@unwanted/matrix-sdk-mini 34.12.0-2 → 34.12.0-4

package/lib/crypto/OlmDevice.js

@@ -1,1241 +0,0 @@
-import _asyncToGenerator from "@babel/runtime/helpers/asyncToGenerator";
-import _defineProperty from "@babel/runtime/helpers/defineProperty";
-/*
-Copyright 2016 - 2021 The Matrix.org Foundation C.I.C.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-import { logger } from "../logger.js";
-import { IndexedDBCryptoStore } from "./store/indexeddb-crypto-store.js";
-import { DecryptionFailureCode } from "../crypto-api/index.js";
-import { DecryptionError } from "../common-crypto/CryptoBackend.js";
-
-// The maximum size of an event is 65K, and we base64 the content, so this is a
-// reasonable approximation to the biggest plaintext we can encrypt.
-var MAX_PLAINTEXT_LENGTH = 65536 * 3 / 4;
-export class PayloadTooLargeError extends Error {
-  constructor() {
-    super(...arguments);
-    _defineProperty(this, "data", {
-      errcode: "M_TOO_LARGE",
-      error: "Payload too large for encrypted message"
-    });
-  }
-}
-function checkPayloadLength(payloadString) {
-  if (payloadString === undefined) {
-    throw new Error("payloadString undefined");
-  }
-  if (payloadString.length > MAX_PLAINTEXT_LENGTH) {
-    // might as well fail early here rather than letting the olm library throw
-    // a cryptic memory allocation error.
-    //
-    // Note that even if we manage to do the encryption, the message send may fail,
-    // because by the time we've wrapped the ciphertext in the event object, it may
-    // exceed 65K. But at least we won't just fail with "abort()" in that case.
-    throw new PayloadTooLargeError("Message too long (".concat(payloadString.length, " bytes). ") + "The maximum for an encrypted message is ".concat(MAX_PLAINTEXT_LENGTH, " bytes."));
-  }
-}
-
-/** data stored in the session store about an inbound group session */
-
-/* eslint-disable camelcase */
-
-/* eslint-enable camelcase */
-
-/**
- * Manages the olm cryptography functions. Each OlmDevice has a single
- * OlmAccount and a number of OlmSessions.
- *
- * Accounts and sessions are kept pickled in the cryptoStore.
- */
-export class OlmDevice {
-  // set by consumers
-
-  constructor(cryptoStore) {
-    this.cryptoStore = cryptoStore;
-    _defineProperty(this, "pickleKey", "DEFAULT_KEY");
-    // set by consumers
-    /** Curve25519 key for the account, unknown until we load the account from storage in init() */
-    _defineProperty(this, "deviceCurve25519Key", null);
-    /** Ed25519 key for the account, unknown until we load the account from storage in init() */
-    _defineProperty(this, "deviceEd25519Key", null);
-    _defineProperty(this, "maxOneTimeKeys", null);
-    // we don't bother stashing outboundgroupsessions in the cryptoStore -
-    // instead we keep them here.
-    _defineProperty(this, "outboundGroupSessionStore", {});
-    // Store a set of decrypted message indexes for each group session.
-    // This partially mitigates a replay attack where a MITM resends a group
-    // message into the room.
-    //
-    // When we decrypt a message and the message index matches a previously
-    // decrypted message, one possible cause of that is that we are decrypting
-    // the same event, and may not indicate an actual replay attack.  For
-    // example, this could happen if we receive events, forget about them, and
-    // then re-fetch them when we backfill.  So we store the event ID and
-    // timestamp corresponding to each message index when we first decrypt it,
-    // and compare these against the event ID and timestamp every time we use
-    // that same index.  If they match, then we're probably decrypting the same
-    // event and we don't consider it a replay attack.
-    //
-    // Keys are strings of form "<senderKey>|<session_id>|<message_index>"
-    // Values are objects of the form "{id: <event id>, timestamp: <ts>}"
-    _defineProperty(this, "inboundGroupSessionMessageIndexes", {});
-    // Keep track of sessions that we're starting, so that we don't start
-    // multiple sessions for the same device at the same time.
-    _defineProperty(this, "sessionsInProgress", {});
-    // set by consumers
-    // Used by olm to serialise prekey message decryptions
-    _defineProperty(this, "olmPrekeyPromise", Promise.resolve());
-  }
-
-  /**
-   * @returns The version of Olm.
-   */
-  static getOlmVersion() {
-    return globalThis.Olm.get_library_version();
-  }
-
-  /**
-   * Initialise the OlmAccount. This must be called before any other operations
-   * on the OlmDevice.
-   *
-   * Data from an exported Olm device can be provided
-   * in order to re-create this device.
-   *
-   * Attempts to load the OlmAccount from the crypto store, or creates one if none is
-   * found.
-   *
-   * Reads the device keys from the OlmAccount object.
-   *
-   * @param IInitOpts - opts to initialise the OlmAccount with
-   */
-  init() {
-    var _arguments = arguments,
-      _this = this;
-    return _asyncToGenerator(function* () {
-      var {
-        pickleKey,
-        fromExportedDevice
-      } = _arguments.length > 0 && _arguments[0] !== undefined ? _arguments[0] : {};
-      var e2eKeys;
-      var account = new globalThis.Olm.Account();
-      try {
-        if (fromExportedDevice) {
-          if (pickleKey) {
-            logger.warn("ignoring opts.pickleKey" + " because opts.fromExportedDevice is present.");
-          }
-          _this.pickleKey = fromExportedDevice.pickleKey;
-          yield _this.initialiseFromExportedDevice(fromExportedDevice, account);
-        } else {
-          if (pickleKey) {
-            _this.pickleKey = pickleKey;
-          }
-          yield _this.initialiseAccount(account);
-        }
-        e2eKeys = JSON.parse(account.identity_keys());
-        _this.maxOneTimeKeys = account.max_number_of_one_time_keys();
-      } finally {
-        account.free();
-      }
-      _this.deviceCurve25519Key = e2eKeys.curve25519;
-      _this.deviceEd25519Key = e2eKeys.ed25519;
-    })();
-  }
-
-  /**
-   * Populates the crypto store using data that was exported from an existing device.
