Tulir Asokan
bc79822eab
crypto: save source of megolm sessions
Go / Lint (latest) (push) Waiting to run
Go / Build (old, libolm) (push) Waiting to run
Go / Build (latest, libolm) (push) Waiting to run
Go / Build (old, goolm) (push) Waiting to run
Go / Build (latest, goolm) (push) Waiting to run
2026-02-21 01:06:12 +02:00
Tulir Asokan
974f7dc544
crypto/decryptmegolm: allow device key mismatches, but mark as untrusted
Go / Lint (latest) (push) Waiting to run
Go / Build (old, libolm) (push) Waiting to run
Go / Build (latest, libolm) (push) Waiting to run
Go / Build (old, goolm) (push) Waiting to run
Go / Build (latest, goolm) (push) Waiting to run
2026-02-19 14:10:20 +02:00
Tulir Asokan
de0d12e26a
goolm/crypto: add test to ensure shared secrets can't be zero
Go / Lint (latest) (push) Waiting to run
Go / Build (old, libolm) (push) Waiting to run
Go / Build (latest, libolm) (push) Waiting to run
Go / Build (old, goolm) (push) Waiting to run
Go / Build (latest, goolm) (push) Waiting to run
2026-02-18 12:53:37 +02:00
Tulir Asokan
60742c4b61
crypto: update test
Go / Lint (latest) (push) Waiting to run
Go / Build (old, libolm) (push) Waiting to run
Go / Build (latest, libolm) (push) Waiting to run
Go / Build (old, goolm) (push) Waiting to run
Go / Build (latest, goolm) (push) Waiting to run
2026-01-28 21:37:23 +02:00
Tulir Asokan
2423716f83
crypto/keysharing: don't send withheld response to some key requests
2026-01-28 21:34:07 +02:00
Tulir Asokan
b613f4d676
crypto/sessions: add missing field in export
2026-01-28 21:32:48 +02:00
Tulir Asokan
2c0d51ee7d
crypto/ssss: handle slightly broken key metadata better
2026-01-28 14:43:02 +02:00
Tulir Asokan
c4ce008c8e
crypto/ssss: skip verifying recovery key if MAC or IV are missing
Go / Lint (latest) (push) Waiting to run
Go / Build (old, libolm) (push) Waiting to run
Go / Build (latest, libolm) (push) Waiting to run
Go / Build (old, goolm) (push) Waiting to run
Go / Build (latest, goolm) (push) Waiting to run
2026-01-28 12:51:46 +02:00
Tulir Asokan
074a2d8d4d
crypto/keysharing: fix including sender key in forwards
Go / Lint (latest) (push) Has been cancelled
Go / Build (old, libolm) (push) Has been cancelled
Go / Build (latest, libolm) (push) Has been cancelled
Go / Build (old, goolm) (push) Has been cancelled
Go / Build (latest, goolm) (push) Has been cancelled
2026-01-26 01:39:44 +02:00
Tulir Asokan
a1236b65be
crypto/keyimport: call session received callback for all sessions in import
Go / Lint (latest) (push) Has been cancelled
Go / Build (old, libolm) (push) Has been cancelled
Go / Build (latest, libolm) (push) Has been cancelled
Go / Build (old, goolm) (push) Has been cancelled
Go / Build (latest, goolm) (push) Has been cancelled
2026-01-20 14:28:21 +02:00
Tulir Asokan
ec3cf5fbdd
crypto/decryptmegolm: add additional checks for megolm decryption
2026-01-17 01:02:39 +02:00
Tulir Asokan
b226c03277
crypto: add length check to hacky megolm message index parser
2026-01-17 00:55:16 +02:00
Tulir Asokan
f4434b33c6
crypto,bridgev2: add option to encrypt reactions and replies ( #445 )
2026-01-07 19:22:32 +02:00
Tulir Asokan
950ce6636e
crypto/goolm: include version number in version mismatches
2025-12-15 15:18:40 +02:00
Tulir Asokan
315d2ab17d
all: fix staticcheck issues
Go / Lint (latest) (push) Waiting to run
Go / Build (old, libolm) (push) Waiting to run
Go / Build (latest, libolm) (push) Waiting to run
Go / Build (old, goolm) (push) Waiting to run
Go / Build (latest, goolm) (push) Waiting to run
2025-12-08 00:07:25 +02:00
Nick Mills-Barrett
dc38165473
crypto: allow storing arbitrary metadata alongside encrypted account data
...
