Cannot decrypt messages on a second client even with cross-signing

[GregSutcliffe]

Background information

• Dendrite version or git SHA: 0.8.5
• Monolith or Polylith?: Monolith
• SQLite3 or Postgres?: PSQL
• Running in Docker?: No
• go version: 1.17.9 linux/arm64
• Client used (if applicable): SchildiChat (client A) & app.element.io (client B)

Description

• What is the problem: Messages from client A are not readable on Client B and vice-versa. Clients are cross-signed and session IDs appear in the session list.
• Who is affected: My own user account on my own Dendrite server
• How is this bug manifesting: Messages viewed on the other client. return ** Unable to decrypt: The secure channel with the sender was corrupted. Trying to create a new secure channel and re-requesting the keys. **
• When did this first appear: Hard to say - my server has been upgraded over time since first deployed in 0.6.0, and encryption has been improved several times, plus I've been confusing it with #2404. So, this may be a leftover from earlier migrations, or perhaps related to #2436.

Steps to reproduce

I'm assuming there is something weird in my account state, so I expect this will not reproduce for others, but this is consistent for me:

• create a room with my Dendrite account
• clear cache on both clients
• post message 1 from client A
• post message 2 from client B
• Client A will fail to decrypt message 2
• Client B will fail to decrypt message 1

Screenshots:

Sessions on Client A:

Sessions on Client B:

So, both are present, and I can confirm the session IDs match. How the chat looks:

Looking in the logs, I do see this:

time="2022-05-17T20:43:32.701254278Z" level=error msg="failed to query device keys for some users" func="github.com/matrix-org/dendrite/keyserver/internal.(*DeviceListUpdater).processServer" file="github.com/matrix-org/dendrite/keyserver/internal/device_list_update.go:430" context=missing failed=1 server_name=ergaster.org total=1 wait=1h0m0s

[ealib]

@GregSutcliffe symptoms you describe here make this look very like to be the same as #2436 .

[S7evinK]

Are you using server-side keybackups or just verify with the other session? I can reproduce this when just verifying with the other session, server-side keybackup seems to be working fine. Also, if you re-request the keys, are the messages decryptable?

For the record: Directly after login and verification I see ** Unable to decrypt: The sender's device has not sent us the keys for this message. **, after refreshing Element Web I see ** Unable to decrypt: The secure channel with the sender was corrupted. Trying to create a new secure channel and re-requesting the keys. **, but re-requesting the keys from the other sessions makes the messages readable.

Still didn't figure out why verification doesn't seem to be enough, Element Web seems to send sendToDevice messages requesting the keys (m.room_key_request), the other sessions replies happily with m.room_encrypted messages, which make their way to the new session (which should decrypt the messages at this point, AFAIK).

[GregSutcliffe]

Thanks for the reply @S7evinK!

Are you using server-side keybackups or just verify with the other session?

I'm unsure how to check this, to be honest. I presume it's one of the settings under Security & Privacy, can you point me to the right one? Taking a guess, I do see this "Secure Backup -> ✅ This session is backing up your keys." so I think that means I am backing them up serverside?

The current state seems to be weird. I have a chat with just myself (2 accounts, matrix.org and dendrite) and that works fine, I created a new session on app.element.io, verified the login, and my matrix.org account could read messages from either session. However, my friend still claims he is seeing key errors - I will ask him to see if he is getting what you are getting before/after refresh.

[S7evinK]

Right, that's the server-side backup.

Is your friend on matrix.org or on your Dendrite server? If he's on Dendrite, it sounds like he didn't get a device list update. If he's also on matrix.org, it's really a bit weird, since your account received the update.

[GregSutcliffe]

My friend is on matrix.org, and yes, I cannot understand why he still has problems with my messages. I am going to set up a new room with him and both my accounts, and test from scratch - are there any logs that would help while I'm doing it?

[GregSutcliffe]

OK, my friend and I went ahead an made a new room. Things got weird very fast. Here's a timeline:

1. Created a room with me@matrix.org
2. Invited me@dendrite and friend@matrix.org
3. We both accept - 3 accounts in the room
4. me@matrix.org posts - all can see it
5. friend@matrix.org posts - all can see it
6. me@dendrite-on-mobile posts - all can see it
7. me@dendrite-on-web posts - but only friend@matrix.org can see it. me@matrix.org cannot, and re-requesting keys, even clear-cache-and-reload do not

You'll note this is the exact opposite of what I reported before (last time I could read messages and my friend could not). So I wondered if the fact we're in a new room matters (though I cannot imagine how). But no, even in our original chat, I could not read the broken message from matrix.org, but my friend could.

This makes me wonder if there's something ephemeral or race-ish going on? I can't imagine how the situation has been reversed otherwise.

Happy to do more debugging, let me know what. If you want to start a chat to debug, I'm happy to do that too, and I'm sure my friend would be as well. Alternatively I suppose I could break out my security key and nuke all my sessions, maybe it would help :P

[GregSutcliffe]

This might be fixed with the recent fixes to the js sdk. It was notable to me that SchildiChat was never affected, it was my one reliable client, and since the sdk fix, element web on both my laptops appears to function correctly - messages are not failing to decrypt in all the ways I could get them to fail before.

Might need some testing to see if it's still reproducible, but at the moment this seems to be working...