Merge branch 'master' of https://github.com/matrix-org/matrix-rust-sdk into state-store
This commit is contained in:
commit
a0973dec85
8 changed files with 190 additions and 154 deletions
|
@ -12,7 +12,7 @@ version = "0.1.0"
|
|||
|
||||
[features]
|
||||
default = []
|
||||
encryption = ["olm-rs", "serde/derive", "serde_json", "cjson"]
|
||||
encryption = ["olm-rs", "serde/derive", "serde_json", "cjson", "zeroize"]
|
||||
sqlite-cryptostore = ["sqlx", "zeroize"]
|
||||
|
||||
[dependencies]
|
||||
|
@ -35,7 +35,7 @@ olm-rs = { git = "https://gitlab.gnome.org/poljar/olm-rs", optional = true, feat
|
|||
serde = { version = "1.0.106", optional = true, features = ["derive"] }
|
||||
serde_json = { version = "1.0.51", optional = true }
|
||||
cjson = { version = "0.1.0", optional = true }
|
||||
zeroize = { version = "1.1.0", optional = true }
|
||||
zeroize = { version = "1.1.0", optional = true, features = ["zeroize_derive"] }
|
||||
|
||||
# Misc dependencies
|
||||
thiserror = "1.0.14"
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
[![Build Status](https://img.shields.io/travis/matrix-org/matrix-rust-sdk.svg?style=flat-square)](https://travis-ci.org/matrix-org/matrix-rust-sdk)
|
||||
[![codecov](https://img.shields.io/codecov/c/github/matrix-org/matrix-rust-sdk/master.svg?style=flat-square)](https://codecov.io/gh/matrix-org/matrix-rust-sdk)
|
||||
[![License](https://img.shields.io/badge/License-Apache%202.0-yellowgreen.svg?style=flat-square)](https://opensource.org/licenses/Apache-2.0)
|
||||
[![#matrix-rust-sdk](https://img.shields.io/badge/matrix-%23matrix--rust--sdk-blue?style=flat-square)](https://matrix.to/#/!iYnZafYUoXkeVPOSQh:matrix.org?via=matrix.org&via=matrix.ffslfl.net&via=raim.ist)
|
||||
[![#matrix-rust-sdk](https://img.shields.io/badge/matrix-%23matrix--rust--sdk-blue?style=flat-square)](https://matrix.to/#/#matrix-rust-sdk:matrix.org)
|
||||
|
||||
# matrix-rust-sdk
|
||||
|
||||
|
|
|
@ -14,6 +14,7 @@
|
|||
|
||||
use std::collections::{HashMap, HashSet};
|
||||
use std::convert::TryInto;
|
||||
use std::mem;
|
||||
#[cfg(feature = "sqlite-cryptostore")]
|
||||
use std::path::Path;
|
||||
use std::result::Result as StdResult;
|
||||
|
@ -68,7 +69,7 @@ pub struct OlmMachine {
|
|||
/// The unique device id of the device that holds this account.
|
||||
device_id: DeviceId,
|
||||
/// Our underlying Olm Account holding our identity keys.
|
||||
account: Arc<Mutex<Account>>,
|
||||
account: Account,
|
||||
/// The number of signed one-time keys we have uploaded to the server. If
|
||||
/// this is None, no action will be taken. After a sync request the client
|
||||
/// needs to set this for us, depending on the count we will suggest the
|
||||
|
@ -98,7 +99,7 @@ impl OlmMachine {
|
|||
Ok(OlmMachine {
|
||||
user_id: user_id.clone(),
|
||||
device_id: device_id.to_owned(),
|
||||
account: Arc::new(Mutex::new(Account::new())),
|
||||
account: Account::new(),
|
||||
uploaded_signed_key_count: None,
|
||||
store: Box::new(MemoryStore::new()),
|
||||
users_for_key_query: HashSet::new(),
|
||||
|
@ -132,7 +133,7 @@ impl OlmMachine {
|
|||
Ok(OlmMachine {
|
||||
user_id: user_id.clone(),
|
||||
device_id: device_id.to_owned(),
|
||||
account: Arc::new(Mutex::new(account)),
|
||||
account,
|
||||
uploaded_signed_key_count: None,
|
||||
store: Box::new(store),
|
||||
users_for_key_query: HashSet::new(),
|
||||
|
@ -142,7 +143,7 @@ impl OlmMachine {
|
|||
|
||||
/// Should account or one-time keys be uploaded to the server.
|
||||
pub async fn should_upload_keys(&self) -> bool {
|
||||
if !self.account.lock().await.shared() {
|
||||
if !self.account.shared() {
|
||||
return true;
|
||||
}
|
||||
|
||||
|
@ -150,7 +151,7 @@ impl OlmMachine {
|
|||
// max_one_time_Keys() / 2, otherwise tell the client to upload more.
|
||||
match self.uploaded_signed_key_count {
|
||||
Some(count) => {
|
||||
let max_keys = self.account.lock().await.max_one_time_keys() as u64;
|
||||
let max_keys = self.account.max_one_time_keys().await as u64;
|
||||
let key_count = (max_keys / 2) - count;
|
||||
key_count > 0
|
||||
}
|
||||
|
@ -169,11 +170,10 @@ impl OlmMachine {
|
|||
&mut self,
|
||||
response: &keys::upload_keys::Response,
|
||||
) -> Result<()> {
|
||||
let mut account = self.account.lock().await;
|
||||
if !account.shared {
|
||||
if !self.account.shared() {
|
||||
debug!("Marking account as shared");
|
||||
}
|
||||
account.shared = true;
|
||||
self.account.mark_as_shared();
|
||||
|
||||
let one_time_key_count = response
|
||||
.one_time_key_counts
|
||||
|
@ -187,9 +187,7 @@ impl OlmMachine {
|
|||
);
|
||||
self.uploaded_signed_key_count = Some(count);
|
||||
|
||||
account.mark_keys_as_published();
|
||||
drop(account);
|
||||
|
||||
self.account.mark_keys_as_published().await;
|
||||
self.store.save_account(self.account.clone()).await?;
|
||||
|
||||
Ok(())
|
||||
|
@ -317,9 +315,8 @@ impl OlmMachine {
|
|||
|
||||
let session = match self
|
||||
.account
|
||||
.lock()
|
||||
.await
|
||||
.create_outbound_session(curve_key, &one_time_key)
|
||||
.await
|
||||
{
|
||||
Ok(s) => s,
|
||||
Err(e) => {
|
||||
|
@ -441,10 +438,9 @@ impl OlmMachine {
|
|||
/// Returns the number of newly generated one-time keys. If no keys can be
|
||||
/// generated returns an empty error.
