Skip to content

MSC4147: Including device keys with Olm-encrypted events #4147

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 12 commits into from
Dec 10, 2024
Merged

MSC4147: Including device keys with Olm-encrypted events #4147

merged 12 commits into from
Dec 10, 2024

Conversation

uhoreg
Copy link
Member

@uhoreg uhoreg commented May 29, 2024
edited by turt2live
Loading

Rendered

disclosure: I am on the Spec Core Team and employed by Element. This MSC is written as part of my work in the Crypto team at Element

FCP tickyboxes

@uhoreg uhoreg changed the title MSCxxxx: Including device keys with Olm-encrypted events MSC4147: Including device keys with Olm-encrypted events May 29, 2024
@turt2live turt2live added proposal A matrix spec change proposal kind:maintenance MSC which clarifies/updates existing spec needs-implementation This MSC does not have a qualifying implementation for the SCT to review. The MSC cannot enter FCP. labels May 29, 2024
turt2live
turt2live reviewed May 29, 2024
View reviewed changes
turt2live
turt2live reviewed May 29, 2024
View reviewed changes
proposals/4147-including-device-keys-with-olm-encrypted-events.md
Copy link
Member

@turt2live turt2live May 29, 2024
edited by richvdh
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Implementation requirements:

  • Client sending this information
  • Client using this information
  • Demonstration of the core problem being solved (likely covered by the above tasks)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This has been implemented in the Rust matrix-sdk-crypto crate, both sending and using. Demonstration of the problem being solved: https://youtu.be/b1jJlT2ENT8?feature=shared&t=345

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few links to the implementation.

On the sender side, the field is added here.

On the receiver side, it is deserialized after decryption into a DecryptedOlmV1Event. It is then used in SenderDataFinder whose job it is to construct a SenderData which records our knowledge about the sending device for a given session.

clokep
clokep reviewed May 30, 2024
View reviewed changes
richvdh
richvdh reviewed Jun 12, 2024
View reviewed changes
richvdh
richvdh reviewed Jun 12, 2024
View reviewed changes
@andybalaam andybalaam mentioned this pull request Jun 13, 2024
Closed
poljar pushed a commit to matrix-org/matrix-rust-sdk that referenced this pull request Jun 27, 2024
@uhoreg
Embed device keys in Olm-encrypted messages (#3517)
d41af39 
This patch implements MSC4147[1].

Signed-off-by: Hubert Chathi <hubertc@matrix.org>

[1]: matrix-org/matrix-spec-proposals#4147
ara4n
ara4n reviewed Jun 30, 2024
View reviewed changes
@andybalaam andybalaam mentioned this pull request Jul 1, 2024
Merged
BillCarsonFr
BillCarsonFr reviewed Jul 3, 2024
View reviewed changes
@pmaier1 pmaier1 mentioned this pull request Sep 5, 2024
Open
@uhoreg uhoreg mentioned this pull request Oct 17, 2024
Closed
@richvdh
Copy link
Member

richvdh commented Nov 2, 2024

I think this is ready for FCP, so:

@mscbot fcp merge

@mscbot
Copy link
Collaborator

mscbot commented Nov 2, 2024
edited by clokep
Loading

Team member @mscbot has proposed to merge this. The next step is review by the rest of the tagged people:

Concerns:

  • implementation-needs-checking label

Once at least 75% of reviewers approve (and there are no outstanding concerns), this will enter its final comment period. If you spot a major issue that hasn't been raised at any point in this process, please speak up!

See this document for information about what commands tagged team members can give me.

@mscbot mscbot added proposed-final-comment-period Currently awaiting signoff of a majority of team members in order to enter the final comment period. disposition-merge labels Nov 2, 2024
@mscbot mscbot added the final-comment-period This MSC has entered a final comment period in interest to approval, postpone, or delete in 5 days. label Dec 5, 2024
@clokep
Copy link
Member

clokep commented Dec 5, 2024

Thanks for answering all my questions @richvdh -- I think this is OK as an incremental improvement, but sounds like we might need to do a bigger improvement at some point in the future.

@mscbot
Copy link
Collaborator

mscbot commented Dec 10, 2024

The final comment period, with a disposition to merge, as per the review above, is now complete.

