* also fallback to legacy if the current member event is legacy
* use XOR types
* use EitherAnd
* make livekit Foucs types simpler
* review
* fix tests
* test work
* more review + more tests
* remove unnecassary await that is in conflict with the comment
* make joinRoomSession sync
* Update src/matrixrtc/MatrixRTCSession.ts
Co-authored-by: Andrew Ferrazzutti <af_0_af@hotmail.com>
* review
* fix
* test
* review
* review
* comment clarification
* typo
---------
Signed-off-by: Timo K <toger5@hotmail.de>
Co-authored-by: Andrew Ferrazzutti <af_0_af@hotmail.com>
* Add crypto methods for OIDC QR code login
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Improve test
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Revert test due to hang inside Rust.
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Iterate
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Update test name
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Update test name
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
---------
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
https://github.com/dumbmatter/fakeIndexedDB/pull/93 causes a bunch
of tests to start failing because the fake timers need running in
order for fake indexeddb to work. It also seems to cause failures
to bleed between tests somehow if fake timers are enabled/disabled.
This keeps all the fake timer tests in one suite and all the others
in another, which appears to work.
This should allow https://github.com/matrix-org/matrix-js-sdk/pull/4224
to be merged.
Slightly more involved than normal because it requires us to pass a backup version into OlmMachine.importBackedUpRoomKeys.
On the other hand we can now re-enable the test that was disabled in #4214 due to matrix-org/matrix-rust-sdk#3447Fixes: element-hq/element-web#27165
* `initRustCrypto`: allow app to pass in the store key directly
... instead of using the pickleKey. This allows us to avoid a slow PBKDF
operation.
* Fix link in doc-comment
* Add `PerSessionKeyBackupDownloader.isKeyBackupDownloadConfigured()`
* Add new `RustBackupManager.getServerBackupInfo`
... and a convenience method in PerSessionKeyBackupDownloader to access it.
* Crypto.spec: move `useRealTimers` to global `afterEach`
... so that we don't need to remember to do it everywhere.
* Use fake timers for UTD error code tests
This doesn't have any effect on the tests, but *does* stop jest from hanging
when you run the tests in in-band mode. It shouldn't *really* be needed, but
using fake timers gives more reproducible tests, and I don't have the
time/patience to debug why it is needed.
* Use new error codes for UTDs from historical events
* Migrate own identity trust to rust crypto
* Fix gendoc not happy if msk of IDownloadKeyResult has a signature
* add missing mock
* code review
* Code review
* Review gh suggestion
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Review gh suggestion
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Review gh suggestion
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Review gh suggestion
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* review move function down in file
* Review gh suggestion
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Review gh suggestion
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Review: Cleaning tests, renaming
* Review: better comment
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Comment paragraphs
* retry until initial key query is successfull
* Validate backup private key before migrating it
* post merge fix
* Fix test, missing mock
* Use crypto wasm instead of lib olm to check backup key
* typo
* code review
* quick lint
---------
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* initial implementation of device dehydration
* add dehydrated flag for devices
* add missing dehydration.ts file, add test, add function to schedule dehydration
* add more dehydration utility functions
* stop scheduled dehydration when crypto stops
* bump matrix-crypto-sdk-wasm version, and fix tests
* adding dehydratedDevices member to mock OlmDevice isn't necessary any more
* fix yarn lock file
* more tests
* fix test
* more tests
* fix typo
* fix logic for checking if dehydration supported
* make changes from review
* add missing file
* move setup into another function
* apply changes from review
* implement simpler API
* fix type and move the code to the right spot
* apply suggestions from review
* make sure that cross-signing and secret storage are set up
* Add `device_authorization_endpoint` field to OIDC issuer well-known metadata
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Allow `validateIdToken` to skip handling nonce when none is present
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Tweak registerOidcClient to check OIDC grant_types_supported before registration
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
---------
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
