char
/
matrix-rust-sdk
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/matrix-org/matrix-rust-sdk into state-store

master
Devin R 2020-04-13 10:21:44 -04:00
parent be34b72a0b 5f6cbbb193
commit a0973dec85
8 changed files with 190 additions and 154 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Cargo.toml
View File

@ -12,7 +12,7 @@ version = "0.1.0"
[features]
default = []
encryption = ["olm-rs", "serde/derive", "serde_json", "cjson"]
encryption = ["olm-rs", "serde/derive", "serde_json", "cjson", "zeroize"]
sqlite-cryptostore = ["sqlx", "zeroize"]
[dependencies]
@ -35,7 +35,7 @@ olm-rs = { git = "https://gitlab.gnome.org/poljar/olm-rs", optional = true, feat
serde = { version = "1.0.106", optional = true, features = ["derive"] }
serde_json = { version = "1.0.51", optional = true }
cjson = { version = "0.1.0", optional = true }
zeroize = { version = "1.1.0", optional = true }
zeroize = { version = "1.1.0", optional = true, features = ["zeroize_derive"] }
# Misc dependencies
thiserror = "1.0.14"

2
README.md
View File

@ -1,7 +1,7 @@
[![Build Status](https://img.shields.io/travis/matrix-org/matrix-rust-sdk.svg?style=flat-square)](https://travis-ci.org/matrix-org/matrix-rust-sdk)
[![codecov](https://img.shields.io/codecov/c/github/matrix-org/matrix-rust-sdk/master.svg?style=flat-square)](https://codecov.io/gh/matrix-org/matrix-rust-sdk)
[![License](https://img.shields.io/badge/License-Apache%202.0-yellowgreen.svg?style=flat-square)](https://opensource.org/licenses/Apache-2.0)
[![#matrix-rust-sdk](https://img.shields.io/badge/matrix-%23matrix--rust--sdk-blue?style=flat-square)](https://matrix.to/#/!iYnZafYUoXkeVPOSQh:matrix.org?via=matrix.org&via=matrix.ffslfl.net&via=raim.ist)
[![#matrix-rust-sdk](https://img.shields.io/badge/matrix-%23matrix--rust--sdk-blue?style=flat-square)](https://matrix.to/#/#matrix-rust-sdk:matrix.org)
# matrix-rust-sdk

