chore: get rid of sender key in key requests

This is mostly to see if we can deal with MSC3700 already. I need to add back sending the sender key in requests and such, but ignore it when processing events. See matrix-org/matrix-spec-proposals#3700
famedly · Sep 12, 2022 · d9a68e0 · d9a68e0
1 parent 7a9e5cb
commit d9a68e0
Show file tree

Hide file tree

Showing 7 changed files with 68 additions and 130 deletions.
diff --git a/lib/encryption/encryption.dart b/lib/encryption/encryption.dart
@@ -201,13 +201,12 @@ class Encryption {
         throw DecryptException(DecryptException.unknownAlgorithm);
       }
       final sessionId = content.sessionId;
-      final senderKey = content.senderKey;
       if (sessionId == null) {
         throw DecryptException(DecryptException.unknownSession);
       }
 
       final inboundGroupSession =
-          keyManager.getInboundGroupSession(roomId, sessionId, senderKey);
+          keyManager.getInboundGroupSession(roomId, sessionId);
       if (!(inboundGroupSession?.isValid ?? false)) {
         canRequestSession = true;
         throw DecryptException(DecryptException.unknownSession);
@@ -305,14 +304,12 @@ class Encryption {
                   .getInboundGroupSession(
                     roomId,
                     sessionId,
-                    content.senderKey,
                   )
                   ?.isValid ??
               false)) {
         await keyManager.loadInboundGroupSession(
           roomId,
           sessionId,
-          content.senderKey,
         );
       }
       event = decryptRoomEventSync(roomId, event);
@@ -322,7 +319,6 @@ class Encryption {
         keyManager.maybeAutoRequest(
           roomId,
           sessionId,
-          content.senderKey,
         );
       }
       if (event.type != EventTypes.Encrypted && store) {

diff --git a/lib/encryption/key_manager.dart b/lib/encryption/key_manager.dart
@@ -70,8 +70,7 @@ class KeyManager {
             lastEvent.type == EventTypes.Encrypted &&
             lastEvent.content['can_request_session'] == true) {
           try {
-            maybeAutoRequest(room.id, lastEvent.content['session_id'],
-                lastEvent.content['sender_key']);
+            maybeAutoRequest(room.id, lastEvent.content['session_id']);
           } catch (_) {
             // dispose
           }
@@ -109,7 +108,7 @@ class KeyManager {
       }
     }
     final oldSession =
-        getInboundGroupSession(roomId, sessionId, senderKey, otherRooms: false);
+        getInboundGroupSession(roomId, sessionId, otherRooms: false);
     if (content['algorithm'] != AlgorithmTypes.megolmV1AesSha2) {
       return;
     }
@@ -200,14 +199,10 @@ class KeyManager {
     return storeFuture ?? Future.value();
   }
 
-  SessionKey? getInboundGroupSession(
-      String roomId, String sessionId, String senderKey,
+  SessionKey? getInboundGroupSession(String roomId, String sessionId,
       {bool otherRooms = true}) {
     final sess = _inboundGroupSessions[roomId]?[sessionId];
     if (sess != null) {
-      if (sess.senderKey != senderKey && sess.senderKey.isNotEmpty) {
-        return null;
-      }
       return sess;
     }
     if (!otherRooms) {
@@ -217,9 +212,6 @@ class KeyManager {
     for (final val in _inboundGroupSessions.values) {
       final sess = val[sessionId];
       if (sess != null) {
-        if (sess.senderKey != senderKey && sess.senderKey.isNotEmpty) {
-          return null;
-        }
         return sess;
       }
     }
@@ -229,13 +221,12 @@ class KeyManager {
   /// Attempt auto-request for a key
   void maybeAutoRequest(
     String roomId,
-    String sessionId,
-    String senderKey, {
+    String sessionId, {
     bool tryOnlineBackup = true,
     bool onlineKeyBackupOnly = true,
   }) {
     final room = client.getRoomById(roomId);
-    final requestIdent = '$roomId|$sessionId|$senderKey';
+    final requestIdent = '$roomId|$sessionId';
     if (room != null &&
         !_requestedSessionIds.contains(requestIdent) &&
         !client.isUnknownSession) {
@@ -244,7 +235,6 @@ class KeyManager {
       runInRoot(() => request(
             room,
             sessionId,
-            senderKey,
             tryOnlineBackup: tryOnlineBackup,
             onlineKeyBackupOnly: onlineKeyBackupOnly,
           ));
@@ -253,12 +243,9 @@ class KeyManager {
 
