Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto: Rename PreviouslyVerified to VerificationViolation #4067

Merged
merged 1 commit into from
Oct 3, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 9 additions & 8 deletions crates/matrix-sdk-common/src/deserialized_responses.rs
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,8 @@ use crate::debug::{DebugRawEvent, DebugStructExt};
const AUTHENTICITY_NOT_GUARANTEED: &str =
"The authenticity of this encrypted message can't be guaranteed on this device.";
const UNVERIFIED_IDENTITY: &str = "Encrypted by an unverified user.";
const PREVIOUSLY_VERIFIED: &str = "Encrypted by a previously-verified user.";
const VERIFICATION_VIOLATION: &str =
"Encrypted by a previously-verified user who is no longer verified.";
const UNSIGNED_DEVICE: &str = "Encrypted by a device not verified by its owner.";
const UNKNOWN_DEVICE: &str = "Encrypted by an unknown or deleted device.";
pub const SENT_IN_CLEAR: &str = "Not encrypted.";
Expand Down Expand Up @@ -92,7 +93,7 @@ impl VerificationState {
VerificationState::Verified => ShieldState::None,
VerificationState::Unverified(level) => match level {
VerificationLevel::UnverifiedIdentity
| VerificationLevel::PreviouslyVerified
| VerificationLevel::VerificationViolation
| VerificationLevel::UnsignedDevice => ShieldState::Red {
code: ShieldStateCode::UnverifiedIdentity,
message: UNVERIFIED_IDENTITY,
Expand Down Expand Up @@ -127,12 +128,12 @@ impl VerificationState {
// nag you with an error message.
ShieldState::None
}
VerificationLevel::PreviouslyVerified => {
VerificationLevel::VerificationViolation => {
// This is a high warning. The sender was previously
// verified, but changed their identity.
ShieldState::Red {
code: ShieldStateCode::PreviouslyVerified,
message: PREVIOUSLY_VERIFIED,
code: ShieldStateCode::VerificationViolation,
message: VERIFICATION_VIOLATION,
}
}
VerificationLevel::UnsignedDevice => {
Expand Down Expand Up @@ -175,7 +176,7 @@ pub enum VerificationLevel {

/// The message was sent by a user identity we have not verified, but the
/// user was previously verified.
PreviouslyVerified,
VerificationViolation,

/// The message was sent by a device not linked to (signed by) any user
/// identity.
Expand All @@ -193,7 +194,7 @@ impl fmt::Display for VerificationLevel {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> Result<(), fmt::Error> {
let display = match self {
VerificationLevel::UnverifiedIdentity => "The sender's identity was not verified",
VerificationLevel::PreviouslyVerified => {
VerificationLevel::VerificationViolation => {
"The sender's identity was previously verified but has changed"
}
VerificationLevel::UnsignedDevice => {
Expand Down Expand Up @@ -258,7 +259,7 @@ pub enum ShieldStateCode {
/// An unencrypted event in an encrypted room.
SentInClear,
/// The sender was previously verified but changed their identity.
PreviouslyVerified,
VerificationViolation,
}

/// The algorithm specific information of a decrypted event.
Expand Down
3 changes: 3 additions & 0 deletions crates/matrix-sdk-crypto/CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,9 @@ Breaking changes:
the CryptoStore, meaning that, once upgraded, it will not be possible to roll
back applications to earlier versions without breaking user sessions.

- Renamed `VerificationLevel::PreviouslyVerified` to
`VerificationLevel::VerificationViolation`.

