Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

e2e key backups #684

Merged
merged 47 commits into from
Nov 21, 2018
Merged

e2e key backups #684

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
47 commits
Select commit Hold shift + click to select a range
fb1b554
initial pseudocode WIP for e2e online backups
ara4n Jan 15, 2018
e0c9b99
blindly move crypto.suggestKeyRestore over to /sync
ara4n Jan 18, 2018
69204d4
Merge branch 'develop' into matthew/e2e_backups
ara4n May 27, 2018
d556189
initial implementation of e2e key backup and restore
uhoreg Aug 8, 2018
1faf477
fix formatting and fix authedRequest usage
uhoreg Aug 23, 2018
fb8efe3
initial draft of API for working with backup versions
uhoreg Aug 23, 2018
75107f9
pass in key rather than decryption object to restoreKeyBackups
uhoreg Aug 23, 2018
e5ec479
check that crypto is enabled
uhoreg Aug 23, 2018
73e294b
add copyright header to backup.spec
uhoreg Aug 23, 2018
ec5fff2
Merge branch 'e2e_backups' of git://github.com/uhoreg/matrix-js-sdk i…
dbkr Aug 24, 2018
017f81e
fix some bugs
uhoreg Aug 24, 2018
bf873bd
split the backup version creation into two different methods
uhoreg Aug 25, 2018
29db856
Merge branch 'e2e_backups' of git://github.com/uhoreg/matrix-js-sdk i…
dbkr Sep 11, 2018
72bd51f
Merge remote-tracking branch 'origin/develop' into uhoreg-e2e_backups
dbkr Sep 11, 2018
3838fab
WIP e2e key backup support
dbkr Sep 13, 2018
e789747
Check sigs on e2e backup & enable it if we can
dbkr Sep 14, 2018
073fb73
Make multi-room key restore work
dbkr Sep 17, 2018
009430e
Add isValidRecoveryKey
dbkr Sep 17, 2018
f75d188
Soe progress on linting
dbkr Sep 17, 2018
3af9af9
More linting
dbkr Sep 17, 2018
54c443a
Make tests pass
dbkr Sep 18, 2018
e4bb37b
Fix lint mostly
dbkr Sep 18, 2018
0bad7b2
Fix lint
dbkr Sep 18, 2018
a78825e
Bump to Olm 2.3.0 for PkEncryption
dbkr Sep 18, 2018
1b62a21
Free PkEncryption/Decryption objects
dbkr Sep 18, 2018
2f4c1df
Test all 3 code paths on backup restore
dbkr Sep 18, 2018
c556ca4
Support Olm with WebAssembly
dbkr Sep 25, 2018
63cc3fd
lint
dbkr Sep 25, 2018
33ad65a
Don't assume Olm will be available from start
dbkr Sep 26, 2018
e9b0aca
Merge remote-tracking branch 'origin/develop' into dbkr/e2e_backups
dbkr Oct 2, 2018
ce2058a
Merge branch 'dbkr/wasm' into dbkr/e2e_backups
dbkr Oct 2, 2018
7cd101d
Fix recovery key format
dbkr Oct 2, 2018
262ace1
commit the recovery key util file
dbkr Oct 3, 2018
258adda
retry key backups when they fail
uhoreg Oct 4, 2018
89c3f6f
Merge remote-tracking branch 'origin/develop' into dbkr/e2e_backups
dbkr Oct 5, 2018
b3fe05e
Merge remote-tracking branch 'origin/develop' into dbkr/e2e_backups
dbkr Oct 9, 2018
59e6066
Replace base58check with a simple parity check
dbkr Oct 9, 2018
ada4b6e
Lint
dbkr Oct 9, 2018
da65f43
wrap backup sending in a try, and add delays
uhoreg Oct 10, 2018
fc59bc2
add localstorage support for key backups
uhoreg Oct 10, 2018
3957006
Merge remote-tracking branch 'upstream/dbkr/e2e_backups' into e2e_bac…
uhoreg Oct 11, 2018
9b12c22
de-lint plus some minor fixes
uhoreg Oct 12, 2018
91fb7b0
fix unit tests for backup recovery
uhoreg Oct 12, 2018
d49c0a1
more de-linting and fixing
uhoreg Oct 12, 2018
40d0a82
remove accidental change to eslintrc
uhoreg Oct 12, 2018
434ac86
properly fill out the is_verified and first_message_index fields
uhoreg Oct 19, 2018
322ef1f
update backup algorithm name to agree with the proposal
uhoreg Oct 22, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
41 changes: 40 additions & 1 deletion src/crypto/DeviceList.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,9 @@ export default class DeviceList {
// }
this._devices = {};

