matrix_sdk_crypto

Struct OlmMachine

Source
pub struct OlmMachine { /* private fields */ }
Expand description

State machine implementation of the Olm/Megolm encryption protocol used for Matrix end to end encryption.

Implementations§

Source§

impl OlmMachine

Source

pub async fn new(user_id: &UserId, device_id: &DeviceId) -> Self

Create a new memory based OlmMachine.

The created machine will keep the encryption keys only in memory and once the object is dropped the keys will be lost.

§Arguments
  • user_id - The unique id of the user that owns this machine.

  • device_id - The unique id of the device that owns this machine.

Source

pub async fn with_store( user_id: &UserId, device_id: &DeviceId, store: impl IntoCryptoStore, custom_account: Option<Account>, ) -> StoreResult<Self>

Create a new OlmMachine with the given CryptoStore.

The created machine will keep the encryption keys only in memory and once the object is dropped the keys will be lost.

If the store already contains encryption keys for the given user/device pair those will be re-used. Otherwise new ones will be created and stored.

§Arguments
  • user_id - The unique id of the user that owns this machine.

  • device_id - The unique id of the device that owns this machine.

  • store - A CryptoStore implementation that will be used to store the encryption keys.

  • custom_account - A custom vodozemac::olm::Account to be used for the identity and one-time keys of this OlmMachine. If no account is provided, a new default one or one from the store will be used. If an account is provided and one already exists in the store for this UserId/DeviceId combination, an error will be raised. This is useful if one wishes to create identity keys before knowing the user/device IDs, e.g., to use the identity key as the device ID.

Source

pub fn store(&self) -> &Store

Get the crypto store associated with this OlmMachine instance.

Source

pub fn user_id(&self) -> &UserId

The unique user id that owns this OlmMachine instance.

Source

pub fn device_id(&self) -> &DeviceId

The unique device ID that identifies this OlmMachine.

Source

pub fn device_creation_time(&self) -> MilliSecondsSinceUnixEpoch

The time at which the Account backing this OlmMachine was created.

An Account is created when an OlmMachine is first instantiated against a given Store, at which point it creates identity keys etc. This method returns the timestamp, according to the local clock, at which that happened.

Source

pub fn identity_keys(&self) -> IdentityKeys

Get the public parts of our Olm identity keys.

Source

pub async fn display_name(&self) -> StoreResult<Option<String>>

Get the display name of our own device

Source

pub async fn tracked_users(&self) -> StoreResult<HashSet<OwnedUserId>>

Get the list of “tracked users”.

See update_tracked_users for more information.

Source

pub fn set_room_key_requests_enabled(&self, enable: bool)

Enable or disable room key requests.

Room key requests allow the device to request room keys that it might have missed in the original share using m.room_key_request events.

See also OlmMachine::set_room_key_forwarding_enabled and OlmMachine::are_room_key_requests_enabled.

Source

pub fn are_room_key_requests_enabled(&self) -> bool

Query whether we should send outgoing m.room_key_requests on decryption failure.

See also OlmMachine::set_room_key_requests_enabled.

Source

pub fn set_room_key_forwarding_enabled(&self, enable: bool)

Enable or disable room key forwarding.

If room key forwarding is enabled, we will automatically reply to incoming m.room_key_request messages from verified devices by forwarding the requested key (if we have it).

See also OlmMachine::set_room_key_requests_enabled and OlmMachine::is_room_key_forwarding_enabled.

Source

pub fn is_room_key_forwarding_enabled(&self) -> bool

Is room key forwarding enabled?

See also OlmMachine::set_room_key_forwarding_enabled.

Source

pub async fn outgoing_requests(&self) -> StoreResult<Vec<OutgoingRequest>>

Get the outgoing requests that need to be sent out.

This returns a list of OutgoingRequest. Those requests need to be sent out to the server and the responses need to be passed back to the state machine using mark_request_as_sent.

Source

pub fn query_keys_for_users<'a>( &self, users: impl IntoIterator<Item = &'a UserId>, ) -> (OwnedTransactionId, KeysQueryRequest)

Generate an “out-of-band” key query request for the given set of users.

