Merge pull request #106 from mautrix/sumner/bri-3628

sumnerevans · web-flow · commit 31cc9671f6e7 · 2022-06-22T09:26:22.000-06:00
encryption: add rotation settings and utilities to control them
diff --git a/mautrix/bridge/config.py b/mautrix/bridge/config.py
@@ -102,6 +102,15 @@ def do_update(self, helper: ConfigUpdateHelper) -> None:
         copy("bridge.management_room_text.additional_help")
         copy("bridge.management_room_multiple_messages")
 
+        copy("bridge.encryption.allow")
+        copy("bridge.encryption.default")
+        copy("bridge.encryption.key_sharing.allow")
+        copy("bridge.encryption.key_sharing.require_cross_signing")
+        copy("bridge.encryption.key_sharing.require_verification")
+        copy("bridge.encryption.rotation.enable_custom")
+        copy("bridge.encryption.rotation.milliseconds")
+        copy("bridge.encryption.rotation.messages")
+
         copy("bridge.relay.enabled")
         copy_dict("bridge.relay.message_formats", override_existing_map=False)
 
diff --git a/mautrix/bridge/portal.py b/mautrix/bridge/portal.py
@@ -14,9 +14,10 @@
 import logging
 import time
 
-from mautrix.appservice import DOUBLE_PUPPET_SOURCE_KEY, AppService, IntentAPI
+from mautrix.appservice import AppService, IntentAPI
 from mautrix.errors import MatrixError, MatrixRequestError, MForbidden, MNotFound
 from mautrix.types import (
+    JSON,
     EncryptionAlgorithm,
     EventID,
     EventType,
@@ -321,6 +322,13 @@ async def check_dm_encryption(self) -> bool | None:
             return await self.enable_dm_encryption()
         return None
 
+    def get_encryption_state_event_json(self) -> JSON:
+        evt = RoomEncryptionStateEventContent(EncryptionAlgorithm.MEGOLM_V1)
+        if self.bridge.config["bridge.encryption.rotation.enable_custom"]:
+            evt.rotation_period_ms = self.bridge.config["bridge.encryption.rotation.milliseconds"]
+            evt.rotation_period_msgs = self.bridge.config["bridge.encryption.rotation.messages"]
+        return evt.serialize()
+
     async def enable_dm_encryption(self) -> bool:
         self.log.debug("Inviting bridge bot to room for end-to-bridge encryption")
         try:
@@ -330,7 +338,7 @@ async def enable_dm_encryption(self) -> bool:
                 await self.main_intent.send_state_event(
                     self.mxid,
                     EventType.ROOM_ENCRYPTION,
-                    RoomEncryptionStateEventContent(EncryptionAlgorithm.MEGOLM_V1),
+                    self.get_encryption_state_event_json(),
                 )
         except Exception:
             self.log.warning(f"Failed to enable end-to-bridge encryption", exc_info=True)
