fix: remove deprecated sender_key occurrences

2023-05-08 09:12:14 +00:00 · 2023-05-08 09:12:14 +00:00 · cc377202da
parent 684b8bd302
commit cc377202da
6 changed files with 110 additions and 125 deletions
--- a/lib/encryption/encryption.dart
+++ b/lib/encryption/encryption.dart
@ -204,13 +204,12 @@ class Encryption {
        throw DecryptException(DecryptException.unknownAlgorithm);
      }
      final sessionId = content.sessionId;
      final senderKey = content.senderKey;
      if (sessionId == null) {
        throw DecryptException(DecryptException.unknownSession);
      }
      final inboundGroupSession =
-          keyManager.getInboundGroupSession(roomId, sessionId, senderKey);
+          keyManager.getInboundGroupSession(roomId, sessionId);
      if (!(inboundGroupSession?.isValid ?? false)) {
        canRequestSession = true;
        throw DecryptException(DecryptException.unknownSession);
@ -309,14 +308,12 @@ class Encryption {
                  .getInboundGroupSession(
                    roomId,
                    sessionId,
                    content.senderKey,
                  )
                  ?.isValid ??
              false)) {
        await keyManager.loadInboundGroupSession(
          roomId,
          sessionId,
          content.senderKey,
        );
      }
      event = decryptRoomEventSync(roomId, event);
@ -392,6 +389,8 @@ class Encryption {
      'algorithm': AlgorithmTypes.megolmV1AesSha2,
      'ciphertext':
          sess!.outboundGroupSession!.encrypt(json.encode(payloadContent)),
      // device_id + sender_key should be removed at some point in future since
      // they're deprecated. Just left here for compatibility
      'device_id': client.deviceID,
      'sender_key': identityKey,
      'session_id': sess.outboundGroupSession!.session_id(),
--- a/lib/encryption/key_manager.dart
+++ b/lib/encryption/key_manager.dart
@ -108,8 +108,10 @@ class KeyManager {
        senderClaimedKeys_['ed25519'] = device.ed25519Key!;
      }
    }
-    final oldSession =
+    final oldSession = getInboundGroupSession(
-        getInboundGroupSession(roomId, sessionId, senderKey, otherRooms: false);
+      roomId,
      sessionId,
    );
    if (content['algorithm'] != AlgorithmTypes.megolmV1AesSha2) {
      return;
    }
@ -215,29 +217,14 @@ class KeyManager {
    return storeFuture ?? Future.value();
  }
-  SessionKey? getInboundGroupSession(
+  SessionKey? getInboundGroupSession(String roomId, String sessionId) {
      String roomId, String sessionId, String senderKey,
      {bool otherRooms = true}) {
    final sess = _inboundGroupSessions[roomId]?[sessionId];
    if (sess != null) {
-      if (sess.senderKey != senderKey && sess.senderKey.isNotEmpty) {
+      if (sess.sessionId != sessionId && sess.sessionId.isNotEmpty) {
        return null;
      }
      return sess;
    }
    if (!otherRooms) {
      return null;
    }
    // search if this session id is *somehow* found in another room
    for (final val in _inboundGroupSessions.values) {
      final sess = val[sessionId];
      if (sess != null) {
        if (sess.senderKey != senderKey && sess.senderKey.isNotEmpty) {
          return null;
        }
        return sess;
      }
    }
    return null;
  }
@ -245,12 +232,12 @@ class KeyManager {
  void maybeAutoRequest(
    String roomId,
    String sessionId,
-    String senderKey, {
+    String? senderKey, {
    bool tryOnlineBackup = true,
    bool onlineKeyBackupOnly = true,
  }) {
    final room = client.getRoomById(roomId);
-    final requestIdent = '$roomId|$sessionId|$senderKey';
+    final requestIdent = '$roomId|$sessionId';
    if (room != null &&
        !_requestedSessionIds.contains(requestIdent) &&
        !client.isUnknownSession) {
@ -268,11 +255,11 @@ class KeyManager {
  /// Loads an inbound group session
  Future<SessionKey?> loadInboundGroupSession(
-      String roomId, String sessionId, String senderKey) async {
+      String roomId, String sessionId) async {
    final sess = _inboundGroupSessions[roomId]?[sessionId];
    if (sess != null) {
