Line data Source code
1 : /// Extensions for the experimental dehydrated devices MSC, which allows
2 : /// receiving encrypted messages while you have no devices signed in.
3 : library;
4 :
5 : import 'dart:convert';
6 : import 'dart:math';
7 :
8 : import 'package:matrix/encryption.dart';
9 : import 'package:matrix/matrix.dart';
10 : import 'package:matrix/msc_extensions/msc_3814_dehydrated_devices/api.dart';
11 : import 'package:matrix/msc_extensions/msc_3814_dehydrated_devices/model/dehydrated_device.dart';
12 : import 'package:matrix/msc_extensions/msc_3814_dehydrated_devices/model/dehydrated_device_events.dart';
13 : import 'package:matrix/src/utils/crypto/crypto.dart' as uc;
14 :
15 : extension DehydratedDeviceHandler on Client {
16 : static const Set<String> _oldDehydratedDeviceAlgorithms = {
17 : 'com.famedly.dehydrated_device.raw_olm_account',
18 : };
19 : static const String _dehydratedDeviceAlgorithm =
20 : 'com.famedly.dehydrated_device.raw_olm_account.v2';
21 : static const String _ssssSecretNameForDehydratedDevice = 'org.matrix.msc3814';
22 :
23 : /// Restores the dehydrated device account and/or creates a new one, fetches the events and as such makes encrypted messages available while we were offline.
24 : /// Usually it only makes sense to call this when you just entered the SSSS passphrase or recovery key successfully.
25 1 : Future<void> dehydratedDeviceSetup(OpenSSSS secureStorage) async {
26 : try {
27 : // dehydrated devices need to be cross-signed
28 1 : if (!enableDehydratedDevices ||
29 0 : !encryptionEnabled ||
30 0 : this.encryption?.crossSigning.enabled != true) {
31 : return;
32 : }
33 :
34 : DehydratedDevice? device;
35 : try {
36 0 : device = await getDehydratedDevice();
37 0 : } on MatrixException catch (e) {
38 0 : if (e.response?.statusCode == 400) {
39 0 : Logs().i('Dehydrated devices unsupported, skipping.');
40 : return;
41 : }
42 : // No device, so we just create a new device.
43 0 : await _uploadNewDevice(secureStorage);
44 : return;
45 : }
46 :
47 : // Just throw away the old device if it is using an old algoritm. In the future we could try to still use it and then migrate it, but currently that is not worth the effort
48 : if (_oldDehydratedDeviceAlgorithms
49 0 : .contains(device.deviceData?.tryGet<String>('algorithm'))) {
50 0 : await _uploadNewDevice(secureStorage);
51 : return;
52 : }
53 :
54 : // Only handle devices we understand
55 : // In the future we might want to migrate to a newer format here
56 0 : if (device.deviceData?.tryGet<String>('algorithm') !=
57 : _dehydratedDeviceAlgorithm) {
58 : return;
59 : }
60 :
61 : // Verify that the device is cross-signed
62 : final dehydratedDeviceIdentity =
63 0 : userDeviceKeys[userID]!.deviceKeys[device.deviceId];
64 : if (dehydratedDeviceIdentity == null ||
65 0 : !dehydratedDeviceIdentity.hasValidSignatureChain()) {
66 0 : Logs().w(
67 0 : 'Dehydrated device ${device.deviceId} is unknown or unverified, replacing it',
68 : );
69 0 : await _uploadNewDevice(secureStorage);
70 : return;
71 : }
72 :
73 : final pickleDeviceKey =
74 0 : await secureStorage.getStored(_ssssSecretNameForDehydratedDevice);
75 0 : final pickledDevice = device.deviceData?.tryGet<String>('device');
76 : if (pickledDevice == null) {
77 0 : Logs()
78 0 : .w('Dehydrated device ${device.deviceId} is invalid, replacing it');
79 0 : await _uploadNewDevice(secureStorage);
80 : return;
81 : }
82 :
83 : // Use a separate encryption object for the dehydrated device.
84 : // We need to be careful to not use the client.deviceId here and such.