|
||||
async fn generate_one_time_keys(&self) -> StdResult<u64, ()> {
|
||||
let account = self.account.lock().await;
|
||||
match self.uploaded_signed_key_count {
|
||||
Some(count) => {
|
||||
let max_keys = account.max_one_time_keys() as u64;
|
||||
let max_keys = self.account.max_one_time_keys().await as u64;
|
||||
let max_on_server = max_keys / 2;
|
||||
|
||||
if count >= (max_on_server) {
|
||||
|
@ -453,11 +449,11 @@ impl OlmMachine {
|
|||
|
||||
let key_count = (max_on_server) - count;
|
||||
|
||||
let key_count: usize = key_count
|
||||
.try_into()
|
||||
.unwrap_or_else(|_| account.max_one_time_keys());
|
||||
let max_keys = self.account.max_one_time_keys().await;
|
||||
|
||||
account.generate_one_time_keys(key_count);
|
||||
let key_count: usize = key_count.try_into().unwrap_or(max_keys);
|
||||
|
||||
self.account.generate_one_time_keys(key_count).await;
|
||||
Ok(key_count as u64)
|
||||
}
|
||||
None => Err(()),
|
||||
|
@ -466,7 +462,7 @@ impl OlmMachine {
|
|||
|
||||
/// Sign the device keys and return a JSON Value to upload them.
|
||||
async fn device_keys(&self) -> DeviceKeys {
|
||||
let identity_keys = self.account.lock().await.identity_keys();
|
||||
let identity_keys = self.account.identity_keys();
|
||||
|
||||
let mut keys = HashMap::new();
|
||||
|
||||
|
@ -513,7 +509,7 @@ impl OlmMachine {
|
|||
/// If no one-time keys need to be uploaded returns an empty error.
|
||||
async fn signed_one_time_keys(&self) -> StdResult<OneTimeKeys, ()> {
|
||||
let _ = self.generate_one_time_keys().await?;
|
||||
let one_time_keys = self.account.lock().await.one_time_keys();
|
||||
let one_time_keys = self.account.one_time_keys().await;
|
||||
let mut one_time_key_map = HashMap::new();
|
||||
|
||||
for (key_id, key) in one_time_keys.curve25519().iter() {
|
||||
|
@ -555,10 +551,9 @@ impl OlmMachine {
|
|||
/// * `json` - The value that should be converted into a canonical JSON
|
||||
/// string.
|
||||
async fn sign_json(&self, json: &Value) -> String {
|
||||
let account = self.account.lock().await;
|
||||
let canonical_json = cjson::to_string(json)
|
||||
.unwrap_or_else(|_| panic!(format!("Can't serialize {} to canonical JSON", json)));
|
||||
account.sign(&canonical_json)
|
||||
self.account.sign(&canonical_json).await
|
||||
}
|
||||
|
||||
/// Verify a signed JSON object.
|
||||
|
@ -637,7 +632,7 @@ impl OlmMachine {
|
|||
return Err(());
|
||||
}
|
||||
|
||||
let shared = self.account.lock().await.shared();
|
||||
let shared = self.account.shared();
|
||||
|
||||
let device_keys = if !shared {
|
||||
Some(self.device_keys().await)
|
||||
|
@ -702,8 +697,12 @@ impl OlmMachine {
|
|||
let mut session = match &message {
|
||||
OlmMessage::Message(_) => return Err(OlmError::SessionWedged),
|
||||
OlmMessage::PreKey(m) => {
|
||||
let account = self.account.lock().await;
|
||||
account.create_inbound_session(sender_key, m.clone())?
|
||||
let session = self
|
||||
.account
|
||||
.create_inbound_session(sender_key, m.clone())
|
||||
.await?;
|
||||
self.store.save_account(self.account.clone()).await?;
|
||||
session
|
||||
}
|
||||
};
|
||||
|
||||
|
@ -740,7 +739,7 @@ impl OlmMachine {
|
|||
return Err(OlmError::UnsupportedAlgorithm);
|
||||
};
|
||||
|
||||
let identity_keys = self.account.lock().await.identity_keys();
|
||||
let identity_keys = self.account.identity_keys();
|
||||
let own_key = identity_keys.curve25519();
|
||||
let own_ciphertext = content.ciphertext.get(own_key);
|
||||
|
||||
|
@ -753,11 +752,11 @@ impl OlmMachine {
|
|||
OlmMessage::from_type_and_ciphertext(message_type.into(), ciphertext.body.clone())
|
||||
.map_err(|_| OlmError::UnsupportedOlmType)?;
|
||||
|
||||
let decrypted_event = self
|
||||
let mut decrypted_event = self
|
||||
.decrypt_olm_message(&event.sender.to_string(), &content.sender_key, message)
|
||||
.await?;
|
||||
debug!("Decrypted a to-device event {:?}", decrypted_event);
|
||||
self.handle_decrypted_to_device_event(&content.sender_key, &decrypted_event)
|
||||
self.handle_decrypted_to_device_event(&content.sender_key, &mut decrypted_event)
|
||||
.await?;
|
||||
|
||||
Ok(decrypted_event)
|
||||
|
@ -767,7 +766,7 @@ impl OlmMachine {
|
|||
}
|
||||
}
|
||||
|
||||
async fn add_room_key(&mut self, sender_key: &str, event: &ToDeviceRoomKey) -> Result<()> {
|
||||
async fn add_room_key(&mut self, sender_key: &str, event: &mut ToDeviceRoomKey) -> Result<()> {
|
||||
match event.content.algorithm {
|
||||
Algorithm::MegolmV1AesSha2 => {
|
||||
// TODO check for all the valid fields.
