Merge branch 'release/0.26.2/master'

CHANGES.md

@@ -1,3 +1,19 @@
+## Changes in 0.26.2 (2023-03-21)
+
+🙌 Improvements
+
+- Crypto: Always update tracked users when sharing keys ([#1733](https://github.com/matrix-org/matrix-ios-sdk/pull/1733))
+- CryptoV2: Fully deprecate MXCryptoStore ([#1735](https://github.com/matrix-org/matrix-ios-sdk/pull/1735))
+- Make CallKit maximumCallGroups configurable. ([#1738](https://github.com/matrix-org/matrix-ios-sdk/pull/1738))
+- Crypto: Simplify user verification state ([#1740](https://github.com/matrix-org/matrix-ios-sdk/pull/1740))
+- Rageshakes: Identify crypto module ([#1742](https://github.com/matrix-org/matrix-ios-sdk/pull/1742))
+- Session: Improved session startup progress ([#7417](https://github.com/vector-im/element-ios/issues/7417))
+
+🐛 Bugfixes
+
+- MXCallManager: Make call transfer requests sequential. ([#1739](https://github.com/matrix-org/matrix-ios-sdk/pull/1739))
+
+
 ## Changes in 0.26.1 (2023-03-13)
 
 🐛 Bugfixes

MatrixSDK.podspec

@@ -1,7 +1,7 @@
 Pod::Spec.new do |s|
 
   s.name         = "MatrixSDK"
-  s.version      = "0.26.1"
+  s.version      = "0.26.2"
   s.summary      = "The iOS SDK to build apps compatible with Matrix (https://www.matrix.org)"
 
   s.description  = <<-DESC
@@ -45,7 +45,7 @@ Pod::Spec.new do |s|
       ss.dependency 'OLMKit', '~> 3.2.5'
       ss.dependency 'Realm', '10.27.0'
       ss.dependency 'libbase58', '~> 0.1.4'
-      ss.dependency 'MatrixSDKCrypto', '0.2.1', :configurations => ["DEBUG", "RELEASE"], :inhibit_warnings => true
+      ss.dependency 'MatrixSDKCrypto', '0.3.0', :configurations => ["DEBUG", "RELEASE"], :inhibit_warnings => true
   end
 
   s.subspec 'JingleCallStack' do |ss|

MatrixSDK/Crypto/Algorithms/RoomEvent/MXRoomEventEncryption.swift

@@ -47,24 +47,19 @@ struct MXRoomEventEncryption: MXRoomEventEncrypting {
     private static let keyRotationPeriodSec: Int = 7 * 24 * 3600 // Rotate room keys each week
 
     private let handler: MXCryptoRoomEventEncrypting
-    private let legacyStore: MXCryptoStore
     private let getRoomAction: GetRoomAction
     private let log = MXNamedLog(name: "MXRoomEventEncryption")
 
     init(
         handler: MXCryptoRoomEventEncrypting,
-        legacyStore: MXCryptoStore,
         getRoomAction: @escaping GetRoomAction
     ) {
         self.handler = handler
-        self.legacyStore = legacyStore
         self.getRoomAction = getRoomAction
     }
 
     func isRoomEncrypted(roomId: String) -> Bool {
-        // State of room encryption is not yet implemented in `MatrixSDKCrypto`
-        // Will be moved to `MatrixSDKCrypto` eventually
-        return legacyStore.algorithm(forRoom: roomId) != nil
+        return handler.roomSettings(roomId: roomId)?.algorithm != nil
     }
 
     func ensureRoomKeysShared(roomId: String) async throws {
@@ -108,7 +103,7 @@ struct MXRoomEventEncryption: MXRoomEventEncrypting {
             for: room,
             historyVisibility: state.historyVisibility
         )
-        handler.addTrackedUsers(users)
+        handler.updateTrackedUsers(users)
     }
 
     // MARK: - Private
@@ -128,6 +123,12 @@ struct MXRoomEventEncryption: MXRoomEventEncrypting {
             historyVisibility: state.historyVisibility
         )
 
+        // Room membership events should ensure that we are always tracking users as soon as possible,
+        // but there are rare edge-cases where this does not always happen. To add a safety mechanism
+        // we will always update tracked users when sharing keys (which does nothing if a user is
+        // already tracked), triggering a key request for missing users in the next sync loop.
+        handler.updateTrackedUsers(users)
+
         let settings = try encryptionSettings(for: state)
         try await handler.shareRoomKeysIfNecessary(
             roomId: roomId,
@@ -138,37 +139,23 @@ struct MXRoomEventEncryption: MXRoomEventEncrypting {
 
     /// Make sure that we recognize (and store if necessary) the claimed room encryption algorithm
     private func ensureRoomEncryption(roomId: String, algorithm: String?) throws {
-        let existingAlgorithm = legacyStore.algorithm(forRoom: roomId)
-        if existingAlgorithm != nil && existingAlgorithm == algorithm {
-            // Encryption in room is already set to the correct algorithm
-            return
-        }
+        log.debug("Attempting to set algorithm to \(algorithm ?? "empty")")
 
-        guard let algorithm = algorithm else {
-            if existingAlgorithm != nil {
-                log.error("Resetting encryption is not allowed")
-                return
+        do {
+            let algorithm = try EventEncryptionAlgorithm(string: algorithm)
+            try handler.setRoomAlgorithm(roomId: roomId, algorithm: algorithm)
+        } catch {
+            if let existing = handler.roomSettings(roomId: roomId)?.algorithm {
+                log.error("Failed to set algorithm, but another room algorithm already stored", context: [
+                    "existing": existing,
+                    "new": algorithm ?? "empty"
+                ])
             } else {
-                throw Error.invalidEncryptionAlgorithm
+                log.error("Failed to set algorithm", context: error)
+                throw error
             }
         }
 
-        let supportedAlgorithms = Set([kMXCryptoMegolmAlgorithm])
-        guard supportedAlgorithms.contains(algorithm) else {
-            log.error("Ignoring invalid room algorithm", context: [
-                "room_id": roomId,
-                "algorithm": algorithm
-            ])
-            throw Error.invalidEncryptionAlgorithm
-        }
-
-        if let existing = existingAlgorithm, existing != algorithm {
-            log.warning("New m.room.encryption event in \(roomId) with an algorithm change from \(existing) to \(algorithm)")
-        } else {
-            log.debug("New m.room.encryption event with algorithm \(algorithm)")
-        }
-
-        legacyStore.storeAlgorithm(forRoom: roomId, algorithm: algorithm)
     }
 
     /// Get user ids for all room members that should be able to decrypt events, based on the history visibility setting
@@ -202,7 +189,7 @@ struct MXRoomEventEncryption: MXRoomEventEncrypting {
     }
 
     private func onlyTrustedDevices(in roomId: String) -> Bool {
-        return legacyStore.globalBlacklistUnverifiedDevices || legacyStore.blacklistUnverifiedDevices(inRoom: roomId)
+        return handler.onlyAllowTrustedDevices || handler.roomSettings(roomId: roomId)?.onlyAllowTrustedDevices == true
     }
 
     private func room(for roomId: String) throws -> MXRoom {

MatrixSDK/Crypto/CrossSigning/Data/MXCrossSigningInfo.h

@@ -17,7 +17,6 @@
 #import <Foundation/Foundation.h>
 
 #import "MXCrossSigningKey.h"
-#import "MXUserTrustLevel.h"
 
 @class MXCryptoUserIdentityWrapper;
 
@@ -56,7 +55,7 @@ extern NSString *const MXCrossSigningInfoTrustLevelDidChangeNotification;
 
 #pragma mark - Additional information
 
-@property (nonatomic, readonly) MXUserTrustLevel *trustLevel;
+@property (nonatomic, readonly) BOOL isVerified;
 
 @end
 

MatrixSDK/Crypto/CrossSigning/Data/MXCrossSigningInfo.m

@@ -21,6 +21,38 @@
 
 NSString *const MXCrossSigningInfoTrustLevelDidChangeNotification = @"MXCrossSigningInfoTrustLevelDidChangeNotification";
 
+#pragma mark - Deprecated user trust
+
+/**
+ Deprecated model of user trust that distinguished local vs cross-signing verification
+ 
+ This model is no longer used and is replaced by a combined `isVerified` property on `MXCrossSigningInfo`.
+ For backwards compatibility (reading archived values) the model needs to be kept around, albeit as private only.
+ */
+@interface MXDeprecatedUserTrustLevel : NSObject <NSCoding>
+@property (nonatomic, readonly) BOOL isCrossSigningVerified;
+@end
+
+@implementation MXDeprecatedUserTrustLevel
+- (id)initWithCoder:(NSCoder *)aDecoder
+{
+    self = [super init];
+    if (self)
+    {
+        // We ignore `isLocallyVerified` field and only consider `isCrossSigningVerified`
+        _isCrossSigningVerified = [aDecoder decodeBoolForKey:@"isCrossSigningVerified"];
+    }
+    return self;
+}
+
+- (void)encodeWithCoder:(NSCoder *)aCoder
+{
+    MXLogFailure(@"[MXDeprecatedUserTrustLevel] encode: This model should only be used for decoding existing data, not encoding new data");
+}
+@end
+
+#pragma mark - CrossSigningInfo
+
 @implementation MXCrossSigningInfo
 
