Per-participant sender keys can be processed out of order leading to InvalidKey: Decryption failed errors
#2549
Comments
hughns
added
the
T-Defect
|
As to how to fix this, initially I was thinking that the key requests should be simply queued and make sure that they are processed in the order that the js-sdk emits them. However, it was pointed out to me that when we move the distribution of encryption keys to be migrated to to-device messages that we wouldn't be able to rely on the ordering of the to-device messages. Checking the Client-Server API to-device spec it says:
Which suggests that we might be able to rely on the ordering for to-device messages from local users. However, the Server-Server API doesn't appear to say anything about EDU ordering, so we might not be able to rely on it across federation. As such, the proposed fix is to have EC track a timestamp associated with a particular key and then make sure that we don't overwrite an older one with a newer one. |
|
This will need a js-sdk bump once matrix-org/matrix-js-sdk#4345 is merged. |
|
Still needs a js-sdk bump. |
I have observed that sometimes EC will attempt to use an old per-sender encryption key instead of the correct one. EC is attempting to use the correct index, but the actual key is wrong.
On inspection I can see that the
io.element.call.encryption_keysevents are processed in the wrong order.The
io.element.call.encryption_keysevents appear to be emitted in order by the js-sdk, but when they are processed byMatrixKeyProviderthe resulting calls toBaseKeyProvider.onSetEncryptionKey()occur out of order.For example with the following events in order of emitting:
{ "call_id": "", "device_id": "YERKDYHWCR", "keys": [ { "index": 0, "key": "oldKey0" }, { "index": 1, "key": "oldKey1" } ] }{ "call_id": "", "device_id": "YERKDYHWCR", "keys": [ { "index": 0, "key": "newKey0" } ] }Then EC is trying to use
oldKey0instead ofnewKey0.The text was updated successfully, but these errors were encountered: