matrix: ugly hack to fix encryption after restarts

with a persistent crypto.Store, element reports "** Unable to decrypt:
The secure channel with the sender was corrupted. **", and others
clients just fail. Deleting it before reinitialising the OlmMachine
stops this, although the first message to a user takes a while as i
guess it has re-establish a session (idk, this is above me).
mautrix
Harvey Tindall 4 years ago
parent 833d02b032
commit 4c10996c09
No known key found for this signature in database
GPG Key ID: BBC65952848FB1A2

@ -41,6 +41,7 @@ require (
github.com/lithammer/shortuuid/v3 v3.0.4 github.com/lithammer/shortuuid/v3 v3.0.4
github.com/mailgun/mailgun-go/v4 v4.5.1 github.com/mailgun/mailgun-go/v4 v4.5.1
github.com/mailru/easyjson v0.7.7 // indirect github.com/mailru/easyjson v0.7.7 // indirect
github.com/mattn/go-sqlite3 v1.14.7 // indirect
github.com/pkg/browser v0.0.0-20210606212950-a7b7a6107d32 github.com/pkg/browser v0.0.0-20210606212950-a7b7a6107d32
github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966
github.com/smartystreets/goconvey v1.6.4 // indirect github.com/smartystreets/goconvey v1.6.4 // indirect

@ -210,6 +210,8 @@ github.com/mattn/go-isatty v0.0.12 h1:wuysRhFDzyxgEmMf5xjvJ2M9dZoWAXNNr5LSBS7uHX
github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
github.com/mattn/go-sqlite3 v1.14.6 h1:dNPt6NO46WmLVt2DLNpwczCmdV5boIZ6g/tlDrlRUbg= github.com/mattn/go-sqlite3 v1.14.6 h1:dNPt6NO46WmLVt2DLNpwczCmdV5boIZ6g/tlDrlRUbg=
github.com/mattn/go-sqlite3 v1.14.6/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU= github.com/mattn/go-sqlite3 v1.14.6/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
github.com/mattn/go-sqlite3 v1.14.7 h1:fxWBnXkxfM6sRiuH3bqJ4CfzZojMOLVc0UTsTglEghA=
github.com/mattn/go-sqlite3 v1.14.7/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=

