Merge pull request matrix-org#1770 from matrix-org/andy/crypto_sdk

Enable Crypto SDK by default
Topheee · Apr 19, 2023 · 98e7c1c · 98e7c1c
2 parents d72008e + db75814
commit 98e7c1c
Show file tree

Hide file tree

Showing 43 changed files with 855 additions and 1,253 deletions.
diff --git a/.github/workflows/ci-crypto-tests.yml b/.github/workflows/ci-crypto-tests.yml
diff --git a/MatrixSDK.xcodeproj/project.pbxproj b/MatrixSDK.xcodeproj/project.pbxproj
diff --git a/MatrixSDK.xcodeproj/xcshareddata/xcschemes/MatrixSDK-macOS.xcscheme b/MatrixSDK.xcodeproj/xcshareddata/xcschemes/MatrixSDK-macOS.xcscheme
@@ -64,9 +64,6 @@
          <TestPlanReference
             reference = "container:MatrixSDKTests/TestPlans/UnitTestsWithSanitizers.xctestplan">
          </TestPlanReference>
-         <TestPlanReference
-            reference = "container:MatrixSDKTests/TestPlans/CryptoTests.xctestplan">
-         </TestPlanReference>
          <TestPlanReference
             reference = "container:MatrixSDKTests/TestPlans/AllWorkingTests.xctestplan">
          </TestPlanReference>

diff --git a/MatrixSDK/Background/MXBackgroundSyncService.swift b/MatrixSDK/Background/MXBackgroundSyncService.swift
@@ -67,7 +67,6 @@ public enum MXBackgroundSyncServiceError: Error {
     /// - Parameter credentials: account credentials
     public init(
         withCredentials credentials: MXCredentials,
-        isCryptoSDKEnabled: Bool = false,
         persistTokenDataHandler: MXRestClientPersistTokenDataHandler? = nil,
         unauthenticatedHandler: MXRestClientUnauthenticatedHandler? = nil
     ) {
@@ -90,16 +89,9 @@ public enum MXBackgroundSyncServiceError: Error {
         self.restClient = restClient
 
         store = MXBackgroundStore(withCredentials: credentials)
-        // We can flush any crypto data if our sync response store is empty
-        let resetBackgroundCryptoStore = syncResponseStoreManager.syncToken() == nil
 
-        if isCryptoSDKEnabled {
-            MXLog.debug("[MXBackgroundSyncService] init: constructing crypto v2")
-            crypto = MXBackgroundCryptoV2(credentials: credentials, restClient: restClient)
-        } else {
-            MXLog.debug("[MXBackgroundSyncService] init: constructing legacy crypto")
-            crypto = MXLegacyBackgroundCrypto(credentials: credentials, resetBackgroundCryptoStore: resetBackgroundCryptoStore)
-        }
+        MXLog.debug("[MXBackgroundSyncService] init: constructing crypto")
+        crypto = MXBackgroundCryptoV2(credentials: credentials, restClient: restClient)
 
         pushRulesManager = MXBackgroundPushRulesManager(withCredentials: credentials)
         MXLog.debug("[MXBackgroundSyncService] init complete")

diff --git a/MatrixSDK/Crypto/CrossSigning/MXCrossSigningV2.swift b/MatrixSDK/Crypto/CrossSigning/MXCrossSigningV2.swift
@@ -126,7 +126,7 @@ class MXCrossSigningV2: NSObject, MXCrossSigning {
                 // If we are considered verified, there is no need for a verification upgrade
                 // after migrating from legacy crypto
                 if myUserCrossSigningKeys?.trustLevel.isVerified == true {
-                    MXSDKOptions.sharedInstance().cryptoSDKFeature?.needsVerificationUpgrade = false
+                    MXSDKOptions.sharedInstance().cryptoMigrationDelegate?.needsVerificationUpgrade = false
                 }
 
                 log.debug("Cross signing state refreshed, new state: \(state)")

diff --git a/MatrixSDK/Crypto/MXCrypto.m b/MatrixSDK/Crypto/MXCrypto.m
@@ -156,12 +156,6 @@ @implementation MXLegacyCrypto
     __block id<MXCrypto> crypto;
 