   /// Loads an inbound group session
   Future<SessionKey?> loadInboundGroupSession(
-      String roomId, String sessionId, String senderKey) async {
+      String roomId, String sessionId) async {
     final sess = _inboundGroupSessions[roomId]?[sessionId];
     if (sess != null) {
-      if (sess.senderKey != senderKey && sess.senderKey.isNotEmpty) {
-        return null; // sender keys do not match....better not do anything
-      }
       return sess; // nothing to do
     }
     final session =
@@ -269,9 +256,7 @@ class KeyManager {
     final dbSess = SessionKey.fromDb(session, userID);
     final roomInboundGroupSessions =
         _inboundGroupSessions[roomId] ??= <String, SessionKey>{};
-    if (!dbSess.isValid ||
-        dbSess.senderKey.isEmpty ||
-        dbSess.senderKey != senderKey) {
+    if (!dbSess.isValid) {
       return null;
     }
     roomInboundGroupSessions[sessionId] = dbSess;
@@ -324,8 +309,8 @@ class KeyManager {
       }
     }
 
-    final inboundSess = await loadInboundGroupSession(room.id,
-        sess.outboundGroupSession!.session_id(), encryption.identityKey!);
+    final inboundSess = await loadInboundGroupSession(
+        room.id, sess.outboundGroupSession!.session_id());
     if (inboundSess == null) {
       wipe = true;
     }
@@ -673,15 +658,13 @@ class KeyManager {
   /// Request a certain key from another device
   Future<void> request(
     Room room,
-    String sessionId,
-    String senderKey, {
+    String sessionId, {
     bool tryOnlineBackup = true,
     bool onlineKeyBackupOnly = false,
   }) async {
     if (tryOnlineBackup && await isCached()) {
       // let's first check our online key backup store thingy...
-      final hadPreviously =
-          getInboundGroupSession(room.id, sessionId, senderKey) != null;
+      final hadPreviously = getInboundGroupSession(room.id, sessionId) != null;
       try {
         await loadSingleKey(room.id, sessionId);
       } catch (err, stacktrace) {
@@ -695,7 +678,7 @@ class KeyManager {
       }
       // TODO: also don't request from others if we have an index of 0 now
       if (!hadPreviously &&
-          getInboundGroupSession(room.id, sessionId, senderKey) != null) {
+          getInboundGroupSession(room.id, sessionId) != null) {
         return; // we managed to load the session from online backup, no need to care about it now
       }
     }
@@ -712,7 +695,6 @@ class KeyManager {
         devices: devices,
         room: room,
         sessionId: sessionId,
-        senderKey: senderKey,
       );
       final userList = await room.requestParticipants();
       await client.sendToDevicesOfUserIds(
@@ -723,7 +705,6 @@ class KeyManager {
           'body': {
             'algorithm': AlgorithmTypes.megolmV1AesSha2,
             'room_id': room.id,
-            'sender_key': senderKey,
             'session_id': sessionId,
           },
           'request_id': requestId,
@@ -843,10 +824,8 @@ class KeyManager {
           return; // unknown room
         }
         final sessionId = event.content['body']['session_id'];
-        final senderKey = event.content['body']['sender_key'];
         // okay, let's see if we have this session at all
-        final session =
-            await loadInboundGroupSession(room.id, sessionId, senderKey);
+        final session = await loadInboundGroupSession(room.id, sessionId);
         if (session == null) {
           Logs().i('[KeyManager] Unknown session, ignoring');
           return; // we don't have this session anyways
@@ -856,7 +835,6 @@ class KeyManager {
           devices: [device],
           room: room,
           sessionId: sessionId,
-          senderKey: senderKey,
         );
         if (incomingShareRequests.containsKey(request.requestId)) {
           Logs().i('[KeyManager] Already processed this request, ignoring');
@@ -912,8 +890,7 @@ class KeyManager {
       }
       final request = outgoingShareRequests.values.firstWhereOrNull((r) =>
           r.room.id == event.content['room_id'] &&
-          r.sessionId == event.content['session_id'] &&
-          r.senderKey == event.content['sender_key']);
+          r.sessionId == event.content['session_id']);
       if (request == null || request.canceled) {
         return; // no associated request found or it got canceled
       }
@@ -931,8 +908,8 @@ class KeyManager {
           .add(encryptedContent['sender_key']);
       // TODO: verify that the keys work to decrypt a message
       // alright, all checks out, let's go ahead and store this session
-      await setInboundGroupSession(
-          request.room.id, request.sessionId, request.senderKey, event.content,
+      await setInboundGroupSession(request.room.id, request.sessionId,
+          device.curve25519Key!, event.content,
           forwarded: true,
           senderClaimedKeys: {
             'ed25519': event.content['sender_claimed_ed25519_key'],
@@ -999,15 +976,13 @@ class KeyManagerKeyShareRequest {
   final List<DeviceKeys> devices;
   final Room room;
   final String sessionId;
-  final String senderKey;
   bool canceled;
 
