Skip to content

fix(sqlite): Encrypt EventIds in the Event Cache SQLite database#6739

Open
Hywan wants to merge 10 commits into
matrix-org:mainfrom
Hywan:fix-sqlite-event-cache-store-event_id-are-encrypted
Open

fix(sqlite): Encrypt EventIds in the Event Cache SQLite database#6739
Hywan wants to merge 10 commits into
matrix-org:mainfrom
Hywan:fix-sqlite-event-cache-store-event_id-are-encrypted

Conversation

@Hywan

@Hywan Hywan commented Jul 10, 2026

Copy link
Copy Markdown
Member

This patch aims at encrypting the EventId value in the Event Cache database (in the SQLite backend).

Best to review this PR one patch at a time.


  • I've documented the public API changes in the appropriate changelog files (see Writing changelog entries).
  • This PR was made with the help of AI.

Signed-off-by:

@Hywan Hywan force-pushed the fix-sqlite-event-cache-store-event_id-are-encrypted branch from 7676cf5 to caf0080 Compare July 10, 2026 14:07
@Hywan Hywan marked this pull request as ready for review July 10, 2026 14:07
@Hywan Hywan requested a review from a team as a code owner July 10, 2026 14:07
@Hywan Hywan requested review from poljar and removed request for a team July 10, 2026 14:07
@codspeed-hq

codspeed-hq Bot commented Jul 10, 2026

Copy link
Copy Markdown

Merging this PR will not alter performance

✅ 50 untouched benchmarks


Comparing Hywan:fix-sqlite-event-cache-store-event_id-are-encrypted (b2ce993) with main (390f6c0)

Open in CodSpeed

@codecov

codecov Bot commented Jul 10, 2026

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 82.96943% with 39 lines in your changes missing coverage. Please review.
✅ Project coverage is 89.92%. Comparing base (ee714de) to head (b2ce993).
⚠️ Report is 2 commits behind head on main.
✅ All tests successful. No failed tests found.

Files with missing lines Patch % Lines
crates/matrix-sdk-sqlite/src/event_cache_store.rs 84.00% 2 Missing and 30 partials ⚠️
crates/matrix-sdk-store-encryption/src/lib.rs 69.56% 6 Missing and 1 partial ⚠️
Additional details and impacted files
@@            Coverage Diff             @@
##             main    #6739      +/-   ##
==========================================
- Coverage   89.92%   89.92%   -0.01%     
==========================================
  Files         398      398              
  Lines      111310   111378      +68     
  Branches   111310   111378      +68     
==========================================
+ Hits       100101   100159      +58     
- Misses       7410     7421      +11     
+ Partials     3799     3798       -1     

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

@Hywan Hywan force-pushed the fix-sqlite-event-cache-store-event_id-are-encrypted branch from caf0080 to 9a578d3 Compare July 13, 2026 07:26
Hywan added 10 commits July 13, 2026 09:26
This patch removes useless `super` visibility selector. The `Caches`
type is not public, so we don't need to restrict the visibility of these
methods here.
This patch introduces the `EncryptableValue` trait to represent usual
operations on a value to be encoded by `encrypt_value_data`.
This patch replaces the serialization of the gap's token (in
`handle_linked_chunk_updates`) by using the raw string bytes directly.
… adding `Encryption`.

Basically, this patch removes the `let this = self.clone()`.

This patch solves the following problem: when we need to decode values
in a `with_transaction` context, one had to clone `self` to solve
the lifetime issues. This was sub-optimal as it clones the entire
`SqliteEventCacheStore`. Instead, we introduce the `Encryption` type,
that can be cloned cheaply and serve this specific role.

The `SqliteEventCacheStore::encode_event` method moved to `Encryption`.
Finally, this patch adds `Encryption::decode_event` for the sake of
symmetry.
This is an intermediate patch about many small stuff I've fixed in the
code.
…s` tables for the Event Cache.

This patch encrypts the `EventId` value in the `events` and
`event_chunks` tables for the Event Cache database.

The `EventId` is transformed as a `String`, and encoded as is.

This patch also adds `Encryption::encode_event_id` and
`Encryption::encode_room_id` to centralise these operations. The _table
name_ for the room ID encoding changes from `keys::LINKED_CHUNKS` to
`keys::EVENTS`. This is not a big change but since we are erasing all
the data for the Event Cache database, we can do this small change.

The biggest change is in `filter_duplicated_events` where we can no
longer use the `event_id` value from the `SELECT` as the returned value
because it is encrypted and cannot be decrypted. To achieve that, we use
the data provided as the parameter of the method to _map_ the encoded
value the other way. Before, the algorithm was:

- `Vec<EventId>` were the event we want to find duplicates,
- run the SQL query selecting all events matching the `event_id`s,
- returning the `event_id` from the SQL query

And now, the algorithm is:

- `Vec<EventId>` were the event we want to find duplicates,
- transform it to `Vec<(EventId, Key)>` where `Key` is the encoded event ID,
- run the SQl query selecting all events matching the encoded flavour of
  the `event_id`s,
- when found, the SQL query returns the encoded flavour, so we look back
  in `Vec<(EventId, Key)>` to find the `EventId` from the `Key`.
@Hywan Hywan force-pushed the fix-sqlite-event-cache-store-event_id-are-encrypted branch from 9a578d3 to b2ce993 Compare July 13, 2026 07:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant