From e8c86d43d070cd7ce8ee2b30e98624b743572f01 Mon Sep 17 00:00:00 2001 From: Sumner Evans Date: Tue, 21 Jun 2022 11:57:08 -0600 Subject: [PATCH] encryption: add ability to control rotation settings Signed-off-by: Sumner Evans --- commands.go | 2 +- config/upgrade.go | 3 +++ example-config.yaml | 17 +++++++++++++++++ go.mod | 2 +- go.sum | 4 ++-- matrix.go | 2 +- portal.go | 11 ++++++++++- 7 files changed, 35 insertions(+), 6 deletions(-) diff --git a/commands.go b/commands.go index 1946be9..2bc6f73 100644 --- a/commands.go +++ b/commands.go @@ -379,7 +379,7 @@ func fnCreate(ce *WrappedCommandEvent) { portal.Name = roomNameEvent.Name portal.Encrypted = encryptionEvent.Algorithm == id.AlgorithmMegolmV1 if !portal.Encrypted && ce.Bridge.Config.Bridge.Encryption.Default { - _, err = portal.MainIntent().SendStateEvent(portal.MXID, event.StateEncryption, "", &event.EncryptionEventContent{Algorithm: id.AlgorithmMegolmV1}) + _, err = portal.MainIntent().SendStateEvent(portal.MXID, event.StateEncryption, "", portal.GetEncryptionEventContent()) if err != nil { portal.log.Warnln("Failed to enable encryption in room:", err) if errors.Is(err, mautrix.MForbidden) { diff --git a/config/upgrade.go b/config/upgrade.go index 985ef8b..186e7bb 100644 --- a/config/upgrade.go +++ b/config/upgrade.go @@ -100,6 +100,9 @@ func DoUpgrade(helper *up.Helper) { helper.Copy(up.Bool, "bridge", "encryption", "key_sharing", "allow") helper.Copy(up.Bool, "bridge", "encryption", "key_sharing", "require_cross_signing") helper.Copy(up.Bool, "bridge", "encryption", "key_sharing", "require_verification") + helper.Copy(up.Bool, "bridge", "encryption", "rotation", "enable_custom") + helper.Copy(up.Int, "bridge", "encryption", "rotation", "milliseconds") + helper.Copy(up.Int, "bridge", "encryption", "rotation", "messages") if prefix, ok := helper.Get(up.Str, "appservice", "provisioning", "prefix"); ok { helper.Set(up.Str, strings.TrimSuffix(prefix, "/v1"), "bridge", "provisioning", "prefix") } else { diff --git a/example-config.yaml b/example-config.yaml index 308d0cf..90cfdcd 100644 --- a/example-config.yaml +++ b/example-config.yaml @@ -318,6 +318,23 @@ bridge: # Require devices to be verified by the bridge? # Verification by the bridge is not yet implemented. require_verification: true + # Options for Megolm room key rotation. These options allow you to + # configure the m.room.encryption event content. See: + # https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for + # more information about that event. + rotation: + # Enable custom Megolm room key rotation settings. Note that these + # settings will only apply to rooms created after this option is + # set. + enable_custom: false + # The maximum number of milliseconds a session should be used + # before changing it. The Matrix spec recommends 604800000 (a week) + # as the default. + milliseconds: 604800000 + # The maximum number of messages that should be sent with a given a + # session before changing it. The Matrix spec recommends 100 as the + # default. + messages: 100 # Settings for provisioning API provisioning: diff --git a/go.mod b/go.mod index 3c2ec56..0154bf5 100644 --- a/go.mod +++ b/go.mod @@ -15,7 +15,7 @@ require ( golang.org/x/net v0.0.0-20220513224357-95641704303c google.golang.org/protobuf v1.28.0 maunium.net/go/maulogger/v2 v2.3.2 - maunium.net/go/mautrix v0.11.1-0.20220618100747-0cefca15f223 + maunium.net/go/mautrix v0.11.1-0.20220621174128-b64dc2427d45 ) require ( diff --git a/go.sum b/go.sum index 75ca6c8..548e6f4 100644 --- a/go.sum +++ b/go.sum @@ -107,5 +107,5 @@ maunium.net/go/mauflag v1.0.0 h1:YiaRc0tEI3toYtJMRIfjP+jklH45uDHtT80nUamyD4M= maunium.net/go/mauflag v1.0.0/go.mod h1:nLivPOpTpHnpzEh8jEdSL9UqO9+/KBJFmNRlwKfkPeA= maunium.net/go/maulogger/v2 v2.3.2 h1:1XmIYmMd3PoQfp9J+PaHhpt80zpfmMqaShzUTC7FwY0= maunium.net/go/maulogger/v2 v2.3.2/go.mod h1:TYWy7wKwz/tIXTpsx8G3mZseIRiC5DoMxSZazOHy68A= -maunium.net/go/mautrix v0.11.1-0.20220618100747-0cefca15f223 h1:7eHRIEAPbVDebKzYEppC64g4e/dlfqcr8SzsV+Fxpko= -maunium.net/go/mautrix v0.11.1-0.20220618100747-0cefca15f223/go.mod h1:CiKpMhAx5QZFHK03jpWb0iKI3sGU8x6+LfsOjDrcO8I= +maunium.net/go/mautrix v0.11.1-0.20220621174128-b64dc2427d45 h1:3ld9X4COzaeGrfAAUYD5f4is0siPGzodTFtX/+o8Q50= +maunium.net/go/mautrix v0.11.1-0.20220621174128-b64dc2427d45/go.mod h1:CiKpMhAx5QZFHK03jpWb0iKI3sGU8x6+LfsOjDrcO8I= diff --git a/matrix.go b/matrix.go index dc2f8e2..7967995 100644 --- a/matrix.go +++ b/matrix.go @@ -80,7 +80,7 @@ func (br *WABridge) createPrivatePortalFromInvite(roomID id.RoomID, inviter *Use if err != nil { portal.log.Warnln("Failed to join as bridge bot to enable e2be:", err) } - _, err = intent.SendStateEvent(roomID, event.StateEncryption, "", &event.EncryptionEventContent{Algorithm: id.AlgorithmMegolmV1}) + _, err = intent.SendStateEvent(roomID, event.StateEncryption, "", portal.GetEncryptionEventContent()) if err != nil { portal.log.Warnln("Failed to enable e2be:", err) } diff --git a/portal.go b/portal.go index bb44776..a840ead 100644 --- a/portal.go +++ b/portal.go @@ -1251,6 +1251,15 @@ func (portal *Portal) UpdateBridgeInfo() { } } +func (portal *Portal) GetEncryptionEventContent() (evt *event.EncryptionEventContent) { + evt = &event.EncryptionEventContent{Algorithm: id.AlgorithmMegolmV1} + if rot := portal.bridge.Config.Bridge.Encryption.Rotation; rot.EnableCustom { + evt.RotationPeriodMillis = rot.Milliseconds + evt.RotationPeriodMessages = rot.Messages + } + return +} + func (portal *Portal) CreateMatrixRoom(user *User, groupInfo *types.GroupInfo, isFullInfo, backfill bool) error { portal.roomCreateLock.Lock() defer portal.roomCreateLock.Unlock() @@ -1358,7 +1367,7 @@ func (portal *Portal) CreateMatrixRoom(user *User, groupInfo *types.GroupInfo, i initialState = append(initialState, &event.Event{ Type: event.StateEncryption, Content: event.Content{ - Parsed: event.EncryptionEventContent{Algorithm: id.AlgorithmMegolmV1}, + Parsed: portal.GetEncryptionEventContent(), }, }) portal.Encrypted = true