 #ifdef MX_CRYPTO
-    if (MXSDKOptions.sharedInstance.enableCryptoSDK)
-    {
-        MXLogFailure(@"[MXCrypto] createCryptoWithMatrixSession: Crypto V2 should not be created directly, use initializeCryptoWithMatrixSession instead");
-        return nil;
-    }
-
     dispatch_queue_t cryptoQueue = [MXLegacyCrypto dispatchQueueForUser:mxSession.matrixRestClient.credentials.userId];
     dispatch_sync(cryptoQueue, ^{
 
@@ -180,22 +174,6 @@ + (void)initializeCryptoWithMatrixSession:(MXSession *)mxSession
                                  complete:(void (^)(id<MXCrypto> crypto, NSError *error))complete
 {
 #ifdef MX_CRYPTO
-
-    // Each time we construct the crypto module (app launch, login etc) we have a chance to try to enable
-    // the newer SDK crypto module, if it is available for this particular user.
-    [MXSDKOptions.sharedInstance.cryptoSDKFeature enableIfAvailableForUserId:mxSession.myUserId];
-    if (MXSDKOptions.sharedInstance.enableCryptoSDK)
-    {
-        [MXCryptoV2Factory.shared buildCryptoWithSession:mxSession
-                                       migrationProgress:migrationProgress
-                                                 success:^(id<MXCrypto> crypto) {
-                                                    complete(crypto, nil); }
-                                                 failure:^(NSError *error) {
-                                                    complete(nil, error);
-                                                 }];
-        return;
-    }
-
     [self initalizeLegacyCryptoWithMatrixSession:mxSession complete:complete];
 #else
     complete(nil);

diff --git a/MatrixSDK/Crypto/MXCryptoV2Factory.swift b/MatrixSDK/Crypto/MXCryptoV2Factory.swift
@@ -16,6 +16,16 @@
 
 import Foundation
 
+/// Delegate for migrating account data from legacy crypto to rust-based Crypto SDK
+@objc public protocol MXCryptoV2MigrationDelegate {
+
+    /// Flag indicating whether this account requires a re-verification after migrating to Crypto SDK
+    ///
+    /// This flag is set to true if the legacy account is considered verified but the rust account
+    /// does not consider the migrated data secure enough, as it applies stricter security conditions.
+    var needsVerificationUpgrade: Bool { get set }
+}
+
 @objc public class MXCryptoV2Factory: NSObject {
     enum Error: Swift.Error {
         case cryptoNotAvailable
@@ -28,6 +38,21 @@ import Foundation
         .deprecated3
     }
 
+    @objc public func hasCryptoData(for session: MXSession!) -> Bool {
+        guard let userId = session?.myUserId else {
+            log.error("Missing required dependencies")
+            return false
+        }
+
+        do {
+            let url = try MXCryptoMachineStore.storeURL(for: userId)
+            return FileManager.default.fileExists(atPath: url.path)
+        } catch {
+            log.error("Failed creating url for user", context: error)
+            return false
+        }
+    }
+
     @objc public func buildCrypto(
         session: MXSession!,
         migrationProgress: ((Double) -> Void)?,
@@ -124,7 +149,7 @@ import Foundation
             // unless the rust-based crypto already considers the current session to be verified given
             // the migration data
             log.debug("Needs verification upgrade")
-            MXSDKOptions.sharedInstance().cryptoSDKFeature?.needsVerificationUpgrade = true
+            MXSDKOptions.sharedInstance().cryptoMigrationDelegate?.needsVerificationUpgrade = true
         }
     }
 }
diff --git a/MatrixSDK/Crypto/MXCryptoV2Feature.swift b/MatrixSDK/Crypto/MXCryptoV2Feature.swift
diff --git a/MatrixSDK/Data/EventTimeline/Room/MXRoomEventTimeline.m b/MatrixSDK/Data/EventTimeline/Room/MXRoomEventTimeline.m
@@ -142,8 +142,6 @@ - (void)initialiseState:(NSArray<MXEvent *> *)stateEvents
 
 - (void)destroy
 {
-    [room.mxSession resetReplayAttackCheckInTimeline:_timelineId];
-
     if (httpOperation)
     {
         // Cancel the current server request
@@ -190,8 +188,6 @@ - (BOOL)canPaginate:(MXTimelineDirection)direction
 
 - (void)resetPagination
 {
-    [room.mxSession resetReplayAttackCheckInTimeline:_timelineId];
-
     // Reset the back state to the current room state
     backState = [[MXRoomState alloc] initBackStateWith:_state];
 