|
||||
|
@ -776,7 +775,7 @@ impl OlmMachine {
|
|||
.get("ed25519")
|
||||
.ok_or(OlmError::MissingSigningKey)?;
|
||||
|
||||
let session_key = GroupSessionKey(event.content.session_key.to_owned());
|
||||
let session_key = GroupSessionKey(mem::take(&mut event.content.session_key));
|
||||
|
||||
let session = InboundGroupSession::new(
|
||||
sender_key,
|
||||
|
@ -799,8 +798,7 @@ impl OlmMachine {
|
|||
|
||||
async fn create_outbound_group_session(&mut self, room_id: &RoomId) -> Result<()> {
|
||||
let session = OutboundGroupSession::new(room_id);
|
||||
let account = self.account.lock().await;
|
||||
let identity_keys = account.identity_keys();
|
||||
let identity_keys = self.account.identity_keys();
|
||||
|
||||
let sender_key = identity_keys.curve25519();
|
||||
let signing_key = identity_keys.ed25519();
|
||||
|
@ -855,13 +853,7 @@ impl OlmMachine {
|
|||
Ok(MegolmV1AesSha2Content {
|
||||
algorithm: Algorithm::MegolmV1AesSha2,
|
||||
ciphertext,
|
||||
sender_key: self
|
||||
.account
|
||||
.lock()
|
||||
.await
|
||||
.identity_keys()
|
||||
.curve25519()
|
||||
.to_owned(),
|
||||
sender_key: self.account.identity_keys().curve25519().to_owned(),
|
||||
session_id: session.session_id().to_owned(),
|
||||
device_id: self.device_id.to_owned(),
|
||||
})
|
||||
|
@ -874,7 +866,7 @@ impl OlmMachine {
|
|||
event_type: EventType,
|
||||
content: Value,
|
||||
) -> Result<OlmV1Curve25519AesSha2Content> {
|
||||
let identity_keys = self.account.lock().await.identity_keys();
|
||||
let identity_keys = self.account.identity_keys();
|
||||
|
||||
let recipient_signing_key = recipient_device
|
||||
.keys(&KeyAlgorithm::Ed25519)
|
||||
|
@ -1047,7 +1039,7 @@ impl OlmMachine {
|
|||
async fn handle_decrypted_to_device_event(
|
||||
&mut self,
|
||||
sender_key: &str,
|
||||
event: &EventResult<ToDeviceEvent>,
|
||||
event: &mut EventResult<ToDeviceEvent>,
|
||||
) -> Result<()> {
|
||||
let event = if let EventResult::Ok(e) = event {
|
||||
e
|
||||
|
@ -1150,7 +1142,7 @@ impl OlmMachine {
|
|||
// TODO check if the olm session is wedged and re-request the key.
|
||||
let session = session.ok_or(OlmError::MissingSession)?;
|
||||
|
||||
let (plaintext, _) = session.lock().await.decrypt(content.ciphertext.clone())?;
|
||||
let (plaintext, _) = session.decrypt(content.ciphertext.clone()).await?;
|
||||
// TODO check the message index.
|
||||
// TODO check if this is from a verified device.
|
||||
|
||||
|
@ -1326,7 +1318,7 @@ mod test {
|
|||
let machine = OlmMachine::new(&user_id(), DEVICE_ID).unwrap();
|
||||
|
||||
let mut device_keys = machine.device_keys().await;
|
||||
let identity_keys = machine.account.lock().await.identity_keys();
|
||||
let identity_keys = machine.account.identity_keys();
|
||||
let ed25519_key = identity_keys.ed25519();
|
||||
|
||||
let ret = machine.verify_json(
|
||||
|
@ -1359,7 +1351,7 @@ mod test {
|
|||
machine.uploaded_signed_key_count = Some(49);
|
||||
|
||||
let mut one_time_keys = machine.signed_one_time_keys().await.unwrap();
|
||||
let identity_keys = machine.account.lock().await.identity_keys();
|
||||
let identity_keys = machine.account.identity_keys();
|
||||
let ed25519_key = identity_keys.ed25519();
|
||||
|
||||
let mut one_time_key = one_time_keys.values_mut().nth(0).unwrap();
|
||||
|
@ -1378,7 +1370,7 @@ mod test {
|
|||
let mut machine = OlmMachine::new(&user_id(), DEVICE_ID).unwrap();
|
||||
machine.uploaded_signed_key_count = Some(0);
|
||||
|
||||
let identity_keys = machine.account.lock().await.identity_keys();
|
||||
let identity_keys = machine.account.identity_keys();
|
||||
let ed25519_key = identity_keys.ed25519();
|
||||
|
||||
let (device_keys, mut one_time_keys) = machine
|
||||
|
|
|
@ -60,7 +60,7 @@ impl SessionStore {
|
|||
|
||||
#[derive(Debug)]
|
||||
pub struct GroupSessionStore {
|
||||
entries: HashMap<RoomId, HashMap<String, HashMap<String, Arc<Mutex<InboundGroupSession>>>>>,
|
||||
entries: HashMap<RoomId, HashMap<String, HashMap<String, InboundGroupSession>>>,
|
||||
}
|
||||
|
||||
impl GroupSessionStore {
|
||||
|
@ -72,18 +72,19 @@ impl GroupSessionStore {
|
|||
|
||||
pub fn add(&mut self, session: InboundGroupSession) -> bool {
|
||||
if !self.entries.contains_key(&session.room_id) {
|
||||
self.entries
|
||||
.insert(session.room_id.to_owned(), HashMap::new());
|
||||
let room_id = &*session.room_id;
|
||||
