refactor!: Room's Key ID generation

[KevLehman]

Proposed changes (including videos or screenshots)

Our current way of generating the e2eRoomKeyId is flawed. Our current steps are:

• Generate a CryptoKey (AES)
• Export CryptoKey using exportJWKKey, this produces an object similar to this:

{
    "alg": "A128CBC",
    "ext": true,
    "k": "6RkYqlDAx_-xxxxxxxxxx",
    "key_ops": [
        "encrypt",
        "decrypt"
    ],
    "kty": "oct"
}

• We stringify the object
• We convert the stringified to base64
• Then, we take an slice of 12 chars.

Since after stringify/encoding the object above, the first 12 chars would be the string {"alg": "A which encoded is eyJhbGciOiJB, and then this is defined as the "room key id"

We currently don't use this value for anything that would require it to be random or "secure". We just use it to "identify" the key. However, since a room only has 1 key, it didn't matter if a key was actually "different", system would think it was "the key" for the room.

This would cause the client to try to decrypt the message and failing (if the key was actually different) as all the keys produced the same identifier.

This PR introduces a change in this keyID mechanism, creating an SHA-256 hash of the exported session key, and then taking the first 12 characters of the hash. Current rooms with current keys will continue to work as they should, as we now will use the keyID stored in the room object instead of calculating it from the key everytime.

Issue(s)

https://rocketchat.atlassian.net/browse/E2EE2-68

Steps to test or reproduce

Further comments

[changeset-bot]

🦋 Changeset detected

Latest commit: f7d8aeb

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 33 packages

Name	Type
@rocket.chat/meteor	Major
@rocket.chat/core-typings	Major
@rocket.chat/rest-typings	Major
@rocket.chat/uikit-playground	Patch
@rocket.chat/api-client	Patch
@rocket.chat/apps	Patch
@rocket.chat/core-services	Patch
@rocket.chat/cron	Patch
@rocket.chat/ddp-client	Patch
@rocket.chat/fuselage-ui-kit	Major
@rocket.chat/gazzodown	Major
@rocket.chat/livechat	Patch
@rocket.chat/model-typings	Patch
@rocket.chat/ui-contexts	Major
@rocket.chat/account-service	Patch
@rocket.chat/authorization-service	Patch
@rocket.chat/ddp-streamer	Patch
@rocket.chat/omnichannel-transcript	Patch
@rocket.chat/presence-service	Patch
@rocket.chat/queue-worker	Patch
@rocket.chat/stream-hub-service	Patch
@rocket.chat/license	Patch
@rocket.chat/omnichannel-services	Patch
@rocket.chat/pdf-worker	Patch
@rocket.chat/presence	Patch
rocketchat-services	Patch
@rocket.chat/network-broker	Patch
@rocket.chat/models	Patch
@rocket.chat/ui-avatar	Major
@rocket.chat/ui-client	Major
@rocket.chat/ui-video-conf	Major
@rocket.chat/web-ui-registration	Major
@rocket.chat/instance-status	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[dionisio-bot]

Looks like this PR is ready to merge! 🎉
If you have any trouble, please check the PR guidelines

[github-actions]

PR Preview Action v1.4.8
Preview removed because the pull request was closed.
2024-10-02 16:19 UTC

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 75.32%. Comparing base (bf02ce5) to head (f7d8aeb).
Report is 11 commits behind head on release-7.0.0.

Additional details and impacted files

@@              Coverage Diff               @@
##           release-7.0.0   #33329   +/-   ##
==============================================
  Coverage          75.32%   75.32%           
==============================================
  Files                383      383           
  Lines              19383    19383           
  Branches            4980     4980           
==============================================
  Hits               14601    14601           
  Misses              4212     4212           
  Partials             570      570           

Flag	Coverage Δ
unit	75.32% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

The merge-base changed after approval.

[hugocostadev]

Congrats @KevLehman every problem that we discussed in not related with this code.