From caf8c60371fee6a3f9c6725a7ca734e84f0bbd50 Mon Sep 17 00:00:00 2001 From: Andy Uhnak Date: Tue, 4 Apr 2023 10:46:43 +0100 Subject: [PATCH 01/10] Fix some flaky tests --- .../MXRoomEventDecryptionUnitTests.swift | 25 ++++++++++++++----- .../MXKeysQuerySchedulerUnitTests.swift | 10 +++++--- 2 files changed, 26 insertions(+), 9 deletions(-) diff --git a/MatrixSDKTests/Crypto/Algorithms/RoomEvents/MXRoomEventDecryptionUnitTests.swift b/MatrixSDKTests/Crypto/Algorithms/RoomEvents/MXRoomEventDecryptionUnitTests.swift index 39e27a749d..f2eb25723b 100644 --- a/MatrixSDKTests/Crypto/Algorithms/RoomEvents/MXRoomEventDecryptionUnitTests.swift +++ b/MatrixSDKTests/Crypto/Algorithms/RoomEvents/MXRoomEventDecryptionUnitTests.swift @@ -102,7 +102,9 @@ class MXRoomEventDecryptionUnitTests: XCTestCase { let invalidEvent = MXEvent.fixture(id: 123) await decryptor.handlePossibleRoomKeyEvent(invalidEvent) - await waitForDecryption() + // We do not expect anything to be decrypted, so there is no notification or other signal to listen to + // We will simply wait an entire second and assert nothing was decrypted + try! await Task.sleep(nanoseconds: 1_000_000_000) XCTAssertNil(events[0].clear) XCTAssertNil(events[1].clear) @@ -114,7 +116,7 @@ class MXRoomEventDecryptionUnitTests: XCTestCase { let roomKey = MXEvent.roomKeyFixture(sessionId: "123") await decryptor.handlePossibleRoomKeyEvent(roomKey) - await waitForDecryption() + await waitForDecryption(events: events) XCTAssertNotNil(events[0].clear) XCTAssertNil(events[1].clear) @@ -126,7 +128,7 @@ class MXRoomEventDecryptionUnitTests: XCTestCase { let roomKey = MXEvent.forwardedRoomKeyFixture(sessionId: "123") await decryptor.handlePossibleRoomKeyEvent(roomKey) - await waitForDecryption() + await waitForDecryption(events: events) XCTAssertNotNil(events[0].clear) XCTAssertNil(events[1].clear) @@ -139,7 +141,7 @@ class MXRoomEventDecryptionUnitTests: XCTestCase { let events = await prepareEventsForRedecryption() await decryptor.retryUndecryptedEvents(sessionIds: ["123", "456"]) - await waitForDecryption() + await waitForDecryption(events: events) XCTAssertNotNil(events[0].clear) XCTAssertNotNil(events[1].clear) @@ -188,10 +190,21 @@ class MXRoomEventDecryptionUnitTests: XCTestCase { return events } - private func waitForDecryption() async { + private func waitForDecryption(events: [MXEvent]) async { // When decrypting successfully, a notification will be triggered on the main thread, so we have to // make sure we wait until this happens. We cannot listen to notifications directly, because // repeated decryption failures will not trigger any. Instead simply wait a little while. - try! await Task.sleep(nanoseconds: 1_000_000) + + // Maximum 100 attempts each pausing for a tenth of a second + for _ in 0 ..< 100 { + + // As soon as at least one event is decrypted, we assume all are and return + if events.contains(where: { $0.clear != nil }) { + return + } + + // Otherwise wait for a 0.1 second and run the next loop cycle + try! await Task.sleep(nanoseconds: 100_000_000) + } } } diff --git a/MatrixSDKTests/Crypto/CryptoMachine/MXKeysQuerySchedulerUnitTests.swift b/MatrixSDKTests/Crypto/CryptoMachine/MXKeysQuerySchedulerUnitTests.swift index ee7d3b350d..1af129df21 100644 --- a/MatrixSDKTests/Crypto/CryptoMachine/MXKeysQuerySchedulerUnitTests.swift +++ b/MatrixSDKTests/Crypto/CryptoMachine/MXKeysQuerySchedulerUnitTests.swift @@ -56,13 +56,17 @@ class MXKeysQuerySchedulerUnitTests: XCTestCase { } queryStartSpy?