Encrypt and decrypt by default when possible

Author: turt2live

examples/encryption_bot.ts

@@ -1,10 +1,9 @@
 import {
-    EncryptedRoomEvent,
     EncryptionAlgorithm,
     LogLevel,
     LogService,
     MatrixClient, MessageEvent,
-    RichConsoleLogger, RichReply,
+    RichConsoleLogger,
     SimpleFsStorageProvider
 } from "../src";
 import { SqliteCryptoStorageProvider } from "../src/storage/SqliteCryptoStorageProvider";
@@ -52,23 +51,19 @@ const client = new MatrixClient(homeserverUrl, accessToken, storage, crypto);
         });
     }
 
-    client.on("room.event", async (roomId: string, event: any) => {
-        if (roomId !== encryptedRoomId || event['type'] !== "m.room.encrypted") return;
+    client.on("room.message", async (roomId: string, event: any) => {
+        if (roomId !== encryptedRoomId) return;
 
-        try {
-            const decrypted = await client.crypto.decryptRoomEvent(new EncryptedRoomEvent(event), roomId);
-            if (decrypted.type === "m.room.message") {
-                const message = new MessageEvent(decrypted.raw);
-                if (message.messageType !== "m.text") return;
-                if (message.textBody.startsWith("!ping")) {
-                    const reply = RichReply.createFor(roomId, message.raw, "Pong", "Pong");
-                    reply['msgtype'] = "m.notice";
-                    const encrypted = await client.crypto.encryptRoomEvent(roomId, "m.room.message", reply);
-                    await client.sendEvent(roomId, "m.room.encrypted", encrypted);
-                }
-            }
-        } catch (e) {
-            LogService.error("index", e);
+        const message = new MessageEvent(event);
+
+        if (message.sender === (await client.getUserId())) {
+            // yay, we decrypted our own message. Communicate that back for testing purposes.
+            return await client.unstableApis.addReactionToEvent(roomId, message.eventId, '🔐');
+        }
+
+        if (message.messageType !== "m.text") return;
+        if (message.textBody.startsWith("!ping")) {
+            await client.replyNotice(roomId, event, "Pong");
         }
     });
 

src/MatrixClient.ts

@@ -37,6 +37,7 @@ import {
 } from "./models/Crypto";
 import { requiresCrypto } from "./e2ee/decorators";
 import { ICryptoStorageProvider } from "./storage/ICryptoStorageProvider";
+import { EncryptedRoomEvent } from "./models/events/EncryptedRoomEvent";
 
 /**
  * A client that is capable of interacting with a matrix homeserver.
@@ -799,6 +800,17 @@ export class MatrixClient extends EventEmitter {
 
             for (let event of room['timeline']['events']) {
                 event = await this.processEvent(event);
+                if (event['type'] === 'm.room.encrypted' && await this.crypto?.isRoomEncrypted(roomId)) {
+                    await emitFn("room.encrypted_event", roomId, event);
+                    try {
+                        event = (await this.crypto.decryptRoomEvent(new EncryptedRoomEvent(event), roomId)).raw;
+                        event = await this.processEvent(event);
+                        await emitFn("room.decrypted_event", roomId, event);
+                    } catch (e) {
+                        LogService.error("MatrixClientLite", `Decryption error on ${roomId} ${event['event_id']}`, e);
+                        await emitFn("room.failed_decryption", roomId, event);
+                    }
+                }
                 if (event['type'] === 'm.room.message') {
                     await emitFn("room.message", roomId, event);
                 }
@@ -814,14 +826,29 @@ export class MatrixClient extends EventEmitter {
         }
     }
 
+    /**
+     * Gets an event for a room. If the event is encrypted, and the client supports encryption,
+     * and the room is encrypted, then this will return a decrypted event.
+     * @param {string} roomId the room ID to get the event in
+     * @param {string} eventId the event ID to look up
+     * @returns {Promise<any>} resolves to the found event
+     */
+    @timedMatrixClientFunctionCall()
+    public async getEvent(roomId: string, eventId: string): Promise<any> {
+        const event = await this.getRawEvent(roomId, eventId);
+        if (event['type'] === 'm.room.encrypted' && await this.crypto?.isRoomEncrypted(roomId)) {
+            return this.processEvent((await this.crypto.decryptRoomEvent(new EncryptedRoomEvent(event), roomId)).raw);
+        }
+    }
+
     /**
      * Gets an event for a room. Returned as a raw event.
      * @param {string} roomId the room ID to get the event in
      * @param {string} eventId the event ID to look up
      * @returns {Promise<any>} resolves to the found event
      */
     @timedMatrixClientFunctionCall()
-    public getEvent(roomId: string, eventId: string): Promise<any> {
+    public getRawEvent(roomId: string, eventId: string): Promise<any> {
         return this.doRequest("GET", "/_matrix/client/r0/rooms/" + encodeURIComponent(roomId) + "/event/" + encodeURIComponent(eventId))
             .then(ev => this.processEvent(ev));
     }
@@ -1030,6 +1057,7 @@ export class MatrixClient extends EventEmitter {
 
