Struct matrix_sdk_crypto::OlmMachine

pub struct OlmMachine { /* private fields */ }

State machine implementation of the Olm/Megolm encryption protocol used for Matrix end to end encryption.

Implementations

impl OlmMachine

pub async fn new(user_id: &UserId, device_id: &DeviceId) -> Self

Create a new memory based OlmMachine.

The created machine will keep the encryption keys only in memory and once the object is dropped the keys will be lost.

Arguments

• user_id - The unique id of the user that owns this machine.

• device_id - The unique id of the device that owns this machine.

pub async fn with_store( user_id: &UserId, device_id: &DeviceId, store: impl IntoCryptoStore ) -> StoreResult<Self>

Create a new OlmMachine with the given CryptoStore.

The created machine will keep the encryption keys only in memory and once the object is dropped the keys will be lost.

If the store already contains encryption keys for the given user/device pair those will be re-used. Otherwise new ones will be created and stored.

Arguments

• user_id - The unique id of the user that owns this machine.

• device_id - The unique id of the device that owns this machine.

• store - A CryptoStore implementation that will be used to store the encryption keys.

pub fn store(&self) -> &Store

Get the crypto store associated with this OlmMachine instance.

pub fn user_id(&self) -> &UserId

The unique user id that owns this OlmMachine instance.

pub fn device_id(&self) -> &DeviceId

The unique device ID that identifies this OlmMachine.

pub fn identity_keys(&self) -> IdentityKeys

Get the public parts of our Olm identity keys.

pub async fn display_name(&self) -> StoreResult<Option<String>>

Get the display name of our own device

pub async fn tracked_users(&self) -> StoreResult<HashSet<OwnedUserId>>

Get the list of “tracked users”.

See update_tracked_users for more information.

pub fn are_room_key_requests_enabled(&self) -> bool

Query whether we should send outgoing m.room_key_requests on decryption failure.

See also [OlmMachine::set_room_key_requests_enabled].

pub fn is_room_key_forwarding_enabled(&self) -> bool

Is room key forwarding enabled?

See also [OlmMachine::set_room_key_forwarding_enabled].

pub async fn outgoing_requests(&self) -> StoreResult<Vec<OutgoingRequest>>

Get the outgoing requests that need to be sent out.

This returns a list of OutgoingRequest. Those requests need to be sent out to the server and the responses need to be passed back to the state machine using mark_request_as_sent.

pub fn query_keys_for_users<'a>( &self, users: impl IntoIterator<Item = &'a UserId> ) -> (OwnedTransactionId, KeysQueryRequest)

Generate an “out-of-band” key query request for the given set of users.

This can be useful if we need the results from get_identity or get_user_devices to be as up-to-date as possible.

Note that this request won’t be awaited by other calls waiting for a user’s or device’s keys, since this is an out-of-band query.

Arguments

• users - list of users whose keys should be queried

Returns

A request to be sent out to the server. Once sent, the response should be passed back to the state machine using mark_request_as_sent.

pub async fn mark_request_as_sent<'a>( &self, request_id: &TransactionId, response: impl Into<IncomingResponse<'a>> ) -> Result<(), OlmError>

Mark the request with the given request id as sent.

Arguments

• request_id - The unique id of the request that was sent out. This is needed to couple the response with the now sent out request.

• response - The response that was received from the server after the outgoing request was sent out.

pub async fn bootstrap_cross_signing( &self, reset: bool ) -> StoreResult<CrossSigningBootstrapRequests>

Create a new cross signing identity and get the upload request to push the new public keys to the server.

Warning: if called with reset, this will delete any existing cross signing keys that might exist on the server and thus will reset the trust between all the devices.

Returns

A triple of requests which should be sent out to the server, in the order they appear in the return tuple.

The first request’s response, if present, should be passed back to the state machine using mark_request_as_sent.

These requests may require user interactive auth.

pub async fn get_missing_sessions( &self, users: impl Iterator<Item = &UserId> ) -> StoreResult<Option<(OwnedTransactionId, KeysClaimRequest)>>

Get the a key claiming request for the user/device pairs that we are missing Olm sessions for.

