Skip to content

feat(sdk): Rotate session keys when a member leaves the room#6292

Merged
kaylendog merged 6 commits intomainfrom
kaylendog/history-sharing/respect-visibility
Mar 18, 2026
Merged

feat(sdk): Rotate session keys when a member leaves the room#6292
kaylendog merged 6 commits intomainfrom
kaylendog/history-sharing/respect-visibility

Conversation

@kaylendog
Copy link
Contributor

@kaylendog kaylendog commented Mar 16, 2026
edited
Loading

This PR adds an event handler on start that discards (and hence rotates) the current session whenever we see a leave membership event.

Part of element-hq/element-meta#3078

  • I've documented the public API Changes in the appropriate CHANGELOG.md files.
  • This PR was made with the help of AI.

Signed-off-by: Skye Elliot [email protected]

@kaylendog kaylendog self-assigned this Mar 16, 2026
@kaylendog kaylendog force-pushed the kaylendog/history-sharing/respect-visibility branch 2 times, most recently from d15f1b2 to 11a27af Compare March 16, 2026 11:25
@codspeed-hq
Copy link

codspeed-hq bot commented Mar 16, 2026
edited
Loading

Merging this PR will not alter performance

✅ 50 untouched benchmarks

Comparing kaylendog/history-sharing/respect-visibility (9082cb9) with main (60ce062)1

Open in CodSpeed

Footnotes

  1. No successful run was found on main (9082cb9) during the generation of this report, so 60ce062 was used instead as the comparison base. There might be some changes unrelated to this pull request in this report.

@kaylendog kaylendog force-pushed the kaylendog/history-sharing/respect-visibility branch from 11a27af to f0c2d33 Compare March 16, 2026 11:46
kaylendog
kaylendog commented Mar 16, 2026
View reviewed changes
crates/matrix-sdk/src/encryption/mod.rs
Comment on lines +1964 to +1967
let Some(user_id) = client.user_id() else {
// We aren't logged in, so this shouldn't ever happen.
return;
};
Copy link
Contributor Author

@kaylendog kaylendog Mar 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm tempted to use unwrap here, but I am wary that if any of these assumptions are wrong, this will crash the client entirely.

@kaylendog kaylendog force-pushed the kaylendog/history-sharing/respect-visibility branch from f0c2d33 to f0d12dd Compare March 16, 2026 12:30
@codecov
Copy link

codecov bot commented Mar 16, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 65.21739% with 8 lines in your changes missing coverage. Please review.
✅ Project coverage is 89.80%. Comparing base (60ce062) to head (9082cb9).
⚠️ Report is 7 commits behind head on main.
✅ All tests successful. No failed tests found.

Files with missing lines Patch % Lines
crates/matrix-sdk/src/encryption/mod.rs 63.63% 6 Missing and 2 partials ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #6292      +/-   ##
==========================================
- Coverage   89.81%   89.80%   -0.02%     
==========================================
  Files         376      376              
  Lines      102447   102469      +22     
  Branches   102447   102469      +22     
==========================================
+ Hits        92017    92022       +5     
- Misses       6850     6863      +13     
- Partials     3580     3584       +4

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@kaylendog kaylendog marked this pull request as ready for review March 16, 2026 12:42
@kaylendog kaylendog requested a review from a team as a code owner March 16, 2026 12:42
@kaylendog kaylendog requested review from poljar and removed request for a team March 16, 2026 12:42
@richvdh
Copy link
Member

richvdh commented Mar 16, 2026

@kaylendog in the description of the PR, could you link the issue that explains why we need to do this?

richvdh
richvdh requested changes Mar 16, 2026
View reviewed changes
Copy link
Member

@richvdh richvdh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

mostly lgtm, a couple of small comments

richvdh
richvdh reviewed Mar 16, 2026
View reviewed changes
@kaylendog kaylendog requested a review from a team as a code owner March 17, 2026 14:44
@kaylendog kaylendog force-pushed the kaylendog/history-sharing/respect-visibility branch from 02f3839 to 177f38a Compare March 17, 2026 15:17
@kaylendog kaylendog requested a review from richvdh March 18, 2026 11:47
@poljar poljar removed their request for review March 18, 2026 12:43
richvdh
richvdh approved these changes Mar 18, 2026
View reviewed changes
Copy link
Member

@richvdh richvdh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM otherwise.

I do think it's worth discussing the potential sliding sync a bit further

Not quite sure what you're referring to here.

testing/matrix-sdk-integration-testing/src/tests/e2ee/shared_history.rs Outdated
Comment on lines +1240 to +1241
/// Test that when a user leaves a room that uses history sharing, the room key
/// is rotated so they cannot decrypt future messages.
Copy link
Member

@richvdh richvdh Mar 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is the same description as test_history_share_on_invite_room_key_rotation. Better add an explanation of the difference.

@kaylendog
Copy link
Contributor Author

kaylendog commented Mar 18, 2026
edited
Loading

LGTM otherwise.

I do think it's worth discussing the potential sliding sync a bit further

Not quite sure what you're referring to here.

With EX in particular, sliding sync may mean we don't get all of the state updates that happened while we were offline, which might mean we miss a join & leave pair and skip rotating the room key?

Regardless of any issues, I don't think they would belong in this PR and can come later.

@kaylendog kaylendog force-pushed the kaylendog/history-sharing/respect-visibility branch from 0a9cc5d to fd806a9 Compare March 18, 2026 14:25
@kaylendog kaylendog enabled auto-merge March 18, 2026 14:31
@kaylendog kaylendog merged commit 81bed18 into main Mar 18, 2026
52 checks passed
@kaylendog kaylendog deleted the kaylendog/history-sharing/respect-visibility branch March 18, 2026 14:44
@kaylendog kaylendog mentioned this pull request Mar 18, 2026
Open
2 tasks
@andybalaam
Copy link
Member

andybalaam commented Mar 19, 2026

... sliding sync may mean we don't get all of the state updates that happened while we were offline, which might mean we miss a join & leave pair and skip rotating the room key?

If I understand right, in sliding sync, we should get at least one state event for each piece of state that changed inside required_state https://github.com/matrix-org/matrix-spec-proposals/blob/erikj/sss/proposals/4186-simplified-sliding-sync.md#currently-or-previously-joined-rooms , assuming the client asked for m.room.member events, which it should in this case.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@richvdh richvdh richvdh approved these changes

Assignees

@kaylendog kaylendog

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@kaylendog @richvdh @andybalaam