MatrixRTC: Introduce key transport abstraction as prep work for to-device encryption (#4773)

* refactor: extract RoomKeyTransport class for key distribution

* refact: Call key transport, pass the target recipients to sendKey

* update IKeyTransport interface to event emitter.

* fix not subscribing to KeyTransportEvents in the EncryptionManager + cleanup

* fix one test and broken bits needed for the test (mostly statistics wrangling)

* fix tests

* add back decryptEventIfNeeded

* move and fix room transport tests

* dedupe isMyMembership

* move type declarations around to be at more reasonable places

* remove deprecated `onMembershipUpdate`

* fix imports

* only start keytransport when session is joined

* use makeKey to reduce test loc

* fix todo comment -> note comment

---------

Co-authored-by: Timo <[email protected]>

Author: BillCarsonFr

spec/unit/matrixrtc/MatrixRTCSession.spec.ts

@@ -16,15 +16,7 @@ limitations under the License.
 
 import { type Mock } from "jest-mock";
 
-import {
-    ClientEvent,
-    EventTimeline,
-    EventType,
-    type IRoomTimelineData,
-    MatrixClient,
-    type MatrixEvent,
-    RoomEvent,
-} from "../../../src";
+import { ClientEvent, EventTimeline, MatrixClient } from "../../../src";
 import { RoomStateEvent } from "../../../src/models/room-state";
 import { MatrixRTCSessionManagerEvents } from "../../../src/matrixrtc/MatrixRTCSessionManager";
 import { makeMockRoom, makeMockRoomState, membershipTemplate } from "./mocks";
@@ -77,117 +69,4 @@ describe("MatrixRTCSessionManager", () => {
 