-   * Note that for now only the “account” and “sessions” stores are populated;
-   * Other stores will be as with a new device.
-   *
-   * @param exportedData - Data exported from another device
-   *     through the “export” method.
-   * @param account - an olm account to initialize
-   */
-  initialiseFromExportedDevice(exportedData, account) {
-    var _this2 = this;
-    return _asyncToGenerator(function* () {
-      yield _this2.cryptoStore.doTxn("readwrite", [IndexedDBCryptoStore.STORE_ACCOUNT, IndexedDBCryptoStore.STORE_SESSIONS], txn => {
-        _this2.cryptoStore.storeAccount(txn, exportedData.pickledAccount);
-        exportedData.sessions.forEach(session => {
-          var {
-            deviceKey,
-            sessionId
-          } = session;
-          var sessionInfo = {
-            session: session.session,
-            lastReceivedMessageTs: session.lastReceivedMessageTs
-          };
-          _this2.cryptoStore.storeEndToEndSession(deviceKey, sessionId, sessionInfo, txn);
-        });
-      });
-      account.unpickle(_this2.pickleKey, exportedData.pickledAccount);
-    })();
-  }
-  initialiseAccount(account) {
-    var _this3 = this;
-    return _asyncToGenerator(function* () {
-      yield _this3.cryptoStore.doTxn("readwrite", [IndexedDBCryptoStore.STORE_ACCOUNT], txn => {
-        _this3.cryptoStore.getAccount(txn, pickledAccount => {
-          if (pickledAccount !== null) {
-            account.unpickle(_this3.pickleKey, pickledAccount);
-          } else {
-            account.create();
-            pickledAccount = account.pickle(_this3.pickleKey);
-            _this3.cryptoStore.storeAccount(txn, pickledAccount);
-          }
-        });
-      });
-    })();
-  }
-
-  /**
-   * extract our OlmAccount from the crypto store and call the given function
-   * with the account object
-   * The `account` object is usable only within the callback passed to this
-   * function and will be freed as soon the callback returns. It is *not*
-   * usable for the rest of the lifetime of the transaction.
-   * This function requires a live transaction object from cryptoStore.doTxn()
-   * and therefore may only be called in a doTxn() callback.
-   *
-   * @param txn - Opaque transaction object from cryptoStore.doTxn()
-   * @internal
-   */
-  getAccount(txn, func) {
-    this.cryptoStore.getAccount(txn, pickledAccount => {
-      var account = new globalThis.Olm.Account();
-      try {
-        account.unpickle(this.pickleKey, pickledAccount);
-        func(account);
-      } finally {
-        account.free();
-      }
-    });
-  }
-
-  /*
-   * Saves an account to the crypto store.
-   * This function requires a live transaction object from cryptoStore.doTxn()
-   * and therefore may only be called in a doTxn() callback.
-   *
-   * @param txn - Opaque transaction object from cryptoStore.doTxn()
-   * @param Olm.Account object
-   * @internal
-   */
-  storeAccount(txn, account) {
-    this.cryptoStore.storeAccount(txn, account.pickle(this.pickleKey));
-  }
-
-  /**
-   * Export data for re-creating the Olm device later.
-   * TODO export data other than just account and (P2P) sessions.
-   *
-   * @returns The exported data
-   */
-  export() {
-    var _this4 = this;
-    return _asyncToGenerator(function* () {
-      var result = {
-        pickleKey: _this4.pickleKey
-      };
-      yield _this4.cryptoStore.doTxn("readonly", [IndexedDBCryptoStore.STORE_ACCOUNT, IndexedDBCryptoStore.STORE_SESSIONS], txn => {
-        _this4.cryptoStore.getAccount(txn, pickledAccount => {
-          result.pickledAccount = pickledAccount;
-        });
-        result.sessions = [];
-        // Note that the pickledSession object we get in the callback
-        // is not exactly the same thing you get in method _getSession
-        // see documentation of IndexedDBCryptoStore.getAllEndToEndSessions
-        _this4.cryptoStore.getAllEndToEndSessions(txn, pickledSession => {
-          result.sessions.push(pickledSession);
-        });
-      });
-      return result;
-    })();
-  }
-
-  /**
-   * extract an OlmSession from the session store and call the given function
-   * The session is usable only within the callback passed to this
-   * function and will be freed as soon the callback returns. It is *not*
-   * usable for the rest of the lifetime of the transaction.
-   *
-   * @param txn - Opaque transaction object from cryptoStore.doTxn()
-   * @internal
-   */
-  getSession(deviceKey, sessionId, txn, func) {
-    this.cryptoStore.getEndToEndSession(deviceKey, sessionId, txn, sessionInfo => {
-      this.unpickleSession(sessionInfo, func);
-    });
-  }
-
-  /**
-   * Creates a session object from a session pickle and executes the given
-   * function with it. The session object is destroyed once the function
-   * returns.
-   *
-   * @internal
-   */
-  unpickleSession(sessionInfo, func) {
-    var session = new globalThis.Olm.Session();
-    try {
-      session.unpickle(this.pickleKey, sessionInfo.session);
-      var unpickledSessInfo = Object.assign({}, sessionInfo, {
-        session
-      });
-      func(unpickledSessInfo);
-    } finally {
-      session.free();
-    }
-  }
-
-  /**
-   * store our OlmSession in the session store
-   *
-   * @param sessionInfo - `{session: OlmSession, lastReceivedMessageTs: int}`
-   * @param txn - Opaque transaction object from cryptoStore.doTxn()
-   * @internal
-   */
-  saveSession(deviceKey, sessionInfo, txn) {
-    var sessionId = sessionInfo.session.session_id();
-    logger.debug("Saving Olm session ".concat(sessionId, " with device ").concat(deviceKey, ": ").concat(sessionInfo.session.describe()));
-
-    // Why do we re-use the input object for this, overwriting the same key with a different
-    // type? Is it because we want to erase the unpickled session to enforce that it's no longer
-    // used? A comment would be great.
