Mark forwardingCurve25519KeyChain as deprecated (#5111)

The Rust SDK always populates this as an empty array, so we may as well get rid
of it.

Author: richvdh

src/common-crypto/CryptoBackend.ts

@@ -200,8 +200,9 @@ export interface EventDecryptionResult {
      */
     clearEvent: IClearEvent;
     /**
-     * List of curve25519 keys involved in telling us about the senderCurve25519Key and claimedEd25519Key.
+     * No longer used.
      * See {@link MatrixEvent#getForwardingCurve25519KeyChain}.
+     * @deprecated
      */
     forwardingCurve25519KeyChain?: string[];
     /**

src/models/event.ts

@@ -284,12 +284,6 @@ export class MatrixEvent extends TypedEventEmitter<MatrixEventEmittedEvents, Mat
      */
     private claimedEd25519Key: string | null = null;
 
-    /* curve25519 keys of devices involved in telling us about the
-     * senderCurve25519Key and claimedEd25519Key.
-     * See getForwardingCurve25519KeyChain().
-     */
-    private forwardingCurve25519KeyChain: string[] = [];
-
     /* where the decryption key is untrusted
      */
     private untrusted: boolean | null = null;
@@ -1028,7 +1022,6 @@ export class MatrixEvent extends TypedEventEmitter<MatrixEventEmittedEvents, Mat
         this.clearEvent = decryptionResult.clearEvent;
         this.senderCurve25519Key = decryptionResult.senderCurve25519Key ?? null;
         this.claimedEd25519Key = decryptionResult.claimedEd25519Key ?? null;
-        this.forwardingCurve25519KeyChain = decryptionResult.forwardingCurve25519KeyChain || [];
         this.untrusted = decryptionResult.untrusted || false;
         this.invalidateExtensibleEvent();
     }
@@ -1048,7 +1041,6 @@ export class MatrixEvent extends TypedEventEmitter<MatrixEventEmittedEvents, Mat
         };
         this.senderCurve25519Key = null;
         this.claimedEd25519Key = null;
-        this.forwardingCurve25519KeyChain = [];
         this.untrusted = false;
         this.invalidateExtensibleEvent();
     }
@@ -1119,21 +1111,18 @@ export class MatrixEvent extends TypedEventEmitter<MatrixEventEmittedEvents, Mat
     }
 
     /**
-     * Get the curve25519 keys of the devices which were involved in telling us
-     * about the claimedEd25519Key and sender curve25519 key.
-     *
-     * Normally this will be empty, but in the case of a forwarded megolm
-     * session, the sender keys are sent to us by another device (the forwarding
-     * device), which we need to trust to do this. In that case, the result will
-     * be a list consisting of one entry.
+     *  Returns an empty array.
      *
-     * If the device that sent us the key (A) got it from another device which
-     * it wasn't prepared to vouch for (B), the result will be [A, B]. And so on.
+     * Previously, this returned the chain of Curve25519 keys through which
+     * this session was forwarded, via `m.forwarded_room_key` events.
+     * However, that is not cryptographically reliable, and clients should not
+     * be using it.
      *
-     * @returns base64-encoded curve25519 keys, from oldest to newest.
+     * @see https://github.com/matrix-org/matrix-spec/issues/1089
+     * @deprecated
      */
     public getForwardingCurve25519KeyChain(): string[] {
-        return this.forwardingCurve25519KeyChain;
+        return [];
     }
 
     /**

src/rust-crypto/rust-crypto.ts

@@ -2236,7 +2236,6 @@ class EventDecryptor {
                 clearEvent: JSON.parse(res.event),
                 claimedEd25519Key: res.senderClaimedEd25519Key,
                 senderCurve25519Key: res.senderCurve25519Key,
-                forwardingCurve25519KeyChain: res.forwardingCurve25519KeyChain,
             };
         } catch (err) {
             if (err instanceof RustSdkCryptoJs.MegolmDecryptionError) {

src/testing.ts

@@ -179,7 +179,6 @@ export async function decryptExistingEvent(
             type: opts.plainType,
             content: opts.plainContent,
         },
-        forwardingCurve25519KeyChain: [],
         senderCurve25519Key: "",
         untrusted: false,
     };