-      if (sess.senderKey != senderKey && sess.senderKey.isNotEmpty) {
+      if (sess.sessionId != sessionId && sess.sessionId.isNotEmpty) {
-        return null; // sender keys do not match....better not do anything
+        return null; // session_id does not match....better not do anything
      }
      return sess; // nothing to do
    }
@ -285,8 +272,8 @@ class KeyManager {
    final roomInboundGroupSessions =
        _inboundGroupSessions[roomId] ??= <String, SessionKey>{};
    if (!dbSess.isValid ||
-        dbSess.senderKey.isEmpty ||
+        dbSess.sessionId.isEmpty ||
-        dbSess.senderKey != senderKey) {
+        dbSess.sessionId != sessionId) {
      return null;
    }
    roomInboundGroupSessions[sessionId] = dbSess;
@ -339,8 +326,8 @@ class KeyManager {
      }
    }
-    final inboundSess = await loadInboundGroupSession(room.id,
+    final inboundSess = await loadInboundGroupSession(
-        sess.outboundGroupSession!.session_id(), encryption.identityKey!);
+        room.id, sess.outboundGroupSession!.session_id());
    if (inboundSess == null) {
      wipe = true;
    }
@ -697,14 +684,13 @@ class KeyManager {
  Future<void> request(
    Room room,
    String sessionId,
-    String senderKey, {
+    String? senderKey, {
    bool tryOnlineBackup = true,
    bool onlineKeyBackupOnly = false,
  }) async {
    if (tryOnlineBackup && await isCached()) {
      // let's first check our online key backup store thingy...
-      final hadPreviously =
+      final hadPreviously = getInboundGroupSession(room.id, sessionId) != null;
          getInboundGroupSession(room.id, sessionId, senderKey) != null;
      try {
        await loadSingleKey(room.id, sessionId);
      } catch (err, stacktrace) {
@ -718,7 +704,7 @@ class KeyManager {
      }
      // TODO: also don't request from others if we have an index of 0 now
      if (!hadPreviously &&
-          getInboundGroupSession(room.id, sessionId, senderKey) != null) {
+          getInboundGroupSession(room.id, sessionId) != null) {
        return; // we managed to load the session from online backup, no need to care about it now
      }
    }
@ -735,7 +721,6 @@ class KeyManager {
        devices: devices,
        room: room,
        sessionId: sessionId,
        senderKey: senderKey,
      );
      final userList = await room.requestParticipants();
      await client.sendToDevicesOfUserIds(
@ -746,8 +731,8 @@ class KeyManager {
          'body': {
            'algorithm': AlgorithmTypes.megolmV1AesSha2,
            'room_id': room.id,
            'sender_key': senderKey,
            'session_id': sessionId,
            if (senderKey != null) 'sender_key': senderKey,
          },
          'request_id': requestId,
          'requesting_device_id': client.deviceID,
@ -866,10 +851,8 @@ class KeyManager {
          return; // unknown room
        }
        final sessionId = event.content['body']['session_id'];
        final senderKey = event.content['body']['sender_key'];
        // okay, let's see if we have this session at all
-        final session =
+        final session = await loadInboundGroupSession(room.id, sessionId);
            await loadInboundGroupSession(room.id, sessionId, senderKey);
        if (session == null) {
          Logs().i('[KeyManager] Unknown session, ignoring');
          return; // we don't have this session anyways
@ -879,7 +862,6 @@ class KeyManager {
          devices: [device],
          room: room,
          sessionId: sessionId,
          senderKey: senderKey,
        );
        if (incomingShareRequests.containsKey(request.requestId)) {
          Logs().i('[KeyManager] Already processed this request, ignoring');
@ -935,8 +917,7 @@ class KeyManager {
      }
      final request = outgoingShareRequests.values.firstWhereOrNull((r) =>
          r.room.id == event.content['room_id'] &&
-          r.sessionId == event.content['session_id'] &&
+          r.sessionId == event.content['session_id']);
          r.senderKey == event.content['sender_key']);
      if (request == null || request.canceled) {
        return; // no associated request found or it got canceled