For example, the creation time of a key.
2025-11-26 10:42:32 +00:00
Tulir Asokan
4ec3fbb4ab
crypto/goolm: fix var bytes read overflow
2025-11-01 22:10:43 +01:00
Toni Spets
080ad4c0a0
crypto: Allow decrypting message content without event id or ts
...
Replay attack prevention shouldn't store empty event id or ts to
database if we're decrypting without them. This may happen if we are
looking into a future delayed event for example as it doesn't yet have
those.
We still prevent doing that if we already know them meaning we have
gotten the actual event through sync as that's also when a delayed event
would move from scheduled to finalised and then it also contains those
fields.
2025-10-14 14:22:42 +03:00
Tulir Asokan
13f251fe60
crypto/helper: don't block on decryption
Go / Lint (latest) (push) Has been cancelled
Go / Build (old, libolm) (push) Has been cancelled
Go / Build (latest, libolm) (push) Has been cancelled
Go / Build (old, goolm) (push) Has been cancelled
Go / Build (latest, goolm) (push) Has been cancelled
2025-10-05 12:30:54 +03:00
Tulir Asokan
acc449daf4
crypto: add basic group session sharing benchmark
2025-09-26 20:37:58 +03:00
Tulir Asokan
fa90bba820
crypto: don't check otk count if sharing new keys
2025-09-26 19:48:22 +03:00
Tulir Asokan
caca057b23
crypto/helper: always share keys when creating new device
2025-09-26 19:17:16 +03:00
Tulir Asokan
0685bd7786
crypto/verificationhelper: extract mockserver to new package
2025-09-26 16:56:48 +03:00
Tulir Asokan
5c580a7859
crypto/sqlstore: fix query used for olm unwedging
Go / Lint (latest) (push) Has been cancelled
Go / Build (old, libolm) (push) Has been cancelled
Go / Build (latest, libolm) (push) Has been cancelled
Go / Build (old, goolm) (push) Has been cancelled
Go / Build (latest, goolm) (push) Has been cancelled
2025-09-22 20:28:49 +03:00
Tulir Asokan
0a84c052dd
crypto: add utilities for cross-signing
2025-09-21 20:10:59 +03:00
Tulir Asokan
e932aff209
crypto/ssss: use constant time comparison when decrypting account data
Go / Lint (latest) (push) Waiting to run
Go / Build (old, libolm) (push) Waiting to run
Go / Build (latest, libolm) (push) Waiting to run
Go / Build (old, goolm) (push) Waiting to run
Go / Build (latest, goolm) (push) Waiting to run
2025-09-17 22:30:32 +03:00
Tulir Asokan
3a6f20bb62
crypto/sqlstore: ignore unused sessions in olm unwedging
Go / Lint (latest) (push) Waiting to run
Go / Build (old, libolm) (push) Waiting to run
Go / Build (latest, libolm) (push) Waiting to run
Go / Build (old, goolm) (push) Waiting to run
Go / Build (latest, goolm) (push) Waiting to run
2025-09-12 19:30:05 +03:00
Tulir Asokan
5dbab3ae99
crypto/machine: don't clear account on Destroy()
Go / Lint (latest) (push) Waiting to run
Go / Build (old, libolm) (push) Waiting to run
Go / Build (latest, libolm) (push) Waiting to run
Go / Build (old, goolm) (push) Waiting to run
Go / Build (latest, goolm) (push) Waiting to run
2025-09-11 14:46:21 +03:00
Tulir Asokan
87fe127414