-    var pickledSessionInfo = Object.assign(sessionInfo, {
-      session: sessionInfo.session.pickle(this.pickleKey)
-    });
-    this.cryptoStore.storeEndToEndSession(deviceKey, sessionId, pickledSessionInfo, txn);
-  }
-
-  /**
-   * get an OlmUtility and call the given function
-   *
-   * @returns result of func
-   * @internal
-   */
-  getUtility(func) {
-    var utility = new globalThis.Olm.Utility();
-    try {
-      return func(utility);
-    } finally {
-      utility.free();
-    }
-  }
-
-  /**
-   * Signs a message with the ed25519 key for this account.
-   *
-   * @param message -  message to be signed
-   * @returns base64-encoded signature
-   */
-  sign(message) {
-    var _this5 = this;
-    return _asyncToGenerator(function* () {
-      var result;
-      yield _this5.cryptoStore.doTxn("readonly", [IndexedDBCryptoStore.STORE_ACCOUNT], txn => {
-        _this5.getAccount(txn, account => {
-          result = account.sign(message);
-        });
-      });
-      return result;
-    })();
-  }
-
-  /**
-   * Get the current (unused, unpublished) one-time keys for this account.
-   *
-   * @returns one time keys; an object with the single property
-   * <tt>curve25519</tt>, which is itself an object mapping key id to Curve25519
-   * key.
-   */
-  getOneTimeKeys() {
-    var _this6 = this;
-    return _asyncToGenerator(function* () {
-      var result;
-      yield _this6.cryptoStore.doTxn("readonly", [IndexedDBCryptoStore.STORE_ACCOUNT], txn => {
-        _this6.getAccount(txn, account => {
-          result = JSON.parse(account.one_time_keys());
-        });
-      });
-      return result;
-    })();
-  }
-
-  /**
-   * Get the maximum number of one-time keys we can store.
-   *
-   * @returns number of keys
-   */
-  maxNumberOfOneTimeKeys() {
-    var _this$maxOneTimeKeys;
-    return (_this$maxOneTimeKeys = this.maxOneTimeKeys) !== null && _this$maxOneTimeKeys !== void 0 ? _this$maxOneTimeKeys : -1;
-  }
-
-  /**
-   * Marks all of the one-time keys as published.
-   */
-  markKeysAsPublished() {
-    var _this7 = this;
-    return _asyncToGenerator(function* () {
-      yield _this7.cryptoStore.doTxn("readwrite", [IndexedDBCryptoStore.STORE_ACCOUNT], txn => {
-        _this7.getAccount(txn, account => {
-          account.mark_keys_as_published();
-          _this7.storeAccount(txn, account);
-        });
-      });
-    })();
-  }
-
-  /**
-   * Generate some new one-time keys
-   *
-   * @param numKeys - number of keys to generate
-   * @returns Resolved once the account is saved back having generated the keys
-   */
-  generateOneTimeKeys(numKeys) {
-    return this.cryptoStore.doTxn("readwrite", [IndexedDBCryptoStore.STORE_ACCOUNT], txn => {
-      this.getAccount(txn, account => {
-        account.generate_one_time_keys(numKeys);
-        this.storeAccount(txn, account);
-      });
-    });
-  }
-
-  /**
-   * Generate a new fallback keys
-   *
-   * @returns Resolved once the account is saved back having generated the key
-   */
-  generateFallbackKey() {
-    var _this8 = this;
-    return _asyncToGenerator(function* () {
-      yield _this8.cryptoStore.doTxn("readwrite", [IndexedDBCryptoStore.STORE_ACCOUNT], txn => {
-        _this8.getAccount(txn, account => {
-          account.generate_fallback_key();
-          _this8.storeAccount(txn, account);
-        });
-      });
-    })();
-  }
-  getFallbackKey() {
-    var _this9 = this;
-    return _asyncToGenerator(function* () {
-      var result;
-      yield _this9.cryptoStore.doTxn("readonly", [IndexedDBCryptoStore.STORE_ACCOUNT], txn => {
-        _this9.getAccount(txn, account => {
-          result = JSON.parse(account.unpublished_fallback_key());
-        });
-      });
-      return result;
-    })();
-  }
-  forgetOldFallbackKey() {
-    var _this10 = this;
-    return _asyncToGenerator(function* () {
-      yield _this10.cryptoStore.doTxn("readwrite", [IndexedDBCryptoStore.STORE_ACCOUNT], txn => {
-        _this10.getAccount(txn, account => {
-          account.forget_old_fallback_key();
-          _this10.storeAccount(txn, account);
-        });
-      });
-    })();
-  }
-
-  /**
-   * Generate a new outbound session
-   *
-   * The new session will be stored in the cryptoStore.
-   *
-   * @param theirIdentityKey - remote user's Curve25519 identity key
-   * @param theirOneTimeKey -  remote user's one-time Curve25519 key
-   * @returns sessionId for the outbound session.
-   */
-  createOutboundSession(theirIdentityKey, theirOneTimeKey) {
-    var _this11 = this;
-    return _asyncToGenerator(function* () {
-      var newSessionId;
-      yield _this11.cryptoStore.doTxn("readwrite", [IndexedDBCryptoStore.STORE_ACCOUNT, IndexedDBCryptoStore.STORE_SESSIONS], txn => {
-        _this11.getAccount(txn, account => {
-          var session = new globalThis.Olm.Session();
-          try {
-            session.create_outbound(account, theirIdentityKey, theirOneTimeKey);
-            newSessionId = session.session_id();
-            _this11.storeAccount(txn, account);
-            var sessionInfo = {
-              session,
-              // Pretend we've received a message at this point, otherwise
-              // if we try to send a message to the device, it won't use
-              // this session
-              lastReceivedMessageTs: Date.now()
-            };
-            _this11.saveSession(theirIdentityKey, sessionInfo, txn);
-          } finally {
-            session.free();
-          }
-        });
-      }, logger.getChild("[createOutboundSession]"));
-      return newSessionId;
-    })();
-  }
-
-  /**
-   * Generate a new inbound session, given an incoming message
-   *
-   * @param theirDeviceIdentityKey - remote user's Curve25519 identity key
-   * @param messageType -  messageType field from the received message (must be 0)
-   * @param ciphertext - base64-encoded body from the received message
-   *
-   * @returns decrypted payload, and
-   *     session id of new session
-   *
-   * @throws Error if the received message was not valid (for instance, it didn't use a valid one-time key).