      }
@ -954,8 +935,8 @@ class KeyManager {
          .add(encryptedContent['sender_key']);
      // TODO: verify that the keys work to decrypt a message
      // alright, all checks out, let's go ahead and store this session
-      await setInboundGroupSession(
+      await setInboundGroupSession(request.room.id, request.sessionId,
-          request.room.id, request.sessionId, request.senderKey, event.content,
+          device.curve25519Key!, event.content,
          forwarded: true,
          senderClaimedKeys: {
            'ed25519': event.content['sender_claimed_ed25519_key'],
@ -1022,7 +1003,6 @@ class KeyManagerKeyShareRequest {
  final List<DeviceKeys> devices;
  final Room room;
  final String sessionId;
  final String senderKey;
  bool canceled;
  KeyManagerKeyShareRequest(
@ -1030,7 +1010,6 @@ class KeyManagerKeyShareRequest {
      List<DeviceKeys>? devices,
      required this.room,
      required this.sessionId,
      required this.senderKey,
      this.canceled = false})
      : devices = devices ?? [];
 }
@ -1056,8 +1035,8 @@ class RoomKeyRequest extends ToDeviceEvent {
      return; // request is canceled, don't send anything
    }
    final room = this.room;
-    final session = await keyManager.loadInboundGroupSession(
+    final session =
-        room.id, request.sessionId, request.senderKey);
+        await keyManager.loadInboundGroupSession(room.id, request.sessionId);
    if (session?.inboundGroupSession == null) {
      Logs().v("[KeyManager] Not forwarding key we don't have");
      return;
@ -1067,8 +1046,9 @@ class RoomKeyRequest extends ToDeviceEvent {
    message['forwarding_curve25519_key_chain'] =
        List<String>.from(session.forwardingCurve25519KeyChain);
-    message['sender_key'] =
+    if (session.senderKey.isNotEmpty) {
-        (session.senderKey.isNotEmpty) ? session.senderKey : request.senderKey;
+      message['sender_key'] = session.senderKey;
    }
    message['sender_claimed_ed25519_key'] =
        session.senderClaimedKeys['ed25519'] ??
            (session.forwardingCurve25519KeyChain.isEmpty
--- a/test/encryption/encrypt_decrypt_room_message_test.dart
+++ b/test/encryption/encrypt_decrypt_room_message_test.dart
@ -79,6 +79,26 @@ void main() {
      expect(decryptedEvent.originalSource?.toJson(), encryptedEvent.toJson());
    });
    test('decrypt payload without device_id', () async {
      if (!olmEnabled) return;
      payload.remove('device_id');
      payload.remove('sender_key');
      final encryptedEvent = Event(
        type: EventTypes.Encrypted,
        content: payload,
        room: room,
        originServerTs: now,
        eventId: '\$event',
        senderId: client.userID!,
      );
      final decryptedEvent =
          await client.encryption!.decryptRoomEvent(roomId, encryptedEvent);
      expect(decryptedEvent.type, 'm.room.message');
      expect(decryptedEvent.content['msgtype'], 'm.text');
      expect(decryptedEvent.content['text'], 'Hello foxies!');
      expect(decryptedEvent.originalSource?.toJson(), encryptedEvent.toJson());
    });
    test('decrypt payload nocache', () async {
      if (!olmEnabled) return;
      client.encryption!.keyManager.clearInboundGroupSessions();
--- a/test/encryption/key_manager_test.dart
+++ b/test/encryption/key_manager_test.dart
@ -69,7 +69,7 @@ void main() {
      await client.encryption!.keyManager.handleToDeviceEvent(event);
      expect(
          client.encryption!.keyManager.getInboundGroupSession(
-                  '!726s6s6q:example.com', validSessionId, validSenderKey) !=
+                  '!726s6s6q:example.com', validSessionId) !=
              null,
          true);
@ -89,7 +89,7 @@ void main() {
      await client.encryption!.keyManager.handleToDeviceEvent(event);
      expect(
          client.encryption!.keyManager.getInboundGroupSession(
-                  '!726s6s6q:example.com', validSessionId, validSenderKey) !=
+                  '!726s6s6q:example.com', validSessionId) !=
              null,
          false);
    });
@ -111,7 +111,7 @@ void main() {