@mscbot mscbot added finished-final-comment-period and removed disposition-merge final-comment-period This MSC has entered a final comment period in interest to approval, postpone, or delete in 5 days. labels Dec 10, 2024
@richvdh richvdh merged commit 51ebe01 into matrix-org:main Dec 10, 2024
1 check passed
@richvdh richvdh added spec-pr-missing Proposal has been implemented and is being used in the wild but hasn't yet been added to the spec and removed finished-final-comment-period labels Dec 10, 2024
andybalaam
andybalaam reviewed Jan 10, 2025
View reviewed changes
proposals/4147-including-device-keys-with-olm-encrypted-events.md

We propose to solve this by including a copy of the device keys in the
Olm-encrypted message, along with the cross-signing signatures, so that the
recipient does not have to try to query the sender's keys.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is the intention to make sender_device_keys mandatory, and drop to-device messages that do not include it?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That was very much not part of this MSC. It's something we could do in future, but IMHO it would need another MSC, and careful thought, since it would mean cutting off the significant part of the ecosystem which doesn't yet implement this MSC.

@uhoreg uhoreg mentioned this pull request Feb 24, 2025
Closed
@Johennes Johennes mentioned this pull request Mar 28, 2025
Merged
3 tasks
@Johennes
Copy link
Contributor

Spec PR: matrix-org/matrix-spec#2122

@turt2live turt2live moved this from Requires spec writing to Requires spec PR review in Spec Core Team Backlog Mar 28, 2025
@turt2live turt2live added spec-pr-in-review A proposal which has been PR'd against the spec and is in review and removed spec-pr-missing Proposal has been implemented and is being used in the wild but hasn't yet been added to the spec labels Mar 28, 2025
richvdh
richvdh reviewed May 13, 2025
View reviewed changes
proposals/4147-including-device-keys-with-olm-encrypted-events.md
Comment on lines +96 to +98
If this property is present, the `keys`.`ed25519` property of the plaintext
payload must be the same as the `sender_device_keys`.`keys`.`ed25519:<DEVICEID>`
property. If they differ, the recipient should discard the event.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We don't seem to have specified anything here about sender_device_keys.keys.curve25519:<DEVICEID>, which seems like an oversight: if nothing else, it allows inconsistency within the event which is generally a big red flag in encryption stuff.

The sample implementation of this (matrix-rust-sdk) does check that curve25519:<DEVICEID> matches the olm session used to encrypt the message (https://github.com/matrix-org/matrix-rust-sdk/blob/4d027ec405a20b54c6f9d2e31a20bf2dd1c3854d/crates/matrix-sdk-crypto/src/olm/account.rs#L1539-L1548); I'm inclined to consider it an oversight in the MSC.

cc @uhoreg

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm taking silence as consent here. matrix-org/matrix-spec#2122 mandates a match.

@poljar poljar mentioned this pull request May 28, 2025
Merged
@richvdh
Copy link
Member

richvdh commented May 28, 2025

Spec PR is now merged 🎉

@richvdh richvdh added merged A proposal whose PR has merged into the spec! and removed spec-pr-in-review A proposal which has been PR'd against the spec and is in review labels May 28, 2025
@richvdh richvdh moved this from Requires spec PR review to Done to some definition in Spec Core Team Backlog May 28, 2025
This was referenced May 30, 2025
Closed
Merged
richvdh added a commit to matrix-org/matrix-js-sdk that referenced this pull request Jun 21, 2025
@richvdh
Update matrix-sdk-crypto-wasm to 15.0.0
ba19adb 
For js-sdk users, this includes the following:

    -   Send stable identifier `sender_device_keys` for MSC4147 (Including device keys with Olm-encrypted events).
        ([#4964](matrix-org/matrix-rust-sdk#4964))

    -   Check the `sender_device_keys` field on _all_ incoming Olm-encrypted to-device messages and ignore any to-device messages which include the field but whose data is invalid (as per [MSC4147](matrix-org/matrix-spec-proposals#4147)).
        ([#4922](matrix-org/matrix-rust-sdk#4922))

    -   Fix bug which caused room keys to be unnecessarily rotated on every send in the presence of blacklisted/withheld devices in the room.
        ([#4954](matrix-org/matrix-rust-sdk#4954))

