* Move `SecretEncryptedPayload` in `src/utils/@types`
* Move `encryptAES` to a dedicated file. Moved in a utils folder.
* Move `deriveKeys` to a dedicated file in order to share it
* Move `decryptAES` to a dedicated file. Moved in a utils folder.
* Move `calculateKeyCheck` to a dedicated file. Moved in a utils folder.
* Remove AES functions in `aes.ts` and export new ones for backward compatibility
* Update import to use new functions
* Add `src/utils` entrypoint in `README.md`
* - Rename `SecretEncryptedPayload` to `AESEncryptedSecretStoragePayload`.
- Move into `src/@types`
* Move `calculateKeyCheck` into `secret-storage.ts`.
* Move `deriveKeys` into `src/utils/internal` folder.
* - Rename `encryptAES` on `encryptAESSecretStorageItem`
- Change named export by default export
* - Rename `decryptAES` on `decryptAESSecretStorageItem`
- Change named export by default export
* Update documentation
* Update `decryptAESSecretStorageItem` doc
* Add lnk to spec for `calculateKeyCheck`
* Fix downstream tests
* crypto: configure key sharing strategy based on deviceIsolationMode
fix eslint import error
cryptoMode was renamed to deviceIsolationMode
post rebase fix: Device Isolation mode name changes
* Fix outdated docs referring to old cryptomode
* code review: better comment for globalBlacklistUnverifiedDevices option
* RoomEncryptor: Use appropriate default for getBlacklistUnverifiedDevices
* do not provide a default value for DeviceIsolationMode for encryption
* Update src/rust-crypto/RoomEncryptor.ts
---------
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
This method is impossible to use securely, and so is being removed. (It also
didn't work under Rust cryptography.)
In future, this functionality may be re-introduced in a safer way, but doing so
will probably require updates to the MSC.
* Update dependency typescript to v5.6.2
* Fix TS errors
* Update minimal version of TS to `5.4.2` since the code is not compliant with an older version.
* Review fixes
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Florian Duros <florian.duros@ormaz.fr>
Co-authored-by: Florian Duros <florianduros@element.io>
* Update OIDC registration types to match latest MSC2966 state
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Add comment
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
---------
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Implement `UserVerificationStatus.needsUserApproval`
Expose the `identityNeedsUserApproval` flag from the rust crypto crate.
* Add CryptoApi.pinCurrentUserIdentity
Expose `pinCurrentMasterKey` from the rust crypto api.
* Test data: add second cross-signing key for Bob
* Add tests for verification status
* Update typedoc
* Don't link a private method in tsdoc of a public method
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Florian Duros <florian.duros@ormaz.fr>
* Don't share full key history for RTC per-participant encryption
Also record stats for how many keys have been sent/received and age of those received
* Update src/matrixrtc/MatrixRTCSession.ts
Co-authored-by: Robin <robin@robin.town>
* Add comment about why we track total age of events
---------
Co-authored-by: Robin <robin@robin.town>
This is in line with the other information we're already exposing, such as the event's sender and timestamp. We want this in order to play around with adding reactions to the membership event.
* Retry event decryption failures on first failure
* Suggestion from code review
Co-authored-by: Andrew Ferrazzutti <andrewf@element.io>
---------
Co-authored-by: Andrew Ferrazzutti <andrewf@element.io>
* Use origin server timestamp for calculating group call membership expiry
* Fix tests
* Docs
* Refactor comments to reflect that the logic hasn't changed
* Make comment maintainable
* Fix up merge
* Fix test
* Handle MatrixRTC encryption keys arriving out of order
* Apply suggestions from code review
Co-authored-by: Andrew Ferrazzutti <andrewf@element.io>
* Suggestion from code review
---------
Co-authored-by: Andrew Ferrazzutti <andrewf@element.io>
* Resend MatrixRTC encryption keys if a membership has changed
* JSDoc
* Update src/matrixrtc/MatrixRTCSession.ts
Co-authored-by: Andrew Ferrazzutti <andrewf@element.io>
* Add note about using Set. symmetricDifference() when available
* Always store latest fingerprints
Should reduce unnecessary retransmits
* Refactor
---------
Co-authored-by: Andrew Ferrazzutti <andrewf@element.io>
Akin to how legacy call events should be sent in rooms where there is
any ongoing legacy call, send non-legacy events in rooms where there are
only non-legacy calls; else fall back to the config preference.
* Fix hashed ID server lookups with no Olm
It used the hash function from Olm (presumably to work cross-platform)
but subtle crypto is available on node nowadays so we can just use
that.
Refactor existing code that did this out to a common function, add
tests.
* Test the code when crypto is available
* Test case of no crypto available
* Move digest file to src to get it out of the way of the olm / e2e stuff
* Fix import
* Fix error string & doc
* subtle crypto, not webcrypto
* Extract the base64 part
* Fix test
* Move test file too
* Add more doc
* Fix imports
and use them for more reliable MatrixRTC session membership events.
Also implement "parent" delayed events, which were in a previous version
of the MSC and may be reintroduced or be part of a new MSC later.
NOTE: Still missing is support for sending encrypted delayed events.
* Restructure eventsPendingKey to remove sender key
For withheld notices, we don't necessarily receive the sender key, so we'll
jhave to do without it.
* Re-decrypt events when we receive a withheld notice
* Extend test to cover late-arriving withheld notices
* update unit tests
* Be specific about what is considered a MSC4143 call member event.
* review
* check for empty event first
* Optimize for new session type events
If its a session type event we do not want to run two "key in" checks. We expect legacy events to be the less comment type going forward.
* awkward but necessary key count optimization
