Merge branch 'release/1.5.1' into develop

matrix-org · Sep 28, 2022 · 77df720 · 77df720
2 parents 711ff70 + a0fea6c
commit 77df720
Show file tree

Hide file tree

Showing 67 changed files with 1,388 additions and 328 deletions.
diff --git a/CHANGES.md b/CHANGES.md
@@ -1,5 +1,16 @@
 Please also refer to the Changelog of Element Android: https://github.com/vector-im/element-android/blob/main/CHANGES.md
 
+Changes in Matrix-SDK v1.5.1 (2022-09-28)
+=======================================
+
+Imported from Element 1.5.1. (https://github.com/vector-im/element-android/releases/tag/v1.5.1)
+
+Security ⚠️
+----------
+
+This update provides important security fixes, update now.
+Ref: CVE-2022-39246 CVE-2022-39248
+
 Changes in Matrix-SDK v1.4.36 (2022-09-13)
 =======================================
 

diff --git a/dependencies.gradle b/dependencies.gradle
@@ -15,14 +15,14 @@ def gradle = "7.1.3"
 def kotlin = "1.6.21"
 def kotlinCoroutines = "1.6.4"
 def dagger = "2.42"
-def appDistribution = "16.0.0-beta03"
+def appDistribution = "16.0.0-beta04"
 def retrofit = "2.9.0"
 def arrow = "0.8.2"
 def markwon = "4.6.2"
 def moshi = "1.13.0"
 def lifecycle = "2.5.1"
 def flowBinding = "1.2.0"
-def flipper = "0.163.0"
+def flipper = "0.164.0"
 def epoxy = "4.6.2"
 def mavericks = "2.7.0"
 def glide = "4.13.2"
@@ -86,7 +86,7 @@ ext.libs = [
                 'appdistributionApi'      : "com.google.firebase:firebase-appdistribution-api-ktx:$appDistribution",
                 'appdistribution'         : "com.google.firebase:firebase-appdistribution:$appDistribution",
                 // Phone number https://github.com/google/libphonenumber
-                'phonenumber'             : "com.googlecode.libphonenumber:libphonenumber:8.12.54"
+                'phonenumber'             : "com.googlecode.libphonenumber:libphonenumber:8.12.55"
         ],
         dagger      : [
                 'dagger'                  : "com.google.dagger:dagger:$dagger",

diff --git a/dependencies_groups.gradle b/dependencies_groups.gradle
@@ -69,8 +69,6 @@ ext.groups = [
                         'com.gabrielittner.threetenbp',
                         'com.getkeepsafe.relinker',
                         'com.github.bumptech.glide',
-                        'com.github.filippudak',
-                        'com.github.filippudak.progresspieview',
                         'com.github.javaparser',
                         'com.github.piasy',
                         'com.github.shyiko.klob',

diff --git a/gradle.properties b/gradle.properties
@@ -26,7 +26,7 @@ vector.httpLogLevel=NONE
 # Ref: https://github.com/vanniktech/gradle-maven-publish-plugin
 GROUP=org.matrix.android
 POM_ARTIFACT_ID=matrix-android-sdk2
-VERSION_NAME=1.4.36
+VERSION_NAME=1.5.1
 
 POM_PACKAGING=aar
 

diff --git a/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/common/CommonTestHelper.kt b/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/common/CommonTestHelper.kt
@@ -38,6 +38,7 @@ import org.matrix.android.sdk.api.MatrixCallback
 import org.matrix.android.sdk.api.MatrixConfiguration
 import org.matrix.android.sdk.api.auth.data.HomeServerConnectionConfig
 import org.matrix.android.sdk.api.auth.registration.RegistrationResult
+import org.matrix.android.sdk.api.crypto.MXCryptoConfig
 import org.matrix.android.sdk.api.session.Session
 import org.matrix.android.sdk.api.session.events.model.EventType
 import org.matrix.android.sdk.api.session.events.model.toModel
@@ -61,7 +62,7 @@ import java.util.concurrent.TimeUnit
  * This class exposes methods to be used in common cases
  * Registration, login, Sync, Sending messages...
  */
-class CommonTestHelper internal constructor(context: Context) {
+class CommonTestHelper internal constructor(context: Context, val cryptoConfig: MXCryptoConfig? = null) {
 
     companion object {
         internal fun runSessionTest(context: Context, autoSignoutOnClose: Boolean = true, block: (CommonTestHelper) -> Unit) {
@@ -75,8 +76,10 @@ class CommonTestHelper internal constructor(context: Context) {
             }
         }
 