         expect(onEnded).toHaveBeenCalledWith(room1.roomId, client.matrixRTC.getActiveRoomSession(room1));
     });
-
-    it("Calls onCallEncryption on encryption keys event", async () => {
-        const room1 = makeMockRoom([membershipTemplate]);
-        jest.spyOn(client, "getRooms").mockReturnValue([room1]);
-        jest.spyOn(client, "getRoom").mockReturnValue(room1);
-
-        client.emit(ClientEvent.Room, room1);
-        const onCallEncryptionMock = jest.fn();
-        client.matrixRTC.getRoomSession(room1).onCallEncryption = onCallEncryptionMock;
-        client.decryptEventIfNeeded = () => Promise.resolve();
-        const timelineEvent = {
-            getType: jest.fn().mockReturnValue(EventType.CallEncryptionKeysPrefix),
-            getContent: jest.fn().mockReturnValue({}),
-            getSender: jest.fn().mockReturnValue("@mock:user.example"),
-            getRoomId: jest.fn().mockReturnValue("!room:id"),
-            isDecryptionFailure: jest.fn().mockReturnValue(false),
-            sender: {
-                userId: "@mock:user.example",
-            },
-        } as unknown as MatrixEvent;
-        client.emit(RoomEvent.Timeline, timelineEvent, undefined, undefined, false, {} as IRoomTimelineData);
-        await new Promise(process.nextTick);
-        expect(onCallEncryptionMock).toHaveBeenCalled();
-    });
-
-    describe("event decryption", () => {
-        it("Retries decryption and processes success", async () => {
-            try {
-                jest.useFakeTimers();
-                const room1 = makeMockRoom([membershipTemplate]);
-                jest.spyOn(client, "getRooms").mockReturnValue([room1]);
-                jest.spyOn(client, "getRoom").mockReturnValue(room1);
-
-                client.emit(ClientEvent.Room, room1);
-                const onCallEncryptionMock = jest.fn();
-                client.matrixRTC.getRoomSession(room1).onCallEncryption = onCallEncryptionMock;
-                let isDecryptionFailure = true;
-                client.decryptEventIfNeeded = jest
-                    .fn()
-                    .mockReturnValueOnce(Promise.resolve())
-                    .mockImplementation(() => {
-                        isDecryptionFailure = false;
-                        return Promise.resolve();
-                    });
-                const timelineEvent = {
-                    getType: jest.fn().mockReturnValue(EventType.CallEncryptionKeysPrefix),
-                    getContent: jest.fn().mockReturnValue({}),
-                    getSender: jest.fn().mockReturnValue("@mock:user.example"),
-                    getRoomId: jest.fn().mockReturnValue("!room:id"),
-                    isDecryptionFailure: jest.fn().mockImplementation(() => isDecryptionFailure),
-                    getId: jest.fn().mockReturnValue("event_id"),
-                    sender: {
-                        userId: "@mock:user.example",
-                    },
-                } as unknown as MatrixEvent;
-                client.emit(RoomEvent.Timeline, timelineEvent, undefined, undefined, false, {} as IRoomTimelineData);
-
-                expect(client.decryptEventIfNeeded).toHaveBeenCalledTimes(1);
-                expect(onCallEncryptionMock).toHaveBeenCalledTimes(0);
-
-                // should retry after one second:
-                await jest.advanceTimersByTimeAsync(1500);
-
-                expect(client.decryptEventIfNeeded).toHaveBeenCalledTimes(2);
-                expect(onCallEncryptionMock).toHaveBeenCalledTimes(1);
-            } finally {
-                jest.useRealTimers();
-            }
-        });
-
-        it("Retries decryption and processes failure", async () => {
-            try {
-                jest.useFakeTimers();
-                const room1 = makeMockRoom([membershipTemplate]);
-                jest.spyOn(client, "getRooms").mockReturnValue([room1]);
-                jest.spyOn(client, "getRoom").mockReturnValue(room1);
-
-                client.emit(ClientEvent.Room, room1);
-                const onCallEncryptionMock = jest.fn();
-                client.matrixRTC.getRoomSession(room1).onCallEncryption = onCallEncryptionMock;
-                client.decryptEventIfNeeded = jest.fn().mockReturnValue(Promise.resolve());
-                const timelineEvent = {
-                    getType: jest.fn().mockReturnValue(EventType.CallEncryptionKeysPrefix),
-                    getContent: jest.fn().mockReturnValue({}),
-                    getSender: jest.fn().mockReturnValue("@mock:user.example"),
-                    getRoomId: jest.fn().mockReturnValue("!room:id"),
-                    isDecryptionFailure: jest.fn().mockReturnValue(true), // always fail
-                    getId: jest.fn().mockReturnValue("event_id"),
-                    sender: {
-                        userId: "@mock:user.example",
-                    },
-                } as unknown as MatrixEvent;
-                client.emit(RoomEvent.Timeline, timelineEvent, undefined, undefined, false, {} as IRoomTimelineData);
-
-                expect(client.decryptEventIfNeeded).toHaveBeenCalledTimes(1);
-                expect(onCallEncryptionMock).toHaveBeenCalledTimes(0);
-
-                // should retry after one second:
-                await jest.advanceTimersByTimeAsync(1500);
-
-                expect(client.decryptEventIfNeeded).toHaveBeenCalledTimes(2);
-                expect(onCallEncryptionMock).toHaveBeenCalledTimes(0);
-
-                // doesn't retry again:
-                await jest.advanceTimersByTimeAsync(1500);
-
-                expect(client.decryptEventIfNeeded).toHaveBeenCalledTimes(2);
-                expect(onCallEncryptionMock).toHaveBeenCalledTimes(0);
-            } finally {
-                jest.useRealTimers();
-            }
-        });
-    });
 });