- `OlmMachine::decrypt_room_event` now takes a `DecryptionSettings` argument,
which includes a `TrustRequirement` indicating the required trust level for
the sending device. When it is called with `TrustRequirement` other than
Expand Down
12 changes: 6 additions & 6 deletions crates/matrix-sdk-crypto/src/identities/manager.rs
Original file line number Diff line number Diff line change
Expand Up @@ -2200,7 +2200,7 @@ pub(crate) mod tests {
// Set up a machine do initial own key query and import cross-signing secret to
// make the current session verified.
async fn common_verified_identity_changes_machine_setup() -> OlmMachine {
use test_json::keys_query_sets::PreviouslyVerifiedTestData as DataSet;
use test_json::keys_query_sets::VerificationViolationTestData as DataSet;

let machine = OlmMachine::new(DataSet::own_id(), device_id!("LOCAL")).await;

Expand All @@ -2220,7 +2220,7 @@ pub(crate) mod tests {
}
#[async_test]
async fn test_manager_verified_latch_setup_on_new_identities() {
use test_json::keys_query_sets::PreviouslyVerifiedTestData as DataSet;
use test_json::keys_query_sets::VerificationViolationTestData as DataSet;

let machine = common_verified_identity_changes_machine_setup().await;

Expand Down Expand Up @@ -2276,7 +2276,7 @@ pub(crate) mod tests {

#[async_test]
async fn test_manager_verified_identity_changes_setup_on_updated_identities() {
use test_json::keys_query_sets::PreviouslyVerifiedTestData as DataSet;
use test_json::keys_query_sets::VerificationViolationTestData as DataSet;

let machine = common_verified_identity_changes_machine_setup().await;

Expand Down Expand Up @@ -2318,7 +2318,7 @@ pub(crate) mod tests {
// The cross signing secrets are not yet uploaded.
// Then query keys for carol and bob (both signed by own identity)
async fn common_verified_identity_changes_own_trust_change_machine_setup() -> OlmMachine {
use test_json::keys_query_sets::PreviouslyVerifiedTestData as DataSet;
use test_json::keys_query_sets::VerificationViolationTestData as DataSet;

// Start on a non-verified session
let machine = OlmMachine::new(DataSet::own_id(), device_id!("LOCAL")).await;
Expand Down Expand Up @@ -2352,7 +2352,7 @@ pub(crate) mod tests {

#[async_test]
async fn test_manager_verified_identity_changes_setup_on_own_identity_trust_change() {
use test_json::keys_query_sets::PreviouslyVerifiedTestData as DataSet;
use test_json::keys_query_sets::VerificationViolationTestData as DataSet;
let machine = common_verified_identity_changes_own_trust_change_machine_setup().await;

let own_identity =
Expand Down Expand Up @@ -2389,7 +2389,7 @@ pub(crate) mod tests {

#[async_test]
async fn test_manager_verified_identity_change_setup_on_import_secrets() {
use test_json::keys_query_sets::PreviouslyVerifiedTestData as DataSet;
use test_json::keys_query_sets::VerificationViolationTestData as DataSet;
let machine = common_verified_identity_changes_own_trust_change_machine_setup().await;

let own_identity =
Expand Down
17 changes: 8 additions & 9 deletions crates/matrix-sdk-crypto/src/identities/user.rs
Original file line number Diff line number Diff line change
Expand Up @@ -871,7 +871,7 @@ enum OwnUserIdentityVerifiedState {
NeverVerified,

/// We previously verified this identity, but it has changed.
PreviouslyVerifiedButNoLonger,
VerificationViolation,

/// We have verified the current identity.
Verified,
Expand Down Expand Up @@ -1022,7 +1022,7 @@ impl OwnUserIdentityData {
pub(crate) fn mark_as_unverified(&self) {
let mut guard = self.verified.write().unwrap();
if *guard == OwnUserIdentityVerifiedState::Verified {
*guard = OwnUserIdentityVerifiedState::PreviouslyVerifiedButNoLonger;
*guard = OwnUserIdentityVerifiedState::VerificationViolation;
}
}

Expand All @@ -1039,7 +1039,7 @@ impl OwnUserIdentityData {
matches!(
*self.verified.read().unwrap(),
OwnUserIdentityVerifiedState::Verified
| OwnUserIdentityVerifiedState::PreviouslyVerifiedButNoLonger
| OwnUserIdentityVerifiedState::VerificationViolation
)
}

