Remove dependency on libolm

[bmarty]

Type of change

• Feature
• Bugfix
• Technical
• Other :

Content

Remove the dependency on the deprecated libolm library

• Existing data is removed, which means that there is a crypto database migration to cleanup the tables
• Encryption for content scanner now rely on the Rust implementation (need bindings: Expose the PkEncryption stuff in the crypto crate bindings matrix-org/matrix-rust-sdk#3971 and so a new crypto SDK release once the Rust PR is merged.)

Motivation and context

Remove the dependency on the deprecated libolm library. See more details here:

• https://gitlab.matrix.org/matrix-org/olm#important-libolm-is-now-deprecated
• https://matrix.org/blog/2024/08/libolm-deprecation/

Screenshots / GIFs

Tests

• Check migration from a previous installation to a new one

Tested devices

• Physical
• Emulator
• OS version(s):

Checklist

• Changes has been tested on an Android device or Android emulator with API 21
• UI change has been tested on both light and dark themes
• Accessibility has been taken into account. See https://github.com/element-hq/element-android/blob/develop/CONTRIBUTING.md#accessibility
• Pull request is based on the develop branch
• Pull request includes a new file under ./changelog.d. See https://github.com/element-hq/element-android/blob/develop/CONTRIBUTING.md#changelog
• Pull request includes screenshots or videos if containing UI changes
• Pull request includes a sign off
• You've made a self review of your PR
• If you have modified the screen flow, or added new screens to the application, you have updated the test UiAllScreensSanityTest.allScreensTest()

[BillCarsonFr]

Found it surprising that we use toHexString here. The legacy sha was returning a base64 string no? https://gitlab.matrix.org/matrix-org/olm/-/blob/master/tests/test_olm_sha256.cpp#L16

[bmarty]

Good catch thanks! f726d16

[BillCarsonFr]

Thx, maybe just a nit, it could be named convertToSha256Base64Encoded

[bmarty]

I have tested again the database migration and this is working fine:

• Checkout the current develop
• Deploy the app
• Login to an account
• Verify the session, observe that existing messages can be decrypted
• Send some messages in e2e rooms
• Checkout the last commit of the branch
• Use locally build crypto SDK (release still need to be done)
• Deploy the application to the same device
• Check in the log that the migration has been done
• Observe that the application is not crashing and is still working as expected

[ElementBot]

	Warnings
⚠️	matrix-sdk-android/build.gradle#L164 - A newer version of net.java.dev.jna:jna than 5.13.0 is available: 5.14.0
⚠️	matrix-sdk-android/build.gradle#L164 - A newer version of net.java.dev.jna:jna than 5.13.0 is available: 5.14.0

Generated by 🚫 dangerJS against e89bec4

[bmarty]

I confirm that this code works using vector.im identity server.

[bmarty]

I have tested the communication to the content scanner running a local synapse and a local instance of https://github.com/element-hq/matrix-content-scanner-python and the content scanner is able to decrypt the attachment.

Patch to apply (for information / future me):

contentScannerTest.patch

Result testing data from a file sent to a room (eicar.com.bin):

Content scanner logs:

2024-09-23 16:43:45,834 - matrix_content_scanner.scanner.file_downloader - 323 - INFO - POST-9 - Sending GET request to http://localhost:8080/_matrix/media/v3/download/localhost/KFBpUrxgQyLQrGbxJBYEVPXe
2024-09-23 16:43:45,847 - matrix_content_scanner.scanner.file_downloader - 181 - INFO - POST-9 - Remote server responded with 200
2024-09-23 16:43:45,848 - matrix_content_scanner.scanner.scanner - 417 - INFO - POST-9 - Decrypting encrypted file
2024-09-23 16:43:45,905 - matrix_content_scanner.scanner.scanner - 514 - ERROR - POST-9 - MIME type for file is forbidden: text/plain
2024-09-23 16:43:45,906 - matrix_content_scanner.scanner.scanner - 260 - INFO - POST-9 - Caching scan failure
2024-09-23 16:43:45,907 - aiohttp.access - 211 - INFO - POST-9 - 127.0.0.1 [23/Sep/2024:15:43:45 +0100] "POST /_matrix/media_proxy/unstable/scan_encrypted HTTP/1.1" 200 369 "-" "Element - dbg/1.6.22-dev (Google sdk_gphone64_arm64; Android 14; UE1A.230829.036.A4; Flavour GooglePlay; MatrixAndroidSdk2 1.6.22)"

[BillCarsonFr]

Approved

[bmarty]

Note: checking application upgrade from 1.5.32 to 1.6.22 and we got a migration error then the application crashes. Here are the log:

io.realm.exceptions.RealmMigrationNeededException: Migration is required due to the following errors:
- Property 'CryptoRoomEntity.rotationPeriodMs' has been added.
- Property 'CryptoRoomEntity.rotationPeriodMsgs' has been added.

Upgrading from 1.6.0 (which is 1-year old+) to 1.6.22 is working well.