spec/unit/matrixrtc/MatrixRTCSessionManager.spec.ts

@@ -0,0 +1,141 @@
+/*
+Copyright 2025 The Matrix.org Foundation C.I.C.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+import { makeMockEvent, makeMockRoom, membershipTemplate, makeKey } from "./mocks";
+import { RoomKeyTransport } from "../../../src/matrixrtc/RoomKeyTransport";
+import { KeyTransportEvents } from "../../../src/matrixrtc/IKeyTransport";
+import { EventType, MatrixClient, RoomEvent } from "../../../src";
+import type { IRoomTimelineData, MatrixEvent, Room } from "../../../src";
+
+describe("RoomKyTransport", () => {
+    let client: MatrixClient;
+    let room: Room & {
+        emitTimelineEvent: (event: MatrixEvent) => void;
+    };
+    let transport: RoomKeyTransport;
+    const onCallEncryptionMock = jest.fn();
+    beforeEach(() => {
+        onCallEncryptionMock.mockReset();
+        const statistics = {
+            counters: {
+                roomEventEncryptionKeysSent: 0,
+                roomEventEncryptionKeysReceived: 0,
+            },
+            totals: {
+                roomEventEncryptionKeysReceivedTotalAge: 0,
+            },
+        };
+        room = makeMockRoom([membershipTemplate]);
+        client = new MatrixClient({ baseUrl: "base_url" });
+        client.matrixRTC.start();
+        transport = new RoomKeyTransport(room, client, statistics);
+        transport.on(KeyTransportEvents.ReceivedKeys, (...p) => {
+            onCallEncryptionMock(...p);
+        });
+        transport.start();
+    });
+
+    afterEach(() => {
+        client.stopClient();
+        client.matrixRTC.stop();
+        transport.stop();
+    });
+
+    it("Calls onCallEncryption on encryption keys event", async () => {
+        client.decryptEventIfNeeded = () => Promise.resolve();
+        const timelineEvent = makeMockEvent(EventType.CallEncryptionKeysPrefix, "@mock:user.example", "!room:id", {
+            call_id: "",
+            keys: [makeKey(0, "testKey")],
+            sent_ts: Date.now(),
+            device_id: "AAAAAAA",
+        });
+        room.emit(RoomEvent.Timeline, timelineEvent, undefined, undefined, false, {} as IRoomTimelineData);
+        await new Promise(process.nextTick);
+        expect(onCallEncryptionMock).toHaveBeenCalled();
+    });
+
+    describe("event decryption", () => {
+        it("Retries decryption and processes success", async () => {
+            jest.useFakeTimers();
+            let isDecryptionFailure = true;
+            client.decryptEventIfNeeded = jest
+                .fn()
+                .mockReturnValueOnce(Promise.resolve())
+                .mockImplementation(() => {
+                    isDecryptionFailure = false;
+                    return Promise.resolve();
+                });
+
+            const timelineEvent = Object.assign(
+                makeMockEvent(EventType.CallEncryptionKeysPrefix, "@mock:user.example", "!room:id", {
+                    call_id: "",
+                    keys: [makeKey(0, "testKey")],
+                    sent_ts: Date.now(),
+                    device_id: "AAAAAAA",
+                }),
+                { isDecryptionFailure: jest.fn().mockImplementation(() => isDecryptionFailure) },
+            );
+            room.emit(RoomEvent.Timeline, timelineEvent, undefined, undefined, false, {} as IRoomTimelineData);
+
+            expect(client.decryptEventIfNeeded).toHaveBeenCalledTimes(1);
+            expect(onCallEncryptionMock).toHaveBeenCalledTimes(0);
+
+            // should retry after one second:
+            await jest.advanceTimersByTimeAsync(1500);
+
+            expect(client.decryptEventIfNeeded).toHaveBeenCalledTimes(2);
+            expect(onCallEncryptionMock).toHaveBeenCalledTimes(1);
+            jest.useRealTimers();
+        });
+
+        it("Retries decryption and processes failure", async () => {
+            try {
+                jest.useFakeTimers();
+                const onCallEncryptionMock = jest.fn();
+                client.decryptEventIfNeeded = jest.fn().mockReturnValue(Promise.resolve());
+
+                const timelineEvent = Object.assign(
+                    makeMockEvent(EventType.CallEncryptionKeysPrefix, "@mock:user.example", "!room:id", {
+                        call_id: "",
+                        keys: [makeKey(0, "testKey")],
+                        sent_ts: Date.now(),
+                        device_id: "AAAAAAA",
+                    }),
+                    { isDecryptionFailure: jest.fn().mockReturnValue(true) },
+                );
+
+                room.emit(RoomEvent.Timeline, timelineEvent, undefined, undefined, false, {} as IRoomTimelineData);
+
+                expect(client.decryptEventIfNeeded).toHaveBeenCalledTimes(1);
+                expect(onCallEncryptionMock).toHaveBeenCalledTimes(0);
+
+                // should retry after one second:
+                await jest.advanceTimersByTimeAsync(1500);
+
+                expect(client.decryptEventIfNeeded).toHaveBeenCalledTimes(2);
+                expect(onCallEncryptionMock).toHaveBeenCalledTimes(0);
+
+                // doesn't retry again:
+                await jest.advanceTimersByTimeAsync(1500);
+
+                expect(client.decryptEventIfNeeded).toHaveBeenCalledTimes(2);
+                expect(onCallEncryptionMock).toHaveBeenCalledTimes(0);
+            } finally {
+                jest.useRealTimers();
+            }
+        });
+    });
+});