// map of identity keys to the user who owns it
this._userByIdentityKey = {};

// which users we are tracking device status for.
// userId -> TRACKING_STATUS_*
this._deviceTrackingStatus = {}; // loaded from storage in load()
Expand Down Expand Up @@ -128,6 +131,19 @@ export default class DeviceList {
deviceData.trackingStatus : {};
this._syncToken = deviceData ? deviceData.syncToken : null;
}
this._userByIdentityKey = {};
for (const user in this._devices) {
if (!this._devices.hasOwnProperty(user)) {
continue;
}
const userDevices = this._devices[user];
for (const device in userDevices) {
if (!userDevices.hasOwnProperty(device)) {
continue;
}
this._userByIdentityKey[userDevices[device].senderKey] = user;
}
}
});
},
);
Expand Down Expand Up @@ -357,13 +373,24 @@ export default class DeviceList {
/**
* Find a device by curve25519 identity key
*
* @param {string} userId owner of the device
* @param {string} userId owner of the device (optional)
* @param {string} algorithm encryption algorithm
* @param {string} senderKey curve25519 key to match
*
* @return {module:crypto/deviceinfo?}
*/
getDeviceByIdentityKey(userId, algorithm, senderKey) {
if (arguments.length === 2) {
// if userId is omitted, shift the other arguments, and look up the
// userid
senderKey = algorithm;
algorithm = userId;
userId = this._userByIdentityKey[senderKey];
if (!userId) {
return null;
}
}

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a bit magic, but given the name of the function I can't really suggest anything better. Maybe in the future we can deprecate the 3 arg usage of this function altogether.

if (
algorithm !== olmlib.OLM_ALGORITHM &&
algorithm !== olmlib.MEGOLM_ALGORITHM
Expand Down Expand Up @@ -409,6 +436,12 @@ export default class DeviceList {
*/
storeDevicesForUser(u, devs) {
this._devices[u] = devs;
for (const device in devs) {
if (!devs.hasOwnProperty(device)) {
continue;
}
this._userByIdentityKey[devs[device].senderKey] = u;
}
this._dirty = true;
}

Expand Down Expand Up @@ -526,6 +559,12 @@ export default class DeviceList {
*/
_setRawStoredDevicesForUser(userId, devices) {
this._devices[userId] = devices;
for (const device in devices) {
if (!devices.hasOwnProperty(device)) {
continue;
}
this._userByIdentityKey[devices[device].senderKey] = userId;
}
}

/**
Expand Down
1 change: 1 addition & 0 deletions src/crypto/OlmDevice.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1119,6 +1119,7 @@ OlmDevice.prototype.exportInboundGroupSession = function(
"session_id": sessionId,
"session_key": session.export_session(messageIndex),
"forwarding_curve25519_key_chain": session.forwardingCurve25519KeyChain || [],
"first_known_index": session.first_known_index(),
};
});
};
Expand Down
17 changes: 13 additions & 4 deletions src/crypto/index.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -940,6 +940,7 @@ Crypto.prototype.exportRoomKeys = async function() {
const sess = this._olmDevice.exportInboundGroupSession(
s.senderKey, s.sessionId, s.sessionData,
);
delete sess.first_known_index;
sess.algorithm = olmlib.MEGOLM_ALGORITHM;
exportedSessions.push(sess);
});
Expand Down Expand Up @@ -1002,13 +1003,21 @@ Crypto.prototype._maybeSendKeyBackup = async function() {
sessionData.algorithm = olmlib.MEGOLM_ALGORITHM;
delete sessionData.session_id;
delete sessionData.room_id;
const firstKnownIndex = sessionData.first_known_index;
delete sessionData.first_known_index;
const encrypted = this.backupKey.encrypt(JSON.stringify(sessionData));

const forwardedCount =
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is no forwardingCurve25519KeyChain field in the dict returned by exportInboundGroupSession but forwarding_curve25519_key_chain.

The mix of forwarding_curve25519_key_chain and forwardingCurve25519KeyChain in the js code makes me terrified.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good spot - turns out this was completely broken

(sessionData.forwardingCurve25519KeyChain || []).length;

const device = this._deviceList.getDeviceByIdentityKey(
olmlib.MEGOLM_ALGORITHM, session.senderKey,
);

data[roomId]['sessions'][session.sessionId] = {
first_message_index: 1, // FIXME
forwarded_count:
(sessionData.forwardingCurve25519KeyChain || []).length,
is_verified: false, // FIXME: how do we determine this?
first_message_index: firstKnownIndex,
forwarded_count: forwardedCount,
is_verified: !!(device && device.isVerified()),
session_data: encrypted,
};
}
Expand Down