self.entries.insert(room_id.clone(), HashMap::new());
|
||||
}
|
||||
|
||||
let room_map = self.entries.get_mut(&session.room_id).unwrap();
|
||||
|
||||
if !room_map.contains_key(&session.sender_key) {
|
||||
room_map.insert(session.sender_key.to_owned(), HashMap::new());
|
||||
if !room_map.contains_key(&*session.sender_key) {
|
||||
let sender_key = &*session.sender_key;
|
||||
room_map.insert(sender_key.to_owned(), HashMap::new());
|
||||
}
|
||||
|
||||
let sender_map = room_map.get_mut(&session.sender_key).unwrap();
|
||||
let ret = sender_map.insert(session.session_id(), Arc::new(Mutex::new(session)));
|
||||
let sender_map = room_map.get_mut(&*session.sender_key).unwrap();
|
||||
let ret = sender_map.insert(session.session_id().to_owned(), session);
|
||||
|
||||
ret.is_some()
|
||||
}
|
||||
|
@ -93,7 +94,7 @@ impl GroupSessionStore {
|
|||
room_id: &RoomId,
|
||||
sender_key: &str,
|
||||
session_id: &str,
|
||||
) -> Option<Arc<Mutex<InboundGroupSession>>> {
|
||||
) -> Option<InboundGroupSession> {
|
||||
self.entries
|
||||
.get(room_id)
|
||||
.and_then(|m| m.get(sender_key).and_then(|m| m.get(session_id).cloned()))
|
||||
|
|
|
@ -19,6 +19,7 @@ use std::time::Instant;
|
|||
|
||||
use serde::Serialize;
|
||||
use tokio::sync::Mutex;
|
||||
use zeroize::Zeroize;
|
||||
|
||||
use olm_rs::account::{IdentityKeys, OlmAccount, OneTimeKeys};
|
||||
use olm_rs::errors::{OlmAccountError, OlmGroupSessionError, OlmSessionError};
|
||||
|
@ -33,9 +34,11 @@ use crate::identifiers::RoomId;
|
|||
/// The Olm account.
|
||||
/// An account is the central identity for encrypted communication between two
|
||||
/// devices. It holds the two identity key pairs for a device.
|
||||
#[derive(Clone)]
|
||||
pub struct Account {
|
||||
inner: OlmAccount,
|
||||
pub(crate) shared: bool,
|
||||
inner: Arc<Mutex<OlmAccount>>,
|
||||
identity_keys: Arc<IdentityKeys>,
|
||||
pub(crate) shared: Arc<AtomicBool>,
|
||||
}
|
||||
|
||||
impl fmt::Debug for Account {
|
||||
|
@ -44,7 +47,7 @@ impl fmt::Debug for Account {
|
|||
f,
|
||||
"Olm Account: {:?}, shared: {}",
|
||||
self.identity_keys(),
|
||||
self.shared
|
||||
self.shared()
|
||||
)
|
||||
}
|
||||
}
|
||||
|
@ -52,49 +55,61 @@ impl fmt::Debug for Account {
|
|||
impl Account {
|
||||
/// Create a new account.
|
||||
pub fn new() -> Self {
|
||||
let account = OlmAccount::new();
|
||||
let identity_keys = account.parsed_identity_keys();
|
||||
|
||||
Account {
|
||||
inner: OlmAccount::new(),
|
||||
shared: false,
|
||||
inner: Arc::new(Mutex::new(account)),
|
||||
identity_keys: Arc::new(identity_keys),
|
||||
shared: Arc::new(AtomicBool::new(false)),
|
||||
}
|
||||
}
|
||||
|
||||
/// Get the public parts of the identity keys for the account.
|
||||
pub fn identity_keys(&self) -> IdentityKeys {
|
||||
self.inner.parsed_identity_keys()
|
||||
pub fn identity_keys(&self) -> &IdentityKeys {
|
||||
&self.identity_keys
|
||||
}
|
||||
|
||||
/// Has the account been shared with the server.
|
||||
pub fn shared(&self) -> bool {
|
||||
self.shared
|
||||
self.shared.load(Ordering::Relaxed)
|
||||
}
|
||||
|
||||
/// Mark the account as shared.
|
||||
///
|
||||
/// Messages shouldn't be encrypted with the session before it has been
|
||||
/// shared.
|
||||
pub fn mark_as_shared(&self) {
|
||||
self.shared.store(true, Ordering::Relaxed);
|
||||
}
|
||||
|
||||
/// Get the one-time keys of the account.
|
||||
///
|
||||
/// This can be empty, keys need to be generated first.
|
||||
pub fn one_time_keys(&self) -> OneTimeKeys {
|
||||
self.inner.parsed_one_time_keys()
|
||||
pub async fn one_time_keys(&self) -> OneTimeKeys {
|
||||
self.inner.lock().await.parsed_one_time_keys()
|
||||
}
|
||||
|
||||
/// Generate count number of one-time keys.
|
||||
pub fn generate_one_time_keys(&self, count: usize) {
|
||||
self.inner.generate_one_time_keys(count);
|
||||
pub async fn generate_one_time_keys(&self, count: usize) {
|
||||
self.inner.lock().await.generate_one_time_keys(count);
|
||||
}
|
||||
|
||||
/// Get the maximum number of one-time keys the account can hold.
|
||||
pub fn max_one_time_keys(&self) -> usize {
|
||||
self.inner.max_number_of_one_time_keys()
|
||||
pub async fn max_one_time_keys(&self) -> usize {
|
||||
self.inner.lock().await.max_number_of_one_time_keys()
|
||||
}
|
||||
|
||||
/// Mark the current set of one-time keys as being published.