-   */
-  createInboundSession(theirDeviceIdentityKey, messageType, ciphertext) {
-    var _this12 = this;
-    return _asyncToGenerator(function* () {
-      if (messageType !== 0) {
-        throw new Error("Need messageType == 0 to create inbound session");
-      }
-      var result; // eslint-disable-line camelcase
-      yield _this12.cryptoStore.doTxn("readwrite", [IndexedDBCryptoStore.STORE_ACCOUNT, IndexedDBCryptoStore.STORE_SESSIONS], txn => {
-        _this12.getAccount(txn, account => {
-          var session = new globalThis.Olm.Session();
-          try {
-            session.create_inbound_from(account, theirDeviceIdentityKey, ciphertext);
-            account.remove_one_time_keys(session);
-            _this12.storeAccount(txn, account);
-            var payloadString = session.decrypt(messageType, ciphertext);
-            var sessionInfo = {
-              session,
-              // this counts as a received message: set last received message time
-              // to now
-              lastReceivedMessageTs: Date.now()
-            };
-            _this12.saveSession(theirDeviceIdentityKey, sessionInfo, txn);
-            result = {
-              payload: payloadString,
-              session_id: session.session_id()
-            };
-          } finally {
-            session.free();
-          }
-        });
-      }, logger.getChild("[createInboundSession]"));
-      return result;
-    })();
-  }
-
-  /**
-   * Get a list of known session IDs for the given device
-   *
-   * @param theirDeviceIdentityKey - Curve25519 identity key for the
-   *     remote device
-   * @returns  a list of known session ids for the device
-   */
-  getSessionIdsForDevice(theirDeviceIdentityKey) {
-    var _this13 = this;
-    return _asyncToGenerator(function* () {
-      var log = logger.getChild("[getSessionIdsForDevice]");
-      if (theirDeviceIdentityKey in _this13.sessionsInProgress) {
-        log.debug("Waiting for Olm session for ".concat(theirDeviceIdentityKey, " to be created"));
-        try {
-          yield _this13.sessionsInProgress[theirDeviceIdentityKey];
-        } catch (_unused) {
-          // if the session failed to be created, just fall through and
-          // return an empty result
-        }
-      }
-      var sessionIds;
-      yield _this13.cryptoStore.doTxn("readonly", [IndexedDBCryptoStore.STORE_SESSIONS], txn => {
-        _this13.cryptoStore.getEndToEndSessions(theirDeviceIdentityKey, txn, sessions => {
-          sessionIds = Object.keys(sessions);
-        });
-      }, log);
-      return sessionIds;
-    })();
-  }
-
-  /**
-   * Get the right olm session id for encrypting messages to the given identity key
-   *
-   * @param theirDeviceIdentityKey - Curve25519 identity key for the
-   *     remote device
-   * @param nowait - Don't wait for an in-progress session to complete.
-   *     This should only be set to true of the calling function is the function
-   *     that marked the session as being in-progress.
-   * @param log - A possibly customised log
-   * @returns  session id, or null if no established session
-   */
-  getSessionIdForDevice(theirDeviceIdentityKey) {
-    var _arguments2 = arguments,
-      _this14 = this;
-    return _asyncToGenerator(function* () {
-      var nowait = _arguments2.length > 1 && _arguments2[1] !== undefined ? _arguments2[1] : false;
-      var log = _arguments2.length > 2 ? _arguments2[2] : undefined;
-      var sessionInfos = yield _this14.getSessionInfoForDevice(theirDeviceIdentityKey, nowait, log);
-      if (sessionInfos.length === 0) {
-        return null;
-      }
-      // Use the session that has most recently received a message
-      var idxOfBest = 0;
-      for (var i = 1; i < sessionInfos.length; i++) {
-        var thisSessInfo = sessionInfos[i];
-        var thisLastReceived = thisSessInfo.lastReceivedMessageTs === undefined ? 0 : thisSessInfo.lastReceivedMessageTs;
-        var bestSessInfo = sessionInfos[idxOfBest];
-        var bestLastReceived = bestSessInfo.lastReceivedMessageTs === undefined ? 0 : bestSessInfo.lastReceivedMessageTs;
-        if (thisLastReceived > bestLastReceived || thisLastReceived === bestLastReceived && thisSessInfo.sessionId < bestSessInfo.sessionId) {
-          idxOfBest = i;
-        }
-      }
-      return sessionInfos[idxOfBest].sessionId;
-    })();
-  }
-
-  /**
-   * Get information on the active Olm sessions for a device.
-   * <p>
-   * Returns an array, with an entry for each active session. The first entry in
-   * the result will be the one used for outgoing messages. Each entry contains
-   * the keys 'hasReceivedMessage' (true if the session has received an incoming
-   * message and is therefore past the pre-key stage), and 'sessionId'.
-   *
-   * @param deviceIdentityKey - Curve25519 identity key for the device
-   * @param nowait - Don't wait for an in-progress session to complete.
-   *     This should only be set to true of the calling function is the function
-   *     that marked the session as being in-progress.