84
src/crypto/machine.rs
View File

@ -14,6 +14,7 @@
use std::collections::{HashMap, HashSet};
use std::convert::TryInto;
use std::mem;
#[cfg(feature = "sqlite-cryptostore")]
use std::path::Path;
use std::result::Result as StdResult;
@ -68,7 +69,7 @@ pub struct OlmMachine {
/// The unique device id of the device that holds this account.
device_id: DeviceId,
/// Our underlying Olm Account holding our identity keys.
account: Arc<Mutex<Account>>,
account: Account,
/// The number of signed one-time keys we have uploaded to the server. If
/// this is None, no action will be taken. After a sync request the client
/// needs to set this for us, depending on the count we will suggest the
@ -98,7 +99,7 @@ impl OlmMachine {
Ok(OlmMachine {
user_id: user_id.clone(),
device_id: device_id.to_owned(),
account: Arc::new(Mutex::new(Account::new())),
account: Account::new(),
uploaded_signed_key_count: None,
store: Box::new(MemoryStore::new()),
users_for_key_query: HashSet::new(),
@ -132,7 +133,7 @@ impl OlmMachine {
Ok(OlmMachine {
user_id: user_id.clone(),
device_id: device_id.to_owned(),
account: Arc::new(Mutex::new(account)),
account,
uploaded_signed_key_count: None,
store: Box::new(store),
users_for_key_query: HashSet::new(),
@ -142,7 +143,7 @@ impl OlmMachine {
/// Should account or one-time keys be uploaded to the server.
pub async fn should_upload_keys(&self) -> bool {
if !self.account.lock().await.shared() {
if !self.account.shared() {
return true;
}
@ -150,7 +151,7 @@ impl OlmMachine {
// max_one_time_Keys() / 2, otherwise tell the client to upload more.
match self.uploaded_signed_key_count {
Some(count) => {
let max_keys = self.account.lock().await.max_one_time_keys() as u64;
let max_keys = self.account.max_one_time_keys().await as u64;
let key_count = (max_keys / 2) - count;
key_count > 0
}
@ -169,11 +170,10 @@ impl OlmMachine {
&mut self,
response: &keys::upload_keys::Response,
) -> Result<()> {
let mut account = self.account.lock().await;
if !account.shared {
if !self.account.shared() {
debug!("Marking account as shared");
}
account.shared = true;
self.account.mark_as_shared();
let one_time_key_count = response
.one_time_key_counts
@ -187,9 +187,7 @@ impl OlmMachine {
);
self.uploaded_signed_key_count = Some(count);
account.mark_keys_as_published();
drop(account);
self.account.mark_keys_as_published().await;
self.store.save_account(self.account.clone()).await?;
Ok(())
@ -317,9 +315,8 @@ impl OlmMachine {
let session = match self
.account
.lock()
.await
.create_outbound_session(curve_key, &one_time_key)
.await
{
Ok(s) => s,
Err(e) => {
@ -441,10 +438,9 @@ impl OlmMachine {
/// Returns the number of newly generated one-time keys. If no keys can be
/// generated returns an empty error.
async fn generate_one_time_keys(&self) -> StdResult<u64, ()> {
let account = self.account.lock().await;
match self.uploaded_signed_key_count {
Some(count) => {
let max_keys = account.max_one_time_keys() as u64;
let max_keys = self.account.max_one_time_keys().await as u64;
let max_on_server = max_keys / 2;
if count >= (max_on_server) {
@ -453,11 +449,11 @@ impl OlmMachine {
let key_count = (max_on_server) - count;
let key_count: usize = key_count
.try_into()
.unwrap_or_else(|_| account.max_one_time_keys());
let max_keys = self.account.max_one_time_keys().await;
account.generate_one_time_keys(key_count);
let key_count: usize = key_count.try_into().unwrap_or(max_keys);
self.account.generate_one_time_keys(key_count).await;
Ok(key_count as u64)
}
None => Err(()),
@ -466,7 +462,7 @@ impl OlmMachine {
/// Sign the device keys and return a JSON Value to upload them.
async fn device_keys(&self) -> DeviceKeys {
let identity_keys = self.account.lock().await.identity_keys();
let identity_keys = self.account.identity_keys();
let mut keys = HashMap::new();
@ -513,7 +509,7 @@ impl OlmMachine {
/// If no one-time keys need to be uploaded returns an empty error.
async fn signed_one_time_keys(&self) -> StdResult<OneTimeKeys, ()> {
let _ = self.generate_one_time_keys().await?;
let one_time_keys = self.account.lock().await.one_time_keys();
let one_time_keys = self.account.one_time_keys().await;
let mut one_time_key_map = HashMap::new();
for (key_id, key) in one_time_keys.curve25519().iter() {
@ -555,10 +551,9 @@ impl OlmMachine {
/// * `json` - The value that should be converted into a canonical JSON
/// string.
async fn sign_json(&self, json: &Value) -> String {
let account = self.account.lock().await;
let canonical_json = cjson::to_string(json)
.unwrap_or_else(|_| panic!(format!("Can't serialize {} to canonical JSON", json)));
account.sign(&canonical_json)
self.account.sign(&canonical_json).await
}
/// Verify a signed JSON object.
@ -637,7 +632,7 @@ impl OlmMachine {
return Err(());
}
let shared = self.account.lock().await.shared();
