WIP on valere/matrix_rtc_key_transport

BillCarsonFr · BillCarsonFr · commit d3733d7931a1 · 2025-04-02T15:33:54.000+02:00
diff --git a/src/client.ts b/src/client.ts
@@ -207,7 +207,7 @@ import {
 import { M_BEACON_INFO, type MBeaconInfoEventContent } from "./@types/beacon.ts";
 import { NamespacedValue, UnstableValue } from "./NamespacedValue.ts";
 import { ToDeviceMessageQueue } from "./ToDeviceMessageQueue.ts";
-import { type ToDeviceBatch } from "./models/ToDeviceMessage.ts";
+import {type ToDeviceBatch, ToDevicePayload} from "./models/ToDeviceMessage.ts";
 import { IgnoredInvites } from "./models/invites-ignorer.ts";
 import { type UIARequest } from "./@types/uia.ts";
 import { type LocalNotificationSettings } from "./@types/local_notifications.ts";
@@ -7942,7 +7942,23 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
         return this.http.authedRequest(Method.Put, path, undefined, body);
     }
 
-    /**
+    public async encryptAndSendToDevice(
+        eventType: string,
+        devices: { userId: string; deviceId: string }[],
+        payload: ToDevicePayload,
+    ): Promise<void> {
+        if (!this.cryptoBackend) {
+            throw new Error("Cannot encrypt to device event, your client does not support encryption.");
+        }
+        const batch = await this.cryptoBackend.encryptToDeviceMessages(eventType, devices, payload);
+
+        // TODO The batch mechanism removes all possibility to get error feedbacks..
+        // We might want instead to do the API call directly and pass the errors back.
+        await this.queueToDevice(batch);
+    }
+
+
+        /**
      * Sends events directly to specific devices using Matrix's to-device
      * messaging system. The batch will be split up into appropriately sized
      * batches for sending and stored in the store so they can be retried
diff --git a/src/embedded.ts b/src/embedded.ts
@@ -464,6 +464,22 @@ export class RoomWidgetClient extends MatrixClient {
         return {};
     }
 
+    public async encryptAndSendToDevice(
+        eventType: string,
+        devices: { userId: string; deviceId: string }[],
+        payload: ToDevicePayload,
+    ): Promise<void> {
+        // map: user Id → device Id → payload
+        const contentMap: MapWithDefault<string, Map<string, ToDevicePayload>> = new MapWithDefault(() => new Map());
+        for (const { userId, deviceId } of devices) {
+            contentMap.getOrCreate(userId).set(deviceId, payload);
+        }
+
+        await this.widgetApi
+            .sendToDevice(eventType, true, recursiveMapToObject(contentMap))
+            .catch(timeoutToConnectionError);
+    }
+
     public async sendToDevice(eventType: string, contentMap: SendToDeviceContentMap): Promise<EmptyObject> {
         await this.widgetApi
             .sendToDevice(eventType, false, recursiveMapToObject(contentMap))
diff --git a/src/http-api/fetch.ts b/src/http-api/fetch.ts
@@ -218,7 +218,7 @@ export class FetchHttpApi<O extends IHttpOpts> {
      * On success, sets new access and refresh tokens in opts.
      * @returns Promise that resolves to a boolean - true when token was refreshed successfully
      */
-    @singleAsyncExecution
+    // @singleAsyncExecution
     private async tryRefreshToken(): Promise<TokenRefreshOutcome> {
         if (!this.opts.refreshToken || !this.opts.tokenRefreshFunction) {
             return TokenRefreshOutcome.Logout;
diff --git a/src/matrixrtc/EncryptionManager.ts b/src/matrixrtc/EncryptionManager.ts
@@ -339,6 +339,7 @@ export class EncryptionManager implements IEncryptionManager {
         timestamp: number,
         delayBeforeUse = false,
     ): void {
+        logger.debug(`Setting encryption key for ${userId}:${deviceId} at index ${encryptionKeyIndex}`);
         const keyBin = decodeBase64(encryptionKeyString);
 
         const participantId = getParticipantId(userId, deviceId);
diff --git a/src/matrixrtc/MatrixRTCSession.ts b/src/matrixrtc/MatrixRTCSession.ts
@@ -29,7 +29,7 @@ import { EncryptionManager, type IEncryptionManager, type Statistics } from "./E
 import { LegacyMembershipManager } from "./LegacyMembershipManager.ts";
 import { logDurationSync } from "../utils.ts";
 import type { IMembershipManager } from "./types.ts";
-import { RoomKeyTransport } from "./RoomKeyTransport.ts";
+import { ToDeviceKeyTransport } from "./ToDeviceKeyTransport.ts";
 
 const logger = rootLogger.getChild("MatrixRTCSession");
 
@@ -296,7 +296,9 @@ export class MatrixRTCSession extends TypedEventEmitter<MatrixRTCSessionEvent, M
             | "_unstable_updateDelayedEvent"
             | "sendEvent"
             | "cancelPendingEvent"
-            | "decryptEventIfNeeded"
+            | "encryptAndSendToDevice"
+            | "off"
+            | "on"
         >,
         private roomSubset: Pick<
             Room,
@@ -311,7 +313,14 @@ export class MatrixRTCSession extends TypedEventEmitter<MatrixRTCSessionEvent, M
         roomState?.on(RoomStateEvent.Members, this.onRoomMemberUpdate);
         this.setExpiryTimer();
 
