crypto: Calculate sender data for incoming sessions

Author: andybalaam

crates/matrix-sdk-crypto/src/gossiping/machine.rs

@@ -1218,6 +1218,8 @@ mod tests {
         create_sessions: bool,
         algorithm: EventEncryptionAlgorithm,
     ) -> (GossipMachine, OutboundGroupSession, GossipMachine) {
+        use crate::olm::SenderData;
+
         let alice_machine = get_machine_test_helper().await;
         let alice_device = ReadOnlyDevice::from_account(
             &alice_machine.inner.store.cache().await.unwrap().account().await.unwrap(),
@@ -1270,7 +1272,7 @@ mod tests {
             .inner
             .store
             .static_account()
-            .create_group_session_pair(room_id(), settings)
+            .create_group_session_pair(room_id(), settings, SenderData::unknown())
             .await
             .unwrap();
 

crates/matrix-sdk-crypto/src/machine.rs

@@ -66,7 +66,8 @@ use crate::{
     identities::{user::UserIdentities, Device, IdentityManager, UserDevices},
     olm::{
         Account, CrossSigningStatus, EncryptionSettings, IdentityKeys, InboundGroupSession,
-        OlmDecryptionInfo, PrivateCrossSigningIdentity, SenderData, SessionType, StaticAccountData,
+        OlmDecryptionInfo, PrivateCrossSigningIdentity, SenderData, SenderDataFinder, SessionType,
+        StaticAccountData,
     },
     requests::{IncomingResponse, OutgoingRequest, UploadSigningKeysRequest},
     session_manager::{GroupSessionManager, SessionManager},
@@ -816,7 +817,7 @@ impl OlmMachine {
         event: &DecryptedRoomKeyEvent,
         content: &MegolmV1AesSha2Content,
     ) -> OlmResult<Option<InboundGroupSession>> {
-        let sender_data = SenderData::unknown();
+        let sender_data = SenderDataFinder::find_using_event(self, sender_key, event).await?;
 
         let session = InboundGroupSession::new(
             sender_key,
@@ -900,7 +901,11 @@ impl OlmMachine {
         let (_, session) = self
             .inner
             .group_session_manager
-            .create_outbound_group_session(room_id, EncryptionSettings::default())
+            .create_outbound_group_session(
+                room_id,
+                EncryptionSettings::default(),
+                SenderData::unknown(),
+            )
             .await?;
 
         self.store().save_inbound_group_sessions(&[session]).await?;
@@ -917,7 +922,11 @@ impl OlmMachine {
         let (_, session) = self
             .inner
             .group_session_manager
-            .create_outbound_group_session(room_id, EncryptionSettings::default())
+            .create_outbound_group_session(
+                room_id,
+                EncryptionSettings::default(),
+                SenderData::unknown(),
+            )
             .await?;
 
         Ok(session)
@@ -1016,7 +1025,26 @@ impl OlmMachine {
         users: impl Iterator<Item = &UserId>,
         encryption_settings: impl Into<EncryptionSettings>,
     ) -> OlmResult<Vec<Arc<ToDeviceRequest>>> {
-        self.inner.group_session_manager.share_room_key(room_id, users, encryption_settings).await
+        // Use our own device info to populate the SenderData that validates the
+        // InboundGroupSession that we create as a pair to the OutboundGroupSession we
+        // are sending out.
+        let account = self.store().static_account();
+        let device = self.store().get_device(account.user_id(), account.device_id()).await;
+        let own_sender_data = match device {
+            Ok(Some(device)) => {
+                SenderDataFinder::find_using_device_keys(self, device.as_device_keys().clone())
+                    .await?
+            }
+            _ => {
+                error!("Unable to find our own device!");
+                SenderData::unknown()
+            }
+        };
+
+        self.inner
+            .group_session_manager
+            .share_room_key(room_id, users, encryption_settings, own_sender_data)
+            .await
     }
 
     /// Receive an unencrypted verification event.
@@ -4169,7 +4197,7 @@ pub(crate) mod tests {
         let (outbound, mut inbound) = alice
             .store()
             .static_account()
-            .create_group_session_pair(room_id, Default::default())
+            .create_group_session_pair(room_id, Default::default(), SenderData::unknown())
             .await
             .unwrap();
 

crates/matrix-sdk-crypto/src/olm/account.rs

@@ -198,6 +198,7 @@ impl StaticAccountData {
         &self,
         room_id: &RoomId,
         settings: EncryptionSettings,
+        own_sender_data: SenderData,
     ) -> Result<(OutboundGroupSession, InboundGroupSession), MegolmSessionCreationError> {
         trace!(?room_id, algorithm = settings.algorithm.as_str(), "Creating a new room key");
 
@@ -221,7 +222,7 @@ impl StaticAccountData {
             signing_key,
             room_id,
             &outbound.session_key().await,
-            SenderData::unknown(),
+            own_sender_data,
             algorithm,
             Some(visibility),
         )?;
@@ -237,9 +238,13 @@ impl StaticAccountData {
         &self,
         room_id: &RoomId,
     ) -> (OutboundGroupSession, InboundGroupSession) {
-        self.create_group_session_pair(room_id, EncryptionSettings::default())
-            .await
-            .expect("Can't create default group session pair")
+        self.create_group_session_pair(
+            room_id,
+            EncryptionSettings::default(),
+            SenderData::unknown(),
+        )
+        .await
+        .expect("Can't create default group session pair")
     }
 
     /// Get the key ID of our Ed25519 signing key.

crates/matrix-sdk-crypto/src/olm/group_sessions/mod.rs

@@ -18,13 +18,15 @@ use serde::{Deserialize, Serialize};
 mod inbound;
 mod outbound;
 mod sender_data;
+mod sender_data_finder;
 
 pub use inbound::{InboundGroupSession, PickledInboundGroupSession};
 pub(crate) use outbound::ShareState;
 pub use outbound::{
     EncryptionSettings, OutboundGroupSession, PickledOutboundGroupSession, ShareInfo,
 };
 pub use sender_data::{SenderData, SenderDataRetryDetails};
+pub(crate) use sender_data_finder::SenderDataFinder;
 use thiserror::Error;
 pub use vodozemac::megolm::{ExportedSessionKey, SessionKey};
 use vodozemac::{megolm::SessionKeyDecodeError, Curve25519PublicKey};

crates/matrix-sdk-crypto/src/olm/group_sessions/outbound.rs

@@ -811,7 +811,10 @@ mod tests {
             user_id, SecondsSinceUnixEpoch,
         };
 
-        use crate::{olm::OutboundGroupSession, Account, EncryptionSettings, MegolmError};
+        use crate::{
+            olm::{OutboundGroupSession, SenderData},
+            Account, EncryptionSettings, MegolmError,
+        };
 
         const TWO_HOURS: Duration = Duration::from_secs(60 * 60 * 2);
 
@@ -999,7 +1002,11 @@ mod tests {
                 Account::with_device_id(user_id!("@alice:example.org"), device_id!("DEVICEID"))
                     .static_data;
             let (session, _) = account
-                .create_group_session_pair(room_id!("!test_room:example.org"), settings)
+                .create_group_session_pair(
+                    room_id!("!test_room:example.org"),
+                    settings,
+                    SenderData::unknown(),
+                )
                 .await
                 .unwrap();
             session