This can be useful if we need the results from get_identity or get_user_devices to be as up-to-date as possible.

Note that this request won’t be awaited by other calls waiting for a user’s or device’s keys, since this is an out-of-band query.

§Arguments
  • users - list of users whose keys should be queried
§Returns

A request to be sent out to the server. Once sent, the response should be passed back to the state machine using mark_request_as_sent.

Source

pub async fn mark_request_as_sent<'a>( &self, request_id: &TransactionId, response: impl Into<AnyIncomingResponse<'a>>, ) -> Result<(), OlmError>

Mark the request with the given request id as sent.

§Arguments
  • request_id - The unique id of the request that was sent out. This is needed to couple the response with the now sent out request.

  • response - The response that was received from the server after the outgoing request was sent out.

Source

pub async fn bootstrap_cross_signing( &self, reset: bool, ) -> StoreResult<CrossSigningBootstrapRequests>

Create a new cross signing identity and get the upload request to push the new public keys to the server.

Warning: if called with reset, this will delete any existing cross signing keys that might exist on the server and thus will reset the trust between all the devices.

§Returns

A triple of requests which should be sent out to the server, in the order they appear in the return tuple.

The first request’s response, if present, should be passed back to the state machine using mark_request_as_sent.

These requests may require user interactive auth.

Source

pub async fn upload_device_keys( &self, ) -> StoreResult<Option<(OwnedTransactionId, UploadKeysRequest)>>

Upload the device keys for this OlmMachine.

Warning: Do not use this method if OlmMachine::outgoing_requests() is already in use. This method is intended for explicitly uploading the device keys before starting a sync and before using OlmMachine::outgoing_requests().

§Returns

A tuple containing a transaction ID and a request if the device keys need to be uploaded. Otherwise, returns None.

Source

pub async fn get_missing_sessions( &self, users: impl Iterator<Item = &UserId>, ) -> StoreResult<Option<(OwnedTransactionId, KeysClaimRequest)>>

Get a key claiming request for the user/device pairs that we are missing Olm sessions for.

Returns None if no key claiming request needs to be sent out.

Sessions need to be established between devices so group sessions for a room can be shared with them.

This should be called every time a group session needs to be shared as well as between sync calls. After a sync some devices may request room keys without us having a valid Olm session with them, making it impossible to server the room key request, thus it’s necessary to check for missing sessions between sync as well.

Note: Care should be taken that only one such request at a time is in flight, e.g. using a lock.

The response of a successful key claiming requests needs to be passed to the OlmMachine with the mark_request_as_sent.

§Arguments

users - The list of users that we should check if we lack a session with one of their devices. This can be an empty iterator when calling this method between sync requests.

Source

pub async fn encrypt_room_event( &self, room_id: &RoomId, content: impl MessageLikeEventContent, ) -> Result<Raw<RoomEncryptedEventContent>, MegolmError>

Encrypt a room message for the given room.

Beware that a room key needs to be shared before this method can be called using the OlmMachine::share_room_key method.

§Arguments
  • room_id - The id of the room for which the message should be encrypted.

  • content - The plaintext content of the message that should be encrypted.

§Panics

Panics if a room key for the given room wasn’t shared beforehand.

Source

pub async fn encrypt_room_event_raw( &self, room_id: &RoomId, event_type: &str, content: &Raw<AnyMessageLikeEventContent>, ) -> Result<Raw<RoomEncryptedEventContent>, MegolmError>

Encrypt a raw JSON content for the given room.

This method is equivalent to the OlmMachine::encrypt_room_event() method but operates on an arbitrary JSON value instead of strongly-typed event content struct.

§Arguments
  • room_id - The id of the room for which the message should be encrypted.

  • content - The plaintext content of the message that should be encrypted as a raw JSON value.

  • event_type - The plaintext type of the event.

§Panics

Panics if a group session for the given room wasn’t shared beforehand.

Source

pub async fn discard_room_key(&self, room_id: &RoomId) -> StoreResult<bool>

Forces the currently active room key, which is used to encrypt messages, to be rotated.

