feat(crypto-js): Implement key verification

feat(crypto-js): Implement key verification

Author: Hywan

Cargo.lock

@@ -21,15 +21,17 @@ wasm-opt = ['-Oz']
 crate-type = ["cdylib"]
 
 [features]
-default = ["tracing"]
-qrcode = ["matrix-sdk-crypto/qrcode"]
+default = ["tracing", "qrcode"]
+qrcode = ["matrix-sdk-crypto/qrcode", "dep:matrix-sdk-qrcode"]
 tracing = []
 
 [dependencies]
 matrix-sdk-common = { version = "0.5.0", path = "../../crates/matrix-sdk-common" }
 matrix-sdk-crypto = { version = "0.5.0", path = "../../crates/matrix-sdk-crypto" }
 matrix-sdk-indexeddb = { version = "0.1.0", path = "../../crates/matrix-sdk-indexeddb" }
+matrix-sdk-qrcode = { version = "0.3.0", path = "../../crates/matrix-sdk-qrcode", optional = true }
 ruma = { version = "0.7.0", features = ["client-api-c", "js", "rand", "unstable-msc2676", "unstable-msc2677"] }
+vodozemac = { version = "0.3.0", features = ["js"] }
 wasm-bindgen = "0.2.80"
 wasm-bindgen-futures = "0.4.30"
 js-sys = "0.3.49"
@@ -39,8 +41,4 @@ http = "0.2.6"
 anyhow = "1.0.58"
 tracing = { version = "0.1.35", default-features = false, features = ["attributes"] }
 tracing-subscriber = { version = "0.3.14", default-features = false, features = ["registry", "std"] }
-zeroize = "1.3.0"
-
-[dependencies.vodozemac]
-version = "0.3.0"
-features = ["js"]
+zeroize = "1.3.0"

bindings/matrix-sdk-crypto-js/Cargo.toml

@@ -26,12 +26,12 @@
         "pkg/matrix_sdk_crypto.d.ts"
     ],
     "devDependencies": {
-        "wasm-pack": "^0.10.2",
+        "cross-env": "^7.0.3",
+        "fake-indexeddb": "^4.0",
         "jest": "^28.1.0",
         "typedoc": "^0.22.17",
-        "cross-env": "^7.0.3",
-        "yargs-parser": "~21.0.1",
-        "fake-indexeddb": "^4.0"
+        "wasm-pack": "^0.10.2",
+        "yargs-parser": "~21.0.1"
     },
     "engines": {
         "node": ">= 10"