let shared = self.account.shared();
let device_keys = if !shared {
Some(self.device_keys().await)
@ -702,8 +697,12 @@ impl OlmMachine {
let mut session = match &message {
OlmMessage::Message(_) => return Err(OlmError::SessionWedged),
OlmMessage::PreKey(m) => {
let account = self.account.lock().await;
account.create_inbound_session(sender_key, m.clone())?
let session = self
.account
.create_inbound_session(sender_key, m.clone())
.await?;
self.store.save_account(self.account.clone()).await?;
session
}
};
@ -740,7 +739,7 @@ impl OlmMachine {
return Err(OlmError::UnsupportedAlgorithm);
};
let identity_keys = self.account.lock().await.identity_keys();
let identity_keys = self.account.identity_keys();
let own_key = identity_keys.curve25519();
let own_ciphertext = content.ciphertext.get(own_key);
@ -753,11 +752,11 @@ impl OlmMachine {
OlmMessage::from_type_and_ciphertext(message_type.into(), ciphertext.body.clone())
.map_err(|_| OlmError::UnsupportedOlmType)?;
let decrypted_event = self
let mut decrypted_event = self
.decrypt_olm_message(&event.sender.to_string(), &content.sender_key, message)
.await?;
debug!("Decrypted a to-device event {:?}", decrypted_event);
self.handle_decrypted_to_device_event(&content.sender_key, &decrypted_event)
self.handle_decrypted_to_device_event(&content.sender_key, &mut decrypted_event)
.await?;
Ok(decrypted_event)
@ -767,7 +766,7 @@ impl OlmMachine {
}
}
async fn add_room_key(&mut self, sender_key: &str, event: &ToDeviceRoomKey) -> Result<()> {
async fn add_room_key(&mut self, sender_key: &str, event: &mut ToDeviceRoomKey) -> Result<()> {
match event.content.algorithm {
Algorithm::MegolmV1AesSha2 => {
// TODO check for all the valid fields.
@ -776,7 +775,7 @@ impl OlmMachine {
.get("ed25519")
.ok_or(OlmError::MissingSigningKey)?;
let session_key = GroupSessionKey(event.content.session_key.to_owned());
let session_key = GroupSessionKey(mem::take(&mut event.content.session_key));
let session = InboundGroupSession::new(
sender_key,
@ -799,8 +798,7 @@ impl OlmMachine {
async fn create_outbound_group_session(&mut self, room_id: &RoomId) -> Result<()> {
let session = OutboundGroupSession::new(room_id);
let account = self.account.lock().await;
let identity_keys = account.identity_keys();
let identity_keys = self.account.identity_keys();
let sender_key = identity_keys.curve25519();
let signing_key = identity_keys.ed25519();
@ -855,13 +853,7 @@ impl OlmMachine {
Ok(MegolmV1AesSha2Content {
algorithm: Algorithm::MegolmV1AesSha2,
ciphertext,
sender_key: self
.account
.lock()
.await
.identity_keys()
.curve25519()
.to_owned(),
sender_key: self.account.identity_keys().curve25519().to_owned(),
session_id: session.session_id().to_owned(),
device_id: self.device_id.to_owned(),
})
@ -874,7 +866,7 @@ impl OlmMachine {
event_type: EventType,
content: Value,
) -> Result<OlmV1Curve25519AesSha2Content> {
let identity_keys = self.account.lock().await.identity_keys();
let identity_keys = self.account.identity_keys();
let recipient_signing_key = recipient_device
.keys(&KeyAlgorithm::Ed25519)
@ -1047,7 +1039,7 @@ impl OlmMachine {
async fn handle_decrypted_to_device_event(
&mut self,
sender_key: &str,
event: &EventResult<ToDeviceEvent>,
event: &mut EventResult<ToDeviceEvent>,
) -> Result<()> {
let event = if let EventResult::Ok(e) = event {
e
@ -1150,7 +1142,7 @@ impl OlmMachine {
// TODO check if the olm session is wedged and re-request the key.
let session = session.ok_or(OlmError::MissingSession)?;
let (plaintext, _) = session.lock().await.decrypt(content.ciphertext.clone())?;
let (plaintext, _) = session.decrypt(content.ciphertext.clone()).await?;
// TODO check the message index.
// TODO check if this is from a verified device.
@ -1326,7 +1318,7 @@ mod test {
let machine = OlmMachine::new(&user_id(), DEVICE_ID).unwrap();
let mut device_keys = machine.device_keys().await;
let identity_keys = machine.account.lock().await.identity_keys();
let identity_keys = machine.account.identity_keys();
let ed25519_key = identity_keys.ed25519();
let ret = machine.verify_json(
@ -1359,7 +1351,7 @@ mod test {
machine.uploaded_signed_key_count = Some(49);
let mut one_time_keys = machine.signed_one_time_keys().await.unwrap();
let identity_keys = machine.account.lock().await.identity_keys();
let identity_keys = machine.account.identity_keys();
let ed25519_key = identity_keys.ed25519();
let mut one_time_key = one_time_keys.values_mut().nth(0).unwrap();
@ -1378,7 +1370,7 @@ mod test {
let mut machine = OlmMachine::new(&user_id(), DEVICE_ID).unwrap();
machine.uploaded_signed_key_count = Some(0);
let identity_keys = machine.account.lock().await.identity_keys();
let identity_keys = machine.account.identity_keys();
let ed25519_key = identity_keys.ed25519();
let (device_keys, mut one_time_keys) = machine

