feat: Async E2EE keys exchange (#5995)

app/containers/List/ListInfo.tsx

@@ -14,6 +14,7 @@ const styles = StyleSheet.create({
 	},
 	text: {
 		fontSize: 14,
+		lineHeight: 20,
 		...sharedStyles.textRegular
 	}
 });

app/definitions/IRoom.ts

@@ -13,6 +13,8 @@ interface IRequestTranscript {
 	subject: string;
 }
 
+export type TUserWaitingForE2EKeys = { userId: string; ts: Date };
+
 export interface IRoom {
 	fname?: string;
 	_id: string;
@@ -34,6 +36,7 @@ export interface IRoom {
 	livechatData?: any;
 	tags?: string[];
 	e2eKeyId?: string;
+	usersWaitingForE2EKeys?: TUserWaitingForE2EKeys[];
 	avatarETag?: string;
 	latest?: string;
 	default?: boolean;
@@ -217,6 +220,7 @@ export interface IServerRoom extends IRocketChatRecord {
 	reactWhenReadOnly?: boolean;
 	joinCodeRequired?: boolean;
 	e2eKeyId?: string;
+	usersWaitingForE2EKeys?: TUserWaitingForE2EKeys[];
 	v?: {
 		_id?: string;
 		token?: string;

app/definitions/ISubscription.ts

@@ -3,7 +3,7 @@ import Relation from '@nozbe/watermelondb/Relation';
 
 import { ILastMessage, TMessageModel } from './IMessage';
 import { IRocketChatRecord } from './IRocketChatRecord';
-import { IOmnichannelSource, RoomID, RoomType } from './IRoom';
+import { IOmnichannelSource, RoomID, RoomType, TUserWaitingForE2EKeys } from './IRoom';
 import { IServedBy } from './IServedBy';
 import { TThreadModel } from './IThread';
 import { TThreadMessageModel } from './IThreadMessage';
@@ -35,6 +35,8 @@ export enum ERoomTypes {
 
 type RelationModified<T extends Model> = { fetch(): Promise<T[]> } & Relation<T>;
 
+type OldKey = { e2eKeyId: string; ts: Date; E2EKey: string };
+
 export interface ISubscription {
 	_id: string;
 	id: string;
@@ -93,9 +95,11 @@ export interface ISubscription {
 	livechatData?: any;
 	tags?: string[];
 	E2EKey?: string;
+	oldRoomKeys?: OldKey[];
 	E2ESuggestedKey?: string | null;
 	encrypted?: boolean;
 	e2eKeyId?: string;
+	usersWaitingForE2EKeys?: TUserWaitingForE2EKeys[];
 	avatarETag?: string;
 	teamId?: string;
 	teamMain?: boolean;
@@ -153,7 +157,9 @@ export interface IServerSubscription extends IRocketChatRecord {
 	onHold?: boolean;
 	encrypted?: boolean;
 	E2EKey?: string;
+	oldRoomKeys?: OldKey[];
 	E2ESuggestedKey?: string | null;
+	usersWaitingForE2EKeys?: TUserWaitingForE2EKeys[];
 	unreadAlert?: 'default' | 'all' | 'mentions' | 'nothing';
 
 	fname?: unknown;

app/definitions/rest/v1/e2e.ts

@@ -18,10 +18,21 @@ export type E2eEndpoints = {
 	'e2e.rejectSuggestedGroupKey': {
 		POST: (params: { rid: string }) => {};
 	};
+	'e2e.fetchUsersWaitingForGroupKey': {
+		GET: (params: { roomIds: string[] }) => {
+			usersWaitingForE2EKeys: any;
+		};
+	};
+	'e2e.provideUsersSuggestedGroupKeys': {
+		POST: (params: { usersSuggestedGroupKeys: any }) => void;
+	};
 	'e2e.setRoomKeyID': {
 		POST: (params: { rid: string; keyID: string }) => {};
 	};
 	'e2e.fetchMyKeys': {
 		GET: () => { public_key: string; private_key: string };
 	};
+	'e2e.resetRoomKey': {
+		POST: (params: { rid: string; e2eKey: string; e2eKeyId: string }) => void;
+	};
 };