Expand All @@ -1050,7 +1050,7 @@ impl OwnUserIdentityData {
/// verify again or to withdraw the verification requirement.
pub fn withdraw_verification(&self) {
let mut guard = self.verified.write().unwrap();
if *guard == OwnUserIdentityVerifiedState::PreviouslyVerifiedButNoLonger {
if *guard == OwnUserIdentityVerifiedState::VerificationViolation {
*guard = OwnUserIdentityVerifiedState::NeverVerified;
}
}
Expand All @@ -1065,8 +1065,7 @@ impl OwnUserIdentityData {
/// - Or by withdrawing the verification requirement
/// [`OwnUserIdentity::withdraw_verification`].
pub fn has_verification_violation(&self) -> bool {
*self.verified.read().unwrap()
== OwnUserIdentityVerifiedState::PreviouslyVerifiedButNoLonger
*self.verified.read().unwrap() == OwnUserIdentityVerifiedState::VerificationViolation
}

/// Update the identity with a new master key and self signing key.
Expand Down Expand Up @@ -1632,7 +1631,7 @@ pub(crate) mod tests {

#[async_test]
async fn test_resolve_identity_verification_violation_with_withdraw() {
use test_json::keys_query_sets::PreviouslyVerifiedTestData as DataSet;
use test_json::keys_query_sets::VerificationViolationTestData as DataSet;

let machine = OlmMachine::new(DataSet::own_id(), device_id!("LOCAL")).await;

Expand Down Expand Up @@ -1672,7 +1671,7 @@ pub(crate) mod tests {

#[async_test]
async fn test_reset_own_keys_creates_verification_violation() {
use test_json::keys_query_sets::PreviouslyVerifiedTestData as DataSet;
use test_json::keys_query_sets::VerificationViolationTestData as DataSet;

let machine = OlmMachine::new(DataSet::own_id(), device_id!("LOCAL")).await;

Expand Down Expand Up @@ -1713,7 +1712,7 @@ pub(crate) mod tests {
/// verification violation on our own identity.
#[async_test]
async fn test_own_keys_update_creates_own_identity_verification_violation() {
use test_json::keys_query_sets::PreviouslyVerifiedTestData as DataSet;
use test_json::keys_query_sets::VerificationViolationTestData as DataSet;

let machine = OlmMachine::new(DataSet::own_id(), device_id!("LOCAL")).await;

Expand Down
16 changes: 8 additions & 8 deletions crates/matrix-sdk-crypto/src/machine/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -1477,7 +1477,7 @@ impl OlmMachine {
sender_data,
SenderData::UnknownDevice { .. }
| SenderData::DeviceInfo { .. }
| SenderData::SenderUnverifiedButPreviouslyVerified { .. }
| SenderData::VerificationViolation { .. }
)
}