Returns None if no key claiming request needs to be sent out.

Sessions need to be established between devices so group sessions for a room can be shared with them.

This should be called every time a group session needs to be shared as well as between sync calls. After a sync some devices may request room keys without us having a valid Olm session with them, making it impossible to server the room key request, thus it’s necessary to check for missing sessions between sync as well.

Note: Care should be taken that only one such request at a time is in flight, e.g. using a lock.

The response of a successful key claiming requests needs to be passed to the OlmMachine with the mark_request_as_sent.

Arguments

users - The list of users that we should check if we lack a session with one of their devices. This can be an empty iterator when calling this method between sync requests.

pub async fn encrypt_room_event( &self, room_id: &RoomId, content: impl MessageLikeEventContent ) -> Result<Raw<RoomEncryptedEventContent>, MegolmError>

Encrypt a room message for the given room.

Beware that a room key needs to be shared before this method can be called using the OlmMachine::share_room_key method.

Arguments

• room_id - The id of the room for which the message should be encrypted.

• content - The plaintext content of the message that should be encrypted.

Panics

Panics if a room key for the given room wasn’t shared beforehand.

pub async fn encrypt_room_event_raw( &self, room_id: &RoomId, event_type: &str, content: &Raw<AnyMessageLikeEventContent> ) -> Result<Raw<RoomEncryptedEventContent>, MegolmError>

Encrypt a raw JSON content for the given room.

This method is equivalent to the OlmMachine::encrypt_room_event() method but operates on an arbitrary JSON value instead of strongly-typed event content struct.

Arguments

• room_id - The id of the room for which the message should be encrypted.

• content - The plaintext content of the message that should be encrypted as a raw JSON value.

• event_type - The plaintext type of the event.

Panics

Panics if a group session for the given room wasn’t shared beforehand.

pub async fn invalidate_group_session( &self, room_id: &RoomId ) -> StoreResult<bool>

Invalidate the currently active outbound group session for the given room.

Returns true if a session was invalidated, false if there was no session to invalidate.

pub async fn share_room_key( &self, room_id: &RoomId, users: impl Iterator<Item = &UserId>, encryption_settings: impl Into<EncryptionSettings> ) -> Result<Vec<Arc<ToDeviceRequest>>, OlmError>

Get to-device requests to share a room key with users in a room.

Arguments

room_id - The room id of the room where the room key will be used.

users - The list of users that should receive the room key.

settings - Encryption settings that affect when are room keys rotated and who are they shared with.

Returns

List of the to-device requests that need to be sent out to the server and the responses need to be passed back to the state machine with mark_request_as_sent, using the to-device txn_id as request_id.

pub async fn receive_unencrypted_verification_event( &self, event: &AnyMessageLikeEvent ) -> StoreResult<()>

👎Deprecated since 0.7.0: Use OlmMachine::receive_verification_event instead

Receive an unencrypted verification event.

This method can be used to pass verification events that are happening in unencrypted rooms to the OlmMachine.

Note: This does not need to be called for encrypted events since those will get passed to the OlmMachine during decryption.

pub async fn receive_verification_event( &self, event: &AnyMessageLikeEvent ) -> StoreResult<()>

Receive a verification event.

in rooms to the OlmMachine. The event should be in the decrypted form. in rooms to the OlmMachine.

pub fn get_verification( &self, user_id: &UserId, flow_id: &str ) -> Option<Verification>

Get a verification object for the given user id with the given flow id.

pub fn get_verification_request( &self, user_id: &UserId, flow_id: impl AsRef<str> ) -> Option<VerificationRequest>

Get a verification request object with the given flow id.

pub fn get_verification_requests( &self, user_id: &UserId ) -> Vec<VerificationRequest>

Get all the verification requests of a given user.

pub async fn receive_sync_changes( &self, sync_changes: EncryptionSyncChanges<'_> ) -> Result<(Vec<Raw<AnyToDeviceEvent>>, Vec<RoomKeyInfo>), OlmError>

Handle a to-device and one-time key counts from a sync response.