|
||||
pub fn mark_keys_as_published(&self) {
|
||||
self.inner.mark_keys_as_published();
|
||||
pub async fn mark_keys_as_published(&self) {
|
||||
self.inner.lock().await.mark_keys_as_published();
|
||||
}
|
||||
|
||||
/// Sign the given string using the accounts signing key.
|
||||
///
|
||||
/// Returns the signature as a base64 encoded string.
|
||||
pub fn sign(&self, string: &str) -> String {
|
||||
self.inner.sign(string)
|
||||
pub async fn sign(&self, string: &str) -> String {
|
||||
self.inner.lock().await.sign(string)
|
||||
}
|
||||
|
||||
/// Store the account as a base64 encoded string.
|
||||
|
@ -103,8 +118,8 @@ impl Account {
|
|||
///
|
||||
/// * `pickle_mode` - The mode that was used to pickle the account, either an
|
||||
/// unencrypted mode or an encrypted using passphrase.
|
||||
pub fn pickle(&self, pickle_mode: PicklingMode) -> String {
|
||||
self.inner.pickle(pickle_mode)
|
||||
pub async fn pickle(&self, pickle_mode: PicklingMode) -> String {
|
||||
self.inner.lock().await.pickle(pickle_mode)
|
||||
}
|
||||
|
||||
/// Restore an account from a previously pickled string.
|
||||
|
@ -123,8 +138,14 @@ impl Account {
|
|||
pickle_mode: PicklingMode,
|
||||
shared: bool,
|
||||
) -> Result<Self, OlmAccountError> {
|
||||
let acc = OlmAccount::unpickle(pickle, pickle_mode)?;
|
||||
Ok(Account { inner: acc, shared })
|
||||
let account = OlmAccount::unpickle(pickle, pickle_mode)?;
|
||||
let identity_keys = account.parsed_identity_keys();
|
||||
|
||||
Ok(Account {
|
||||
inner: Arc::new(Mutex::new(account)),
|
||||
identity_keys: Arc::new(identity_keys),
|
||||
shared: Arc::new(AtomicBool::from(shared)),
|
||||
})
|
||||
}
|
||||
|
||||
/// Create a new session with another account given a one-time key.
|
||||
|
@ -137,13 +158,15 @@ impl Account {
|
|||
///
|
||||
/// * `their_one_time_key` - A signed one-time key that the other account
|
||||
/// created and shared with us.
|
||||
pub fn create_outbound_session(
|
||||
pub async fn create_outbound_session(
|
||||
&self,
|
||||
their_identity_key: &str,
|
||||
their_one_time_key: &SignedKey,
|
||||
) -> Result<Session, OlmSessionError> {
|
||||
let session = self
|
||||
.inner
|
||||
.lock()
|
||||
.await
|
||||
.create_outbound_session(their_identity_key, &their_one_time_key.key)?;
|
||||
|
||||
let now = Instant::now();
|
||||
|
@ -166,15 +189,25 @@ impl Account {
|
|||
///
|
||||
/// * `message` - A pre-key Olm message that was sent to us by the other
|
||||
/// account.
|
||||
pub fn create_inbound_session(
|
||||
pub async fn create_inbound_session(
|
||||
&self,
|
||||
their_identity_key: &str,
|
||||
message: PreKeyMessage,
|
||||
) -> Result<Session, OlmSessionError> {
|
||||
let session = self
|
||||
.inner
|
||||
.lock()
|
||||
.await
|
||||
.create_inbound_session_from(their_identity_key, message)?;
|
||||
|
||||
self.inner
|
||||
.lock()
|
||||
.await
|
||||
.remove_one_time_keys(&session)
|
||||
.expect(
|
||||
"Session was successfully created but the account doesn't hold a matching one-time key",
|
||||
);
|
||||
|
||||
let now = Instant::now();
|
||||
|
||||
Ok(Session {
|
||||
|
@ -188,7 +221,7 @@ impl Account {
|
|||
|
||||
impl PartialEq for Account {
|
||||
fn eq(&self, other: &Self) -> bool {
|
||||
self.identity_keys() == other.identity_keys() && self.shared == other.shared
|
||||
self.identity_keys() == other.identity_keys() && self.shared() == other.shared()
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -312,19 +345,22 @@ impl PartialEq for Session {
|
|||
|
||||
/// The private session key of a group session.
|
||||
/// Can be used to create a new inbound group session.
|
||||
#[derive(Clone, Serialize)]
|
||||
#[derive(Clone, Serialize, Zeroize)]
|
||||
#[zeroize(drop)]
|
||||
pub struct GroupSessionKey(pub String);
|
||||
|
||||
/// Inbound group session.
|
||||
///
|
||||
/// Inbound group sessions are used to exchange room messages between a group of
|
||||
/// participants. Inbound group sessions are used to decrypt the room messages.
