matrix-org · kaylendog · Dec 9, 2025 · Dec 10, 2025 · richvdh · Dec 12, 2025
@@ -506,6 +506,7 @@ fn collect_sessions(
                 })
                 .collect::<anyhow::Result<_>>()?,
             sender_data: SenderData::legacy(),
+            forwarder_data: None,
             room_id: RoomId::parse(session.room_id)?,
             imported: session.imported,
             backed_up: session.backed_up,

@@ -15,7 +15,7 @@ use matrix_sdk_crypto::{
         SignatureVerification as RustSignatureCheckResult,
     },
     decrypt_room_key_export, encrypt_room_key_export,
-    olm::ExportedRoomKey,
+    olm::{ExportedRoomKey, SenderData},
     store::types::{BackupDecryptionKey, Changes},
     types::requests::ToDeviceRequest,
     CollectStrategy, DecryptionSettings, LocalTrust, OlmMachine as InnerMachine,
@@ -1023,7 +1023,7 @@ impl OlmMachine {
     ) -> Result<KeysImportResult, KeyImportError> {
         let keys = Cursor::new(keys);
         let keys = decrypt_room_key_export(keys, &passphrase)?;
-        self.import_room_keys_helper(keys, None, progress_listener)
+        self.import_room_keys_helper(keys, None, None, progress_listener)
     }
 
     /// Import room keys from the given serialized unencrypted key export.
@@ -1051,7 +1051,7 @@ impl OlmMachine {
         let backup_version = self.runtime.block_on(self.inner.backup_machine().backup_version());
         let keys: Vec<Value> = serde_json::from_str(&keys)?;
         let keys = keys.into_iter().map(serde_json::from_value).filter_map(|k| k.ok()).collect();
-        self.import_room_keys_helper(keys, backup_version.as_deref(), progress_listener)
+        self.import_room_keys_helper(keys, backup_version.as_deref(), None, progress_listener)
     }
 
     /// Import room keys from the given serialized unencrypted key export.
@@ -1078,7 +1078,7 @@ impl OlmMachine {
     ) -> Result<KeysImportResult, KeyImportError> {
         let keys: Vec<Value> = serde_json::from_str(&keys)?;
         let keys = keys.into_iter().map(serde_json::from_value).filter_map(|k| k.ok()).collect();
-        self.import_room_keys_helper(keys, Some(&backup_version), progress_listener)
+        self.import_room_keys_helper(keys, Some(&backup_version), None, progress_listener)
     }
 
     /// Discard the currently active room key for the given room if there is
@@ -1572,6 +1572,7 @@ impl OlmMachine {
         &self,
         keys: Vec<ExportedRoomKey>,
         from_backup_version: Option<&str>,
+        sender_data: Option<&SenderData>,
         progress_listener: Box<dyn ProgressListener>,
     ) -> Result<KeysImportResult, KeyImportError> {
         let listener = |progress: usize, total: usize| {
@@ -1581,6 +1582,7 @@ impl OlmMachine {
         let result = self.runtime.block_on(self.inner.store().import_room_keys(
             keys,
             from_backup_version,
+            sender_data,
             listener,
         ))?;
 

@@ -626,7 +626,12 @@ impl BackupMachine {
         let backup_version = self.backup_version().await;
 
         self.store
-            .import_room_keys(decrypted_room_keys, backup_version.as_deref(), progress_listener)
+            .import_room_keys(
+                decrypted_room_keys,
+                backup_version.as_deref(),
+                None,
+                progress_listener,
+            )
             .await
     }
 }

@@ -74,7 +74,7 @@ pub enum KeyExportError {
 /// # let machine = OlmMachine::new(&alice, device_id!("DEVICEID")).await;
 /// # let export = Cursor::new("".to_owned());
 /// let exported_keys = decrypt_room_key_export(export, "1234").unwrap();
-/// machine.store().import_room_keys(exported_keys, None, |_, _| {}).await.unwrap();
+/// machine.store().import_room_keys(exported_keys, None, None, |_, _| {}).await.unwrap();
 /// # };
 /// ```
 pub fn decrypt_room_key_export(

