Open reivilibre opened 1 month ago
Turns out the rust SDK has an implementation of the same functionality: https://github.com/matrix-org/matrix-rust-sdk/blob/ca09917d8452769a9b48db394c950ff3ee906ae7/crates/matrix-sdk-crypto/src/backups/keys/compat.rs
If we expose this in the FFI layer of matrix-sdk-crypto
it should be fairly trivial to use generated Python bindings for the scanner itself.
I tried to use generated Python bindings for the full SDK for a bot prototype and it seems to work fairly well, including async/await integration (not needed for this use case however).
I think that's the easiest way forward since it also open the gate to using the FFI layer with new AND old app, and also remove libolm altogether from there.
I have a WIP for adding it to the FFI layer, I am now trying to generate a wheel with maturin
, but failing for now.
If we expose this in the FFI layer of matrix-sdk-crypto it should be fairly trivial to use generated Python bindings for the scanner itself.
But the matrix-sdk-crypto
crate does not expose the PkEncryption
stuff either.
Perhaps https://github.com/matrix-org/vodozemac/pull/171 and https://github.com/matrix-nio/vodozemac-python would be the better path forward.
Oh great I didn't know there were some work to bring PkEncryption
to vodozemac
, it's fine for me too. I went this way because an impl already exists in matrix-sdk-crypto
.
@poljar are the Python bindings supposed to be working ?
After doing a maturin build
, I get a wheel with the .so inside, but no generated Python code that would call into it. I am not sure if I am doing something wrong or if it is not in a working state yet.
Well there are Python tests that are run as part of the CI, so they should™ work.
So it turns out that a .so can be a self describing Python module, and doesn't need a matching .py
file on the side or anything. Learning new stuff every day :)
Thanks, it indeed works.
I just pushed https://github.com/matrix-nio/vodozemac-python/pull/4.
libolm has been deprecated and the content scanner uses it through python-olm.
We're not aware of any active security problem with using it, but it seems wise to think about this.
The content scanner only uses it for decrypting the bodies of POST requests, using a public-key encryption scheme, in order to prevent snooping by the server performing TLS termination or any node between that one and the content scanner itself.
The code in question is here as below: https://github.com/element-hq/matrix-content-scanner-python/blob/da1783c6bce638c3f616fb061425520fc19863a6/src/matrix_content_scanner/crypto.py#L89-L117
Vodozemac does not implement the equivalent Olm
PkEncryption
functionality. (It also sounds like it is unlikely it ever will be implemented as-is, because something is off about the MAC calculation in Olm's current specification — N.B. this MAC issue is no problem for the content scanner) As far as I know, Element X does not implement support for the content scanner currently. Presumably the lack of implementations of OlmPkEncryption
will pose an equivalent problem for them when it's time to implement support.My suspicion is that this functionality only uses Olm because the clients already had libolm available as a prerequisite for being a E2EE-supporting Matrix client and so it was somewhat convenient to just use what was already available.
Potential solutions:
PkEncryption
anyway, so there would be no benefit in sticking with the old over something more standard if it existed