char
/
matrix-rust-sdk
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
matrix-rust-sdk/src/crypto/store/sqlite.rs

657 lines
20 KiB
Rust
Raw Blame History

// Copyright 2020 The Matrix.org Foundation C.I.C.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
use std::collections::HashSet;
use std::path::{Path, PathBuf};
use std::result::Result as StdResult;
use std::sync::Arc;
use std::time::{Duration, Instant};
use url::Url;
use async_trait::async_trait;
use olm_rs::PicklingMode;
use serde_json;
use sqlx::{query, query_as, sqlite::SqliteQueryAs, Connect, Executor, SqliteConnection};
use tokio::sync::Mutex;
use zeroize::Zeroizing;
use super::{Account, CryptoStore, CryptoStoreError, InboundGroupSession, Result, Session};
use crate::crypto::device::Device;
use crate::crypto::memory_stores::{GroupSessionStore, SessionStore, UserDevices};
pub struct SqliteStore {
user_id: Arc<String>,
device_id: Arc<String>,
account_id: Option<i64>,
path: PathBuf,
sessions: SessionStore,
inbound_group_sessions: GroupSessionStore,
connection: Arc<Mutex<SqliteConnection>>,
pickle_passphrase: Option<Zeroizing<String>>,
tracked_users: HashSet<String>,
}
static DATABASE_NAME: &str = "matrix-sdk-crypto.db";
impl SqliteStore {
pub async fn open<P: AsRef<Path>>(
user_id: &str,
device_id: &str,
path: P,
) -> Result<SqliteStore> {
SqliteStore::open_helper(user_id, device_id, path, None).await
}
pub async fn open_with_passphrase<P: AsRef<Path>>(
user_id: &str,
device_id: &str,
path: P,
passphrase: String,
) -> Result<SqliteStore> {
SqliteStore::open_helper(user_id, device_id, path, Some(Zeroizing::new(passphrase))).await
}
fn path_to_url(path: &Path) -> Result<Url> {
// TODO this returns an empty error if the path isn't absolute.
let url = Url::from_directory_path(path).expect("Invalid path");
Ok(url.join(DATABASE_NAME)?)
}
async fn open_helper<P: AsRef<Path>>(
user_id: &str,
device_id: &str,
path: P,
passphrase: Option<Zeroizing<String>>,
) -> Result<SqliteStore> {
let url = SqliteStore::path_to_url(path.as_ref())?;
let connection = SqliteConnection::connect(url.as_ref()).await?;
let store = SqliteStore {
user_id: Arc::new(user_id.to_owned()),
device_id: Arc::new(device_id.to_owned()),
account_id: None,
sessions: SessionStore::new(),
inbound_group_sessions: GroupSessionStore::new(),
path: path.as_ref().to_owned(),
connection: Arc::new(Mutex::new(connection)),
pickle_passphrase: passphrase,
tracked_users: HashSet::new(),
};
store.create_tables().await?;
Ok(store)
}
async fn create_tables(&self) -> Result<()> {
let mut connection = self.connection.lock().await;
connection
.execute(
r#"
CREATE TABLE IF NOT EXISTS accounts (
"id" INTEGER NOT NULL PRIMARY KEY,
"user_id" TEXT NOT NULL,
"device_id" TEXT NOT NULL,
"pickle" BLOB NOT NULL,
"shared" INTEGER NOT NULL,
UNIQUE(user_id,device_id)
);
"#,
)
.await?;
connection
.execute(
r#"
CREATE TABLE IF NOT EXISTS sessions (
"session_id" TEXT NOT NULL PRIMARY KEY,
"account_id" INTEGER NOT NULL,
"creation_time" TEXT NOT NULL,
"last_use_time" TEXT NOT NULL,
"sender_key" TEXT NOT NULL,
"pickle" BLOB NOT NULL,
FOREIGN KEY ("account_id") REFERENCES "accounts" ("id")
ON DELETE CASCADE
);
CREATE INDEX "olmsessions_account_id" ON "sessions" ("account_id");
"#,
)
.await?;
connection
.execute(
r#"
CREATE TABLE IF NOT EXISTS inbound_group_sessions (
"session_id" TEXT NOT NULL PRIMARY KEY,
"account_id" INTEGER NOT NULL,
"sender_key" TEXT NOT NULL,
"signing_key" TEXT NOT NULL,
"room_id" TEXT NOT NULL,
"pickle" BLOB NOT NULL,
FOREIGN KEY ("account_id") REFERENCES "accounts" ("id")
ON DELETE CASCADE
);
CREATE INDEX "olm_groups_sessions_account_id" ON "inbound_group_sessions" ("account_id");
"#,
)
.await?;
Ok(())
}
async fn get_sessions_for(