@@ -450,6 +450,7 @@ async fn test_verification_states_multiple_device() {
         fake_room_id,
         &olm,
         SenderData::unknown(),
+        None,
         EventEncryptionAlgorithm::MegolmV1AesSha2,
         None,
         false,
@@ -468,6 +469,7 @@ async fn test_verification_states_multiple_device() {
         fake_room_id,
         &olm,
         SenderData::unknown(),
+        None,
         EventEncryptionAlgorithm::MegolmV1AesSha2,
         None,
         false,

@@ -234,6 +234,7 @@ impl StaticAccountData {
             room_id,
             &outbound.session_key().await,
             own_sender_data,
+            None,
             algorithm,
             Some(visibility),
             shared_history,

@@ -187,6 +187,11 @@ pub struct InboundGroupSession {
     /// key.
     pub sender_data: SenderData,
 
+    /// If this session was shared-on-invite as part of an MSC4268 key bundle,
+    /// information about the user who forwarded us the session information.
+    /// This is distinct from [`InboundGroupSession::sender_data`].
+    pub forwarder_data: Option<SenderData>,
+
     /// The Room this GroupSession belongs to
     pub room_id: OwnedRoomId,
 
@@ -263,6 +268,7 @@ impl InboundGroupSession {
         room_id: &RoomId,
         session_key: &SessionKey,
         sender_data: SenderData,
+        forwarder_data: Option<SenderData>,
         encryption_algorithm: EventEncryptionAlgorithm,
         history_visibility: Option<HistoryVisibility>,
         shared_history: bool,
@@ -286,6 +292,7 @@ impl InboundGroupSession {
                 signing_keys: keys.into(),
             },
             sender_data,
+            forwarder_data,
             room_id: room_id.into(),
             imported: false,
             algorithm: encryption_algorithm.into(),
@@ -325,6 +332,7 @@ impl InboundGroupSession {
             room_id,
             session_key,
             SenderData::unknown(),
+            None,
             EventEncryptionAlgorithm::MegolmV1AesSha2,
             None,
             *shared_history,
@@ -380,6 +388,7 @@ impl InboundGroupSession {
             sender_key: self.creator_info.curve25519_key,
             signing_key: (*self.creator_info.signing_keys).clone(),
             sender_data: self.sender_data.clone(),
+            forwarder_data: self.forwarder_data.clone(),
             room_id: self.room_id().to_owned(),
             imported: self.imported,
             backed_up: self.backed_up(),
@@ -459,6 +468,7 @@ impl InboundGroupSession {
             sender_key,
             signing_key,
             sender_data,
+            forwarder_data,
             room_id,
             imported,
             backed_up,
@@ -479,6 +489,7 @@ impl InboundGroupSession {
                 signing_keys: signing_key.into(),
             },
             sender_data,
+            forwarder_data,
             history_visibility: history_visibility.into(),
             first_known_index,
             room_id,
@@ -691,6 +702,9 @@ pub struct PickledInboundGroupSession {
     /// Information on the device/sender who sent us this session
     #[serde(default)]
     pub sender_data: SenderData,
+    /// Information on the device/sender who forwarded us this session
+    #[serde(default)]
+    pub forwarder_data: Option<SenderData>,
     /// The id of the room that the session is used in.
     pub room_id: OwnedRoomId,
     /// Flag remembering if the session was directly sent to us by the sender
@@ -744,6 +758,7 @@ impl TryFrom<&HistoricRoomKey> for InboundGroupSession {
             // TODO: How do we remember that this is a historic room key and events decrypted using
             // this room key should always show some form of warning.
             sender_data: SenderData::default(),
+            forwarder_data: None,
             history_visibility: None.into(),
             first_known_index,
             room_id: room_id.to_owned(),
@@ -784,6 +799,7 @@ impl TryFrom<&ExportedRoomKey> for InboundGroupSession {
             // TODO: In future, exported keys should contain sender data that we can use here.
             // See https://github.com/matrix-org/matrix-rust-sdk/issues/3548
             sender_data: SenderData::default(),
+            forwarder_data: None,
             history_visibility: None.into(),
             first_known_index,
             room_id: room_id.to_owned(),
@@ -815,6 +831,7 @@ impl From<&ForwardedMegolmV1AesSha2Content> for InboundGroupSession {
             // In future, exported keys should contain sender data that we can use here.
             // See https://github.com/matrix-org/matrix-rust-sdk/issues/3548
             sender_data: SenderData::default(),
+            forwarder_data: None,
             history_visibility: None.into(),
             first_known_index,
             room_id: value.room_id.to_owned(),
@@ -842,6 +859,7 @@ impl From<&ForwardedMegolmV2AesSha2Content> for InboundGroupSession {
             // In future, exported keys should contain sender data that we can use here.
             // See https://github.com/matrix-org/matrix-rust-sdk/issues/3548
             sender_data: SenderData::default(),
+            forwarder_data: None,
             history_visibility: None.into(),
             first_known_index,
             room_id: value.room_id.to_owned(),
@@ -982,6 +1000,7 @@ mod tests {
             room_id!("!test:localhost"),
             &create_session_key(),
             SenderData::unknown(),
+            None,
             EventEncryptionAlgorithm::MegolmV1AesSha2,
             Some(HistoryVisibility::Shared),
             false,
@@ -1028,6 +1047,7 @@ mod tests {
                         "legacy_session":false
                     }
                 },
+                "forwarder_data":null,
                 "room_id":"!test:localhost",
                 "imported":false,
                 "backed_up":false,