17
src/crypto/memory_stores.rs
View File

@ -60,7 +60,7 @@ impl SessionStore {
#[derive(Debug)]
pub struct GroupSessionStore {
entries: HashMap<RoomId, HashMap<String, HashMap<String, Arc<Mutex<InboundGroupSession>>>>>,
entries: HashMap<RoomId, HashMap<String, HashMap<String, InboundGroupSession>>>,
}
impl GroupSessionStore {
@ -72,18 +72,19 @@ impl GroupSessionStore {
pub fn add(&mut self, session: InboundGroupSession) -> bool {
if !self.entries.contains_key(&session.room_id) {
self.entries
.insert(session.room_id.to_owned(), HashMap::new());
let room_id = &*session.room_id;
self.entries.insert(room_id.clone(), HashMap::new());
}
let room_map = self.entries.get_mut(&session.room_id).unwrap();
if !room_map.contains_key(&session.sender_key) {
room_map.insert(session.sender_key.to_owned(), HashMap::new());
if !room_map.contains_key(&*session.sender_key) {
let sender_key = &*session.sender_key;
room_map.insert(sender_key.to_owned(), HashMap::new());
}
let sender_map = room_map.get_mut(&session.sender_key).unwrap();
let ret = sender_map.insert(session.session_id(), Arc::new(Mutex::new(session)));
let sender_map = room_map.get_mut(&*session.sender_key).unwrap();
let ret = sender_map.insert(session.session_id().to_owned(), session);
ret.is_some()
}
@ -93,7 +94,7 @@ impl GroupSessionStore {
room_id: &RoomId,
sender_key: &str,
session_id: &str,
) -> Option<Arc<Mutex<InboundGroupSession>>> {
) -> Option<InboundGroupSession> {
self.entries
.get(room_id)
.and_then(|m| m.get(sender_key).and_then(|m| m.get(session_id).cloned()))

