finish ssss tests

lib/encryption/key_manager.dart

@@ -405,7 +405,8 @@ class KeyManager {
     try {
       await loadSingleKey(room.id, sessionId);
     } catch (err, stacktrace) {
-      print('[KeyManager] Failed to access online key backup: ' + err.toString());
+      print(
+          '[KeyManager] Failed to access online key backup: ' + err.toString());
       print(stacktrace);
     }
     if (!hadPreviously &&

lib/src/database/database.g.dart

@@ -5850,6 +5850,15 @@ abstract class _$Database extends GeneratedDatabase {
         readsFrom: {ssssCache}).map(_rowToDbSSSSCache);
   }
 
+  Future<int> clearSSSSCache(int client_id) {
+    return customUpdate(
+      'DELETE FROM ssss_cache WHERE client_id = :client_id',
+      variables: [Variable.withInt(client_id)],
+      updates: {ssssCache},
+      updateKind: UpdateKind.delete,
+    );
+  }
+
   Future<int> insertClient(
       String name,
       String homeserver_url,

lib/src/database/database.moor

@@ -198,6 +198,7 @@ storeUserCrossSigningKey: INSERT OR REPLACE INTO user_cross_signing_keys (client
 removeUserCrossSigningKey: DELETE FROM user_cross_signing_keys WHERE client_id = :client_id AND user_id = :user_id AND public_key = :public_key;
 storeSSSSCache: INSERT OR REPLACE INTO ssss_cache (client_id, type, key_id, ciphertext, content) VALUES (:client_id, :type, :key_id, :ciphertext, :content);
 dbGetSSSSCache: SELECT * FROM ssss_cache WHERE client_id = :client_id AND type = :type;
+clearSSSSCache: DELETE FROM ssss_cache WHERE client_id = :client_id;
 insertClient: INSERT INTO clients (name, homeserver_url, token, user_id, device_id, device_name, prev_batch, olm_account) VALUES (:name, :homeserver_url, :token, :user_id, :device_id, :device_name, :prev_batch, :olm_account);
 ensureRoomExists: INSERT OR IGNORE INTO rooms (client_id, room_id, membership) VALUES (:client_id, :room_id, :membership);
 setRoomPrevBatch: UPDATE rooms SET prev_batch = :prev_batch WHERE client_id = :client_id AND room_id = :room_id;

test/encryption/ssss_test.dart

@@ -50,11 +50,11 @@ void main() {
     });
 
     test('basic things', () async {
-        expect(client.encryption.ssss.defaultKeyId, '0FajDWYaM6wQ4O60OZnLvwZfsBNu4Bu3');
+      expect(client.encryption.ssss.defaultKeyId,
+          '0FajDWYaM6wQ4O60OZnLvwZfsBNu4Bu3');
     });
 
     test('encrypt / decrypt', () {
-        final signing = olm.PkSigning();
       final key = Uint8List.fromList(SecureRandom(32).bytes);
 
       final enc = SSSS.encryptAes('secret foxies', key, 'name');
@@ -87,7 +87,10 @@ void main() {
       await handle.store('best animal', 'foxies');
       // alright, since we don't properly sync we will manually have to update
       // account_data for this test
-        final content = FakeMatrixApi.calledEndpoints['/client/r0/user/%40test%3AfakeServer.notExisting/account_data/best+animal'].first;
+      final content = FakeMatrixApi
+          .calledEndpoints[
+              '/client/r0/user/%40test%3AfakeServer.notExisting/account_data/best+animal']
+          .first;
       client.accountData['best animal'] = BasicEvent.fromJson({
         'type': 'best animal',
         'content': json.decode(content),
@@ -96,23 +99,47 @@ void main() {
     });
 
