Struct matrix_sdk_crypto::OlmMachine

pub struct OlmMachine { /* private fields */ }

State machine implementation of the Olm/Megolm encryption protocol used for Matrix end to end encryption.

Implementations

impl OlmMachine

pub async fn new(user_id: &UserId, device_id: &DeviceId) -> Self

Create a new memory based OlmMachine.

The created machine will keep the encryption keys only in memory and once the object is dropped the keys will be lost.

Arguments

• user_id - The unique id of the user that owns this machine.

• device_id - The unique id of the device that owns this machine.

pub async fn with_store( user_id: &UserId, device_id: &DeviceId, store: impl IntoCryptoStore, custom_account: Option<Account>, ) -> StoreResult<Self>

Create a new OlmMachine with the given CryptoStore.

The created machine will keep the encryption keys only in memory and once the object is dropped the keys will be lost.

If the store already contains encryption keys for the given user/device pair those will be re-used. Otherwise new ones will be created and stored.

Arguments

• user_id - The unique id of the user that owns this machine.

• device_id - The unique id of the device that owns this machine.

• store - A CryptoStore implementation that will be used to store the encryption keys.

• custom_account - A custom vodozemac::olm::Account to be used for the identity and one-time keys of this OlmMachine. If no account is provided, a new default one or one from the store will be used. If an account is provided and one already exists in the store for this UserId/DeviceId combination, an error will be raised. This is useful if one wishes to create identity keys before knowing the user/device IDs, e.g., to use the identity key as the device ID.

pub fn store(&self) -> &Store

Get the crypto store associated with this OlmMachine instance.

pub fn user_id(&self) -> &UserId

The unique user id that owns this OlmMachine instance.

pub fn device_id(&self) -> &DeviceId

The unique device ID that identifies this OlmMachine.

pub fn device_creation_time(&self) -> MilliSecondsSinceUnixEpoch

The time at which the Account backing this OlmMachine was created.

An Account is created when an OlmMachine is first instantiated against a given Store, at which point it creates identity keys etc. This method returns the timestamp, according to the local clock, at which that happened.

pub fn identity_keys(&self) -> IdentityKeys

Get the public parts of our Olm identity keys.

pub async fn display_name(&self) -> StoreResult<Option<String>>

Get the display name of our own device

pub async fn tracked_users(&self) -> StoreResult<HashSet<OwnedUserId>>

Get the list of “tracked users”.

See update_tracked_users for more information.

pub fn set_room_key_requests_enabled(&self, enable: bool)

Available on crate feature automatic-room-key-forwarding only.

Enable or disable room key requests.

Room key requests allow the device to request room keys that it might have missed in the original share using m.room_key_request events.

See also OlmMachine::set_room_key_forwarding_enabled and OlmMachine::are_room_key_requests_enabled.

pub fn are_room_key_requests_enabled(&self) -> bool

Query whether we should send outgoing m.room_key_requests on decryption failure.

See also OlmMachine::set_room_key_requests_enabled.

pub fn set_room_key_forwarding_enabled(&self, enable: bool)

Available on crate feature automatic-room-key-forwarding only.

Enable or disable room key forwarding.

If room key forwarding is enabled, we will automatically reply to incoming m.room_key_request messages from verified devices by forwarding the requested key (if we have it).

See also OlmMachine::set_room_key_requests_enabled and OlmMachine::is_room_key_forwarding_enabled.

pub fn is_room_key_forwarding_enabled(&self) -> bool

Is room key forwarding enabled?

See also OlmMachine::set_room_key_forwarding_enabled.

pub async fn outgoing_requests(&self) -> StoreResult<Vec<OutgoingRequest>>

Get the outgoing requests that need to be sent out.

This returns a list of OutgoingRequest. Those requests need to be sent out to the server and the responses need to be passed back to the state machine using mark_request_as_sent.

pub fn query_keys_for_users<'a>( &self, users: impl IntoIterator<Item = &'a UserId>, ) -> (OwnedTransactionId, KeysQueryRequest)

Generate an “out-of-band” key query request for the given set of users.

This can be useful if we need the results from get_identity or get_user_devices to be as up-to-date as possible.

Note that this request won’t be awaited by other calls waiting for a user’s or device’s keys, since this is an out-of-band query.

Arguments

• users - list of users whose keys should be queried

Returns

A request to be sent out to the server. Once sent, the response should be passed back to the state machine using mark_request_as_sent.

pub async fn mark_request_as_sent<'a>( &self, request_id: &TransactionId, response: impl Into<IncomingResponse<'a>>, ) -> Result<(), OlmError>

Mark the request with the given request id as sent.

Arguments

• request_id - The unique id of the request that was sent out. This is needed to couple the response with the now sent out request.

