Skip to content

Commit

Permalink
Merge branch 'release/0.26.2/master'
Browse files Browse the repository at this point in the history
  • Loading branch information
Velin92 committed Mar 21, 2023
2 parents 2fda00e + f7d1ddb commit 941aa44
Show file tree
Hide file tree
Showing 67 changed files with 1,368 additions and 777 deletions.
16 changes: 16 additions & 0 deletions CHANGES.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,19 @@
## Changes in 0.26.2 (2023-03-21)

🙌 Improvements

- Crypto: Always update tracked users when sharing keys ([#1733](https://github.com/matrix-org/matrix-ios-sdk/pull/1733))
- CryptoV2: Fully deprecate MXCryptoStore ([#1735](https://github.com/matrix-org/matrix-ios-sdk/pull/1735))
- Make CallKit maximumCallGroups configurable. ([#1738](https://github.com/matrix-org/matrix-ios-sdk/pull/1738))
- Crypto: Simplify user verification state ([#1740](https://github.com/matrix-org/matrix-ios-sdk/pull/1740))
- Rageshakes: Identify crypto module ([#1742](https://github.com/matrix-org/matrix-ios-sdk/pull/1742))
- Session: Improved session startup progress ([#7417](https://github.com/vector-im/element-ios/issues/7417))

🐛 Bugfixes

- MXCallManager: Make call transfer requests sequential. ([#1739](https://github.com/matrix-org/matrix-ios-sdk/pull/1739))


## Changes in 0.26.1 (2023-03-13)

🐛 Bugfixes
Expand Down
4 changes: 2 additions & 2 deletions MatrixSDK.podspec
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
Pod::Spec.new do |s|

s.name = "MatrixSDK"
s.version = "0.26.1"
s.version = "0.26.2"
s.summary = "The iOS SDK to build apps compatible with Matrix (https://www.matrix.org)"

s.description = <<-DESC
Expand Down Expand Up @@ -45,7 +45,7 @@ Pod::Spec.new do |s|
ss.dependency 'OLMKit', '~> 3.2.5'
ss.dependency 'Realm', '10.27.0'
ss.dependency 'libbase58', '~> 0.1.4'
ss.dependency 'MatrixSDKCrypto', '0.2.1', :configurations => ["DEBUG", "RELEASE"], :inhibit_warnings => true
ss.dependency 'MatrixSDKCrypto', '0.3.0', :configurations => ["DEBUG", "RELEASE"], :inhibit_warnings => true
end

s.subspec 'JingleCallStack' do |ss|
Expand Down
56 changes: 44 additions & 12 deletions MatrixSDK.xcodeproj/project.pbxproj

Large diffs are not rendered by default.

55 changes: 21 additions & 34 deletions MatrixSDK/Crypto/Algorithms/RoomEvent/MXRoomEventEncryption.swift
Original file line number Diff line number Diff line change
Expand Up @@ -47,24 +47,19 @@ struct MXRoomEventEncryption: MXRoomEventEncrypting {
private static let keyRotationPeriodSec: Int = 7 * 24 * 3600 // Rotate room keys each week

private let handler: MXCryptoRoomEventEncrypting
private let legacyStore: MXCryptoStore
private let getRoomAction: GetRoomAction
private let log = MXNamedLog(name: "MXRoomEventEncryption")

init(
handler: MXCryptoRoomEventEncrypting,
legacyStore: MXCryptoStore,
getRoomAction: @escaping GetRoomAction
) {
self.handler = handler
self.legacyStore = legacyStore
self.getRoomAction = getRoomAction
}

func isRoomEncrypted(roomId: String) -> Bool {
// State of room encryption is not yet implemented in `MatrixSDKCrypto`
// Will be moved to `MatrixSDKCrypto` eventually
return legacyStore.algorithm(forRoom: roomId) != nil
return handler.roomSettings(roomId: roomId)?.algorithm != nil
}

func ensureRoomKeysShared(roomId: String) async throws {
Expand Down Expand Up @@ -108,7 +103,7 @@ struct MXRoomEventEncryption: MXRoomEventEncrypting {
for: room,
historyVisibility: state.historyVisibility
)
handler.addTrackedUsers(users)
handler.updateTrackedUsers(users)
}

// MARK: - Private
Expand All @@ -128,6 +123,12 @@ struct MXRoomEventEncryption: MXRoomEventEncrypting {
historyVisibility: state.historyVisibility
)

// Room membership events should ensure that we are always tracking users as soon as possible,
// but there are rare edge-cases where this does not always happen. To add a safety mechanism
// we will always update tracked users when sharing keys (which does nothing if a user is
// already tracked), triggering a key request for missing users in the next sync loop.
handler.updateTrackedUsers(users)

let settings = try encryptionSettings(for: state)
try await handler.shareRoomKeysIfNecessary(
roomId: roomId,
Expand All @@ -138,37 +139,23 @@ struct MXRoomEventEncryption: MXRoomEventEncrypting {