     test('cache', () async {
-        final handle = client.encryption.ssss.open('m.cross_signing.self_signing');
+      final handle =
+          client.encryption.ssss.open('m.cross_signing.self_signing');
       handle.unlock(recoveryKey: SSSS_KEY);
-        expect((await client.encryption.ssss.getCached('m.cross_signing.self_signing')) != null, false);
+      expect(
-        expect((await client.encryption.ssss.getCached('m.cross_signing.user_signing')) != null, false);
+          (await client.encryption.ssss
+                  .getCached('m.cross_signing.self_signing')) !=
+              null,
+          false);
+      expect(
+          (await client.encryption.ssss
+                  .getCached('m.cross_signing.user_signing')) !=
+              null,
+          false);
       await handle.getStored('m.cross_signing.self_signing');
-        expect((await client.encryption.ssss.getCached('m.cross_signing.self_signing')) != null, true);
+      expect(
+          (await client.encryption.ssss
+                  .getCached('m.cross_signing.self_signing')) !=
+              null,
+          true);
       await handle.maybeCacheAll();
-        expect((await client.encryption.ssss.getCached('m.cross_signing.user_signing')) != null, true);
+      expect(
-        expect((await client.encryption.ssss.getCached('m.megolm_backup.v1')) != null, true);
+          (await client.encryption.ssss
+                  .getCached('m.cross_signing.user_signing')) !=
+              null,
+          true);
+      expect(
+          (await client.encryption.ssss.getCached('m.megolm_backup.v1')) !=
+              null,
+          true);
     });
 
     test('make share requests', () async {
-        final key = client.userDeviceKeys[client.userID].deviceKeys['OTHERDEVICE'];
+      final key =
+          client.userDeviceKeys[client.userID].deviceKeys['OTHERDEVICE'];
       key.setDirectVerified(true);
       FakeMatrixApi.calledEndpoints.clear();
       await client.encryption.ssss.request('some.type', [key]);
-        expect(FakeMatrixApi.calledEndpoints.keys.any((k) => k.startsWith('/client/r0/sendToDevice/m.room.encrypted')), true);
+      expect(
+          FakeMatrixApi.calledEndpoints.keys.any(
+              (k) => k.startsWith('/client/r0/sendToDevice/m.room.encrypted')),
+          true);
     });
 
     test('answer to share requests', () async {
@@ -128,7 +155,10 @@ void main() {
       );
       FakeMatrixApi.calledEndpoints.clear();
       await client.encryption.ssss.handleToDeviceEvent(event);
-        expect(FakeMatrixApi.calledEndpoints.keys.any((k) => k.startsWith('/client/r0/sendToDevice/m.room.encrypted')), true);
+      expect(
+          FakeMatrixApi.calledEndpoints.keys.any(
+              (k) => k.startsWith('/client/r0/sendToDevice/m.room.encrypted')),
+          true);
 
       // now test some fail scenarios
 
@@ -145,7 +175,10 @@ void main() {
       );
       FakeMatrixApi.calledEndpoints.clear();
       await client.encryption.ssss.handleToDeviceEvent(event);
-        expect(FakeMatrixApi.calledEndpoints.keys.any((k) => k.startsWith('/client/r0/sendToDevice/m.room.encrypted')), false);
+      expect(
+          FakeMatrixApi.calledEndpoints.keys.any(
+              (k) => k.startsWith('/client/r0/sendToDevice/m.room.encrypted')),
+          false);
 
       // secret not cached
       event = ToDeviceEvent(
@@ -160,7 +193,10 @@ void main() {
       );
       FakeMatrixApi.calledEndpoints.clear();
       await client.encryption.ssss.handleToDeviceEvent(event);
-        expect(FakeMatrixApi.calledEndpoints.keys.any((k) => k.startsWith('/client/r0/sendToDevice/m.room.encrypted')), false);
+      expect(
+          FakeMatrixApi.calledEndpoints.keys.any(
+              (k) => k.startsWith('/client/r0/sendToDevice/m.room.encrypted')),
+          false);
 
       // is a cancelation
       event = ToDeviceEvent(
@@ -175,10 +211,14 @@ void main() {
       );
       FakeMatrixApi.calledEndpoints.clear();
       await client.encryption.ssss.handleToDeviceEvent(event);
-        expect(FakeMatrixApi.calledEndpoints.keys.any((k) => k.startsWith('/client/r0/sendToDevice/m.room.encrypted')), false);
+      expect(
+          FakeMatrixApi.calledEndpoints.keys.any(
+              (k) => k.startsWith('/client/r0/sendToDevice/m.room.encrypted')),
+          false);
 