spec/unit/matrixrtc/RoomKeyTransport.spec.ts

@@ -14,7 +14,9 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-import { EventType, type MatrixClient, type MatrixEvent, type Room } from "../../../src";
+import { EventEmitter } from "stream";
+
+import { EventType, type Room, RoomEvent, type MatrixClient, type MatrixEvent } from "../../../src";
 import { CallMembership, type SessionMembershipData } from "../../../src/matrixrtc/CallMembership";
 import { secureRandomString } from "../../../src/randomstring";
 
@@ -65,19 +67,24 @@ export function makeMockClient(userId: string, deviceId: string): MockClient {
     };
 }
 
-export function makeMockRoom(membershipData: MembershipData): Room {
+export function makeMockRoom(
+    membershipData: MembershipData,
+): Room & { emitTimelineEvent: (event: MatrixEvent) => void } {
     const roomId = secureRandomString(8);
     // Caching roomState here so it does not get recreated when calling `getLiveTimeline.getState()`
     const roomState = makeMockRoomState(membershipData, roomId);
-    const room = {
+    const room = Object.assign(new EventEmitter(), {
         roomId: roomId,
         hasMembershipState: jest.fn().mockReturnValue(true),
         getLiveTimeline: jest.fn().mockReturnValue({
             getState: jest.fn().mockReturnValue(roomState),
         }),
         getVersion: jest.fn().mockReturnValue("default"),
-    } as unknown as Room;
-    return room;
+    }) as unknown as Room;
+    return Object.assign(room, {
+        emitTimelineEvent: (event: MatrixEvent) =>
+            room.emit(RoomEvent.Timeline, event, room, undefined, false, {} as any),
+    });
 }
 
 export function makeMockRoomState(membershipData: MembershipData, roomId: string) {
@@ -113,17 +120,36 @@ export function makeMockRoomState(membershipData: MembershipData, roomId: string
     };
 }
 
-export function mockRTCEvent(membershipData: MembershipData, roomId: string, customSender?: string): MatrixEvent {
-    const sender = customSender ?? "@mock:user.example";
+export function makeMockEvent(
+    type: string,
+    sender: string,
+    roomId: string,
+    content: any,
+    timestamp?: number,
+): MatrixEvent {
     return {
-        getType: jest.fn().mockReturnValue(EventType.GroupCallMemberPrefix),
-        getContent: jest.fn().mockReturnValue(membershipData),
+        getType: jest.fn().mockReturnValue(type),
+        getContent: jest.fn().mockReturnValue(content),
         getSender: jest.fn().mockReturnValue(sender),
-        getTs: jest.fn().mockReturnValue(Date.now()),
+        getTs: jest.fn().mockReturnValue(timestamp ?? Date.now()),
         getRoomId: jest.fn().mockReturnValue(roomId),
+        getId: jest.fn().mockReturnValue(secureRandomString(8)),
         isDecryptionFailure: jest.fn().mockReturnValue(false),
     } as unknown as MatrixEvent;
 }
+
+export function mockRTCEvent(membershipData: MembershipData, roomId: string, customSender?: string): MatrixEvent {
+    const sender = customSender ?? "@mock:user.example";
+    return makeMockEvent(EventType.GroupCallMemberPrefix, sender, roomId, membershipData);
+}
+
 export function mockCallMembership(membershipData: MembershipData, roomId: string, sender?: string): CallMembership {
     return new CallMembership(mockRTCEvent(membershipData, roomId, sender), membershipData);
 }
+
+export function makeKey(id: number, key: string): { key: string; index: number } {
+    return {
+        key: key,
+        index: id,
+    };
+}