Enable Crypto SDK by default

matrix-org · Apr 17, 2023 · 7e2f507 · 7e2f507
1 parent 10afb1b
commit 7e2f507
Show file tree

Hide file tree

Showing 37 changed files with 776 additions and 938 deletions.
diff --git a/.github/workflows/ci-crypto-tests.yml b/.github/workflows/ci-crypto-tests.yml
diff --git a/MatrixSDK.xcodeproj/project.pbxproj b/MatrixSDK.xcodeproj/project.pbxproj
diff --git a/MatrixSDK.xcodeproj/xcshareddata/xcschemes/MatrixSDK-macOS.xcscheme b/MatrixSDK.xcodeproj/xcshareddata/xcschemes/MatrixSDK-macOS.xcscheme
@@ -64,9 +64,6 @@
          <TestPlanReference
             reference = "container:MatrixSDKTests/TestPlans/UnitTestsWithSanitizers.xctestplan">
          </TestPlanReference>
-         <TestPlanReference
-            reference = "container:MatrixSDKTests/TestPlans/CryptoTests.xctestplan">
-         </TestPlanReference>
          <TestPlanReference
             reference = "container:MatrixSDKTests/TestPlans/AllWorkingTests.xctestplan">
          </TestPlanReference>

diff --git a/MatrixSDK/Crypto/CrossSigning/MXCrossSigningV2.swift b/MatrixSDK/Crypto/CrossSigning/MXCrossSigningV2.swift
@@ -126,7 +126,7 @@ class MXCrossSigningV2: NSObject, MXCrossSigning {
                 // If we are considered verified, there is no need for a verification upgrade
                 // after migrating from legacy crypto
                 if myUserCrossSigningKeys?.trustLevel.isVerified == true {
-                    MXSDKOptions.sharedInstance().cryptoSDKFeature?.needsVerificationUpgrade = false
+                    MXSDKOptions.sharedInstance().needsVerificationUpgrade = false
                 }
 
                 log.debug("Cross signing state refreshed, new state: \(state)")

diff --git a/MatrixSDK/Crypto/MXCrypto.m b/MatrixSDK/Crypto/MXCrypto.m
@@ -180,19 +180,26 @@ + (void)initializeCryptoWithMatrixSession:(MXSession *)mxSession
                                  complete:(void (^)(id<MXCrypto> crypto, NSError *error))complete
 {
 #ifdef MX_CRYPTO
-
-    // Each time we construct the crypto module (app launch, login etc) we have a chance to try to enable
-    // the newer SDK crypto module, if it is available for this particular user.
-    [MXSDKOptions.sharedInstance.cryptoSDKFeature enableIfAvailableForUserId:mxSession.myUserId];
+
     if (MXSDKOptions.sharedInstance.enableCryptoSDK)
     {
-        [MXCryptoV2Factory.shared buildCryptoWithSession:mxSession
-                                       migrationProgress:migrationProgress
-                                                 success:^(id<MXCrypto> crypto) {
-                                                    complete(crypto, nil); }
-                                                 failure:^(NSError *error) {
-                                                    complete(nil, error);
-                                                 }];
+        BOOL enableCrypto = [MXSDKOptions sharedInstance].enableCryptoWhenStartingMXSession || [MXCryptoV2Factory.shared hasCryptoDataFor:mxSession];
+        if (enableCrypto)
+        {
+            [MXCryptoV2Factory.shared buildCryptoWithSession:mxSession
+                                           migrationProgress:migrationProgress
+                                                     success:^(id<MXCrypto> crypto) {
+                complete(crypto, nil); }
+                                                     failure:^(NSError *error) {
+                complete(nil, error);
+            }];
+        }
+        else
+        {
+            dispatch_async(dispatch_get_main_queue(), ^{
+                complete(nil, nil);
+            });
+        }
         return;
     }
 

diff --git a/MatrixSDK/Crypto/MXCryptoV2.swift b/MatrixSDK/Crypto/MXCryptoV2.swift
@@ -201,7 +201,7 @@ class MXCryptoV2: NSObject, MXCrypto {
                MXRealmCryptoStore.hasData(for: credentials) {
                 MXRealmCryptoStore.delete(with: credentials)
             } else {
-                log.failure("Missing credentials, cannot delete store")
+                log.error("Missing credentials, cannot delete store")
             }
 
             do {

diff --git a/MatrixSDK/Crypto/MXCryptoV2Factory.swift b/MatrixSDK/Crypto/MXCryptoV2Factory.swift
@@ -28,6 +28,21 @@ import Foundation
         .deprecated3
     }
 
