matrix-org · richvdh · Oct 30, 2025 · Oct 27, 2025 · Oct 27, 2025 · Oct 28, 2025
@@ -1200,6 +1200,13 @@ pub enum WithheldCode {
     #[ruma_enum(rename = "m.no_olm")]
     NoOlm,
 
+    /// Normally used when sharing history, per [MSC4268]: indicates
+    /// that the session was not marked as "shared_history".
+    ///
+    /// [MSC4268]: https://github.com/matrix-org/matrix-spec-proposals/pull/4268
+    #[ruma_enum(rename = "io.element.msc4268.history_not_shared", alias = "m.history_not_shared")]
+    HistoryNotShared,
+
     #[doc(hidden)]
     _Custom(PrivOwnedStr),
 }
@@ -1212,6 +1219,7 @@ impl fmt::Display for WithheldCode {
             WithheldCode::Unauthorised => "You are not authorised to read the message.",
             WithheldCode::Unavailable => "The requested key was not found.",
             WithheldCode::NoOlm => "Unable to establish a secure channel.",
+            WithheldCode::HistoryNotShared => "The sender disabled sharing encrypted history.",
             _ => self.as_str(),
         };
 

@@ -8,6 +8,9 @@ All notable changes to this project will be documented in this file.
 
 ### Features
 
+- Use new withheld code in key bundles for sessions not marked as
+  `shared_history`.
+  ([#5807](https://github.com/matrix-org/matrix-rust-sdk/pull/5807)
 - Improve feedback support for shared history when downloading room key bundles.
   ([#5737](https://github.com/matrix-org/matrix-rust-sdk/pull/5737))
   - Add `RoomKeyWithheldEntry` enum, wrapping either a received to-device `m.room_key.withheld` event or

@@ -897,7 +897,7 @@ impl OlmMachine {
         // This function is only ever called by add_room_key via
         // handle_decrypted_to_device_event, so sender, sender_key, and algorithm are
         // already recorded.
-        fields(room_id = ? content.room_id, session_id, message_index)
+        fields(room_id = ? content.room_id, session_id, message_index, shared_history = content.shared_history)
     )]
     async fn handle_key(
         &self,

@@ -1600,7 +1600,7 @@ impl Store {
             } else {
                 bundle.withheld.push(RoomKeyWithheldContent::new(
                     session.algorithm().to_owned(),
-                    WithheldCode::Unauthorised,
+                    WithheldCode::HistoryNotShared,
                     session.room_id().to_owned(),
                     session.session_id().to_owned(),
                     session.sender_key().to_owned(),
@@ -1717,6 +1717,8 @@ impl Store {
         bundle_info: &StoredRoomKeyBundleData,
         bundle: &RoomKeyBundle,
     ) -> Result<(), CryptoStoreError> {
+        let mut session_id_to_withheld_code_map = BTreeMap::new();
+
         let mut changes = Changes::default();
         for withheld in &bundle.withheld {
             let (room_id, session_id) = match withheld {
@@ -1744,9 +1746,17 @@ impl Store {
                     content: withheld.to_owned(),
                 },
             );
+            session_id_to_withheld_code_map.insert(session_id, withheld.withheld_code());
         }
+
         self.save_changes(changes).await?;
 
+        info!(
+            room_id = ?bundle_info.bundle_data.room_id,
+            ?session_id_to_withheld_code_map,
+            "Successfully imported withheld info from room key bundle",
+        );
+
         Ok(())
     }
 }
@@ -2144,11 +2154,11 @@ mod tests {
             RoomKeyWithheldEntry {
                 #[cfg(not(feature = "experimental-algorithms"))]
                 content: RoomKeyWithheldContent::MegolmV1AesSha2(
-                    MegolmV1AesSha2WithheldContent::Unauthorised(_)
+                    MegolmV1AesSha2WithheldContent::HistoryNotShared(_)
                 ),
                 #[cfg(feature = "experimental-algorithms")]
                 content: RoomKeyWithheldContent::MegolmV2AesSha2(
-                    MegolmV1AesSha2WithheldContent::Unauthorised(_)
+                    MegolmV1AesSha2WithheldContent::HistoryNotShared(_)
                 ),
                 ..
             }