crypto/decryptolm: retry prekey decryption with goolm
2025-09-11 14:17:24 +03:00
Tulir Asokan
c716f30959
crypto/register: don't use init in *olm packages
2025-09-11 14:14:15 +03:00
Tulir Asokan
84e5d6bda1
crypto/machine: allow canceling background context
2025-09-11 14:13:18 +03:00
Tulir Asokan
69869f7cb5
crypto: log active driver
2025-09-11 14:12:35 +03:00
Tulir Asokan
bdb9e22a43
crypto/libolm: clean up pointer management
2025-09-11 13:22:45 +03:00
Tulir Asokan
faa1c5ff8d
crypto/machine: log when loading olm account
Go / Lint (latest) (push) Waiting to run
Go / Build (old, libolm) (push) Waiting to run
Go / Build (latest, libolm) (push) Waiting to run
Go / Build (old, goolm) (push) Waiting to run
Go / Build (latest, goolm) (push) Waiting to run
2025-09-10 16:46:05 +03:00
Tulir Asokan
22a908d8d6
crypto/decryptolm: add debug logs for failing to decrypt with new session
2025-09-10 16:24:43 +03:00
Tulir Asokan
19f3b2179c
pre-commit: ban log.Str(x.String())
2025-08-29 11:07:16 +03:00
Brad Murray
fa7c1ae2bc
crypto/sqlstore: add index to make finding megolm sessions to backup faster ( #402 )
...
```
2025-08-24T22:23:19Z debug [MatrixBridgeV2] {"level":"warn","component":"matrix","component":"client_loop","subcomponent":"sync_key_backup_loop","rows":0,"duration_seconds":1.046191042,"method":"EndRows","query":"SELECT room_id, sender_key, signing_key, session, forwarding_chains, ratchet_safety, received_at, max_age, max_messages, is_scheduled, key_backup_version FROM crypto_megolm_inbound_session WHERE account_id=?1 AND session IS NOT NULL AND key_backup_version != ?2","time":"2025-08-24T22:23:19.22077Z","message":"Query took long"}
```
before:
```
sqlite> EXPLAIN SELECT room_id, sender_key, signing_key, session, forwarding_chains, ratchet_safety, received_at, max_age, max_messages, is_scheduled, key_backup_version FROM crypto_megolm_inbound_session WHERE account_id='@brad:beeper.com/CHNWOJWEUC' AND sessi
addr opcode p1 p2 p3 p4 p5 comment
---- ------------- ---- ---- ---- ------------- -- -------------
0 Init 0 25 0 0 Start at 25
1 OpenRead 0 48 0 15 0 root=48 iDb=0; crypto_megolm_inbound_session
2 OpenRead 1 49 0 k(3,,,) 2 root=49 iDb=0; sqlite_autoindex_crypto_megolm_inbound_session_1
3 String8 0 1 0 @brad:beeper.com/CHNWOJWEUC 0 r[1]='@brad:beeper.com/CHNWOJWEUC'
4 SeekGE 1 24 1 1 0 key=r[1]
5 IdxGT 1 24 1 1 0 key=r[1]
6 DeferredSeek 1 0 0 0 Move 0 to 1.rowid if needed
7 Column 0 5 2 128 r[2]= cursor 0 column 5
8 IsNull 2 23 0 0 if r[2]==NULL goto 23
9 Column 0 14 2 0 r[2]=crypto_megolm_inbound_session.key_backup_version
10 Eq 3 23 2 BINARY-8 82 if r[2]==r[3] goto 23
11 Column 0 4 4 0 r[4]= cursor 0 column 4
12 Column 0 2 5 0 r[5]= cursor 0 column 2
13 Column 0 3 6 0 r[6]= cursor 0 column 3
14 Column 0 5 7 0 r[7]= cursor 0 column 5
15 Column 0 6 8 0 r[8]= cursor 0 column 6
16 Column 0 9 9 0 r[9]= cursor 0 column 9
17 Column 0 10 10 0 r[10]= cursor 0 column 10
18 Column 0 11 11 0 r[11]= cursor 0 column 11
19 Column 0 12 12 0 r[12]= cursor 0 column 12
