Merge branch 'release/0.26.7/master'

Author: Anderas

CHANGES.md

@@ -1,3 +1,14 @@
+## Changes in 0.26.7 (2023-04-12)
+
+🙌 Improvements
+
+- Crypto: Upgrade Crypto SDK ([#1765](https://github.com/matrix-org/matrix-ios-sdk/pull/1765))
+
+🐛 Bugfixes
+
+- Crypto: Delete data for mismatched accounts ([#1763](https://github.com/matrix-org/matrix-ios-sdk/pull/1763))
+
+
 ## Changes in 0.26.6 (2023-04-04)
 
 🙌 Improvements

MatrixSDK.podspec

@@ -1,7 +1,7 @@
 Pod::Spec.new do |s|
 
   s.name         = "MatrixSDK"
-  s.version      = "0.26.6"
+  s.version      = "0.26.7"
   s.summary      = "The iOS SDK to build apps compatible with Matrix (https://www.matrix.org)"
 
   s.description  = <<-DESC
@@ -45,7 +45,7 @@ Pod::Spec.new do |s|
       ss.dependency 'OLMKit', '~> 3.2.5'
       ss.dependency 'Realm', '10.27.0'
       ss.dependency 'libbase58', '~> 0.1.4'
-      ss.dependency 'MatrixSDKCrypto', '0.3.2', :configurations => ["DEBUG", "RELEASE"], :inhibit_warnings => true
+      ss.dependency 'MatrixSDKCrypto', '0.3.3', :configurations => ["DEBUG", "RELEASE"], :inhibit_warnings => true
   end
 
   s.subspec 'JingleCallStack' do |ss|

MatrixSDK/Crypto/Algorithms/Megolm/MXMegolmDecryption.m

@@ -167,13 +167,14 @@ - (MXEventDecryptionDecorationColor)decryptionColorForEvent:(MXEvent *)event
 {
     if (event.sender && [crypto trustLevelForUser:event.sender].isVerified)
     {
-        MXDeviceInfo *deviceInfo = [crypto eventDeviceInfo:event];
+        NSString *algorithm = event.wireContent[@"algorithm"];
+        MXDeviceInfo *deviceInfo = [crypto.deviceList deviceWithIdentityKey:decryptionResult.senderKey andAlgorithm:algorithm];
         if (!deviceInfo.trustLevel.isVerified)
         {
             return MXEventDecryptionDecorationColorRed;
         }
     }
-    
+
     return decryptionResult.isUntrusted ? MXEventDecryptionDecorationColorGrey : MXEventDecryptionDecorationColorNone;
 }
 

MatrixSDK/Crypto/CryptoMachine/MXCryptoMachine.swift

@@ -36,6 +36,8 @@ class MXCryptoMachine {
     }
 
     private static let kdfRounds: Int32 = 500_000
+    // Error type will be moved to rust sdk
+    private static let MismatchedAccountError = "the account in the store doesn't match the account in the constructor"
 
     enum Error: Swift.Error {
         case invalidEvent
@@ -72,17 +74,7 @@ class MXCryptoMachine {
     ) throws {
         MXCryptoSDKLogger.shared.log(logLine: "Starting logs")
 
-        let url = try MXCryptoMachineStore.createStoreURLIfNecessary(for: userId)
-        let passphrase = try MXCryptoMachineStore.storePassphrase()
-        log.debug("Opening crypto store at \(url.path)/matrix-sdk-crypto.sqlite3") // Hardcoding path to db for debugging purpose
-        
-        machine = try OlmMachine(
-            userId: userId,
-            deviceId: deviceId,
-            path: url.path,
-            passphrase: passphrase
-        )
-        
+        self.machine = try Self.createMachine(userId: userId, deviceId: deviceId, log: log)
         self.requests = MXCryptoRequests(restClient: restClient)
         self.getRoomAction = getRoomAction
 
