crypto: direct share key

Author: DelmoreCooper

sdn-sdk-android/src/main/java/org/sdn/android/sdk/api/session/crypto/model/RoomKeyShareRequest.kt

@@ -30,6 +30,15 @@ data class RoomKeyShareRequest(
         @Json(name = "requesting_device_id")
         override val requestingDeviceId: String? = null,
 
+        @Json(name = "requesting_device_key")
+        val requestingDeviceKey: String? = null,
+
+        @Json(name = "requesting_device_otk")
+        val requestingDeviceOtk: String? = null,
+
+        @Json(name = "recipients")
+        var recipients: List<Pair<String, String>>? = null,
+
         @Json(name = "request_id")
         override val requestId: String? = null,
 

sdn-sdk-android/src/main/java/org/sdn/android/sdk/api/session/events/model/Event.kt

@@ -153,7 +153,7 @@ data class Event(
      * @return true if this event is encrypted.
      */
     fun isEncrypted(): Boolean {
-        return type == EventType.ENCRYPTED
+        return type == EventType.ENCRYPTED || type == EventType.ROOM_KEY_REPLY
     }
 
     /**

sdn-sdk-android/src/main/java/org/sdn/android/sdk/api/session/events/model/EventType.kt

@@ -88,6 +88,8 @@ object EventType {
     // Key share events
     const val ROOM_KEY_REQUEST = "m.room_key_request"
     const val FORWARDED_ROOM_KEY = "m.forwarded_room_key"
+    const val ROOM_KEY_REQUIRE = "m.room_key_require"
+    const val ROOM_KEY_REPLY = "m.room_key_reply"
     val ROOM_KEY_WITHHELD = StableUnstableId(stable = "m.room_key.withheld", unstable = "org.matrix.room_key.withheld")
 
     const val REQUEST_SECRET = "m.secret.request"

sdn-sdk-android/src/main/java/org/sdn/android/sdk/internal/crypto/CryptoModule.kt

@@ -73,6 +73,7 @@ import org.sdn.android.sdk.internal.crypto.tasks.DefaultInitializeCrossSigningTa
 import org.sdn.android.sdk.internal.crypto.tasks.DefaultPullSessionKeysTask
 import org.sdn.android.sdk.internal.crypto.tasks.DefaultPutSessionMapTask
 import org.sdn.android.sdk.internal.crypto.tasks.DefaultSendEventTask
+import org.sdn.android.sdk.internal.crypto.tasks.DefaultSendSimpleEventTask
 import org.sdn.android.sdk.internal.crypto.tasks.DefaultSendToDeviceTask
 import org.sdn.android.sdk.internal.crypto.tasks.DefaultSendVerificationMessageTask
 import org.sdn.android.sdk.internal.crypto.tasks.DefaultSetDeviceNameTask
@@ -89,6 +90,7 @@ import org.sdn.android.sdk.internal.crypto.tasks.InitializeCrossSigningTask
 import org.sdn.android.sdk.internal.crypto.tasks.PullSessionKeysTask
 import org.sdn.android.sdk.internal.crypto.tasks.PutSessionMapTask
 import org.sdn.android.sdk.internal.crypto.tasks.SendEventTask
+import org.sdn.android.sdk.internal.crypto.tasks.SendSimpleEventTask
 import org.sdn.android.sdk.internal.crypto.tasks.SendToDeviceTask
 import org.sdn.android.sdk.internal.crypto.tasks.SendVerificationMessageTask
 import org.sdn.android.sdk.internal.crypto.tasks.SetDeviceNameTask
@@ -236,6 +238,9 @@ internal abstract class CryptoModule {
     @Binds
     abstract fun bindSendToDeviceTask(task: DefaultSendToDeviceTask): SendToDeviceTask
 
+    @Binds
+    abstract fun bindSendSimpleEventTask(task: DefaultSendSimpleEventTask): SendSimpleEventTask
+
     @Binds
     abstract fun bindPullRoomKeyTask(task: DefaultPullSessionKeysTask): PullSessionKeysTask
 

sdn-sdk-android/src/main/java/org/sdn/android/sdk/internal/crypto/DefaultCryptoService.kt

