crypto: optimize key share

Author: DelmoreCooper

sdn-sdk-android/src/main/java/org/sdn/android/sdk/api/session/crypto/model/CryptoDeviceInfo.kt

@@ -23,7 +23,7 @@ data class CryptoDeviceInfo(
         val deviceId: String,
         override val userId: String,
         val algorithms: List<String>? = null,
-        override val keys: Map<String, String>? = null,
+        override var keys: Map<String, String>? = null,
         override val signatures: Map<String, Map<String, String>>? = null,
         val unsigned: UnsignedDeviceInfo? = null,
         var trustLevel: DeviceTrustLevel? = null,
@@ -55,6 +55,18 @@ data class CryptoDeviceInfo(
                 ?.get("curve25519:$deviceId")
     }
 
+    fun fallbackKey(): String? {
+        return keys
+            ?.takeIf { deviceId.isNotBlank() }
+            ?.get("fbk25519:$deviceId")
+    }
+
+    fun setFallbackKey(fbk: String) {
+        val keyMap = keys?.toMutableMap()
+        keyMap?.put("fbk25519:$deviceId", fbk)
+        keys = keyMap
+    }
+
     /**
      * @return the display name
      */

sdn-sdk-android/src/main/java/org/sdn/android/sdk/internal/crypto/DefaultCryptoService.kt

@@ -214,56 +214,15 @@ internal class DefaultCryptoService @Inject constructor(
     }
 
     fun onLiveEvent(roomId: String, event: Event, isInitialSync: Boolean) {
-        // handle key require
-        if (event.type == EventType.ROOM_KEY_REQUIRE) {
-            if (event.originServerTs == null || event.originServerTs < System.currentTimeMillis() - 24 * 3600 * 1000) {
-                Timber.tag(loggerTag.value).w("skip reply to old key require ${event.eventId}")
-                return
+        val senderUserId = event.senderId
+        val senderDeviceId = event.content?.get("device_id")?.toString()
+        val senderDeviceKey = event.getSenderKey()
+        if (!senderUserId.isNullOrEmpty() && !senderDeviceId.isNullOrEmpty() && !senderDeviceKey.isNullOrEmpty()) {
+            val deviceInfo = this.deviceListManager.getUserDevice(senderUserId, senderDeviceId)
+            if (deviceInfo == null || deviceInfo.identityKey() != senderDeviceKey) {
+                Timber.tag(loggerTag.value).w("unknown sender $senderUserId | $senderDeviceId from event ${event.eventId}")
+                this.deviceListManager.handleDeviceListsChanges(listOf(senderUserId), emptyList())
             }
-            val keyShareRequest = event.content.toModel<RoomKeyShareRequest>()
-            if (event.senderId == null || keyShareRequest == null) {
-                return
-            }
-            val recipients = keyShareRequest.recipients
-            recipients?.let {
-                for (recipient in recipients) {
-                    if (this.userId == recipient.userId && this.deviceId == recipient.deviceId) {
-                        Timber.tag(loggerTag.value).i("received ${EventType.ROOM_KEY_REQUIRE} eventId: ${event.eventId}")
-                        this.incomingKeyRequestManager.addNewIncomingRequest(event.senderId, keyShareRequest)
-                    }
-                }
-            }
-            return
-        }
-        // handle key reply
-        if (event.type == EventType.ROOM_KEY_REPLY) {
-            val encryptedContent = event.content.toModel<EncryptedMessage>() ?: return
-            if (encryptedContent.cipherText?.contains(this.olmDevice.deviceCurve25519Key) != true) {
-                // not recipient
-                Timber.tag(loggerTag.value).i("skip handling ${EventType.ROOM_KEY_REPLY} as not in recipient ${event.eventId}")
-                return
-            }
-
-            Timber.tag(loggerTag.value).i("start decrypting ${EventType.ROOM_KEY_REPLY} eventId: ${event.eventId}")
-            try {
-                val result = runBlocking { decryptEvent(event.copy(roomId = roomId), "") }
-                event.mxDecryptionResult = OlmDecryptionResult(
-                    payload = result.clearEvent,
-                    senderKey = result.senderCurve25519Key,
-                    keysClaimed = result.claimedEd25519Key?.let { k -> mapOf("ed25519" to k) },
-                    forwardingCurve25519KeyChain = result.forwardingCurve25519KeyChain,
-                    isSafe = result.isSafe
-                )
-            } catch (e: MXCryptoError) {
-                if (e is MXCryptoError.Base) {
-                    event.mCryptoError = e.errorType
-                    event.mCryptoErrorReason = e.technicalMessage.takeIf { it.isNotEmpty() } ?: e.detailedErrorDescription
-                }
-                return
-            }
-
-            Timber.tag(loggerTag.value).i("received ${EventType.ROOM_KEY_REPLY} eventId: ${event.eventId}")
-            this.onRoomKeyEvent(event, true)
         }
 
