feat(crypto): Add support for encrypted state events to matrix-sdk-crypto
#5539
Conversation
CodSpeed Performance ReportMerging #5539 will not alter performanceComparing Summary
|
kaylendog
requested review from
bnjbvr,
andybalaam and
richvdh
and removed request for
a team and
bnjbvr
kaylendog
force-pushed
the
kaylendog/msc3414/crypto
branch
from
17818dd to
ec54819
Compare
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #5539 +/- ##
==========================================
+ Coverage 88.59% 88.61% +0.02%
==========================================
Files 340 340
Lines 93836 93847 +11
Branches 93836 93847 +11
==========================================
+ Hits 83133 83164 +31
+ Misses 6572 6552 -20
Partials 4131 4131 ☔ View full report in Codecov by Sentry. |
kaylendog
requested review from
richvdh and
andybalaam
and removed request for
andybalaam
This commit also refactors out what would be common code between ::encrypt and ::encrypt_state to a helper ::encrypt_inner. Signed-off-by: Skye Elliot <[email protected]>
Signed-off-by: Skye Elliot <[email protected]>
Signed-off-by: Skye Elliot <[email protected]>
Modifies `OlmMachine::decrypt_room_event_inner` to call a new method `OlmMachine::verify_packed_state_key` which, if the event is a state event, verifies that the original event's state key, when unpacked, matches the state key and event type in the decrypted event content. Introduces MegolmError::StateKeyVerificationFailed and UnableToDecryptReason::StateKeyVerificationFailed which are thrown when the verification fails. Signed-off-by: Skye Elliot <[email protected]>
kaylendog
force-pushed
the
kaylendog/msc3414/crypto
branch
from
9ae4a3a to
84ebbd9
Compare
| @@ -727,6 +732,174 @@ async fn test_megolm_encryption() { | |||
| } | |||
| } | |||
|
|
|||
| #[cfg(feature = "experimental-encrypted-state-events")] | |||
There was a problem hiding this comment.
It would be nice to add a doc-comment explaining what this does. Something like: "Helper for testing Megolm encryption and decryption between two devices. Creates two devices, Alice and Bob, and has Alice create an outgoing Megolm session in the given room, whose decryption key is shared with Bob via a to-device message. Returns the two devices."
There was a problem hiding this comment.
Also: I think this is common to test_megolm_encryption as well? I don't think there is any problem with removing the cfg guard and using it from there: it will help break up that rather big test method into more digestible chunks.
| #[cfg(feature = "experimental-encrypted-state-events")] | ||
| #[async_test] | ||
| async fn test_megolm_state_encryption_bad_type() { |
There was a problem hiding this comment.
A doc-comment giving a couple of words on what this is testing would be helpful.
"When the type encoded in the top-level state_key does not match that in the payload, the event should fail to decrypt."
Likewise on test_megolm_state_encryption_bad_state_key
| let encrypted_content = | ||
| alice.encrypt_state_event(room_id, content, EmptyStateKey).await.unwrap(); | ||
|
|
||
| // Malformed events |
There was a problem hiding this comment.
This is a bit confusing/redundant now.
| // Malformed events |
| .await | ||
| .unwrap(); | ||
|
|
||
| // Require malformed events fail verification |
There was a problem hiding this comment.
this doesn't seem to make sense, and I don't think it's needed
Depends on #5511, #5512 and #5523.
OutboundGroupSession::encrypt_state.GroupSessionManager::encrypt_stateand a private helper function::encrypt_inner.OlmMachine::encrypt_state_eventand::encrypt_state_event_raw.OlmMachine::decrypt_room_event_inner.