@@ -119,6 +119,7 @@ import org.sdn.android.sdk.api.session.events.model.content.EncryptedEventConten
 import org.sdn.android.sdk.api.session.events.model.content.OlmEventContent
 import org.sdn.android.sdk.api.session.room.model.message.MessageContent
 import org.sdn.android.sdk.api.session.sync.model.ToDeviceSyncResponse
+import org.sdn.android.sdk.internal.crypto.model.rest.EncryptedMessage
 import org.sdn.android.sdk.internal.crypto.tasks.PullSessionKeysTask
 import timber.log.Timber
 import java.util.concurrent.atomic.AtomicBoolean
@@ -213,6 +214,33 @@ internal class DefaultCryptoService @Inject constructor(
     }
 
     fun onLiveEvent(roomId: String, event: Event, isInitialSync: Boolean) {
+        // handle key require
+        if (event.type == EventType.ROOM_KEY_REQUIRE) {
+            val keyShareRequest = event.content.toModel<RoomKeyShareRequest>()
+            if (event.senderId == null || keyShareRequest == null) {
+                return
+            }
+            val recipients = keyShareRequest.recipients
+            recipients?.let {
+                for (recipient in recipients) {
+                    if (this.userId == recipient.first && this.deviceId == recipient.second) {
+                        this.incomingKeyRequestManager.addNewIncomingRequest(event.senderId, keyShareRequest)
+                    }
+                }
+            }
+            return
+        }
+        // handle key reply
+        if (event.type == EventType.ROOM_KEY_REPLY) {
+            val encryptedContent = event.content.toModel<EncryptedMessage>() ?: return
+            if (encryptedContent.cipherText?.contains(this.olmDevice.deviceCurve25519Key) != true) {
+                // not recipient
+                return
+            }
+            // should have already been decrypted
+            this.onRoomKeyEvent(event, true)
+        }
+
         // handle state events
         if (event.isStateEvent()) {
             when (event.type) {

sdn-sdk-android/src/main/java/org/sdn/android/sdk/internal/crypto/DeviceListManager.kt

@@ -43,7 +43,7 @@ import javax.inject.Inject
 @SessionScope
 internal class DeviceListManager @Inject constructor(
     private val cryptoStore: IMXCryptoStore,
-    private val olmDevice: MXOlmDevice,
+    val olmDevice: MXOlmDevice,
     private val syncTokenStore: SyncTokenStore,
     private val credentials: Credentials,
     private val downloadKeysForUsersTask: DownloadKeysForUsersTask,
@@ -82,6 +82,10 @@ internal class DeviceListManager @Inject constructor(
         return credentials.loginTime - 24 * 3600 * 1000
     }
 
+    fun getUserDevice(userId: String, deviceId: String): CryptoDeviceInfo? {
+        return this.cryptoStore.getUserDevice(userId, deviceId)
+    }
+
     private fun dispatchDeviceChange(users: List<String>) {
         synchronized(deviceChangeListeners) {
             deviceChangeListeners.forEach {
@@ -573,7 +577,6 @@ internal class DeviceListManager @Inject constructor(
                 }
         )
     }
-
     companion object {
 
         /**

sdn-sdk-android/src/main/java/org/sdn/android/sdk/internal/crypto/EventDecryptor.kt

@@ -141,7 +141,7 @@ internal class EventDecryptor @Inject constructor(
                                 mxCryptoError.errorType == MXCryptoError.ErrorType.BAD_ENCRYPTED_MESSAGE) {
                             // need to find sending device
                             val olmContent = event.content.toModel<OlmEventContent>()
-                            if (event.senderId != null && olmContent?.senderKey != null) {
+                            if (event.type != EventType.ROOM_KEY_REPLY && event.senderId != null && olmContent?.senderKey != null) {
                                 markOlmSessionForUnwedging(event.senderId, olmContent.senderKey)
                             } else {
                                 Timber.tag(loggerTag.value).d("Can't mark as wedge malformed")

sdn-sdk-android/src/main/java/org/sdn/android/sdk/internal/crypto/IncomingKeyRequestManager.kt

