Add option to not rotate keys when devices change

Author: tulir

mautrix/bridge/config.py

@@ -166,6 +166,7 @@ def do_update(self, helper: ConfigUpdateHelper) -> None:
         copy("bridge.encryption.rotation.enable_custom")
         copy("bridge.encryption.rotation.milliseconds")
         copy("bridge.encryption.rotation.messages")
+        copy("bridge.encryption.rotation.disable_device_change_key_rotation")
 
         copy("bridge.relay.enabled")
         copy_dict("bridge.relay.message_formats", override_existing_map=False)

mautrix/bridge/e2ee.py

@@ -123,6 +123,9 @@ def __init__(
             self.crypto.delete_fully_used_keys_on_decrypt = del_cfg["delete_fully_used_on_decrypt"]
             self.crypto.delete_keys_on_device_delete = del_cfg["delete_on_device_delete"]
             self.periodically_delete_expired_keys = del_cfg["periodically_delete_expired"]
+        self.crypto.disable_device_change_key_rotation = bridge.config[
+            "bridge.encryption.rotation.disable_device_change_key_rotation"
+        ]
 
     async def _exit_on_sync_fail(self, data) -> None:
         if data["error"]:

mautrix/crypto/base.py

@@ -56,6 +56,7 @@ class BaseOlmMachine:
     ratchet_keys_on_decrypt: bool
     delete_fully_used_keys_on_decrypt: bool
     delete_keys_on_device_delete: bool
+    disable_device_change_key_rotation: bool
 
     # Futures that wait for responses to a key request
     _key_request_waiters: dict[SessionID, asyncio.Future]

mautrix/crypto/device_lists.py

@@ -244,6 +244,8 @@ async def get_or_fetch_device_by_key(
         return None
 
     async def on_devices_changed(self, user_id: UserID) -> None:
+        if self.disable_device_change_key_rotation:
+            return
         shared_rooms = await self.state_store.find_shared_rooms(user_id)
         self.log.debug(
             f"Devices of {user_id} changed, invalidating group session in {shared_rooms}"

mautrix/crypto/machine.py

@@ -83,6 +83,7 @@ def __init__(
         self.ratchet_keys_on_decrypt = False
         self.delete_fully_used_keys_on_decrypt = False
         self.delete_keys_on_device_delete = False
+        self.disable_device_change_key_rotation = False
 
         self._fetch_keys_lock = asyncio.Lock()
         self._megolm_decrypt_lock = asyncio.Lock()