This will decrypt and handle to-device events returning the decrypted versions of them.

To decrypt an event from the room timeline, call decrypt_room_event.

Arguments

• sync_changes - an EncryptionSyncChanges value, constructed from a sync response.

Returns

A tuple of (decrypted to-device events, updated room keys).

pub async fn request_room_key( &self, event: &Raw<EncryptedEvent>, room_id: &RoomId ) -> Result<(Option<OutgoingRequest>, OutgoingRequest), MegolmError>

Request a room key from our devices.

This method will return a request cancellation and a new key request if the key was already requested, otherwise it will return just the key request.

The request cancellation must be sent out before the request is sent out, otherwise devices will ignore the key request.

Arguments

• room_id - The id of the room where the key is used in.

• sender_key - The curve25519 key of the sender that owns the key.

• session_id - The id that uniquely identifies the session.

pub async fn query_missing_secrets_from_other_sessions( &self ) -> StoreResult<bool>

Request missing local secrets from our devices (cross signing private keys, megolm backup). This will ask the sdk to create outgoing request to get the missing secrets.

The requests will be processed as soon as outgoing_requests() is called to process them.

Returns

A bool result saying if actual secrets were missing and have been requested

Examples

if machine.query_missing_secrets_from_other_sessions().await.unwrap() {
    let to_send = machine.outgoing_requests().await.unwrap();
    // send the to device requests
};

pub async fn decrypt_room_event( &self, event: &Raw<EncryptedEvent>, room_id: &RoomId ) -> Result<TimelineEvent, MegolmError>

Decrypt an event from a room timeline.

Arguments

• event - The event that should be decrypted.

• room_id - The ID of the room where the event was sent to.

pub async fn is_room_key_available( &self, room_id: &RoomId, session_id: &str ) -> Result<bool, CryptoStoreError>

Do we have the room key for the given room and with the given session id in the store?

pub async fn get_room_event_encryption_info( &self, event: &Raw<EncryptedEvent>, room_id: &RoomId ) -> Result<EncryptionInfo, MegolmError>

Get encryption info for a decrypted timeline event.

This recalculates the EncryptionInfo data that is returned by OlmMachine::decrypt_room_event, based on the current verification status of the sender, etc.

Returns an error for an unencrypted event.

Arguments

• event - The event to get information for.
• room_id - The ID of the room where the event was sent to.

pub async fn update_tracked_users( &self, users: impl IntoIterator<Item = &UserId> ) -> StoreResult<()>

Update the list of tracked users.

The OlmMachine maintains a list of users whose devices we are keeping track of: these are known as “tracked users”. These must be users that we share a room with, so that the server sends us updates for their device lists.

Arguments

• users - An iterator over user ids that should be added to the list of tracked users

Any users that hadn’t been seen before will be flagged for a key query immediately, and whenever OlmMachine::receive_sync_changes() receives a “changed” notification for that user in the future.

Users that were already in the list are unaffected.

pub async fn get_device( &self, user_id: &UserId, device_id: &DeviceId, timeout: Option<Duration> ) -> StoreResult<Option<Device>>

Get a specific device of a user.

Arguments

• user_id - The unique id of the user that the device belongs to.

• device_id - The unique id of the device.

• timeout - The amount of time we should wait before returning if the user’s device list has been marked as stale. Note, this assumes that the requests from OlmMachine::outgoing_requests are being processed and sent out.

Returns a Device if one is found and the crypto store didn’t throw an error.

Examples

let device = machine.get_device(&alice, device_id!("DEVICEID"), None).await;

println!("{:?}", device);

pub async fn get_identity( &self, user_id: &UserId, timeout: Option<Duration> ) -> StoreResult<Option<UserIdentities>>

Get the cross signing user identity of a user.

Arguments

• user_id - The unique id of the user that the identity belongs to

• timeout - The amount of time we should wait before returning if the user’s device list has been marked as stale. Note, this assumes that the requests from OlmMachine::outgoing_requests are being processed and sent out.