-   * @param log - A possibly customised log
-   */
-  getSessionInfoForDevice(deviceIdentityKey) {
-    var _arguments3 = arguments,
-      _this15 = this;
-    return _asyncToGenerator(function* () {
-      var nowait = _arguments3.length > 1 && _arguments3[1] !== undefined ? _arguments3[1] : false;
-      var log = _arguments3.length > 2 && _arguments3[2] !== undefined ? _arguments3[2] : logger;
-      log = log.getChild("[getSessionInfoForDevice]");
-      if (deviceIdentityKey in _this15.sessionsInProgress && !nowait) {
-        log.debug("Waiting for Olm session for ".concat(deviceIdentityKey, " to be created"));
-        try {
-          yield _this15.sessionsInProgress[deviceIdentityKey];
-        } catch (_unused2) {
-          // if the session failed to be created, then just fall through and
-          // return an empty result
-        }
-      }
-      var info = [];
-      yield _this15.cryptoStore.doTxn("readonly", [IndexedDBCryptoStore.STORE_SESSIONS], txn => {
-        _this15.cryptoStore.getEndToEndSessions(deviceIdentityKey, txn, sessions => {
-          var sessionIds = Object.keys(sessions).sort();
-          var _loop = function _loop(sessionId) {
-            _this15.unpickleSession(sessions[sessionId], sessInfo => {
-              info.push({
-                lastReceivedMessageTs: sessInfo.lastReceivedMessageTs,
-                hasReceivedMessage: sessInfo.session.has_received_message(),
-                sessionId
-              });
-            });
-          };
-          for (var sessionId of sessionIds) {
-            _loop(sessionId);
-          }
-        });
-      }, log);
-      return info;
-    })();
-  }
-
-  /**
-   * Encrypt an outgoing message using an existing session
-   *
-   * @param theirDeviceIdentityKey - Curve25519 identity key for the
-   *     remote device
-   * @param sessionId -  the id of the active session
-   * @param payloadString -  payload to be encrypted and sent
-   *
-   * @returns ciphertext
-   */
-  encryptMessage(theirDeviceIdentityKey, sessionId, payloadString) {
-    var _this16 = this;
-    return _asyncToGenerator(function* () {
-      checkPayloadLength(payloadString);
-      var res;
-      yield _this16.cryptoStore.doTxn("readwrite", [IndexedDBCryptoStore.STORE_SESSIONS], txn => {
-        _this16.getSession(theirDeviceIdentityKey, sessionId, txn, sessionInfo => {
-          var sessionDesc = sessionInfo.session.describe();
-          logger.log("encryptMessage: Olm Session ID " + sessionId + " to " + theirDeviceIdentityKey + ": " + sessionDesc);
-          res = sessionInfo.session.encrypt(payloadString);
-          _this16.saveSession(theirDeviceIdentityKey, sessionInfo, txn);
-        });
-      }, logger.getChild("[encryptMessage]"));
-      return res;
-    })();
-  }
-
-  /**
-   * Decrypt an incoming message using an existing session
-   *
-   * @param theirDeviceIdentityKey - Curve25519 identity key for the
-   *     remote device
-   * @param sessionId -  the id of the active session
-   * @param messageType -  messageType field from the received message
-   * @param ciphertext - base64-encoded body from the received message
-   *
-   * @returns decrypted payload.
-   */
-  decryptMessage(theirDeviceIdentityKey, sessionId, messageType, ciphertext) {
-    var _this17 = this;
-    return _asyncToGenerator(function* () {
-      var payloadString;
-      yield _this17.cryptoStore.doTxn("readwrite", [IndexedDBCryptoStore.STORE_SESSIONS], txn => {
-        _this17.getSession(theirDeviceIdentityKey, sessionId, txn, sessionInfo => {
-          var sessionDesc = sessionInfo.session.describe();
-          logger.log("decryptMessage: Olm Session ID " + sessionId + " from " + theirDeviceIdentityKey + ": " + sessionDesc);
-          payloadString = sessionInfo.session.decrypt(messageType, ciphertext);
-          sessionInfo.lastReceivedMessageTs = Date.now();
-          _this17.saveSession(theirDeviceIdentityKey, sessionInfo, txn);
-        });
-      }, logger.getChild("[decryptMessage]"));
-      return payloadString;
-    })();
-  }
-
-  /**
-   * Determine if an incoming messages is a prekey message matching an existing session
-   *
-   * @param theirDeviceIdentityKey - Curve25519 identity key for the
-   *     remote device
-   * @param sessionId -  the id of the active session
-   * @param messageType -  messageType field from the received message
-   * @param ciphertext - base64-encoded body from the received message
-   *
-   * @returns true if the received message is a prekey message which matches
-   *    the given session.
-   */
-  matchesSession(theirDeviceIdentityKey, sessionId, messageType, ciphertext) {
-    var _this18 = this;
-    return _asyncToGenerator(function* () {
-      if (messageType !== 0) {
-        return false;
-      }
-      var matches;
-      yield _this18.cryptoStore.doTxn("readonly", [IndexedDBCryptoStore.STORE_SESSIONS], txn => {
-        _this18.getSession(theirDeviceIdentityKey, sessionId, txn, sessionInfo => {
-          matches = sessionInfo.session.matches_inbound(ciphertext);
-        });
-      }, logger.getChild("[matchesSession]"));
-      return matches;
-    })();
-  }
-  recordSessionProblem(deviceKey, type, fixed) {
-    var _this19 = this;
-    return _asyncToGenerator(function* () {
-      logger.info("Recording problem on olm session with ".concat(deviceKey, " of type ").concat(type, ". Recreating: ").concat(fixed));
-      yield _this19.cryptoStore.storeEndToEndSessionProblem(deviceKey, type, fixed);
-    })();
-  }
-  sessionMayHaveProblems(deviceKey, timestamp) {
-    return this.cryptoStore.getEndToEndSessionProblem(deviceKey, timestamp);
-  }
-  filterOutNotifiedErrorDevices(devices) {
-    return this.cryptoStore.filterOutNotifiedErrorDevices(devices);
-  }
-
-  // Outbound group session
-  // ======================
-
-  /**
-   * store an OutboundGroupSession in outboundGroupSessionStore
-   *
-   * @internal
-   */
-  saveOutboundGroupSession(session) {
-    this.outboundGroupSessionStore[session.session_id()] = session.pickle(this.pickleKey);
-  }
-
-  /**
-   * extract an OutboundGroupSession from outboundGroupSessionStore and call the
-   * given function
-   *
-   * @returns result of func
-   * @internal
-   */
-  getOutboundGroupSession(sessionId, func) {
-    var pickled = this.outboundGroupSessionStore[sessionId];
-    if (pickled === undefined) {
-      throw new Error("Unknown outbound group session " + sessionId);
-    }
-    var session = new globalThis.Olm.OutboundGroupSession();
-    try {
-      session.unpickle(this.pickleKey, pickled);
-      return func(session);
-    } finally {
-      session.free();
-    }
-  }
-
-  /**
-   * Generate a new outbound group session
-   *
-   * @returns sessionId for the outbound session.
