feat(crypto): Request room keys if the decryption failure is an unknown message index

We automatically request room keys to be forwarded from our other trusted devices if a decryption failure happens because the room key is missing.

This patch introduces automatic room key requests for decryption failures if the room key is available but has been ratcheted forward. In other words, we will now request a better version of the given room key automatically as well.

Co-authored-by: Damir Jelić <[email protected]>

Author: BillCarsonFr

crates/matrix-sdk-crypto/src/machine.rs

@@ -44,7 +44,10 @@ use ruma::{
 };
 use serde_json::{value::to_raw_value, Value};
 use tracing::{debug, error, info, trace, warn};
-use vodozemac::{megolm::SessionOrdering, Curve25519PublicKey, Ed25519Signature};
+use vodozemac::{
+    megolm::{DecryptionError, SessionOrdering},
+    Curve25519PublicKey, Ed25519Signature,
+};
 
 #[cfg(feature = "backups_v1")]
 use crate::backups::BackupMachine;
@@ -1143,8 +1146,6 @@ impl OlmMachine {
 
             Ok(TimelineEvent { encryption_info: Some(encryption_info), event: decrypted_event })
         } else {
-            self.key_request_machine.create_outgoing_key_request(room_id, event).await?;
-
             Err(MegolmError::MissingRoomKey)
         }
     }
@@ -1179,29 +1180,36 @@ impl OlmMachine {
             }
         };
 
-        self.decrypt_megolm_events(room_id, &event, &content).await.map_err(|e| {
-            if let MegolmError::MissingRoomKey = e {
-                // TODO log the withheld reason if we have one.
-                debug!(
-                    sender = event.sender.as_str(),
-                    room_id = room_id.as_str(),
-                    session_id = content.session_id(),
-                    algorithm = %content.algorithm(),
-                    "Failed to decrypt a room event, the room key is missing"
-                );
-            } else {
-                warn!(
-                    sender = event.sender.as_str(),
-                    room_id = room_id.as_str(),
-                    session_id = content.session_id(),
-                    algorithm = %content.algorithm(),
-                    error = ?e,
-                    "Failed to decrypt a room event"
-                );
+        let result = self.decrypt_megolm_events(room_id, &event, &content).await;
+
+        if let Err(e) = &result {
+            match e {
+                MegolmError::MissingRoomKey
+                | MegolmError::Decryption(DecryptionError::UnknownMessageIndex(_, _)) => {
+                    // TODO: log the withheld reason if we have one.
+                    debug!(
+                        sender = event.sender.as_str(),
+                        room_id = room_id.as_str(),
+                        session_id = content.session_id(),
+                        algorithm = %content.algorithm(),
+                        "Failed to decrypt a room event, the room key is missing or has been ratcheted"
+                    );
+                    self.key_request_machine.create_outgoing_key_request(room_id, &event).await?;
+                }
+                _ => {
+                    warn!(
+                        sender = event.sender.as_str(),
+                        room_id = room_id.as_str(),
+                        session_id = content.session_id(),
+                        algorithm = %content.algorithm(),
+                        error = ?e,
+                        "Failed to decrypt a room event"
+                    );
+                }
             }
+        }
 
-            e
-        })
+        result
     }
 
     /// Update the tracked users.
@@ -1627,7 +1635,7 @@ pub(crate) mod tests {
         },
         utilities::json_convert,
         verification::tests::{outgoing_request_to_event, request_to_event},
-        EncryptionSettings, OlmError, ReadOnlyDevice, ToDeviceRequest,
+        EncryptionSettings, MegolmError, OlmError, ReadOnlyDevice, ToDeviceRequest,
     };
 
     /// These keys need to be periodically uploaded to the server.
@@ -2080,6 +2088,75 @@ pub(crate) mod tests {
         }
     }
 
+    #[async_test]
+    async fn test_query_ratcheted_key() {
+        let (alice, bob) = get_machine_pair_with_setup_sessions().await;
+        let room_id = room_id!("!test:example.org");
+
+        // Need a second bob session to check gossiping
+        let bob_id = user_id();
+        let bob_other_device = device_id!("OTHERBOB");
+        let bob_other_machine = OlmMachine::new(bob_id, bob_other_device).await;
+        let bob_other_device = ReadOnlyDevice::from_machine(&bob_other_machine).await;
+        bob.store.save_devices(&[bob_other_device]).await.unwrap();
+        bob.get_device(bob_id, device_id!("OTHERBOB"), None)
+            .await
+            .unwrap()
+            .expect("should exist")
+            .set_trust_state(crate::LocalTrust::Verified);
+
+        alice.create_outbound_group_session_with_defaults(room_id).await.unwrap();
+
+        let plaintext = "It is a secret to everybody";
+
+        let content = RoomMessageEventContent::text_plain(plaintext);
+
+        let content = alice
+            .encrypt_room_event(room_id, AnyMessageLikeEventContent::RoomMessage(content.clone()))
+            .await
+            .unwrap();
+
+        let room_event = OriginalSyncRoomEncryptedEvent {
+            event_id: event_id!("$xxxxx:example.org").to_owned(),
+            origin_server_ts: MilliSecondsSinceUnixEpoch::now(),
+            sender: alice.user_id().to_owned(),
+            content: content.deserialize_as().unwrap(),
+            unsigned: MessageLikeUnsigned::default(),
+        };
+
+        // should share at index 1
+        let to_device_requests = alice
+            .share_room_key(room_id, iter::once(bob.user_id()), EncryptionSettings::default())
+            .await
+            .unwrap();
+
+        let event = ToDeviceEvent::new(
+            alice.user_id().to_owned(),
+            to_device_requests_to_content(to_device_requests),
+        );
+
+        let group_session =
+            bob.decrypt_to_device_event(&event).await.unwrap().inbound_group_session;
+        bob.store.save_inbound_group_sessions(&[group_session.unwrap()]).await.unwrap();
+
+        let room_event = json_convert(&room_event).unwrap();
+
+        let decrypt_error = bob.decrypt_room_event(&room_event, room_id).await.unwrap_err();
+
+        if let MegolmError::Decryption(vodo_error) = decrypt_error {
+            if let vodozemac::megolm::DecryptionError::UnknownMessageIndex(_, _) = vodo_error {
+                // check that key has been requested
+                let outgoing_to_devices =
+                    bob.key_request_machine.outgoing_to_device_requests().await.unwrap();
+                assert_eq!(1, outgoing_to_devices.len());
+            } else {
+                panic!("Should be UnknownMessageIndex error ")
+            }
+        } else {
+            panic!("Should have been unable to decrypt")
+        }
+    }
+
     #[async_test]
     async fn interactive_verification() {
         let (alice, bob) = get_machine_pair_with_setup_sessions().await;