Expand Down Expand Up @@ -1689,8 +1689,8 @@ impl OlmMachine {
TrustRequirement::CrossSignedOrLegacy => match &session.sender_data {
// Reject if the sender was previously verified, but changed
// their identity and is not verified any more.
SenderData::SenderUnverifiedButPreviouslyVerified(..) => Err(
MegolmError::SenderIdentityNotTrusted(VerificationLevel::PreviouslyVerified),
SenderData::VerificationViolation(..) => Err(
MegolmError::SenderIdentityNotTrusted(VerificationLevel::VerificationViolation),
),
SenderData::SenderUnverified(..) => Ok(()),
SenderData::SenderVerified(..) => Ok(()),
Expand All @@ -1702,8 +1702,8 @@ impl OlmMachine {
TrustRequirement::CrossSigned => match &session.sender_data {
// Reject if the sender was previously verified, but changed
// their identity and is not verified any more.
SenderData::SenderUnverifiedButPreviouslyVerified(..) => Err(
MegolmError::SenderIdentityNotTrusted(VerificationLevel::PreviouslyVerified),
SenderData::VerificationViolation(..) => Err(
MegolmError::SenderIdentityNotTrusted(VerificationLevel::VerificationViolation),
),
SenderData::SenderUnverified(..) => Ok(()),
SenderData::SenderVerified(..) => Ok(()),
Expand Down Expand Up @@ -2493,9 +2493,9 @@ fn sender_data_to_verification_state(
VerificationState::Unverified(VerificationLevel::UnsignedDevice),
Some(device_keys.device_id),
),
SenderData::SenderUnverifiedButPreviouslyVerified(KnownSenderData {
device_id, ..
}) => (VerificationState::Unverified(VerificationLevel::PreviouslyVerified), device_id),
SenderData::VerificationViolation(KnownSenderData { device_id, .. }) => {
(VerificationState::Unverified(VerificationLevel::VerificationViolation), device_id)
}
SenderData::SenderUnverified(KnownSenderData { device_id, .. }) => {
(VerificationState::Unverified(VerificationLevel::UnverifiedIdentity), device_id)
}
Expand Down
39 changes: 19 additions & 20 deletions crates/matrix-sdk-crypto/src/olm/group_sessions/sender_data.rs
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ pub struct KnownSenderData {
/// Sessions start off in `UnknownDevice` state, and progress into `DeviceInfo`
/// state when we get the device info. Finally, if we can look up the sender
/// using the device info, the session can be moved into
/// `SenderUnverifiedButPreviouslyVerified`, `SenderUnverified`, or
/// `VerificationViolation`, `SenderUnverified`, or
/// `SenderVerified` state, depending on the verification status of the user.
/// If the user's verification state changes, the state may change accordingly.
#[derive(Clone, Debug, PartialEq, Deserialize, Serialize)]
Expand Down Expand Up @@ -79,7 +79,7 @@ pub enum SenderData {
/// the to-device message that established this session, but we have not yet
/// verified the cross-signing key, and we had verified a previous
/// cross-signing key for this user.
SenderUnverifiedButPreviouslyVerified(KnownSenderData),
VerificationViolation(KnownSenderData),

/// We have found proof that this user, with this cross-signing key, sent
/// the to-device message that established this session, but we have not yet
Expand All @@ -105,12 +105,12 @@ impl SenderData {

/// Create a [`SenderData`] with a known but unverified sender, where the
/// sender was previously verified.
pub fn sender_previously_verified(
pub fn sender_verification_violation(
user_id: &UserId,
device_id: &DeviceId,
master_key: Ed25519PublicKey,
) -> Self {
Self::SenderUnverifiedButPreviouslyVerified(KnownSenderData {
Self::VerificationViolation(KnownSenderData {
user_id: user_id.to_owned(),
device_id: Some(device_id.to_owned()),
master_key: Box::new(master_key),
Expand Down Expand Up @@ -172,7 +172,7 @@ impl SenderData {
match self {
SenderData::UnknownDevice { .. } => 0,
SenderData::DeviceInfo { .. } => 1,
SenderData::SenderUnverifiedButPreviouslyVerified(..) => 2,
SenderData::VerificationViolation(..) => 2,
SenderData::SenderUnverified(..) => 3,
SenderData::SenderVerified(..) => 4,
}
Expand All @@ -183,9 +183,7 @@ impl SenderData {
match self {
Self::UnknownDevice { .. } => SenderDataType::UnknownDevice,
Self::DeviceInfo { .. } => SenderDataType::DeviceInfo,
Self::SenderUnverifiedButPreviouslyVerified { .. } => {
SenderDataType::SenderUnverifiedButPreviouslyVerified
}
Self::VerificationViolation { .. } => SenderDataType::VerificationViolation,
Self::SenderUnverified { .. } => SenderDataType::SenderUnverified,
Self::SenderVerified { .. } => SenderDataType::SenderVerified,
}
Expand Down Expand Up @@ -217,7 +215,7 @@ enum SenderDataReader {
legacy_session: bool,
},

SenderUnverifiedButPreviouslyVerified(KnownSenderData),
VerificationViolation(KnownSenderData),