-        internal fun runCryptoTest(context: Context, autoSignoutOnClose: Boolean = true, block: (CryptoTestHelper, CommonTestHelper) -> Unit) {
-            val testHelper = CommonTestHelper(context)
+        internal fun runCryptoTest(context: Context, autoSignoutOnClose: Boolean = true,
+                                   cryptoConfig: MXCryptoConfig? = null,
+                                   block: (CryptoTestHelper, CommonTestHelper) -> Unit) {
+            val testHelper = CommonTestHelper(context, cryptoConfig)
             val cryptoTestHelper = CryptoTestHelper(testHelper)
             return try {
                 block(cryptoTestHelper, testHelper)
@@ -103,7 +106,8 @@ class CommonTestHelper internal constructor(context: Context) {
                     context,
                     MatrixConfiguration(
                             applicationFlavor = "TestFlavor",
-                            roomDisplayNameFallbackProvider = TestRoomDisplayNameFallbackProvider()
+                            roomDisplayNameFallbackProvider = TestRoomDisplayNameFallbackProvider(),
+                            cryptoConfig = cryptoConfig ?: MXCryptoConfig()
                     )
             )
         }

diff --git a/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/common/CryptoTestHelper.kt b/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/common/CryptoTestHelper.kt
@@ -529,7 +529,8 @@ class CryptoTestHelper(val testHelper: CommonTestHelper) {
                                         payload = result.clearEvent,
                                         senderKey = result.senderCurve25519Key,
                                         keysClaimed = result.claimedEd25519Key?.let { mapOf("ed25519" to it) },
-                                        forwardingCurve25519KeyChain = result.forwardingCurve25519KeyChain
+                                        forwardingCurve25519KeyChain = result.forwardingCurve25519KeyChain,
+                                        isSafe = result.isSafe
                                 )
                             }
                         } catch (error: MXCryptoError) {

diff --git a/...dk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/E2eeSanityTests.kt b/...dk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/E2eeSanityTests.kt
@@ -29,9 +29,9 @@ import org.junit.runner.RunWith
 import org.junit.runners.JUnit4
 import org.junit.runners.MethodSorters
 import org.matrix.android.sdk.InstrumentedTest
+import org.matrix.android.sdk.api.crypto.MXCryptoConfig
 import org.matrix.android.sdk.api.session.Session
 import org.matrix.android.sdk.api.session.crypto.MXCryptoError
-import org.matrix.android.sdk.api.session.crypto.RequestResult
 import org.matrix.android.sdk.api.session.crypto.keysbackup.KeysVersion
 import org.matrix.android.sdk.api.session.crypto.keysbackup.KeysVersionResult
 import org.matrix.android.sdk.api.session.crypto.keysbackup.MegolmBackupCreationInfo
@@ -45,7 +45,6 @@ import org.matrix.android.sdk.api.session.crypto.verification.VerificationServic
 import org.matrix.android.sdk.api.session.crypto.verification.VerificationTransaction
 import org.matrix.android.sdk.api.session.events.model.EventType
 import org.matrix.android.sdk.api.session.events.model.content.EncryptedEventContent
-import org.matrix.android.sdk.api.session.events.model.content.WithHeldCode
 import org.matrix.android.sdk.api.session.events.model.toModel
 import org.matrix.android.sdk.api.session.getRoom
 import org.matrix.android.sdk.api.session.room.Room
@@ -134,7 +133,8 @@ class E2eeSanityTests : InstrumentedTest {
                     val timeLineEvent = otherSession.getRoom(e2eRoomID)?.getTimelineEvent(sentEventId!!)
                     timeLineEvent != null &&
                             timeLineEvent.isEncrypted() &&
-                            timeLineEvent.root.getClearType() == EventType.MESSAGE
+                            timeLineEvent.root.getClearType() == EventType.MESSAGE &&
+                            timeLineEvent.root.mxDecryptionResult?.isSafe == true
                 }
             }
         }
@@ -331,6 +331,15 @@ class E2eeSanityTests : InstrumentedTest {
 
         // ensure bob can now decrypt
         cryptoTestHelper.ensureCanDecrypt(sentEventIds, newBobSession, e2eRoomID, messagesText)
+
+        // Check key trust
+        sentEventIds.forEach { sentEventId ->
+            val timelineEvent = newBobSession.getRoom(e2eRoomID)?.getTimelineEvent(sentEventId)!!
+            val result = testHelper.runBlockingTest {
+                newBobSession.cryptoService().decryptEvent(timelineEvent.root, "")
+            }
+            assertEquals("Keys from history should be deniable", false, result.isSafe)
+        }
     }
 
