diff --git a/package.json b/package.json index 009bb295f37..49fdf7a418e 100644 --- a/package.json +++ b/package.json @@ -50,7 +50,7 @@ ], "dependencies": { "@babel/runtime": "^7.12.5", - "@matrix-org/matrix-sdk-crypto-wasm": "^9.0.0", + "@matrix-org/matrix-sdk-crypto-wasm": "^11.0.0", "@matrix-org/olm": "3.2.15", "another-json": "^0.2.0", "bs58": "^6.0.0", diff --git a/spec/integ/crypto/verification.spec.ts b/spec/integ/crypto/verification.spec.ts index a9f9ba522e7..c9cfe021f29 100644 --- a/spec/integ/crypto/verification.spec.ts +++ b/spec/integ/crypto/verification.spec.ts @@ -82,6 +82,8 @@ import { } from "./olm-utils"; import { KeyBackupInfo } from "../../../src/crypto-api"; import { encodeBase64 } from "../../../src/base64"; +import { RustCrypto } from "../../../src/rust-crypto/rust-crypto"; +import type { IDeviceKeys } from "../../../src/@types/crypto"; // The verification flows use javascript timers to set timeouts. We tell jest to use mock timer implementations // to ensure that we don't end up with dangling timeouts. @@ -990,6 +992,30 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("verification (%s)", (backend: st aliceClient.setGlobalErrorOnUnknownDevices(false); syncResponder.sendOrQueueSyncResponse(getSyncResponse([BOB_TEST_USER_ID])); await syncPromise(aliceClient); + const crypto = aliceClient.getCrypto()!; + if (crypto instanceof RustCrypto) { + // Rust crypto requires the sender's device keys before it accepts + // a verification request. + const bobIdentityKeys = JSON.parse(testOlmAccount.identity_keys()); + const bobDeviceKeys: IDeviceKeys = { + user_id: "@bob:xyz", + device_id: "BobDevice", + algorithms: ["m.olm.v1.curve25519-aes-sha2", "m.megolm.v1.aes-sha2"], + keys: { + "curve25519:BobDevice": bobIdentityKeys.curve25519, + "ed25519:BobDevice": bobIdentityKeys.ed25519, + }, + }; + const signature = testOlmAccount.sign(anotherjson.stringify(bobDeviceKeys)); + bobDeviceKeys.signatures = { + "@bob:xyz": { + "ed25519:BobDevice": signature, + }, + }; + e2eKeyResponder.addDeviceKeys(bobDeviceKeys); + await crypto.processDeviceLists({ changed: ["@bob:xyz"] }); + crypto.onSyncCompleted({}); + } }); /** diff --git a/spec/unit/rust-crypto/rust-crypto.spec.ts b/spec/unit/rust-crypto/rust-crypto.spec.ts index fc9b571acb2..aa4d9452059 100644 --- a/spec/unit/rust-crypto/rust-crypto.spec.ts +++ b/spec/unit/rust-crypto/rust-crypto.spec.ts @@ -572,15 +572,37 @@ describe("RustCrypto", () => { }); it("emits VerificationRequestReceived on incoming m.key.verification.request", async () => { + rustCrypto = await makeTestRustCrypto( + new MatrixHttpApi(new TypedEventEmitter(), { + baseUrl: "http://server/", + prefix: "", + onlyData: true, + }), + testData.TEST_USER_ID, + ); + + fetchMock.post("path:/_matrix/client/v3/keys/upload", { one_time_key_counts: {} }); + fetchMock.post("path:/_matrix/client/v3/keys/query", { + device_keys: { + [testData.TEST_USER_ID]: { + [testData.TEST_DEVICE_ID]: testData.SIGNED_TEST_DEVICE_DATA, + }, + }, + }); + + // wait until we know about the other device + rustCrypto.onSyncCompleted({}); + await