matrix-rust-sdk
matrix-rust-sdk copied to clipboard
Olm unwedging | Discrepency between what the spec says and rust-sdk implementation
Reference: Olm unwedging MSC
When a device receives an olm-encrypted message that it cannot decrypt, it should assume that the olm session has become corrupted and create a new olm session to replace it. It should then send a dummy message, using that session, to the other party in order to inform them of the new session. To send a dummy message, clients may send an event with type m.dummy, and with empty contents.
As per spec:
If a client has multiple sessions established with another device, it should use the session from which it last received and successfully decrypted a message. For these purposes, a session that has not received any messages should use its creation time as the time that it last received a message.
However the rust sdk is not using storing any timestamp for "last received and successfully decrypted" message.
There is a last_used_time
timestamp, that is updated after any encryption or decryption:
https://github.com/matrix-org/matrix-rust-sdk/blob/dddc607e077511aa8c28a09856c0628d316c4dd4/crates/matrix-sdk-crypto/src/olm/session.rs#L82-L94
https://github.com/matrix-org/matrix-rust-sdk/blob/dddc607e077511aa8c28a09856c0628d316c4dd4/crates/matrix-sdk-crypto/src/olm/session.rs#L126-L132
But this last_used_time
doesn't appear to be used anywhere.
And to decide what session to use when encrypting, the rust-sdk
relies on the session creation_time
to pick up the best one:
https://github.com/matrix-org/matrix-rust-sdk/blob/dddc607e077511aa8c28a09856c0628d316c4dd4/crates/matrix-sdk-crypto/src/identities/device.rs#L692
This issue is not to say that there could be an issue by using creation_time
instead of last successful decryption time
to pick up a session, but to note the difference with the spec.
Outcome could be to:
- Update the spec
- Make the rust-sdk use
last successful decryption time