Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Olm sessions are vulnerable to wedging on OS crash or power failure, leading to UTDs #3354

Open
Tracked by #245
richvdh opened this issue Apr 25, 2024 · 6 comments
Open
Tracked by #245

Olm sessions are vulnerable to wedging on OS crash or power failure, leading to UTDs #3354

richvdh opened this issue Apr 25, 2024 · 6 comments

Comments

@richvdh
Copy link
Member

richvdh commented Apr 25, 2024

Consider:

  • Alice and Bob have an active Olm session.
  • Alice is using a client which uses the indexeddb backend of matrix-crypto-sdk. She wants to send a new Olm message, so she generates a new Olm ratchet key and updates the session. She can then encrypt the new message, and stores the updated session in the database
  • Alice sends the message.
  • Alice's computer crashes.
  • Alice reboots
  • If the updated session was not correctly persisted before the crash, this Olm session is now wedged: Alice cannot decrypt any replies from Bob, and, because Alice will use the wrong ratchet key in the next sender chain, Bob will be unable to decrypt any further messages from Alice.

Currently, we use the "default" durability mode of IndexedDB, which can lead to data loss. We should instead use "strict", at least for transactions which update Olm sessions.
This was referenced Apr 25, 2024
Closed
Open
@kegsay
Copy link
Member

kegsay commented May 13, 2024
edited
Loading

Amazingly.. Firefox still doesn't support the durability property. https://developer.mozilla.org/en-US/docs/Web/API/IDBTransaction/durability though pre-release versions do.

EDIT: Ah that's reading the durability from an existing transaction, the option to enable it has been supported much longer https://developer.mozilla.org/en-US/docs/Web/API/IDBDatabase/transaction#options

@kegsay
Copy link
Member

kegsay commented May 13, 2024
edited
Loading

Filed rustwasm/wasm-bindgen#3959 which needs to land first before we can specify the durability mode.

@Pamplemousse
Copy link

Pamplemousse commented Jul 11, 2024
edited
Loading

Ugh, I believe this just happened to me (Alice is a bot running on my server, and Bob is myself)...
Any idea on how to "reinitialise" the Olm session?

@poljar
Copy link
Contributor

poljar commented Jul 11, 2024

Do you happen to run the bot using the IndexedDB based store? Do you have logs for this? I suspect that the cause might be a different one.

The Olm session will attempt to reinitialize itself, though you might need to drop the currently active room key for the new session to be used: https://matrix-org.github.io/matrix-rust-sdk/matrix_sdk/room/struct.Room.html#method.discard_room_key. That's at least required if you don't use a SDK version which includes: #3604.

@Pamplemousse
Copy link

@poljar Probably not indeed. I would have loved to try your fix by bumping the version of the SDK I use, but I can't because of #3689 .

@richvdh richvdh mentioned this issue Jul 30, 2024
Open
@kegsay
Copy link
Member

kegsay commented Sep 2, 2024

wasm-bindgen 0.2.93 has updated the IndexedDB API so it should now be possible to set a durability.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@poljar @richvdh @Pamplemousse @kegsay