encryption: add ability to control rotation settings

Signed-off-by: Sumner Evans <sumner@beeper.com>

mautrix_telegram/config.py

@@ -147,12 +147,6 @@ class Config(BaseBridgeConfig):
         copy("bridge.animated_sticker.args.width")
         copy("bridge.animated_sticker.args.height")
         copy("bridge.animated_sticker.args.fps")
-        copy("bridge.encryption.allow")
-        copy("bridge.encryption.default")
-        copy("bridge.encryption.database")
-        copy("bridge.encryption.key_sharing.allow")
-        copy("bridge.encryption.key_sharing.require_cross_signing")
-        copy("bridge.encryption.key_sharing.require_verification")
         copy("bridge.private_chat_portal_meta")
         copy("bridge.delivery_receipts")
         copy("bridge.delivery_error_reports")

mautrix_telegram/example-config.yaml

@@ -257,6 +257,24 @@ bridge:
             # Require devices to be verified by the bridge?
             # Verification by the bridge is not yet implemented.
             require_verification: true
+        # Options for Megolm room key rotation. These options allow you to
+        # configure the m.room.encryption event content. See:
+        # https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for
+        # more information about that event.
+        rotation:
+            # Enable custom Megolm room key rotation settings. Note that these
+            # settings will only apply to rooms created after this option is
+            # set.
+            enable_custom: false
+            # The maximum number of milliseconds a session should be used
+            # before changing it. The Matrix spec recommends 604800000 (a week)
+            # as the default.
+            milliseconds: 604800000
+            # The maximum number of messages that should be sent with a given a
+            # session before changing it. The Matrix spec recommends 100 as the
+            # default.
+            messages: 100
+
     # Whether or not to explicitly set the avatar and room name for private
     # chat portal rooms. This will be implicitly enabled if encryption.default is true.
     private_chat_portal_meta: false

mautrix_telegram/portal.py

@@ -832,7 +832,7 @@ class Portal(DBPortal, BasePortal):
             initial_state.append(
                 {
                     "type": str(EventType.ROOM_ENCRYPTION),
-                    "content": {"algorithm": "m.megolm.v1.aes-sha2"},
+                    "content": self.get_encryption_state_event_json(),
                 }
             )
             if self.is_direct:

requirements.txt

@@ -3,7 +3,7 @@ python-magic>=0.4,<0.5
 commonmark>=0.8,<0.10
 aiohttp>=3,<4
 yarl>=1,<2
-mautrix>=0.16.8,<0.17
+mautrix>=0.16.9,<0.17
 #telethon>=1.24,<1.25
 tulir-telethon==1.25.0a16
 asyncpg>=0.20,<0.26