|
||||
#[derive(Clone)]
|
||||
pub struct InboundGroupSession {
|
||||
inner: OlmInboundGroupSession,
|
||||
pub(crate) sender_key: String,
|
||||
pub(crate) signing_key: String,
|
||||
pub(crate) room_id: RoomId,
|
||||
forwarding_chains: Option<Vec<String>>,
|
||||
inner: Arc<Mutex<OlmInboundGroupSession>>,
|
||||
session_id: Arc<String>,
|
||||
pub(crate) sender_key: Arc<String>,
|
||||
pub(crate) signing_key: Arc<String>,
|
||||
pub(crate) room_id: Arc<RoomId>,
|
||||
forwarding_chains: Arc<Mutex<Option<Vec<String>>>>,
|
||||
}
|
||||
|
||||
impl InboundGroupSession {
|
||||
|
@ -350,12 +386,16 @@ impl InboundGroupSession {
|
|||
room_id: &RoomId,
|
||||
session_key: GroupSessionKey,
|
||||
) -> Result<Self, OlmGroupSessionError> {
|
||||
let session = OlmInboundGroupSession::new(&session_key.0)?;
|
||||
let session_id = session.session_id();
|
||||
|
||||
Ok(InboundGroupSession {
|
||||
inner: OlmInboundGroupSession::new(&session_key.0)?,
|
||||
sender_key: sender_key.to_owned(),
|
||||
signing_key: signing_key.to_owned(),
|
||||
room_id: room_id.clone(),
|
||||
forwarding_chains: None,
|
||||
inner: Arc::new(Mutex::new(session)),
|
||||
session_id: Arc::new(session_id),
|
||||
sender_key: Arc::new(sender_key.to_owned()),
|
||||
signing_key: Arc::new(signing_key.to_owned()),
|
||||
room_id: Arc::new(room_id.clone()),
|
||||
forwarding_chains: Arc::new(Mutex::new(None)),
|
||||
})
|
||||
}
|
||||
|
||||
|
@ -365,8 +405,8 @@ impl InboundGroupSession {
|
|||
///
|
||||
/// * `pickle_mode` - The mode that was used to pickle the group session,
|
||||
/// either an unencrypted mode or an encrypted using passphrase.
|
||||
pub fn pickle(&self, pickle_mode: PicklingMode) -> String {
|
||||
self.inner.pickle(pickle_mode)
|
||||
pub async fn pickle(&self, pickle_mode: PicklingMode) -> String {
|
||||
self.inner.lock().await.pickle(pickle_mode)
|
||||
}
|
||||
|
||||
/// Restore a Session from a previously pickled string.
|
||||
|
@ -396,23 +436,26 @@ impl InboundGroupSession {
|
|||
room_id: RoomId,
|
||||
) -> Result<Self, OlmGroupSessionError> {
|
||||
let session = OlmInboundGroupSession::unpickle(pickle, pickle_mode)?;
|
||||
let session_id = session.session_id();
|
||||
|
||||
Ok(InboundGroupSession {
|
||||
inner: session,
|
||||
sender_key,
|
||||
signing_key,
|
||||
room_id,
|
||||
forwarding_chains: None,
|
||||
inner: Arc::new(Mutex::new(session)),
|
||||
session_id: Arc::new(session_id),
|
||||
sender_key: Arc::new(sender_key),
|
||||
signing_key: Arc::new(signing_key),
|
||||
room_id: Arc::new(room_id),
|
||||
forwarding_chains: Arc::new(Mutex::new(None)),
|
||||
})
|
||||
}
|
||||
|
||||
/// Returns the unique identifier for this session.
|
||||
pub fn session_id(&self) -> String {
|
||||
self.inner.session_id()
|
||||
pub fn session_id(&self) -> &str {
|
||||
&self.session_id
|
||||
}
|
||||
|
||||
/// Get the first message index we know how to decrypt.
|
||||
pub fn first_known_index(&self) -> u32 {
|
||||
self.inner.first_known_index()
|
||||
pub async fn first_known_index(&self) -> u32 {
|
||||
self.inner.lock().await.first_known_index()
|
||||
}
|
||||
|
||||
/// Decrypt the given ciphertext.
|
||||
|
@ -423,8 +466,8 @@ impl InboundGroupSession {
|
|||
/// # Arguments
|
||||
///
|
||||
/// * `message` - The message that should be decrypted.
|
||||
pub fn decrypt(&self, message: String) -> Result<(String, u32), OlmGroupSessionError> {
|
||||
self.inner.decrypt(message)
|
||||
pub async fn decrypt(&self, message: String) -> Result<(String, u32), OlmGroupSessionError> {
|
||||
self.inner.lock().await.decrypt(message)
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -566,16 +609,16 @@ mod test {
|
|||
assert!(!identyty_keys.curve25519().is_empty());
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn one_time_keys_creation() {
|
||||
#[tokio::test]
|
||||
async fn one_time_keys_creation() {
|
||||
let account = Account::new();
|
||||
let one_time_keys = account.one_time_keys();
|
||||
let one_time_keys = account.one_time_keys().await;
|
||||
|
||||
assert!(one_time_keys.curve25519().is_empty());
|
||||
assert_ne!(account.max_one_time_keys(), 0);
|
||||
assert_ne!(account.max_one_time_keys().await, 0);
|
||||
|
||||
account.generate_one_time_keys(10);
|
||||
let one_time_keys = account.one_time_keys();
|
||||
account.generate_one_time_keys(10).await;
|
||||
let one_time_keys = account.one_time_keys().await;
|
||||
|
||||
assert!(!one_time_keys.curve25519().is_empty());
|
||||
assert_ne!(one_time_keys.values().len(), 0);
|
||||
|
@ -588,21 +631,19 @@ mod test {
|
|||
one_time_keys.get("curve25519").unwrap()
|
||||
);
|
||||
|
||||
account.mark_keys_as_published();
|
||||
let one_time_keys = account.one_time_keys();
|
||||
account.mark_keys_as_published().await;
|
||||
let one_time_keys = account.one_time_keys().await;
|
||||
assert!(one_time_keys.curve25519().is_empty());