@@ -119,7 +111,46 @@ class MXCryptoMachine {
 
     func deleteAllData() throws {
         let url = try MXCryptoMachineStore.storeURL(for: userId)
-        try FileManager.default.removeItem(at: url)
+        if FileManager.default.fileExists(atPath: url.path) {
+            try FileManager.default.removeItem(at: url)
+        }
+    }
+    
+    // MARK: - Private
+    
+    private static func createMachine(userId: String, deviceId: String, log: MXNamedLog) throws -> OlmMachine {
+        let url = try MXCryptoMachineStore.createStoreURLIfNecessary(for: userId)
+        let passphrase = try MXCryptoMachineStore.storePassphrase()
+        
+        log.debug("Opening crypto store at \(url.path)/matrix-sdk-crypto.sqlite3") // Hardcoding full path to db for debugging purposes
+        
+        do {
+            return try OlmMachine(
+                userId: userId,
+                deviceId: deviceId,
+                path: url.path,
+                passphrase: passphrase
+            )
+        } catch {
+            // If we cannot open machine due to a mismatched account, delete previous data and try again
+            if case CryptoStoreError.CryptoStore(let message) = error,
+               message.contains(Self.MismatchedAccountError) {
+                log.error("Credentials of the account do not match, deleting previous data", context: [
+                    "error": message
+                ])
+                try FileManager.default.removeItem(at: url)
+                return try OlmMachine(
+                    userId: userId,
+                    deviceId: deviceId,
+                    path: url.path,
+                    passphrase: passphrase
+                )
+
+            // Otherwise re-throw the error
+            } else {
+                throw error
+            }
+        }
     }
 }
 

MatrixSDK/Crypto/MXCryptoV2.swift

@@ -197,7 +197,8 @@ class MXCryptoV2: NSObject, MXCrypto {
         }
 
         if deleteStore {
-            if let credentials = session?.credentials {
+            if let credentials = session?.credentials,
+               MXRealmCryptoStore.hasData(for: credentials) {
                 MXRealmCryptoStore.delete(with: credentials)
             } else {
                 log.failure("Missing credentials, cannot delete store")

MatrixSDK/MatrixSDKVersion.m

@@ -16,4 +16,4 @@
 
 #import <Foundation/Foundation.h>
 
-NSString *const MatrixSDKVersion = @"0.26.6";
+NSString *const MatrixSDKVersion = @"0.26.7";

MatrixSDKTests/Crypto/Algorithms/Megolm/MXMegolmDecryptionUnitTests.swift

@@ -90,11 +90,13 @@ class MXMegolmDecryptionUnitTests: XCTestCase {
         private let device: MXOlmDevice
         private let cryptoStore: MXCryptoStore
         private let session: MXSession
+        private let devices: MXDeviceList
 
-        init(device: MXOlmDevice, store: MXCryptoStore, session: MXSession) {
+        init(device: MXOlmDevice, store: MXCryptoStore, session: MXSession, devices: MXDeviceList) {
             self.device = device
             self.cryptoStore = store
             self.session = session
+            self.devices = devices
         }
 
         override var olmDevice: MXOlmDevice! {
@@ -113,15 +115,22 @@ class MXMegolmDecryptionUnitTests: XCTestCase {
             return session
         }
 
+        override var deviceList: MXDeviceList! {
+            return devices
+        }
+        
         override func trustLevel(forUser userId: String) -> MXUserTrustLevel {
             return MXUserTrustLevel(crossSigningVerified: true, locallyVerified: true)
         }
-        
-        var stubbedDeviceInfo: Device?
-        override func eventDeviceInfo(_ event: MXEvent) -> MXDeviceInfo? {
-            guard let device = stubbedDeviceInfo else {
+    }
+    
+    class DeviceListStub: MXDeviceList {
+        var stubbedDevices = [String: Device]()
+        override func device(withIdentityKey senderKey: String!, andAlgorithm algorithm: String!) -> MXDeviceInfo! {
+            guard algorithm != nil, let senderKey = senderKey, let device = stubbedDevices[senderKey] else {
                 return nil
             }
+            
             return .init(device: .init(device: device))
         }
     }
@@ -136,6 +145,7 @@ class MXMegolmDecryptionUnitTests: XCTestCase {
     var store: CryptoStoreStub!
     var session: SessionStub!
     var crypto: CryptoStub!
+    var devicesList: DeviceListStub!
     var decryption: MXMegolmDecryption!
 