SenderUnverified(KnownSenderData),

Expand All @@ -242,9 +240,7 @@ impl From<SenderDataReader> for SenderData {
SenderDataReader::DeviceInfo { device_keys, legacy_session } => {
Self::DeviceInfo { device_keys, legacy_session }
}
SenderDataReader::SenderUnverifiedButPreviouslyVerified(data) => {
Self::SenderUnverifiedButPreviouslyVerified(data)
}
SenderDataReader::VerificationViolation(data) => Self::VerificationViolation(data),
SenderDataReader::SenderUnverified(data) => Self::SenderUnverified(data),
SenderDataReader::SenderVerified(data) => Self::SenderVerified(data),
SenderDataReader::SenderKnown {
Expand Down Expand Up @@ -273,8 +269,8 @@ pub enum SenderDataType {
UnknownDevice = 1,
/// The [`SenderData`] is of type `DeviceInfo`.
DeviceInfo = 2,
/// The [`SenderData`] is of type `SenderUnverifiedButPreviouslyVerified`.
SenderUnverifiedButPreviouslyVerified = 3,
/// The [`SenderData`] is of type `VerificationViolation`.
VerificationViolation = 3,
/// The [`SenderData`] is of type `SenderUnverified`.
SenderUnverified = 4,
/// The [`SenderData`] is of type `SenderVerified`.
Expand Down Expand Up @@ -399,7 +395,7 @@ mod tests {
));
let master_key =
Ed25519PublicKey::from_base64("2/5LWJMow5zhJqakV88SIc7q/1pa8fmkfgAzx72w9G4").unwrap();
let sender_previously_verified = SenderData::sender_previously_verified(
let sender_verification_violation = SenderData::sender_verification_violation(
user_id!("@u:s.co"),
device_id!("DEV"),
master_key,
Expand All @@ -410,26 +406,29 @@ mod tests {
SenderData::sender_verified(user_id!("@u:s.co"), device_id!("DEV"), master_key);

assert_eq!(unknown.compare_trust_level(&device_keys), Ordering::Less);
assert_eq!(unknown.compare_trust_level(&sender_previously_verified), Ordering::Less);
assert_eq!(unknown.compare_trust_level(&sender_verification_violation), Ordering::Less);
assert_eq!(unknown.compare_trust_level(&sender_unverified), Ordering::Less);
assert_eq!(unknown.compare_trust_level(&sender_verified), Ordering::Less);
assert_eq!(device_keys.compare_trust_level(&unknown), Ordering::Greater);
assert_eq!(sender_previously_verified.compare_trust_level(&unknown), Ordering::Greater);
assert_eq!(sender_verification_violation.compare_trust_level(&unknown), Ordering::Greater);
assert_eq!(sender_unverified.compare_trust_level(&unknown), Ordering::Greater);
assert_eq!(sender_verified.compare_trust_level(&unknown), Ordering::Greater);

assert_eq!(device_keys.compare_trust_level(&sender_unverified), Ordering::Less);
assert_eq!(device_keys.compare_trust_level(&sender_verified), Ordering::Less);
assert_eq!(sender_previously_verified.compare_trust_level(&device_keys), Ordering::Greater);
assert_eq!(
sender_verification_violation.compare_trust_level(&device_keys),
Ordering::Greater
);
assert_eq!(sender_unverified.compare_trust_level(&device_keys), Ordering::Greater);
assert_eq!(sender_verified.compare_trust_level(&device_keys), Ordering::Greater);

assert_eq!(
sender_previously_verified.compare_trust_level(&sender_verified),
sender_verification_violation.compare_trust_level(&sender_verified),
Ordering::Less
);
assert_eq!(
sender_previously_verified.compare_trust_level(&sender_unverified),
sender_verification_violation.compare_trust_level(&sender_unverified),
Ordering::Less
);
assert_eq!(sender_unverified.compare_trust_level(&sender_verified), Ordering::Less);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -267,7 +267,7 @@ impl<'a> SenderDataFinder<'a> {
.expect("User with master key must have identity")
.was_previously_verified()
{
SenderData::SenderUnverifiedButPreviouslyVerified(known_sender_data)
SenderData::VerificationViolation(known_sender_data)
} else {
SenderData::SenderUnverified(known_sender_data)
}
Expand Down
Loading
Loading