-   */
-  createOutboundGroupSession() {
-    var session = new globalThis.Olm.OutboundGroupSession();
-    try {
-      session.create();
-      this.saveOutboundGroupSession(session);
-      return session.session_id();
-    } finally {
-      session.free();
-    }
-  }
-
-  /**
-   * Encrypt an outgoing message with an outbound group session
-   *
-   * @param sessionId -  the id of the outboundgroupsession
-   * @param payloadString -  payload to be encrypted and sent
-   *
-   * @returns ciphertext
-   */
-  encryptGroupMessage(sessionId, payloadString) {
-    logger.log("encrypting msg with megolm session ".concat(sessionId));
-    checkPayloadLength(payloadString);
-    return this.getOutboundGroupSession(sessionId, session => {
-      var res = session.encrypt(payloadString);
-      this.saveOutboundGroupSession(session);
-      return res;
-    });
-  }
-
-  /**
-   * Get the session keys for an outbound group session
-   *
-   * @param sessionId -  the id of the outbound group session
-   *
-   * @returns current chain index, and
-   *     base64-encoded secret key.
-   */
-  getOutboundGroupSessionKey(sessionId) {
-    return this.getOutboundGroupSession(sessionId, function (session) {
-      return {
-        chain_index: session.message_index(),
-        key: session.session_key()
-      };
-    });
-  }
-
-  // Inbound group session
-  // =====================
-
-  /**
-   * Unpickle a session from a sessionData object and invoke the given function.
-   * The session is valid only until func returns.
-   *
-   * @param sessionData - Object describing the session.
-   * @param func - Invoked with the unpickled session
-   * @returns result of func
-   */
-  unpickleInboundGroupSession(sessionData, func) {
-    var session = new globalThis.Olm.InboundGroupSession();
-    try {
-      session.unpickle(this.pickleKey, sessionData.session);
-      return func(session);
-    } finally {
-      session.free();
-    }
-  }
-
-  /**
-   * extract an InboundGroupSession from the crypto store and call the given function
-   *
-   * @param roomId - The room ID to extract the session for, or null to fetch
-   *     sessions for any room.
-   * @param txn - Opaque transaction object from cryptoStore.doTxn()
-   * @param func - function to call.
-   *
-   * @internal
-   */
-  getInboundGroupSession(roomId, senderKey, sessionId, txn, func) {
-    this.cryptoStore.getEndToEndInboundGroupSession(senderKey, sessionId, txn, (sessionData, withheld) => {
-      if (sessionData === null) {
-        func(null, null, withheld);
-        return;
-      }
-
-      // if we were given a room ID, check that the it matches the original one for the session. This stops
-      // the HS pretending a message was targeting a different room.
-      if (roomId !== null && roomId !== sessionData.room_id) {
-        throw new Error("Mismatched room_id for inbound group session (expected " + sessionData.room_id + ", was " + roomId + ")");
-      }
-      this.unpickleInboundGroupSession(sessionData, session => {
-        func(session, sessionData, withheld);
-      });
-    });
-  }
-
-  /**
-   * Add an inbound group session to the session store
-   *
-   * @param roomId -     room in which this session will be used
-   * @param senderKey -  base64-encoded curve25519 key of the sender
-   * @param forwardingCurve25519KeyChain -  Devices involved in forwarding
-   *     this session to us.
-   * @param sessionId -  session identifier
-   * @param sessionKey - base64-encoded secret key
-   * @param keysClaimed - Other keys the sender claims.
-   * @param exportFormat - true if the megolm keys are in export format
-   *    (ie, they lack an ed25519 signature)
-   * @param extraSessionData - any other data to be include with the session
-   */
-  addInboundGroupSession(roomId, senderKey, forwardingCurve25519KeyChain, sessionId, sessionKey, keysClaimed, exportFormat) {
-    var _arguments4 = arguments,
-      _this20 = this;
-    return _asyncToGenerator(function* () {
-      var extraSessionData = _arguments4.length > 7 && _arguments4[7] !== undefined ? _arguments4[7] : {};
-      yield _this20.cryptoStore.doTxn("readwrite", [IndexedDBCryptoStore.STORE_INBOUND_GROUP_SESSIONS, IndexedDBCryptoStore.STORE_INBOUND_GROUP_SESSIONS_WITHHELD, IndexedDBCryptoStore.STORE_SHARED_HISTORY_INBOUND_GROUP_SESSIONS], txn => {
-        /* if we already have this session, consider updating it */
-        _this20.getInboundGroupSession(roomId, senderKey, sessionId, txn, (existingSession, existingSessionData) => {
-          // new session.
-          var session = new globalThis.Olm.InboundGroupSession();
-          try {
-            if (exportFormat) {
-              session.import_session(sessionKey);
-            } else {
-              session.create(sessionKey);
-            }
-            if (sessionId != session.session_id()) {
-              throw new Error("Mismatched group session ID from senderKey: " + senderKey);
-            }
-            if (existingSession) {
-              logger.log("Update for megolm session ".concat(senderKey, "|").concat(sessionId));
-              if (existingSession.first_known_index() <= session.first_known_index()) {
-                if (!existingSessionData.untrusted || extraSessionData.untrusted) {
-                  // existing session has less-than-or-equal index
-                  // (i.e. can decrypt at least as much), and the
-                  // new session's trust does not win over the old
-                  // session's trust, so keep it
-                  logger.log("Keeping existing megolm session ".concat(senderKey, "|").concat(sessionId));
-                  return;
-                }
-                if (existingSession.first_known_index() < session.first_known_index()) {
-                  // We want to upgrade the existing session's trust,
-                  // but we can't just use the new session because we'll
-                  // lose the lower index. Check that the sessions connect
-                  // properly, and then manually set the existing session
-                  // as trusted.
-                  if (existingSession.export_session(session.first_known_index()) === session.export_session(session.first_known_index())) {
-                    logger.info("Upgrading trust of existing megolm session " + "".concat(senderKey, "|").concat(sessionId, " based on newly-received trusted session"));
-                    existingSessionData.untrusted = false;
-                    _this20.cryptoStore.storeEndToEndInboundGroupSession(senderKey, sessionId, existingSessionData, txn);
-                  } else {
-                    logger.warn("Newly-received megolm session ".concat(senderKey, "|$sessionId}") + " does not match existing session! Keeping existing session");
-                  }
-                  return;
-                }
-                // If the sessions have the same index, go ahead and store the new trusted one.
