From bb46dcb262a76467af667a691267a829652bc87a Mon Sep 17 00:00:00 2001
From: Valere <bill.carson@valrsoft.com>
Date: Thu, 31 Oct 2024 18:17:37 +0100
Subject: [PATCH] feat(crypto): Add support for verification violation warnings

---
 matrix-sdk-android/build.gradle                          | 2 +-
 .../sdk/internal/crypto/crosssigning/XSigningTest.kt     | 4 ----
 .../sdk/internal/crypto/ComputeShieldForGroupUseCase.kt  | 5 ++++-
 .../sdk/internal/crypto/GetUserIdentityUseCase.kt        | 6 ++++--
 .../org/matrix/android/sdk/internal/crypto/OlmMachine.kt | 9 ++++++++-
 .../sdk/internal/crypto/RustCrossSigningService.kt       | 2 +-
 .../matrix/android/sdk/internal/crypto/UserIdentities.kt | 8 ++++----
 7 files changed, 22 insertions(+), 14 deletions(-)

diff --git a/matrix-sdk-android/build.gradle b/matrix-sdk-android/build.gradle
index c51228f0c1..d3e50c07f2 100644
--- a/matrix-sdk-android/build.gradle
+++ b/matrix-sdk-android/build.gradle
@@ -221,7 +221,7 @@ dependencies {
 
     implementation libs.google.phonenumber
 
-    implementation("org.matrix.rustcomponents:crypto-android:0.4.3")
+    implementation("org.matrix.rustcomponents:crypto-android:0.5.0")
 //    api project(":library:rustCrypto")
 
     testImplementation libs.tests.junit
diff --git a/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/crosssigning/XSigningTest.kt b/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/crosssigning/XSigningTest.kt
index 12c63edf92..88005b7b5c 100644
--- a/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/crosssigning/XSigningTest.kt
+++ b/matrix-sdk-android/src/androidTest/java/org/matrix/android/sdk/internal/crypto/crosssigning/XSigningTest.kt
@@ -24,7 +24,6 @@ import org.junit.Assert.assertNotNull
 import org.junit.Assert.assertNull
 import org.junit.Assert.assertTrue
 import org.junit.Assert.fail
-import org.junit.Assume
 import org.junit.FixMethodOrder
 import org.junit.Test
 import org.junit.runner.RunWith
@@ -202,9 +201,6 @@ class XSigningTest : InstrumentedTest {
         val aliceSession = cryptoTestData.firstSession
         val bobSession = cryptoTestData.secondSession
 
-        // Remove when https://github.com/matrix-org/matrix-rust-sdk/issues/1129
-        Assume.assumeTrue("Not yet supported by rust", aliceSession.cryptoService().name() != "rust-sdk")
-
         val aliceAuthParams = UserPasswordAuth(
                 user = aliceSession.myUserId,
                 password = TestConstants.PASSWORD
diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/ComputeShieldForGroupUseCase.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/ComputeShieldForGroupUseCase.kt
index 75575b14c3..5b0ad1a183 100644
--- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/ComputeShieldForGroupUseCase.kt
+++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/ComputeShieldForGroupUseCase.kt
@@ -29,7 +29,10 @@ internal class ComputeShieldForGroupUseCase @Inject constructor(
         val myIdentity = olmMachine.getIdentity(myUserId)
         val allTrustedUserIds = userIds
                 .filter { userId ->
-                    olmMachine.getIdentity(userId)?.verified() == true
+                    val identity = olmMachine.getIdentity(userId)?.toMxCrossSigningInfo()
+                    identity?.isTrusted() == true ||
+                            // Always take into account users that was previously verified but are not anymore
+                            identity?.wasTrustedOnce == true
                 }
 