          client.encryption!.keyManager.getOutboundGroupSession(roomId) != null,
          true);
      var inbound = client.encryption!.keyManager.getInboundGroupSession(
-          roomId, sess.outboundGroupSession!.session_id(), client.identityKey);
+          roomId, sess.outboundGroupSession!.session_id());
      expect(inbound != null, true);
      expect(
          inbound!.allowedAtIndex['@alice:example.com']
@ -220,7 +220,7 @@ void main() {
          client.encryption!.keyManager.getOutboundGroupSession(roomId) != null,
          true);
      inbound = client.encryption!.keyManager.getInboundGroupSession(
-          roomId, sess.outboundGroupSession!.session_id(), client.identityKey);
+          roomId, sess.outboundGroupSession!.session_id());
      expect(
          inbound!.allowedAtIndex['@alice:example.com']
              ?['L+4+JCl8MD63dgo8z5Ta+9QAHXiANyOVSfgbHA5d3H8'],
@ -284,68 +284,41 @@ void main() {
      client.encryption!.keyManager.clearInboundGroupSessions();
      expect(
          client.encryption!.keyManager
-                  .getInboundGroupSession(roomId, sessionId, senderKey) !=
+                  .getInboundGroupSession(roomId, sessionId) !=
              null,
          false);
      await client.encryption!.keyManager
          .setInboundGroupSession(roomId, sessionId, senderKey, sessionContent);
      expect(
          client.encryption!.keyManager
-                  .getInboundGroupSession(roomId, sessionId, senderKey) !=
+                  .getInboundGroupSession(roomId, sessionId) !=
              null,
          true);
      expect(
          client.encryption!.keyManager
                  .getInboundGroupSession(roomId, sessionId, 'invalid') !=
              null,
          false);
      expect(
          client.encryption!.keyManager
-                  .getInboundGroupSession(roomId, sessionId, senderKey) !=
+                  .getInboundGroupSession(roomId, sessionId) !=
              null,
          true);
      expect(
          client.encryption!.keyManager
                  .getInboundGroupSession('otherroom', sessionId, senderKey) !=
              null,
          true);
      expect(
          client.encryption!.keyManager
                  .getInboundGroupSession('otherroom', sessionId, 'invalid') !=
              null,
          false);
      expect(
          client.encryption!.keyManager
                  .getInboundGroupSession('otherroom', 'invalid', senderKey) !=
              null,
          false);
      client.encryption!.keyManager.clearInboundGroupSessions();
      expect(
          client.encryption!.keyManager
                  .getInboundGroupSession(roomId, sessionId, senderKey) !=
              null,
          false);
      await client.encryption!.keyManager
          .loadInboundGroupSession(roomId, sessionId, senderKey);
      expect(
          client.encryption!.keyManager
                  .getInboundGroupSession(roomId, sessionId, senderKey) !=
              null,
          true);
      client.encryption!.keyManager.clearInboundGroupSessions();
      expect(
          client.encryption!.keyManager
-                  .getInboundGroupSession(roomId, sessionId, senderKey) !=
+                  .getInboundGroupSession(roomId, sessionId) !=
              null,
          false);
      await client.encryption!.keyManager
-          .loadInboundGroupSession(roomId, sessionId, 'invalid');
+          .loadInboundGroupSession(roomId, sessionId);
      expect(
          client.encryption!.keyManager
-                  .getInboundGroupSession(roomId, sessionId, 'invalid') !=
+                  .getInboundGroupSession(roomId, sessionId) !=
              null,
          true);
      client.encryption!.keyManager.clearInboundGroupSessions();
      expect(
          client.encryption!.keyManager
                  .getInboundGroupSession(roomId, sessionId) !=
              null,
          false);
    });
@ -398,13 +371,13 @@ void main() {
          forwarded: true);
      expect(
          client.encryption!.keyManager
-              .getInboundGroupSession(roomId, sessionId, senderKey)