 - (instancetype)initWithUserIdentity:(MXCryptoUserIdentityWrapper *)userIdentity
@@ -43,7 +75,7 @@ - (instancetype)initWithUserIdentity:(MXCryptoUserIdentityWrapper *)userIdentity
             keys[MXCrossSigningKeyType.userSigning] = userIdentity.userSignedKeys;
         }
         _keys = keys.copy;
-        _trustLevel = userIdentity.trustLevel;
+        _isVerified = userIdentity.isVerified;
     }
     return self;
 }
@@ -92,7 +124,22 @@ - (id)initWithCoder:(NSCoder *)aDecoder
     {
         _userId = [aDecoder decodeObjectForKey:@"userId"];
         _keys = [aDecoder decodeObjectForKey:@"keys"];
-        _trustLevel = [aDecoder decodeObjectForKey:@"trustLevel"];
+
+        // Initial version (i.e. version 0) of the model stored user trust via `MXUserTrustLevel` submodel.
+        // If we are reading this version out we need to decode verification state from this model before
+        // migrating it over to `isVerified`
+        NSInteger version = [aDecoder decodeIntegerForKey:@"version"];
+        if (version == 0)
+        {
+            [NSKeyedUnarchiver setClass:MXDeprecatedUserTrustLevel.class forClassName:@"MXUserTrustLevel"];
+            MXDeprecatedUserTrustLevel *trust = [aDecoder decodeObjectForKey:@"trustLevel"];
+            // Only convert cross-signed verification status, not local verification status
+            _isVerified = trust.isCrossSigningVerified;
+        }
+        else
+        {
+            _isVerified = [aDecoder decodeBoolForKey:@"isVerified"];
+        }
     }
     return self;
 }
@@ -101,7 +148,8 @@ - (void)encodeWithCoder:(NSCoder *)aCoder
 {
     [aCoder encodeObject:_userId forKey:@"userId"];
     [aCoder encodeObject:_keys forKey:@"keys"];
-    [aCoder encodeObject:_trustLevel forKey:@"trustLevel"];
+    [aCoder encodeBool:_isVerified forKey:@"isVerified"];
+    [aCoder encodeInteger:1 forKey:@"version"];
 }
 
 
@@ -113,31 +161,23 @@ - (instancetype)initWithUserId:(NSString *)userId
     if (self)
     {
         _userId = userId;
-        _trustLevel = [MXUserTrustLevel new];
+        _isVerified = NO;
     }
     return self;
 }
 
-- (void)setTrustLevel:(MXUserTrustLevel*)trustLevel
-{
-    _trustLevel = trustLevel;
-}
-
-- (BOOL)updateTrustLevel:(MXUserTrustLevel*)trustLevel
+- (void)setIsVerified:(BOOL)isVerified
 {
-    BOOL updated = NO;
-
-    if (![_trustLevel isEqual:trustLevel])
+    if (_isVerified == isVerified)
     {
-        _trustLevel = trustLevel;
-        updated = YES;
-        [self didUpdateTrustLevel];
+        return;
     }
-
-    return updated;
+
+    _isVerified = isVerified;
+    [self didUpdateVerificationState];
 }
 
-- (void)didUpdateTrustLevel
+- (void)didUpdateVerificationState
 {
     dispatch_async(dispatch_get_main_queue(),^{
         [[NSNotificationCenter defaultCenter] postNotificationName:MXCrossSigningInfoTrustLevelDidChangeNotification object:self userInfo:nil];
@@ -158,7 +198,7 @@ - (void)addCrossSigningKey:(MXCrossSigningKey*)crossSigningKey type:(NSString*)t
 
 - (NSString *)description
 {
-    return [NSString stringWithFormat:@"<MXCrossSigningInfo: %p> Trusted: %@\nMSK: %@\nSSK: %@\nUSK: %@", self, @(self.trustLevel.isCrossSigningVerified), self.masterKeys, self.selfSignedKeys, self.userSignedKeys];
+    return [NSString stringWithFormat:@"<MXCrossSigningInfo: %p> Verified: %@\nMSK: %@\nSSK: %@\nUSK: %@", self, @(self.isVerified), self.masterKeys, self.selfSignedKeys, self.userSignedKeys];
 }
 
 @end

MatrixSDK/Crypto/CrossSigning/Data/MXCrossSigningInfo_Private.h

@@ -23,8 +23,7 @@ NS_ASSUME_NONNULL_BEGIN
 
 - (instancetype)initWithUserId:(NSString *)userId;
 
-- (void)setTrustLevel:(MXUserTrustLevel*)trustLevel;
-- (BOOL)updateTrustLevel:(MXUserTrustLevel*)trustLevel;
+- (void)setIsVerified:(BOOL)isVerified;
 - (void)addCrossSigningKey:(MXCrossSigningKey*)crossSigningKey type:(NSString*)type;
 
 @end

MatrixSDK/Crypto/CrossSigning/Data/MXCryptoUserIdentityWrapper.swift

@@ -27,7 +27,7 @@ import MatrixSDKCrypto
     public let masterKeys: MXCrossSigningKey?
     public let selfSignedKeys: MXCrossSigningKey?
     public let userSignedKeys: MXCrossSigningKey?
-    public let trustLevel: MXUserTrustLevel
+    public let isVerified: Bool
 
     internal init(identity: UserIdentity, isVerified: Bool) {
         switch identity {
@@ -43,13 +43,7 @@ import MatrixSDKCrypto
             self.selfSignedKeys = .init(jsonString: selfSigningKey)
             self.userSignedKeys = nil
         }
-
-        // `MatrixSDKCrypto` does not distinguish local and cross-signed
-        // verification status for users
-        trustLevel = MXUserTrustLevel(
-            crossSigningVerified: isVerified,
-            locallyVerified: isVerified
-        )
+        self.isVerified = isVerified
     }
 }