         // handle state events
@@ -1117,10 +1076,6 @@ internal class DefaultCryptoService @Inject constructor(
      * Upload my user's device keys.
      */
     private suspend fun uploadDeviceKeys() {
-        if (cryptoStore.areDeviceKeysUploaded()) {
-            Timber.tag(loggerTag.value).d("Keys already uploaded, nothing to do")
-            return
-        }
         // Prepare the device keys data to send
         // Sign it
         val canonicalJson = JsonCanonicalizer.getCanonicalJson(Map::class.java, getMyDevice().signalableJSONDictionary())

sdn-sdk-android/src/main/java/org/sdn/android/sdk/internal/crypto/DeviceListManager.kt

@@ -461,8 +461,8 @@ internal class DeviceListManager @Inject constructor(
             Timber.e("## CRYPTO | validateDeviceKeys() : deviceKeys is null from $userId:$deviceId")
             return false
         }
-
-        if (null == deviceKeys.keys) {
+        val keys = deviceKeys.keys
+        if (null == keys) {
             Timber.e("## CRYPTO | validateDeviceKeys() : deviceKeys.keys is null from $userId:$deviceId")
             return false
         }
@@ -484,7 +484,7 @@ internal class DeviceListManager @Inject constructor(
         }
 
         val signKeyId = "ed25519:" + deviceKeys.deviceId
-        val signKey = deviceKeys.keys[signKeyId]
+        val signKey = keys[signKeyId]
 
         if (null == signKey) {
             Timber.e("## CRYPTO | validateDeviceKeys() : Device $userId:${deviceKeys.deviceId} has no ed25519 key")

sdn-sdk-android/src/main/java/org/sdn/android/sdk/internal/crypto/IncomingKeyRequestManager.kt

@@ -213,61 +213,28 @@ internal class IncomingKeyRequestManager @Inject constructor(
     }
 
     private suspend fun handleIncomingRequest(request: ValidMegolmRequestBody) {
-        // We don't want to download keys, if we don't know the device yet we won't share any how?
-        val requestingDevice = cryptoStore.getUserDevice(request.requestingUserId, request.requestingDeviceId)
-        if (requestingDevice == null || requestingDevice.identityKey() != request.requestingDeviceKey) {
-            directShareMegolmKey(request)
+        if (request.requestingUserId == credentials.userId && request.requestingDeviceId == credentials.deviceId) {
+            Timber.tag(loggerTag.value).w("ignoring key request from own user")
             return
         }
-
-        cryptoStore.saveIncomingKeyRequestAuditTrail(
-                request.requestId,
-                request.roomId,
-                request.sessionId,
-                request.senderKey,
-                request.algorithm,
-                request.requestingUserId,
-                request.requestingDeviceId
-        )
-
         if (!arrayOf(MXCRYPTO_ALGORITHM_MEGOLM, MXCRYPTO_ALGORITHM_RATCHET).contains(request.algorithm)) {
             // strange we received a request for a room that is not encrypted
             // maybe a broken state?
             Timber.tag(loggerTag.value).w("Received a key request in a room with unsupported alg:${request.algorithm} , req:${request.shortDbgString()}")
             return
         }
-
-        // Is it for one of our sessions?
-        if (request.requestingUserId == credentials.userId) {
-            Timber.tag(loggerTag.value).v("handling request from own user: megolm session ${request.sessionId}")
-
-            if (request.requestingDeviceId == credentials.deviceId) {
-                // ignore it's a remote echo
-                return
-            }
-            // If it's verified we share from the early index we know
-            // if not we check if it was originaly shared or not
-            if (requestingDevice.isVerified) {
-                // we share from the earliest known chain index
-                shareMegolmKey(request, requestingDevice, null)
-            } else {
-                Timber.tag(loggerTag.value).w("requesting device is not verified, still share the key")
-                shareMegolmKey(request, requestingDevice, null)
-            }
-        } else {
-            if (cryptoConfig.limitRoomKeyRequestsToMyDevices) {
-                Timber.tag(loggerTag.value).v("Ignore request from other user as per crypto config: ${request.shortDbgString()}")
-                return
+        val requestingDevice = cryptoStore.getUserDevice(request.requestingUserId, request.requestingDeviceId)
+        if (requestingDevice != null) {
+            if (requestingDevice.fallbackKey().isNullOrEmpty() && !request.requestingDeviceOtk.isNullOrEmpty()) {
+                requestingDevice.setFallbackKey(request.requestingDeviceOtk)
             }
-            Timber.tag(loggerTag.value).v("handling request from other user: megolm session ${request.sessionId}")
-            if (requestingDevice.isBlocked) {
-                // it's blocked, so send a withheld code
-                Timber.tag(loggerTag.value).w("requesting device is blocked, will not share the key")
-                sendWithheldForRequest(request, WithHeldCode.BLACKLISTED)
-            } else {
-                shareMegolmKey(request, requestingDevice, null)
+            if (!requestingDevice.fallbackKey().isNullOrEmpty()) {
+                if (shareMegolmKey(request, requestingDevice, null)){
+                    return
+                }
             }
         }
+        directShareMegolmKey(request)
     }
 