85 0 : final encryption = Encryption(client: this);
86 : try {
87 0 : await encryption.init(
88 : pickledDevice,
89 0 : deviceId: device.deviceId,
90 : pickleKey: pickleDeviceKey,
91 : dehydratedDeviceAlgorithm: _dehydratedDeviceAlgorithm,
92 : );
93 :
94 0 : if (dehydratedDeviceIdentity.curve25519Key != encryption.identityKey ||
95 0 : dehydratedDeviceIdentity.ed25519Key != encryption.fingerprintKey) {
96 0 : Logs()
97 0 : .w('Invalid dehydrated device ${device.deviceId}, replacing it');
98 0 : await encryption.dispose();
99 0 : await _uploadNewDevice(secureStorage);
100 : return;
101 : }
102 :
103 : // Fetch the to_device messages sent to the picked device and handle them 1:1.
104 : DehydratedDeviceEvents? events;
105 :
106 : do {
107 0 : events = await getDehydratedDeviceEvents(
108 0 : device.deviceId,
109 0 : nextBatch: events?.nextBatch,
110 : );
111 :
112 0 : for (final e in events.events ?? []) {
113 : // We are only interested in roomkeys, which ALWAYS need to be encrypted.
114 0 : if (e.type == EventTypes.Encrypted) {
115 0 : final decryptedEvent = await encryption.decryptToDeviceEvent(e);
116 :
117 0 : if (decryptedEvent.type == EventTypes.RoomKey) {
118 0 : await encryption.handleToDeviceEvent(decryptedEvent);
119 : }
120 : }
121 : }
122 0 : } while (events.events?.isNotEmpty == true);
123 :
124 : // make sure the sessions we just received get uploaded before we upload a new device (which deletes the old device).
125 : await this
126 0 : .encryption
127 0 : ?.keyManager
128 0 : .uploadInboundGroupSessions(skipIfInProgress: false);
129 :
130 0 : await _uploadNewDevice(secureStorage);
131 : } finally {
132 0 : await encryption.dispose();
133 : }
134 : } catch (e) {
135 0 : Logs().w('Exception while handling dehydrated devices: ${e.toString()}');
136 : return;
137 : }
138 : }
139 :
140 0 : Future<void> _uploadNewDevice(OpenSSSS secureStorage) async {
141 0 : final encryption = Encryption(client: this);
142 :
143 : try {
144 : String? pickleDeviceKey;
145 : try {
146 : pickleDeviceKey =
147 0 : await secureStorage.getStored(_ssssSecretNameForDehydratedDevice);
148 : } catch (_) {
149 0 : Logs().i('Dehydrated device key not found, creating new one.');
150 0 : pickleDeviceKey = base64.encode(uc.secureRandomBytes(128));
151 0 : await secureStorage.store(
152 : _ssssSecretNameForDehydratedDevice,
153 : pickleDeviceKey,
154 : );
155 : }
156 :
157 : const chars =
158 : 'AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz1234567890';
159 0 : final rnd = Random();
160 :
161 0 : final deviceIdSuffix = String.fromCharCodes(
162 0 : Iterable.generate(
163 : 10,
164 0 : (_) => chars.codeUnitAt(rnd.nextInt(chars.length)),
165 : ),
166 : );
167 0 : final String device = 'FAM$deviceIdSuffix';
168 :
169 : // Generate a new olm account for the dehydrated device.
170 : try {
171 0 : await encryption.init(
172 : null,
173 : deviceId: device,
174 : pickleKey: pickleDeviceKey,
175 : dehydratedDeviceAlgorithm: _dehydratedDeviceAlgorithm,
176 : );
177 0 : } on MatrixException catch (_) {
178 : // dehydrated devices unsupported, do noting.
179 0 : Logs().i('Dehydrated devices unsupported, skipping upload.');
180 0 : await encryption.dispose();
181 : return;
182 : }
183 :
184 0 : encryption.ourDeviceId = device;
185 0 : encryption.olmManager.ourDeviceId = device;
186 :
187 : // cross sign the device from our currently signed in device
188 0 : await updateUserDeviceKeys(additionalUsers: {userID!});
189 0 : final keysToSign = <SignableKey>[
190 0 : userDeviceKeys[userID]!.deviceKeys[device]!,
191 : ];
192 0 : await this.encryption?.crossSigning.sign(keysToSign);
193 : } finally {
194 0 : await encryption.dispose();
195 : }
196 : }
197 : }
|