• response - The response that was received from the server after the outgoing request was sent out.

pub async fn bootstrap_cross_signing( &self, reset: bool, ) -> StoreResult<CrossSigningBootstrapRequests>

Create a new cross signing identity and get the upload request to push the new public keys to the server.

Warning: if called with reset, this will delete any existing cross signing keys that might exist on the server and thus will reset the trust between all the devices.

Returns

A triple of requests which should be sent out to the server, in the order they appear in the return tuple.

The first request’s response, if present, should be passed back to the state machine using mark_request_as_sent.

These requests may require user interactive auth.

pub async fn upload_device_keys( &self, ) -> StoreResult<Option<(OwnedTransactionId, UploadKeysRequest)>>

Upload the device keys for this OlmMachine.

Warning: Do not use this method if OlmMachine::outgoing_requests() is already in use. This method is intended for explicitly uploading the device keys before starting a sync and before using OlmMachine::outgoing_requests().

Returns

A tuple containing a transaction ID and a request if the device keys need to be uploaded. Otherwise, returns None.

pub async fn get_missing_sessions( &self, users: impl Iterator<Item = &UserId>, ) -> StoreResult<Option<(OwnedTransactionId, KeysClaimRequest)>>

Get the a key claiming request for the user/device pairs that we are missing Olm sessions for.

Returns None if no key claiming request needs to be sent out.

Sessions need to be established between devices so group sessions for a room can be shared with them.

This should be called every time a group session needs to be shared as well as between sync calls. After a sync some devices may request room keys without us having a valid Olm session with them, making it impossible to server the room key request, thus it’s necessary to check for missing sessions between sync as well.

Note: Care should be taken that only one such request at a time is in flight, e.g. using a lock.

The response of a successful key claiming requests needs to be passed to the OlmMachine with the mark_request_as_sent.

Arguments

users - The list of users that we should check if we lack a session with one of their devices. This can be an empty iterator when calling this method between sync requests.

pub async fn encrypt_room_event( &self, room_id: &RoomId, content: impl MessageLikeEventContent, ) -> Result<Raw<RoomEncryptedEventContent>, MegolmError>

Encrypt a room message for the given room.

Beware that a room key needs to be shared before this method can be called using the OlmMachine::share_room_key method.

Arguments

• room_id - The id of the room for which the message should be encrypted.

• content - The plaintext content of the message that should be encrypted.

Panics

Panics if a room key for the given room wasn’t shared beforehand.

pub async fn encrypt_room_event_raw( &self, room_id: &RoomId, event_type: &str, content: &Raw<AnyMessageLikeEventContent>, ) -> Result<Raw<RoomEncryptedEventContent>, MegolmError>

Encrypt a raw JSON content for the given room.

This method is equivalent to the OlmMachine::encrypt_room_event() method but operates on an arbitrary JSON value instead of strongly-typed event content struct.

Arguments

• room_id - The id of the room for which the message should be encrypted.

• content - The plaintext content of the message that should be encrypted as a raw JSON value.

• event_type - The plaintext type of the event.

Panics

Panics if a group session for the given room wasn’t shared beforehand.

pub async fn discard_room_key(&self, room_id: &RoomId) -> StoreResult<bool>

Forces the currently active room key, which is used to encrypt messages, to be rotated.

A new room key will be crated and shared with all the room members the next time a message will be sent. You don’t have to call this method, room keys will be rotated automatically when necessary. This method is still useful for debugging purposes.

Returns true if a session was invalidated, false if there was no session to invalidate.

pub async fn share_room_key( &self, room_id: &RoomId, users: impl Iterator<Item = &UserId>, encryption_settings: impl Into<EncryptionSettings>, ) -> Result<Vec<Arc<ToDeviceRequest>>, OlmError>

Get to-device requests to share a room key with users in a room.

Arguments

room_id - The room id of the room where the room key will be used.

users - The list of users that should receive the room key.

settings - Encryption settings that affect when are room keys rotated and who are they shared with.

Returns

List of the to-device requests that need to be sent out to the server and the responses need to be passed back to the state machine with mark_request_as_sent, using the to-device txn_id as request_id.

pub async fn receive_unencrypted_verification_event( &self, event: &AnyMessageLikeEvent, ) -> StoreResult<()>

👎Deprecated since 0.7.0: Use OlmMachine::receive_verification_event instead

Receive an unencrypted verification event.

This method can be used to pass verification events that are happening in unencrypted rooms to the OlmMachine.