&mut self,
sender_key: &str,
) -> Result<Option<Arc<Mutex<Vec<Arc<Mutex<Session>>>>>>> {
let loaded_sessions = self.sessions.get(sender_key).is_some();
if !loaded_sessions {
let sessions = self.load_sessions_for(sender_key).await?;
if !sessions.is_empty() {
self.sessions.set_for_sender(sender_key, sessions);
}
}
Ok(self.sessions.get(sender_key))
}
async fn load_sessions_for(&mut self, sender_key: &str) -> Result<Vec<Arc<Mutex<Session>>>> {
let account_id = self.account_id.ok_or(CryptoStoreError::AccountUnset)?;
let mut connection = self.connection.lock().await;
let rows: Vec<(String, String, String, String)> = query_as(
"SELECT pickle, sender_key, creation_time, last_use_time
FROM sessions WHERE account_id = ? and sender_key = ?",
)
.bind(account_id)
.bind(sender_key)
.fetch_all(&mut *connection)
.await?;
let now = Instant::now();
Ok(rows
.iter()
.map(|row| {
let pickle = &row.0;
let sender_key = &row.1;
let creation_time = now
.checked_sub(serde_json::from_str::<Duration>(&row.2)?)
.ok_or(CryptoStoreError::SessionTimestampError)?;
let last_use_time = now
.checked_sub(serde_json::from_str::<Duration>(&row.3)?)
.ok_or(CryptoStoreError::SessionTimestampError)?;
Ok(Arc::new(Mutex::new(Session::from_pickle(
pickle.to_string(),
self.get_pickle_mode(),
sender_key.to_string(),
creation_time,
last_use_time,
)?)))
})
.collect::<Result<Vec<Arc<Mutex<Session>>>>>()?)
}
async fn load_inbound_group_sessions(&self) -> Result<Vec<InboundGroupSession>> {
let account_id = self.account_id.ok_or(CryptoStoreError::AccountUnset)?;
let mut connection = self.connection.lock().await;
let rows: Vec<(String, String, String, String)> = query_as(
"SELECT pickle, sender_key, signing_key, room_id
FROM inbound_group_sessions WHERE account_id = ?",
)
.bind(account_id)
.fetch_all(&mut *connection)
.await?;
Ok(rows
.iter()
.map(|row| {
let pickle = &row.0;
let sender_key = &row.1;
let signing_key = &row.2;
let room_id = &row.3;
Ok(InboundGroupSession::from_pickle(
pickle.to_string(),
self.get_pickle_mode(),
sender_key.to_string(),
signing_key.to_owned(),
room_id.to_owned(),
)?)
})
.collect::<Result<Vec<InboundGroupSession>>>()?)
}
fn get_pickle_mode(&self) -> PicklingMode {
match &self.pickle_passphrase {
Some(p) => PicklingMode::Encrypted {
key: p.as_bytes().to_vec(),
},
None => PicklingMode::Unencrypted,
}
}
}
#[async_trait]
impl CryptoStore for SqliteStore {
async fn load_account(&mut self) -> Result<Option<Account>> {
let mut connection = self.connection.lock().await;
let row: Option<(i64, String, bool)> = query_as(
"SELECT id, pickle, shared FROM accounts
WHERE user_id = ? and device_id = ?",
)
.bind(&*self.user_id)
.bind(&*self.device_id)
.fetch_optional(&mut *connection)
.await?;
let result = match row {
Some((id, pickle, shared)) => {
self.account_id = Some(id);
Some(Account::from_pickle(
pickle,
self.get_pickle_mode(),
shared,
)?)
}
None => None,
};
drop(connection);
let mut sessions = self.load_inbound_group_sessions().await?;
let _ = sessions
.drain(..)
.map(|s| {
self.inbound_group_sessions.add(s);
})
.collect::<()>();
Ok(result)
}
async fn save_account(&mut self, account: Arc<Mutex<Account>>) -> Result<()> {
let acc = account.lock().await;
let pickle = acc.pickle(self.get_pickle_mode());
let mut connection = self.connection.lock().await;
query(
"INSERT INTO accounts (
user_id, device_id, pickle, shared
) VALUES (?1, ?2, ?3, ?4)
ON CONFLICT(user_id, device_id) DO UPDATE SET
pickle = ?3,
shared = ?4
WHERE user_id = ?1 and
device_id = ?2
",
)
.bind(&*self.user_id)
.bind(&*self.device_id)
.bind(&pickle)
.bind(acc.shared)
.execute(&mut *connection)
.await?;
let account_id: (i64,) =
query_as("SELECT id FROM accounts WHERE user_id = ? and device_id = ?")