rustCrypto.getUserDeviceInfo([testData.TEST_USER_ID]); + const toDeviceEvent = { type: "m.key.verification.request", content: { - from_device: "testDeviceId", + from_device: testData.TEST_DEVICE_ID, methods: ["m.sas.v1"], transaction_id: "testTxn", timestamp: Date.now() - 1000, }, - sender: "@user:id", + sender: testData.TEST_USER_ID, }; const onEvent = jest.fn(); @@ -1015,7 +1037,7 @@ describe("RustCrypto", () => { ["Not encrypted.", RustSdkCryptoJs.ShieldStateCode.SentInClear, EventShieldReason.SENT_IN_CLEAR], [ "Encrypted by a previously-verified user who is no longer verified.", - RustSdkCryptoJs.ShieldStateCode.PreviouslyVerified, + RustSdkCryptoJs.ShieldStateCode.VerificationViolation, EventShieldReason.VERIFICATION_VIOLATION, ], ])("gets the right shield reason (%s)", async (rustReason, rustCode, expectedReason) => { diff --git a/src/rust-crypto/rust-crypto.ts b/src/rust-crypto/rust-crypto.ts index d18461e7b22..9e39b9488d3 100644 --- a/src/rust-crypto/rust-crypto.ts +++ b/src/rust-crypto/rust-crypto.ts @@ -653,7 +653,7 @@ export class RustCrypto extends TypedEventEmitter { - const userIdentity: RustSdkCryptoJs.UserIdentity | RustSdkCryptoJs.OwnUserIdentity | undefined = + const userIdentity: RustSdkCryptoJs.OtherUserIdentity | RustSdkCryptoJs.OwnUserIdentity | undefined = await this.getOlmMachineOrThrow().getIdentity(new RustSdkCryptoJs.UserId(userId)); if (userIdentity === undefined) { return new UserVerificationStatus(false, false, false); @@ -662,7 +662,9 @@ export class RustCrypto extends TypedEventEmitter { - const userIdentity: RustSdkCryptoJs.UserIdentity | RustSdkCryptoJs.OwnUserIdentity | undefined = + const userIdentity: RustSdkCryptoJs.OtherUserIdentity | RustSdkCryptoJs.OwnUserIdentity | undefined = await this.getOlmMachineOrThrow().getIdentity(new RustSdkCryptoJs.UserId(userId)); if (userIdentity === undefined) { @@ -1020,7 +1022,7 @@ export class RustCrypto extends TypedEventEmitter { - const userIdentity: RustSdkCryptoJs.UserIdentity | undefined = await this.olmMachine.getIdentity( + const userIdentity: RustSdkCryptoJs.OtherUserIdentity | undefined = await this.olmMachine.getIdentity( new RustSdkCryptoJs.UserId(userId), ); @@ -2035,7 +2037,7 @@ class EventDecryptor { errorDetails, ); - case RustSdkCryptoJs.DecryptionErrorCode.SenderIdentityPreviouslyVerified: + case RustSdkCryptoJs.DecryptionErrorCode.SenderIdentityVerificationViolation: // We're refusing to decrypt due to not trusting the sender, // rather than failing to decrypt due to lack of keys, so we // don't need to keep it on the pending list. @@ -2200,7 +2202,7 @@ function rustEncryptionInfoToJsEncryptionInfo( case RustSdkCryptoJs.ShieldStateCode.SentInClear: shieldReason = EventShieldReason.SENT_IN_CLEAR; break; - case RustSdkCryptoJs.ShieldStateCode.PreviouslyVerified: + case RustSdkCryptoJs.ShieldStateCode.VerificationViolation: shieldReason = EventShieldReason.VERIFICATION_VIOLATION; break; } diff --git a/yarn.lock b/yarn.lock index 0684d205c20..c1862a4f42a 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1468,10 +1468,10 @@ "@jridgewell/resolve-uri" "^3.1.0" "@jridgewell/sourcemap-codec" "^1.4.14" -"@matrix-org/matrix-sdk-crypto-wasm@^9.0.0": - version "9.1.0" - resolved "https://registry.yarnpkg.com/@matrix-org/matrix-sdk-crypto-wasm/-/matrix-sdk-crypto-wasm-9.1.0.tgz#f889653eb4fafaad2a963654d586bd34de62acd5" - integrity sha512-CtPoNcoRW6ehwxpRQAksG3tR+NJ7k4DV02nMFYTDwQtie1V4R8OTY77BjEIs97NOblhtS26jU8m1lWsOBEz0Og== +"@matrix-org/matrix-sdk-crypto-wasm@^11.0.0": + version "11.0.0" + resolved "https://registry.yarnpkg.com/@matrix-org/matrix-sdk-crypto-wasm/-/matrix-sdk-crypto-wasm-11.0.0.tgz#c49a1a0d1e367d3c00a2144a4ab23caee0b1eec2" + integrity sha512-a7NUH8Kjc8hwzNCPpkOGXoceFqWJiWvA8OskXeDrKyODJuDz4yKrZ/nvgaVRfQe45Ab5UC1ZXYqaME+ChlJuqg== "@matrix-org/olm@3.2.15": version "3.2.15" @@ -6002,16 +6002,7 @@ string-length@^4.0.1: char-regex "^1.0.2" strip-ansi "^6.0.0" -"string-width-cjs@npm:string-width@^4.2.0": - version "4.2.3" - resolved "https://registry.yarnpkg.com/string-width/-/string-width-4.2.3.tgz#269c7117d27b05ad2e536830a8ec895ef9c6d010" - integrity sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g== - dependencies: - emoji-regex "^8.0.0" - is-fullwidth-code-point "^3.0.0" - strip-ansi "^6.0.1" - -string-width@^4.1.0, string-width@^4.2.0, string-width@^4.2.3: +"string-width-cjs@npm:string-width@^4.2.0", string-width@^4.1.0, string-width@^4.2.0, string-width@^4.2.3: version "4.2.3" resolved "https://registry.yarnpkg.com/string-width/-/string-width-4.2.3.tgz#269c7117d27b05ad2e536830a8ec895ef9c6d010" integrity sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g== @@ -6074,14 +6065,7 @@ stringify-entities@^4.0.0: character-entities-html4 "^2.0.0" character-entities-legacy "^3.0.0" -"strip-ansi-cjs@npm:strip-ansi@^6.0.1": - version "6.0.1" - resolved "https://registry.yarnpkg.com/strip-ansi/-/strip-ansi-6.0.1.tgz#9e26c63d30f53443e9489495b2105d37b67a85d9" - integrity sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A== - dependencies: - ansi-regex "^5.0.1" - -strip-ansi@^6.0.0, strip-ansi@^6.0.1: +"strip-ansi-cjs@npm:strip-ansi@^6.0.1", strip-ansi@^6.0.0, strip-ansi@^6.0.1: version "6.0.1" resolved "https://registry.yarnpkg.com/strip-ansi/-/strip-ansi-6.0.1.tgz#9e26c63d30f53443e9489495b2105d37b67a85d9" integrity sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A== @@ -6677,16 +6661,7 @@ word-wrap@^1.2.5: resolved "https://registry.yarnpkg.com/word-wrap/-/word-wrap-1.2.5.tgz#d2c45c6dd4fbce621a66f136cbe328afd0410b34" integrity sha512-BN22B5eaMMI9UMtjrGd5g5eCYPpCPDUy0FJXbYsaT5zYxjFOckS53SQDE3pWkVoWpHXVb3BrYcEN4Twa55B5cA== -"wrap-ansi-cjs@npm:wrap-ansi@^7.0.0": - version "7.0.0" - resolved "https://registry.yarnpkg.com/wrap-ansi/-/wrap-ansi-7.0.0.tgz#67e145cff510a6a6984bdf1152911d69d2eb9e43" - integrity sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q== - dependencies: - ansi-styles "^4.0.0" - string-width "^4.1.0" - strip-ansi "^6.0.0" - -wrap-ansi@^7.0.0: +"wrap-ansi-cjs@npm:wrap-ansi@^7.0.0", wrap-ansi@^7.0.0: version "7.0.0" resolved "https://registry.yarnpkg.com/wrap-ansi/-/wrap-ansi-7.0.0.tgz#67e145cff510a6a6984bdf1152911d69d2eb9e43" integrity sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==