     /**
      * Replies to a given event with the given text. The event is sent with a msgtype of m.text.
+     * The message will be encrypted if the client supports encryption and the room is encrypted.
      * @param {string} roomId the room ID to reply in
      * @param {any} event the event to reply to
      * @param {string} text the text to reply with
@@ -1046,6 +1074,7 @@ export class MatrixClient extends EventEmitter {
 
     /**
      * Replies to a given event with the given HTML. The event is sent with a msgtype of m.text.
+     * The message will be encrypted if the client supports encryption and the room is encrypted.
      * @param {string} roomId the room ID to reply in
      * @param {any} event the event to reply to
      * @param {string} html the HTML to reply with.
@@ -1060,6 +1089,7 @@ export class MatrixClient extends EventEmitter {
 
     /**
      * Replies to a given event with the given text. The event is sent with a msgtype of m.notice.
+     * The message will be encrypted if the client supports encryption and the room is encrypted.
      * @param {string} roomId the room ID to reply in
      * @param {any} event the event to reply to
      * @param {string} text the text to reply with
@@ -1077,6 +1107,7 @@ export class MatrixClient extends EventEmitter {
 
     /**
      * Replies to a given event with the given HTML. The event is sent with a msgtype of m.notice.
+     * The message will be encrypted if the client supports encryption and the room is encrypted.
      * @param {string} roomId the room ID to reply in
      * @param {any} event the event to reply to
      * @param {string} html the HTML to reply with.
@@ -1091,7 +1122,8 @@ export class MatrixClient extends EventEmitter {
     }
 
     /**
-     * Sends a notice to the given room
+     * Sends a notice to the given room. The message will be encrypted if the client supports
+     * encryption and the room is encrypted.
      * @param {string} roomId the room ID to send the notice to
      * @param {string} text the text to send
      * @returns {Promise<string>} resolves to the event ID that represents the message
@@ -1105,7 +1137,8 @@ export class MatrixClient extends EventEmitter {
     }
 
     /**
-     * Sends a notice to the given room with HTML content
+     * Sends a notice to the given room with HTML content. The message will be encrypted if the client supports
+     * encryption and the room is encrypted.
      * @param {string} roomId the room ID to send the notice to
      * @param {string} html the HTML to send
      * @returns {Promise<string>} resolves to the event ID that represents the message
@@ -1121,7 +1154,8 @@ export class MatrixClient extends EventEmitter {
     }
 
     /**
-     * Sends a text message to the given room
+     * Sends a text message to the given room. The message will be encrypted if the client supports
+     * encryption and the room is encrypted.
      * @param {string} roomId the room ID to send the text to
      * @param {string} text the text to send
      * @returns {Promise<string>} resolves to the event ID that represents the message
@@ -1135,7 +1169,8 @@ export class MatrixClient extends EventEmitter {
     }
 
     /**
-     * Sends a text message to the given room with HTML content
+     * Sends a text message to the given room with HTML content. The message will be encrypted if the client supports
+     * encryption and the room is encrypted.
      * @param {string} roomId the room ID to send the text to
      * @param {string} html the HTML to send
      * @returns {Promise<string>} resolves to the event ID that represents the message
@@ -1151,7 +1186,8 @@ export class MatrixClient extends EventEmitter {
     }
 
     /**
-     * Sends a message to the given room
+     * Sends a message to the given room. The message will be encrypted if the client supports
+     * encryption and the room is encrypted.
      * @param {string} roomId the room ID to send the message to
      * @param {object} content the event content to send
      * @returns {Promise<string>} resolves to the event ID that represents the message
@@ -1162,14 +1198,31 @@ export class MatrixClient extends EventEmitter {
     }
 