/// Make sure that we recognize (and store if necessary) the claimed room encryption algorithm
private func ensureRoomEncryption(roomId: String, algorithm: String?) throws {
let existingAlgorithm = legacyStore.algorithm(forRoom: roomId)
if existingAlgorithm != nil && existingAlgorithm == algorithm {
// Encryption in room is already set to the correct algorithm
return
}
log.debug("Attempting to set algorithm to \(algorithm ?? "empty")")

guard let algorithm = algorithm else {
if existingAlgorithm != nil {
log.error("Resetting encryption is not allowed")
return
do {
let algorithm = try EventEncryptionAlgorithm(string: algorithm)
try handler.setRoomAlgorithm(roomId: roomId, algorithm: algorithm)
} catch {
if let existing = handler.roomSettings(roomId: roomId)?.algorithm {
log.error("Failed to set algorithm, but another room algorithm already stored", context: [
"existing": existing,
"new": algorithm ?? "empty"
])
} else {
throw Error.invalidEncryptionAlgorithm
log.error("Failed to set algorithm", context: error)
throw error
}
}

let supportedAlgorithms = Set([kMXCryptoMegolmAlgorithm])
guard supportedAlgorithms.contains(algorithm) else {
log.error("Ignoring invalid room algorithm", context: [
"room_id": roomId,
"algorithm": algorithm
])
throw Error.invalidEncryptionAlgorithm
}

if let existing = existingAlgorithm, existing != algorithm {
log.warning("New m.room.encryption event in \(roomId) with an algorithm change from \(existing) to \(algorithm)")
} else {
log.debug("New m.room.encryption event with algorithm \(algorithm)")
}

legacyStore.storeAlgorithm(forRoom: roomId, algorithm: algorithm)
}

/// Get user ids for all room members that should be able to decrypt events, based on the history visibility setting
Expand Down Expand Up @@ -202,7 +189,7 @@ struct MXRoomEventEncryption: MXRoomEventEncrypting {
}

private func onlyTrustedDevices(in roomId: String) -> Bool {
return legacyStore.globalBlacklistUnverifiedDevices || legacyStore.blacklistUnverifiedDevices(inRoom: roomId)
return handler.onlyAllowTrustedDevices || handler.roomSettings(roomId: roomId)?.onlyAllowTrustedDevices == true
}

private func room(for roomId: String) throws -> MXRoom {
Expand Down
3 changes: 1 addition & 2 deletions MatrixSDK/Crypto/CrossSigning/Data/MXCrossSigningInfo.h
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,6 @@
#import <Foundation/Foundation.h>

#import "MXCrossSigningKey.h"
#import "MXUserTrustLevel.h"

@class MXCryptoUserIdentityWrapper;

Expand Down Expand Up @@ -56,7 +55,7 @@ extern NSString *const MXCrossSigningInfoTrustLevelDidChangeNotification;

#pragma mark - Additional information

@property (nonatomic, readonly) MXUserTrustLevel *trustLevel;
@property (nonatomic, readonly) BOOL isVerified;

@end

Expand Down
80 changes: 60 additions & 20 deletions MatrixSDK/Crypto/CrossSigning/Data/MXCrossSigningInfo.m
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,38 @@

NSString *const MXCrossSigningInfoTrustLevelDidChangeNotification = @"MXCrossSigningInfoTrustLevelDidChangeNotification";

#pragma mark - Deprecated user trust

/**
Deprecated model of user trust that distinguished local vs cross-signing verification
This model is no longer used and is replaced by a combined `isVerified` property on `MXCrossSigningInfo`.
For backwards compatibility (reading archived values) the model needs to be kept around, albeit as private only.
*/
@interface MXDeprecatedUserTrustLevel : NSObject <NSCoding>
@property (nonatomic, readonly) BOOL isCrossSigningVerified;
@end

@implementation MXDeprecatedUserTrustLevel
- (id)initWithCoder:(NSCoder *)aDecoder
{
self = [super init];
if (self)
{
// We ignore `isLocallyVerified` field and only consider `isCrossSigningVerified`
_isCrossSigningVerified = [aDecoder decodeBoolForKey:@"isCrossSigningVerified"];
}
return self;
}

- (void)encodeWithCoder:(NSCoder *)aCoder
{
MXLogFailure(@"[MXDeprecatedUserTrustLevel] encode: This model should only be used for decoding existing data, not encoding new data");
}
@end

#pragma mark - CrossSigningInfo

@implementation MXCrossSigningInfo

- (instancetype)initWithUserIdentity:(MXCryptoUserIdentityWrapper *)userIdentity
Expand All @@ -43,7 +75,7 @@ - (instancetype)initWithUserIdentity:(MXCryptoUserIdentityWrapper *)userIdentity
keys[MXCrossSigningKeyType.userSigning] = userIdentity.userSignedKeys;
}
_keys = keys.copy;
_trustLevel = userIdentity.trustLevel;
_isVerified = userIdentity.isVerified;
}
return self;
}
Expand Down Expand Up @@ -92,7 +124,22 @@ - (id)initWithCoder:(NSCoder *)aDecoder
{
_userId = [aDecoder decodeObjectForKey:@"userId"];
_keys = [aDecoder decodeObjectForKey:@"keys"];
_trustLevel = [aDecoder decodeObjectForKey:@"trustLevel"];

