Manages the olm cryptography functions. Each OlmDevice has a single OlmAccount and a number of OlmSessions.

Accounts and sessions are kept pickled in the cryptoStore.

Constructors

Properties

cryptoStore: CryptoStore
deviceCurve25519Key: null | string = null

Curve25519 key for the account, unknown until we load the account from storage in init()

deviceEd25519Key: null | string = null

Ed25519 key for the account, unknown until we load the account from storage in init()

inboundGroupSessionMessageIndexes: Record<string, {
    id: string;
    timestamp: number;
}> = {}

Type declaration

  • id: string
  • timestamp: number
maxOneTimeKeys: null | number = null
olmPrekeyPromise: Promise<any> = ...
outboundGroupSessionStore: Record<string, string> = {}
pickleKey: string = "DEFAULT_KEY"
sessionsInProgress: Record<string, Promise<void>> = {}

Methods

  • Add an inbound group session to the session store

    Parameters

    • roomId: string

      room in which this session will be used

    • senderKey: string

      base64-encoded curve25519 key of the sender

    • forwardingCurve25519KeyChain: string[]

      Devices involved in forwarding this session to us.

    • sessionId: string

      session identifier

    • sessionKey: string

      base64-encoded secret key

    • keysClaimed: Record<string, string>

      Other keys the sender claims.

    • exportFormat: boolean

      true if the megolm keys are in export format (ie, they lack an ed25519 signature)

    • extraSessionData: OlmGroupSessionExtraData = {}

      any other data to be include with the session

    Returns Promise<void>

  • Record in the data store why an inbound group session was withheld.

    Parameters

    • roomId: string

      room that the session belongs to

    • senderKey: string

      base64-encoded curve25519 key of the sender

    • sessionId: string

      session identifier

    • code: string

      reason code

    • reason: string

      human-readable version of code

    Returns Promise<void>

  • Generate a new inbound session, given an incoming message

    Parameters

    • theirDeviceIdentityKey: string

      remote user's Curve25519 identity key

    • messageType: number

      messageType field from the received message (must be 0)

    • ciphertext: string

      base64-encoded body from the received message

    Returns Promise<IInboundSession>

    decrypted payload, and session id of new session

    Throws

    Error if the received message was not valid (for instance, it didn't use a valid one-time key).

  • Generate a new outbound group session

    Returns string

    sessionId for the outbound session.

  • Generate a new outbound session

    The new session will be stored in the cryptoStore.

    Parameters

    • theirIdentityKey: string

      remote user's Curve25519 identity key

    • theirOneTimeKey: string

      remote user's one-time Curve25519 key

    Returns Promise<string>

    sessionId for the outbound session.

  • Decrypt a received message with an inbound group session

    Parameters

    • roomId: string

      room in which the message was received

    • senderKey: string

      base64-encoded curve25519 key of the sender

    • sessionId: string

      session identifier

    • body: string

      base64-encoded body of the encrypted message

    • eventId: string

      ID of the event being decrypted

    • timestamp: number

      timestamp of the event being decrypted

    Returns Promise<null | IDecryptedGroupMessage>

    null if the sessionId is unknown

  • Decrypt an incoming message using an existing session

    Parameters

    • theirDeviceIdentityKey: string

      Curve25519 identity key for the remote device

    • sessionId: string

      the id of the active session

    • messageType: number

      messageType field from the received message

    • ciphertext: string

      base64-encoded body from the received message

    Returns Promise<string>

    decrypted payload.

  • Encrypt an outgoing message with an outbound group session

    Parameters

    • sessionId: string

      the id of the outboundgroupsession

    • payloadString: string

      payload to be encrypted and sent

    Returns string

    ciphertext

  • Encrypt an outgoing message using an existing session

    Parameters

    • theirDeviceIdentityKey: string

      Curve25519 identity key for the remote device

    • sessionId: string

      the id of the active session

    • payloadString: string

      payload to be encrypted and sent

    Returns Promise<IMessage>

    ciphertext

  • Generate some new one-time keys

    Parameters

    • numKeys: number

      number of keys to generate

    Returns Promise<void>

    Resolved once the account is saved back having generated the keys

  • Internal

    extract our OlmAccount from the crypto store and call the given function with the account object The account object is usable only within the callback passed to this function and will be freed as soon the callback returns. It is not usable for the rest of the lifetime of the transaction. This function requires a live transaction object from cryptoStore.doTxn() and therefore may only be called in a doTxn() callback.

    Parameters

    • txn: unknown

      Opaque transaction object from cryptoStore.doTxn()

    • func: ((account) => void)
        • (account): void
        • Parameters

          • account: Account

          Returns void

    Returns void

  • Internal

    extract an InboundGroupSession from the crypto store and call the given function

    Parameters

    • roomId: string

      The room ID to extract the session for, or null to fetch sessions for any room.

    • senderKey: string
    • sessionId: string
    • txn: unknown

      Opaque transaction object from cryptoStore.doTxn()

    • func: ((session, data, withheld) => void)

      function to call.

    Returns void

  • Extract the keys to a given megolm session, for sharing

    Parameters

    • roomId: string

      room in which the message was received

    • senderKey: string

      base64-encoded curve25519 key of the sender

    • sessionId: string

      session identifier

    • Optional chainIndex: number

      The chain index at which to export the session. If omitted, export at the first index we know about.

    Returns Promise<null | IInboundGroupSessionKey>

    details of the session key. The key is a base64-encoded megolm key in export format.

