Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CryptoApi.resetEncryption should always create a new key backup #4648

Merged
merged 3 commits into from
Jan 23, 2025
Merged

CryptoApi.resetEncryption should always create a new key backup #4648

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
431bfe5
fix(crypto api): `resetEncryption` always calls `resetKeyBackup`
florianduros Jan 23, 2025
8770b56
test(crypto api): update `resetEncryption` tests
florianduros Jan 23, 2025
e69f10f
chore(crypto api): add logging in `resetEncryption`
florianduros Jan 23, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 7 additions & 23 deletions spec/unit/rust-crypto/rust-crypto.spec.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1896,22 +1896,6 @@ describe("RustCrypto", () => {
});

it("reset should reset 4S, backup and cross-signing", async () => {
// We don't have a key backup
fetchMock.get("path:/_matrix/client/v3/room_keys/version", {});

const rustCrypto = await makeTestRustCrypto(makeMatrixHttpApi(), undefined, undefined, secretStorage);

const authUploadDeviceSigningKeys = jest.fn();
await rustCrypto.resetEncryption(authUploadDeviceSigningKeys);

// The default key id should be deleted
expect(secretStorage.setDefaultKeyId).toHaveBeenCalledWith(null);
expect(await rustCrypto.getActiveSessionBackupVersion()).toBeNull();
// The new cross signing keys should be uploaded
expect(authUploadDeviceSigningKeys).toHaveBeenCalledWith(expect.any(Function));
});

it("key backup should be re-enabled after reset", async () => {
// When we will delete the key backup
let backupIsDeleted = false;
fetchMock.delete("path:/_matrix/client/v3/room_keys/version/1", () => {
Expand All @@ -1923,6 +1907,13 @@ describe("RustCrypto", () => {
return backupIsDeleted ? {} : testData.SIGNED_BACKUP_DATA;
});

// A new key backup should be created after the reset
let newKeyBackupInfo!: KeyBackupInfo;
fetchMock.post("path:/_matrix/client/v3/room_keys/version", (res, options) => {
newKeyBackupInfo = JSON.parse(options.body as string);
return { version: "2" };
});

// We consider the key backup as trusted
jest.spyOn(RustBackupManager.prototype, "isKeyBackupTrusted").mockResolvedValue({
trusted: true,
Expand All @@ -1933,13 +1924,6 @@ describe("RustCrypto", () => {
// We have a key backup
expect(await rustCrypto.getActiveSessionBackupVersion()).not.toBeNull();

// A new key backup should be created after the reset
let newKeyBackupInfo!: KeyBackupInfo;
fetchMock.post("path:/_matrix/client/v3/room_keys/version", (res, options) => {
newKeyBackupInfo = JSON.parse(options.body as string);
return { version: "2" };
});

const authUploadDeviceSigningKeys = jest.fn();
await rustCrypto.resetEncryption(authUploadDeviceSigningKeys);

Expand Down
2 changes: 1 addition & 1 deletion src/crypto-api/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -401,7 +401,7 @@ export interface CryptoApi {
* - Disable backing up room keys and delete any existing backups.
* - Remove the default secret storage key from the account data (ie: the recovery key).
* - Reset the cross-signing keys.
* - Re-enable backing up room keys if enabled before.
* - Create a new key backup.
*
* @param authUploadDeviceSigningKeys - Callback to authenticate the upload of device signing keys.
* Used when resetting the cross signing keys.
Expand Down
10 changes: 5 additions & 5 deletions src/rust-crypto/rust-crypto.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1477,7 +1477,7 @@ export class RustCrypto extends TypedEventEmitter<RustCryptoEvents, CryptoEventH
* Implementation of {@link CryptoApi#resetEncryption}.
*/
public async resetEncryption(authUploadDeviceSigningKeys: UIAuthCallback<void>): Promise<void> {
const backupEnabled = (await this.backupManager.getActiveBackupVersion()) !== null;
this.logger.debug("resetEncryption: resetting encryption");

// Disable backup, and delete all the backups from the server
await this.backupManager.deleteAllKeyBackupVersions();
Expand All @@ -1491,10 +1491,10 @@ export class RustCrypto extends TypedEventEmitter<RustCryptoEvents, CryptoEventH
authUploadDeviceSigningKeys,
});

// If key backup was enabled, we create a new backup
if (backupEnabled) {
await this.resetKeyBackup();
}
// Create a new key backup
await this.resetKeyBackup();

this.logger.debug("resetEncryption: ended");
}

///////////////////////////////////////////////////////////////////////////////////////////////////////////////////
Expand Down
Loading