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn session_creation() {
|
||||
#[tokio::test]
|
||||
async fn session_creation() {
|
||||
let alice = Account::new();
|
||||
let bob = Account::new();
|
||||
let alice_keys = alice.identity_keys();
|
||||
let one_time_keys = alice.one_time_keys();
|
||||
|
||||
alice.generate_one_time_keys(1);
|
||||
let one_time_keys = alice.one_time_keys();
|
||||
alice.mark_keys_as_published();
|
||||
alice.generate_one_time_keys(1).await;
|
||||
let one_time_keys = alice.one_time_keys().await;
|
||||
alice.mark_keys_as_published().await;
|
||||
|
||||
let one_time_key = one_time_keys
|
||||
.curve25519()
|
||||
|
@ -619,6 +660,7 @@ mod test {
|
|||
|
||||
let mut bob_session = bob
|
||||
.create_outbound_session(alice_keys.curve25519(), &one_time_key)
|
||||
.await
|
||||
.unwrap();
|
||||
|
||||
let plaintext = "Hello world";
|
||||
|
@ -633,6 +675,7 @@ mod test {
|
|||
let bob_keys = bob.identity_keys();
|
||||
let mut alice_session = alice
|
||||
.create_inbound_session(bob_keys.curve25519(), prekey_message)
|
||||
.await
|
||||
.unwrap();
|
||||
|
||||
assert_eq!(bob_session.session_id(), alice_session.session_id());
|
||||
|
|
|
@ -48,7 +48,7 @@ impl CryptoStore for MemoryStore {
|
|||
Ok(None)
|
||||
}
|
||||
|
||||
async fn save_account(&mut self, _: Arc<Mutex<Account>>) -> Result<()> {
|
||||
async fn save_account(&mut self, _: Account) -> Result<()> {
|
||||
Ok(())
|
||||
}
|
||||
|
||||
|
@ -77,7 +77,7 @@ impl CryptoStore for MemoryStore {
|
|||
room_id: &RoomId,
|
||||
sender_key: &str,
|
||||
session_id: &str,
|
||||
) -> Result<Option<Arc<Mutex<InboundGroupSession>>>> {
|
||||
) -> Result<Option<InboundGroupSession>> {
|
||||
Ok(self
|
||||
.inbound_group_sessions
|
||||
.get(room_id, sender_key, session_id))
|
||||
|
|
|
@ -66,22 +66,26 @@ pub type Result<T> = std::result::Result<T, CryptoStoreError>;
|
|||
#[async_trait]
|
||||
pub trait CryptoStore: Debug + Send + Sync {
|
||||
async fn load_account(&mut self) -> Result<Option<Account>>;
|
||||
async fn save_account(&mut self, account: Arc<Mutex<Account>>) -> Result<()>;
|
||||
async fn save_account(&mut self, account: Account) -> Result<()>;
|
||||
|
||||
async fn save_session(&mut self, session: Arc<Mutex<Session>>) -> Result<()>;
|
||||
async fn add_and_save_session(&mut self, session: Session) -> Result<()>;
|
||||
async fn get_sessions(
|
||||
&mut self,
|
||||
sender_key: &str,
|
||||
) -> Result<Option<Arc<Mutex<Vec<Arc<Mutex<Session>>>>>>>;
|
||||
|
||||
async fn save_inbound_group_session(&mut self, session: InboundGroupSession) -> Result<bool>;
|
||||
async fn get_inbound_group_session(
|
||||
&mut self,
|
||||
room_id: &RoomId,
|
||||
sender_key: &str,
|
||||
session_id: &str,
|
||||
) -> Result<Option<Arc<Mutex<InboundGroupSession>>>>;
|
||||
) -> Result<Option<InboundGroupSession>>;
|
||||
|
||||
fn tracked_users(&self) -> &HashSet<UserId>;
|
||||
async fn add_user_for_tracking(&mut self, user: &UserId) -> Result<bool>;
|
||||
|
||||
async fn save_device(&self, device: Device) -> Result<()>;
|
||||
async fn get_device(&self, user_id: &UserId, device_id: &str) -> Result<Option<Device>>;
|
||||
async fn get_user_devices(&self, user_id: &UserId) -> Result<UserDevices>;
|
||||
|
|
|
@ -288,9 +288,8 @@ impl CryptoStore for SqliteStore {
|
|||
Ok(result)
|
||||
}
|
||||
|
||||
async fn save_account(&mut self, account: Arc<Mutex<Account>>) -> Result<()> {
|
||||
let acc = account.lock().await;
|
||||
let pickle = acc.pickle(self.get_pickle_mode());
|
||||
async fn save_account(&mut self, account: Account) -> Result<()> {
|
||||
let pickle = account.pickle(self.get_pickle_mode()).await;
|
||||
let mut connection = self.connection.lock().await;
|
||||
|
||||
query(
|
||||
|
@ -307,7 +306,7 @@ impl CryptoStore for SqliteStore {
|
|||
.bind(&*self.user_id.to_string())
|
||||
.bind(&*self.device_id.to_string())
|
||||
.bind(&pickle)
|
||||
.bind(acc.shared)
|
||||
.bind(account.shared())
|
||||
.execute(&mut *connection)
|
||||
.await?;
|
||||
|
||||
|
@ -367,7 +366,7 @@ impl CryptoStore for SqliteStore {
|
|||
|
||||
async fn save_inbound_group_session(&mut self, session: InboundGroupSession) -> Result<bool> {
|
||||
let account_id = self.account_id.ok_or(CryptoStoreError::AccountUnset)?;
|
||||
let pickle = session.pickle(self.get_pickle_mode());
|
||||
let pickle = session.pickle(self.get_pickle_mode()).await;
|
||||
let mut connection = self.connection.lock().await;
|
||||
let session_id = session.session_id();
|
||||
|
||||
|
@ -383,9 +382,9 @@ impl CryptoStore for SqliteStore {
|
|||
)
|
||||
.bind(session_id)
|
||||
.bind(account_id)
|
||||
.bind(&session.sender_key)
|
||||
.bind(&session.signing_key)
|
||||
.bind(&session.room_id.to_string())
|
||||
.bind(&*session.sender_key)
|
||||
.bind(&*session.signing_key)
|
||||
.bind(&*session.room_id.to_string())
|
||||
.bind(&pickle)
|
||||
.execute(&mut *connection)
|
||||
.await?;
|
||||
|