@@ -203,8 +199,6 @@ - (MXHTTPOperation *)resetPaginationAroundInitialEventWithLimit:(NSUInteger)limi
 {
     NSParameterAssert(success);
     NSAssert(_initialEventId, @"[MXRoomEventTimeline] resetPaginationAroundInitialEventWithLimit cannot be called on live timeline");
-
-    [room.mxSession resetReplayAttackCheckInTimeline:_timelineId];
 
     // Reset the store
     if (!store.isPermanent)

diff --git a/MatrixSDK/Data/EventTimeline/Thread/MXThreadEventTimeline.swift b/MatrixSDK/Data/EventTimeline/Thread/MXThreadEventTimeline.swift
@@ -99,8 +99,6 @@ public class MXThreadEventTimeline: NSObject, MXEventTimeline {
     }
 
     public func destroy() {
-        thread.session?.resetReplayAttackCheck(inTimeline: timelineId)
-
         removeAllListeners()
 
         currentHttpOperation?.cancel()
@@ -132,8 +130,6 @@ public class MXThreadEventTimeline: NSObject, MXEventTimeline {
     }
 
     public func resetPagination() {
-        thread.session?.resetReplayAttackCheck(inTimeline: timelineId)
-
         // Reset store pagination
         storeMessagesEnumerator = store.messagesEnumerator(forRoom: thread.roomId)
 
@@ -150,8 +146,6 @@ public class MXThreadEventTimeline: NSObject, MXEventTimeline {
             fatalError("[MXThreadEventTimeline][\(timelineId)] resetPaginationAroundInitialEventWithLimit cannot be called on live timeline")
         }
 
-        thread.session?.resetReplayAttackCheck(inTimeline: timelineId)
-
         // Reset the store
         if !store.isPermanent {
             store.deleteAllData()

diff --git a/MatrixSDK/Data/MXRoom.m b/MatrixSDK/Data/MXRoom.m
@@ -82,11 +82,6 @@ The list of room operations (sending of text, images...) that must be sent
      FIFO queue of failure blocks waiting for [self members:].
      */
     NSMutableArray<void (^)(NSError *)> *pendingMembersFailureBlocks;
-
-    /**
-     The manager for sharing keys of messages with invited users
-     */
-    MXSharedHistoryKeyManager *sharedHistoryKeyManager;
 }
 @end
 
@@ -123,14 +118,6 @@ - (id)initWithRoomId:(NSString *)roomId matrixSession:(MXSession *)mxSession2 an
     {
         _roomId = roomId;
         mxSession = mxSession2;
-
-        if ([mxSession.crypto isKindOfClass:[MXLegacyCrypto class]])
-        {
-            MXMegolmDecryption *decryption = [[MXMegolmDecryption alloc] initWithCrypto:mxSession.crypto];
-            sharedHistoryKeyManager = [[MXSharedHistoryKeyManager alloc] initWithRoomId:roomId
-                                                                                 crypto:mxSession.crypto
-                                                                                service:decryption];
-        }
 
         if (store)
         {
@@ -1977,24 +1964,9 @@ - (MXHTTPOperation*)inviteUser:(NSString*)userId
                        success:(void (^)(void))success
                        failure:(void (^)(NSError *error))failure
 {
-    if (MXSDKOptions.sharedInstance.enableRoomSharedHistoryOnInvite)
-    {
-        [self shareRoomKeysWith:userId];
-    }
     return [mxSession.matrixRestClient inviteUser:userId toRoom:self.roomId success:success failure:failure];
 }
 
-- (void)shareRoomKeysWith:(NSString *)userId
-{
-    // The value of 20 is arbitrary and imprecise, we merely want to ensure that when a user is invited to a room
-    // they are able to read any immediately preciding messages that may be relevant to the invite.
-    NSInteger numberOfSharedMessage = 20;
-    id<MXEventsEnumerator> enumerator = [self enumeratorForStoredMessagesWithTypeIn:@[kMXEventTypeStringRoomMessage]];
-    [sharedHistoryKeyManager shareMessageKeysWithUserId:userId
-                                      messageEnumerator:enumerator
-                                                  limit:numberOfSharedMessage];
-}
-
 - (MXHTTPOperation*)inviteUserByEmail:(NSString*)email
                               success:(void (^)(void))success
                               failure:(void (^)(NSError *error))failure