Note: This does not need to be called for encrypted events since those will get passed to the OlmMachine during decryption.

pub async fn receive_verification_event( &self, event: &AnyMessageLikeEvent, ) -> StoreResult<()>

Receive a verification event.

in rooms to the OlmMachine. The event should be in the decrypted form. in rooms to the OlmMachine.

pub fn get_verification( &self, user_id: &UserId, flow_id: &str, ) -> Option<Verification>

Get a verification object for the given user id with the given flow id.

pub fn get_verification_request( &self, user_id: &UserId, flow_id: impl AsRef<str>, ) -> Option<VerificationRequest>

Get a verification request object with the given flow id.

pub fn get_verification_requests( &self, user_id: &UserId, ) -> Vec<VerificationRequest>

Get all the verification requests of a given user.

pub async fn receive_sync_changes( &self, sync_changes: EncryptionSyncChanges<'_>, ) -> Result<(Vec<Raw<AnyToDeviceEvent>>, Vec<RoomKeyInfo>), OlmError>

Handle a to-device and one-time key counts from a sync response.

This will decrypt and handle to-device events returning the decrypted versions of them.

To decrypt an event from the room timeline, call decrypt_room_event.

Arguments

• sync_changes - an EncryptionSyncChanges value, constructed from a sync response.

Returns

A tuple of (decrypted to-device events, updated room keys).

pub async fn request_room_key( &self, event: &Raw<EncryptedEvent>, room_id: &RoomId, ) -> Result<(Option<OutgoingRequest>, OutgoingRequest), MegolmError>

Request a room key from our devices.

This method will return a request cancellation and a new key request if the key was already requested, otherwise it will return just the key request.

The request cancellation must be sent out before the request is sent out, otherwise devices will ignore the key request.

Arguments

• room_id - The id of the room where the key is used in.

• sender_key - The curve25519 key of the sender that owns the key.

• session_id - The id that uniquely identifies the session.

pub async fn query_missing_secrets_from_other_sessions( &self, ) -> StoreResult<bool>

Request missing local secrets from our devices (cross signing private keys, megolm backup). This will ask the sdk to create outgoing request to get the missing secrets.

The requests will be processed as soon as outgoing_requests() is called to process them.

Returns

A bool result saying if actual secrets were missing and have been requested

Examples

if machine.query_missing_secrets_from_other_sessions().await.unwrap() {
    let to_send = machine.outgoing_requests().await.unwrap();
    // send the to device requests
};

pub async fn try_decrypt_room_event( &self, raw_event: &Raw<EncryptedEvent>, room_id: &RoomId, decryption_settings: &DecryptionSettings, ) -> Result<RoomEventDecryptionResult, CryptoStoreError>

Attempt to decrypt an event from a room timeline, returning information on the failure if it fails.

Arguments

• event - The event that should be decrypted.

• room_id - The ID of the room where the event was sent to.

Returns

The decrypted event, if it was successfully decrypted. Otherwise, information on the failure, unless the failure was due to an internal error, in which case, an Err result.

pub async fn decrypt_room_event( &self, event: &Raw<EncryptedEvent>, room_id: &RoomId, decryption_settings: &DecryptionSettings, ) -> Result<DecryptedRoomEvent, MegolmError>

Decrypt an event from a room timeline.

Arguments

• event - The event that should be decrypted.

• room_id - The ID of the room where the event was sent to.

pub async fn is_room_key_available( &self, event: &Raw<EncryptedEvent>, room_id: &RoomId, ) -> Result<bool, CryptoStoreError>

Check if we have the room key for the given event in the store.

Arguments

• event - The event to get information for.
• room_id - The ID of the room where the event was sent to.

pub async fn get_room_event_encryption_info( &self, event: &Raw<EncryptedEvent>, room_id: &RoomId, ) -> Result<EncryptionInfo, MegolmError>

Get encryption info for a decrypted timeline event.

This recalculates the EncryptionInfo data that is returned by OlmMachine::decrypt_room_event, based on the current verification status of the sender, etc.

Returns an error for an unencrypted event.

Arguments

• event - The event to get information for.
• room_id - The ID of the room where the event was sent to.

pub async fn update_tracked_users( &self, users: impl IntoIterator<Item = &UserId>, ) -> StoreResult<()>

Update the list of tracked users.

The OlmMachine maintains a list of users whose devices we are keeping track of: these are known as “tracked users”. These must be users that we share a room with, so that the server sends us updates for their device lists.

Arguments

• users - An iterator over user ids that should be added to the list of tracked users

Any users that hadn’t been seen before will be flagged for a key query immediately, and whenever OlmMachine::receive_sync_changes() receives a “changed” notification for that user in the future.

Users that were already in the list are unaffected.

pub async fn mark_all_tracked_users_as_dirty(&self) -> StoreResult<()>

Mark all tracked users as dirty.

All users whose device lists we are tracking are flagged as needing a key query. Users whose devices we are not tracking are ignored.

pub async fn get_device( &self, user_id: &UserId, device_id: &DeviceId, timeout: Option<Duration>, ) -> StoreResult<Option<Device>>

Get a specific device of a user.