     /**
-     * Sends an event to the given room
+     * Sends an event to the given room. This will encrypt the event before sending if the room is
+     * encrypted and the client supports encryption. Use sendRawEvent() to avoid this behaviour.
      * @param {string} roomId the room ID to send the event to
      * @param {string} eventType the type of event to send
      * @param {string} content the event body to send
      * @returns {Promise<string>} resolves to the event ID that represents the event
      */
     @timedMatrixClientFunctionCall()
     public async sendEvent(roomId: string, eventType: string, content: any): Promise<string> {
+        if (await this.crypto?.isRoomEncrypted(roomId)) {
+            content = await this.crypto.encryptRoomEvent(roomId, eventType, content);
+            eventType = "m.room.encrypted";
+        }
+        return this.sendRawEvent(roomId, eventType, content);
+    }
+
+    /**
+     * Sends an event to the given room.
+     * @param {string} roomId the room ID to send the event to
+     * @param {string} eventType the type of event to send
+     * @param {string} content the event body to send
+     * @returns {Promise<string>} resolves to the event ID that represents the event
+     */
+    @timedMatrixClientFunctionCall()
+    public async sendRawEvent(roomId: string, eventType: string, content: any): Promise<string> {
         const txnId = (new Date().getTime()) + "__inc" + (++this.requestId);
         return this.doRequest("PUT", "/_matrix/client/r0/rooms/" + encodeURIComponent(roomId) + "/send/" + encodeURIComponent(eventType) + "/" + encodeURIComponent(txnId), null, content).then(response => {
             return response['event_id'];

src/e2ee/CryptoClient.ts

@@ -422,6 +422,9 @@ export class CryptoClient {
             throw new Error("Room is not encrypted");
         }
 
+        const relatesTo = JSON.parse(JSON.stringify(content['m.relates_to']));
+        delete content['m.relates_to'];
+
         const now = (new Date()).getTime();
 
         let currentSession = await this.client.cryptoStore.getCurrentOutboundGroupSession(roomId);
@@ -448,7 +451,10 @@ export class CryptoClient {
                     usesLeft: roomConfig.rotationPeriodMessages,
                     expiresTs: now + roomConfig.rotationPeriodMs,
                 };
-                await this.client.cryptoStore.storeOutboundGroupSession(currentSession);
+
+                // Store the session as an inbound session up front. This is to ensure that we have the
+                // earliest possible ratchet available to our own decryption functions. We don't store
+                // the outbound session here as it is stored earlier on.
                 await this.storeInboundGroupSession({
                     room_id: roomId,
                     session_id: newSession.session_id(),
@@ -496,13 +502,23 @@ export class CryptoClient {
                 room_id: roomId,
             }));
 
-            return {
-                algorithm: EncryptionAlgorithm.MegolmV1AesSha2,
+            currentSession.pickled = session.pickle(this.pickleKey);
+            currentSession.usesLeft--;
+            await this.client.cryptoStore.storeOutboundGroupSession(currentSession);
+
+            const body = {
                 sender_key: this.deviceCurve25519,
                 ciphertext: encrypted,
                 session_id: session.session_id(),
                 device_id: this.clientDeviceId,
             };
+            if (relatesTo) {
+                body['m.relates_to'] = relatesTo;
+            }
+            return {
+                ...body,
+                algorithm: EncryptionAlgorithm.MegolmV1AesSha2,
+            };
         } finally {
             session.free();
         }
@@ -549,6 +565,9 @@ export class CryptoClient {
 
             await this.client.cryptoStore.setMessageIndexForEvent(roomId, event.eventId, storedSession.sessionId, messageIndex);
 
+            storedSession.pickled = session.pickle(this.pickleKey);
+            await this.client.cryptoStore.storeInboundGroupSession(storedSession);
+
             return new RoomEvent<unknown>({
                 ...event.raw,
                 type: eventBody.type || "io.t2bot.unknown",

src/storage/ICryptoStorageProvider.ts

@@ -133,14 +133,6 @@ export interface ICryptoStorageProvider {
      */
     getCurrentOutboundGroupSession(roomId: string): Promise<IOutboundGroupSession>;
 
-    /**
-     * Decrements the available usages for an outbound group session.
-     * @param {string} sessionId The session ID.
-     * @param {string} roomId The room ID.
-     * @returns {Promise<void>} Resolves when complete.
-     */
-    useOutboundGroupSession(sessionId: string, roomId: string): Promise<void>;
-
     /**
      * Stores a session as sent to a user's device.
      * @param {IOutboundGroupSession} session The session that was sent.

