Skip to content

MatrixRTC: ToDevice distribution for media stream keys #4785

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 9 commits into from
Apr 10, 2025
Merged

MatrixRTC: ToDevice distribution for media stream keys #4785

Show file tree
Hide file tree
Changes from 8 commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
0a587e9
MatrixRTC: ToDevice distribution for media stream keys
BillCarsonFr Apr 2, 2025
233fd85
test: Add RTC to device transport test
BillCarsonFr Apr 7, 2025
b3b5347
lint
BillCarsonFr Apr 7, 2025
598a31c
fix key indexing
toger5 Apr 8, 2025
3dd55e4
fix indexing take two
toger5 Apr 8, 2025
96382ca
test: add test for join config `useExperimentalToDeviceTransport`
BillCarsonFr Apr 9, 2025
5c01a2d
update test to fail without the fixed encryption key index
toger5 Apr 9, 2025
778db8c
review
toger5 Apr 9, 2025
a9aa68d
review (dave)
toger5 Apr 9, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 4 additions & 3 deletions spec/unit/embedded.spec.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -722,13 +722,14 @@ describe("RoomWidgetClient", () => {
expect(widgetApi.sendToDevice).toHaveBeenCalledWith("org.example.foo", false, expectedRequestData);
});

it("sends encrypted (encryptAndSendToDevices)", async () => {
it("sends encrypted (encryptAndSendToDevice)", async () => {
await makeClient({ sendToDevice: ["org.example.foo"] });
expect(widgetApi.requestCapabilityToSendToDevice).toHaveBeenCalledWith("org.example.foo");

const payload = { type: "org.example.foo", hello: "world" };
const payload = { hello: "world" };
const embeddedClient = client as RoomWidgetClient;
await embeddedClient.encryptAndSendToDevices(
await embeddedClient.encryptAndSendToDevice(
"org.example.foo",
[
{ userId: "@alice:example.org", deviceId: "aliceWeb" },
{ userId: "@bob:example.org", deviceId: "bobDesktop" },
Expand Down
44 changes: 41 additions & 3 deletions spec/unit/matrixrtc/MatrixRTCSession.spec.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -486,14 +486,17 @@ describe("MatrixRTCSession", () => {
let sendStateEventMock: jest.Mock;
let sendDelayedStateMock: jest.Mock;
let sendEventMock: jest.Mock;
let sendToDeviceMock: jest.Mock;

beforeEach(() => {
sendStateEventMock = jest.fn();
sendDelayedStateMock = jest.fn();
sendEventMock = jest.fn();
sendToDeviceMock = jest.fn();
client.sendStateEvent = sendStateEventMock;
client._unstable_sendDelayedStateEvent = sendDelayedStateMock;
client.sendEvent = sendEventMock;
client.encryptAndSendToDevice = sendToDeviceMock;

mockRoom = makeMockRoom([]);
sess = MatrixRTCSession.roomSessionForRoom(client, mockRoom);
Expand Down Expand Up @@ -832,6 +835,7 @@ describe("MatrixRTCSession", () => {
it("rotates key if a member leaves", async () => {
jest.useFakeTimers();
try {
const KEY_DALAY = 3000;
const member2 = Object.assign({}, membershipTemplate, {
device_id: "BBBBBBB",
});
Expand All @@ -852,7 +856,8 @@ describe("MatrixRTCSession", () => {
sendEventMock.mockImplementation((_roomId, _evType, payload) => resolve(payload));
});

sess.joinRoomSession([mockFocus], mockFocus, { manageMediaKeys: true });
sess.joinRoomSession([mockFocus], mockFocus, { manageMediaKeys: true, makeKeyDelay: KEY_DALAY });
const sendKeySpy = jest.spyOn((sess as unknown as any).encryptionManager.transport, "sendKey");
const firstKeysPayload = await keysSentPromise1;
expect(firstKeysPayload.keys).toHaveLength(1);
expect(firstKeysPayload.keys[0].index).toEqual(0);
Expand All @@ -869,14 +874,24 @@ describe("MatrixRTCSession", () => {
.mockReturnValue(makeMockRoomState([membershipTemplate], mockRoom.roomId));
sess.onRTCSessionMemberUpdate();

jest.advanceTimersByTime(10000);
jest.advanceTimersByTime(3000);
expect(sendKeySpy).toHaveBeenCalledTimes(1);
// check that we send the key with index 1 even though the send gets delayed when leaving.
// this makes sure we do not use an index that is one too old.
expect(sendKeySpy).toHaveBeenLastCalledWith(expect.any(String), 1, sess.memberships);
// fake a condition in which we send another encryption key event.
// this could happen do to someone joining the call.
(sess as unknown as any).encryptionManager.sendEncryptionKeysEvent();
expect(sendKeySpy).toHaveBeenLastCalledWith(expect.any(String), 1, sess.memberships);
jest.advanceTimersByTime(7000);

const secondKeysPayload = await keysSentPromise2;