@@ -28,9 +28,9 @@ expression: bundle
   "withheld": [
     {
       "algorithm": "[algorithm]",
-      "code": "m.unauthorised",
+      "code": "io.element.msc4268.history_not_shared",
       "from_device": "BOB",
-      "reason": "You are not authorised to read the message.",
+      "reason": "The sender disabled sharing encrypted history.",
       "room_id": "!room1:localhost",
       "sender_key": "[alice curve key]",
       "session_id": "lpRzTgD3Nook/Wk62Fm9ECWGnKYZgeCwO1Y+uuPJz/I"

@@ -65,7 +65,8 @@ macro_rules! construct_withheld_content {
             WithheldCode::Blacklisted
             | WithheldCode::Unverified
             | WithheldCode::Unauthorised
-            | WithheldCode::Unavailable => {
+            | WithheldCode::Unavailable
+            | WithheldCode::HistoryNotShared => {
                 let content = CommonWithheldCodeContent {
                     $room_id,
                     $session_id,
@@ -84,7 +85,9 @@ macro_rules! construct_withheld_content {
                         .into(),
                 ))
             }
-            _ => unreachable!("Can't create an unknown withheld code content"),
+            WithheldCode::_Custom(_) => {
+                unreachable!("Can't create an unknown withheld code content")
+            }
         }
     };
 }
@@ -180,6 +183,9 @@ pub enum MegolmV1AesSha2WithheldContent {
     Unauthorised(Box<CommonWithheldCodeContent>),
     /// The `m.unavailable` variant of the withheld code content.
     Unavailable(Box<CommonWithheldCodeContent>),
+    /// The `m.history_not_shared` variant of the withheld code content (cf
+    /// [MSC4268](https://github.com/matrix-org/matrix-spec-proposals/pull/4268)).
+    HistoryNotShared(Box<CommonWithheldCodeContent>),
     /// The `m.no_olm` variant of the withheld code content.
     NoOlm(Box<NoOlmWithheldContent>),
 }
@@ -231,7 +237,10 @@ impl MegolmV1AesSha2WithheldContent {
             MegolmV1AesSha2WithheldContent::BlackListed(content)
             | MegolmV1AesSha2WithheldContent::Unverified(content)
             | MegolmV1AesSha2WithheldContent::Unauthorised(content)
-            | MegolmV1AesSha2WithheldContent::Unavailable(content) => Some(&content.session_id),
+            | MegolmV1AesSha2WithheldContent::Unavailable(content)
+            | MegolmV1AesSha2WithheldContent::HistoryNotShared(content) => {
+                Some(&content.session_id)
+            }
             MegolmV1AesSha2WithheldContent::NoOlm(_) => None,
         }
     }
@@ -242,7 +251,8 @@ impl MegolmV1AesSha2WithheldContent {
             MegolmV1AesSha2WithheldContent::BlackListed(content)
             | MegolmV1AesSha2WithheldContent::Unverified(content)
             | MegolmV1AesSha2WithheldContent::Unauthorised(content)
-            | MegolmV1AesSha2WithheldContent::Unavailable(content) => Some(&content.room_id),
+            | MegolmV1AesSha2WithheldContent::Unavailable(content)
+            | MegolmV1AesSha2WithheldContent::HistoryNotShared(content) => Some(&content.room_id),
             MegolmV1AesSha2WithheldContent::NoOlm(_) => None,
         }
     }
@@ -254,6 +264,7 @@ impl MegolmV1AesSha2WithheldContent {
             MegolmV1AesSha2WithheldContent::Unverified(_) => WithheldCode::Unverified,
             MegolmV1AesSha2WithheldContent::Unauthorised(_) => WithheldCode::Unauthorised,
             MegolmV1AesSha2WithheldContent::Unavailable(_) => WithheldCode::Unavailable,
+            MegolmV1AesSha2WithheldContent::HistoryNotShared(_) => WithheldCode::HistoryNotShared,
             MegolmV1AesSha2WithheldContent::NoOlm(_) => WithheldCode::NoOlm,
         }
     }
@@ -266,7 +277,10 @@ impl MegolmV1AesSha2WithheldContent {
             WithheldCode::Unverified => Self::Unverified(content),
             WithheldCode::Unauthorised => Self::Unauthorised(content),
             WithheldCode::Unavailable => Self::Unavailable(content),
-            _ => unreachable!("This constructor requires one of the common withheld codes"),
+            WithheldCode::HistoryNotShared => Self::HistoryNotShared(content),
+            WithheldCode::NoOlm | WithheldCode::_Custom(_) => {
+                unreachable!("This constructor requires one of the common withheld codes")
+            }
         }
     }
 }
@@ -349,14 +363,15 @@ impl TryFrom<WithheldHelper> for RoomKeyWithheldContent {
                 WithheldCode::Blacklisted
                 | WithheldCode::Unverified
                 | WithheldCode::Unauthorised
-                | WithheldCode::Unavailable => {
+                | WithheldCode::Unavailable
+                | WithheldCode::HistoryNotShared => {
                     let content: CommonWithheldCodeContent = serde_json::from_value(value.other)?;
 