     private suspend fun shareIfItWasPreviouslyShared(request: ValidMegolmRequestBody, requestingDevice: CryptoDeviceInfo) {

sdn-sdk-android/src/main/java/org/sdn/android/sdk/internal/crypto/MXOlmDevice.kt

@@ -17,6 +17,7 @@
 package org.sdn.android.sdk.internal.crypto
 
 import androidx.annotation.VisibleForTesting
+import com.squareup.moshi.Types
 import kotlinx.coroutines.sync.Mutex
 import kotlinx.coroutines.sync.withLock
 import org.sdn.android.sdk.api.extensions.orFalse
@@ -156,10 +157,26 @@ internal class MXOlmDevice @Inject constructor(
      * Returns an unpublished fallback key.
      * A call to markKeysAsPublished will mark it as published and this
      * call will return null (until a call to generateFallbackKey is made).
+     * { "curve25519":
+     *   {
+     *     "AAAABQ":"qefVZd8qvjOpsFzoKSAdfUnJVkIreyxWFlipCHjSQQg"
+     *   }
+     * }
      */
     fun getFallbackKey(): MutableMap<String, MutableMap<String, String>>? {
+        val mapType = Types.newParameterizedType(MutableMap::class.java, String::class.java, String::class.java)
+        val adapterType = Types.newParameterizedType(MutableMap::class.java, String::class.java, mapType)
+        val adapter = MoshiProvider.providesMoshi().adapter<MutableMap<String, MutableMap<String, String>>>(adapterType)
         try {
-            return store.doWithOlmAccount { it.fallbackKey() }
+            val fbk = store.getFbk25519()
+            if(fbk.isNotEmpty()) {
+                return adapter.fromJson(fbk)
+            }
+            val fbkMap = store.doWithOlmAccount { it.fallbackKey() }
+            if (!fbkMap[OlmAccount.JSON_KEY_ONE_TIME_KEY].isNullOrEmpty()) {
+                store.storeFbk25519(adapter.toJson(fbkMap))
+            }
+            return fbkMap
         } catch (e: Exception) {
             Timber.tag(loggerTag.value).e("## getFallbackKey() : failed")
         }

sdn-sdk-android/src/main/java/org/sdn/android/sdk/internal/crypto/MyDeviceInfoHolder.kt

@@ -16,6 +16,7 @@
 
 package org.sdn.android.sdk.internal.crypto
 
+import org.matrix.olm.OlmAccount
 import org.sdn.android.sdk.api.auth.data.Credentials
 import org.sdn.android.sdk.api.session.crypto.crosssigning.DeviceTrustLevel
 import org.sdn.android.sdk.api.session.crypto.model.CryptoDeviceInfo
@@ -51,6 +52,15 @@ internal class MyDeviceInfoHolder @Inject constructor(
             keys["curve25519:" + credentials.deviceId] = olmDevice.deviceCurve25519Key!!
         }
 
+        olmDevice.generateFallbackKeyIfNeeded()
+        olmDevice.getFallbackKey()?.let { fbkMap ->
+            fbkMap[OlmAccount.JSON_KEY_ONE_TIME_KEY]?.let {
+                for (item in it) {
+                    keys["fbk25519:" + credentials.deviceId] = item.value
+                }
+            }
+        }
+
 //        myDevice.keys = keys
 //
 //        myDevice.algorithms = MXCryptoAlgorithms.supportedAlgorithms()

sdn-sdk-android/src/main/java/org/sdn/android/sdk/internal/crypto/OneTimeKeysUploader.kt