     /**
@@ -379,44 +388,37 @@ class E2eeSanityTests : InstrumentedTest {
         Log.v("#E2E TEST", "check that new bob can't currently decrypt")
 
         cryptoTestHelper.ensureCannotDecrypt(sentEventIds, newBobSession, e2eRoomID, null)
-//        newBobSession.cryptoService().getOutgoingRoomKeyRequests()
-//                .firstOrNull {
-//                    it.sessionId ==
-//                }
 
         // Try to request
         sentEventIds.forEach { sentEventId ->
             val event = newBobSession.getRoom(e2eRoomID)!!.getTimelineEvent(sentEventId)!!.root
             newBobSession.cryptoService().requestRoomKeyForEvent(event)
         }
 
-        // wait a bit
-        // we need to wait a couple of syncs to let sharing occurs
-//        testHelper.waitFewSyncs(newBobSession, 6)
-
         // Ensure that new bob still can't decrypt (keys must have been withheld)
-        sentEventIds.forEach { sentEventId ->
-            val megolmSessionId = newBobSession.getRoom(e2eRoomID)!!
-                    .getTimelineEvent(sentEventId)!!
-                    .root.content.toModel<EncryptedEventContent>()!!.sessionId
-            testHelper.waitWithLatch { latch ->
-                testHelper.retryPeriodicallyWithLatch(latch) {
-                    val aliceReply = newBobSession.cryptoService().getOutgoingRoomKeyRequests()
-                            .first {
-                                it.sessionId == megolmSessionId &&
-                                        it.roomId == e2eRoomID
-                            }
-                            .results.also {
-                                Log.w("##TEST", "result list is $it")
-                            }
-                            .firstOrNull { it.userId == aliceSession.myUserId }
-                            ?.result
-                    aliceReply != null &&
-                            aliceReply is RequestResult.Failure &&
-                            WithHeldCode.UNAUTHORISED == aliceReply.code
-                }
-            }
-        }
+        // as per new config we won't request to alice, so ignore following test
+//        sentEventIds.forEach { sentEventId ->
+//            val megolmSessionId = newBobSession.getRoom(e2eRoomID)!!
+//                    .getTimelineEvent(sentEventId)!!
+//                    .root.content.toModel<EncryptedEventContent>()!!.sessionId
+//            testHelper.waitWithLatch { latch ->
+//                testHelper.retryPeriodicallyWithLatch(latch) {
+//                    val aliceReply = newBobSession.cryptoService().getOutgoingRoomKeyRequests()
+//                            .first {
+//                                it.sessionId == megolmSessionId &&
+//                                        it.roomId == e2eRoomID
+//                            }
+//                            .results.also {
+//                                Log.w("##TEST", "result list is $it")
+//                            }
+//                            .firstOrNull { it.userId == aliceSession.myUserId }
+//                            ?.result
+//                    aliceReply != null &&
+//                            aliceReply is RequestResult.Failure &&
+//                            WithHeldCode.UNAUTHORISED == aliceReply.code
+//                }
+//            }
+//        }
 
         cryptoTestHelper.ensureCannotDecrypt(sentEventIds, newBobSession, e2eRoomID, null)
 
@@ -438,7 +440,10 @@ class E2eeSanityTests : InstrumentedTest {
      * Test that if a better key is forwarded (lower index, it is then used)
      */
     @Test
-    fun testForwardBetterKey() = runCryptoTest(context()) { cryptoTestHelper, testHelper ->
+    fun testForwardBetterKey() = runCryptoTest(
+            context(),
+            cryptoConfig = MXCryptoConfig(limitRoomKeyRequestsToMyDevices = false)
+    ) { cryptoTestHelper, testHelper ->
 
         val cryptoTestData = cryptoTestHelper.doE2ETestWithAliceAndBobInARoom(true)
         val aliceSession = cryptoTestData.firstSession

diff --git a/...d/src/androidTest/java/org/matrix/android/sdk/internal/crypto/E2eeShareKeysHistoryTest.kt b/...d/src/androidTest/java/org/matrix/android/sdk/internal/crypto/E2eeShareKeysHistoryTest.kt
@@ -77,6 +77,7 @@ class E2eeShareKeysHistoryTest : InstrumentedTest {
      */
     private fun testShareHistoryWithRoomVisibility(roomHistoryVisibility: RoomHistoryVisibility? = null) =
             runCryptoTest(context()) { cryptoTestHelper, testHelper ->
+                val aliceMessageText = "Hello Bob, I am Alice!"
                 val cryptoTestData = cryptoTestHelper.doE2ETestWithAliceAndBobInARoom(true, roomHistoryVisibility)
 
                 val e2eRoomID = cryptoTestData.roomId
@@ -96,7 +97,7 @@ class E2eeShareKeysHistoryTest : InstrumentedTest {
                 assertEquals(bobRoomPOV.roomSummary()?.joinedMembersCount, 2)
                 Log.v("#E2E TEST", "Alice and Bob are in roomId: $e2eRoomID")
 