expect(secondKeysPayload.keys).toHaveLength(1);
expect(secondKeysPayload.keys[0].index).toEqual(1);
expect(onMyEncryptionKeyChanged).toHaveBeenCalledTimes(2);
expect(sess!.statistics.counters.roomEventEncryptionKeysSent).toEqual(2);
// initial, on leave and the fake one we do with: `(sess as unknown as any).encryptionManager.sendEncryptionKeysEvent();`
expect(sess!.statistics.counters.roomEventEncryptionKeysSent).toEqual(3);
} finally {
jest.useRealTimers();
}
Expand Down Expand Up @@ -965,6 +980,29 @@ describe("MatrixRTCSession", () => {
jest.useRealTimers();
}
});

it("send key as to device", async () => {
jest.useFakeTimers();
try {
const keySentPromise = new Promise((resolve) => {
sendToDeviceMock.mockImplementation(resolve);
});

const mockRoom = makeMockRoom([membershipTemplate]);
sess = MatrixRTCSession.roomSessionForRoom(client, mockRoom);

sess!.joinRoomSession([mockFocus], mockFocus, {
manageMediaKeys: true,
useExperimentalToDeviceTransport: true,
});

await keySentPromise;

expect(sendToDeviceMock).toHaveBeenCalled();
} finally {
jest.useRealTimers();
}
});
});

describe("receiving", () => {
Expand Down
2 changes: 1 addition & 1 deletion spec/unit/matrixrtc/RoomKeyTransport.spec.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ import { KeyTransportEvents } from "../../../src/matrixrtc/IKeyTransport";
import { EventType, MatrixClient, RoomEvent } from "../../../src";
import type { IRoomTimelineData, MatrixEvent, Room } from "../../../src";

describe("RoomKyTransport", () => {
describe("RoomKeyTransport", () => {
let client: MatrixClient;
let room: Room & {
emitTimelineEvent: (event: MatrixEvent) => void;
Expand Down
259 changes: 259 additions & 0 deletions spec/unit/matrixrtc/ToDeviceKeyTransport.spec.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,259 @@
/*
Copyright 2025 The Matrix.org Foundation C.I.C.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

import { type Mocked } from "jest-mock";

import { makeMockEvent, membershipTemplate, mockCallMembership } from "./mocks";
import { ClientEvent, EventType, type MatrixClient } from "../../../src";
import { ToDeviceKeyTransport } from "../../../src/matrixrtc/ToDeviceKeyTransport.ts";
import { getMockClientWithEventEmitter } from "../../test-utils/client.ts";
import { type Statistics } from "../../../src/matrixrtc";
import { KeyTransportEvents } from "../../../src/matrixrtc/IKeyTransport.ts";
import { defer } from "../../../src/utils.ts";
import { type Logger } from "../../../src/logger.ts";

describe("ToDeviceKeyTransport", () => {
const roomId = "!room:id";

let mockClient: Mocked<MatrixClient>;
let statistics: Statistics;
let mockLogger: Mocked<Logger>;
let transport: ToDeviceKeyTransport;

function setup() {
mockClient = getMockClientWithEventEmitter({
encryptAndSendToDevice: jest.fn(),
});
mockLogger = {
debug: jest.fn(),
warn: jest.fn(),
} as unknown as Mocked<Logger>;
statistics = {
counters: {
roomEventEncryptionKeysSent: 0,
roomEventEncryptionKeysReceived: 0,
},
totals: {
roomEventEncryptionKeysReceivedTotalAge: 0,
},
};

transport = new ToDeviceKeyTransport("@alice:example.org", "MYDEVICE", roomId, mockClient, statistics, {
getChild: jest.fn().mockReturnValue(mockLogger),
} as unknown as Mocked<Logger>);
}

it("should send my keys on via to device", async () => {
setup();

transport.start();

const keyBase64Encoded = "ABCDEDF";
const keyIndex = 2;
await transport.sendKey(keyBase64Encoded, keyIndex, [
mockCallMembership(
Object.assign({}, membershipTemplate, { device_id: "BOBDEVICE" }),
roomId,
"@bob:example.org",
),
mockCallMembership(
Object.assign({}, membershipTemplate, { device_id: "CARLDEVICE" }),
roomId,
"@carl:example.org",
),
mockCallMembership(
Object.assign({}, membershipTemplate, { device_id: "MATDEVICE" }),
roomId,
"@mat:example.org",
),
]);

expect(mockClient.encryptAndSendToDevice).toHaveBeenCalledTimes(1);
expect(mockClient.encryptAndSendToDevice).toHaveBeenCalledWith(
"io.element.call.encryption_keys",
[
{ userId: "@bob:example.org", deviceId: "BOBDEVICE" },
{ userId: "@carl:example.org", deviceId: "CARLDEVICE" },
{ userId: "@mat:example.org", deviceId: "MATDEVICE" },
],
{
keys: {
index: keyIndex,
key: keyBase64Encoded,
},
member: {
claimed_device_id: "MYDEVICE",
},
room_id: roomId,
session: {
application: "m.call",
call_id: "",
scope: "m.room",
},
},
);

