Add support for scanning QR codes during verification, with Rust crypto

spec/integ/crypto/verification.spec.ts

@@ -85,6 +85,10 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("verification (%s)", (backend: st
     // Rust backend. Once we have full support in the rust sdk, it will go away.
     const oldBackendOnly = backend === "rust-sdk" ? test.skip : test;
 
+    // newBackendOnly is the opposite to `oldBackendOnly`: it will skip the test if we are running against the legacy
+    // backend.
+    const newBackendOnly = backend === "rust-sdk" ? test : test.skip;
+
     /** the client under test */
     let aliceClient: MatrixClient;
 
@@ -469,6 +473,64 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("verification (%s)", (backend: st
             await verificationPromise;
             expect(request.phase).toEqual(VerificationPhase.Done);
         });
+
+        newBackendOnly("can verify another by scanning their QR code", async () => {
+            aliceClient = await startTestClient();
+            // we need cross-signing keys for a QR code verification
+            e2eKeyResponder.addCrossSigningData(SIGNED_CROSS_SIGNING_KEYS_DATA);
+            await waitForDeviceList();
+
+            // Alice sends a m.key.verification.request
+            const [, request] = await Promise.all([
+                expectSendToDeviceMessage("m.key.verification.request"),
+                aliceClient.getCrypto()!.requestDeviceVerification(TEST_USER_ID, TEST_DEVICE_ID),
+            ]);
+            const transactionId = request.transactionId!;
+
+            // The dummy device replies with an m.key.verification.ready, indicating it can show a QR code
+            returnToDeviceMessageFromSync(buildReadyMessage(transactionId, ["m.qr_code.show.v1", "m.reciprocate.v1"]));
+            await waitForVerificationRequestChanged(request);
+            expect(request.phase).toEqual(VerificationPhase.Ready);
+            expect(request.otherPartySupportsMethod("m.qr_code.show.v1")).toBe(true);
+
+            // the dummy device shows a QR code
+            const sharedSecret = "SUPERSEKRET";
+            const qrCodeBuffer = buildQRCode(
+                transactionId,
+                TEST_DEVICE_PUBLIC_ED25519_KEY_BASE64,
+                MASTER_CROSS_SIGNING_PUBLIC_KEY_BASE64,
+                sharedSecret,
+            );
+
+            // Alice scans the QR code
+            const sendToDevicePromise = expectSendToDeviceMessage("m.key.verification.start");
+            const verifier = await request.scanQRCode(qrCodeBuffer);
+
+            const requestBody = await sendToDevicePromise;
+            const toDeviceMessage = requestBody.messages[TEST_USER_ID][TEST_DEVICE_ID];
+            expect(toDeviceMessage).toEqual({
+                from_device: aliceClient.deviceId,
+                method: "m.reciprocate.v1",
+                transaction_id: transactionId,
+                secret: encodeUnpaddedBase64(Buffer.from(sharedSecret)),
+            });
+
+            expect(request.phase).toEqual(VerificationPhase.Started);
+            expect(request.chosenMethod).toEqual("m.reciprocate.v1");
+            expect(verifier.getReciprocateQrCodeCallbacks()).toBeNull();
+
+            const verificationPromise = verifier.verify();
+
+            // the dummy device confirms that Alice scanned the QR code, by replying with a done
+            returnToDeviceMessageFromSync(buildDoneMessage(transactionId));
+
+            // Alice also replies with a 'done'
+            await expectSendToDeviceMessage("m.key.verification.done");
+
+            // ... and the whole thing should be done!
+            await verificationPromise;
+            expect(request.phase).toEqual(VerificationPhase.Done);
+        });
     });
 
     describe("cancellation", () => {
@@ -794,3 +856,22 @@ function buildDoneMessage(transactionId: string) {
         },
     };
 }
+
+function buildQRCode(transactionId: string, key1Base64: string, key2Base64: string, sharedSecret: string): Uint8Array {
+    // https://spec.matrix.org/v1.7/client-server-api/#qr-code-format
+
+    const qrCodeBuffer = Buffer.alloc(150); // oversize
+    let idx = 0;
+    idx += qrCodeBuffer.write("MATRIX", idx, "ascii");
+    idx = qrCodeBuffer.writeUInt8(0x02, idx); // version
+    idx = qrCodeBuffer.writeUInt8(0x02, idx); // mode
+    idx = qrCodeBuffer.writeInt16BE(transactionId.length, idx);
+    idx += qrCodeBuffer.write(transactionId, idx, "ascii");
+
+    idx += Buffer.from(key1Base64, "base64").copy(qrCodeBuffer, idx);
+    idx += Buffer.from(key2Base64, "base64").copy(qrCodeBuffer, idx);
+    idx += qrCodeBuffer.write(sharedSecret, idx);
+
+    // truncate to the right length
+    return qrCodeBuffer.subarray(0, idx);
+}

spec/unit/rust-crypto/verification.spec.ts

@@ -87,7 +87,7 @@ function makeTestRequest(
 ): RustVerificationRequest {
     inner ??= makeMockedInner();
     outgoingRequestProcessor ??= {} as OutgoingRequestProcessor;
-    return new RustVerificationRequest(inner, outgoingRequestProcessor, undefined);
+    return new RustVerificationRequest(inner, outgoingRequestProcessor, []);
 }
 