A new room key will be crated and shared with all the room members the next time a message will be sent. You don’t have to call this method, room keys will be rotated automatically when necessary. This method is still useful for debugging purposes.

Returns true if a session was invalidated, false if there was no session to invalidate.

Source

pub async fn share_room_key( &self, room_id: &RoomId, users: impl Iterator<Item = &UserId>, encryption_settings: impl Into<EncryptionSettings>, ) -> Result<Vec<Arc<ToDeviceRequest>>, OlmError>

Get to-device requests to share a room key with users in a room.

§Arguments

room_id - The room id of the room where the room key will be used.

users - The list of users that should receive the room key.

settings - Encryption settings that affect when are room keys rotated and who are they shared with.

§Returns

List of the to-device requests that need to be sent out to the server and the responses need to be passed back to the state machine with mark_request_as_sent, using the to-device txn_id as request_id.

Source

pub async fn receive_unencrypted_verification_event( &self, event: &AnyMessageLikeEvent, ) -> StoreResult<()>

👎Deprecated since 0.7.0: Use OlmMachine::receive_verification_event instead

Receive an unencrypted verification event.

This method can be used to pass verification events that are happening in unencrypted rooms to the OlmMachine.

Note: This does not need to be called for encrypted events since those will get passed to the OlmMachine during decryption.

Source

pub async fn receive_verification_event( &self, event: &AnyMessageLikeEvent, ) -> StoreResult<()>

Receive a verification event.

in rooms to the OlmMachine. The event should be in the decrypted form. in rooms to the OlmMachine.

Source

pub fn get_verification( &self, user_id: &UserId, flow_id: &str, ) -> Option<Verification>

Get a verification object for the given user id with the given flow id.

Source

pub fn get_verification_request( &self, user_id: &UserId, flow_id: impl AsRef<str>, ) -> Option<VerificationRequest>

Get a verification request object with the given flow id.

Source

pub fn get_verification_requests( &self, user_id: &UserId, ) -> Vec<VerificationRequest>

Get all the verification requests of a given user.

Source

pub async fn receive_sync_changes( &self, sync_changes: EncryptionSyncChanges<'_>, ) -> Result<(Vec<Raw<AnyToDeviceEvent>>, Vec<RoomKeyInfo>), OlmError>

Handle a to-device and one-time key counts from a sync response.

This will decrypt and handle to-device events returning the decrypted versions of them.

To decrypt an event from the room timeline, call decrypt_room_event.

§Arguments
§Returns

A tuple of (decrypted to-device events, updated room keys).

Source

pub async fn request_room_key( &self, event: &Raw<EncryptedEvent>, room_id: &RoomId, ) -> Result<(Option<OutgoingRequest>, OutgoingRequest), MegolmError>

Request a room key from our devices.

This method will return a request cancellation and a new key request if the key was already requested, otherwise it will return just the key request.

The request cancellation must be sent out before the request is sent out, otherwise devices will ignore the key request.

§Arguments
  • room_id - The id of the room where the key is used in.

  • sender_key - The curve25519 key of the sender that owns the key.

  • session_id - The id that uniquely identifies the session.

Source

pub async fn query_missing_secrets_from_other_sessions( &self, ) -> StoreResult<bool>

Request missing local secrets from our devices (cross signing private keys, megolm backup). This will ask the sdk to create outgoing request to get the missing secrets.

The requests will be processed as soon as outgoing_requests() is called to process them.

§Returns

A bool result saying if actual secrets were missing and have been requested

§Examples
if machine.query_missing_secrets_from_other_sessions().await.unwrap() {
    let to_send = machine.outgoing_requests().await.unwrap();
    // send the to device requests
};
Source

pub async fn try_decrypt_room_event( &self, raw_event: &Raw<EncryptedEvent>, room_id: &RoomId, decryption_settings: &DecryptionSettings, ) -> Result<RoomEventDecryptionResult, CryptoStoreError>

Attempt to decrypt an event from a room timeline, returning information on the failure if it fails.

§Arguments
  • event - The event that should be decrypted.

  • room_id - The ID of the room where the event was sent to.

§Returns

The decrypted event, if it was successfully decrypted. Otherwise, information on the failure, unless the failure was due to an internal error, in which case, an Err result.

Source

pub async fn decrypt_room_event( &self, event: &Raw<EncryptedEvent>, room_id: &RoomId, decryption_settings: &DecryptionSettings, ) -> Result<DecryptedRoomEvent, MegolmError>

Decrypt an event from a room timeline.

§Arguments
  • event - The event that should be decrypted.

  • room_id - The ID of the room where the event was sent to.

Source

pub async fn is_room_key_available( &self, event: &Raw<EncryptedEvent>, room_id: &RoomId, ) -> Result<bool, CryptoStoreError>

Check if we have the room key for the given event in the store.

§Arguments
  • event - The event to get information for.
  • room_id - The ID of the room where the event was sent to.
Source

pub async fn get_room_event_encryption_info( &self, event: &Raw<EncryptedEvent>, room_id: &RoomId, ) -> Result<EncryptionInfo, MegolmError>

Get encryption info for a decrypted timeline event.

This recalculates the EncryptionInfo data that is returned by OlmMachine::decrypt_room_event, based on the current verification status of the sender, etc.

Returns an error for an unencrypted event.

§Arguments
  • event - The event to get information for.
  • room_id - The ID of the room where the event was sent to.
Source

pub async fn update_tracked_users( &self, users: impl IntoIterator<Item = &UserId>, ) -> StoreResult<()>

Update the list of tracked users.

The OlmMachine maintains a list of users whose devices we are keeping track of: these are known as “tracked users”. These must be users that we share a room with, so that the server sends us updates for their device lists.

§Arguments
  • users - An iterator over user ids that should be added to the list of tracked users

Any users that hadn’t been seen before will be flagged for a key query immediately, and whenever OlmMachine::receive_sync_changes() receives a “changed” notification for that user in the future.

Users that were already in the list are unaffected.

Source

pub async fn mark_all_tracked_users_as_dirty(&self) -> StoreResult<()>

Mark all tracked users as dirty.

All users whose device lists we are tracking are flagged as needing a key query. Users whose devices we are not tracking are ignored.

Source

pub async fn get_device( &self, user_id: &UserId, device_id: &DeviceId, timeout: Option<Duration>, ) -> StoreResult<Option<Device>>

Get a specific device of a user.

§Arguments
  • user_id - The unique id of the user that the device belongs to.

  • device_id - The unique id of the device.

  • timeout - The amount of time we should wait before returning if the user’s device list has been marked as stale. Note, this assumes that the requests from OlmMachine::outgoing_requests are being processed and sent out.

Returns a Device if one is found and the crypto store didn’t throw an error.

§Examples
let device = machine.get_device(&alice, device_id!("DEVICEID"), None).await;

println!("{:?}", device);
Source

pub async fn get_identity( &self, user_id: &UserId, timeout: Option<Duration>, ) -> StoreResult<Option<UserIdentity>>

Get the cross signing user identity of a user.

§Arguments
  • user_id - The unique id of the user that the identity belongs to

  • timeout - The amount of time we should wait before returning if the user’s device list has been marked as stale. Note, this assumes that the requests from OlmMachine::outgoing_requests are being processed and sent out.

Returns a UserIdentity enum if one is found and the crypto store didn’t throw an error.

Source

pub async fn get_user_devices( &self, user_id: &UserId, timeout: Option<Duration>, ) -> StoreResult<UserDevices>

Get a map holding all the devices of an user.

§Arguments
  • user_id - The unique id of the user that the devices belong to.

  • timeout - The amount of time we should wait before returning if the user’s device list has been marked as stale. Note, this assumes that the requests from OlmMachine::outgoing_requests are being processed and sent out.

§Examples
let devices = machine.get_user_devices(&alice, None).await.unwrap();

for device in devices.devices() {
    println!("{:?}", device);
}
Source

pub async fn cross_signing_status(&self) -> CrossSigningStatus

Get the status of the private cross signing keys.