() - try await Task.sleep(nanoseconds: 1_000_000) + + // Wait long enough to simulate expensive work + try await Task.sleep(nanoseconds: 100_000_000) return res case .failure(let error): queryStartSpy?() - try await Task.sleep(nanoseconds: 1_000_000) + + // Wait long enough to simulate expensive work + try await Task.sleep(nanoseconds: 100_000_000) throw error } } @@ -504,6 +508,6 @@ class MXKeysQuerySchedulerUnitTests: XCTestCase { // MARK: - Helpers private func XCTAssertQueriesCount(_ count: Int, file: StaticString = #file, line: UInt = #line) { - XCTAssertEqual(count, queryCounter, file: file, line: line) + XCTAssertEqual(queryCounter, count, file: file, line: line) } } From 3edf6e11f7389bfa97ea9e6f59a0471560c7c0e0 Mon Sep 17 00:00:00 2001 From: Stefan Ceriu Date: Tue, 4 Apr 2023 13:14:05 +0300 Subject: [PATCH 02/10] Prepare for new sprint From 5e21f59555acbc71e2812935c4c203ab9fac1434 Mon Sep 17 00:00:00 2001 From: Andy Uhnak Date: Wed, 12 Apr 2023 16:40:57 +0100 Subject: [PATCH 03/10] Prepare for new sprint From f1c172f54fd2fd926874c614fb99c55b5b4b2b57 Mon Sep 17 00:00:00 2001 From: Andy Uhnak Date: Thu, 13 Apr 2023 10:31:20 +0100 Subject: [PATCH 04/10] Update Crypto SDK --- MatrixSDK.podspec | 2 +- Podfile | 2 +- Podfile.lock | 8 ++++---- changelog.d/pr-1767.change | 1 + 4 files changed, 7 insertions(+), 6 deletions(-) create mode 100644 changelog.d/pr-1767.change diff --git a/MatrixSDK.podspec b/MatrixSDK.podspec index 31484fdf46..5986c7023a 100644 --- a/MatrixSDK.podspec +++ b/MatrixSDK.podspec @@ -45,7 +45,7 @@ Pod::Spec.new do |s| ss.dependency 'OLMKit', '~> 3.2.5' ss.dependency 'Realm', '10.27.0' ss.dependency 'libbase58', '~> 0.1.4' - ss.dependency 'MatrixSDKCrypto', '0.3.3', :configurations => ["DEBUG", "RELEASE"], :inhibit_warnings => true + ss.dependency 'MatrixSDKCrypto', '0.3.4', :configurations => ["DEBUG", "RELEASE"], :inhibit_warnings => true end s.subspec 'JingleCallStack' do |ss| diff --git a/Podfile b/Podfile index f2b5a789e6..7f932311bc 100644 --- a/Podfile +++ b/Podfile @@ -16,7 +16,7 @@ abstract_target 'MatrixSDK' do pod 'Realm', '10.27.0' pod 'libbase58', '~> 0.1.4' - pod 'MatrixSDKCrypto', "0.3.3", :inhibit_warnings => true + pod 'MatrixSDKCrypto', "0.3.4", :inhibit_warnings => true target 'MatrixSDK-iOS' do platform :ios, '11.0' diff --git a/Podfile.lock b/Podfile.lock index d0bbe27023..71025295bf 100644 --- a/Podfile.lock +++ b/Podfile.lock @@ -16,7 +16,7 @@ PODS: - AFNetworking/NSURLSession - GZIP (1.3.0) - libbase58 (0.1.4) - - MatrixSDKCrypto (0.3.3) + - MatrixSDKCrypto (0.3.4) - OHHTTPStubs (9.1.0): - OHHTTPStubs/Default (= 9.1.0) - OHHTTPStubs/Core (9.1.0) @@ -44,7 +44,7 @@ DEPENDENCIES: - AFNetworking (~> 4.0.0) - GZIP (~> 1.3.0) - libbase58 (~> 0.1.4) - - MatrixSDKCrypto (= 0.3.3) + - MatrixSDKCrypto (= 0.3.4) - OHHTTPStubs (~> 9.1.0) - OLMKit (~> 3.2.5) - Realm (= 10.27.0) @@ -65,12 +65,12 @@ SPEC CHECKSUMS: AFNetworking: 3bd23d814e976cd148d7d44c3ab78017b744cd58 GZIP: 416858efbe66b41b206895ac6dfd5493200d95b3 libbase58: 7c040313537b8c44b6e2d15586af8e21f7354efd - MatrixSDKCrypto: 427dbb126a3e3f97cadf9fc407abf17d365b4b39 + MatrixSDKCrypto: ac805c22c24f79f349cdbfa065855c73a4c81b51 OHHTTPStubs: 90eac6d8f2c18317baeca36698523dc67c513831 OLMKit: da115f16582e47626616874e20f7bb92222c7a51 Realm: 9ca328bd7e700cc19703799785e37f77d1a130f2 SwiftyBeaver: 84069991dd5dca07d7069100985badaca7f0ce82 -PODFILE CHECKSUM: 174732d03c56adfa101fc7fcd2d573723820fcf4 +PODFILE CHECKSUM: 5c78f80c2f45525f29deaa0fc5455b81552ee632 COCOAPODS: 1.11.3 diff --git a/changelog.d/pr-1767.change b/changelog.d/pr-1767.change new file mode 100644 index 0000000000..7e16762759 --- /dev/null +++ b/changelog.d/pr-1767.change @@ -0,0 +1 @@ +Crypto: Update Crypto SDK From e9ff5c0f798806e4fcba64e73317c40b64a8d5fd Mon Sep 17 00:00:00 2001 From: Andy Uhnak Date: Fri, 14 Apr 2023 10:59:50 +0100 Subject: [PATCH 05/10] Ensure device signed after restoring cross-signing keys --- .../Crypto/CrossSigning/MXCrossSigning.h | 2 + .../Crypto/CrossSigning/MXCrossSigning.m | 3 +- .../CrossSigning/MXCrossSigningV2.swift | 9 ++- .../CryptoMachine/MXCryptoProtocols.swift | 2 +- MatrixSDK/Crypto/MXCrypto.m | 2 +- MatrixSDK/Crypto/Recovery/MXRecoveryService.m | 13 ++--- .../MXCrossSigningV2UnitTests.swift | 56 +++++++++++++++++++ .../CryptoMachine/MXCryptoProtocolStubs.swift | 32 +++++++++++ MatrixSDKTests/MXCrossSigningTests.m | 2 +- changelog.d/pr-1768.change | 1 + 10 files changed, 108 insertions(+), 14 deletions(-) create mode 100644 changelog.d/pr-1768.change diff --git a/MatrixSDK/Crypto/CrossSigning/MXCrossSigning.h b/MatrixSDK/Crypto/CrossSigning/MXCrossSigning.h index 3956df5d92..033873b137 100644 --- a/MatrixSDK/Crypto/CrossSigning/MXCrossSigning.h +++ b/MatrixSDK/Crypto/CrossSigning/MXCrossSigning.h @@ -137,11 +137,13 @@ typedef NS_ENUM(NSInteger, MXCrossSigningErrorCode) The operation requires to have the Self Signing Key in the local secret storage. @param deviceId the id of the device to cross-sign. + @param userId the user that owns the device. @param success A block object called when the operation succeeds. @param failure A block object called when the operation fails. */ - (void)crossSignDeviceWithDeviceId:(NSString*)deviceId + userId:(NSString*)userId success:(void (^)(void))success failure:(void (^)(NSError *error))failure; diff --git a/MatrixSDK/Crypto/CrossSigning/MXCrossSigning.m b/MatrixSDK/Crypto/CrossSigning/MXCrossSigning.m index c3e650f7ce..3d657445c1 100644 --- a/MatrixSDK/Crypto/CrossSigning/MXCrossSigning.m +++ b/MatrixSDK/Crypto/CrossSigning/MXCrossSigning.m @@ -142,7 +142,7 @@ - (void)setupWithAuthParams:(NSDictionary*)authParams // Refresh our state so that we can cross-sign [self refreshStateWithSuccess:^(BOOL stateUpdated) { // Expose this device to other users as signed by me - [self crossSignDeviceWithDeviceId:myCreds.deviceId success:^{ + [self crossSignDeviceWithDeviceId:myCreds.deviceId userId:myCreds.userId success:^{ success(); } failure:failureBlock]; } failure:failureBlock]; @@ -218,6 +218,7 @@ - (MXCrossSigningInfo *)createKeys:(NSDictionary *__autorel } - (void)crossSignDeviceWithDeviceId:(NSString*)deviceId + userId:(NSString *)userId success:(void (^)(void))success failure:(void (^)(NSError *error))failure { diff --git a/MatrixSDK/Crypto/CrossSigning/MXCrossSigningV2.swift b/MatrixSDK/Crypto/CrossSigning/MXCrossSigningV2.swift index 73826d4116..2c165967ce 100644 --- a/MatrixSDK/Crypto/CrossSigning/MXCrossSigningV2.swift +++ b/MatrixSDK/Crypto/CrossSigning/MXCrossSigningV2.swift @@ -144,10 +144,17 @@ class MXCrossSigningV2: NSObject, MXCrossSigning { func crossSignDevice( withDeviceId deviceId: String, + userId: String, success: @escaping () -> Void, failure: @escaping (Swift.Error) -> Void ) { - log.debug("->") + log.debug("Attempting to cross sign a device \(deviceId)") + + if let device = crossSigning.device(userId: userId, deviceId: deviceId), device.crossSigningTrusted { + log.debug("Device is already cross-signing trusted, no need to verify") + success() + return + } Task { do { diff --git a/MatrixSDK/Crypto/CryptoMachine/MXCryptoProtocols.swift b/MatrixSDK/Crypto/CryptoMachine/MXCryptoProtocols.swift index 38f442a666..65dee0f900 100644 --- a/MatrixSDK/Crypto/CryptoMachine/MXCryptoProtocols.swift +++ b/MatrixSDK/Crypto/CryptoMachine/MXCryptoProtocols.swift @@ -82,7 +82,7 @@ protocol MXCryptoRoomEventDecrypting: MXCryptoIdentity { } /// Cross-signing functionality -protocol MXCryptoCrossSigning: MXCryptoUserIdentitySource { +protocol MXCryptoCrossSigning: MXCryptoUserIdentitySource, MXCryptoDevicesSource { func refreshCrossSigningStatus() async throws func crossSigningStatus() -> CrossSigningStatus func bootstrapCrossSigning(authParams: [AnyHashable: Any]) async throws diff --git a/MatrixSDK/Crypto/MXCrypto.m b/MatrixSDK/Crypto/MXCrypto.m index 6066b74c7f..674347c44e 100644 --- a/MatrixSDK/Crypto/MXCrypto.m +++ b/MatrixSDK/Crypto/MXCrypto.m @@ -1092,7 +1092,7 @@ - (void)setDeviceVerification2:(MXDeviceVerification)verificationStatus forDevic { // Cross-sign our own device MXLogDebug(@"[MXCrypto] setDeviceVerificationForDevice: Mark device %@ as self verified", deviceId); - [self.crossSigning crossSignDeviceWithDeviceId:deviceId success:success failure:failure]; + [self.crossSigning crossSignDeviceWithDeviceId:deviceId userId:userId success:success failure:failure]; // Wait the end of cross-sign before returning return; diff --git a/MatrixSDK/Crypto/Recovery/MXRecoveryService.m b/MatrixSDK/Crypto/Recovery/MXRecoveryService.m index 37cbf8c71c..ff11f6e77c 100644 --- a/MatrixSDK/Crypto/Recovery/MXRecoveryService.m +++ b/MatrixSDK/Crypto/Recovery/MXRecoveryService.m @@ -740,19 +740,14 @@ - (void)recoverCrossSigningWithSuccess:(void (^)(void))success [self.dependencies.crossSigning refreshStateWithSuccess:^(BOOL stateUpdated) { - // Check if the service really needs to be started - if (self.dependencies.crossSigning.canCrossSign) - { - MXLogDebug(@"[MXRecoveryService] recoverCrossSigning: Cross-signing is already up"); - success(); - return; - } + NSString *userId = self.dependencies.credentials.userId; + NSString *deviceId = self.dependencies.credentials.deviceId; // Mark our user MSK as verified locally - [self.delegate setUserVerification:YES forUser:self.dependencies.credentials.userId success:^{ + [self.delegate setUserVerification:YES forUser:userId success:^{ // Cross sign our current device - [self.dependencies.crossSigning crossSignDeviceWithDeviceId:self.dependencies.credentials.deviceId success:^{ + [self.dependencies.crossSigning crossSignDeviceWithDeviceId:deviceId userId:userId success:^{ // And update the state [self.dependencies.crossSigning refreshStateWithSuccess:^(BOOL stateUpdated) { diff --git a/MatrixSDKTests/Crypto/CrossSigning/MXCrossSigningV2UnitTests.swift b/MatrixSDKTests/Crypto/CrossSigning/MXCrossSigningV2UnitTests.swift index 6f6a136046..617eb44869 100644 --- a/MatrixSDKTests/Crypto/CrossSigning/MXCrossSigningV2UnitTests.swift +++ b/MatrixSDKTests/Crypto/CrossSigning/MXCrossSigningV2UnitTests.swift @@ -103,4 +103,60 @@ class MXCrossSigningV2UnitTests: XCTestCase { XCTAssertEqual(self.crossSigning.state, state, "Status: \(status)") } } + + func test_crossSignDevice_verifiesUntrustedDevice() async throws { + let userId = "Alice" + let deviceId = "ABCD" + crypto.devices = [ + userId: [ + deviceId: .stub(crossSigningTrusted: false) + ] + ] + + let before = crypto.device(userId: userId, deviceId: deviceId) + XCTAssertNotNil(before) + XCTAssertFalse(before!.crossSigningTrusted) + XCTAssertFalse(crypto.verifiedDevicesSpy.contains(deviceId)) + + try await crossSigning.crossSignDevice(deviceId: deviceId, userId: userId) + + let after = crypto.device(userId: userId, deviceId: deviceId) + XCTAssertNotNil(after) + XCTAssertTrue(after!.crossSigningTrusted) + XCTAssertTrue(crypto.verifiedDevicesSpy.contains(deviceId)) + } + + func