app/i18n/locales/en.json

@@ -227,7 +227,7 @@
   "Dont_activate": "Don't activate now",
   "Dont_Have_An_Account": "Don't you have an account?",
   "Downloaded_file": "Downloaded file",
-  "E2E_Encryption": "E2E encryption",
+  "E2E_Encryption": "End-to-end encryption",
   "E2E_encryption_change_password_confirmation": "Yes, change it",
   "E2E_encryption_change_password_description": "You can now create encrypted private groups and direct messages. You may also change existing private groups or DMs to encrypted. \nThis is end to end encryption so the key to encode/decode your messages will not be saved on the workspace. For that reason you need to store your password somewhere safe. You will be required to enter it on other devices you wish to use e2e encryption on.",
   "E2E_encryption_change_password_error": "Error while changing E2E key password!",
@@ -262,13 +262,17 @@
   "Enable_writing_in_room": "Enable writing in room",
   "Enabled": "Enabled",
   "Enabled_E2E_Encryption_for_this_room": "enabled E2E encryption for this room",
+  "Encrypt__room_type__": "Encrypt {{room_type}}",
+  "Encrypt__room_type__info__room_name__": "Ensure only intended recipients can access messages and files in {{room_name}}.",
   "Encrypted": "Encrypted",
   "Encrypted_file": "Encrypted file",
   "Encrypted_message": "Encrypted message",
   "encrypted_room_description": "Enter your end-to-end encryption password to access.",
   "encrypted_room_title": "{{room_name}} is encrypted",
   "Encryption_error_desc": "It wasn't possible to decode your encryption key to be imported.",
   "Encryption_error_title": "Your encryption password seems wrong",
+  "Encryption_keys_reset": "Encryption keys reset",
+  "Encryption_keys_reset_failed": "Encryption keys reset failed",
   "End_to_end_encrypted_room": "End to end encrypted room",
   "Enter_E2EE_Password": "Enter E2EE password",
   "Enter_E2EE_Password_description": "To access your encrypted channels and direct messages, enter your encryption password. This is not stored on the server, so you’ll need to use it on every device.",
@@ -609,7 +613,12 @@
   "Resend": "Resend",
   "Resend_email": "Resend email",
   "RESET": "RESET",
+  "Reset": "Reset",
+  "Reset_encryption_keys": "Reset encryption keys",
+  "Reset_encryption_keys_info__room_type__": "Resetting E2EE keys is only recommend if no {{room_type}} member has a valid key to regain access to the previously encrypted content.",
   "Reset_password": "Reset password",
+  "Reset_room_key_message": "All members may lose access to previously encrypted content.",
+  "Reset_room_key_title": "Reset encryption key",
   "resetting_password": "resetting password",
   "Resume": "Resume",
   "Return_to_waiting_line": "Return to waiting line",

app/lib/database/model/Subscription.js

@@ -127,12 +127,16 @@ export default class Subscription extends Model {
 
 	@field('e2e_key') E2EKey;
 
+	@json('old_room_keys', sanitizer) oldRoomKeys;
+
 	@field('e2e_suggested_key') E2ESuggestedKey;
 
 	@field('encrypted') encrypted;
 
 	@field('e2e_key_id') e2eKeyId;
 
+	@json('users_waiting_for_e2e_keys', sanitizer) usersWaitingForE2EKeys;
+
 	@field('avatar_etag') avatarETag;
 
 	@field('team_id') teamId;
@@ -201,9 +205,11 @@ export default class Subscription extends Model {
 			livechatData: this.livechatData,
 			tags: this.tags,
 			E2EKey: this.E2EKey,
+			oldKeys: this.oldKeys,
 			E2ESuggestedKey: this.E2ESuggestedKey,
 			encrypted: this.encrypted,
 			e2eKeyId: this.e2eKeyId,
+			usersWaitingForE2EKeys: this.usersWaitingForE2EKeys,
 			avatarETag: this.avatarETag,
 			teamId: this.teamId,
 			teamMain: this.teamMain,

app/lib/database/model/migrations.js

@@ -310,6 +310,18 @@ export default schemaMigrations({
 					columns: [{ name: 'content', type: 'string', isOptional: true }]
 				})
 			]
+		},
+		{
+			toVersion: 26,
+			steps: [
+				addColumns({
+					table: 'subscriptions',
+					columns: [
+						{ name: 'users_waiting_for_e2e_keys', type: 'string', isOptional: true },
+						{ name: 'old_room_keys', type: 'string', isOptional: true }
+					]
+				})
+			]
 		}
 	]
 });

app/lib/database/schema/app.js

@@ -1,7 +1,7 @@
 import { appSchema, tableSchema } from '@nozbe/watermelondb';
 
 export default appSchema({
-	version: 25,
+	version: 26,
 	tables: [
 		tableSchema({
 			name: 'subscriptions',
@@ -56,9 +56,11 @@ export default appSchema({
 				{ name: 'livechat_data', type: 'string', isOptional: true },
 				{ name: 'tags', type: 'string', isOptional: true },
 				{ name: 'e2e_key', type: 'string', isOptional: true },
+				{ name: 'old_room_keys', type: 'string', isOptional: true },
 				{ name: 'e2e_suggested_key', type: 'string', isOptional: true },
 				{ name: 'encrypted', type: 'boolean', isOptional: true },
 				{ name: 'e2e_key_id', type: 'string', isOptional: true },
+				{ name: 'users_waiting_for_e2e_keys', type: 'string', isOptional: true },
 				{ name: 'avatar_etag', type: 'string', isOptional: true },
 				{ name: 'team_id', type: 'string', isIndexed: true },
 				{ name: 'team_main', type: 'boolean', isOptional: true }, // Use `Q.notEq(true)` to get false or null