       // device not verified
-        final key = client.userDeviceKeys[client.userID].deviceKeys['OTHERDEVICE'];
+      final key =
+          client.userDeviceKeys[client.userID].deviceKeys['OTHERDEVICE'];
       key.setDirectVerified(false);
       event = ToDeviceEvent(
         sender: client.userID,
@@ -192,13 +232,164 @@ void main() {
       );
       FakeMatrixApi.calledEndpoints.clear();
       await client.encryption.ssss.handleToDeviceEvent(event);
-        expect(FakeMatrixApi.calledEndpoints.keys.any((k) => k.startsWith('/client/r0/sendToDevice/m.room.encrypted')), false);
+      expect(
+          FakeMatrixApi.calledEndpoints.keys.any(
+              (k) => k.startsWith('/client/r0/sendToDevice/m.room.encrypted')),
+          false);
       key.setDirectVerified(true);
     });
 
-//      test('fail', () {
+    test('receive share requests', () async {
-//        expect(true, false);
+      final key =
-//      });
+          client.userDeviceKeys[client.userID].deviceKeys['OTHERDEVICE'];
+      key.setDirectVerified(true);
+      final handle =
+          client.encryption.ssss.open('m.cross_signing.self_signing');
+      handle.unlock(recoveryKey: SSSS_KEY);
+
+      await client.database.clearSSSSCache(client.id);
+      client.encryption.ssss.pendingShareRequests.clear();
+      await client.encryption.ssss.request('best animal', [key]);
+      var event = ToDeviceEvent(
+        sender: client.userID,
+        type: 'm.secret.send',
+        content: {
+          'request_id': client.encryption.ssss.pendingShareRequests.keys.first,
+          'secret': 'foxies!',
+        },
+        encryptedContent: {
+          'sender_key': key.curve25519Key,
+        },
+      );
+      await client.encryption.ssss.handleToDeviceEvent(event);
+      expect(await client.encryption.ssss.getCached('best animal'), 'foxies!');
+
+      // test the different validators
+      for (final type in [
+        'm.cross_signing.self_signing',
+        'm.cross_signing.user_signing',
+        'm.megolm_backup.v1'
+      ]) {
+        final secret = await handle.getStored(type);
+        await client.database.clearSSSSCache(client.id);
+        client.encryption.ssss.pendingShareRequests.clear();
+        await client.encryption.ssss.request(type, [key]);
+        event = ToDeviceEvent(
+          sender: client.userID,
+          type: 'm.secret.send',
+          content: {
+            'request_id':
+                client.encryption.ssss.pendingShareRequests.keys.first,
+            'secret': secret,
+          },
+          encryptedContent: {
+            'sender_key': key.curve25519Key,
+          },
+        );
+        await client.encryption.ssss.handleToDeviceEvent(event);
+        expect(await client.encryption.ssss.getCached(type), secret);
+      }
+
+      // test different fail scenarios
+
+      // not encrypted
+      await client.database.clearSSSSCache(client.id);
+      client.encryption.ssss.pendingShareRequests.clear();
+      await client.encryption.ssss.request('best animal', [key]);
+      event = ToDeviceEvent(
+        sender: client.userID,
+        type: 'm.secret.send',
+        content: {
+          'request_id': client.encryption.ssss.pendingShareRequests.keys.first,
+          'secret': 'foxies!',
+        },
+      );