@@ -826,6 +826,7 @@ mod tests {
                 room_id,
                 &session_key,
                 SenderData::unknown(),
+                None,
                 EventEncryptionAlgorithm::MegolmV1AesSha2,
                 None,
                 false,

@@ -23,6 +23,7 @@ expression: pickle
       "legacy_session": false
     }
   },
+  "forwarder_data": null,
   "room_id": "!test:localhost",
   "imported": false,
   "backed_up": false,

@@ -15,8 +15,7 @@ use super::{
 use crate::{
     CryptoStoreError, GossippedSecret, OwnUserIdentityData, Session, UserIdentityData,
     olm::InboundGroupSession,
-    store,
-    store::{Changes, DynCryptoStore, IntoCryptoStore, RoomKeyInfo, RoomKeyWithheldInfo},
+    store::{self, Changes, DynCryptoStore, IntoCryptoStore, RoomKeyInfo, RoomKeyWithheldInfo},
 };
 
 /// A wrapper for crypto store implementations that adds update notifiers.
@@ -289,6 +288,8 @@ impl CryptoStoreWrapper {
     /// # Arguments
     ///
     /// * `sessions` - The sessions to be saved.
+    /// * `sender_data` - If the sessions were received as part of an MSC4268
+    ///   key bundle, the information about the user who sent us the bundle.
     /// * `backed_up_to_version` - If the keys should be marked as having been
     ///   backed up, the version of the backup.
     ///

@@ -1430,6 +1430,7 @@ macro_rules! cryptostore_integration_tests {
                     room_id!("!r:s.co"),
                     &session_key,
                     sender_data,
+                    None,
                     EventEncryptionAlgorithm::MegolmV1AesSha2,
                     None,
                     false,

@@ -847,6 +847,7 @@ mod tests {
             room_id,
             &outbound.session_key().await,
             SenderData::unknown(),
+            None,
             outbound.settings().algorithm.to_owned(),
             None,
             false,
@@ -1245,6 +1246,7 @@ mod tests {
             room_id,
             &outbound.session_key().await,
             SenderData::unknown(),
+            None,
             outbound.settings().algorithm.to_owned(),
             None,
             false,