Fix parsing bridge e2ee key sharing config

Author: tulir

CHANGELOG.md

@@ -1,3 +1,8 @@
+## v0.17.8 (unreleased)
+
+* *(crypto)* Fixed parsing `/keys/claim` responses with no `failures` field.
+* *(bridge)* Fixed parsing e2ee key sharing allow/minimum level config.
+
 ## v0.17.7 (2022-08-22)
 
 * *(util.async_db)* Added `init_commands` to run commands on each SQLite

mautrix/bridge/e2ee.py

@@ -61,6 +61,7 @@ class EncryptionManager:
     min_send_trust: TrustState
     min_share_trust: TrustState
     min_receive_trust: TrustState
+    key_sharing_enabled: bool
 
     bridge: br.Bridge
     az: AppService
@@ -76,7 +77,6 @@ def __init__(
         user_id_prefix: str,
         user_id_suffix: str,
         db_url: str,
-        key_sharing_config: dict[str, bool] = None,
     ) -> None:
         self.loop = bridge.loop or asyncio.get_event_loop()
         self.bridge = bridge
@@ -85,7 +85,6 @@ def __init__(
         self._id_prefix = user_id_prefix
         self._id_suffix = user_id_suffix
         self._share_session_events = {}
-        self.key_sharing_config = key_sharing_config or {}
         pickle_key = "mautrix.bridge.e2ee"
         self.crypto_db = Database.create(
             url=db_url,
@@ -112,16 +111,15 @@ def __init__(
         self.min_receive_trust = TrustState.parse(verification_levels["receive"])
         self.crypto.share_keys_min_trust = self.min_share_trust
         self.crypto.send_keys_min_trust = self.min_receive_trust
+        self.key_sharing_enabled = bridge.config["bridge.encryption.allow_key_sharing"]
 
     async def _exit_on_sync_fail(self, data) -> None:
         if data["error"]:
             self.log.critical("Exiting due to crypto sync error")
             sys.exit(32)
 
     async def allow_key_share(self, device: DeviceIdentity, request: RequestedKeyInfo) -> bool:
-        require_verification = self.key_sharing_config.get("require_verification", True)
-        allow = self.key_sharing_config.get("allow", False)
-        if not allow:
+        if not self.key_sharing_enabled:
             self.log.debug(
                 f"Key sharing not enabled, ignoring key request from "
                 f"{device.user_id}/{device.device_id}"
@@ -134,7 +132,7 @@ async def allow_key_share(self, device: DeviceIdentity, request: RequestedKeyInf
                 code=RoomKeyWithheldCode.BLACKLISTED,
                 reason="You have been blacklisted by this device",
             )
-        elif device.trust == TrustState.VERIFIED or not require_verification:
+        elif device.trust >= self.crypto.share_keys_min_trust:
             portal = await self.bridge.get_portal(request.room_id)
             if portal is None:
                 raise RejectKeyShare(

mautrix/bridge/matrix.py

@@ -182,7 +182,6 @@ def __init__(
                 user_id_suffix=self.user_id_suffix,
                 homeserver_address=self.config["homeserver.address"],
                 db_url=self.config["appservice.database"],
-                key_sharing_config=self.config["bridge.encryption.key_sharing"],
             )
             self.require_e2ee = self.config["bridge.encryption.require"]
 

mautrix/crypto/key_share.py

@@ -76,18 +76,12 @@ async def default_allow_key_share(
                 code=RoomKeyWithheldCode.BLACKLISTED,
                 reason="You have been blacklisted by this device",
             )
-        elif device.trust == TrustState.VERIFIED:
-            self.log.debug(f"Accepting key request from verified device {device.device_id}")
-            return True
-        elif self.share_to_unverified_devices:
-            self.log.debug(
-                f"Accepting key request from unverified device {device.device_id}, "
-                f"as share_to_unverified_devices is True"
-            )
+        elif device.trust >= self.share_keys_min_trust:
+            self.log.debug(f"Accepting key request from trusted device {device.device_id}")
             return True
         else:
             raise RejectKeyShare(
-                f"Rejecting key request from unverified device {device.device_id}",
+                f"Rejecting key request from untrusted device {device.device_id}",
                 code=RoomKeyWithheldCode.UNVERIFIED,
                 reason="You have not been verified by this device",
             )