@ -398,7 +397,7 @@ impl CryptoStore for SqliteStore {
|
|||
room_id: &RoomId,
|
||||
sender_key: &str,
|
||||
session_id: &str,
|
||||
) -> Result<Option<Arc<Mutex<InboundGroupSession>>>> {
|
||||
) -> Result<Option<InboundGroupSession>> {
|
||||
Ok(self
|
||||
.inbound_group_sessions
|
||||
.get(room_id, sender_key, session_id))
|
||||
|
@ -460,7 +459,7 @@ mod test {
|
|||
.expect("Can't create store")
|
||||
}
|
||||
|
||||
async fn get_loaded_store() -> (Arc<Mutex<Account>>, SqliteStore) {
|
||||
async fn get_loaded_store() -> (Account, SqliteStore) {
|
||||
let mut store = get_store().await;
|
||||
let account = get_account();
|
||||
store
|
||||
|
@ -471,19 +470,19 @@ mod test {
|
|||
(account, store)
|
||||
}
|
||||
|
||||
fn get_account() -> Arc<Mutex<Account>> {
|
||||
let account = Account::new();
|
||||
Arc::new(Mutex::new(account))
|
||||
fn get_account() -> Account {
|
||||
Account::new()
|
||||
}
|
||||
|
||||
fn get_account_and_session() -> (Arc<Mutex<Account>>, Session) {
|
||||
async fn get_account_and_session() -> (Account, Session) {
|
||||
let alice = Account::new();
|
||||
|
||||
let bob = Account::new();
|
||||
|
||||
bob.generate_one_time_keys(1);
|
||||
bob.generate_one_time_keys(1).await;
|
||||
let one_time_key = bob
|
||||
.one_time_keys()
|
||||
.await
|
||||
.curve25519()
|
||||
.iter()
|
||||
.nth(0)
|
||||
|
@ -497,9 +496,10 @@ mod test {
|
|||
let sender_key = bob.identity_keys().curve25519().to_owned();
|
||||
let session = alice
|
||||
.create_outbound_session(&sender_key, &one_time_key)
|
||||
.await
|
||||
.unwrap();
|
||||
|
||||
(Arc::new(Mutex::new(alice)), session)
|
||||
(alice, session)
|
||||
}
|
||||
|
||||
#[tokio::test]
|
||||
|
@ -532,11 +532,10 @@ mod test {
|
|||
.await
|
||||
.expect("Can't save account");
|
||||
|
||||
let acc = account.lock().await;
|
||||
let loaded_account = store.load_account().await.expect("Can't load account");
|
||||
let loaded_account = loaded_account.unwrap();
|
||||
|
||||
assert_eq!(*acc, loaded_account);
|
||||
assert_eq!(account, loaded_account);
|
||||
}
|
||||
|
||||
#[tokio::test]
|
||||
|
@ -549,7 +548,7 @@ mod test {
|
|||
.await
|
||||
.expect("Can't save account");
|
||||
|
||||
account.lock().await.shared = true;
|
||||
account.mark_as_shared();
|
||||
|
||||
store
|
||||
.save_account(account.clone())
|
||||
|
@ -558,15 +557,14 @@ mod test {
|
|||
|
||||
let loaded_account = store.load_account().await.expect("Can't load account");
|
||||
let loaded_account = loaded_account.unwrap();
|
||||
let acc = account.lock().await;
|
||||
|
||||
assert_eq!(*acc, loaded_account);
|
||||
assert_eq!(account, loaded_account);
|
||||
}
|
||||
|
||||
#[tokio::test]
|
||||
async fn save_session() {
|
||||
let mut store = get_store().await;
|
||||
let (account, session) = get_account_and_session();
|
||||
let (account, session) = get_account_and_session().await;
|
||||
let session = Arc::new(Mutex::new(session));
|
||||
|
||||
assert!(store.save_session(session.clone()).await.is_err());
|
||||
|
@ -582,7 +580,7 @@ mod test {
|
|||
#[tokio::test]
|
||||
async fn load_sessions() {
|
||||
let mut store = get_store().await;
|
||||
let (account, session) = get_account_and_session();
|
||||
let (account, session) = get_account_and_session().await;
|
||||
let session = Arc::new(Mutex::new(session));
|
||||
store
|
||||
.save_account(account.clone())
|
||||
|
@ -604,7 +602,7 @@ mod test {
|
|||
#[tokio::test]
|
||||
async fn add_and_save_session() {
|
||||
let mut store = get_store().await;
|
||||
let (account, session) = get_account_and_session();
|
||||
let (account, session) = get_account_and_session().await;
|
||||
let sender_key = session.sender_key.to_owned();
|
||||
let session_id = session.session_id();
|
||||
|
||||
|
@ -625,8 +623,7 @@ mod test {
|
|||
async fn save_inbound_group_session() {
|
||||
let (account, mut store) = get_loaded_store().await;
|
||||
|
||||
let acc = account.lock().await;
|
||||
let identity_keys = acc.identity_keys();
|
||||
let identity_keys = account.identity_keys();
|
||||
let outbound_session = OlmOutboundGroupSession::new();
|
||||
let session = InboundGroupSession::new(
|
||||
identity_keys.curve25519(),
|
||||
|
@ -646,8 +643,7 @@ mod test {
|
|||
async fn load_inbound_group_session() {
|
||||
let (account, mut store) = get_loaded_store().await;
|
||||
|
||||
let acc = account.lock().await;
|
||||
let identity_keys = acc.identity_keys();
|
||||
let identity_keys = account.identity_keys();
|
||||
let outbound_session = OlmOutboundGroupSession::new();
|
||||
let session = InboundGroupSession::new(
|
||||
identity_keys.curve25519(),
|
||||
|
@ -657,7 +653,7 @@ mod test {
|
|||
)
|
||||
.expect("Can't create session");
|
||||
|
||||
let session_id = session.session_id();
|
||||
let session_id = session.session_id().to_owned();
|
||||
|
||||
store
|
||||
.save_inbound_group_session(session)
|
||||
|
|
Loading…
Reference in a new issue