.bind(&*self.user_id)
.bind(&*self.device_id)
.fetch_one(&mut *connection)
.await?;
self.account_id = Some(account_id.0);
Ok(())
}
async fn save_session(&mut self, session: Arc<Mutex<Session>>) -> Result<()> {
let account_id = self.account_id.ok_or(CryptoStoreError::AccountUnset)?;
let session = session.lock().await;
let session_id = session.session_id();
let creation_time = serde_json::to_string(&session.creation_time.elapsed())?;
let last_use_time = serde_json::to_string(&session.last_use_time.elapsed())?;
let pickle = session.pickle(self.get_pickle_mode());
let mut connection = self.connection.lock().await;
query(
"REPLACE INTO sessions (
session_id, account_id, creation_time, last_use_time, sender_key, pickle
) VALUES (?, ?, ?, ?, ?, ?)",
)
.bind(&session_id)
.bind(&account_id)
.bind(&creation_time)
.bind(&last_use_time)
.bind(&session.sender_key)
.bind(&pickle)
.execute(&mut *connection)
.await?;
Ok(())
}
async fn add_and_save_session(&mut self, session: Session) -> Result<()> {
let session = self.sessions.add(session).await;
self.save_session(session).await?;
Ok(())
}
async fn get_sessions(
&mut self,
sender_key: &str,
) -> Result<Option<Arc<Mutex<Vec<Arc<Mutex<Session>>>>>>> {
Ok(self.get_sessions_for(sender_key).await?)
}
async fn save_inbound_group_session(&mut self, session: InboundGroupSession) -> Result<bool> {
let account_id = self.account_id.ok_or(CryptoStoreError::AccountUnset)?;
let pickle = session.pickle(self.get_pickle_mode());
let mut connection = self.connection.lock().await;
let session_id = session.session_id();
query(
"INSERT INTO inbound_group_sessions (
session_id, account_id, sender_key, signing_key,
room_id, pickle
) VALUES (?1, ?2, ?3, ?4, ?5, ?6)
ON CONFLICT(session_id) DO UPDATE SET
pickle = ?6
WHERE session_id = ?1
",
)
.bind(session_id)
.bind(account_id)
.bind(&session.sender_key)
.bind(&session.signing_key)
.bind(&session.room_id)
.bind(&pickle)
.execute(&mut *connection)
.await?;
Ok(self.inbound_group_sessions.add(session))
}
async fn get_inbound_group_session(
&mut self,
room_id: &str,
sender_key: &str,
session_id: &str,
) -> Result<Option<Arc<Mutex<InboundGroupSession>>>> {
Ok(self
.inbound_group_sessions
.get(room_id, sender_key, session_id))
}
fn tracked_users(&self) -> &HashSet<String> {
&self.tracked_users
}
async fn add_user_for_tracking(&mut self, user: &str) -> Result<bool> {
Ok(self.tracked_users.insert(user.to_string()))
}
async fn get_device(&self, user_id: &str, device_id: &str) -> Result<Option<Device>> {
todo!()
}
async fn get_user_devices(&self, user_id: &str) -> Result<UserDevices> {
todo!()
}
}
impl std::fmt::Debug for SqliteStore {
fn fmt(&self, fmt: &mut std::fmt::Formatter<'_>) -> StdResult<(), std::fmt::Error> {
write!(
fmt,
"SqliteStore {{ user_id: {}, device_id: {}, path: {:?} }}",
self.user_id, self.device_id, self.path
)
}
}
#[cfg(test)]
mod test {
use olm_rs::outbound_group_session::OlmOutboundGroupSession;
use std::sync::Arc;
use tempfile::tempdir;
use tokio::sync::Mutex;
use super::{Account, CryptoStore, InboundGroupSession, Session, SqliteStore};
static USER_ID: &str = "@example:localhost";
static DEVICE_ID: &str = "DEVICEID";
async fn get_store() -> SqliteStore {
let tmpdir = tempdir().unwrap();
let tmpdir_path = tmpdir.path().to_str().unwrap();
SqliteStore::open(USER_ID, DEVICE_ID, tmpdir_path)
.await
.expect("Can't create store")
}
async fn get_loaded_store() -> (Arc<Mutex<Account>>, SqliteStore) {
let mut store = get_store().await;
let account = get_account();
store
.save_account(account.clone())
.await
.expect("Can't save account");
(account, store)
}
fn get_account() -> Arc<Mutex<Account>> {
let account = Account::new();
Arc::new(Mutex::new(account))
}
fn get_account_and_session() -> (Arc<Mutex<Account>>, Session) {
let alice = Account::new();
let bob = Account::new();
bob.generate_one_time_keys(1);
let one_time_key = bob
.one_time_keys()
.curve25519()
.iter()
.nth(0)
.unwrap()
.1
.to_owned();
let sender_key = bob.identity_keys().curve25519().to_owned();
let session = alice