    -   Fix [matrix-rust-sdk#2729](matrix-org/matrix-rust-sdk#2729) which in rare cases can cause room key oversharing.
        ([#4975](matrix-org/matrix-rust-sdk#4975))
@richvdh richvdh mentioned this pull request Jun 21, 2025
Merged
github-merge-queue bot pushed a commit to matrix-org/matrix-js-sdk that referenced this pull request Jun 23, 2025
@richvdh
Update matrix-sdk-crypto-wasm to 15.0.0 (#4882)
df3ca20 
For js-sdk users, this includes the following:

    -   Send stable identifier `sender_device_keys` for MSC4147 (Including device keys with Olm-encrypted events).
        ([#4964](matrix-org/matrix-rust-sdk#4964))

    -   Check the `sender_device_keys` field on _all_ incoming Olm-encrypted to-device messages and ignore any to-device messages which include the field but whose data is invalid (as per [MSC4147](matrix-org/matrix-spec-proposals#4147)).
        ([#4922](matrix-org/matrix-rust-sdk#4922))

    -   Fix bug which caused room keys to be unnecessarily rotated on every send in the presence of blacklisted/withheld devices in the room.
        ([#4954](matrix-org/matrix-rust-sdk#4954))

    -   Fix [matrix-rust-sdk#2729](matrix-org/matrix-rust-sdk#2729) which in rare cases can cause room key oversharing.
        ([#4975](matrix-org/matrix-rust-sdk#4975))
github-merge-queue bot pushed a commit to matrix-org/matrix-js-sdk that referenced this pull request Jun 23, 2025
@richvdh
Update matrix-sdk-crypto-wasm to 15.0.0 (#4882)
54aebaa 
For js-sdk users, this includes the following:

    -   Send stable identifier `sender_device_keys` for MSC4147 (Including device keys with Olm-encrypted events).
        ([#4964](matrix-org/matrix-rust-sdk#4964))

    -   Check the `sender_device_keys` field on _all_ incoming Olm-encrypted to-device messages and ignore any to-device messages which include the field but whose data is invalid (as per [MSC4147](matrix-org/matrix-spec-proposals#4147)).
        ([#4922](matrix-org/matrix-rust-sdk#4922))

    -   Fix bug which caused room keys to be unnecessarily rotated on every send in the presence of blacklisted/withheld devices in the room.
        ([#4954](matrix-org/matrix-rust-sdk#4954))

    -   Fix [matrix-rust-sdk#2729](matrix-org/matrix-rust-sdk#2729) which in rare cases can cause room key oversharing.
        ([#4975](matrix-org/matrix-rust-sdk#4975))
github-merge-queue bot pushed a commit to matrix-org/matrix-js-sdk that referenced this pull request Jun 23, 2025
@richvdh
Update matrix-sdk-crypto-wasm to 15.0.0 (#4882)
8f597f0 
For js-sdk users, this includes the following:

    -   Send stable identifier `sender_device_keys` for MSC4147 (Including device keys with Olm-encrypted events).
        ([#4964](matrix-org/matrix-rust-sdk#4964))

    -   Check the `sender_device_keys` field on _all_ incoming Olm-encrypted to-device messages and ignore any to-device messages which include the field but whose data is invalid (as per [MSC4147](matrix-org/matrix-spec-proposals#4147)).
        ([#4922](matrix-org/matrix-rust-sdk#4922))

    -   Fix bug which caused room keys to be unnecessarily rotated on every send in the presence of blacklisted/withheld devices in the room.
        ([#4954](matrix-org/matrix-rust-sdk#4954))

    -   Fix [matrix-rust-sdk#2729](matrix-org/matrix-rust-sdk#2729) which in rare cases can cause room key oversharing.
        ([#4975](matrix-org/matrix-rust-sdk#4975))
@Johennes Johennes mentioned this pull request Jul 3, 2025
Open
34 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andybalaam andybalaam andybalaam left review comments

@clokep clokep clokep left review comments

@turt2live turt2live turt2live left review comments

@ara4n ara4n ara4n left review comments

@richvdh richvdh richvdh left review comments

@BillCarsonFr BillCarsonFr BillCarsonFr left review comments

Assignees
No one assigned
Labels
kind:maintenance MSC which clarifies/updates existing spec matrix-2.0 Required for Matrix 2.0 merged A proposal whose PR has merged into the spec! proposal A matrix spec change proposal
Projects
Spec Core Team Backlog
Status: Done to some definition
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
10 participants
@uhoreg @richvdh @mscbot @turt2live @dbkr @ara4n @clokep @Johennes @andybalaam @BillCarsonFr