-              }
-            }
-            logger.debug("Storing megolm session ".concat(senderKey, "|").concat(sessionId, " with first index ") + session.first_known_index());
-            var sessionData = Object.assign({}, extraSessionData, {
-              room_id: roomId,
-              session: session.pickle(_this20.pickleKey),
-              keysClaimed: keysClaimed,
-              forwardingCurve25519KeyChain: forwardingCurve25519KeyChain
-            });
-            _this20.cryptoStore.storeEndToEndInboundGroupSession(senderKey, sessionId, sessionData, txn);
-            if (!existingSession && extraSessionData.sharedHistory) {
-              _this20.cryptoStore.addSharedHistoryInboundGroupSession(roomId, senderKey, sessionId, txn);
-            }
-          } finally {
-            session.free();
-          }
-        });
-      }, logger.getChild("[addInboundGroupSession]"));
-    })();
-  }
-
-  /**
-   * Record in the data store why an inbound group session was withheld.
-   *
-   * @param roomId -     room that the session belongs to
-   * @param senderKey -  base64-encoded curve25519 key of the sender
-   * @param sessionId -  session identifier
-   * @param code -       reason code
-   * @param reason -     human-readable version of `code`
-   */
-  addInboundGroupSessionWithheld(roomId, senderKey, sessionId, code, reason) {
-    var _this21 = this;
-    return _asyncToGenerator(function* () {
-      yield _this21.cryptoStore.doTxn("readwrite", [IndexedDBCryptoStore.STORE_INBOUND_GROUP_SESSIONS_WITHHELD], txn => {
-        _this21.cryptoStore.storeEndToEndInboundGroupSessionWithheld(senderKey, sessionId, {
-          room_id: roomId,
-          code: code,
-          reason: reason
-        }, txn);
-      });
-    })();
-  }
-
-  /**
-   * Decrypt a received message with an inbound group session
-   *
-   * @param roomId -    room in which the message was received
-   * @param senderKey - base64-encoded curve25519 key of the sender
-   * @param sessionId - session identifier
-   * @param body -      base64-encoded body of the encrypted message
-   * @param eventId -   ID of the event being decrypted
-   * @param timestamp - timestamp of the event being decrypted
-   *
-   * @returns null if the sessionId is unknown
-   */
-  decryptGroupMessage(roomId, senderKey, sessionId, body, eventId, timestamp) {
-    var _this22 = this;
-    return _asyncToGenerator(function* () {
-      var result = null;
-      // when the localstorage crypto store is used as an indexeddb backend,
-      // exceptions thrown from within the inner function are not passed through
-      // to the top level, so we store exceptions in a variable and raise them at
-      // the end
-      var error;
-      yield _this22.cryptoStore.doTxn("readwrite", [IndexedDBCryptoStore.STORE_INBOUND_GROUP_SESSIONS, IndexedDBCryptoStore.STORE_INBOUND_GROUP_SESSIONS_WITHHELD], txn => {
-        _this22.getInboundGroupSession(roomId, senderKey, sessionId, txn, (session, sessionData, withheld) => {
-          if (session === null || sessionData === null) {
-            if (withheld) {
-              var failureCode = withheld.code === "m.unverified" ? DecryptionFailureCode.MEGOLM_KEY_WITHHELD_FOR_UNVERIFIED_DEVICE : DecryptionFailureCode.MEGOLM_KEY_WITHHELD;
-              error = new DecryptionError(failureCode, calculateWithheldMessage(withheld), {
-                session: senderKey + "|" + sessionId
-              });
-            }
-            result = null;
-            return;
-          }
-          var res;
-          try {
-            res = session.decrypt(body);
-          } catch (e) {
-            if ((e === null || e === void 0 ? void 0 : e.message) === "OLM.UNKNOWN_MESSAGE_INDEX" && withheld) {
-              var _failureCode = withheld.code === "m.unverified" ? DecryptionFailureCode.MEGOLM_KEY_WITHHELD_FOR_UNVERIFIED_DEVICE : DecryptionFailureCode.MEGOLM_KEY_WITHHELD;
-              error = new DecryptionError(_failureCode, calculateWithheldMessage(withheld), {
-                session: senderKey + "|" + sessionId
-              });
-            } else {
-              error = e;
-            }
-            return;
-          }
-          var plaintext = res.plaintext;
-          if (plaintext === undefined) {
-            // @ts-ignore - Compatibility for older olm versions.
-            plaintext = res;
-          } else {
-            // Check if we have seen this message index before to detect replay attacks.
-            // If the event ID and timestamp are specified, and the match the event ID
-            // and timestamp from the last time we used this message index, then we
-            // don't consider it a replay attack.
-            var messageIndexKey = senderKey + "|" + sessionId + "|" + res.message_index;
-            if (messageIndexKey in _this22.inboundGroupSessionMessageIndexes) {
-              var msgInfo = _this22.inboundGroupSessionMessageIndexes[messageIndexKey];
-              if (msgInfo.id !== eventId || msgInfo.timestamp !== timestamp) {
-                error = new Error("Duplicate message index, possible replay attack: " + messageIndexKey);
-                return;
-              }
-            }
-            _this22.inboundGroupSessionMessageIndexes[messageIndexKey] = {
-              id: eventId,
-              timestamp: timestamp
-            };
-          }
-          sessionData.session = session.pickle(_this22.pickleKey);
-          _this22.cryptoStore.storeEndToEndInboundGroupSession(senderKey, sessionId, sessionData, txn);
-          result = {
-            result: plaintext,
-            keysClaimed: sessionData.keysClaimed || {},
-            senderKey: senderKey,
-            forwardingCurve25519KeyChain: sessionData.forwardingCurve25519KeyChain || [],
-            untrusted: !!sessionData.untrusted
-          };
-        });
-      }, logger.getChild("[decryptGroupMessage]"));
-      if (error) {
-        throw error;
-      }
-      return result;
-    })();
-  }
-
-  /**
-   * Determine if we have the keys for a given megolm session
-   *
-   * @param roomId -    room in which the message was received
-   * @param senderKey - base64-encoded curve25519 key of the sender
-   * @param sessionId - session identifier
-   *
-   * @returns true if we have the keys to this session
-   */
-  hasInboundSessionKeys(roomId, senderKey, sessionId) {
-    var _this23 = this;
-    return _asyncToGenerator(function* () {
-      var result;
-      yield _this23.cryptoStore.doTxn("readonly", [IndexedDBCryptoStore.STORE_INBOUND_GROUP_SESSIONS, IndexedDBCryptoStore.STORE_INBOUND_GROUP_SESSIONS_WITHHELD], txn => {
-        _this23.cryptoStore.getEndToEndInboundGroupSession(senderKey, sessionId, txn, sessionData => {
-          if (sessionData === null) {
-            result = false;
-            return;
-          }
-          if (roomId !== sessionData.room_id) {
-            logger.warn("requested keys for inbound group session ".concat(senderKey, "|") + "".concat(sessionId, ", with incorrect room_id ") + "(expected ".concat(sessionData.room_id, ", ") + "was ".concat(roomId, ")"));
-            result = false;
-          } else {
-            result = true;
-          }
-        });
-      }, logger.getChild("[hasInboundSessionKeys]"));
-      return result;
-    })();
-  }
-
-  /**
-   * Extract the keys to a given megolm session, for sharing
-   *
-   * @param roomId -    room in which the message was received
-   * @param senderKey - base64-encoded curve25519 key of the sender
-   * @param sessionId - session identifier
-   * @param chainIndex - The chain index at which to export the session.
