Fails to bridge when e2e encryption enabled
dcloud-ca opened this issue · comments
I am running Synapse v1.76.0 and mautrix-facebook 0.4.1+dev.7e00104b, both via Docker run. My matrix client is android Element v1.5.22.
For unencrypted rooms, bridging to and from matrix works without issue. However, if I enable room encryption, I can no longer send messages (receiving still works fine). When trying to send a message, I get the following error in the client:
Your message was not bridged: the bridge hasn't received the decryption keys. The bridge will retry for 6 seconds
I have the same issue with the other two mautrix bridges I use (signal and whatsapp). I have a fresh config/registration generated with my current bridge version, so as far as I know I shouldn't have to use the workaround for bridge encryption described here: https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html
My mautrix-facebook logs:
[2023-02-03 14:29:36,401] [INFO@aiohttp.access] 172.21.0.5 [03/Feb/2023:14:29:36 +0000] "PUT /transactions/274?access_token=6DvGbN7rCYAxAr-puB329B4UBzFNMkeVHxKhYHVbJpQX_m08Ka4rKBW5BzpTgYpi HTTP/1.1" 200 159 "-" "Synapse/1.76.0"
[2023-02-03 14:29:36,411] [DEBUG@mau.bridge.e2ee] Couldn't find session 5oZ5Ulsr1Cb3bCTrQTKki6GDjNlc09KPcPcZ59PkGlk trying to decrypt $CPf38AO2PQeLuk4UNlpKcNZJsNI0okH0mhdyvNi6H1M, waiting 3 seconds...
[2023-02-03 14:29:36,604] [DEBUG@mau.as.api.@user:matrix.example.com] req #321: PUT http://synapse:8008/_matrix/client/v3/rooms/%21UqTYdnQBcvZohSHtmb%3Amatrix.example.com/typing/%40user%3Amatrix.example.com {"typing": false}
[2023-02-03 14:29:36,616] [DEBUG@mau.as.api.@user:matrix.example.com] req #321 (/v3/rooms/%21UqTYdnQBcvZohSHtmb%3Amatrix.example.com/typing/%40user%3Amatrix.example.com) completed in 11.5ms with status 200
[2023-02-03 14:29:39,417] [DEBUG@mau.mx] Couldn't find session 5oZ5Ulsr1Cb3bCTrQTKki6GDjNlc09KPcPcZ59PkGlk trying to decrypt $CPf38AO2PQeLuk4UNlpKcNZJsNI0okH0mhdyvNi6H1M, waiting even longer
[2023-02-03 14:29:39,437] [DEBUG@mau.bridge.e2ee.client] req #322: PUT http://synapse:8008/_matrix/client/v3/sendToDevice/m.room_key_request/mautrix-python_1675434579435793514_1 {"messages": {"@user:matrix.example.com": {"INJNFTTKJR": {"action": "request", "requesting_device_id": "PZSILDGGIV", "request_id": "3102f024-a3cf-11ed-9cc0-0242ac150008", "body": {"algorithm": "m.megolm.v1.aes-sha2", "room_id": "!UqTYdnQBcvZohSHtmb:matrix.example.com", "sender_key": "uBwwFeZZJgR4tIx7nFwAq10M7fIfdVaKH5O+x4dwnxs", "session_id": "5oZ5Ulsr1Cb3bCTrQTKki6GDjNlc09KPcPcZ59PkGlk"}}}}}
[2023-02-03 14:29:39,455] [DEBUG@mau.as.api.bot] req #323: PUT http://synapse:8008/_matrix/client/v3/rooms/%21UqTYdnQBcvZohSHtmb%3Amatrix.example.com/send/m.room.message/mautrix-python_1675434579454745306_49?user_id=@facebookbot:matrix.example.com {"msgtype": "m.notice", "body": "\u26a0 Your message was not bridged: the bridge hasn't received the decryption keys. The bridge will retry for 6 seconds."}
My (trimmed) config.yaml:
appservice:
address: http://mautrix-facebook:29319 hostname: 0.0.0.0 port: 29319 max_body_size: 1 database: postgres://home:blah@postgres/facebook database_opts: min_size: 5 max_size: 10 id: facebook bot_username: facebookbot bot_displayname: Facebook bridge bot bot_avatar: mxc://maunium.net/ygtkteZsXnGJLJHRchUwYWak ephemeral_events: true as_token: blah hs_token: blahbridge:
username_template: facebook_{userid} displayname_template: '{displayname} (FB)' displayname_preference: - name - first_name command_prefix: '!fb' invite_own_puppet_to_pm: false sync_with_custom_puppets: false sync_direct_chat_list: false double_puppet_server_map: example.com: https://example.com double_puppet_allow_discovery: false login_shared_secret_map: matrix.example.com: blah presence_from_facebook: false # Whether or not to update avatars when syncing all contacts at startup. update_avatar_initial_sync: true # Whether or not the bridge should send a read receipt from the bridge bot when a message has # been sent to Facebook. delivery_receipts: true # Whether or not delivery errors should be reported as messages in the Matrix room. delivery_error_reports: true # Whether the bridge should send the message status as a custom com.beeper.message_send_status event. message_status_events: false # Whether to allow inviting arbitrary mxids to portal rooms allow_invites: false # Whether or not created rooms should have federation enabled. # If false, created portal rooms will never be federated. federate_rooms: true # Settings for backfilling messages from Facebook. periodic_reconnect: interval: -1 mode: refresh always: false min_connected_time: 0 resync_max_disconnected_time: 5 max_startup_thread_sync_count: 20 temporary_disconnect_notices: false disable_bridge_notices: false on_reconnection_fail: action: reconnect wait_for: 0 resend_bridge_info: false # When using double puppeting, should muted chats be muted in Matrix? mute_bridging: false # Whether or not mute status and tags should only be bridged when the portal room is created. tag_only_on_create: true sandbox_media_download: false # URL to call to retrieve a proxy URL from (defaults to the http_proxy environment variable). get_proxy_api_url: encryption: # Allow encryption, work in group chat rooms with e2ee enabled allow: true default: false # Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data. appservice: true # Require encryption, drop any unencrypted messages. require: false allow_key_sharing: true verification_levels: # Minimum level for which the bridge should send keys to when bridging messages from Telegram to Matrix. receive: unverified # Minimum level that the bridge should accept for incoming Matrix messages. send: unverified # Minimum level that the bridge should require for accepting key requests. share: cross-signed-tofu rotation: enable_custom: false milliseconds: 604800000 messages: 100
appservice: true
Encryption in appservice mode hasn't been tested with Synapse, so you shouldn't use that