-
-
Notifications
You must be signed in to change notification settings - Fork 580
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
e2e key backups #684
e2e key backups #684
Conversation
src/client.js
Outdated
keys.push(key); | ||
return this.importRoomKeys(keys); | ||
} else { | ||
callback("aargh!"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we might need to do better than aargh ;)
@dbkr here is the initial draft of the API. I haven't really tested it to see if it actually works yet -- this is mainly to give a general idea of what the API might look like (and to give a somewhat plausible implementation). If you have any suggestions for improving the API (especially to make it fit in better with the rest of the SDK), let me know. As far as implementation goes, I'm guessing you'll probably want to just replace things with stubs when you're doing the UI work, until I get it all working and tested. The general idea is that you would call To restore from the key backup, you would call You can also delete keys from the backup by calling Currently missing are:
|
…nto uhoreg-e2e_backups
…nto uhoreg-e2e_backups
Continues from uhoreg's branch
Add method to check if a given string is a valid recovery key
wasm Olm has a new interface: it now has an init method that needs to be called and the promise it returns waited on before the Olm module is used. Support that, and allow Crypto etc to be imported whether Olm is enabled or not. Change whether olm is enabled to be async since now it will be unavailable if the async module init fails. Don't call getOlmVersion() until the Olm.init() is done.
By doing `Olm = global.Olm` on script load, we require that Olm is available right from the start, which isn't really necessary. As long as it appears some time before we actually want to use it, this is fine (we can probably assume it's not going to go away again..?) This means Riot doesn't need to faff about making sure olm is loaded before starting anything else.
base58check seems way overcomplicated for this purpose (plus the module was exporting an es6 file, breaking the js-sdk build). A parity check empirically detects single substitution and transposition errors. Another option would be Luhn's algorithm.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looking good. Remaining things I think:
- Remove XXXs from
matrix-js-sdk/src/crypto/algorithms/megolm.js
Line 852 in 258adda
// XXX: No retries on this at all: if this request dies for whatever - Localstorage crypto store (for Firefox in private mode).
- We should also trigger a backup from
matrix-js-sdk/src/crypto/algorithms/megolm.js
Line 969 in 258adda
MegolmDecryption.prototype.importRoomKey = function(session) {
sessionData: sessionGetReq.result.session | ||
}); | ||
} | ||
//sessions.push(cursor.value); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should probably remove this
const objectStore = txn.objectStore("sessions_needing_backup"); | ||
return Promise.all(sessions.map((session) => { | ||
return new Promise((resolve, reject) => { | ||
console.log(session); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
stray debug logging
src/crypto/index.js
Outdated
} | ||
); | ||
|
||
this._maybeSendKeyBackup(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should await on this so the backupAllGroupSessions
promise doesn't complete until the backup is done
src/crypto/index.js
Outdated
sessionId: sessionId, | ||
}]); | ||
|
||
this._maybeSendKeyBackup(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
probably worth await
ing on this too? Actually possibly not: when we call it from megolm we only want to wait for it to be saved to indexeddb, not actually backed up. worth a comment though.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actually, I think it does make sense to await here, and then remove the awaits from megolm.
src/crypto/index.js
Outdated
// FIXME: pause | ||
} | ||
} while (!successful); | ||
// FIXME: pause between iterations? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
to consolidate my comments from the individual commits, we should put the pause in, or just stop & retry next time a backup is triggered which would be my inclination.
lgtm once new Olm is released |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Argh! Why can't I "Request changes" on my own PR. :(
src/crypto/index.js
Outdated
const encrypted = this.backupKey.encrypt(JSON.stringify(sessionData)); | ||
|
||
data[roomId]['sessions'][session.sessionId] = { | ||
first_message_index: 1, // FIXME |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Comment to make sure I don't keep forgetting to fix this
return null; | ||
} | ||
} | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a bit magic, but given the name of the function I can't really suggest anything better. Maybe in the future we can deprecate the 3 arg usage of this function altogether.
}, | ||
); | ||
|
||
await this._maybeSendKeyBackup(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
backupAllGroupSessions
is called on user action but _maybeSendKeyBackup
can delay its actual execution randomly up to 10s.
In the context of this function, we would like _maybeSendKeyBackup
to start ASAP.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
NB. I've added a delay param in #736
delete sessionData.first_known_index; | ||
const encrypted = this.backupKey.encrypt(JSON.stringify(sessionData)); | ||
|
||
const forwardedCount = |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There is no forwardingCurve25519KeyChain field in the dict returned by exportInboundGroupSession but forwarding_curve25519_key_chain.
The mix of forwarding_curve25519_key_chain and forwardingCurve25519KeyChain in the js code makes me terrified.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good spot - turns out this was completely broken
@@ -956,6 +973,18 @@ MegolmDecryption.prototype.importRoomKey = function(session) { | |||
session.sender_claimed_keys, | |||
true, | |||
).then(() => { | |||
if (this._crypto.backupInfo) { | |||
// don't wait for it to complete | |||
this._crypto.backupGroupSession( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If this method is called because we are restoring keys from the current backup session, it looks inefficient to send back up the key to the homeserver.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, at some point we may want to flag keys that came from the backup in the first place (and what version)
replaced by #736 |
Follow-on work to #595