    Throws

    Error If the given chain index could not be obtained from the known index (ie. the given chain index is before the first we have).

  • Internal

    extract an OutboundGroupSession from outboundGroupSessionStore and call the given function

    Type Parameters

    • T

    Parameters

    • sessionId: string
    • func: ((session) => T)
        • (session): T
        • Parameters

          • session: OutboundGroupSession

          Returns T

    Returns T

    result of func

  • Internal

    extract an OlmSession from the session store and call the given function The session is usable only within the callback passed to this function and will be freed as soon the callback returns. It is not usable for the rest of the lifetime of the transaction.

    Parameters

    • deviceKey: string
    • sessionId: string
    • txn: unknown

      Opaque transaction object from cryptoStore.doTxn()

    • func: ((unpickledSessionInfo) => void)

    Returns void

  • Get the right olm session id for encrypting messages to the given identity key

    Parameters

    • theirDeviceIdentityKey: string

      Curve25519 identity key for the remote device

    • nowait: boolean = false

      Don't wait for an in-progress session to complete. This should only be set to true of the calling function is the function that marked the session as being in-progress.

    • Optional log: Logger

      A possibly customised log

    Returns Promise<null | string>

    session id, or null if no established session

  • Get a list of known session IDs for the given device

    Parameters

    • theirDeviceIdentityKey: string

      Curve25519 identity key for the remote device

    Returns Promise<string[]>

    a list of known session ids for the device

  • Get information on the active Olm sessions for a device.

    Returns an array, with an entry for each active session. The first entry in the result will be the one used for outgoing messages. Each entry contains the keys 'hasReceivedMessage' (true if the session has received an incoming message and is therefore past the pre-key stage), and 'sessionId'.

    Parameters

    • deviceIdentityKey: string

      Curve25519 identity key for the device

    • nowait: boolean = false

      Don't wait for an in-progress session to complete. This should only be set to true of the calling function is the function that marked the session as being in-progress.

    • log: Logger = logger

      A possibly customised log

    Returns Promise<{
        hasReceivedMessage: boolean;
        lastReceivedMessageTs: number;
        sessionId: string;
    }[]>

  • Parameters

    • roomId: string

    Returns Promise<[senderKey: string, sessionId: string][]>

  • Internal

    get an OlmUtility and call the given function

    Type Parameters

    • T

    Parameters

    • func: ((utility) => T)
        • (utility): T
        • Parameters

          • utility: Utility

          Returns T

    Returns T

    result of func

  • Determine if we have the keys for a given megolm session

    Parameters

    • roomId: string

      room in which the message was received

    • senderKey: string

      base64-encoded curve25519 key of the sender

    • sessionId: string

      session identifier

    Returns Promise<boolean>

    true if we have the keys to this session

  • Initialise the OlmAccount. This must be called before any other operations on the OlmDevice.

    Data from an exported Olm device can be provided in order to re-create this device.

    Attempts to load the OlmAccount from the crypto store, or creates one if none is found.

    Reads the device keys from the OlmAccount object.

    Parameters

    • IInitOpts: IInitOpts = {}

      opts to initialise the OlmAccount with

    Returns Promise<void>

  • Populates the crypto store using data that was exported from an existing device. Note that for now only the “account” and “sessions” stores are populated; Other stores will be as with a new device.

    Parameters

    • exportedData: IExportedDevice

      Data exported from another device through the “export” method.

    • account: Account

      an olm account to initialize

    Returns Promise<void>

  • Determine if an incoming messages is a prekey message matching an existing session

    Parameters

    • theirDeviceIdentityKey: string

      Curve25519 identity key for the remote device

    • sessionId: string

      the id of the active session

    • messageType: number

      messageType field from the received message

    • ciphertext: string

      base64-encoded body from the received message

    Returns Promise<boolean>

    true if the received message is a prekey message which matches the given session.

  • Get the maximum number of one-time keys we can store.

    Returns number

    number of keys

  • Internal

    store an OutboundGroupSession in outboundGroupSessionStore

    Parameters

    • session: OutboundGroupSession

    Returns void

  • Internal

    store our OlmSession in the session store

    Parameters

    • deviceKey: string
    • sessionInfo: IUnpickledSessionInfo

      {session: OlmSession, lastReceivedMessageTs: int}

    • txn: unknown

      Opaque transaction object from cryptoStore.doTxn()

    Returns void

  • Signs a message with the ed25519 key for this account.

    Parameters

    • message: string

      message to be signed

    Returns Promise<string>

    base64-encoded signature

  • Unpickle a session from a sessionData object and invoke the given function. The session is valid only until func returns.

    Type Parameters

    • T

    Parameters

    • sessionData: InboundGroupSessionData

      Object describing the session.

    • func: ((session) => T)

      Invoked with the unpickled session

        • (session): T
        • Parameters

          • session: InboundGroupSession

          Returns T

    Returns T

    result of func

  • Internal

    Creates a session object from a session pickle and executes the given function with it. The session object is destroyed once the function returns.

    Parameters

    Returns void

  • Verify an ed25519 signature.

    Parameters

    • key: string

      ed25519 key

    • message: string

      message which was signed

    • signature: string

      base64-encoded signature to be checked

    Returns void

    Throws

    Error if there is a problem with the verification. If the key was too small then the message will be "OLM.INVALID_BASE64". If the signature was invalid then the message will be "OLM.BAD_MESSAGE_MAC".

Generated using TypeDoc