@@ -94,7 +94,7 @@ internal class OneTimeKeysUploader @Inject constructor(
                     Timber.w("maybeUploadOneTimeKeys: Failed to get otk count from server")
                 }
 
-        Timber.d("maybeUploadOneTimeKeys: otk count $oneTimeKeyCountFromSync , unpublished fallback key ${olmDevice.hasUnpublishedFallbackKey()}")
+        Timber.d("maybeUploadOneTimeKeys: otk count $oneTimeKeyCountFromSync")
 
         lastOneTimeKeyCheck = clock.epochMillis()
 
@@ -125,15 +125,6 @@ internal class OneTimeKeysUploader @Inject constructor(
             Timber.v("## uploadKeys() : success, $uploadedKeys key(s) sent")
         }
         oneTimeKeyCheckInProgress = false
-
-        // Check if we need to forget a fallback key
-        val latestPublishedTime = getLastFallbackKeyPublishTime()
-        if (latestPublishedTime != 0L && clock.epochMillis() - latestPublishedTime > FALLBACK_KEY_FORGET_DELAY) {
-            // This should be called once you are reasonably certain that you will not receive any more messages
-            // that use the old fallback key
-            Timber.d("## forgetFallbackKey()")
-            olmDevice.forgetFallbackKey()
-        }
     }
 
     private suspend fun fetchOtkCount(): Int? {
@@ -151,33 +142,19 @@ internal class OneTimeKeysUploader @Inject constructor(
      * @return the number of uploaded keys
      */
     private suspend fun uploadOTK(keyCount: Int, keyLimit: Int): Int {
-        if (keyLimit <= keyCount && !olmDevice.hasUnpublishedFallbackKey()) {
+        if (keyLimit <= keyCount) {
             // If we don't need to generate any more keys then we are done.
             return 0
         }
-        var keysThisLoop = 0
-        if (keyLimit > keyCount) {
-            // Creating keys can be an expensive operation so we limit the
-            // number we generate in one go to avoid blocking the application
-            // for too long.
-            keysThisLoop = min(keyLimit - keyCount, ONE_TIME_KEY_GENERATION_MAX_NUMBER)
-            olmDevice.generateOneTimeKeys(keysThisLoop)
-        }
-
-        // We check before sending if there is an unpublished key in order to saveLastFallbackKeyPublishTime if needed
-        val hadUnpublishedFallbackKey = olmDevice.hasUnpublishedFallbackKey()
+        val keysThisLoop = min(keyLimit - keyCount, ONE_TIME_KEY_GENERATION_MAX_NUMBER)
+        olmDevice.generateOneTimeKeys(keysThisLoop)
         val response = uploadOneTimeKeys(olmDevice.getOneTimeKeys())
         olmDevice.markKeysAsPublished()
-        if (hadUnpublishedFallbackKey) {
-            // It had an unpublished fallback key that was published just now
-            saveLastFallbackKeyPublishTime(clock.epochMillis())
-        }
 
         if (response.hasOneTimeKeyCountsForAlgorithm(MXKey.KEY_SIGNED_CURVE_25519_TYPE)) {
             // Maybe upload other keys
             return keysThisLoop +
-                    uploadOTK(response.oneTimeKeyCountsForAlgorithm(MXKey.KEY_SIGNED_CURVE_25519_TYPE), keyLimit) +
-                    (if (hadUnpublishedFallbackKey) 1 else 0)
+                    uploadOTK(response.oneTimeKeyCountsForAlgorithm(MXKey.KEY_SIGNED_CURVE_25519_TYPE), keyLimit) + 1
         } else {
             Timber.e("## uploadOTK() : response for uploading keys does not contain one_time_key_counts.signed_curve25519")
             throw Exception("response for uploading keys does not contain one_time_key_counts.signed_curve25519")
@@ -213,6 +190,7 @@ internal class OneTimeKeysUploader @Inject constructor(
         }
 
         val fallbackJson = mutableMapOf<String, Any>()
+        olmDevice.generateFallbackKeyIfNeeded()
         val fallbackCurve25519Map = olmDevice.getFallbackKey()?.get(OlmAccount.JSON_KEY_ONE_TIME_KEY).orEmpty()
         fallbackCurve25519Map.forEach { (key_id, key) ->
             val k = mutableMapOf<String, Any>()