   KeyManagerKeyShareRequest(
       {required this.requestId,
       List<DeviceKeys>? devices,
       required this.room,
       required this.sessionId,
-      required this.senderKey,
       this.canceled = false})
       : devices = devices ?? [];
 }
@@ -1033,8 +1008,8 @@ class RoomKeyRequest extends ToDeviceEvent {
       return; // request is canceled, don't send anything
     }
     final room = this.room;
-    final session = await keyManager.loadInboundGroupSession(
-        room.id, request.sessionId, request.senderKey);
+    final session =
+        await keyManager.loadInboundGroupSession(room.id, request.sessionId);
     if (session?.inboundGroupSession == null) {
       Logs().v("[KeyManager] Not forwarding key we don't have");
       return;
@@ -1044,8 +1019,9 @@ class RoomKeyRequest extends ToDeviceEvent {
     message['forwarding_curve25519_key_chain'] =
         List<String>.from(session.forwardingCurve25519KeyChain);
 
-    message['sender_key'] =
-        (session.senderKey.isNotEmpty) ? session.senderKey : request.senderKey;
+    if (session.senderKey.isNotEmpty) {
+      message['sender_key'] = session.senderKey;
+    }
     message['sender_claimed_ed25519_key'] =
         session.senderClaimedKeys['ed25519'] ??
             (session.forwardingCurve25519KeyChain.isEmpty

diff --git a/lib/src/room.dart b/lib/src/room.dart
@@ -1995,11 +1995,11 @@ class Room {
     return deviceKeys;
   }
 
-  Future<void> requestSessionKey(String sessionId, String senderKey) async {
+  Future<void> requestSessionKey(String sessionId, [String? senderKey]) async {
     if (!client.encryptionEnabled) {
       return;
     }
-    await client.encryption?.keyManager.request(this, sessionId, senderKey);
+    await client.encryption?.keyManager.request(this, sessionId);
   }
 
   Future<void> _handleFakeSync(SyncUpdate syncUpdate,

diff --git a/lib/src/timeline.dart b/lib/src/timeline.dart
@@ -345,7 +345,6 @@ class Timeline {
           room.client.encryption?.keyManager.maybeAutoRequest(
             room.id,
             event.content['session_id'],
-            event.content['sender_key'],
             tryOnlineBackup: tryOnlineBackup,
             onlineKeyBackupOnly: onlineKeyBackupOnly,
           );