* Make doc clearer on getCrossSigningKeyId
I was trying to work out why this was being used in a check. It
turns out it only returns the key ID if the private part is stored
locally, which seems very much non-obvious.
* Better doc
* Formatting & clarity
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
---------
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Update src with globalThis
* Update spec with globalThis
* Replace in more spec/ places
* More changes to src/
* Add a linter rule for global
* Prettify
* lint
* Include HTTP response headers in MatrixError
* Lint
* Support MSC4041 / Retry-After header
* Fix tests
* Remove redundant MatrixError parameter properties
They are inherited from HTTPError, so there is no need to mark them as
parameter properties.
* Comment that retry_after_ms is deprecated
* Properly handle colons in XHR header values
Also remove the negation in the if-condition for better readability
* Improve Retry-After parsing and docstring
* Revert ternary operator to if statements
for readability
* Reuse resolved Headers for Content-Type parsing
* Treat empty Content-Type differently from null
* Add MatrixError#isRateLimitError
This is separate from MatrixError#getRetryAfterMs because it's possible
for a rate-limit error to have no Retry-After time, and having separate
methods to check each makes that more clear.
* Ignore HTTP status code when getting Retry-After
because status codes other than 429 may have Retry-After
* Catch Retry-After parsing errors
* Add test coverage for HTTP error headers
* Update license years
* Move safe Retry-After lookup to global function
so it can more conveniently check if an error is a MatrixError
* Lint
* Inline Retry-After header value parsing
as it is only used in one place and doesn't need to be exported
* Update docstrings
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Use bare catch
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Give HTTPError methods for rate-limit checks
and make MatrixError inherit them
* Cover undefined errcode in rate-limit check
* Update safeGetRetryAfterMs docstring
Be explicit that errors that don't look like rate-limiting errors will
not pull a retry delay value from the error.
* Use rate-limit helper functions in more places
* Group the header tests
---------
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Add CryptoApi. encryptToDeviceMessages
Deprecate Crypto. encryptAndSendToDevices and MatrixClient. encryptAndSendToDevices
* Overload MatrixClient. encryptAndSendToDevices instead of deprecating
* Revert "Overload MatrixClient. encryptAndSendToDevices instead of deprecating"
This reverts commit 6a0d8e2638.
* Feedback from code review
* Use temporary pre-release build of @matrix-org/matrix-sdk-crypto-wasm
* Deduplicate user IDs
* Test for RustCrypto implementation
* Use ensureSessionsForUsers()
* Encrypt to-device messages in parallel
* Use release version of matrix-sdk-crypto-wasm
* Upgrade matrix-sdk-crypto-wasm to v8
* Sync with develop
* Add test for olmlib CryptoApi
* Fix link
* Feedback from review
* Move libolm implementation to better place in file
* FIx doc
* Integration test
* Make sure test device is known to client
* Feedback from review
* Do not rotate MatrixRTC media encryption key when a new member joins a call
This change reverts https://github.com/matrix-org/matrix-js-sdk/pull/4422.
Instead, the rotation when a new member joins will be reintroduced as part of supporting to-device based MatrixRTC encryption key distribution.
* Improve function name
We used to use the notation `<sender key>|<megolm session id>` fairly widely in
log messages, but since the transition to rust crypto, it's unusual and now
somewhat confusing. Make the log messages more explicit.