+              .getInboundGroupSession(roomId, sessionId)
              ?.inboundGroupSession
              ?.first_known_index(),
          1);
      expect(
          client.encryption!.keyManager
-              .getInboundGroupSession(roomId, sessionId, senderKey)
+              .getInboundGroupSession(roomId, sessionId)
              ?.forwardingCurve25519KeyChain
              .length,
          1);
@ -424,13 +397,13 @@ void main() {
          forwarded: true);
      expect(
          client.encryption!.keyManager
-              .getInboundGroupSession(roomId, sessionId, senderKey)
+              .getInboundGroupSession(roomId, sessionId)
              ?.inboundGroupSession
              ?.first_known_index(),
          1);
      expect(
          client.encryption!.keyManager
-              .getInboundGroupSession(roomId, sessionId, senderKey)
+              .getInboundGroupSession(roomId, sessionId)
              ?.forwardingCurve25519KeyChain
              .length,
          1);
@ -450,13 +423,13 @@ void main() {
          forwarded: true);
      expect(
          client.encryption!.keyManager
-              .getInboundGroupSession(roomId, sessionId, senderKey)
+              .getInboundGroupSession(roomId, sessionId)
              ?.inboundGroupSession
              ?.first_known_index(),
          0);
      expect(
          client.encryption!.keyManager
-              .getInboundGroupSession(roomId, sessionId, senderKey)
+              .getInboundGroupSession(roomId, sessionId)
              ?.forwardingCurve25519KeyChain
              .length,
          1);
@ -476,13 +449,13 @@ void main() {
          forwarded: true);
      expect(
          client.encryption!.keyManager
-              .getInboundGroupSession(roomId, sessionId, senderKey)
+              .getInboundGroupSession(roomId, sessionId)
              ?.inboundGroupSession
              ?.first_known_index(),
          0);
      expect(
          client.encryption!.keyManager
-              .getInboundGroupSession(roomId, sessionId, senderKey)
+              .getInboundGroupSession(roomId, sessionId)
              ?.forwardingCurve25519KeyChain
              .length,
          1);
@ -502,13 +475,13 @@ void main() {
          forwarded: true);
      expect(
          client.encryption!.keyManager
-              .getInboundGroupSession(roomId, sessionId, senderKey)
+              .getInboundGroupSession(roomId, sessionId)
              ?.inboundGroupSession
              ?.first_known_index(),
          0);
      expect(
          client.encryption!.keyManager
-              .getInboundGroupSession(roomId, sessionId, senderKey)
+              .getInboundGroupSession(roomId, sessionId)
              ?.forwardingCurve25519KeyChain
              .length,
          0);
--- a/test/encryption/key_request_test.dart
+++ b/test/encryption/key_request_test.dart
@ -72,7 +72,6 @@ void main() {
          final content = payload['messages']['@alice:example.com']['*'];
          if (content['action'] == 'request' &&
              content['body']['room_id'] == '!726s6s6q:example.com' &&
              content['body']['sender_key'] == validSenderKey &&
              content['body']['session_id'] == 'sessionId') {
            foundEvent = true;
            break;
@ -94,8 +93,7 @@ void main() {
          .userDeviceKeys['@alice:example.com']!.deviceKeys['OTHERDEVICE']!
          .setVerified(true);
      final session = await matrix.encryption!.keyManager
-          .loadInboundGroupSession(
+          .loadInboundGroupSession('!726s6s6q:example.com', validSessionId);
              '!726s6s6q:example.com', validSessionId, validSenderKey);
      // test a successful share
      var event = ToDeviceEvent(
          sender: '@alice:example.com',
@ -287,8 +285,7 @@ void main() {
          tryOnlineBackup: false);
      final session = (await matrix.encryption!.keyManager
-          .loadInboundGroupSession(
+          .loadInboundGroupSession(requestRoom.id, validSessionId))!;
              requestRoom.id, validSessionId, validSenderKey))!;
      final sessionKey = session.inboundGroupSession!