expect(statistics.counters.roomEventEncryptionKeysSent).toBe(1);
});

it("should emit when a key is received", async () => {
setup();

const deferred = defer<{ userId: string; deviceId: string; keyBase64Encoded: string; index: number }>();
transport.on(KeyTransportEvents.ReceivedKeys, (userId, deviceId, keyBase64Encoded, index, timestamp) => {
deferred.resolve({ userId, deviceId, keyBase64Encoded, index });
});
transport.start();

const testEncoded = "ABCDEDF";
const testKeyIndex = 2;

mockClient.emit(
ClientEvent.ToDeviceEvent,
makeMockEvent(EventType.CallEncryptionKeysPrefix, "@bob:example.org", undefined, {
keys: {
index: testKeyIndex,
key: testEncoded,
},
member: {
claimed_device_id: "BOBDEVICE",
},
room_id: roomId,
session: {
application: "m.call",
call_id: "",
scope: "m.room",
},
}),
);

const { userId, deviceId, keyBase64Encoded, index } = await deferred.promise;
expect(userId).toBe("@bob:example.org");
expect(deviceId).toBe("BOBDEVICE");
expect(keyBase64Encoded).toBe(testEncoded);
expect(index).toBe(testKeyIndex);

expect(statistics.counters.roomEventEncryptionKeysReceived).toBe(1);
});

it("should not sent to ourself", async () => {
setup();

const keyBase64Encoded = "ABCDEDF";
const keyIndex = 2;
await transport.sendKey(keyBase64Encoded, keyIndex, [
mockCallMembership(
Object.assign({}, membershipTemplate, { device_id: "MYDEVICE" }),
roomId,
"@alice:example.org",
),
]);

transport.start();

expect(mockClient.encryptAndSendToDevice).toHaveBeenCalledTimes(0);
});

it("should warn when there is a room mismatch", () => {
setup();

transport.start();

const testEncoded = "ABCDEDF";
const testKeyIndex = 2;

mockClient.emit(
ClientEvent.ToDeviceEvent,
makeMockEvent(EventType.CallEncryptionKeysPrefix, "@bob:example.org", undefined, {
keys: {
index: testKeyIndex,
key: testEncoded,
},
member: {
claimed_device_id: "BOBDEVICE",
},
room_id: "!anotherroom:id",
session: {
application: "m.call",
call_id: "",
scope: "m.room",
},
}),
);

expect(mockLogger.warn).toHaveBeenCalledWith("Malformed Event: Mismatch roomId");
expect(statistics.counters.roomEventEncryptionKeysReceived).toBe(0);
});

describe("malformed events", () => {
const MALFORMED_EVENT = [
{
keys: {},
member: { claimed_device_id: "MYDEVICE" },
room_id: "!room:id",
session: { application: "m.call", call_id: "", scope: "m.room" },
},
{
keys: { index: 0 },
member: { claimed_device_id: "MYDEVICE" },
room_id: "!room:id",
session: { application: "m.call", call_id: "", scope: "m.room" },
},
{
keys: { keys: "ABCDEF" },
member: { claimed_device_id: "MYDEVICE" },
room_id: "!room:id",
session: { application: "m.call", call_id: "", scope: "m.room" },
},
{
keys: { keys: "ABCDEF", index: 2 },
room_id: "!room:id",
session: { application: "m.call", call_id: "", scope: "m.room" },
},
{
keys: { keys: "ABCDEF", index: 2 },
member: {},
room_id: "!room:id",
session: { application: "m.call", call_id: "", scope: "m.room" },
},
{
keys: { keys: "ABCDEF", index: 2 },
member: { claimed_device_id: "MYDEVICE" },
session: { application: "m.call", call_id: "", scope: "m.room" },
},
{
keys: { keys: "ABCDEF", index: 2 },
member: { claimed_device_id: "MYDEVICE" },
room_id: "!room:id",
session: { application: "m.call", call_id: "", scope: "m.room" },
},
];

test.each(MALFORMED_EVENT)("should warn on malformed event %j", (event) => {
setup();

transport.start();

mockClient.emit(
ClientEvent.ToDeviceEvent,
makeMockEvent(EventType.CallEncryptionKeysPrefix, "@bob:example.org", undefined, event),
);

expect(mockLogger.warn).toHaveBeenCalled();
expect(statistics.counters.roomEventEncryptionKeysReceived).toBe(0);
});
});
});
2 changes: 1 addition & 1 deletion spec/unit/matrixrtc/mocks.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -123,7 +123,7 @@ export function makeMockRoomState(membershipData: MembershipData, roomId: string
export function makeMockEvent(
type: string,
sender: string,
roomId: string,
roomId: string | undefined,
content: any,
timestamp?: number,
): MatrixEvent {
Expand Down
Loading