20 Column 0 13 13 0 0 r[13]=crypto_megolm_inbound_session.is_scheduled
21 Column 0 14 14 0 r[14]=crypto_megolm_inbound_session.key_backup_version
22 ResultRow 4 11 0 0 output=r[4..14]
23 Next 1 5 0 0
24 Halt 0 0 0 0
25 Transaction 0 0 55 0 1 usesStmtJournal=0
26 Integer 1 3 0 0 r[3]=1
27 Goto 0 1 0 0
sqlite> SELECT COUNT(*) FROM crypto_megolm_inbound_session ;
+----------+
| COUNT(*) |
+----------+
| 168792 |
+----------+
sqlite> SELECT COUNT(*) FROM crypto_megolm_inbound_session WHERE session IS NULL;
+----------+
| COUNT(*) |
+----------+
| 39 |
+----------+
sqlite> SELECT COUNT(*) FROM crypto_megolm_inbound_session WHERE key_backup_version != 1;
+----------+
| COUNT(*) |
+----------+
| 39 |
+----------+
```
after:
```
sqlite> CREATE INDEX idx_megolm_filtered
...> ON crypto_megolm_inbound_session(account_id, key_backup_version, session);
sqlite> EXPLAIN SELECT room_id, sender_key, signing_key, session, forwarding_chains, ratchet_safety, received_at, max_age, max_messages, is_scheduled, key_backup_version FROM crypto_megolm_inbound_session WHERE account_id='@brad:beeper.com/CHNWOJWEUC' AND session IS NOT NULL AND key_backup_version != 1;
addr opcode p1 p2 p3 p4 p5 comment
---- ------------- ---- ---- ---- ------------- -- -------------
0 Init 0 25 0 0 Start at 25
1 OpenRead 0 48 0 15 0 root=48 iDb=0; crypto_megolm_inbound_session
2 OpenRead 1 91264 0 k(4,,,,) 2 root=91264 iDb=0; idx_megolm_filtered
3 String8 0 1 0 @brad:beeper.com/CHNWOJWEUC 0 r[1]='@brad:beeper.com/CHNWOJWEUC'
4 SeekGE 1 24 1 1 0 key=r[1]
5 IdxGT 1 24 1 1 0 key=r[1]
6 DeferredSeek 1 0 0 0 Move 0 to 1.rowid if needed
7 Column 1 2 2 128 r[2]= cursor 1 column 2
8 IsNull 2 23 0 0 if r[2]==NULL goto 23
9 Column 1 1 2 0 r[2]=crypto_megolm_inbound_session.key_backup_version
10 Eq 3 23 2 BINARY-8 82 if r[2]==r[3] goto 23
11 Column 0 4 4 0 r[4]= cursor 0 column 4
12 Column 0 2 5 0 r[5]= cursor 0 column 2
13 Column 0 3 6 0 r[6]= cursor 0 column 3
14 Column 1 2 7 0 r[7]= cursor 1 column 2
15 Column 0 6 8 0 r[8]= cursor 0 column 6
16 Column 0 9 9 0 r[9]= cursor 0 column 9
17 Column 0 10 10 0 r[10]= cursor 0 column 10
18 Column 0 11 11 0 r[11]= cursor 0 column 11
19 Column 0 12 12 0 r[12]= cursor 0 column 12
20 Column 0 13 13 0 0 r[13]=crypto_megolm_inbound_session.is_scheduled
21 Column 1 1 14 0 r[14]=crypto_megolm_inbound_session.key_backup_version
22 ResultRow 4 11 0 0 output=r[4..14]
23 Next 1 5 0 0
24 Halt 0 0 0 0
25 Transaction 0 0 56 0 1 usesStmtJournal=0
26 Integer 1 3 0 0 r[3]=1
27 Goto 0 1 0 0
sqlite>
```
2025-08-25 08:03:13 -04:00
Tulir Asokan
baf54f57b6
crypto/encryptmegolm: add fallback for copying m.relates_to
Go / Lint (latest) (push) Has been cancelled
Go / Build (old, libolm) (push) Has been cancelled
Go / Build (latest, libolm) (push) Has been cancelled
Go / Build (old, goolm) (push) Has been cancelled
Go / Build (latest, goolm) (push) Has been cancelled
2025-08-19 19:44:53 +03:00
V02460
809333fcc5
verificationhelper: use static format strings ( #390 )