This can be used to check which private cross signing keys we have stored locally.

Source

pub async fn export_cross_signing_keys( &self, ) -> StoreResult<Option<CrossSigningKeyExport>>

Export all the private cross signing keys we have.

The export will contain the seed for the ed25519 keys as a unpadded base64 encoded string.

This method returns None if we don’t have any private cross signing keys.

Source

pub async fn import_cross_signing_keys( &self, export: CrossSigningKeyExport, ) -> Result<CrossSigningStatus, SecretImportError>

Import our private cross signing keys.

The export needs to contain the seed for the ed25519 keys as an unpadded base64 encoded string.

Source

pub async fn sign(&self, message: &str) -> Result<Signatures, CryptoStoreError>

Sign the given message using our device key and if available cross signing master key.

Presently, this should only be used for signing the server-side room key backups.

Source

pub fn backup_machine(&self) -> &BackupMachine

Get a reference to the backup related state machine.

This state machine can be used to incrementally backup all room keys to the server.

Source

pub async fn initialize_crypto_store_generation( &self, generation: &Mutex<Option<u64>>, ) -> StoreResult<()>

Syncs the database and in-memory generation counter.

This requires that the crypto store lock has been acquired already.

Source

pub async fn maintain_crypto_store_generation( &self, generation: &Mutex<Option<u64>>, ) -> StoreResult<(bool, u64)>

If needs be, update the local and on-disk crypto store generation.

§Requirements
  • This assumes that initialize_crypto_store_generation has been called beforehand.
  • This requires that the crypto store lock has been acquired.
§Arguments
  • generation - The in-memory generation counter (or rather, the Mutex wrapping it). This defines the “expected” generation on entry, and, if we determine an update is needed, is updated to hold the “new” generation.
§Returns

A tuple containing:

  • A bool, set to true if another process has updated the generation number in the Store since our expected value, and as such we’ve incremented and updated it in the database. Otherwise, false.

  • The (possibly updated) generation counter.

Source

pub fn dehydrated_devices(&self) -> DehydratedDevices

Manage dehydrated devices.

Source

pub async fn room_settings( &self, room_id: &RoomId, ) -> StoreResult<Option<RoomSettings>>

Get the stored encryption settings for the given room, such as the encryption algorithm or whether to encrypt only for trusted devices.

These settings can be modified via OlmMachine::set_room_settings.

Source

pub async fn set_room_settings( &self, room_id: &RoomId, new_settings: &RoomSettings, ) -> Result<(), SetRoomSettingsError>

Store encryption settings for the given room.

This method checks if the new settings are “safe” – ie, that they do not represent a downgrade in encryption security from any previous settings. Attempts to downgrade security will result in a SetRoomSettingsError::EncryptionDowngrade.

If the settings are valid, they will be persisted to the crypto store. These settings are not used directly by this library, but the saved settings can be retrieved via OlmMachine::room_settings.

Trait Implementations§

Source§

impl Clone for OlmMachine

Source§

fn clone(&self) -> OlmMachine

Returns a copy of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for OlmMachine

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dst: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dst. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, W> HasTypeWitness<W> for T
where W: MakeTypeWitness<Arg = T>, T: ?Sized,

Source§

const WITNESS: W = W::MAKE

A constant of the type witness
Source§

impl<T> Identity for T
where T: ?Sized,

Source§

const TYPE_EQ: TypeEq<T, <T as Identity>::Type> = TypeEq::NEW

Proof that Self is the same type as Self::Type, provides methods for casting between Self and Self::Type.
Source§

type Type = T

The same type as Self, used to emulate type equality bounds (T == U) with associated type equality constraints (T: Identity<Type = U>).
Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

impl<T> AsyncTraitDeps for T

Source§

impl<T> ErasedDestructor for T
where T: 'static,

Source§

impl<T> MaybeSendSync for T

Source§

impl<T> SendOutsideWasm for T
where T: Send,

Source§

impl<T> SyncOutsideWasm for T
where T: Sync,