MatrixRTC: Refactor | Introduce a new Encryption manager (used with experimental to device transport)

package.json

@@ -130,5 +130,6 @@
         "outputDirectory": "coverage",
         "outputName": "jest-sonar-report.xml",
         "relativePaths": true
-    }
+    },
+    "packageManager": "yarn@1.22.22+sha512.a6b2f7906b721bba3d67d4aff083df04dad64c399707841b7acf00f6b133b7ac24255f2652fa22ae3534329dc6180534e98d17432037ff6fd140556e2bb3137e"
 }

spec/unit/matrixrtc/KeyBuffer.spec.ts

@@ -0,0 +1,70 @@
+/*
+Copyright 2025 The Matrix.org Foundation C.I.C.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+import { KeyBuffer } from "../../../src/matrixrtc/utils.ts";
+import { type InboundEncryptionSession } from "../../../src/matrixrtc";
+
+describe("KeyBuffer Test", () => {
+    it("Should buffer and disambiguate keys by timestamp", () => {
+        jest.useFakeTimers();
+
+        const buffer = new KeyBuffer(1000);
+
+        const aKey = fakeInboundSessionWithTimestamp(1000);
+        const olderKey = fakeInboundSessionWithTimestamp(300);
+        // Simulate receiving out of order keys
+
+        const init = buffer.disambiguate(aKey.participantId, aKey);
+        expect(init).toEqual(aKey);
+        // Some time pass
+        jest.advanceTimersByTime(600);
+        // Then we receive the most recent key out of order
+
+        const key = buffer.disambiguate(aKey.participantId, olderKey);
+        // this key is older and should be ignored even if received after
+        expect(key).toBe(null);
+    });
+
+    it("Should clear buffer after ttl", () => {
+        jest.useFakeTimers();
+
+        const buffer = new KeyBuffer(1000);
+
+        const aKey = fakeInboundSessionWithTimestamp(1000);
+        const olderKey = fakeInboundSessionWithTimestamp(300);
+        // Simulate receiving out of order keys
+
+        const init = buffer.disambiguate(aKey.participantId, aKey);
+        expect(init).toEqual(aKey);
+
+        // Similar to previous test but there is too much delay
+        // We don't want to keep key material for too long
+        jest.advanceTimersByTime(1200);
+
+        const key = buffer.disambiguate(aKey.participantId, olderKey);
+        // The buffer is cleared so should return this key
+        expect(key).toBe(olderKey);
+    });
+
+    function fakeInboundSessionWithTimestamp(ts: number): InboundEncryptionSession {
+        return {
+            keyIndex: 0,
+            creationTS: ts,
+            participantId: "@alice:localhost|ABCDE",
+            key: new Uint8Array(16),
+        };
+    }
+});

spec/unit/matrixrtc/MatrixRTCSession.spec.ts

@@ -21,6 +21,7 @@ import { MatrixRTCSession, MatrixRTCSessionEvent } from "../../../src/matrixrtc/
 import { type EncryptionKeysEventContent } from "../../../src/matrixrtc/types";
 import { secureRandomString } from "../../../src/randomstring";
 import { makeMockEvent, makeMockRoom, makeMockRoomState, membershipTemplate, makeKey } from "./mocks";
+import { RTCEncryptionManager } from "../../../src/matrixrtc/RTCEncryptionManager.ts";
 
 const mockFocus = { type: "mock" };
 
@@ -878,11 +879,27 @@ describe("MatrixRTCSession", () => {
                     expect(sendKeySpy).toHaveBeenCalledTimes(1);
                     // check that we send the key with index 1 even though the send gets delayed when leaving.
                     // this makes sure we do not use an index that is one too old.
-                    expect(sendKeySpy).toHaveBeenLastCalledWith(expect.any(String), 1, sess.memberships);
+                    expect(sendKeySpy).toHaveBeenLastCalledWith(
+                        expect.any(String),
+                        1,
+                        sess.memberships.map((m) => ({
+                            userId: m.sender,
+                            deviceId: m.deviceId,
+                            membershipTs: m.createdTs(),
+                        })),
+                    );
                     // fake a condition in which we send another encryption key event.
                     // this could happen do to someone joining the call.
                     (sess as unknown as any).encryptionManager.sendEncryptionKeysEvent();
-                    expect(sendKeySpy).toHaveBeenLastCalledWith(expect.any(String), 1, sess.memberships);
+                    expect(sendKeySpy).toHaveBeenLastCalledWith(
+                        expect.any(String),
+                        1,
+                        sess.memberships.map((m) => ({
+                            userId: m.sender,
+                            deviceId: m.deviceId,
+                            membershipTs: m.createdTs(),
+                        })),
+                    );
                     jest.advanceTimersByTime(7000);
 
                     const secondKeysPayload = await keysSentPromise2;
@@ -996,10 +1013,14 @@ describe("MatrixRTCSession", () => {
                         useNewMembershipManager: true,
                         useExperimentalToDeviceTransport: true,
                     });
+                    sess.onRTCSessionMemberUpdate();
 
                     await keySentPromise;
 
                     expect(sendToDeviceMock).toHaveBeenCalled();
+
+                    // Access private to test
+                    expect(sess["encryptionManager"]).toBeInstanceOf(RTCEncryptionManager);
                 } finally {
                     jest.useRealTimers();
                 }