bindings/matrix-sdk-crypto-js/package.json

@@ -0,0 +1,263 @@
+//! Types for a `Device`.
+
+use js_sys::{Array, Map, Promise};
+use wasm_bindgen::prelude::*;
+
+use crate::{
+    future::future_to_promise,
+    identifiers::{self, DeviceId, UserId},
+    types, verification, vodozemac,
+};
+
+/// A device represents a E2EE capable client of an user.
+#[wasm_bindgen]
+#[derive(Debug)]
+pub struct Device {
+    pub(crate) inner: matrix_sdk_crypto::Device,
+}
+
+impl From<matrix_sdk_crypto::Device> for Device {
+    fn from(inner: matrix_sdk_crypto::Device) -> Self {
+        Self { inner }
+    }
+}
+
+#[wasm_bindgen]
+impl Device {
+    /// Request an interactive verification with this device.
+    #[wasm_bindgen(js_name = "requestVerification")]
+    pub fn request_verification(&self, methods: Option<Array>) -> Result<Promise, JsError> {
+        let methods = methods
+            .map(|array| {
+                array
+                    .iter()
+                    .map(|method| {
+                        verification::VerificationMethod::try_from(method).map(Into::into)
+                    })
+                    .collect::<Result<_, _>>()
+            })
+            .transpose()?;
+        let me = self.inner.clone();
+
+        Ok(future_to_promise(async move {
+            let tuple = Array::new();
+            let (verification_request, outgoing_verification_request) = match methods {
+                Some(methods) => me.request_verification_with_methods(methods).await,
+                None => me.request_verification().await,
+            };
+
+            tuple.set(0, verification::VerificationRequest::from(verification_request).into());
+            tuple.set(
+                1,
+                verification::OutgoingVerificationRequest::from(outgoing_verification_request)
+                    .try_into()?,
+            );
+
+            Ok(tuple)
+        }))
+    }
+
+    /// Is this device considered to be verified.
+    ///
+    /// This method returns true if either the `is_locally_trusted`
+    /// method returns `true` or if the `is_cross_signing_trusted`
+    /// method returns `true`.
+    #[wasm_bindgen(js_name = "isVerified")]
+    pub fn is_verified(&self) -> bool {
+        self.inner.is_verified()
+    }
+
+    /// Is this device considered to be verified using cross signing.
+    #[wasm_bindgen(js_name = "isCrossSigningTrusted")]
+    pub fn is_cross_signing_trusted(&self) -> bool {
+        self.inner.is_cross_signing_trusted()
+    }
+
+    /// Set the local trust state of the device to the given state.
+    ///
+    /// This won’t affect any cross signing trust state, this only
+    /// sets a flag marking to have the given trust state.
+    ///
+    /// `trust_state` represents the new trust state that should be
+    /// set for the device.
+    #[wasm_bindgen(js_name = "setLocalTrust")]
+    pub fn set_local_trust(&self, local_state: LocalTrust) -> Promise {
+        let me = self.inner.clone();
+
+        future_to_promise(async move {
+            me.set_local_trust(local_state.into()).await?;
+
+            Ok(JsValue::NULL)
+        })
+    }
+
+    /// The user ID of the device owner.
+    #[wasm_bindgen(getter, js_name = "userId")]
+    pub fn user_id(&self) -> UserId {
+        self.inner.user_id().to_owned().into()
+    }
+
+    /// The unique ID of the device.
+    #[wasm_bindgen(getter, js_name = "deviceId")]
+    pub fn device_id(&self) -> DeviceId {
+        self.inner.device_id().to_owned().into()
+    }
+
+    /// Get the human readable name of the device.
+    #[wasm_bindgen(getter, js_name = "displayName")]
+    pub fn display_name(&self) -> Option<String> {
+        self.inner.display_name().map(ToOwned::to_owned)
+    }
+
+    /// Get the key of the given key algorithm belonging to this device.
+    #[wasm_bindgen(js_name = "getKey")]
+    pub fn get_key(
+        &self,
+        algorithm: identifiers::DeviceKeyAlgorithmName,
+    ) -> Result<Option<vodozemac::DeviceKey>, JsError> {
+        Ok(self.inner.get_key(algorithm.try_into()?).cloned().map(Into::into))
+    }
+
+    /// Get the Curve25519 key of the given device.
+    #[wasm_bindgen(getter, js_name = "curve25519Key")]
+    pub fn curve25519_key(&self) -> Option<vodozemac::Curve25519PublicKey> {
+        self.inner.curve25519_key().map(Into::into)
+    }
+
+    /// Get the Ed25519 key of the given device.
+    #[wasm_bindgen(getter, js_name = "ed25519Key")]
+    pub fn ed25519_key(&self) -> Option<vodozemac::Ed25519PublicKey> {
+        self.inner.ed25519_key().map(Into::into)
+    }
+
+    /// Get a map containing all the device keys.
+    #[wasm_bindgen(getter)]
+    pub fn keys(&self) -> Map {
+        let map = Map::new();
+
+        for (device_key_id, device_key) in self.inner.keys() {
+            map.set(
+                &identifiers::DeviceKeyId::from(device_key_id.clone()).into(),
+                &vodozemac::DeviceKey::from(device_key.clone()).into(),
+            );
+        }
+
+        map
+    }
+
+    /// Get a map containing all the device signatures.
+    #[wasm_bindgen(getter)]
+    pub fn signatures(&self) -> types::Signatures {
+        self.inner.signatures().clone().into()
+    }
+
+    /// Get the trust state of the device.
+    #[wasm_bindgen(getter, js_name = "localTrustState")]
+    pub fn local_trust_state(&self) -> LocalTrust {
+        self.inner.local_trust_state().into()
+    }
+
+    /// Is the device locally marked as trusted?
+    #[wasm_bindgen(js_name = "isLocallyTrusted")]
+    pub fn is_locally_trusted(&self) -> bool {
+        self.inner.is_locally_trusted()
+    }
+
+    /// Is the device locally marked as blacklisted?
+    ///
+    /// Blacklisted devices won’t receive any group sessions.
+    #[wasm_bindgen(js_name = "isBlacklisted")]
+    pub fn is_blacklisted(&self) -> bool {
+        self.inner.is_blacklisted()
+    }
+
+    /// Is the device deleted?
+    #[wasm_bindgen(js_name = "isDeleted")]
+    pub fn is_deleted(&self) -> bool {
+        self.inner.is_deleted()
+    }
+}
+
+/// The local trust state of a device.
+#[wasm_bindgen]
+#[derive(Debug)]
+pub enum LocalTrust {
+    /// The device has been verified and is trusted.
+    Verified,
+
+    /// The device been blacklisted from communicating.
+    BlackListed,
+
+    /// The trust state of the device is being ignored.
+    Ignored,
+
+    /// The trust state is unset.
+    Unset,
+}
+
+impl From<matrix_sdk_crypto::LocalTrust> for LocalTrust {
+    fn from(value: matrix_sdk_crypto::LocalTrust) -> Self {
+        use matrix_sdk_crypto::LocalTrust::*;
+
+        match value {
+            Verified => Self::Verified,
+            BlackListed => Self::BlackListed,
+            Ignored => Self::Ignored,
+            Unset => Self::Unset,
+        }
+    }
+}
+
+impl From<LocalTrust> for matrix_sdk_crypto::LocalTrust {
+    fn from(value: LocalTrust) -> Self {
+        use LocalTrust::*;
+
+        match value {
+            Verified => Self::Verified,
+            BlackListed => Self::BlackListed,
+            Ignored => Self::Ignored,
+            Unset => Self::Unset,
+        }
+    }
+}
+
+/// A read only view over all devices belonging to a user.
+#[wasm_bindgen]
+#[derive(Debug)]
+pub struct UserDevices {
+    pub(crate) inner: matrix_sdk_crypto::UserDevices,
+}
+
+impl From<matrix_sdk_crypto::UserDevices> for UserDevices {
+    fn from(inner: matrix_sdk_crypto::UserDevices) -> Self {
+        Self { inner }
+    }
+}
+
+#[wasm_bindgen]
+impl UserDevices {
+    /// Get the specific device with the given device ID.
+    pub fn get(&self, device_id: &DeviceId) -> Option<Device> {
+        self.inner.get(&device_id.inner).map(Into::into)
+    }
+
+    /// Returns true if there is at least one devices of this user
+    /// that is considered to be verified, false otherwise.
+    ///
+    /// This won't consider your own device as verified, as your own
+    /// device is always implicitly verified.
+    #[wasm_bindgen(js_name = "isAnyVerified")]
+    pub fn is_any_verified(&self) -> bool {
+        self.inner.is_any_verified()
+    }
+
+    /// Array over all the device IDs of the user devices.
+    pub fn keys(&self) -> Array {
+        self.inner.keys().map(ToOwned::to_owned).map(DeviceId::from).map(JsValue::from).collect()
+    }
+
+    /// Iterator over all the devices of the user devices.
+    pub fn devices(&self) -> Array {
+        self.inner.devices().map(Device::from).map(JsValue::from).collect()
+    }
+}