          .export_session(session.inboundGroupSession!.first_known_index());
      matrix.encryption!.keyManager.clearInboundGroupSessions();
@ -310,11 +307,28 @@ void main() {
          });
      await matrix.encryption!.keyManager.handleToDeviceEvent(event);
      expect(
-          matrix.encryption!.keyManager.getInboundGroupSession(
+          matrix.encryption!.keyManager
-                  requestRoom.id, validSessionId, validSenderKey) !=
+                  .getInboundGroupSession(requestRoom.id, validSessionId) !=
              null,
          true);
      // test ToDeviceEvent without sender_key in content
      event = ToDeviceEvent(
          sender: '@alice:example.com',
          type: 'm.forwarded_room_key',
          content: {
            'algorithm': AlgorithmTypes.megolmV1AesSha2,
            'room_id': '!726s6s6q:example.com',
            'session_id': validSessionId,
            'session_key': sessionKey,
            'forwarding_curve25519_key_chain': [],
            'sender_claimed_ed25519_key':
                'L+4+JCl8MD63dgo8z5Ta+9QAHXiANyOVSfgbHA5d3H8',
          },
          encryptedContent: {
            'sender_key': 'L+4+JCl8MD63dgo8z5Ta+9QAHXiANyOVSfgbHA5d3H8',
          });
      // now test a few invalid scenarios
      // request not found
@ -337,15 +351,14 @@ void main() {
          });
      await matrix.encryption!.keyManager.handleToDeviceEvent(event);
      expect(
-          matrix.encryption!.keyManager.getInboundGroupSession(
+          matrix.encryption!.keyManager
-                  requestRoom.id, validSessionId, validSenderKey) !=
+                  .getInboundGroupSession(requestRoom.id, validSessionId) !=
              null,
          false);
      // unknown device
-      await matrix.encryption!.keyManager.request(
+      await matrix.encryption!.keyManager
-          requestRoom, validSessionId, validSenderKey,
+          .request(requestRoom, validSessionId, null, tryOnlineBackup: false);
          tryOnlineBackup: false);
      matrix.encryption!.keyManager.clearInboundGroupSessions();
      event = ToDeviceEvent(
          sender: '@alice:example.com',
@ -365,8 +378,8 @@ void main() {
          });
      await matrix.encryption!.keyManager.handleToDeviceEvent(event);
      expect(
-          matrix.encryption!.keyManager.getInboundGroupSession(
+          matrix.encryption!.keyManager
-                  requestRoom.id, validSessionId, validSenderKey) !=
+                  .getInboundGroupSession(requestRoom.id, validSessionId) !=
              null,
          false);
@ -390,8 +403,8 @@ void main() {
          });
      await matrix.encryption!.keyManager.handleToDeviceEvent(event);
      expect(
-          matrix.encryption!.keyManager.getInboundGroupSession(
+          matrix.encryption!.keyManager
-                  requestRoom.id, validSessionId, validSenderKey) !=
+                  .getInboundGroupSession(requestRoom.id, validSessionId) !=
              null,
          false);
--- a/test/encryption/online_key_backup_test.dart
+++ b/test/encryption/online_key_backup_test.dart
@ -67,7 +67,7 @@ void main() {
          .request(client.getRoomById(roomId)!, sessionId, senderKey);
      expect(
          client.encryption!.keyManager
-                  .getInboundGroupSession(roomId, sessionId, senderKey) !=
+                  .getInboundGroupSession(roomId, sessionId) !=
              null,
          true);
    });
@ -108,11 +108,11 @@ void main() {
      final onlineKeys = RoomKeys.fromJson(json.decode(payload));
      client.encryption!.keyManager.clearInboundGroupSessions();
      var ret = client.encryption!.keyManager
-          .getInboundGroupSession(roomId, sessionId, senderKey);
+          .getInboundGroupSession(roomId, sessionId);
      expect(ret, null);
      await client.encryption!.keyManager.loadFromResponse(onlineKeys);
      ret = client.encryption!.keyManager
-          .getInboundGroupSession(roomId, sessionId, senderKey);
+          .getInboundGroupSession(roomId, sessionId);
      expect(ret != null, true);
    });