e2ee should not hinder verification #1598

BillCarsonFr · 2022-10-05T09:40:28Z

Pull Request Checklist

Fixes #6519
Verification events sent in e2ee rooms should bypass the encrypt to verified devices only option. If not it renders verification impossible.

Motivation and context

As per spec:

When using in-room messages and the room has encryption enabled, clients should ensure that encryption does not hinder the verification. For example, if the verification messages are encrypted, clients must ensure that all the recipient’s unverified devices receive the keys necessary to decrypt the messages, even if they would normally not be given the keys to decrypt messages in the room. Alternatively, verification messages may be sent unencrypted, though this is not encouraged.

Pull request is based on the develop branch
Pull request contains a changelog file in ./changelog.d. See https://github.com/matrix-org/matrix-ios-sdk/blob/develop/CONTRIBUTING.md#changelog
Pull request includes a sign off

codecov · 2022-10-05T09:57:38Z

Codecov Report

Base: 13.48% // Head: 13.48% // Decreases project coverage by -0.00% ⚠️

Coverage data is based on head (248ab03) compared to base (6178f5f).
Patch coverage: 0.00% of modified lines in pull request are covered.

Additional details and impacted files

@@             Coverage Diff             @@
##           develop    #1598      +/-   ##
===========================================
- Coverage    13.48%   13.48%   -0.01%     
===========================================
  Files          541      541              
  Lines        86690    86712      +22     
  Branches     36828    36842      +14     
===========================================
  Hits         11693    11693              
- Misses       74555    74577      +22     
  Partials       442      442

Impacted Files	Coverage Δ
...xSDK/Crypto/Algorithms/Megolm/MXMegolmEncryption.m	`0.81% <0.00%> (-0.06%)`	⬇️
MatrixSDK/Crypto/Algorithms/Olm/MXOlmEncryption.m	`5.26% <0.00%> (ø)`
MatrixSDK/Crypto/MXCrypto.m	`1.99% <0.00%> (ø)`

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

Anderas · 2022-10-06T09:15:51Z

MatrixSDK/Crypto/Algorithms/MXEncrypting.h

@@ -60,7 +60,7 @@

 @return a MXHTTPOperation instance. May be nil if all required materials is already in place.
 */
- (MXHTTPOperation*)ensureSessionForUsers:(NSArray<NSString*>*)users
+- (MXHTTPOperation*)ensureSessionForUsers:(NSArray<NSString*>*)users forceDistributeToUnverified: (BOOL) forceDistributeToUnverified


Sadly we don't have obj-c style checker / formatter to check this automatically, but to aligh the style:

no spaces between type and parameter, i.e. forceDistributeToUnverified: (BOOL) forceDistributeToUnverified => forceDistributeToUnverified:(BOOL)forceDistributeToUnverified (across the whole PR)

if some parameters are on multiple lines (e.g. success and failure), then all should be, incl forceDistributeToUnverified, and aligned vertically by the double colon

Anderas · 2022-10-06T09:24:54Z

MatrixSDK/Crypto/Algorithms/Megolm/MXMegolmEncryption.m

@@ -166,6 +190,7 @@ - (BOOL)isSessionSharingHistory:(MXOutboundSessionInfo *)session
 @param failure A block object called when the operation fails.
 */
 - (MXHTTPOperation *)getDevicesInRoom:(NSArray<NSString*>*)users


This method includes documentation above so would be good to include the new parameter. Also perhaps just a matter of personal preference, but the method getDevicesInRoom does not suggest anything about distributing keys so perhaps the new parameter would be clearer as includeUnverifiedUsers rather than forceDistributeToUnverified

Anderas · 2022-10-06T09:27:02Z

MatrixSDK/Crypto/Algorithms/Megolm/MXMegolmEncryption.m

@@ -198,7 +223,7 @@ - (MXHTTPOperation *)getDevicesInRoom:(NSArray<NSString*>*)users
                }

                if (deviceInfo.trustLevel.localVerificationStatus == MXDeviceBlocked
-                    || (!deviceInfo.trustLevel.isVerified && encryptToVerifiedDevicesOnly))
+                    || (!deviceInfo.trustLevel.isVerified && encryptToVerifiedDevicesOnly && !forceDistributeToUnverified))


I think it would be better / cleaner to include this extra condition in the BOOL encryptToVerifiedDevicesOnly = declaration.

Anderas · 2022-10-06T09:30:01Z

MatrixSDK/Crypto/Algorithms/Megolm/MXMegolmEncryption.m

@@ -103,14 +104,37 @@ - (MXHTTPOperation*)encryptEventContent:(NSDictionary*)eventContent eventType:(M
    }];
 }

- (MXHTTPOperation*)ensureSessionForUsers:(NSArray<NSString*>*)users
+- (BOOL) isVerificationEvent:(MXEventTypeString) eventType eventContent:(NSDictionary*)eventContent


Optionally this whole method could be moved into MXTools, as [MXTools isVerificationEvent], which will make it easier to unit test

e2ee should not hinder verification

248ab03

BillCarsonFr requested review from manuroe and a team October 5, 2022 09:40

Anderas reviewed Oct 6, 2022

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

e2ee should not hinder verification #1598

e2ee should not hinder verification #1598

BillCarsonFr commented Oct 5, 2022 •

edited

Loading

codecov bot commented Oct 5, 2022

Anderas Oct 6, 2022

Anderas Oct 6, 2022

Anderas Oct 6, 2022

Anderas Oct 6, 2022

e2ee should not hinder verification #1598

Are you sure you want to change the base?

e2ee should not hinder verification #1598

Conversation

BillCarsonFr commented Oct 5, 2022 • edited Loading

Pull Request Checklist

Motivation and context

codecov bot commented Oct 5, 2022

Codecov Report

Anderas Oct 6, 2022

Choose a reason for hiding this comment

Anderas Oct 6, 2022

Choose a reason for hiding this comment

Anderas Oct 6, 2022

Choose a reason for hiding this comment

Anderas Oct 6, 2022

Choose a reason for hiding this comment

BillCarsonFr commented Oct 5, 2022 •

edited

Loading