171
src/crypto/olm.rs
View File

@ -19,6 +19,7 @@ use std::time::Instant;
use serde::Serialize;
use tokio::sync::Mutex;
use zeroize::Zeroize;
use olm_rs::account::{IdentityKeys, OlmAccount, OneTimeKeys};
use olm_rs::errors::{OlmAccountError, OlmGroupSessionError, OlmSessionError};
@ -33,9 +34,11 @@ use crate::identifiers::RoomId;
/// The Olm account.
/// An account is the central identity for encrypted communication between two
/// devices. It holds the two identity key pairs for a device.
#[derive(Clone)]
pub struct Account {
inner: OlmAccount,
pub(crate) shared: bool,
inner: Arc<Mutex<OlmAccount>>,
identity_keys: Arc<IdentityKeys>,
pub(crate) shared: Arc<AtomicBool>,
}
impl fmt::Debug for Account {
@ -44,7 +47,7 @@ impl fmt::Debug for Account {
f,
"Olm Account: {:?}, shared: {}",
self.identity_keys(),
self.shared
self.shared()
)
}
}
@ -52,49 +55,61 @@ impl fmt::Debug for Account {
impl Account {
/// Create a new account.
pub fn new() -> Self {
let account = OlmAccount::new();
let identity_keys = account.parsed_identity_keys();
Account {
inner: OlmAccount::new(),
shared: false,
inner: Arc::new(Mutex::new(account)),
identity_keys: Arc::new(identity_keys),
shared: Arc::new(AtomicBool::new(false)),
}
}
/// Get the public parts of the identity keys for the account.
pub fn identity_keys(&self) -> IdentityKeys {
self.inner.parsed_identity_keys()
pub fn identity_keys(&self) -> &IdentityKeys {
&self.identity_keys
}
/// Has the account been shared with the server.
pub fn shared(&self) -> bool {
self.shared
self.shared.load(Ordering::Relaxed)
}
/// Mark the account as shared.
///
/// Messages shouldn't be encrypted with the session before it has been
/// shared.
pub fn mark_as_shared(&self) {
self.shared.store(true, Ordering::Relaxed);
}
/// Get the one-time keys of the account.
///
/// This can be empty, keys need to be generated first.
pub fn one_time_keys(&self) -> OneTimeKeys {
self.inner.parsed_one_time_keys()
pub async fn one_time_keys(&self) -> OneTimeKeys {
self.inner.lock().await.parsed_one_time_keys()
}
/// Generate count number of one-time keys.
pub fn generate_one_time_keys(&self, count: usize) {
self.inner.generate_one_time_keys(count);
pub async fn generate_one_time_keys(&self, count: usize) {
self.inner.lock().await.generate_one_time_keys(count);
}
/// Get the maximum number of one-time keys the account can hold.
pub fn max_one_time_keys(&self) -> usize {
self.inner.max_number_of_one_time_keys()
pub async fn max_one_time_keys(&self) -> usize {
self.inner.lock().await.max_number_of_one_time_keys()
}
/// Mark the current set of one-time keys as being published.
pub fn mark_keys_as_published(&self) {
self.inner.mark_keys_as_published();
pub async fn mark_keys_as_published(&self) {
self.inner.lock().await.mark_keys_as_published();
}
/// Sign the given string using the accounts signing key.
///
/// Returns the signature as a base64 encoded string.
pub fn sign(&self, string: &str) -> String {
self.inner.sign(string)
pub async fn sign(&self, string: &str) -> String {
self.inner.lock().await.sign(string)
}
/// Store the account as a base64 encoded string.
@ -103,8 +118,8 @@ impl Account {
///
/// * `pickle_mode` - The mode that was used to pickle the account, either an
/// unencrypted mode or an encrypted using passphrase.
pub fn pickle(&self, pickle_mode: PicklingMode) -> String {
self.inner.pickle(pickle_mode)
pub async fn pickle(&self, pickle_mode: PicklingMode) -> String {
self.inner.lock().await.pickle(pickle_mode)
}
/// Restore an account from a previously pickled string.
@ -123,8 +138,14 @@ impl Account {
pickle_mode: PicklingMode,
shared: bool,
) -> Result<Self, OlmAccountError> {
let acc = OlmAccount::unpickle(pickle, pickle_mode)?;
Ok(Account { inner: acc, shared })
let account = OlmAccount::unpickle(pickle, pickle_mode)?;
let identity_keys = account.parsed_identity_keys();
Ok(Account {
inner: Arc::new(Mutex::new(account)),
identity_keys: Arc::new(identity_keys),
shared: Arc::new(AtomicBool::from(shared)),
})
}
/// Create a new session with another account given a one-time key.
@ -137,13 +158,15 @@ impl Account {
///
/// * `their_one_time_key` - A signed one-time key that the other account
/// created and shared with us.
pub fn create_outbound_session(
pub async fn create_outbound_session(
&self,
their_identity_key: &str,
their_one_time_key: &SignedKey,
) -> Result<Session, OlmSessionError> {
let session = self
.inner
.lock()
.await
.create_outbound_session(their_identity_key, &their_one_time_key.key)?;
let now = Instant::now();
@ -166,15 +189,25 @@ impl Account {
///
/// * `message` - A pre-key Olm message that was sent to us by the other
/// account.
pub fn create_inbound_session(
pub async fn create_inbound_session(
&self,
their_identity_key: &str,
message: PreKeyMessage,
) -> Result<Session, OlmSessionError> {
let session = self
.inner
.lock()
.await
.create_inbound_session_from(their_identity_key, message)?;
self.inner
.lock()
.await
.remove_one_time_keys(&session)
.expect(
"Session was successfully created but the account doesn't hold a matching one-time key",
);
let now = Instant::now();
Ok(Session {
@ -188,7 +221,7 @@ impl Account {
impl PartialEq for Account {
fn eq(&self, other: &Self) -> bool {
self.identity_keys() == other.identity_keys() && self.shared == other.shared
self.identity_keys() == other.identity_keys() && self.shared() == other.shared()