 /** Mock up a rust-side VerificationRequest */

src/client.ts

@@ -2241,7 +2241,7 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
             this.cryptoCallbacks,
             useIndexedDB ? RUST_SDK_STORE_PREFIX : null,
         );
-        rustCrypto.supportedVerificationMethods = this.verificationMethods;
+        rustCrypto.setSupportedVerificationMethods(this.verificationMethods);
 
         this.cryptoBackend = rustCrypto;
 

src/crypto-api/verification.ts

@@ -136,12 +136,27 @@ export interface VerificationRequest
     /**
      * Send an `m.key.verification.start` event to start verification via a particular method.
      *
+     * This is normally used when starting a verification via emojis (ie, `method` is set to `m.sas.v1`).
+     *
      * @param method - the name of the verification method to use.
      *
      * @returns The verifier which will do the actual verification.
      */
     startVerification(method: string): Promise<Verifier>;
 
+    /**
+     * Start a QR code verification by providing a scanned QR code for this verification flow.
+     *
+     * Validates the QR code, and if it is ok, sends an `m.key.verification.start` event with `method` set to
+     * `m.reciprocate.v1`, to tell the other side the scan was successful.
+     *
+     * See also {@link VerificationRequest#startVerification} which can be used to start other verification methods.
+     *
+     * @param qrCodeData - the decoded QR code.
+     * @returns A verifier; call `.verify()` on it to wait for the other side to complete the verification flow.
+     */
+    scanQRCode(qrCodeData: Uint8Array): Promise<Verifier>;
+
     /**
      * The verifier which is doing the actual verification, once the method has been established.
      * Only defined when the `phase` is Started.

src/crypto/verification/request/VerificationRequest.ts

@@ -478,6 +478,10 @@ export class VerificationRequest<C extends IVerificationChannel = IVerificationC
         return verifier;
     }
 
+    public scanQRCode(qrCodeData: Uint8Array): Promise<Verifier> {
+        throw new Error("QR code scanning not supported by legacy crypto");
+    }
+
     /**
      * sends the initial .request event.
      * @returns resolves when the event has been sent.

src/rust-crypto/rust-crypto.ts

@@ -56,6 +56,8 @@ import { EventType } from "../@types/event";
 import { CryptoEvent } from "../crypto";
 import { TypedEventEmitter } from "../models/typed-event-emitter";
 
+const ALL_VERIFICATION_METHODS = ["m.sas.v1", "m.qr_code.scan.v1", "m.qr_code.show.v1", "m.reciprocate.v1"];
+
 /**
  * An implementation of {@link CryptoBackend} using the Rust matrix-sdk-crypto.
  */
@@ -558,7 +560,7 @@ export class RustCrypto extends TypedEventEmitter<RustCryptoEvents, RustCryptoEv
                     new RustVerificationRequest(
                         request,
                         this.outgoingRequestProcessor,
-                        this.supportedVerificationMethods,
+                        this._supportedVerificationMethods,
                     ),
             );
     }
@@ -580,10 +582,18 @@ export class RustCrypto extends TypedEventEmitter<RustCryptoEvents, RustCryptoEv
 
     /**
      * The verification methods we offer to the other side during an interactive verification.
+     */
+    private _supportedVerificationMethods: string[] = ALL_VERIFICATION_METHODS;
+
+    /**
+     * Set the verification methods we offer to the other side during an interactive verification.
      *
      * If `undefined`, we will offer all the methods supported by the Rust SDK.
      */
-    public supportedVerificationMethods: string[] | undefined;
+    public setSupportedVerificationMethods(methods: string[] | undefined): void {
+        // by default, the Rust SDK does not offer `m.qr_code.scan.v1`, but we do want to offer that.
+        this._supportedVerificationMethods = methods ?? ALL_VERIFICATION_METHODS;
+    }
 
     /**
      * Send a verification request to our other devices.
@@ -604,10 +614,10 @@ export class RustCrypto extends TypedEventEmitter<RustCryptoEvents, RustCryptoEv
 
         const [request, outgoingRequest]: [RustSdkCryptoJs.VerificationRequest, RustSdkCryptoJs.ToDeviceRequest] =
             await userIdentity.requestVerification(
-                this.supportedVerificationMethods?.map(verificationMethodIdentifierToMethod),
+                this._supportedVerificationMethods.map(verificationMethodIdentifierToMethod),
             );
         await this.outgoingRequestProcessor.makeOutgoingRequest(outgoingRequest);
-        return new RustVerificationRequest(request, this.outgoingRequestProcessor, this.supportedVerificationMethods);
+        return new RustVerificationRequest(request, this.outgoingRequestProcessor, this._supportedVerificationMethods);
     }
 
     /**
@@ -634,10 +644,10 @@ export class RustCrypto extends TypedEventEmitter<RustCryptoEvents, RustCryptoEv
 
         const [request, outgoingRequest]: [RustSdkCryptoJs.VerificationRequest, RustSdkCryptoJs.ToDeviceRequest] =
             await device.requestVerification(
-                this.supportedVerificationMethods?.map(verificationMethodIdentifierToMethod),
+                this._supportedVerificationMethods.map(verificationMethodIdentifierToMethod),
             );
         await this.outgoingRequestProcessor.makeOutgoingRequest(outgoingRequest);
-        return new RustVerificationRequest(request, this.outgoingRequestProcessor, this.supportedVerificationMethods);
+        return new RustVerificationRequest(request, this.outgoingRequestProcessor, this._supportedVerificationMethods);
     }
 
     ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////
@@ -791,7 +801,7 @@ export class RustCrypto extends TypedEventEmitter<RustCryptoEvents, RustCryptoEv
         if (request) {
             this.emit(
                 CryptoEvent.VerificationRequestReceived,
-                new RustVerificationRequest(request, this.outgoingRequestProcessor, this.supportedVerificationMethods),
+                new RustVerificationRequest(request, this.outgoingRequestProcessor, this._supportedVerificationMethods),
             );
         }
     }