@@ -16,6 +16,7 @@
 
 package org.sdn.android.sdk.internal.crypto
 
+import dagger.Lazy
 import kotlinx.coroutines.CoroutineScope
 import kotlinx.coroutines.SupervisorJob
 import kotlinx.coroutines.asCoroutineDispatcher
@@ -30,6 +31,7 @@ import org.sdn.android.sdk.api.crypto.MXCRYPTO_ALGORITHM_RATCHET
 import org.sdn.android.sdk.api.crypto.MXCryptoConfig
 import org.sdn.android.sdk.api.extensions.tryOrNull
 import org.sdn.android.sdk.api.logger.LoggerTag
+import org.sdn.android.sdk.api.session.crypto.OutgoingRoomKeyRequestState
 import org.sdn.android.sdk.api.session.crypto.keyshare.GossipingRequestListener
 import org.sdn.android.sdk.api.session.crypto.model.CryptoDeviceInfo
 import org.sdn.android.sdk.api.session.crypto.model.IncomingRoomKeyRequest
@@ -39,9 +41,11 @@ import org.sdn.android.sdk.api.session.crypto.model.RoomKeyShareRequest
 import org.sdn.android.sdk.api.session.events.model.EventType
 import org.sdn.android.sdk.api.session.events.model.content.RoomKeyWithHeldContent
 import org.sdn.android.sdk.api.session.events.model.content.WithHeldCode
+import org.sdn.android.sdk.api.session.events.model.toContent
 import org.sdn.android.sdk.internal.crypto.actions.EnsureOlmSessionsForDevicesAction
 import org.sdn.android.sdk.internal.crypto.actions.MessageEncrypter
 import org.sdn.android.sdk.internal.crypto.store.IMXCryptoStore
+import org.sdn.android.sdk.internal.crypto.tasks.SendSimpleEventTask
 import org.sdn.android.sdk.internal.crypto.tasks.SendToDeviceTask
 import org.sdn.android.sdk.internal.session.SessionScope
 import org.sdn.android.sdk.internal.task.SemaphoreCoroutineSequencer
@@ -63,6 +67,7 @@ internal class IncomingKeyRequestManager @Inject constructor(
     private val messageEncrypter: MessageEncrypter,
     private val coroutineDispatchers: SDNCoroutineDispatchers,
     private val sendToDeviceTask: SendToDeviceTask,
+    private val sendSimpleEventTask: SendSimpleEventTask,
     private val clock: Clock,
 ) {
 
@@ -83,6 +88,8 @@ internal class IncomingKeyRequestManager @Inject constructor(
             val requestId: String,
             val requestingUserId: String,
             val requestingDeviceId: String,
+            val requestingDeviceKey: String?,
+            val requestingDeviceOtk: String?,
             val roomId: String,
             val senderKey: String,
             val sessionId: String,
@@ -109,6 +116,8 @@ internal class IncomingKeyRequestManager @Inject constructor(
                 requestId = requestId,
                 requestingUserId = senderId,
                 requestingDeviceId = deviceId,
+                requestingDeviceKey = this.requestingDeviceKey,
+                requestingDeviceOtk = this.requestingDeviceOtk,
                 roomId = roomId,
                 senderKey = senderKey,
                 sessionId = sessionId,
@@ -209,11 +218,11 @@ internal class IncomingKeyRequestManager @Inject constructor(
 
     private suspend fun handleIncomingRequest(request: ValidMegolmRequestBody) {
         // We don't want to download keys, if we don't know the device yet we won't share any how?
-        val requestingDevice =
-                cryptoStore.getUserDevice(request.requestingUserId, request.requestingDeviceId)
-                        ?: return Unit.also {
-                            Timber.tag(loggerTag.value).d("Ignoring key request: ${request.shortDbgString()}")
-                        }
+        val requestingDevice = cryptoStore.getUserDevice(request.requestingUserId, request.requestingDeviceId)
+        if (requestingDevice == null || requestingDevice.identityKey() != request.requestingDeviceKey) {
+            directShareMegolmKey(request)
+            return
+        }
 
         cryptoStore.saveIncomingKeyRequestAuditTrail(
                 request.requestId,
@@ -357,6 +366,8 @@ internal class IncomingKeyRequestManager @Inject constructor(
                 requestId = request.requestId,
                 requestingDeviceId = request.deviceId,
                 requestingUserId = request.userId,
+                requestingDeviceKey = null,
+                requestingDeviceOtk = null,
                 roomId = request.requestBody.roomId,
                 senderKey = request.requestBody.senderKey,
                 sessionId = request.requestBody.sessionId,
@@ -446,6 +457,85 @@ internal class IncomingKeyRequestManager @Inject constructor(
         }
     }
 