}
}
@ -312,19 +345,22 @@ impl PartialEq for Session {
/// The private session key of a group session.
/// Can be used to create a new inbound group session.
#[derive(Clone, Serialize)]
#[derive(Clone, Serialize, Zeroize)]
#[zeroize(drop)]
pub struct GroupSessionKey(pub String);
/// Inbound group session.
///
/// Inbound group sessions are used to exchange room messages between a group of
/// participants. Inbound group sessions are used to decrypt the room messages.
#[derive(Clone)]
pub struct InboundGroupSession {
inner: OlmInboundGroupSession,
pub(crate) sender_key: String,
pub(crate) signing_key: String,
pub(crate) room_id: RoomId,
forwarding_chains: Option<Vec<String>>,
inner: Arc<Mutex<OlmInboundGroupSession>>,
session_id: Arc<String>,
pub(crate) sender_key: Arc<String>,
pub(crate) signing_key: Arc<String>,
pub(crate) room_id: Arc<RoomId>,
forwarding_chains: Arc<Mutex<Option<Vec<String>>>>,
}
impl InboundGroupSession {
@ -350,12 +386,16 @@ impl InboundGroupSession {
room_id: &RoomId,
session_key: GroupSessionKey,
) -> Result<Self, OlmGroupSessionError> {
let session = OlmInboundGroupSession::new(&session_key.0)?;
let session_id = session.session_id();
Ok(InboundGroupSession {
inner: OlmInboundGroupSession::new(&session_key.0)?,
sender_key: sender_key.to_owned(),
signing_key: signing_key.to_owned(),
room_id: room_id.clone(),
forwarding_chains: None,
inner: Arc::new(Mutex::new(session)),
session_id: Arc::new(session_id),
sender_key: Arc::new(sender_key.to_owned()),
signing_key: Arc::new(signing_key.to_owned()),
room_id: Arc::new(room_id.clone()),
forwarding_chains: Arc::new(Mutex::new(None)),
})
}
@ -365,8 +405,8 @@ impl InboundGroupSession {
///
/// * `pickle_mode` - The mode that was used to pickle the group session,
/// either an unencrypted mode or an encrypted using passphrase.
pub fn pickle(&self, pickle_mode: PicklingMode) -> String {
self.inner.pickle(pickle_mode)
pub async fn pickle(&self, pickle_mode: PicklingMode) -> String {
self.inner.lock().await.pickle(pickle_mode)
}
/// Restore a Session from a previously pickled string.
@ -396,23 +436,26 @@ impl InboundGroupSession {
room_id: RoomId,
) -> Result<Self, OlmGroupSessionError> {
let session = OlmInboundGroupSession::unpickle(pickle, pickle_mode)?;
let session_id = session.session_id();
Ok(InboundGroupSession {
inner: session,
sender_key,
signing_key,
room_id,
forwarding_chains: None,
inner: Arc::new(Mutex::new(session)),
session_id: Arc::new(session_id),
sender_key: Arc::new(sender_key),
signing_key: Arc::new(signing_key),
room_id: Arc::new(room_id),
forwarding_chains: Arc::new(Mutex::new(None)),
})
}
/// Returns the unique identifier for this session.
pub fn session_id(&self) -> String {
self.inner.session_id()
pub fn session_id(&self) -> &str {
&self.session_id
}
/// Get the first message index we know how to decrypt.
pub fn first_known_index(&self) -> u32 {
self.inner.first_known_index()
pub async fn first_known_index(&self) -> u32 {
self.inner.lock().await.first_known_index()
}
/// Decrypt the given ciphertext.
@ -423,8 +466,8 @@ impl InboundGroupSession {
/// # Arguments
///
/// * `message` - The message that should be decrypted.
pub fn decrypt(&self, message: String) -> Result<(String, u32), OlmGroupSessionError> {
self.inner.decrypt(message)
pub async fn decrypt(&self, message: String) -> Result<(String, u32), OlmGroupSessionError> {
self.inner.lock().await.decrypt(message)
}
}
@ -566,16 +609,16 @@ mod test {
assert!(!identyty_keys.curve25519().is_empty());
}
#[test]
fn one_time_keys_creation() {
#[tokio::test]
async fn one_time_keys_creation() {
let account = Account::new();
let one_time_keys = account.one_time_keys();
let one_time_keys = account.one_time_keys().await;
assert!(one_time_keys.curve25519().is_empty());
assert_ne!(account.max_one_time_keys(), 0);
assert_ne!(account.max_one_time_keys().await, 0);
account.generate_one_time_keys(10);
let one_time_keys = account.one_time_keys();
account.generate_one_time_keys(10).await;
let one_time_keys = account.one_time_keys().await;
assert!(!one_time_keys.curve25519().is_empty());
assert_ne!(one_time_keys.values().len(), 0);
@ -588,21 +631,19 @@ mod test {
one_time_keys.get("curve25519").unwrap()
);
account.mark_keys_as_published();
let one_time_keys = account.one_time_keys();
account.mark_keys_as_published().await;
let one_time_keys = account.one_time_keys().await;
assert!(one_time_keys.curve25519().is_empty());
}
#[test]
fn session_creation() {
#[tokio::test]
async fn session_creation() {
let alice = Account::new();
let bob = Account::new();
let alice_keys = alice.identity_keys();
let one_time_keys = alice.one_time_keys();
alice.generate_one_time_keys(1);
let one_time_keys = alice.one_time_keys();
alice.mark_keys_as_published();
alice.generate_one_time_keys(1).await;
let one_time_keys = alice.one_time_keys().await;
alice.mark_keys_as_published().await;
let one_time_key = one_time_keys
.curve25519()
@ -619,6 +660,7 @@ mod test {
let mut bob_session = bob
.create_outbound_session(alice_keys.curve25519(), &one_time_key)
.await
.unwrap();
let plaintext = "Hello world";
@ -633,6 +675,7 @@ mod test {
let bob_keys = bob.identity_keys();
let mut alice_session = alice
.create_inbound_session(bob_keys.curve25519(), prekey_message)
.await
.unwrap();
assert_eq!(bob_session.session_id(), alice_session.session_id());