.create_outbound_session(&sender_key, &one_time_key)
.unwrap();
(Arc::new(Mutex::new(alice)), session)
}
#[tokio::test]
async fn create_store() {
let tmpdir = tempdir().unwrap();
let tmpdir_path = tmpdir.path().to_str().unwrap();
let _ = SqliteStore::open("@example:localhost", "DEVICEID", tmpdir_path)
.await
.expect("Can't create store");
}
#[tokio::test]
async fn save_account() {
let mut store = get_store().await;
let account = get_account();
store
.save_account(account)
.await
.expect("Can't save account");
}
#[tokio::test]
async fn load_account() {
let mut store = get_store().await;
let account = get_account();
store
.save_account(account.clone())
.await
.expect("Can't save account");
let acc = account.lock().await;
let loaded_account = store.load_account().await.expect("Can't load account");
let loaded_account = loaded_account.unwrap();
assert_eq!(*acc, loaded_account);
}
#[tokio::test]
async fn save_and_share_account() {
let mut store = get_store().await;
let account = get_account();
store
.save_account(account.clone())
.await
.expect("Can't save account");
account.lock().await.shared = true;
store
.save_account(account.clone())
.await
.expect("Can't save account");
let loaded_account = store.load_account().await.expect("Can't load account");
let loaded_account = loaded_account.unwrap();
let acc = account.lock().await;
assert_eq!(*acc, loaded_account);
}
#[tokio::test]
async fn save_session() {
let mut store = get_store().await;
let (account, session) = get_account_and_session();
let session = Arc::new(Mutex::new(session));
assert!(store.save_session(session.clone()).await.is_err());
store
.save_account(account.clone())
.await
.expect("Can't save account");
store.save_session(session).await.unwrap();
}
#[tokio::test]
async fn load_sessions() {
let mut store = get_store().await;
let (account, session) = get_account_and_session();
let session = Arc::new(Mutex::new(session));
store
.save_account(account.clone())
.await
.expect("Can't save account");
store.save_session(session.clone()).await.unwrap();
let sess = session.lock().await;
let sessions = store
.load_sessions_for(&sess.sender_key)
.await
.expect("Can't load sessions");
let loaded_session = &sessions[0];
assert_eq!(*sess, *loaded_session.lock().await);
}
#[tokio::test]
async fn add_and_save_session() {
let mut store = get_store().await;
let (account, session) = get_account_and_session();
let sender_key = session.sender_key.to_owned();
let session_id = session.session_id();
store
.save_account(account.clone())
.await
.expect("Can't save account");
store.add_and_save_session(session).await.unwrap();
let sessions = store.get_sessions(&sender_key).await.unwrap().unwrap();
let sessions_lock = sessions.lock().await;
let session = &sessions_lock[0];
assert_eq!(session_id, *session.lock().await.session_id());
}
#[tokio::test]
async fn save_inbound_group_session() {
let (account, mut store) = get_loaded_store().await;
let acc = account.lock().await;
let identity_keys = acc.identity_keys();
let outbound_session = OlmOutboundGroupSession::new();
let session = InboundGroupSession::new(
identity_keys.curve25519(),
identity_keys.ed25519(),
"!test:localhost",
&outbound_session.session_key(),
)
.expect("Can't create session");
store
.save_inbound_group_session(session)
.await
.expect("Can't save group session");
}
#[tokio::test]
async fn load_inbound_group_session() {
let (account, mut store) = get_loaded_store().await;
let acc = account.lock().await;
let identity_keys = acc.identity_keys();
let outbound_session = OlmOutboundGroupSession::new();
let session = InboundGroupSession::new(
identity_keys.curve25519(),
identity_keys.ed25519(),
"!test:localhost",
&outbound_session.session_key(),
)
.expect("Can't create session");
let session_id = session.session_id();
store
.save_inbound_group_session(session)
.await
.expect("Can't save group session");
let sessions = store.load_inbound_group_sessions().await.unwrap();
assert_eq!(session_id, sessions[0].session_id());
}
}
Reference in New Issue View Git Blame Copy Permalink