* Refactor/simplify Promises in MatrixRTCSession
* Update src/matrixrtc/MatrixRTCSession.ts
Co-authored-by: Hugh Nimmo-Smith <hughns@users.noreply.github.com>
* Fix+document+test leaveRoomSession's return value
* Throw instead of using expect in teardown
because lint rules forbid using expect outside of test functions
---------
Co-authored-by: Hugh Nimmo-Smith <hughns@users.noreply.github.com>
* Prepare delayed call leave events more reliably
- Try sending call join after preparing delayed leave
- On leave, send delayed leave instead of a new event
* Don't rely on errcodes for retry logic
because they are unavailable in widget mode
* Make arrow method readonly
SonarCloud rule typescript:S2933
* Test coverage for restarting delayed call leave
* Remove unneeded unstable_features mock
It's unneeded because all affected methods are mocked
* Fix DelayedEventInfo type
for MSC4140's GET /delayed_events
* Satisfy linter while avoiding unaligned indents
* Remove transaction_id from DelayedEventInfo
See matrix-org/matrix-spec-proposals@883e6b5d
* Move used Crypto event into crypto api
* Use new crypto events in rust crypto
* Remove `WillUpdateDevices` event from CryptoApi
* Use new crypto events in old crypto events
* Compute type of CryptoEvent enum
* Rename CryptoEvent and CryptoEventHandlerMap as legacy
* - Rename `RustCryptoEvent` as `CryptoEvent`
- Declare `CryptoEventHandlerMap` into the crypto api
* Add `WillUpdateDevices` back to new crypto events to avoid circular imports between old crypto and the cryto api
* Extends old crypto handler map with the new crypto map
* Review fixes
* Add more explicit documentations
Currently the crypto-api hierarchy is exposed only as a `Crypto` namespace
under the "matrix" entrypoint in the documentation.
This isn't really right: it's meant to be a separate entrypoint (in the same
way as `types`, `testing` and `utils` are). This PR fixes that problem.
* Move `SecretEncryptedPayload` in `src/utils/@types`
* Move `encryptAES` to a dedicated file. Moved in a utils folder.
* Move `deriveKeys` to a dedicated file in order to share it
* Move `decryptAES` to a dedicated file. Moved in a utils folder.
* Move `calculateKeyCheck` to a dedicated file. Moved in a utils folder.
* Remove AES functions in `aes.ts` and export new ones for backward compatibility
* Update import to use new functions
* Add `src/utils` entrypoint in `README.md`
* - Rename `SecretEncryptedPayload` to `AESEncryptedSecretStoragePayload`.
- Move into `src/@types`
* Move `calculateKeyCheck` into `secret-storage.ts`.
* Move `deriveKeys` into `src/utils/internal` folder.
* - Rename `encryptAES` on `encryptAESSecretStorageItem`
- Change named export by default export
* - Rename `decryptAES` on `decryptAESSecretStorageItem`
- Change named export by default export
* Update documentation
* Update `decryptAESSecretStorageItem` doc
* Add lnk to spec for `calculateKeyCheck`
* Fix downstream tests
* crypto: configure key sharing strategy based on deviceIsolationMode
fix eslint import error
cryptoMode was renamed to deviceIsolationMode
post rebase fix: Device Isolation mode name changes
* Fix outdated docs referring to old cryptomode
* code review: better comment for globalBlacklistUnverifiedDevices option
* RoomEncryptor: Use appropriate default for getBlacklistUnverifiedDevices
* do not provide a default value for DeviceIsolationMode for encryption
* Update src/rust-crypto/RoomEncryptor.ts
---------
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
This method is impossible to use securely, and so is being removed. (It also
didn't work under Rust cryptography.)
In future, this functionality may be re-introduced in a safer way, but doing so
will probably require updates to the MSC.
* Update dependency typescript to v5.6.2
* Fix TS errors
* Update minimal version of TS to `5.4.2` since the code is not compliant with an older version.
* Review fixes
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Florian Duros <florian.duros@ormaz.fr>
Co-authored-by: Florian Duros <florianduros@element.io>
* Update OIDC registration types to match latest MSC2966 state
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Add comment
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
---------
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Implement `UserVerificationStatus.needsUserApproval`
Expose the `identityNeedsUserApproval` flag from the rust crypto crate.
* Add CryptoApi.pinCurrentUserIdentity
Expose `pinCurrentMasterKey` from the rust crypto api.
* Test data: add second cross-signing key for Bob
* Add tests for verification status
* Update typedoc
* Don't link a private method in tsdoc of a public method
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Florian Duros <florian.duros@ormaz.fr>
* Don't share full key history for RTC per-participant encryption
Also record stats for how many keys have been sent/received and age of those received
* Update src/matrixrtc/MatrixRTCSession.ts
Co-authored-by: Robin <robin@robin.town>
* Add comment about why we track total age of events
---------
Co-authored-by: Robin <robin@robin.town>
This is in line with the other information we're already exposing, such as the event's sender and timestamp. We want this in order to play around with adding reactions to the membership event.