         return if (allTrustedUserIds.isEmpty()) {
diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/GetUserIdentityUseCase.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/GetUserIdentityUseCase.kt
index 0725edbc88..6458ad998b 100644
--- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/GetUserIdentityUseCase.kt
+++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/GetUserIdentityUseCase.kt
@@ -66,7 +66,8 @@ internal class GetUserIdentityUseCase @Inject constructor(
                         innerMachine = innerMachine,
                         requestSender = requestSender,
                         coroutineDispatchers = coroutineDispatchers,
-                        verificationRequestFactory = verificationRequestFactory
+                        verificationRequestFactory = verificationRequestFactory,
+                        hasVerificationViolation = identity.hasVerificationViolation
                 )
             }
             is InnerUserIdentity.Own -> {
@@ -89,7 +90,8 @@ internal class GetUserIdentityUseCase @Inject constructor(
                         innerMachine = innerMachine,
                         requestSender = requestSender,
                         coroutineDispatchers = coroutineDispatchers,
-                        verificationRequestFactory = verificationRequestFactory
+                        verificationRequestFactory = verificationRequestFactory,
+                        hasVerificationViolation = identity.hasVerificationViolation
                 )
             }
             null                             -> null
diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OlmMachine.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OlmMachine.kt
index c45f85671e..a3c68c2230 100644
--- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OlmMachine.kt
+++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OlmMachine.kt
@@ -84,7 +84,9 @@ import org.matrix.rustcomponents.sdk.crypto.ShieldState
 import org.matrix.rustcomponents.sdk.crypto.SignatureVerification
 import org.matrix.rustcomponents.sdk.crypto.setLogger
 import timber.log.Timber
+import uniffi.matrix_sdk_crypto.DecryptionSettings
 import uniffi.matrix_sdk_crypto.LocalTrust
+import uniffi.matrix_sdk_crypto.TrustRequirement
 import java.io.File
 import java.nio.charset.Charset
 import javax.inject.Inject
@@ -450,7 +452,12 @@ internal class OlmMachine @Inject constructor(
                     }
 
                     val serializedEvent = adapter.toJson(event)
-                    val decrypted = inner.decryptRoomEvent(serializedEvent, event.roomId, false, false)
+                    val decrypted = inner.decryptRoomEvent(
+                            serializedEvent, event.roomId,
+                            handleVerificationEvents = false,
+                            strictShields = false,
+                            decryptionSettings = DecryptionSettings(TrustRequirement.UNTRUSTED)
+                    )
 
                     val deserializationAdapter =
                             moshi.adapter<JsonDict>(Map::class.java)
diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/RustCrossSigningService.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/RustCrossSigningService.kt
index e2def5af8a..e1c323e01c 100644
--- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/RustCrossSigningService.kt
+++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/RustCrossSigningService.kt
@@ -58,7 +58,7 @@ internal class RustCrossSigningService @Inject constructor(
      * Checks that my trusted user key has signed the other user UserKey
      */
     override suspend fun checkUserTrust(otherUserId: String): UserTrustResult {
-        val identity = olmMachine.getIdentity(olmMachine.userId())
+        val identity = olmMachine.getIdentity(otherUserId)
 
         // While UserTrustResult has many different states, they are by the callers
         // converted to a boolean value immediately, thus we don't need to support
diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/UserIdentities.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/UserIdentities.kt
index 8d70482ae1..e4c7bcfcc3 100644
--- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/UserIdentities.kt
+++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/UserIdentities.kt
@@ -85,6 +85,7 @@ internal class OwnUserIdentity(
         private val requestSender: RequestSender,
         private val coroutineDispatchers: MatrixCoroutineDispatchers,
         private val verificationRequestFactory: VerificationRequest.Factory,
+        private val hasVerificationViolation: Boolean
 ) : UserIdentities() {
     /**
      * Our own user id.
@@ -157,8 +158,7 @@ internal class OwnUserIdentity(
         userSigningKey.trustLevel = trustLevel
 
         val crossSigningKeys = listOf(masterKey, selfSigningKey, userSigningKey)
-        // TODO https://github.com/matrix-org/matrix-rust-sdk/issues/1129
-        return MXCrossSigningInfo(userId, crossSigningKeys, false)
+        return MXCrossSigningInfo(userId, crossSigningKeys, hasVerificationViolation)
     }
 }
 
@@ -175,6 +175,7 @@ internal class UserIdentity(
         private val requestSender: RequestSender,
         private val coroutineDispatchers: MatrixCoroutineDispatchers,
         private val verificationRequestFactory: VerificationRequest.Factory,
+        private val hasVerificationViolation: Boolean
 ) : UserIdentities() {
     /**
      * The unique ID of the user that this identity belongs to.
@@ -256,8 +257,7 @@ internal class UserIdentity(
                         masterKey.also { it.trustLevel = trustLevel },
                         selfSigningKey.also { it.trustLevel = trustLevel },
                 ),
-                // TODO https://github.com/matrix-org/matrix-rust-sdk/issues/1129
-                wasTrustedOnce = false
+                wasTrustedOnce = hasVerificationViolation
         )
     }
 }