vodozemac Interoperability with libolm

I am trying to use Megolm. Having one side running the (Outbound)GroupSession, and the other side the InboundGroupSession. Pretty straightforward I guess.

On the outbound side I would like to use this crate, as it is native Rust. On the incoming side, I need to use libolm, or at least, I want to enable users to use libolm if they like.

Now the problem seems to be that there are different "pickle" formats. And they don't work together very well. My original issue was that I cannot decode on the libolm side, as I get "BAD_SIGNATURE". While the same message gets decoded by this create just fine.

So I tried some tests, trying to use olm-rs (which is a wrapper to libolm) in the process and see where the differences are. However, I can't import a session pickle created by this create into libolm. I also cannot create a GroupSession from a libolm pickle, only an InboundGroupSession, as the "from libolm" function doesn't exist GroupSession.

All of this is a pretty frustration experience, and I guess it would be helpful to document what is expected to work, and what not.

On top of that, I think there should be a way that both implementations can be used together. And if can't export a pickle to the libolm format from this crate, then at least I should be able to import an (Outbound) GroupSession from a libolm pickle.

May 27 '22 10:05 ctron

Pickles are unsuited for this purpose. They're only meant to be used for serializing your stuff to some kind of long-term storage, not for sharing the Megolm session over the network.

I can see where confusion about this could arise though since the documentation currently just says that pickles are a serializable format without going into detail. Thanks for pointing that out!

For sharing with other Megolm implementations over the network, you'd use:

The Megolm session sharing format for the initial session share, i.e. for the m.room_key messages in Matrix.

In vodozemac, the session sharing format corresponds to the SessionKey which you can get from a GroupSession by calling GroupSession::session_key(). For interoperability with libolm, you would serialize this with group_session.session_key().to_base64(). This can then be imported from olm-rs using OlmInboundGroupSession::import.
The Megolm session export format for forwarding sessions (m.forwarded_room_key in Matrix).

In vodozemac, this corresponds to ExportedSessionKey which you can get from an InboundGroupSession by calling InboundGroupSession::export_at or InboundGroupSession::export_at_first_known_index. Again, for interoperating with libolm, you'd serialize with inbound_group_session.export_at_first_known_index().to_base64().

May 27 '22 11:05 dkasak

If you instead indeed need to convert libolm pickles of a GroupSession #68 adds this as well.

May 27 '22 11:05 poljar

@dkasak thanks for the explanation! That really helps.

They're only meant to be used for serializing your stuff to some kind of long-term storage, not for sharing the Megolm session over the network.

That is actually the use case that I have in mind. Storing this for longer term. However, I was considering to create the session with tool A, and then use it with tool B (possibly implemented with vodozemac).

The idea is to use this in an IoT context. Provisioning a session for a device. But maybe using the session export format would be more appropriate for this case. I only started to look into this, so it might sound a like a super-noob approach :)

And thanks @poljar for creating a PR!

May 27 '22 12:05 ctron

Yeah, in that case poljar's PR should be a workable way to achieve this.

But maybe using the session export format would be more appropriate for this case.

The export format (rather than the sharing format) is most appropriate when the session could possibly be sent in a ratcheted form, because this operation invalidates the signature.

May 27 '22 12:05 dkasak