2025-08-13 20:32:21 +03:00
Tulir Asokan
5d84bddc62
crypto/attachments: hash correct data while decrypting
Go / Lint (latest) (push) Has been cancelled
Go / Build (old, libolm) (push) Has been cancelled
Go / Build (latest, libolm) (push) Has been cancelled
Go / Build (old, goolm) (push) Has been cancelled
Go / Build (latest, goolm) (push) Has been cancelled
2025-08-11 10:58:24 +03:00
Tulir Asokan
23df81f1cc
crypto/attachments: fix hash check when decrypting
2025-08-11 10:46:22 +03:00
Tulir Asokan
87d599c491
crypto: remove group session already shared error
Go / Lint (latest) (push) Waiting to run
Go / Build (old, libolm) (push) Waiting to run
Go / Build (latest, libolm) (push) Waiting to run
Go / Build (old, goolm) (push) Waiting to run
Go / Build (latest, goolm) (push) Waiting to run
2025-08-09 17:42:34 +03:00
Sumner Evans
654b6b1d45
crypto: replace t.Fatal and t.Error with require and assert
...
Go / Lint (latest) (push) Waiting to run
Go / Build (old, libolm) (push) Waiting to run
Go / Build (latest, libolm) (push) Waiting to run
Go / Build (old, goolm) (push) Waiting to run
Go / Build (latest, goolm) (push) Waiting to run
Signed-off-by: Sumner Evans <me@sumnerevans.com>
2025-08-02 12:22:24 -06:00
Tulir Asokan
09e4706fdb
crypto/backup: allow encrypting session without private key
Go / Lint (latest) (push) Has been cancelled
Go / Build (old, libolm) (push) Has been cancelled
Go / Build (latest, libolm) (push) Has been cancelled
Go / Build (old, goolm) (push) Has been cancelled
Go / Build (latest, goolm) (push) Has been cancelled
2025-08-01 14:13:55 +03:00
Tulir Asokan
d5223cdc8f
all: replace gorilla/mux with standard library
2025-07-28 14:56:09 +03:00
Brad Murray
d04d524209
crypto/verificationhelper: add method to verification done callback ( #385 )
Go / Lint (latest) (push) Waiting to run
Go / Build (old, libolm) (push) Waiting to run
Go / Build (latest, libolm) (push) Waiting to run
Go / Build (old, goolm) (push) Waiting to run
Go / Build (latest, goolm) (push) Waiting to run
2025-06-05 13:38:19 -04:00
Tulir Asokan
f23fc99ef4
crypto/cross_signing: allow json marshaling cross-signing key seeds
Go / Lint (latest) (push) Waiting to run
Go / Build (old, libolm) (push) Waiting to run
Go / Build (latest, libolm) (push) Waiting to run
Go / Build (old, goolm) (push) Waiting to run
Go / Build (latest, goolm) (push) Waiting to run
2025-05-10 11:35:06 +03:00
Tulir Asokan
72f6229f40
crypto: fix key export test
Go / Lint (latest) (push) Waiting to run
Go / Build (old, libolm) (push) Waiting to run
Go / Build (latest, libolm) (push) Waiting to run
Go / Build (old, goolm) (push) Waiting to run
Go / Build (latest, goolm) (push) Waiting to run
2025-05-06 23:18:23 +03:00
Tulir Asokan
0ffe3524f6
crypto/sql_store: ensure forwarding chains is always set instead of having fallback in getter
2025-05-06 22:55:23 +03:00
Tulir Asokan
bef23edaea
crypto/keysharing: ensure forwarding chains is always set
2025-05-06 22:50:46 +03:00