     override func setUp() {
@@ -144,7 +154,8 @@ class MXMegolmDecryptionUnitTests: XCTestCase {
         device = DeviceStub()
         store = CryptoStoreStub()
         session = SessionStub()
-        crypto = CryptoStub(device: device, store: store, session: session)
+        devicesList = DeviceListStub()
+        crypto = CryptoStub(device: device, store: store, session: session, devices: devicesList)
         decryption = MXMegolmDecryption(crypto: crypto)
     }
 
@@ -247,10 +258,14 @@ class MXMegolmDecryptionUnitTests: XCTestCase {
     func test_decryptEvent_untrustedResult() {
         let event = MXEvent.encryptedFixture()
         device.stubbedResult = MXDecryptionResult()
-        crypto.stubbedDeviceInfo = Device.stub(
-            locallyTrusted: false,
-            crossSigningTrusted: true
-        )
+        device.stubbedResult?.senderKey = "ABCD"
+        
+        devicesList.stubbedDevices = [
+            "ABCD": Device.stub(
+                locallyTrusted: false,
+                crossSigningTrusted: true
+            )
+        ]
 
         device.stubbedResult?.isUntrusted = true
         let result1 = decryption.decryptEvent(event, inTimeline: nil)
@@ -264,18 +279,49 @@ class MXMegolmDecryptionUnitTests: XCTestCase {
     func test_decryptEvent_untrustedDevice() {
         let event = MXEvent.encryptedFixture()
         device.stubbedResult = MXDecryptionResult()
+        device.stubbedResult?.senderKey = "XYZ"
 
-        crypto.stubbedDeviceInfo = Device.stub(
-            locallyTrusted: false,
-            crossSigningTrusted: false
-        )
+        devicesList.stubbedDevices = [
+            "XYZ": Device.stub(
+                locallyTrusted: false,
+                crossSigningTrusted: false
+            )
+        ]
         let result1 = decryption.decryptEvent(event, inTimeline: nil)
         XCTAssertEqual(result1?.decoration.color, .red)
 
-        crypto.stubbedDeviceInfo = Device.stub(
-            locallyTrusted: false,
+        devicesList.stubbedDevices = [
+            "XYZ": Device.stub(
+                locallyTrusted: false,
+                crossSigningTrusted: true
+            )
+        ]
+        let result2 = decryption.decryptEvent(event, inTimeline: nil)
+        XCTAssertEqual(result2?.decoration.color, MXEventDecryptionDecorationColor.none)
+    }
+    
+    func test_decryptEvent_unknownDevice() {
+        let invalidKey = "123"
+        let validKey = "456"
+        
+        let event = MXEvent.encryptedFixture()
+        device.stubbedResult = MXDecryptionResult()
+        device.stubbedResult?.senderKey = validKey
+        
+        let stub = Device.stub(
+            locallyTrusted: true,
             crossSigningTrusted: true
         )
+        
+        devicesList.stubbedDevices = [
+            invalidKey: stub
+        ]
+        let result1 = decryption.decryptEvent(event, inTimeline: nil)
+        XCTAssertEqual(result1?.decoration.color, .red)
+        
+        devicesList.stubbedDevices = [
+            validKey: stub
+        ]
         let result2 = decryption.decryptEvent(event, inTimeline: nil)
         XCTAssertEqual(result2?.decoration.color, MXEventDecryptionDecorationColor.none)
     }