Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Message keys not migrated from legacy to Rust store are not backed up after backup reset #8814

Closed
yostyle opened this issue Apr 30, 2024 · 11 comments
Closed

Message keys not migrated from legacy to Rust store are not backed up after backup reset #8814

yostyle opened this issue Apr 30, 2024 · 11 comments
Labels
T-Defect Something isn't working: bugs, crashes, hangs and other reported problems

Comments

@yostyle
Copy link
Contributor

yostyle commented Apr 30, 2024
edited
Loading

Steps to reproduce

case 1 (with key backup)

  1. Install Element 1.5.32 or older (any other version without crypto rust)
  2. Send some events in rooms to have a significant history.
  3. Upgrade to Element 1.6.8 (higher version could crash, it's another problem to report...)
  4. Don't open the rooms
  5. Reset secure backup
  6. Create a new session on any Matrix client like Element X (or Element Web)
  7. On the new session restore from backup
  8. Open a room

case 2 (without key backup)

  1. Install Element 1.5.32 or older (any other version without crypto rust)
  2. Send some events in rooms to have a significant history.
  3. Upgrade to Element 1.6.8 (higher version could crash, it's another problem to report...)
  4. Create a new session on any Matrix client like Element X (or Element Web)
  5. Open a room

Outcome

What did you expect?

All events should be decryptable.

What happened instead?

case 1 (with key backup)

All events are undecryptable because message keys (Megolm sessions) are not backed up.

Only message keys migrated to the Rust crypto store are backed up to the server-side key backup. Message keys that are not present in the Rust crypto store are missing in the key backup.

case 2 (without key backup)

All events are undecryptable because message keys (Megolm sessions) are not sent to the Element X session by key request feature.

Only message keys migrated to the Rust crypto store could be exchanged between sessions.

Your phone model

Pixel 8 Pro

Operating system version

Android 14

Application version and app store

No response

Homeserver

matrix.org

Will you send logs?

No

Are you willing to provide a PR?

No
@yostyle yostyle added the T-Defect Something isn't working: bugs, crashes, hangs and other reported problems label Apr 30, 2024
@giomfo
Copy link
Member

giomfo commented Apr 30, 2024

This is possible to reproduce this issue on any Element-Android client which has been updated from Element (without crypto rust) to ElementR (with crypto rust).
After a reset of the Secure Backup on ER-Android, the keys stored locally in the Realm DB are uploaded in the key backup only when they are used to decrypt an event. These keys are missing in the backup by default

@yostyle
Copy link
Contributor Author

yostyle commented Apr 30, 2024
edited
Loading

On Element Web and Element iOS it seems the realm db is migrated totally. A similar behavior is needed on Android.

Element iOS :
https://github.com/matrix-org/matrix-ios-sdk/blob/develop/MatrixSDK/Crypto/Migration/MXCryptoMigrationV2.swift
https://github.com/matrix-org/matrix-ios-sdk/blob/develop/MatrixSDK/Crypto/MXCryptoV2.swift

Element Web :
https://github.com/matrix-org/matrix-js-sdk/blob/develop/src/rust-crypto/libolm_migration.ts

@yostyle
Copy link
Contributor Author

yostyle commented May 16, 2024

@giomfo do you have a plan about this issue ?

It could impact some users on Element X, Element 1.6.8 and higher.

@giomfo
Copy link
Member

giomfo commented May 17, 2024

@yostyle internal discussions are still in progress about this key migration issue

@toshanmugaraj

This comment was marked as off-topic.

Sign in to view
@yostyle yostyle mentioned this issue May 28, 2024
Open
@toshanmugaraj

This comment was marked as off-topic.

Sign in to view
@richvdh richvdh changed the title Missing encryption keys in secret storage Message keys not migrated from legacy to Rust store are not backed up after backup reset Jun 10, 2024
@yostyle
Copy link
Contributor Author

yostyle commented Jun 12, 2024
edited
Loading

@giomfo we can reproduce the same issue without key backup configured on the user account. I added this case in the issue description.

@BillCarsonFr
Copy link
Member

BillCarsonFr commented Jun 18, 2024
edited by richvdh
Loading

Hello, while migrating all the session would fix this scenario, it will not completely fix the problem. For example in this migration case, the keys are already offloaded in the backup.

The problem is that the reset backup flow that can cause key loss, and we could take action to reduce the chance of key loss by doing also something like that element-hq/element-meta#2446

@kegsay kegsay mentioned this issue Jun 24, 2024
Open
@richvdh
Copy link
Member

richvdh commented Jun 28, 2024

Hello, while migrating all the session would fix this scenario, it will not completely fix the problem. For example in this migration case, the keys are already offloaded in the backup.

To be clear, there are two separate problems here.

  1. If you had set up key backup before migrating to rust, then all the keys that were previously in the Realm DB will also be in the key backup. This is fine, unless the user resets their key backup, which can cause keys to be lost. This is the same problem as Megolm Backup | Client should always have a local copy of all their megolm keys to limit the possibility of key loss element-meta#2446.

    It is worth noting that resetting key backup should be an unusual operation. Indeed, as I understand it, "Reset Secure Backup" in Element Android does not actually reset the key backup -- it in fact resets secret storage (which is used to store the backup key), but if backup was working on the client before the reset, the same key backup should continue to work afterwards (see PASSPHRASE_RESET). It is therefore expected that very few users will hit this case.

  2. If you had not set up key backup before migration, then there exist keys which are only in the Realm DB. Then, when you come to configure key backup later, those keys are not backed up. I have opened a separate issue to track this: Message keys not migrated from legacy to Rust store are not backed up #8858.

    In addition, key requests/sharing are not supported by modern clients: the only "key sharing" mechanism now supported is via key backup.

@giomfo
Copy link
Member

giomfo commented Jun 28, 2024

@yostyle According to the point 1. summarised by @richvdh above, the Reset secure backup that you did in your case 1 (step 5) should not impact the backed up keys server side.

Do you know when the backup is set up in your case 1? Indeed if you set up the backup for your test after "Upgrade to Element 1.6.8" (step3), then you are mainly impacted by point2. This is the only reason, I can see, to explain the missing keys in the backup after the reset secure backup

@yostyle
Copy link
Contributor Author

yostyle commented Jul 3, 2024
edited
Loading

@giomfo the secure storage has been recreated and not only reset. Our problem is the creation of a new secure storage. In this case all keys in Realm DB are not backed up. This is the second point of @richvdh comment.

Should be fixed by #8858

@yostyle yostyle closed this as completed Jul 3, 2024
@MarcWadai MarcWadai mentioned this issue Jul 24, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
T-Defect Something isn't working: bugs, crashes, hangs and other reported problems
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@toshanmugaraj @yostyle @richvdh @giomfo @BillCarsonFr