Implement a way to ensure SSSS setup before providing access to chats

[TheOneWithTheBraid]

Preflight Checklist

• I could not find a solution in the existing issues, docs, nor discussions

Describe your problem

As a matrix client developer in healthcare, I try to make matrix clients as easy to use as possible. I want users not to notice it is technically possible to send messages from an unverified session. I therefore want to ensure a session has encryption set up, SSSS access and is cross signed before allowing the users to actually see their chats, conversations or whatever other information. I'd also expect this to seamlessly work when the user closes the application during SSSS bootstrap or key verification e.g. because they notice their other device is not right available or they're looking for the recovery key somewhere.

Describe your ideal solution

As a matrix client developer, I'd like to have a high-level stream similar to the login state I can listen on. The stream should always provide the current session bootstrap state containing the information from :

• Client.isUnknownSession
• CrossSigning.isCached()
• KeyManager.isCached()

Such a class could look like :

class SessionEncryptionHealth {

  final bool crossSigningCached;
  final bool keyManagerCached;
  final bool isUnknownSession;

  const SessionEncryptionHealth({
    required this.crossSigningCached,
    required this.keyManagerCached,
    required this.isUnknownSession,
  });

  bool get isAuthorized => crossSigningCached && keyManagerCached && !isUnknownSession;
}

This stream should work a) when offline and provide the best guess about the health state, b) provide information as early as possible (likely before Client.init() eventually completes the first sync asynchronously) and c) update with every change of the corresponding information.

As a client developer, I can thereafter wait for a healthy state according to the new stream and simplify the UI logic enforcing verified sessions.

Version

matrix Dart SDK v0.38.0

Security requirements

I guess this is actually a good simplification approach for present session verification mechanisms and therefore encryption health for all matrix clients making use of it.

Additional Context

Customer: x-tention

[krille-chan]

For reference, right now to check if we need to do a bootstrap, we do something like this:

  Future<void> _checkBootstrap() async {
    final encryption = client.encryption;
    if (encryption == null) return;
    await waitForFirstSync;
    final keysCached = await encryption.keyManager.isCached();
    final crossSigningCached = await encryption.crossSigning.isCached();
    Logs().v('''
SSSS enabled: ${encryption.keyManager.enabled},
Keys cached: $keysCached,
Cross Signing enabled: ${encryption.crossSigning.enabled},
Cross Signing cached $crossSigningCached
''');
    if (encryption.keyManager.enabled &&
        keysCached &&
        encryption.crossSigning.enabled &&
        crossSigningCached) {
      print('Enforce bootstrap...');
      return;
    }

And you would like to have this simplified as something like:

final state = await client.getSessionCrossSigningState();
if (state.needsBootstrap) {
      print('Enforce bootstrap...');
      return;
}

Right?

[TheOneWithTheBraid]

Well, that's not exactly a good solution. I'd rather like to see it as a stream I do not need to actively check each time I wanna ensure my user is completely bootstrapped. The SDK should permanently provide me with the current cross signing state so that I can leave out eventual async logic causing waiting time for the user. A Stream<SessionEncryptionHealth> would be my preferred solution.

[krille-chan]

Well, that's not exactly a good solution. I'd rather like to see it as a stream I do not need to actively check each time I wanna ensure my user is completely bootstrapped. The SDK should permanently provide me with the current cross signing state so that I can leave out eventual async logic causing waiting time for the user. A Stream<SessionEncryptionHealth> would be my preferred solution.

hm, 🤔 you can actually already achieve this by yourself in the app by listening on account data updates from Client.onSync.stream.where(...). I'm not sure if the sdk is the best place for it. I would prefer to prevent implementing even more feature creep into it, especially when not all sdk consumers would benefit from it. Our apps Famedly and FluffyChat just check bootstrap on app start (actually in the Room List Page initializer) and it works fine for our use case.

[krille-chan]

We talked about it in the meeting. As a start we try to make the current async methods to check the ssss state synchroniously. We load the stuff from the database on client init then