Cannot decrypt message: sender's device has not sent us the keys for this message ("bug N..")

[mcalinghee]

What I wrote is encrypted, my contacts can not see my messages

Scenario

NOTE : this issue cannot be reproduced for everyone (this issue happens for specific user)
URL : https://www.tchap.gouv.fr/

1. user1 sends a message into a room(or in a DM)
2. user2 receiving the message cannot see the message (message is encrypted)
3. user1 refresh his page
4. user1 sends the 2nd message
5. user2 is able to see the 2nd message
6. after sometime, user1 sends a 3rd message
7. user2 cannot see the 3rd message (message is encrypted)

More information :

• This issue has appeared after a 'Clear cache and Reload' action from the user as he could not download a file in Tchap(another issue logged here Can not download files from a room #254)
• this issue seems to be resolved by opening a new web session on another URL : ask the team to provide this URL
  • this action has fixed the existing session on : https://www.tchap.gouv.fr/ and the problem does seem to come back (to be confirmed)

Analysis

We tried other scenarios

1. User2 goes in Private Room, messages from user1 were still encrypted:

• Encrypted Message 1 (whereas it should be decrypted)
  • senderkey:7JvrMSEAoGl5U5Bp47jZZEEFeTQfTOtdrquI0PbwgnI
  • sessionId: osAzWWBpcwa13kRh4bpjvgKLQMejjAwwVswpfv0ElOs
• Encrypted Message 2 (whereas it should be decrypted)
  • senderkey: 7JvrMSEAoGl5U5Bp47jZZEEFeTQfTOtdrquI0PbwgnI
  • sessionId: YpDkbqjRJIMz75RwN9bWG8Y5yDzkbkD9EgDtOrTAnjc

2. User2 performed a reload : ctrl+F5

• Message 3 was decrypted (user2 could see the message) :
• senderkey:7JvrMSEAoGl5U5Bp47jZZEEFeTQfTOtdrquI0PbwgnI
• sessionId : YNx+AxDv9Ion/x4oRedPPtjY6VC5qqlPW0bB8Ae68qA

---

Logs from user1's browser

Before user1 sends a message that cannot be decrypted by user2

2022-10-18T15:52:13.468Z E sendToDevice failed Failed to execute 'transaction' on 'IDBDatabase': The database connection is closing.
InvalidStateError: Failed to execute 'transaction' on 'IDBDatabase': The database connection is closing.
    at Worker.<anonymous> (https://www.tchap.gouv.fr/bundles/2bc64c92a71bae258f08/bundle.js:2:1301820)
2022-10-18T15:52:13.468Z E encryptAndSendToDevices promises failed Failed to execute 'transaction' on 'IDBDatabase': The database connection is closing.
InvalidStateError: Failed to execute 'transaction' on 'IDBDatabase': The database connection is closing.
    at Worker.<anonymous> (https://www.tchap.gouv.fr/bundles/2bc64c92a71bae258f08/bundle.js:2:1301820)
2022-10-18T15:52:13.468Z E failed to encryptAndSendToDevices Failed to execute 'transaction' on 'IDBDatabase': The database connection is closing.
InvalidStateError: Failed to execute 'transaction' on 'IDBDatabase': The database connection is closing.
    at Worker.<anonymous> (https://www.tchap.gouv.fr/bundles/2bc64c92a71bae258f08/bundle.js:2:1301820)

user1 when opening a new room

IndexedDBStore failure, degrading to MemoryStore

In code, it triggers cleardatabase which seems to wipe the contents of indexeddb :
https://github.com/matrix-org/matrix-js-sdk/blob/121250a6fb7709de8fb49cc2c40d0ad11f09365a/src/store/indexeddb.ts#L303-L304
// We try to delete IndexedDB after degrading since this store is only a
// cache (the app will still function correctly without the data).
// It's possible that deleting repair IndexedDB for the next app load,
// potentially by making a little more space available.`

Comments

It seems that user1 cannot send its keys as the key sharing process fails ie. the error with the IndexedDB therefore user2 does not receive the key from user1 and he is not able to decrypt the message.

[estellecomment]

This issue is also happening to a number of users who upgrade from v4. It may not be the same cause, but it's the same symptoms.

• When it happens on upgrade, it seems that a simple page refresh (ctrl+R) solves it, for multiple people.
• When it happened (once) after a "Clear cache and reload", the refresh did not solve it, and finally it was solved (accidentally) by doing an emoji exchange with a new session. Ctrl+shift+R and "clear cache and reload" were not tried.

[mcalinghee]

Other Scenarios that we tried to trigger the issue :

Scenario 1 : limit the space storage (The idea is to make the IndexedDB to fail)

1. Simulating a limited storage (in order to limit the storage of the IndexedDB)
2. user1 sends a message into a room(or in a DM)
3. user2 receiving the message cannot see the message (encrypted message)
4. we can see in the log of user1 that there is an error with the storage (as the space is now limited), we think that has causing the sharing key process to fail and keys are not sent.

This scenario is not the initial scenario that we had in production: the user seems to have a lot of memory

Scenario 2 : bad network conditions

1. Try to setup your machine to have a bad network(VPN)
2. user1 sends a message into a room(or in a DM)
3. user2 receiving the message cannot see the message (encrypted message)
4. user2 not receive the keys from user1 before decrypting the message

This scenario is not the initial scenario that we had in production: the user seems to have a lot of memory

Conclusion :
We can have issues around the decryption of messages if :

• the storage space of the browser has reached its limit
• in bad network condition

Concerning the issue we had initially with our user(see the description of the issue), the fact that opening a new session has resolved the issue in the existing session could also indicate that the IndexedBD had corrupted data inside the db and was fixed by the new session.

[mcalinghee]

We could track this issue on Element side : element-hq/element-web#14174

[odelcroi]

Not really a bug a v4 anymore, closing for now