Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable key upload to backups where we have the decryption key #4677

Open
wants to merge 11 commits into
base: develop
Choose a base branch
from
Open

Enable key upload to backups where we have the decryption key #4677

wants to merge 11 commits into from

Conversation

ajbura
Copy link
Contributor

@ajbura ajbura commented Feb 3, 2025
edited
Loading

Fixes #4676

Signed-off-by: Ajay Bura [email protected]

Checklist

  • Tests written for new code (and old code if feasible).
  • New or updated public/exported symbols have accurate TSDoc documentation.
  • Linter and other CI checks pass.
  • Sign-off given on the changes (see CONTRIBUTING.md).

@ajbura ajbura requested a review from a team as a code owner February 3, 2025 07:53
@ajbura ajbura requested review from uhoreg and richvdh February 3, 2025 07:53
@github-actions github-actions bot added the Z-Community-PR Issue is solved by a community member's PR label Feb 3, 2025
richvdh
richvdh requested changes Feb 3, 2025
View reviewed changes
Copy link
Member

@richvdh richvdh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Putting this on hold while we try to understand what bug it is trying to fix, per #4676 (comment).

In any case, we'll need to see an integration test which demonstrates the problem.

@richvdh richvdh changed the title Disable key backup only when both trust via signatures and private key fail Enable key upload to backups where we have the decryption key Feb 3, 2025
richvdh
richvdh reviewed Feb 3, 2025
View reviewed changes
Copy link
Member

@richvdh richvdh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok, the fix looks like it makes sense, but the main thing this is missing is a regression test.

Please could you take a look at matrix-js-sdk/spec/integ/crypto/megolm-backup.spec.ts. In there there are some existing tests for checkKeyBackupAndEnable: please could you take a look at them and see if you can add another which covers your usecase.

@ajbura ajbura requested a review from richvdh February 4, 2025 05:19
richvdh
richvdh reviewed Feb 4, 2025
View reviewed changes
Copy link
Member

@richvdh richvdh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks generally good to me, thanks.

A few minor requests.

src/crypto/backup.ts Outdated
Comment on lines 289 to 297
if ((trustInfo.usable || trustInfo.trusted_locally) && !this.backupInfo) {
logger.log(`Found usable key backup v${backupInfo!.version}: enabling key backups`);
await this.enableKeyBackup(backupInfo!);
} else if (!trustInfo.usable && this.backupInfo) {
} else if (!trustInfo.usable && !trustInfo.trusted_locally && this.backupInfo) {
logger.log("No usable key backup: disabling key backup");
this.disableKeyBackup();
} else if (!trustInfo.usable && !this.backupInfo) {
} else if (!trustInfo.usable && !trustInfo.trusted_locally && !this.backupInfo) {
logger.log("No usable key backup: not enabling key backup");
} else if (trustInfo.usable && this.backupInfo) {
} else if ((trustInfo.usable || trustInfo.trusted_locally) && this.backupInfo) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this code is schedule for removal very soon so maybe not the most important thing, but it would be good to factor out a local variable for trustInfo.usable || trustInfo.trusted_locally

spec/integ/crypto/megolm-backup.spec.ts Outdated Show resolved Hide resolved
spec/integ/crypto/megolm-backup.spec.ts
Comment on lines +1080 to +1098
it("enables a backup signed by trusted devices and have decryption key", async () => {
aliceClient = await initTestClient();
const aliceCrypto = aliceClient.getCrypto()!;

await aliceClient.startClient();
await aliceCrypto.storeSessionBackupPrivateKey(
Buffer.from(testData.BACKUP_DECRYPTION_KEY_BASE64, "base64"),
testData.SIGNED_BACKUP_DATA.version!,
);
await waitForDeviceList();
await aliceCrypto.setDeviceVerified(testData.TEST_USER_ID, testData.TEST_DEVICE_ID);

fetchMock.get("path:/_matrix/client/v3/room_keys/version", testData.SIGNED_BACKUP_DATA);

const result = await aliceCrypto.checkKeyBackupAndEnable();
expect(result).toBeTruthy();
expect(result!.trustInfo).toEqual({ trusted: true, matchesDecryptionKey: true });
expect(await aliceCrypto.getActiveSessionBackupVersion()).toEqual(testData.SIGNED_BACKUP_DATA.version);
});
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this test feels a bit redundant to me. Is there a particular reason you feel it is important?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not any particular reason, I added it as the trust is logical OR of verified signature and decryption key match, so i feel like it is a good idea to cover all 4 combination to stay safe.

spec/integ/crypto/megolm-backup.spec.ts Outdated Show resolved Hide resolved
spec/integ/crypto/megolm-backup.spec.ts Outdated
Comment on lines 1104 to 1109
await aliceClient.startClient();
await aliceCrypto.storeSessionBackupPrivateKey(
Buffer.from(testData.BACKUP_DECRYPTION_KEY_BASE64, "base64"),
testData.SIGNED_BACKUP_DATA.version!,
);
await waitForDeviceList();
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
await aliceClient.startClient();
await aliceCrypto.storeSessionBackupPrivateKey(
Buffer.from(testData.BACKUP_DECRYPTION_KEY_BASE64, "base64"),
testData.SIGNED_BACKUP_DATA.version!,
);
await waitForDeviceList();
// download the device list, to match the trusted-device case
await aliceClient.startClient();
await waitForDeviceList();
// Alice does *not* trust the device that signed the backup, but *does* have the decryption key.
await aliceCrypto.storeSessionBackupPrivateKey(
Buffer.from(testData.BACKUP_DECRYPTION_KEY_BASE64, "base64"),
testData.SIGNED_BACKUP_DATA.version!,
);

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am not sure why test is failing after flipping the statements. Can you please help me with it

src/rust-crypto/backup.ts Show resolved Hide resolved
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@richvdh richvdh richvdh requested changes

@uhoreg uhoreg Awaiting requested review from uhoreg uhoreg is a code owner automatically assigned from matrix-org/element-crypto-web-reviewers

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
T-Enhancement Z-Community-PR Issue is solved by a community member's PR
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Keys are not uploaded to backup if the backup is not signed
2 participants
@ajbura @richvdh