-        const transport = new RoomKeyTransport(this.roomSubset, this.client, this.statistics);
+        // const transport = new RoomKeyTransport(this.roomSubset.roomId, this.client);
+        const transport = new ToDeviceKeyTransport(
+            this.client.getUserId()!,
+            this.client.getDeviceId()!,
+            this.roomSubset.roomId,
+            this.client,
+        );
+        // const transport = new RoomKeyTransport(this.roomSubset, this.client, this.statistics);
         this.encryptionManager = new EncryptionManager(
             this.client.getUserId()!,
             this.client.getDeviceId()!,
@@ -544,4 +553,5 @@ export class MatrixRTCSession extends TypedEventEmitter<MatrixRTCSessionEvent, M
 
         this.setExpiryTimer();
     };
+
 }
diff --git a/src/matrixrtc/ToDeviceKeyTransport.ts b/src/matrixrtc/ToDeviceKeyTransport.ts
@@ -0,0 +1,161 @@
+/*
+Copyright 2025 The Matrix.org Foundation C.I.C.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+import {ClientEvent, EventType, type MatrixClient, MatrixEvent } from "../matrix.ts";
+import { TypedEventEmitter } from "../models/typed-event-emitter.ts";
+import {Statistics} from "./EncryptionManager.ts";
+import {IKeyTransport, KeyTransportEvents, KeyTransportEventsHandlerMap} from "./IKeyTransport.ts";
+import {type Logger, logger} from "../logger.ts";
+import {CallMembership} from "./CallMembership.ts";
+
+export type ParticipantId = string
+
+export interface EncryptionKeysToDeviceEventContent {
+    keys: { index: number; key: string };
+    // member: {
+    // id: ParticipantId,
+    // device_id: string,
+    // user_id: string
+    // };
+    roomId: string;
+    session: {
+        application: string,
+        call_id: string,
+        scope: string
+    },
+}
+
+export class ToDeviceKeyTransport extends TypedEventEmitter<KeyTransportEvents, KeyTransportEventsHandlerMap>
+    implements IKeyTransport {
+    private readonly prefixedLogger: Logger;
+
+    public constructor(
+        private userId: string,
+        private deviceId: string,
+        private roomId: string,
+        private client: Pick<MatrixClient, "encryptAndSendToDevice" | "on" | "off">,
+        // private statistics: Statistics,
+    ) {
+        super();
+        this.prefixedLogger = logger.getChild(`[RTC: ${roomId} ToDeviceKeyTransport]`);
+    }
+
+    start(): void {
+        this.client.on(ClientEvent.ToDeviceEvent, this.onToDeviceEvent);
+    }
+
+    stop(): void {
+        this.client.off(ClientEvent.ToDeviceEvent, this.onToDeviceEvent);
+    }
+
+    public async sendKey(keyBase64Encoded: string, index: number, members: CallMembership[]): Promise<void> {
+        const content: EncryptionKeysToDeviceEventContent = {
+            keys: {
+                index: index,
+                key: keyBase64Encoded,
+            },
+            roomId: this.roomId,
+            // member: {
+            //     id: getParticipantId(this.userId, this.deviceId),
+            //     // device_id: this.deviceId,
+            //     // user_id: this.userId
+            // },
+            session: {
+                call_id: "",
+                application: "m.call",
+                scope: "m.room",
+            },
+        };
+
+        const targets = members.filter(member => {
+            // filter malformed call members
+            if (member.sender == undefined || member.deviceId == undefined) {
+                logger.warn(`Malformed call member: ${member.sender}|${member.deviceId}`);
+                return false;
+            }
+            // Filter out me
+            return !(member.sender == this.userId && member.deviceId == this.deviceId);
+        })
+            .map(member => {
+                return {
+                    userId: member.sender!,
+                    deviceId: member.deviceId!,
+                }
+            });
+
+        if (targets.length > 0) {
+            await this.client.encryptAndSendToDevice(EventType.CallEncryptionKeysPrefix, targets, content);
+        } else {
+            this.prefixedLogger.warn("No targets found for sending key");
+        }
+    }
+
+    receiveRoomEvent(event: MatrixEvent /**, statistics: Statistics*/): void {
+        // The event has already been validated at this point.
+        const content = event.getContent<EncryptionKeysToDeviceEventContent>();
+
+        // statistics.counters.roomEventEncryptionKeysReceived += 1;
+
+        // WTF is this?
+        // const age = Date.now() - (typeof content.sent_ts === "number" ? content.sent_ts : event.getTs());
+        // statistics.totals.roomEventEncryptionKeysReceivedTotalAge += age;
+
+        this.emit(
+            KeyTransportEvents.ReceivedKeys,
+            event.getSender()!,
+            // TODO: Check that this is correctly passed from the to device and is not claimed info
+            (event.event as any)["sender_device"]!,
+            content.keys.key,
+            content.keys.index,
+            event.getTs(),
+        )
+    }
+
+
+    private onToDeviceEvent = (event: MatrixEvent): void => {
+        if (event.getType() !== EventType.CallEncryptionKeysPrefix) {
+            // Ignore this is not a call encryption event
+            return;
+        }
+
+        // if (event.getWireType() != EventType.RoomMessageEncrypted) {
+        //     // WARN: The call keys were sent in clear. Ignore them
+        //     logger.warn(`Call encryption keys sent in clear from: ${event.getSender()}`);
+        //     return;
+        // }
+
+        const content = event.getContent<EncryptionKeysToDeviceEventContent>();
+        const roomId = content.roomId;
+        if (!roomId) {
+            // Invalid event
+            logger.warn("onToDeviceEvent: invalid call encryption keys event, no roomId");
+            return;
+        }
+
+        if (roomId !== this.roomId) {
+            return;
+        }
+        // const rtcSession = this.roomSessions.get(roomId);
+        // if (!rtcSession) {
+        //     logger.warn(`onToDeviceEvent: call encryption keys event for unknown session for room ${roomId}`);
+        //     return;
+        // }
+
+        this.receiveRoomEvent(event
+            // , this.statistics
+        );
+    };
+}
