Message keys not migrated from legacy to Rust store are not backed up after backup reset

Question

Message keys not migrated from legacy to Rust store are not backed up after backup reset

Closed this issue 8 days ago · 11 comments

yostyle commented 2 months ago

Steps to reproduce

case 1 (with key backup)

Install Element 1.5.32 or older (any other version without crypto rust)
Send some events in rooms to have a significant history.
Upgrade to Element 1.6.8 (higher version could crash, it's another problem to report...)
Don't open the rooms
Reset secure backup
Create a new session on any Matrix client like Element X (or Element Web)
On the new session restore from backup
Open a room

case 2 (without key backup)

Install Element 1.5.32 or older (any other version without crypto rust)
Send some events in rooms to have a significant history.
Upgrade to Element 1.6.8 (higher version could crash, it's another problem to report...)
Create a new session on any Matrix client like Element X (or Element Web)
Open a room

Outcome

What did you expect?

All events should be decryptable.

What happened instead?

case 1 (with key backup)

All events are undecryptable because message keys (Megolm sessions) are not backed up.

Only message keys migrated to the Rust crypto store are backed up to the server-side key backup. Message keys that are not present in the Rust crypto store are missing in the key backup.

case 2 (without key backup)

All events are undecryptable because message keys (Megolm sessions) are not sent to the Element X session by key request feature.

Only message keys migrated to the Rust crypto store could be exchanged between sessions.

Your phone model

Pixel 8 Pro

Operating system version

Android 14

Application version and app store

No response

Homeserver

matrix.org

Will you send logs?

No

Are you willing to provide a PR?

No

Answer 1 · 2024-04-30T12:29:36.000Z

This is possible to reproduce this issue on any Element-Android client which has been updated from Element (without crypto rust) to ElementR (with crypto rust).
After a reset of the Secure Backup on ER-Android, the keys stored locally in the Realm DB are uploaded in the key backup only when they are used to decrypt an event. These keys are missing in the backup by default

Answer 2 · 2024-04-30T13:10:42.000Z

On Element Web and Element iOS it seems the realm db is migrated totally. A similar behavior is needed on Android.

Element iOS :
https://github.com/matrix-org/matrix-ios-sdk/blob/develop/MatrixSDK/Crypto/Migration/MXCryptoMigrationV2.swift
https://github.com/matrix-org/matrix-ios-sdk/blob/develop/MatrixSDK/Crypto/MXCryptoV2.swift

Element Web :
https://github.com/matrix-org/matrix-js-sdk/blob/develop/src/rust-crypto/libolm_migration.ts

Answer 3 · 2024-05-16T09:48:17.000Z

@giomfo do you have a plan about this issue ?

It could impact some users on Element X, Element 1.6.8 and higher.

Answer 4 · 2024-05-17T07:09:55.000Z

@yostyle internal discussions are still in progress about this key migration issue

Answer 5 · 2024-05-22T05:30:12.000Z

Here is another issue in open related to the crash happening on migration in Android:

#8799

Answer 6 · 2024-06-02T06:37:31.000Z

@yostyle internal discussions are still in progress about this key migration issue

@giomfo we reached any conclusion on the issue.

Answer 7 · 2024-06-12T09:08:11.000Z

@giomfo we can reproduce the same issue without key backup configured on the user account. I added this case in the issue description.

Answer 8 · 2024-06-18T13:46:03.000Z

Hello, while migrating all the session would fix this scenario, it will not completely fix the problem. For example in this migration case, the keys are already offloaded in the backup.

The problem is that the reset backup flow that can cause key loss, and we could take action to reduce the chance of key loss by doing also something like that element-hq/element-meta#2446

Answer 9 · 2024-06-28T13:58:30.000Z

Hello, while migrating all the session would fix this scenario, it will not completely fix the problem. For example in this migration case, the keys are already offloaded in the backup.

To be clear, there are two separate problems here.

If you had set up key backup before migrating to rust, then all the keys that were previously in the Realm DB will also be in the key backup. This is fine, unless the user resets their key backup, which can cause keys to be lost. This is the same problem as element-hq/element-meta#2446.

It is worth noting that resetting key backup should be an unusual operation. Indeed, as I understand it, "Reset Secure Backup" in Element Android does not actually reset the key backup -- it in fact resets secret storage (which is used to store the backup key), but if backup was working on the client before the reset, the same key backup should continue to work afterwards (see PASSPHRASE_RESET). It is therefore expected that very few users will hit this case.
If you had not set up key backup before migration, then there exist keys which are only in the Realm DB. Then, when you come to configure key backup later, those keys are not backed up. I have opened a separate issue to track this: #8858.

In addition, key requests/sharing are not supported by modern clients: the only "key sharing" mechanism now supported is via key backup.

Answer 10 · 2024-06-28T15:30:03.000Z

@yostyle According to the point 1. summarised by @richvdh above, the Reset secure backup that you did in your case 1 (step 5) should not impact the backed up keys server side.

Do you know when the backup is set up in your case 1? Indeed if you set up the backup for your test after "Upgrade to Element 1.6.8" (step3), then you are mainly impacted by point2. This is the only reason, I can see, to explain the missing keys in the backup after the reset secure backup

Answer 11 · 2024-07-03T14:08:41.000Z

@giomfo the secure storage has been recreated and not only reset. Our problem is the creation of a new secure storage. In this case all keys in Realm DB are not backed up. This is the second point of @richvdh comment.

Should be fixed by #8858