_GSoC 2019 E2EE proposal

Google Summer of Code 2019

Matrix project contribution proposal: libqmatrixclient end-to-end encryption

Name: Alexey Andreyev

e-mail: yetanotherandreyev@gmail.com

matrix: @aa13q:matrix.org

Idea source: "Adding end-to-end encryption to more clients"

Potential mentors: Hubert Chathi, Matthew Hodgson

Brief Introduction and Use Cases

As a Qt fan, I'm willing to help kitsune with libqmatrixclient.

I'm interested in the results not only for Quaternion, while it probably should be used there first. Hopefully, other projects like KDE, postmarketOS and Sailfish OS will get benefit from the results. I've contributed to Sailfish OS harbour-matrix client and the most interesting for me: TelepathyIM.

Basic use cases

We intend to support it.

• Keys and room initialization tasks
• Sending and receiving encrypted messages
• Managing devices list for users in the room

Advanced use cases

It will be covered if time permits.

• Keys backup
• Attachments
• Fancy device verifying UI/UX
• Anything else or move some part from basic use-cases during the discussion

Structure

• Youtube: FOSDEM 2017 "Encrypting Matrix Building a universal end-to-end encrypted communication ecosystem with Matrix and Olm" by Matthew Hodgson

• Slides

• Specification

Basic structure:

                              +--------------------------+
                              |Quaternion/qmc-example/etc|
+------------------+          +--------------------------+
|      CS API      |  <---->  |     libQMatrixClient     |
+------------------+          +-----------+--------------+
|Synapse homeserver|          |   Qt      | olm/megolm   |
+------------------+          +-----------+--------------+

— where:

• CS API — Client-Server API
• Synapse — Matrix reference homeserver
• Qt -- cross-platform software development framework
• olm/megolm — libolm library, an implementation of the Double Ratchet cryptographic ratchet in C++
• libQMatrixClient — Qt library to write cross-platfrom clients for Matrix
• Quaternion — full-fledged IM client for Matrix, qmc-exaple — minimal client application to test the library

Implementation

Deployment. A local test server is going to be used to not mess up the public server. I've already deployed it, qmc-example from qmatrixclient library is going to be used for tests.

Related work. Thanks to kitsune, I've found there are New Vector's SDKs for Riot and there's E2EE code for nheko currently maintained by red_sky. Hubert also pointed out that there's Zil0's python SDK PRs from last year with the related issue, which could be used for time costs estimation. All the mentioned projects could be used as reference hints.

Tools and current state. Libolm is going to be used as an underlying library. There's even an oldish branch in libQMatrixClient code that integrates it, plus some very initial code using it. Joe from nheko helped me with the details that libolm provides a good bit of stuff I'll need for the actual olm / Megolm handling, but it's lacking in access to crypto 'primitives'. Qt library is going to be used to provide those primitives.

Management. There's an "epic" in the library's roadmap that lays out steps for E2EE implementation, being on the E2EE implementation guide from matrix.org. The guide has been massively updated since then but the epic has not -- so the first step would probably be to bring it up-to-date, before writing any code. Initial steps are likely to stay intact though - basics did not change.

Timeline

I've taken into account Zil0's matrix-python-sdk timeline.

Community Bonding Period

• Update the epic at the github repo
• Get more familiar with the library and e2ee libs
• Upstream kitsune's groundwork from kitsune-e2ee branch
• Discuss implementation options

May

Keys and room initialization tasks

May 27: Coding officially begins!

June

Week 1-2: Handling incoming events

Week 3-4: downloading the device list for users in the room

June 24 18:00 UTC: Mentors and students can begin submitting Phase 1 evaluations

June 28 18:00 UTC: Phase 1 Evaluation deadline

July

Week 1: Sending encrypted messages

Week 2: handling membership changes

Week 3-4: handling new devices

July 22 18:00 UTC: Mentors and students can begin submitting Phase 2 evaluations

July 26 18:00 UTC: Phase 2 Evaluation deadline

August

Week 1: Fixes

Week 2: additional work

Week 3: additional work

August 19 - 26 18:00 UTC: Final week: Students submit their final work product and their final mentor evaluation

August 26 - Sept 2 18:00 UTC: Mentors submit final student evaluations

About Me

I am a Ph.D. student in Computer Science from ITMO University, Saint Petersburg, Russia. I'm familiar with Qt/QML and working with Qt/QML at my daily part-time job at Open Mobile Platform. I'm interested in getting deeper into the topic of encrypted communications, especially in the context of the Matrix project. The main reason I’m going to take part in GSoC with Matrix project is that I'm using libQMatrixClient by myself and stated contributing to it recently, while E2EE support is the most upvoted open issue.

My Blog: https://aa13q.ru/

My GitHub Account: https://github.com/a-andreyev