matrix-org · MichaelErjemenko · Apr 19, 2024 · richvdh · Apr 22, 2024
@@ -490,6 +490,15 @@ export interface CryptoApi {
      */
     resetKeyBackup(): Promise<void>;
 
+    /**
+     * Update the signature of the backup specified via privateKey and uploaded this change to the server.
+     * This is an altered copy of {@link @./rust-crypto/rust-crypto.ts#RustCrypto#resetKeyBackup}.
+     * 
+     * @param privateKey The privat key of the backup which should be updated.
+     * @param version The version of the backup that should be updated.
+     */
+    resignKeyBackup(privateKey: Uint8Array, version: string): Promise<void>;
+
     /**
      * Deletes the given key backup.
      *

@@ -544,6 +544,47 @@ export class RustBackupManager extends TypedEventEmitter<RustBackupCryptoEvents,
         };
     }
 
+    /**
+     * Use PUT /room_keys/version/{version} to change the e2e_room_keys_version database entry at the server.
+     * This version should be JUST used in rare specific cases and not in general.
+     * Currently it is used as workaround for compatibility problems between backups without 4s and required 4s at the web-client.
+     * 
+     * @param backupDecKey 
+     * @param version The version of the backup we want to update.
+     * @param signObject A method to sign the backup before it is uploaded.
+     * @returns 
+     */
+    public async updateBackupSignature(backupDecKey: RustSdkCryptoJs.BackupDecryptionKey, version: string, signObject: (authData: AuthData) => Promise<void>): Promise<KeyBackupCreationInfo> {
+        const pubKey = backupDecKey.megolmV1PublicKey;
+        const authData = { public_key: pubKey.publicKeyBase64 };
+
+        await signObject(authData);
+
+        // An alternative implementation could be using src\crypto\EncryptionSetup.ts and EncryptionSetupOperation, similar to:
+        // const setupBuilder = new EncryptionSetupBuilder(); setupBuilder.addSessionBackup(keyBackup); setupBuilder.buildOperation().apply();
+        const res = await this.http.authedRequest<{ version: string }>(
+            Method.Put,
+            "/room_keys/version/" + version,
+            undefined,
+            {
+                algorithm: pubKey.algorithm,
+                auth_data: authData,
+            },
+            {
+                prefix: ClientPrefix.V3,
+            },
+        );
+
+        await this.saveBackupDecryptionKey(backupDecKey, version);
+
+        return {
+            version: res.version,
+            algorithm: pubKey.algorithm,
+            authData: authData,
+            decryptionKey: backupDecKey,
+        };
+    }
+
     /**
      * Deletes all key backups.
      *

@@ -1164,6 +1164,20 @@ export class RustCrypto extends TypedEventEmitter<RustCryptoEvents, RustCryptoEv
         this.checkKeyBackupAndEnable();
     }
 
+    public async resignKeyBackup(privateKey: Uint8Array, version: string): Promise<void> {
+        const backupDecryptionKey = RustSdkCryptoJs.BackupDecryptionKey.fromBase64(encodeBase64(privateKey!));
+        const backupInfo = await this.backupManager.updateBackupSignature(backupDecryptionKey, version, (o) => this.signObject(o));
+
+        // we want to store the private key in 4S
+        // need to check if 4S is set up?
+        if (await this.secretStorageHasAESKey()) {
+            await this.secretStorage.store("m.megolm_backup.v1", backupInfo.decryptionKey.toBase64());
+        }
+
+        // we can check and start async
+        this.checkKeyBackupAndEnable();
+    }
+
     /**
      * Signs the given object with the current device and current identity (if available).
      * As defined in {@link https://spec.matrix.org/v1.8/appendices/#signing-json | Signing JSON}.