-   *     If omitted, export at the first index we know about.
-   *
-   * @returns
-   *    details of the session key. The key is a base64-encoded megolm key in
-   *    export format.
-   *
-   * @throws Error If the given chain index could not be obtained from the known
-   *     index (ie. the given chain index is before the first we have).
-   */
-  getInboundGroupSessionKey(roomId, senderKey, sessionId, chainIndex) {
-    var _this24 = this;
-    return _asyncToGenerator(function* () {
-      var result = null;
-      yield _this24.cryptoStore.doTxn("readonly", [IndexedDBCryptoStore.STORE_INBOUND_GROUP_SESSIONS, IndexedDBCryptoStore.STORE_INBOUND_GROUP_SESSIONS_WITHHELD], txn => {
-        _this24.getInboundGroupSession(roomId, senderKey, sessionId, txn, (session, sessionData) => {
-          if (session === null || sessionData === null) {
-            result = null;
-            return;
-          }
-          if (chainIndex === undefined) {
-            chainIndex = session.first_known_index();
-          }
-          var exportedSession = session.export_session(chainIndex);
-          var claimedKeys = sessionData.keysClaimed || {};
-          var senderEd25519Key = claimedKeys.ed25519 || null;
-          var forwardingKeyChain = sessionData.forwardingCurve25519KeyChain || [];
-          // older forwarded keys didn't set the "untrusted"
-          // property, but can be identified by having a
-          // non-empty forwarding key chain.  These keys should
-          // be marked as untrusted since we don't know that they
-          // can be trusted
-          var untrusted = "untrusted" in sessionData ? sessionData.untrusted : forwardingKeyChain.length > 0;
-          result = {
-            chain_index: chainIndex,
-            key: exportedSession,
-            forwarding_curve25519_key_chain: forwardingKeyChain,
-            sender_claimed_ed25519_key: senderEd25519Key,
-            shared_history: sessionData.sharedHistory || false,
-            untrusted: untrusted
-          };
-        });
-      }, logger.getChild("[getInboundGroupSessionKey]"));
-      return result;
-    })();
-  }
-
-  /**
-   * Export an inbound group session
-   *
-   * @param senderKey - base64-encoded curve25519 key of the sender
-   * @param sessionId - session identifier
-   * @param sessionData - The session object from the store
-   * @returns exported session data
-   */
-  exportInboundGroupSession(senderKey, sessionId, sessionData) {
-    return this.unpickleInboundGroupSession(sessionData, session => {
-      var messageIndex = session.first_known_index();
-      return {
-        "sender_key": senderKey,
-        "sender_claimed_keys": sessionData.keysClaimed,
-        "room_id": sessionData.room_id,
-        "session_id": sessionId,
-        "session_key": session.export_session(messageIndex),
-        "forwarding_curve25519_key_chain": sessionData.forwardingCurve25519KeyChain || [],
-        "first_known_index": session.first_known_index(),
-        "org.matrix.msc3061.shared_history": sessionData.sharedHistory || false
-      };
-    });
-  }
-  getSharedHistoryInboundGroupSessions(roomId) {
-    var _this25 = this;
-    return _asyncToGenerator(function* () {
-      var result;
-      yield _this25.cryptoStore.doTxn("readonly", [IndexedDBCryptoStore.STORE_SHARED_HISTORY_INBOUND_GROUP_SESSIONS], txn => {
-        result = _this25.cryptoStore.getSharedHistoryInboundGroupSessions(roomId, txn);
-      }, logger.getChild("[getSharedHistoryInboundGroupSessionsForRoom]"));
-      return result;
-    })();
-  }
-
-  // Utilities
-  // =========
-
-  /**
-   * Verify an ed25519 signature.
-   *
-   * @param key - ed25519 key
-   * @param message - message which was signed
-   * @param signature - base64-encoded signature to be checked
-   *
-   * @throws Error if there is a problem with the verification. If the key was
-   * too small then the message will be "OLM.INVALID_BASE64". If the signature
-   * was invalid then the message will be "OLM.BAD_MESSAGE_MAC".
-   */
-  verifySignature(key, message, signature) {
-    this.getUtility(function (util) {
-      util.ed25519_verify(key, message, signature);
-    });
-  }
-}
-export var WITHHELD_MESSAGES = {
-  "m.unverified": "The sender has disabled encrypting to unverified devices.",
-  "m.blacklisted": "The sender has blocked you.",
-  "m.unauthorised": "You are not authorised to read the message.",
-  "m.no_olm": "Unable to establish a secure channel."
-};
-
-/**
- * Calculate the message to use for the exception when a session key is withheld.
- *
- * @param withheld -  An object that describes why the key was withheld.
- *
- * @returns the message
- *
- * @internal
- */
-function calculateWithheldMessage(withheld) {
-  if (withheld.code && withheld.code in WITHHELD_MESSAGES) {
-    return WITHHELD_MESSAGES[withheld.code];
-  } else if (withheld.reason) {
-    return withheld.reason;
-  } else {
-    return "decryption key withheld";
-  }
-}
-//# sourceMappingURL=OlmDevice.js.map