Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Crypto: key reshare does not work if there was a device change #4782

Open
manuroe opened this issue Sep 1, 2021 · 1 comment
Open

Crypto: key reshare does not work if there was a device change #4782

manuroe opened this issue Sep 1, 2021 · 1 comment
Labels
A-E2EE T-Defect Something isn't working: bugs, crashes, hangs and other reported problems

Comments

@manuroe
Copy link
Member

manuroe commented Sep 1, 2021

Steps to reproduce:

  • Alice and Bob with devices Alice1 and Bob1 are in an encrypted room
  • Alice sends a message
  • Bob logs in with device Bob2
  • If Bob1 makes a reshare request to Alice1 for the key of the message, Alice1 will reject it with the error [MXMegolmEncryption] reshareKey: ERROR: Never shared megolm key with this device

There is an issue in the implementation of the crypto store at https://github.com/matrix-org/matrix-ios-sdk/blob/v0.19.8/MatrixSDK/Crypto/Data/Store/MXRealmCryptoStore/MXRealmCryptoStore.m#L646.

With this "delete all" action, all existing references to those MXRealmDeviceInfo objects are set to null by RealmDB.
So, a MXRealmSharedOutboundSession object that depends on it will be reset like this:

MXRealmSharedOutboundSession {
		roomId = !ROOwNxCLjNICmOoaMy:localhost:8480;
		sessionId = xQVT9qTT4yVurxg8bgHqz9rHz1So/jetZ4FgLlf1C6Q;
		device = (null);
		messageIndex = 0;
	}

Next time we will try to check if we already shared a session toBob1 by querying MXRealmSharedOutboundSession objects by device id at this line, we will find nothing.
@manuroe manuroe added T-Defect Something isn't working: bugs, crashes, hangs and other reported problems feature:e2e labels Sep 1, 2021
@manuroe
Copy link
Member Author

manuroe commented Sep 1, 2021

A test to highlight the issue:

- (void)testReshareAfterADeviceUpdate
{
    [matrixSDKTestsE2EData doE2ETestWithAliceAndBobInARoom:self cryptedBob:YES warnOnUnknowDevices:NO readyToTest:^(MXSession *aliceSession, MXSession *bobSession, NSString *roomId, XCTestExpectation *expectation) {

        aliceSessionToClose = aliceSession;
        bobSessionToClose = bobSession;

        NSString *messageFromAlice = @"Hello I'm Alice!";

        MXRoom *roomFromBobPOV = [bobSession roomWithRoomId:roomId];
        MXRoom *roomFromAlicePOV = [aliceSession roomWithRoomId:roomId];
        __block NSString *messageFromAliceEventId;

        XCTAssert(roomFromBobPOV.summary.isEncrypted);
        XCTAssert(roomFromAlicePOV.summary.isEncrypted);

        [roomFromBobPOV liveTimeline:^(MXEventTimeline *liveTimeline) {

            [liveTimeline listenToEventsOfTypes:@[kMXEventTypeStringRoomMessage] onEvent:^(MXEvent *event, MXTimelineDirection direction, MXRoomState *roomState) {

                XCTAssertEqual(0, [self checkEncryptedEvent:event roomId:roomId clearMessage:messageFromAlice senderSession:aliceSession]);
                
                // Alice must be able to indicate it already shared the megolm session to bob
                NSNumber *index = [aliceSession.crypto.store messageIndexForSharedDeviceInRoomWithId:roomId
                                                                                           sessionId:event.wireContent[@"session_id"]
                                                                                              userId:bobSession.myUserId
                                                                                            deviceId:bobSession.myDeviceId];
                XCTAssertNotNil(index);
                XCTAssertEqual(index.integerValue, 0);
                
                
                // Simulate a device change. We only store the bob device again here
                MXDeviceInfo *bobDevice = [aliceSession.crypto.store deviceWithDeviceId:bobSession.myDeviceId forUser:bobSession.myUserId];
                [aliceSession.crypto.store storeDevicesForUser:bobSession.myUserId devices:@{
                    bobSession.myDeviceId: bobDevice
                }];
                
                
                // Alice must still be able to indicate it already shared the megolm session to bob
                index = [aliceSession.crypto.store messageIndexForSharedDeviceInRoomWithId:roomId
                                                                                 sessionId:event.wireContent[@"session_id"]
                                                                                    userId:bobSession.myUserId
                                                                                  deviceId:bobSession.myDeviceId];
                XCTAssertNotNil(index);                 // <- THIS FAILS
                XCTAssertEqual(index.integerValue, 0);

                [expectation fulfill];
            }];
        }];

        [roomFromAlicePOV sendTextMessage:messageFromAlice success:^(NSString *eventId) {
            messageFromAliceEventId = eventId;
        } failure:^(NSError *error) {
            XCTFail(@"Cannot set up intial test conditions - error: %@", error);
            [expectation fulfill];
        }];
    }];
}

@manuroe manuroe changed the title Crypto: key reshare does not work if there is a device change Crypto: key reshare does not work if there was a device change Sep 1, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-E2EE T-Defect Something isn't working: bugs, crashes, hangs and other reported problems
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pixlwave @manuroe