4
src/crypto/store/memorystore.rs
View File

@ -48,7 +48,7 @@ impl CryptoStore for MemoryStore {
Ok(None)
}
async fn save_account(&mut self, _: Arc<Mutex<Account>>) -> Result<()> {
async fn save_account(&mut self, _: Account) -> Result<()> {
Ok(())
}
@ -77,7 +77,7 @@ impl CryptoStore for MemoryStore {
room_id: &RoomId,
sender_key: &str,
session_id: &str,
) -> Result<Option<Arc<Mutex<InboundGroupSession>>>> {
) -> Result<Option<InboundGroupSession>> {
Ok(self
.inbound_group_sessions
.get(room_id, sender_key, session_id))

8
src/crypto/store/mod.rs
View File

@ -66,22 +66,26 @@ pub type Result<T> = std::result::Result<T, CryptoStoreError>;
#[async_trait]
pub trait CryptoStore: Debug + Send + Sync {
async fn load_account(&mut self) -> Result<Option<Account>>;
async fn save_account(&mut self, account: Arc<Mutex<Account>>) -> Result<()>;
async fn save_account(&mut self, account: Account) -> Result<()>;
async fn save_session(&mut self, session: Arc<Mutex<Session>>) -> Result<()>;
async fn add_and_save_session(&mut self, session: Session) -> Result<()>;
async fn get_sessions(
&mut self,
sender_key: &str,
) -> Result<Option<Arc<Mutex<Vec<Arc<Mutex<Session>>>>>>>;
async fn save_inbound_group_session(&mut self, session: InboundGroupSession) -> Result<bool>;
async fn get_inbound_group_session(
&mut self,
room_id: &RoomId,
sender_key: &str,
session_id: &str,
) -> Result<Option<Arc<Mutex<InboundGroupSession>>>>;
) -> Result<Option<InboundGroupSession>>;
fn tracked_users(&self) -> &HashSet<UserId>;
async fn add_user_for_tracking(&mut self, user: &UserId) -> Result<bool>;
async fn save_device(&self, device: Device) -> Result<()>;
async fn get_device(&self, user_id: &UserId, device_id: &str) -> Result<Option<Device>>;
async fn get_user_devices(&self, user_id: &UserId) -> Result<UserDevices>;