src/storage/SqliteCryptoStorageProvider.ts

@@ -23,7 +23,6 @@ export class SqliteCryptoStorageProvider implements ICryptoStorageProvider {
     private obGroupSessionUpsert: Database.Statement;
     private obGroupSessionSelect: Database.Statement;
     private obGroupCurrentSessionSelect: Database.Statement;
-    private obGroupSessionMarkUsage: Database.Statement;
     private obGroupSessionMarkAllInactive: Database.Statement;
     private obSentGroupSessionUpsert: Database.Statement;
     private obSentSelectLastSent: Database.Statement;
@@ -71,7 +70,6 @@ export class SqliteCryptoStorageProvider implements ICryptoStorageProvider {
         this.obGroupSessionUpsert = this.db.prepare("INSERT INTO outbound_group_sessions (session_id, room_id, current, pickled, uses_left, expires_ts) VALUES (@sessionId, @roomId, @current, @pickled, @usesLeft, @expiresTs) ON CONFLICT (session_id, room_id) DO UPDATE SET pickled = @pickled, current = @current, uses_left = @usesLeft, expires_ts = @expiresTs");
         this.obGroupSessionSelect = this.db.prepare("SELECT session_id, room_id, current, pickled, uses_left, expires_ts FROM outbound_group_sessions WHERE session_id = @sessionId AND room_id = @roomId");
         this.obGroupCurrentSessionSelect = this.db.prepare("SELECT session_id, room_id, current, pickled, uses_left, expires_ts FROM outbound_group_sessions WHERE room_id = @roomId AND current = 1");
-        this.obGroupSessionMarkUsage = this.db.prepare("UPDATE outbound_group_sessions SET uses_left = uses_left - 1 WHERE session_id = @sessionId and room_id = @roomId");
         this.obGroupSessionMarkAllInactive = this.db.prepare("UPDATE outbound_group_sessions SET current = 0 WHERE room_id = @roomId");
 
         this.obSentGroupSessionUpsert = this.db.prepare("INSERT INTO sent_outbound_group_sessions (session_id, room_id, session_index, user_id, device_id) VALUES (@sessionId, @roomId, @sessionIndex, @userId, @deviceId) ON CONFLICT (session_id, room_id, user_id, device_id, session_index) DO NOTHING");
@@ -220,10 +218,6 @@ export class SqliteCryptoStorageProvider implements ICryptoStorageProvider {
         return null;
     }
 
-    public async useOutboundGroupSession(sessionId: string, roomId: string): Promise<void> {
-        this.obGroupSessionMarkUsage.run({sessionId: sessionId, roomId: roomId});
-    }
-
     public async storeSentOutboundGroupSession(session: IOutboundGroupSession, index: number, device: UserDevice): Promise<void> {
         this.obSentGroupSessionUpsert.run({
             sessionId: session.sessionId,

test/storage/SqliteCryptoStorageProvider.ts

@@ -341,54 +341,6 @@ describe('SqliteCryptoStorageProvider', () => {
         await store.close();
     });
 
-    it('should count usages of outbound sessions', async () => {
-        const sessionId = "session";
-        const roomId = "!room:example.org";
-        const usesLeft = 100;
-        const expiresTs = Date.now();
-        const pickle = "pickled";
-
-        const name = tmp.fileSync().name;
-        let store = new SqliteCryptoStorageProvider(name);
-
-        await store.storeOutboundGroupSession({
-            sessionId: sessionId,
-            roomId: roomId,
-            pickled: pickle,
-            expiresTs: expiresTs,
-            usesLeft: usesLeft,
-            isCurrent: true,
-        });
-        expect(await store.getOutboundGroupSession(sessionId, roomId)).toMatchObject({
-            sessionId: sessionId,
-            roomId: roomId,
-            pickled: pickle,
-            expiresTs: expiresTs,
-            usesLeft: usesLeft,
-            isCurrent: true,
-        });
-        await store.useOutboundGroupSession(sessionId, roomId);
-        expect(await store.getOutboundGroupSession(sessionId, roomId)).toMatchObject({
-            sessionId: sessionId,
-            roomId: roomId,
-            pickled: pickle,
-            expiresTs: expiresTs,
-            usesLeft: usesLeft - 1,
-            isCurrent: true,
-        });
-        await store.close();
-        store = new SqliteCryptoStorageProvider(name);
-        expect(await store.getOutboundGroupSession(sessionId, roomId)).toMatchObject({
-            sessionId: sessionId,
-            roomId: roomId,
-            pickled: pickle,
-            expiresTs: expiresTs,
-            usesLeft: usesLeft - 1,
-            isCurrent: true,
-        });
-        await store.close();
-    });
-
     it('should track sent outbound sessions', async () => {
         const sessionId = "session";
         const roomId = "!room:example.org";