// Initial version (i.e. version 0) of the model stored user trust via `MXUserTrustLevel` submodel.
// If we are reading this version out we need to decode verification state from this model before
// migrating it over to `isVerified`
NSInteger version = [aDecoder decodeIntegerForKey:@"version"];
if (version == 0)
{
[NSKeyedUnarchiver setClass:MXDeprecatedUserTrustLevel.class forClassName:@"MXUserTrustLevel"];
MXDeprecatedUserTrustLevel *trust = [aDecoder decodeObjectForKey:@"trustLevel"];
// Only convert cross-signed verification status, not local verification status
_isVerified = trust.isCrossSigningVerified;
}
else
{
_isVerified = [aDecoder decodeBoolForKey:@"isVerified"];
}
}
return self;
}
Expand All @@ -101,7 +148,8 @@ - (void)encodeWithCoder:(NSCoder *)aCoder
{
[aCoder encodeObject:_userId forKey:@"userId"];
[aCoder encodeObject:_keys forKey:@"keys"];
[aCoder encodeObject:_trustLevel forKey:@"trustLevel"];
[aCoder encodeBool:_isVerified forKey:@"isVerified"];
[aCoder encodeInteger:1 forKey:@"version"];
}


Expand All @@ -113,31 +161,23 @@ - (instancetype)initWithUserId:(NSString *)userId
if (self)
{
_userId = userId;
_trustLevel = [MXUserTrustLevel new];
_isVerified = NO;
}
return self;
}

- (void)setTrustLevel:(MXUserTrustLevel*)trustLevel
{
_trustLevel = trustLevel;
}

- (BOOL)updateTrustLevel:(MXUserTrustLevel*)trustLevel
- (void)setIsVerified:(BOOL)isVerified
{
BOOL updated = NO;

if (![_trustLevel isEqual:trustLevel])
if (_isVerified == isVerified)
{
_trustLevel = trustLevel;
updated = YES;
[self didUpdateTrustLevel];
return;
}

return updated;

_isVerified = isVerified;
[self didUpdateVerificationState];
}

- (void)didUpdateTrustLevel
- (void)didUpdateVerificationState
{
dispatch_async(dispatch_get_main_queue(),^{
[[NSNotificationCenter defaultCenter] postNotificationName:MXCrossSigningInfoTrustLevelDidChangeNotification object:self userInfo:nil];
Expand All @@ -158,7 +198,7 @@ - (void)addCrossSigningKey:(MXCrossSigningKey*)crossSigningKey type:(NSString*)t

- (NSString *)description
{
return [NSString stringWithFormat:@"<MXCrossSigningInfo: %p> Trusted: %@\nMSK: %@\nSSK: %@\nUSK: %@", self, @(self.trustLevel.isCrossSigningVerified), self.masterKeys, self.selfSignedKeys, self.userSignedKeys];
return [NSString stringWithFormat:@"<MXCrossSigningInfo: %p> Verified: %@\nMSK: %@\nSSK: %@\nUSK: %@", self, @(self.isVerified), self.masterKeys, self.selfSignedKeys, self.userSignedKeys];
}

@end
Original file line number Diff line number Diff line change
Expand Up @@ -23,8 +23,7 @@ NS_ASSUME_NONNULL_BEGIN

- (instancetype)initWithUserId:(NSString *)userId;

- (void)setTrustLevel:(MXUserTrustLevel*)trustLevel;
- (BOOL)updateTrustLevel:(MXUserTrustLevel*)trustLevel;
- (void)setIsVerified:(BOOL)isVerified;
- (void)addCrossSigningKey:(MXCrossSigningKey*)crossSigningKey type:(NSString*)type;

@end
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ import MatrixSDKCrypto
public let masterKeys: MXCrossSigningKey?
public let selfSignedKeys: MXCrossSigningKey?
public let userSignedKeys: MXCrossSigningKey?
public let trustLevel: MXUserTrustLevel
public let isVerified: Bool

internal init(identity: UserIdentity, isVerified: Bool) {
switch identity {
Expand All @@ -43,13 +43,7 @@ import MatrixSDKCrypto
self.selfSignedKeys = .init(jsonString: selfSigningKey)
self.userSignedKeys = nil
}

// `MatrixSDKCrypto` does not distinguish local and cross-signed
// verification status for users
trustLevel = MXUserTrustLevel(
crossSigningVerified: isVerified,
locallyVerified: isVerified
)
self.isVerified = isVerified
}
}

Expand Down
Loading

0 comments on commit 941aa44

Please sign in to comment.