54
src/crypto/store/sqlite.rs
View File

@ -288,9 +288,8 @@ impl CryptoStore for SqliteStore {
Ok(result)
}
async fn save_account(&mut self, account: Arc<Mutex<Account>>) -> Result<()> {
let acc = account.lock().await;
let pickle = acc.pickle(self.get_pickle_mode());
async fn save_account(&mut self, account: Account) -> Result<()> {
let pickle = account.pickle(self.get_pickle_mode()).await;
let mut connection = self.connection.lock().await;
query(
@ -307,7 +306,7 @@ impl CryptoStore for SqliteStore {
.bind(&*self.user_id.to_string())
.bind(&*self.device_id.to_string())
.bind(&pickle)
.bind(acc.shared)
.bind(account.shared())
.execute(&mut *connection)
.await?;
@ -367,7 +366,7 @@ impl CryptoStore for SqliteStore {
async fn save_inbound_group_session(&mut self, session: InboundGroupSession) -> Result<bool> {
let account_id = self.account_id.ok_or(CryptoStoreError::AccountUnset)?;
let pickle = session.pickle(self.get_pickle_mode());
let pickle = session.pickle(self.get_pickle_mode()).await;
let mut connection = self.connection.lock().await;
let session_id = session.session_id();
@ -383,9 +382,9 @@ impl CryptoStore for SqliteStore {
)
.bind(session_id)
.bind(account_id)
.bind(&session.sender_key)
.bind(&session.signing_key)
.bind(&session.room_id.to_string())
.bind(&*session.sender_key)
.bind(&*session.signing_key)
.bind(&*session.room_id.to_string())
.bind(&pickle)
.execute(&mut *connection)
.await?;
@ -398,7 +397,7 @@ impl CryptoStore for SqliteStore {
room_id: &RoomId,
sender_key: &str,
session_id: &str,
) -> Result<Option<Arc<Mutex<InboundGroupSession>>>> {
) -> Result<Option<InboundGroupSession>> {
Ok(self
.inbound_group_sessions
.get(room_id, sender_key, session_id))
@ -460,7 +459,7 @@ mod test {
.expect("Can't create store")
}
async fn get_loaded_store() -> (Arc<Mutex<Account>>, SqliteStore) {
async fn get_loaded_store() -> (Account, SqliteStore) {
let mut store = get_store().await;
let account = get_account();
store
@ -471,19 +470,19 @@ mod test {
(account, store)
}
fn get_account() -> Arc<Mutex<Account>> {
let account = Account::new();
Arc::new(Mutex::new(account))
fn get_account() -> Account {
Account::new()
}
fn get_account_and_session() -> (Arc<Mutex<Account>>, Session) {
async fn get_account_and_session() -> (Account, Session) {
let alice = Account::new();
let bob = Account::new();
bob.generate_one_time_keys(1);
bob.generate_one_time_keys(1).await;
let one_time_key = bob
.one_time_keys()
.await
.curve25519()
.iter()
.nth(0)
@ -497,9 +496,10 @@ mod test {
let sender_key = bob.identity_keys().curve25519().to_owned();
let session = alice
.create_outbound_session(&sender_key, &one_time_key)
.await
.unwrap();
(Arc::new(Mutex::new(alice)), session)
(alice, session)
}
#[tokio::test]
@ -532,11 +532,10 @@ mod test {
.await
.expect("Can't save account");
let acc = account.lock().await;
let loaded_account = store.load_account().await.expect("Can't load account");
let loaded_account = loaded_account.unwrap();
assert_eq!(*acc, loaded_account);
assert_eq!(account, loaded_account);
}
#[tokio::test]
@ -549,7 +548,7 @@ mod test {
.await
.expect("Can't save account");
account.lock().await.shared = true;
account.mark_as_shared();
store
.save_account(account.clone())
@ -558,15 +557,14 @@ mod test {
let loaded_account = store.load_account().await.expect("Can't load account");
let loaded_account = loaded_account.unwrap();
let acc = account.lock().await;
assert_eq!(*acc, loaded_account);
assert_eq!(account, loaded_account);
}
#[tokio::test]
async fn save_session() {
let mut store = get_store().await;
let (account, session) = get_account_and_session();
let (account, session) = get_account_and_session().await;
let session = Arc::new(Mutex::new(session));
assert!(store.save_session(session.clone()).await.is_err());
@ -582,7 +580,7 @@ mod test {
#[tokio::test]
async fn load_sessions() {
let mut store = get_store().await;
let (account, session) = get_account_and_session();
let (account, session) = get_account_and_session().await;
let session = Arc::new(Mutex::new(session));
store
.save_account(account.clone())
@ -604,7 +602,7 @@ mod test {
#[tokio::test]
async fn add_and_save_session() {
let mut store = get_store().await;
let (account, session) = get_account_and_session();
let (account, session) = get_account_and_session().await;
let sender_key = session.sender_key.to_owned();
let session_id = session.session_id();
@ -625,8 +623,7 @@ mod test {
async fn save_inbound_group_session() {
let (account, mut store) = get_loaded_store().await;
let acc = account.lock().await;
let identity_keys = acc.identity_keys();
let identity_keys = account.identity_keys();
let outbound_session = OlmOutboundGroupSession::new();
let session = InboundGroupSession::new(
identity_keys.curve25519(),
@ -646,8 +643,7 @@ mod test {
async fn load_inbound_group_session() {
let (account, mut store) = get_loaded_store().await;
let acc = account.lock().await;
let identity_keys = acc.identity_keys();
let identity_keys = account.identity_keys();
let outbound_session = OlmOutboundGroupSession::new();
let session = InboundGroupSession::new(
identity_keys.curve25519(),
@ -657,7 +653,7 @@ mod test {
)
.expect("Can't create session");
let session_id = session.session_id();
let session_id = session.session_id().to_owned();
store
.save_inbound_group_session(session)