+    private suspend fun directShareMegolmKey(validRequest: ValidMegolmRequestBody): Boolean {
+        val requestingDeviceKey = validRequest.requestingDeviceKey ?: return false.also {
+            Timber.tag(loggerTag.value).e("directShareMegolmKey: no requestingDeviceKey from ${validRequest.requestingUserId} | ${validRequest.requestingDeviceId}")
+        }
+        val requestingDeviceInfo = CryptoDeviceInfo(
+            userId = validRequest.requestingUserId,
+            deviceId = validRequest.requestingDeviceId,
+            keys = mapOf("curve25519:${validRequest.requestingDeviceId}" to requestingDeviceKey)
+        )
+        val wasSessionSharedWithUser = cryptoStore.getSharedSessionInfo(validRequest.roomId, validRequest.sessionId, requestingDeviceInfo)
+        if (wasSessionSharedWithUser.found && wasSessionSharedWithUser.chainIndex == 0) {
+            Timber.tag(loggerTag.value).e("skip direct share Key for ${validRequest.shortDbgString()}")
+            return false
+        }
+
+        Timber.tag(loggerTag.value).d("try to direct share Megolm Key for ${validRequest.shortDbgString()}")
+        if (validRequest.requestingDeviceKey == null || validRequest.requestingDeviceOtk == null) {
+            Timber.tag(loggerTag.value).w("fail to direct share Megolm Key for ${validRequest.shortDbgString()}: no device keys")
+            return false
+        }
+
+        val sessionHolder = try {
+            olmDevice.getInboundGroupSession(validRequest.sessionId, validRequest.senderKey, validRequest.roomId)
+        } catch (failure: Throwable) {
+            Timber.tag(loggerTag.value)
+                .e(failure, "shareKeysWithDevice: failed to get session ${validRequest.requestingUserId}")
+            // It's unavailable
+            sendWithheldForRequest(validRequest, WithHeldCode.UNAVAILABLE)
+            return false
+        }
+
+        val export = sessionHolder.mutex.withLock {
+            sessionHolder.wrapper.exportKeys(0)
+        } ?: return false.also {
+            Timber.tag(loggerTag.value)
+                .e("shareKeysWithDevice: failed to export group session ${validRequest.sessionId}")
+        }
+
+        val payloadJson = mapOf(
+            "type" to EventType.FORWARDED_ROOM_KEY,
+            "content" to export
+        )
+
+        val encryptedPayload = messageEncrypter.directEncryptMessage(
+            payloadJson, validRequest.requestingUserId, validRequest.requestingDeviceId, validRequest.requestingDeviceKey, validRequest.requestingDeviceOtk)
+        encryptedPayload.traceId = validRequest.sessionId
+
+        return try {
+            sendSimpleEventTask.execute(SendSimpleEventTask.Params(
+                roomId = validRequest.roomId,
+                eventType = EventType.ROOM_KEY_REPLY,
+                encryptedPayload.toContent()
+            ))
+            Timber.tag(loggerTag.value)
+                .i("successfully direct shared session for ${validRequest.shortDbgString()}")
+            cryptoStore.saveForwardKeyAuditTrail(
+                validRequest.roomId,
+                validRequest.sessionId,
+                validRequest.senderKey,
+                validRequest.algorithm,
+                validRequest.requestingUserId,
+                validRequest.requestingDeviceId,
+                0,
+            )
+            cryptoStore.markedSessionAsShared(
+                validRequest.roomId,
+                validRequest.sessionId,
+                validRequest.requestingUserId,
+                validRequest.requestingDeviceId,
+                validRequest.requestingDeviceKey,
+                0)
+            true
+        } catch (failure: Throwable) {
+            Timber.tag(loggerTag.value)
+                .e(failure, "fail to direct share session for ${validRequest.shortDbgString()}")
+            false
+        }
+    }
+
     fun addRoomKeysRequestListener(listener: GossipingRequestListener) {
         synchronized(gossipingRequestListeners) {
             gossipingRequestListeners.add(listener)

sdn-sdk-android/src/main/java/org/sdn/android/sdk/internal/crypto/MXOlmDevice.kt

@@ -461,6 +461,41 @@ internal class MXOlmDevice @Inject constructor(
         return payloadString
     }
 
+    suspend fun olmEncryptMessage(theirDeviceIdentityKey: String, theirOneTimeKey: String, payloadString: String): Map<String, Any>? {
+        return try {
+            val olmSession = OlmSession()
+            store.doWithOlmAccount { olmAccount ->
+                olmSession.initOutboundSession(olmAccount, theirDeviceIdentityKey, theirOneTimeKey)
+            }
+            val olmMessage = olmSession.encryptMessage(payloadString)
+            mapOf(
+                "body" to olmMessage.mCipherText,
+                "type" to olmMessage.mType,
+            )
+        } catch (e: Throwable) {
+            Timber.tag(loggerTag.value).e(e, "## encryptMessage() : failed to encrypt olm with device:$theirDeviceIdentityKey")
+            null
+        }
+    }
+
+    suspend fun olmDecryptMessage(ciphertext: String, messageType: Int): String? {
+        return try {
+            val olmSession = OlmSession()
+            store.doWithOlmAccount { olmAccount ->
+                olmSession.initInboundSession(olmAccount, ciphertext)
+            }
+
+            val olmMessage = OlmMessage()
+            olmMessage.mCipherText = ciphertext
+            olmMessage.mType = messageType.toLong()
+
+            olmSession.decryptMessage(olmMessage)
+        } catch (e: Exception) {
+            Timber.tag(loggerTag.value).e(e, "## createInboundSession() : the session creation failed")
+            null
+        }
+    }
+
     /**
      * Determine if an incoming messages is a prekey message matching an existing session.
      *