bindings/matrix-sdk-crypto-js/src/device.rs

@@ -135,7 +135,7 @@ impl DeviceKeyId {
 #[wasm_bindgen]
 #[derive(Debug)]
 pub struct DeviceKeyAlgorithm {
-    inner: ruma::DeviceKeyAlgorithm,
+    pub(crate) inner: ruma::DeviceKeyAlgorithm,
 }
 
 impl From<ruma::DeviceKeyAlgorithm> for DeviceKeyAlgorithm {
@@ -180,6 +180,25 @@ pub enum DeviceKeyAlgorithmName {
     Unknown,
 }
 
+impl TryFrom<DeviceKeyAlgorithmName> for ruma::DeviceKeyAlgorithm {
+    type Error = JsError;
+
+    fn try_from(value: DeviceKeyAlgorithmName) -> Result<Self, Self::Error> {
+        use DeviceKeyAlgorithmName::*;
+
+        Ok(match value {
+            Ed25519 => Self::Ed25519,
+            Curve25519 => Self::Curve25519,
+            SignedCurve25519 => Self::SignedCurve25519,
+            Unknown => {
+                return Err(JsError::new(
+                    "The `DeviceKeyAlgorithmName.Unknown` variant cannot be converted",
+                ))
+            }
+        })
+    }
+}
+
 impl From<ruma::DeviceKeyAlgorithm> for DeviceKeyAlgorithmName {
     fn from(value: ruma::DeviceKeyAlgorithm) -> Self {
         use ruma::DeviceKeyAlgorithm::*;

bindings/matrix-sdk-crypto-js/src/identifiers.rs

@@ -18,6 +18,7 @@
 #![allow(clippy::drop_non_drop)] // triggered by wasm_bindgen code
 
 pub mod attachment;
+pub mod device;
 pub mod encryption;
 pub mod events;
 mod future;
@@ -26,9 +27,11 @@ pub mod machine;
 pub mod olm;
 pub mod requests;
 pub mod responses;
+pub mod store;
 pub mod sync_events;
 mod tracing;
 pub mod types;
+pub mod verification;
 pub mod vodozemac;
 
 use js_sys::{Object, Reflect};