Arguments

• user_id - The unique id of the user that the device belongs to.

• device_id - The unique id of the device.

• timeout - The amount of time we should wait before returning if the user’s device list has been marked as stale. Note, this assumes that the requests from OlmMachine::outgoing_requests are being processed and sent out.

Returns a Device if one is found and the crypto store didn’t throw an error.

Examples

let device = machine.get_device(&alice, device_id!("DEVICEID"), None).await;

println!("{:?}", device);

pub async fn get_identity( &self, user_id: &UserId, timeout: Option<Duration>, ) -> StoreResult<Option<UserIdentity>>

Get the cross signing user identity of a user.

Arguments

• user_id - The unique id of the user that the identity belongs to

• timeout - The amount of time we should wait before returning if the user’s device list has been marked as stale. Note, this assumes that the requests from OlmMachine::outgoing_requests are being processed and sent out.

Returns a UserIdentity enum if one is found and the crypto store didn’t throw an error.

pub async fn get_user_devices( &self, user_id: &UserId, timeout: Option<Duration>, ) -> StoreResult<UserDevices>

Get a map holding all the devices of an user.

Arguments

• user_id - The unique id of the user that the devices belong to.

• timeout - The amount of time we should wait before returning if the user’s device list has been marked as stale. Note, this assumes that the requests from OlmMachine::outgoing_requests are being processed and sent out.

Examples

let devices = machine.get_user_devices(&alice, None).await.unwrap();

for device in devices.devices() {
    println!("{:?}", device);
}

pub async fn cross_signing_status(&self) -> CrossSigningStatus

Get the status of the private cross signing keys.

This can be used to check which private cross signing keys we have stored locally.

pub async fn export_cross_signing_keys( &self, ) -> StoreResult<Option<CrossSigningKeyExport>>

Export all the private cross signing keys we have.

The export will contain the seed for the ed25519 keys as a unpadded base64 encoded string.

This method returns None if we don’t have any private cross signing keys.

pub async fn import_cross_signing_keys( &self, export: CrossSigningKeyExport, ) -> Result<CrossSigningStatus, SecretImportError>

Import our private cross signing keys.

The export needs to contain the seed for the ed25519 keys as an unpadded base64 encoded string.

pub async fn sign(&self, message: &str) -> Result<Signatures, CryptoStoreError>

Sign the given message using our device key and if available cross signing master key.

Presently, this should only be used for signing the server-side room key backups.

pub fn backup_machine(&self) -> &BackupMachine

Get a reference to the backup related state machine.

This state machine can be used to incrementally backup all room keys to the server.

pub async fn initialize_crypto_store_generation( &self, generation: &Mutex<Option<u64>>, ) -> StoreResult<()>

Syncs the database and in-memory generation counter.

This requires that the crypto store lock has been acquired already.

pub async fn maintain_crypto_store_generation<'a>( &'a self, generation: &Mutex<Option<u64>>, ) -> StoreResult<(bool, u64)>

If needs be, update the local and on-disk crypto store generation.

Requirements

• This assumes that initialize_crypto_store_generation has been called beforehand.
• This requires that the crypto store lock has been acquired.

Arguments

• generation - The in-memory generation counter (or rather, the Mutex wrapping it). This defines the “expected” generation on entry, and, if we determine an update is needed, is updated to hold the “new” generation.

Returns

A tuple containing:

• A bool, set to true if another process has updated the generation number in the Store since our expected value, and as such we’ve incremented and updated it in the database. Otherwise, false.

• The (possibly updated) generation counter.

pub fn dehydrated_devices(&self) -> DehydratedDevices

Manage dehydrated devices.

pub async fn room_settings( &self, room_id: &RoomId, ) -> StoreResult<Option<RoomSettings>>

Get the stored encryption settings for the given room, such as the encryption algorithm or whether to encrypt only for trusted devices.

These settings can be modified via OlmMachine::set_room_settings.

pub async fn set_room_settings( &self, room_id: &RoomId, new_settings: &RoomSettings, ) -> Result<(), SetRoomSettingsError>

Store encryption settings for the given room.

This method checks if the new settings are “safe” – ie, that they do not represent a downgrade in encryption security from any previous settings. Attempts to downgrade security will result in a SetRoomSettingsError::EncryptionDowngrade.

If the settings are valid, they will be persisted to the crypto store. These settings are not used directly by this library, but the saved settings can be retrieved via OlmMachine::room_settings.

Trait Implementations

impl Clone for OlmMachine

fn clone(&self) -> OlmMachine

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for OlmMachine

Available on non-tarpaulin_include only.

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.