-                val aliceMessageId: String? = sendMessageInRoom(aliceRoomPOV, "Hello Bob, I am Alice!", testHelper)
+                val aliceMessageId: String? = sendMessageInRoom(aliceRoomPOV, aliceMessageText, testHelper)
                 Assert.assertTrue("Message should be sent", aliceMessageId != null)
                 Log.v("#E2E TEST", "Alice sent message to roomId: $e2eRoomID")
 
@@ -106,7 +107,8 @@ class E2eeShareKeysHistoryTest : InstrumentedTest {
                         val timelineEvent = bobSession.roomService().getRoom(e2eRoomID)?.timelineService()?.getTimelineEvent(aliceMessageId!!)
                         (timelineEvent != null &&
                                 timelineEvent.isEncrypted() &&
-                                timelineEvent.root.getClearType() == EventType.MESSAGE).also {
+                                timelineEvent.root.getClearType() == EventType.MESSAGE &&
+                                timelineEvent.root.mxDecryptionResult?.isSafe == true).also {
                             if (it) {
                                 Log.v("#E2E TEST", "Bob can decrypt the message: ${timelineEvent?.root?.getDecryptedTextSummary()}")
                             }
@@ -142,7 +144,8 @@ class E2eeShareKeysHistoryTest : InstrumentedTest {
                                 val timelineEvent = arisSession.roomService().getRoom(e2eRoomID)?.timelineService()?.getTimelineEvent(aliceMessageId!!)
                                 (timelineEvent != null &&
                                         timelineEvent.isEncrypted() &&
-                                        timelineEvent.root.getClearType() == EventType.MESSAGE
+                                        timelineEvent.root.getClearType() == EventType.MESSAGE &&
+                                        timelineEvent.root.mxDecryptionResult?.isSafe == false
                                         ).also {
                                             if (it) {
                                                 Log.v("#E2E TEST", "Aris can decrypt the message: ${timelineEvent?.root?.getDecryptedTextSummary()}")
@@ -377,7 +380,10 @@ class E2eeShareKeysHistoryTest : InstrumentedTest {
     }
 
     private fun sendMessageInRoom(aliceRoomPOV: Room, text: String, testHelper: CommonTestHelper): String? {
-        return testHelper.sendTextMessage(aliceRoomPOV, text, 1).firstOrNull()?.eventId
+        return testHelper.sendTextMessage(aliceRoomPOV, text, 1).firstOrNull()?.let {
+            Log.v("#E2E TEST", "Message sent with session ${it.root.content?.get("session_id")}")
+            return it.eventId
+        }
     }
 
     private fun ensureMembersHaveJoined(aliceSession: Session, otherAccounts: List<Session>, e2eRoomID: String, testHelper: CommonTestHelper) {

diff --git a/...-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/UnwedgingTest.kt b/...-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/UnwedgingTest.kt
@@ -29,6 +29,7 @@ import org.matrix.android.sdk.api.auth.UIABaseAuth
 import org.matrix.android.sdk.api.auth.UserInteractiveAuthInterceptor
 import org.matrix.android.sdk.api.auth.UserPasswordAuth
 import org.matrix.android.sdk.api.auth.registration.RegistrationFlowResponse
+import org.matrix.android.sdk.api.crypto.MXCryptoConfig
 import org.matrix.android.sdk.api.extensions.tryOrNull
 import org.matrix.android.sdk.api.session.crypto.MXCryptoError
 import org.matrix.android.sdk.api.session.events.model.EventType
@@ -82,7 +83,10 @@ class UnwedgingTest : InstrumentedTest {
      * -> This is automatically fixed after SDKs restarted the olm session
      */
     @Test
-    fun testUnwedging() = runCryptoTest(context()) { cryptoTestHelper, testHelper ->
+    fun testUnwedging() = runCryptoTest(
+            context(),
+            cryptoConfig = MXCryptoConfig(limitRoomKeyRequestsToMyDevices = false)
+    ) { cryptoTestHelper, testHelper ->
         val cryptoTestData = cryptoTestHelper.doE2ETestWithAliceAndBobInARoom()
 
         val aliceSession = cryptoTestData.firstSession