+      await client.encryption.ssss.handleToDeviceEvent(event);
+      expect(await client.encryption.ssss.getCached('best animal'), null);
+
+      // unknown request id
+      await client.database.clearSSSSCache(client.id);
+      client.encryption.ssss.pendingShareRequests.clear();
+      await client.encryption.ssss.request('best animal', [key]);
+      event = ToDeviceEvent(
+        sender: client.userID,
+        type: 'm.secret.send',
+        content: {
+          'request_id': 'invalid',
+          'secret': 'foxies!',
+        },
+        encryptedContent: {
+          'sender_key': key.curve25519Key,
+        },
+      );
+      await client.encryption.ssss.handleToDeviceEvent(event);
+      expect(await client.encryption.ssss.getCached('best animal'), null);
+
+      // not from a device we sent the request to
+      await client.database.clearSSSSCache(client.id);
+      client.encryption.ssss.pendingShareRequests.clear();
+      await client.encryption.ssss.request('best animal', [key]);
+      event = ToDeviceEvent(
+        sender: client.userID,
+        type: 'm.secret.send',
+        content: {
+          'request_id': client.encryption.ssss.pendingShareRequests.keys.first,
+          'secret': 'foxies!',
+        },
+        encryptedContent: {
+          'sender_key': 'invalid',
+        },
+      );
+      await client.encryption.ssss.handleToDeviceEvent(event);
+      expect(await client.encryption.ssss.getCached('best animal'), null);
+
+      // secret not a string
+      await client.database.clearSSSSCache(client.id);
+      client.encryption.ssss.pendingShareRequests.clear();
+      await client.encryption.ssss.request('best animal', [key]);
+      event = ToDeviceEvent(
+        sender: client.userID,
+        type: 'm.secret.send',
+        content: {
+          'request_id': client.encryption.ssss.pendingShareRequests.keys.first,
+          'secret': 42,
+        },
+        encryptedContent: {
+          'sender_key': key.curve25519Key,
+        },
+      );
+      await client.encryption.ssss.handleToDeviceEvent(event);
+      expect(await client.encryption.ssss.getCached('best animal'), null);
+
+      // validator doesn't check out
+      await client.database.clearSSSSCache(client.id);
+      client.encryption.ssss.pendingShareRequests.clear();
+      await client.encryption.ssss.request('m.megolm_backup.v1', [key]);
+      event = ToDeviceEvent(
+        sender: client.userID,
+        type: 'm.secret.send',
+        content: {
+          'request_id': client.encryption.ssss.pendingShareRequests.keys.first,
+          'secret': 'foxies!',
+        },
+        encryptedContent: {
+          'sender_key': key.curve25519Key,
+        },
+      );
+      await client.encryption.ssss.handleToDeviceEvent(event);
+      expect(
+          await client.encryption.ssss.getCached('m.megolm_backup.v1'), null);
+    });
+
+    test('request all', () async {
+      final key =
+          client.userDeviceKeys[client.userID].deviceKeys['OTHERDEVICE'];
+      key.setDirectVerified(true);
+      await client.database.clearSSSSCache(client.id);
+      client.encryption.ssss.pendingShareRequests.clear();
+      await client.encryption.ssss.maybeRequestAll([key]);
+      expect(client.encryption.ssss.pendingShareRequests.length, 3);
+    });
 