Returns a UserIdentities enum if one is found and the crypto store didn’t throw an error.

pub async fn get_user_devices( &self, user_id: &UserId, timeout: Option<Duration> ) -> StoreResult<UserDevices>

Get a map holding all the devices of an user.

Arguments

• user_id - The unique id of the user that the devices belong to.

• timeout - The amount of time we should wait before returning if the user’s device list has been marked as stale. Note, this assumes that the requests from OlmMachine::outgoing_requests are being processed and sent out.

Examples

let devices = machine.get_user_devices(&alice, None).await.unwrap();

for device in devices.devices() {
    println!("{:?}", device);
}

pub async fn import_room_keys( &self, exported_keys: Vec<ExportedRoomKey>, from_backup: bool, progress_listener: impl Fn(usize, usize) ) -> StoreResult<RoomKeyImportResult>

👎Deprecated since 0.7.0: Use the OlmMachine::store::import_exported_room_keys method instead

Import the given room keys into our store.

Arguments

• exported_keys - A list of previously exported keys that should be imported into our store. If we already have a better version of a key the key will not be imported.

• from_backup - Were the room keys imported from the backup, if true will mark the room keys as already backed up. This will prevent backing up keys that are already backed up.

Returns a tuple of numbers that represent the number of sessions that were imported and the total number of sessions that were found in the key export.

Examples

let exported_keys = decrypt_room_key_export(export, "1234").unwrap();
machine.import_room_keys(exported_keys, false, |_, _| {}).await.unwrap();

pub async fn export_room_keys( &self, predicate: impl FnMut(&InboundGroupSession) -> bool ) -> StoreResult<Vec<ExportedRoomKey>>

Export the keys that match the given predicate.

Arguments

• predicate - A closure that will be called for every known InboundGroupSession, which represents a room key. If the closure returns true the InboundGroupSession will be included in the export, if the closure returns false it will not be included.

Examples

let room_id = room_id!("!test:localhost");
let exported_keys = machine.export_room_keys(|s| s.room_id() == room_id).await.unwrap();
let encrypted_export = encrypt_room_key_export(&exported_keys, "1234", 1);

pub async fn cross_signing_status(&self) -> CrossSigningStatus

Get the status of the private cross signing keys.

This can be used to check which private cross signing keys we have stored locally.

pub async fn export_cross_signing_keys( &self ) -> StoreResult<Option<CrossSigningKeyExport>>

Export all the private cross signing keys we have.

The export will contain the seed for the ed25519 keys as a unpadded base64 encoded string.

This method returns None if we don’t have any private cross signing keys.

pub async fn import_cross_signing_keys( &self, export: CrossSigningKeyExport ) -> Result<CrossSigningStatus, SecretImportError>

Import our private cross signing keys.

The export needs to contain the seed for the ed25519 keys as an unpadded base64 encoded string.

pub async fn sign(&self, message: &str) -> Result<Signatures, CryptoStoreError>

Sign the given message using our device key and if available cross signing master key.

Presently, this should only be used for signing the server-side room key backups.

pub fn backup_machine(&self) -> &BackupMachine

Get a reference to the backup related state machine.

This state machine can be used to incrementally backup all room keys to the server.

pub async fn initialize_crypto_store_generation( &self, generation: &Mutex<Option<u64>> ) -> StoreResult<()>

Syncs the database and in-memory generation counter.

This requires that the crypto store lock has been acquired already.

pub async fn maintain_crypto_store_generation( &self, generation: &Mutex<Option<u64>> ) -> StoreResult<bool>

If needs be, update the local and on-disk crypto store generation.

Returns true whether another user has modified the internal generation counter, and as such we’ve incremented and updated it in the database.

Requirements

• This assumes that initialize_crypto_store_generation has been called beforehand.
• This requires that the crypto store lock has been acquired.

pub fn dehydrated_devices(&self) -> DehydratedDevices

Manage dehydrated devices.

Trait Implementations

impl Clone for OlmMachine

fn clone(&self) -> OlmMachine

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for OlmMachine

Available on non-tarpaulin_include only.

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.