Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Request and respond to key sharing for backup key as well #12704

Closed
jryans opened this issue Mar 12, 2020 · 5 comments · Fixed by matrix-org/matrix-js-sdk#1291
Closed

Request and respond to key sharing for backup key as well #12704

jryans opened this issue Mar 12, 2020 · 5 comments · Fixed by matrix-org/matrix-js-sdk#1291
Assignees
@dbkr
Labels
A-E2EE-Cross-Signing

Comments

@jryans
Copy link
Collaborator

jryans commented Mar 12, 2020
edited
Loading

Similar to USK and SSK, we should also request and respond to the key backup key in 4S as well.
@jryans jryans changed the title Request and response key sharing for backup key as well Request and respond to key sharing for backup key as well Mar 12, 2020
@foldleft foldleft self-assigned this Mar 17, 2020
@foldleft foldleft mentioned this issue Mar 19, 2020
Merged
@foldleft foldleft mentioned this issue Mar 24, 2020
Merged
@dbkr dbkr assigned dbkr and foldleft and unassigned foldleft and dbkr Mar 24, 2020
@foldleft foldleft mentioned this issue Mar 25, 2020
Closed
@foldleft
Copy link
Contributor

foldleft commented Mar 25, 2020
edited
Loading

we can see what's cached with await mxMatrixClientPeg.get().restoreKeyBackupWithCache(undefined, undefined, await mxMatrixClientPeg.get().getKeyBackupVersion())

If this throws, it means no cached key was available.

edit: or await mxMatrixClientPeg.get()._crypto.getSessionBackupPrivateKey() of course

@foldleft
Copy link
Contributor

I'm using this diff so I can run tests quickly:

diff --git a/src/components/structures/MatrixChat.js b/src/components/structures/MatrixChat.js
index 52002f059..fc6c9b1d6 100644
--- a/src/components/structures/MatrixChat.js
+++ b/src/components/structures/MatrixChat.js
@@ -1504,6 +1504,20 @@ export default createReactClass({
                 { failures, source, continuation });
         });
 
+        // XXX: probably don't commit?
+        // This is just so I can go right to the dialog
+        cli.on("restorekeybackup", () => {
+            const RestoreKeyBackupDialog =
+                sdk.getComponent('dialogs.keybackup.RestoreKeyBackupDialog');
+            Modal.createDialog(
+                RestoreKeyBackupDialog,
+                null, /* Props */
+                null, /* className */
+                false, /* Priority */
+                true, /* static */
+            );
+        })
+
         cli.on("crypto.verification.request", request => {
             const isFlagOn = SettingsStore.isFeatureEnabled("feature_cross_signing");

and then in the console:
mxMatrixClientPeg.get().emit("restorekeybackup")

@foldleft foldleft mentioned this issue Mar 25, 2020
Merged
@foldleft
Copy link
Contributor

foldleft commented Mar 25, 2020
edited
Loading

alright! Now we have a cache which should mean we only ever have to prompt the user for their backup keys once per session.

Still to do:

  • Add a responder to onSecretRequested in CrossSigningManager to send the cached key on requests
  • Modify RestoreKeyBackupDialog to fire a request to another device in the background, and use the key if it comes back

@foldleft foldleft mentioned this issue Mar 25, 2020
Merged
@foldleft
Copy link
Contributor

the key sharing request during verification happens here: https://github.com/matrix-org/matrix-js-sdk/pull/1245/files#diff-0a3445e771f0c35ffee76e9d08b65e12R219

I think what's essentially needed is along the lines of

const client = MatrixClientPeg.get();
const key = await client._crypto.getSessionBackupPrivateKey();
if (!key) {
  const { promise } = client._crypto._secretStorage.request('m.megolm_backup.v1', devices);
  const result = await promise;
  if (result) {
    const decoded = decodeBase64(result);
    await client._crypto.storeSessionBackupPrivateKey(Uint8Array.from(decoded));
  }
}

problems to solve:

  1. where to get the value devices
  2. where to put this code (startup somewhere?)
  3. handling the no-response case (a timeout)
  4. handling the no-data case (return of null)

@jryans
Copy link
Collaborator Author

jryans commented Mar 25, 2020

I think we'd want to at least request during a self verification, like with USK and SSK, so that all keys come across at the same time?

But yes, we may also want to request during restoring as well if we don't already have it.

@dbkr dbkr assigned dbkr and unassigned foldleft Mar 26, 2020
dbkr added a commit to matrix-org/matrix-js-sdk that referenced this issue Mar 27, 2020
@dbkr
Request the key backup key & restore backup
794429b 
After a successful verification with ourselves, request the key
backup key too and restore a key backup if we get it.

Also cache the key backup key when we cache the SSK & USK so we have
it available to share.

Fixes element-hq/element-web#12704
@dbkr dbkr mentioned this issue Mar 27, 2020
Merged
@BillCarsonFr BillCarsonFr mentioned this issue Apr 3, 2020
Closed
t3chguy pushed a commit that referenced this issue Oct 17, 2024
@richvdh
Remove dependency on libolm (#12704)
a7542dc 
* Remove dependency on libolm

We no longer use this (and haven't for some time, afaict).

* Make olm a dev dep

* Revert "Make olm a dev dep"

This reverts commit f733cdfaf0d7af198b89a10021a976e8f4fff632.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dbkr dbkr

Labels
A-E2EE-Cross-Signing
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Request the key backup key & restore backup matrix-org/matrix-js-sdk
3 participants
@jryans @dbkr @foldleft