     test('dispose client', () async {
       await client.dispose(closeDatabase: true);

test/fake_matrix_api.dart

@@ -539,7 +539,8 @@ class FakeMatrixApi extends MockClient {
             'encrypted': {
               '0FajDWYaM6wQ4O60OZnLvwZfsBNu4Bu3': {
                 'iv': 'eIb2IITxtmcq+1TrT8D5eQ==',
-                'ciphertext': 'lWRTPo5qxf4LAVwVPzGHOyMcP181n7bb9/B0lvkLDC2Oy4DvAL0eLx2x3bY=',
+                'ciphertext':
+                    'lWRTPo5qxf4LAVwVPzGHOyMcP181n7bb9/B0lvkLDC2Oy4DvAL0eLx2x3bY=',
                 'mac': 'Ynx89tIxPkx0o6ljMgxszww17JOgB4tg4etmNnMC9XI='
               }
             }
@@ -551,7 +552,8 @@ class FakeMatrixApi extends MockClient {
             'encrypted': {
               '0FajDWYaM6wQ4O60OZnLvwZfsBNu4Bu3': {
                 'iv': 'YqU2XIjYulYZl+bkZtGgVw==',
-                'ciphertext': 'kM2TSoy/jR/4d357ZoRPbpPypxQl6XRLo3FsEXz+f7vIOp82GeRp28RYb3k=',
+                'ciphertext':
+                    'kM2TSoy/jR/4d357ZoRPbpPypxQl6XRLo3FsEXz+f7vIOp82GeRp28RYb3k=',
                 'mac': 'F+DZa5tAFmWsYSryw5EuEpzTmmABRab4GETkM85bGGo='
               }
             }
@@ -563,7 +565,8 @@ class FakeMatrixApi extends MockClient {
             'encrypted': {
               '0FajDWYaM6wQ4O60OZnLvwZfsBNu4Bu3': {
                 'iv': 'D7AM3LXFu7ZlyGOkR+OeqQ==',
-                'ciphertext': 'bYA2+OMgsO6QB1E31aY+ESAWrT0fUBTXqajy4qmL7bVDSZY4Uj64EXNbHuA=',
+                'ciphertext':
+                    'bYA2+OMgsO6QB1E31aY+ESAWrT0fUBTXqajy4qmL7bVDSZY4Uj64EXNbHuA=',
                 'mac': 'j2UtyPo/UBSoiaQCWfzCiRZXp3IRt0ZZujuXgUMjnw4='
               }
             }
@@ -575,7 +578,8 @@ class FakeMatrixApi extends MockClient {
             'encrypted': {
               '0FajDWYaM6wQ4O60OZnLvwZfsBNu4Bu3': {
                 'iv': 'cL/0MJZaiEd3fNU+I9oJrw==',
-                'ciphertext': 'WL73Pzdk5wZdaaSpaeRH0uZYKcxkuV8IS6Qa2FEfA1+vMeRLuHcWlXbMX0w=',
+                'ciphertext':
+                    'WL73Pzdk5wZdaaSpaeRH0uZYKcxkuV8IS6Qa2FEfA1+vMeRLuHcWlXbMX0w=',
                 'mac': '+xozp909S6oDX8KRV8D8ZFVRyh7eEYQpPP76f+DOsnw='
               }
             }
@@ -1528,7 +1532,9 @@ class FakeMatrixApi extends MockClient {
               },
       '/client/unstable/room_keys/version': (var req) => {
             'algorithm': 'm.megolm_backup.v1.curve25519-aes-sha2',
-        'auth_data': {'public_key': 'GXYaxqhNhUK28zUdxOmEsFRguz+PzBsDlTLlF0O0RkM'},
+            'auth_data': {
+              'public_key': 'GXYaxqhNhUK28zUdxOmEsFRguz+PzBsDlTLlF0O0RkM'
+            },
             'count': 0,
             'etag': '0',
             'version': '5',
@@ -1782,7 +1788,8 @@ class FakeMatrixApi extends MockClient {
                 'user_id': '@test:fakeServer.notExisting',
                 'usage': ['master'],
                 'keys': {
-                  'ed25519:82mAXjsmbTbrE6zyShpR869jnrANO75H8nYY0nDLoJ8': '82mAXjsmbTbrE6zyShpR869jnrANO75H8nYY0nDLoJ8',
+                  'ed25519:82mAXjsmbTbrE6zyShpR869jnrANO75H8nYY0nDLoJ8':
+                      '82mAXjsmbTbrE6zyShpR869jnrANO75H8nYY0nDLoJ8',
                 },
                 'signatures': {},
               },
@@ -1792,7 +1799,8 @@ class FakeMatrixApi extends MockClient {
                 'user_id': '@test:fakeServer.notExisting',
                 'usage': ['self_signing'],
                 'keys': {
-                  'ed25519:F9ypFzgbISXCzxQhhSnXMkc1vq12Luna3Nw5rqViOJY': 'F9ypFzgbISXCzxQhhSnXMkc1vq12Luna3Nw5rqViOJY',
+                  'ed25519:F9ypFzgbISXCzxQhhSnXMkc1vq12Luna3Nw5rqViOJY':
+                      'F9ypFzgbISXCzxQhhSnXMkc1vq12Luna3Nw5rqViOJY',
                 },
                 'signatures': {},
               },
@@ -1802,7 +1810,8 @@ class FakeMatrixApi extends MockClient {
                 'user_id': '@test:fakeServer.notExisting',
                 'usage': ['user_signing'],
                 'keys': {
-                  'ed25519:0PiwulzJ/RU86LlzSSZ8St80HUMN3dqjKa/orIJoA0g': '0PiwulzJ/RU86LlzSSZ8St80HUMN3dqjKa/orIJoA0g',
+                  'ed25519:0PiwulzJ/RU86LlzSSZ8St80HUMN3dqjKa/orIJoA0g':
+                      '0PiwulzJ/RU86LlzSSZ8St80HUMN3dqjKa/orIJoA0g',
                 },
                 'signatures': {},
               },