                     Self::MegolmV1AesSha2(MegolmV1AesSha2WithheldContent::from_code_and_content(
                         value.code, content,
                     ))
                 }
-                _ => unknown(value)?,
+                WithheldCode::_Custom(_) => unknown(value)?,
             },
             #[cfg(feature = "experimental-algorithms")]
             EventEncryptionAlgorithm::MegolmV2AesSha2 => match value.code {
@@ -367,14 +382,15 @@ impl TryFrom<WithheldHelper> for RoomKeyWithheldContent {
                 WithheldCode::Blacklisted
                 | WithheldCode::Unverified
                 | WithheldCode::Unauthorised
-                | WithheldCode::Unavailable => {
+                | WithheldCode::Unavailable
+                | WithheldCode::HistoryNotShared => {
                     let content: CommonWithheldCodeContent = serde_json::from_value(value.other)?;
 
                     Self::MegolmV1AesSha2(MegolmV1AesSha2WithheldContent::from_code_and_content(
                         value.code, content,
                     ))
                 }
-                _ => unknown(value)?,
+                WithheldCode::_Custom(_) => unknown(value)?,
             },
             _ => unknown(value)?,
         })
@@ -397,7 +413,8 @@ impl Serialize for RoomKeyWithheldContent {
                     MegolmV1AesSha2WithheldContent::BlackListed(content)
                     | MegolmV1AesSha2WithheldContent::Unverified(content)
                     | MegolmV1AesSha2WithheldContent::Unauthorised(content)
-                    | MegolmV1AesSha2WithheldContent::Unavailable(content) => WithheldHelper {
+                    | MegolmV1AesSha2WithheldContent::Unavailable(content)
+                    | MegolmV1AesSha2WithheldContent::HistoryNotShared(content) => WithheldHelper {
                         algorithm,
                         code,
                         reason,
@@ -420,7 +437,8 @@ impl Serialize for RoomKeyWithheldContent {
                     MegolmV1AesSha2WithheldContent::BlackListed(content)
                     | MegolmV1AesSha2WithheldContent::Unverified(content)
                     | MegolmV1AesSha2WithheldContent::Unauthorised(content)
-                    | MegolmV1AesSha2WithheldContent::Unavailable(content) => WithheldHelper {
+                    | MegolmV1AesSha2WithheldContent::Unavailable(content)
+                    | MegolmV1AesSha2WithheldContent::HistoryNotShared(content) => WithheldHelper {
                         algorithm,
                         code,
                         reason,
@@ -534,6 +552,7 @@ pub(super) mod tests {
             WithheldCode::Blacklisted,
             WithheldCode::Unauthorised,
             WithheldCode::Unavailable,
+            WithheldCode::HistoryNotShared,
         ];
         for code in codes {
             let json = json(&code);

@@ -150,6 +150,7 @@ impl UtdCause {
                     WithheldCode::Blacklisted
                     | WithheldCode::Unauthorised
                     | WithheldCode::Unavailable
+                    | WithheldCode::HistoryNotShared
                     | WithheldCode::NoOlm
                     | WithheldCode::_Custom(_) => UtdCause::WithheldBySender,
                 }