test_crossSignDevice_doesNotReverifyAlreadyTrustedDevice() async throws { + let userId = "Alice" + let deviceId = "ABCD" + crypto.devices = [ + userId: [ + deviceId: .stub(crossSigningTrusted: true) + ] + ] + + let before = crypto.device(userId: userId, deviceId: deviceId) + XCTAssertNotNil(before) + XCTAssertTrue(before!.crossSigningTrusted) + XCTAssertFalse(crypto.verifiedDevicesSpy.contains(deviceId)) + + try await crossSigning.crossSignDevice(deviceId: deviceId, userId: userId) + + let after = crypto.device(userId: userId, deviceId: deviceId) + XCTAssertNotNil(after) + XCTAssertTrue(after!.crossSigningTrusted) + XCTAssertFalse(crypto.verifiedDevicesSpy.contains(deviceId)) + } +} + +private extension MXCrossSigningV2 { + func crossSignDevice(deviceId: String, userId: String) async throws { + return try await withCheckedThrowingContinuation { continuation in + self.crossSignDevice(withDeviceId: deviceId, userId: userId) { + continuation.resume() + } failure: { error in + continuation.resume(throwing: error) + } + } + } } diff --git a/MatrixSDKTests/Crypto/CryptoMachine/MXCryptoProtocolStubs.swift b/MatrixSDKTests/Crypto/CryptoMachine/MXCryptoProtocolStubs.swift index 8a06f33df2..79069835ae 100644 --- a/MatrixSDKTests/Crypto/CryptoMachine/MXCryptoProtocolStubs.swift +++ b/MatrixSDKTests/Crypto/CryptoMachine/MXCryptoProtocolStubs.swift @@ -72,6 +72,10 @@ class UserIdentitySourceStub: CryptoIdentityStub, MXCryptoUserIdentitySource { } class CryptoCrossSigningStub: CryptoIdentityStub, MXCryptoCrossSigning { + enum Error: Swift.Error { + case deviceMissing + } + var stubbedStatus = CrossSigningStatus( hasMaster: false, hasSelfSigning: false, @@ -115,11 +119,39 @@ class CryptoCrossSigningStub: CryptoIdentityStub, MXCryptoCrossSigning { func verifyUser(userId: String) async throws { } + var verifiedDevicesSpy = Set() func verifyDevice(userId: String, deviceId: String) async throws { + guard let device = devices[userId]?[deviceId] else { + throw Error.deviceMissing + } + + verifiedDevicesSpy.insert(deviceId) + + devices[userId]?[deviceId] = Device( + userId: device.userId, + deviceId: device.deviceId, + keys: device.keys, + algorithms: device.algorithms, + displayName: device.displayName, + isBlocked: device.isBlocked, + locallyTrusted: device.locallyTrusted, + // Modify cross signing trusted + crossSigningTrusted: true + ) } func setLocalTrust(userId: String, deviceId: String, trust: LocalTrust) throws { } + + var devices = [String: [String: Device]]() + + func device(userId: String, deviceId: String) -> Device? { + return devices[userId]?[deviceId] + } + + func devices(userId: String) -> [Device] { + return devices[userId]?.map { $0.value } ?? [] + } } class CryptoVerificationStub: CryptoIdentityStub { diff --git a/MatrixSDKTests/MXCrossSigningTests.m b/MatrixSDKTests/MXCrossSigningTests.m index 79c4ac3f71..e311648759 100644 --- a/MatrixSDKTests/MXCrossSigningTests.m +++ b/MatrixSDKTests/MXCrossSigningTests.m @@ -1175,7 +1175,7 @@ - (void)testMXCrossSigningResetDetection newDeviceId = newAliceSession.matrixRestClient.credentials.deviceId; // - Cross-sign this new device - [aliceSession.crypto.crossSigning crossSignDeviceWithDeviceId:newDeviceId success:^{ + [aliceSession.crypto.crossSigning crossSignDeviceWithDeviceId:newDeviceId userId:newAliceSession.matrixRestClient.credentials.userId success:^{ // Intermediate check MXDeviceTrustLevel *aliceDevice2Trust = [aliceSession.crypto deviceTrustLevelForDevice:newDeviceId ofUser:aliceSession.myUserId]; diff --git a/changelog.d/pr-1768.change b/changelog.d/pr-1768.change new file mode 100644 index 0000000000..07abae3c87 --- /dev/null +++ b/changelog.d/pr-1768.change @@ -0,0 +1 @@ +Cross-signing: Ensure device signed after restoring cross-signing keys From 752b9c7fda5a992b992ca7cb2aa5a951f9605307 Mon Sep 17 00:00:00 2001 From: Andy Uhnak Date: Fri, 14 Apr 2023 11:29:19 +0100 Subject: [PATCH 06/10] Remove legacy crypto store after migration --- MatrixSDK/Crypto/MXCryptoV2.swift | 7 ------ MatrixSDK/Crypto/MXCryptoV2Factory.swift | 6 ++--- .../Crypto/MXCryptoV2FactoryTests.swift | 24 +++++++++---------- changelog.d/pr-1769.change | 1 + 4 files changed, 16 insertions(+), 22 deletions(-) create mode 100644 changelog.d/pr-1769.change diff --git a/MatrixSDK/Crypto/MXCryptoV2.swift b/MatrixSDK/Crypto/MXCryptoV2.swift index dacfbd2569..f700e7fd6d 100644 --- a/MatrixSDK/Crypto/MXCryptoV2.swift +++ b/MatrixSDK/Crypto/MXCryptoV2.swift @@ -197,13 +197,6 @@ class MXCryptoV2: NSObject, MXCrypto { } if deleteStore { - if let credentials = session?.credentials, - MXRealmCryptoStore.hasData(for: credentials) { - MXRealmCryptoStore.delete(with: credentials) - } else { - log.failure("Missing credentials, cannot delete store") - } - do { try machine.deleteAllData() } catch { diff --git a/MatrixSDK/Crypto/MXCryptoV2Factory.swift b/MatrixSDK/Crypto/MXCryptoV2Factory.swift index 1e52f38276..4d32bd4495 100644 --- a/MatrixSDK/Crypto/MXCryptoV2Factory.swift +++ b/MatrixSDK/Crypto/MXCryptoV2Factory.swift @@ -91,6 +91,9 @@ import Foundation log.debug("Legacy crypto store exists") try migrateIfNecessary(legacyStore: legacyStore, updateProgress: updateProgress) + + log.debug("Removing legacy crypto store entirely") + MXRealmCryptoStore.delete(with: credentials) } private func migrateIfNecessary( @@ -123,8 +126,5 @@ import Foundation log.debug("Needs verification upgrade") MXSDKOptions.sharedInstance().cryptoSDKFeature?.needsVerificationUpgrade = true } - - log.debug("Setting the latest deprecated version of legacy store") - legacyStore.cryptoVersion = lastDeprecatedVersion } } diff --git a/MatrixSDKTests/Crypto/MXCryptoV2FactoryTests.swift b/MatrixSDKTests/Crypto/MXCryptoV2FactoryTests.swift index 8a58ecbfc5..2e1867afc7 100644 --- a/MatrixSDKTests/Crypto/MXCryptoV2FactoryTests.swift +++ b/MatrixSDKTests/Crypto/MXCryptoV2FactoryTests.swift @@ -82,7 +82,7 @@ class MXCryptoV2FactoryTests: XCTestCase { func test_fullyMigratesLegacyUser() async throws { let env = try await e2eData.startE2ETest() let session = env.session - let legacyStore = session.legacyCrypto?.store + var legacyStore = session.legacyCrypto?.store // Assert that we have a legacy store that has not yet been deprecated XCTAssertNotNil(legacyStore) @@ -93,9 +93,9 @@ class MXCryptoV2FactoryTests: XCTestCase { XCTAssertNotNil(crypto) XCTAssertTrue(hasMigrated) - // Assert we still have legacy store but it is now marked as deprecated - XCTAssertNotNil(legacyStore) - XCTAssertEqual(legacyStore?.cryptoVersion, .deprecated3) + // Assert that we no longer have a legacy store for this user + legacyStore = MXRealmCryptoStore(credentials: session.credentials) + XCTAssertNil(legacyStore) await env.close() } @@ -105,7 +105,7 @@ class MXCryptoV2FactoryTests: XCTestCase { let session = env.session // We set the legacy store as partially deprecated - let legacyStore = session.legacyCrypto?.store + var legacyStore = session.legacyCrypto?.store XCTAssertNotNil(legacyStore) legacyStore?.cryptoVersion = .deprecated1 @@ -114,9 +114,9 @@ class MXCryptoV2FactoryTests: XCTestCase { XCTAssertNotNil(crypto) XCTAssertTrue(hasMigrated) - // Assert we still have legacy store but it is now marked as deprecated - XCTAssertNotNil(legacyStore) - XCTAssertEqual(legacyStore?.cryptoVersion, .deprecated3) + // Assert that we no longer have a legacy store for this user + legacyStore = MXRealmCryptoStore(credentials: session.credentials) + XCTAssertNil(legacyStore) await env.close() } @@ -126,7 +126,7 @@ class MXCryptoV2FactoryTests: XCTestCase { let session = env.session // We set the legacy store as fully deprecated - let legacyStore = session.legacyCrypto?.store + var legacyStore = session.legacyCrypto?.store XCTAssertNotNil(legacyStore) legacyStore?.cryptoVersion = .deprecated3 @@ -135,9 +135,9 @@ class MXCryptoV2FactoryTests: XCTestCase { XCTAssertNotNil(crypto) XCTAssertFalse(hasMigrated) - // Assert we still have legacy store which is still marked as deprecated - XCTAssertNotNil(legacyStore) - XCTAssertEqual(legacyStore?.cryptoVersion, .deprecated3) + // Assert that we no longer have a legacy store for this user + legacyStore = MXRealmCryptoStore(credentials: session.credentials) + XCTAssertNil(legacyStore) await env.close() } diff --git a/changelog.d/pr-1769.change b/changelog.d/pr-1769.change new file mode 100644 index 0000000000..73df5c9a81 --- /dev/null +++ b/changelog.d/pr-1769.change @@ -0,0 +1 @@ +Crypto: Remove legacy crypto store From 1c4f260fb5fdfd8f2442dd9a921e7e01913432a5 Mon Sep 17 00:00:00 2001 From: Andy Uhnak Date: Wed, 12 Apr 2023 16:50:57 +0100 Subject: [PATCH 07/10] Add short docs on Crypto SDK integration --- README.rst | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/README.rst b/README.rst index 44d65b8473..5c087905b0 100644 --- a/README.rst +++ b/README.rst @@ -84,6 +84,35 @@ They contain logic to maintain consistent chat room data. room. MXSession exposes and maintains the list of MXUsers. It provides the user id, displayname and the current presence state. +End-to-end Encryption +--------------------- +All core E2EE functionality is implemented in an external `matrix-sdk-crypto `_ +Rust crate, which replaces all previous obj-c / Swift implementation that used to exist in this repository. +`MatrixSDK` integrates this crate via `pod MatrixSDKCrypto` published `separately `_. + +Code in `MatrixSDK` consists mostly of wrappers, networking logic and glue code connecting encryption with +general app functionality, sync loops and and session state. Some of the notable classes include: + +:``MXCrypto``: + Main entry-point into all cryptographic functionality, such as encrypting/decrypting + events, cross-signing users, or managing room key backups. It is owned by the current + session and therefore specific to the current user. + +:``MXRoomEventEncryption``/``MXRoomEventDecryption``: + Two classes responsible for encrypting and decrypting message events and tasks that + are closely dependent, such as sharing room keys, reacting to late key-shares etc. + +:``MXCryptoMachine``: + Wrapper around Rust-based `OlmMachine`, providing a more convenient API. Its three main + responsibilities are: + - adding a layer of abstraction between `MatrixSDK` and `MatrixSDKCrypto` + - mapping to and from raw strings passed into the Rust machine + - performing network requests and marking them as completed on behalf of the Rust machine + +To publish a new version of `MatrixSDKCrypto` follow a `separate process `_. +To test local / unpublished changes in `MatrixSDKCrypto`, `build the framework `_ +and re-direct the pod in your `Podfile` to `pod MatrixSDKCrypto, :path => your/local/rust-crypto-sdk/MatrixSDKCrypto.podspec` + Usage ===== From e24980432f30f24a6cc8a4273501f5278d84850c Mon Sep 17 00:00:00 2001 From: Anderas Date: Mon, 17 Apr 2023 16:33:10 +0100 Subject: [PATCH 08/10] Update README.rst Co-authored-by: manuroe --- README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.rst b/README.rst index 5c087905b0..8799f5c9b8 100644 --- a/README.rst +++ b/README.rst @@ -91,7 +91,7 @@ Rust crate, which replaces all previous obj-c / Swift implementation that used t `MatrixSDK` integrates this crate via `pod MatrixSDKCrypto` published `separately `_. Code in `MatrixSDK` consists mostly of wrappers, networking logic and glue code connecting encryption with -general app functionality, sync loops and and session state. Some of the notable classes include: +general app functionality, sync loops and session state. Some of the notable classes include: :``MXCrypto``: Main entry-point into all cryptographic functionality, such as encrypting/decrypting From eee81674d9ba1719b589b9e125885c30e3703a75 Mon Sep 17 00:00:00 2001 From: Doug Date: Tue, 18 Apr 2023 09:53:12 +0100 Subject: [PATCH 09/10] version++ --- CHANGES.md | 9 +++++++++ MatrixSDK.podspec | 2 +- MatrixSDK/MatrixSDKVersion.m | 2 +- changelog.d/pr-1767.change | 1 - changelog.d/pr-1768.change | 1 - changelog.d/pr-1769.change | 1 - 6 files changed, 11 insertions(+), 5 deletions(-) delete mode 100644 changelog.d/pr-1767.change delete mode 100644 changelog.d/pr-1768.change delete mode 100644 changelog.d/pr-1769.change diff --git a/CHANGES.md b/CHANGES.md index dd8c83d12d..b29f7cbc40 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1,3 +1,12 @@ +## Changes in 0.26.8 (2023-04-18) + +🙌 Improvements + +- Crypto: Update Crypto SDK ([#1767](https://github.com/matrix-org/matrix-ios-sdk/pull/1767)) +- Cross-signing: Ensure device signed after restoring cross-signing keys ([#1768](https://github.com/matrix-org/matrix-ios-sdk/pull/1768)) +- Crypto: Remove legacy crypto store ([#1769](https://github.com/matrix-org/matrix-ios-sdk/pull/1769)) + + ## Changes in 0.26.7 (2023-04-12) 🙌 Improvements diff --git a/MatrixSDK.podspec b/MatrixSDK.podspec index 5986c7023a..bd29e618e3 100644 --- a/MatrixSDK.podspec +++ b/MatrixSDK.podspec @@ -1,7 +1,7 @@ Pod::Spec.new do |s| s.name = "MatrixSDK" - s.version = "0.26.7" + s.version = "0.26.8" s.summary = "The iOS SDK to build apps compatible with Matrix (https://www.matrix.org)" s.description = <<-DESC diff --git a/MatrixSDK/MatrixSDKVersion.m b/MatrixSDK/MatrixSDKVersion.m index d399c66189..b8ab06bb4a 100644 --- a/MatrixSDK/MatrixSDKVersion.m +++ b/MatrixSDK/MatrixSDKVersion.m @@ -16,4 +16,4 @@ #import -NSString *const MatrixSDKVersion = @"0.26.7"; +NSString *const MatrixSDKVersion = @"0.26.8"; diff --git a/changelog.d/pr-1767.change b/changelog.d/pr-1767.change deleted file mode 100644 index 7e16762759..0000000000 --- a/changelog.d/pr-1767.change +++ /dev/null @@ -1 +0,0 @@ -Crypto: Update Crypto SDK diff --git a/changelog.d/pr-1768.change b/changelog.d/pr-1768.change deleted file mode 100644 index 07abae3c87..0000000000 --- a/changelog.d/pr-1768.change +++ /dev/null @@ -1 +0,0 @@ -Cross-signing: Ensure device signed after restoring cross-signing keys diff --git a/changelog.d/pr-1769.change b/changelog.d/pr-1769.change deleted file mode 100644 index 73df5c9a81..0000000000 --- a/changelog.d/pr-1769.change +++ /dev/null @@ -1 +0,0 @@ -Crypto: Remove legacy crypto store From a61844abef0d33a0014f2e9932c4d515da7b4578 Mon Sep 17 00:00:00 2001 From: Doug Date: Tue, 18 Apr 2023 11:29:36 +0100 Subject: [PATCH 10/10] finish version++