@ -2,17 +2,18 @@ package main
import ( import (
"fmt" "fmt"
"os"
"strings" "strings"
"time"
"database/sql" "database/sql"
"github.com/gomarkdown/markdown" "github.com/gomarkdown/markdown"
_ "github.com/mattn/go-sqlite3"
gomatrix "maunium.net/go/mautrix" gomatrix "maunium.net/go/mautrix"
"maunium.net/go/mautrix/crypto" "maunium.net/go/mautrix/crypto"
"maunium.net/go/mautrix/event" "maunium.net/go/mautrix/event"
"maunium.net/go/mautrix/id" "maunium.net/go/mautrix/id"
_ "modernc.org/sqlite"
) )
type MatrixDaemon struct { type MatrixDaemon struct {
@ -23,10 +24,11 @@ type MatrixDaemon struct {
tokens map[string]UnverifiedUser // Map of tokens to users tokens map[string]UnverifiedUser // Map of tokens to users
languages map[id.RoomID]string // Map of roomIDs to language codes languages map[id.RoomID]string // Map of roomIDs to language codes
isEncrypted map[id.RoomID]bool isEncrypted map[id.RoomID]bool
cryptoStore *crypto.SQLCryptoStore cryptoStore *crypto.GobStore
olm *crypto.OlmMachine olm *crypto.OlmMachine
db *sql.DB db *sql.DB
app *appContext app *appContext
start int64
} }
type UnverifiedUser struct { type UnverifiedUser struct {
@ -43,7 +45,8 @@ type MatrixUser struct {
} }
func (m *MatrixDaemon) IsEncrypted(roomID id.RoomID) bool { func (m *MatrixDaemon) IsEncrypted(roomID id.RoomID) bool {
return m.isEncrypted[roomID] encrypted, ok := m.isEncrypted[roomID]
return ok && encrypted
} }
func (m *MatrixDaemon) GetEncryptionEvent(roomID id.RoomID) *event.EncryptionEventContent { func (m *MatrixDaemon) GetEncryptionEvent(roomID id.RoomID) *event.EncryptionEventContent {
@ -55,7 +58,14 @@ func (m *MatrixDaemon) GetEncryptionEvent(roomID id.RoomID) *event.EncryptionEve
} }
// Users are assumed to only have one common channel with the bot, so we can stub this out. // Users are assumed to only have one common channel with the bot, so we can stub this out.
func (m *MatrixDaemon) FindSharedRooms(userID id.UserID) []id.RoomID { return []id.RoomID{} } func (m *MatrixDaemon) FindSharedRooms(userID id.UserID) []id.RoomID {
for _, user := range m.app.storage.matrix {
if id.UserID(user.UserID) == userID {
return []id.RoomID{id.RoomID(user.RoomID)}
}
}
return []id.RoomID{}
}
type olmLogger struct { type olmLogger struct {
app *appContext app *appContext
@ -121,18 +131,30 @@ func newMatrixDaemon(app *appContext) (d *MatrixDaemon, err error) {
} }
d.isEncrypted[id.RoomID(user.RoomID)] = user.Encrypted d.isEncrypted[id.RoomID(user.RoomID)] = user.Encrypted
} }
d.db, err = sql.Open("sqlite", app.config.Section("files").Key("matrix_sql").String()) dbPath := app.config.Section("files").Key("matrix_sql").String()
olmLog := &olmLogger{app} // If the db is maintained after restart, element reports "The secure channel with the sender was corrupted" when sending a message from the bot.
d.cryptoStore = crypto.NewSQLCryptoStore(d.db, "sqlite3", "jfa-go", "jfa-go", []byte("jfa-go"), olmLog) // This obviously isn't right, but it seems to work.
err = d.cryptoStore.CreateTables() // Since its not really used anyway, just use the deprecated GobStore. This reduces cgo usage anyway.
os.Remove(dbPath)
cryptoStore, err := crypto.NewGobStore(dbPath)
// d.db, err = sql.Open("sqlite3", dbPath)
if err != nil { if err != nil {
return return
} }
d.olm = crypto.NewOlmMachine(d.bot, olmLog, d.cryptoStore, crypto.StateStore(d)) olmLog := &olmLogger{app}
// deviceID := "jfa-go" + commit
// cryptoStore := crypto.NewSQLCryptoStore(d.db, "sqlite3", string(d.userID)+deviceID, id.DeviceID(deviceID), []byte("jfa-go"), olmLog)
// err = cryptoStore.CreateTables()
// if err != nil {
// return
// }
d.olm = crypto.NewOlmMachine(d.bot, olmLog, cryptoStore, crypto.StateStore(d))
// d.olm.AllowUnverifiedDevices = true
err = d.olm.Load() err = d.olm.Load()
if err != nil { if err != nil {
return return
} }
d.cryptoStore = cryptoStore
return return
} }
@ -158,10 +180,14 @@ func (d *MatrixDaemon) generateAccessToken(homeserver, username, password string
} }
func (d *MatrixDaemon) run() { func (d *MatrixDaemon) run() {
d.start = time.Now().UnixNano() / 1000000
d.app.info.Println("Starting Matrix bot daemon") d.app.info.Println("Starting Matrix bot daemon")
syncer := d.bot.Syncer.(*gomatrix.DefaultSyncer) syncer := d.bot.Syncer.(*gomatrix.DefaultSyncer)
syncer.OnEventType(event.EventMessage, d.handleMessage) syncer.OnEventType(event.EventMessage, d.handleMessage)
syncer.OnEventType(event.EventEncrypted, func(source gomatrix.EventSource, evt *event.Event) { syncer.OnEventType(event.EventEncrypted, func(source gomatrix.EventSource, evt *event.Event) {
if evt.Timestamp < d.start {
return
}
decrypted, err := d.olm.DecryptMegolmEvent(evt) decrypted, err := d.olm.DecryptMegolmEvent(evt)
if err != nil { if err != nil {
d.app.err.Printf("Failed to decrypt Matrix message: %v", err) d.app.err.Printf("Failed to decrypt Matrix message: %v", err)
@ -181,6 +207,7 @@ func (d *MatrixDaemon) run() {
} }
func (d *MatrixDaemon) Shutdown() { func (d *MatrixDaemon) Shutdown() {
d.olm.FlushStore()
d.bot.StopSync() d.bot.StopSync()
d.db.Close() d.db.Close()
d.Stopped = true d.Stopped = true
@ -188,6 +215,9 @@ func (d *MatrixDaemon) Shutdown() {
} }
func (d *MatrixDaemon) handleMessage(source gomatrix.EventSource, evt *event.Event) { func (d *MatrixDaemon) handleMessage(source gomatrix.EventSource, evt *event.Event) {
if evt.Timestamp < d.start {
return
}
if evt.Sender == d.userID { if evt.Sender == d.userID {
return return
} }
@ -323,7 +353,7 @@ func (d *MatrixDaemon) SendEncrypted(content *event.MessageEventContent, users .
var encrypted *event.EncryptedEventContent var encrypted *event.EncryptedEventContent
encrypted, err = d.olm.EncryptMegolmEvent(id.RoomID(user.RoomID), event.EventMessage, content) encrypted, err = d.olm.EncryptMegolmEvent(id.RoomID(user.RoomID), event.EventMessage, content)
if err == crypto.SessionExpired || err == crypto.SessionNotShared || err == crypto.NoGroupSession { if err == crypto.SessionExpired || err == crypto.SessionNotShared || err == crypto.NoGroupSession {
err = d.olm.ShareGroupSession(id.RoomID(user.RoomID), []id.UserID{id.UserID(user.UserID)}) err = d.olm.ShareGroupSession(id.RoomID(user.RoomID), []id.UserID{id.UserID(user.UserID), d.userID})
if err != nil { if err != nil {
return return
} }
@ -332,7 +362,7 @@ func (d *MatrixDaemon) SendEncrypted(content *event.MessageEventContent, users .
if err != nil { if err != nil {
return return
} }
_, err = d.bot.SendMessageEvent(id.RoomID(user.RoomID), event.EventEncrypted, encrypted) _, err = d.bot.SendMessageEvent(id.RoomID(user.RoomID), event.EventEncrypted, &event.Content{Parsed: encrypted})
if err != nil { if err != nil {
return return
} }

Loading…
Cancel
Save