+    @objc public func hasCryptoData(for session: MXSession!) -> Bool {
+        guard let userId = session?.myUserId else {
+            log.error("Missing required dependencies")
+            return false
+        }
+
+        do {
+            let url = try MXCryptoMachineStore.storeURL(for: userId)
+            return FileManager.default.fileExists(atPath: url.path)
+        } catch {
+            log.error("Failed creating url for user", context: error)
+            return false
+        }
+    }
+
     @objc public func buildCrypto(
         session: MXSession!,
         migrationProgress: ((Double) -> Void)?,
@@ -121,7 +136,7 @@ import Foundation
             // unless the rust-based crypto already considers the current session to be verified given
             // the migration data
             log.debug("Needs verification upgrade")
-            MXSDKOptions.sharedInstance().cryptoSDKFeature?.needsVerificationUpgrade = true
+            MXSDKOptions.sharedInstance().needsVerificationUpgrade = true
         }
 
         log.debug("Setting the latest deprecated version of legacy store")

diff --git a/MatrixSDK/Crypto/MXCryptoV2Feature.swift b/MatrixSDK/Crypto/MXCryptoV2Feature.swift
diff --git a/MatrixSDK/MXSDKOptions.h b/MatrixSDK/MXSDKOptions.h
@@ -204,18 +204,21 @@ NS_ASSUME_NONNULL_BEGIN
 @property (nonatomic) BOOL enableRoomSharedHistoryOnInvite;
 
 /**
- An object which controls the availabilty of the rust-based `MatrixCryptoSDK`.
+ Use the newer rust-based `MatrixCryptoSDK` instead of the legacy `MatrixSDK`'s internal crypto module.
  
- @remark nil by default.
+ @remark YES by default
  */
-@property (nonatomic, nullable) id<MXCryptoV2Feature> cryptoSDKFeature;
+@property (nonatomic) BOOL enableCryptoSDK;
 
 /**
- Use the rust-based `MatrixCryptoSDK` instead of `MatrixSDK`'s internal crypto module.
+ Flag indicating whether this account requires a re-verification after migrating to Crypto SDK
+ 
+ This flag is set to true if the legacy account is considered verified but the rust account
+ does not consider the migrated data secure enough, as it applies stricter security conditions.
  
- @remark this property is a convenience getter for `cryptoSDKFeature.isEnabled`
+ @remark NO by default.
  */
-@property (nonatomic, readonly) BOOL enableCryptoSDK;
+@property (nonatomic) BOOL needsVerificationUpgrade;
 
 /**
  The text-based identifier for the crypto module being used (e.g. native vs rust)

diff --git a/MatrixSDK/MXSDKOptions.m b/MatrixSDK/MXSDKOptions.m
@@ -54,6 +54,8 @@ - (instancetype)init
         _authEnableRefreshTokens = NO;
         _enableThreads = NO;
         _enableRoomSharedHistoryOnInvite = NO;
+        _enableCryptoSDK = YES;
+        _needsVerificationUpgrade = NO;
         _enableSymmetricBackup = NO;
         _enableNewClientInformationFeature = NO;
         _enableStartupProgress = YES;
@@ -62,16 +64,6 @@ - (instancetype)init
     return self;
 }
 
-- (BOOL)enableCryptoSDK
-{
-    if (!self.cryptoSDKFeature)
-    {
-        MXLogError(@"[MXSDKOptions] enableCryptoSDK: Crypto SDK feature is not configured");
-        return NO;
-    }
-    return self.cryptoSDKFeature.isEnabled;
-}
-
 - (NSString *)cryptoModuleId
 {
     return self.enableCryptoSDK ? @"rust" : @"native";

diff --git a/MatrixSDKTests/Crypto/CrossSigning/MXCrossSigningV2UnitTests.swift b/MatrixSDKTests/Crypto/CrossSigning/MXCrossSigningV2UnitTests.swift
@@ -104,3 +104,15 @@ class MXCrossSigningV2UnitTests: XCTestCase {
         }
     }
 }
+
+private extension MXCrossSigning {
+    func refreshState() async throws {
+        return try await withCheckedThrowingContinuation { continuation in
+            refreshState { _ in
+                continuation.resume()
+            } failure: { error in
+                continuation.resume(throwing: error)
+            }
+        }
+    }
+}
diff --git a/MatrixSDKTests/Crypto/CryptoMachine/MXKeyProviderStub.swift b/MatrixSDKTests/Crypto/CryptoMachine/MXKeyProviderStub.swift
@@ -0,0 +1,31 @@
+// 
+// Copyright 2023 The Matrix.org Foundation C.I.C
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+import Foundation
+
+class MXKeyProviderStub: NSObject, MXKeyProviderDelegate {
+    func isEncryptionAvailableForData(ofType dataType: String) -> Bool {
+        return true
+    }
+
+    func hasKeyForData(ofType dataType: String) -> Bool {
+        return true
+    }
+
+    func keyDataForData(ofType dataType: String) -> MXKeyData? {
+        MXRawDataKey(key: "1234".data(using: .ascii)!)
+    }
+}