matrix_sdk_crypto/olm/group_sessions/
sender_data.rs

1// Copyright 2024 The Matrix.org Foundation C.I.C.
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//     http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15use std::{cmp::Ordering, fmt};
16
17use ruma::{DeviceId, OwnedDeviceId, OwnedUserId, UserId};
18use serde::{de, de::Visitor, Deserialize, Deserializer, Serialize};
19use tracing::error;
20use vodozemac::Ed25519PublicKey;
21
22use crate::{
23    types::{serialize_ed25519_key, DeviceKeys},
24    Device,
25};
26
27/// Information about the sender of a megolm session where we know the
28/// cross-signing identity of the sender.
29#[derive(Clone, Debug, PartialEq, Deserialize, Serialize)]
30pub struct KnownSenderData {
31    /// The user ID of the user who established this session.
32    pub user_id: OwnedUserId,
33
34    /// The device ID of the device that send the session.
35    /// This is an `Option` for backwards compatibility, but we should always
36    /// populate it on creation.
37    pub device_id: Option<OwnedDeviceId>,
38
39    /// The cross-signing key of the user who established this session.
40    #[serde(
41        serialize_with = "serialize_ed25519_key",
42        deserialize_with = "deserialize_sender_msk_base64_or_array"
43    )]
44    pub master_key: Box<Ed25519PublicKey>,
45}
46
47/// In an initial version the master key was serialized as an array of number,
48/// it is now exported in base64. This code adds backward compatibility.
49pub(crate) fn deserialize_sender_msk_base64_or_array<'de, D>(
50    de: D,
51) -> Result<Box<Ed25519PublicKey>, D::Error>
52where
53    D: Deserializer<'de>,
54{
55    struct KeyVisitor;
56
57    impl<'de> Visitor<'de> for KeyVisitor {
58        type Value = Box<Ed25519PublicKey>;
59
60        fn expecting(&self, formatter: &mut fmt::Formatter<'_>) -> fmt::Result {
61            write!(formatter, "a base64 string or an array of 32 bytes")
62        }
63
64        fn visit_str<E>(self, v: &str) -> Result<Self::Value, E>
65        where
66            E: de::Error,
67        {
68            let decoded = Ed25519PublicKey::from_base64(v)
69                .map_err(|_| de::Error::custom("Base64 decoding error"))?;
70            Ok(Box::new(decoded))
71        }
72
73        fn visit_seq<A>(self, mut seq: A) -> Result<Self::Value, A::Error>
74        where
75            A: de::SeqAccess<'de>,
76        {
77            let mut buf = [0u8; Ed25519PublicKey::LENGTH];
78
79            for (i, item) in buf.iter_mut().enumerate() {
80                *item = seq.next_element()?.ok_or_else(|| de::Error::invalid_length(i, &self))?;
81            }
82
83            let key = Ed25519PublicKey::from_slice(&buf).map_err(|e| de::Error::custom(&e))?;
84
85            Ok(Box::new(key))
86        }
87
88        fn visit_bytes<E>(self, v: &[u8]) -> Result<Self::Value, E>
89        where
90            E: de::Error,
91        {
92            if v.len() == Ed25519PublicKey::LENGTH {
93                let mut buf = [0u8; Ed25519PublicKey::LENGTH];
94                buf.copy_from_slice(v);
95
96                let key = Ed25519PublicKey::from_slice(&buf).map_err(|e| de::Error::custom(&e))?;
97                Ok(Box::new(key))
98            } else {
99                Err(de::Error::invalid_length(v.len(), &self))
100            }
101        }
102    }
103
104    de.deserialize_any(KeyVisitor)
105}
106
107/// Information on the device and user that sent the megolm session data to us
108///
109/// Sessions start off in `UnknownDevice` state, and progress into `DeviceInfo`
110/// state when we get the device info. Finally, if we can look up the sender
111/// using the device info, the session can be moved into
112/// `VerificationViolation`, `SenderUnverified`, or
113/// `SenderVerified` state, depending on the verification status of the user.
114/// If the user's verification state changes, the state may change accordingly.
115#[derive(Clone, Debug, PartialEq, Deserialize, Serialize)]
116#[serde(from = "SenderDataReader")]
117pub enum SenderData {
118    /// We have not yet found the (signed) device info for the sending device,
119    /// or we did find a device but it does not own the session.
120    UnknownDevice {
121        /// Was this session created before we started collecting trust
122        /// information about sessions? If so, we may choose to display its
123        /// messages even though trust info is missing.
124        legacy_session: bool,
125
126        /// If true, we found the device but it was not the owner of the
127        /// session. If false, we could not find the device.
128        #[serde(skip_serializing_if = "std::ops::Not::not")]
129        #[serde(default)]
130        owner_check_failed: bool,
131    },
132
133    /// We have the signed device info for the sending device, but not yet the
134    /// cross-signing key that it was signed with.
135    DeviceInfo {
136        /// Information about the device that sent the to-device message
137        /// creating this session.
138        device_keys: DeviceKeys,
139
140        /// Was this session created before we started collecting trust
141        /// information about sessions? If so, we may choose to display its
142        /// messages even though trust info is missing.
143        legacy_session: bool,
144    },
145
146    /// We have found proof that this user, with this cross-signing key, sent
147    /// the to-device message that established this session, but we have not yet
148    /// verified the cross-signing key, and we had verified a previous
149    /// cross-signing key for this user.
150    VerificationViolation(KnownSenderData),
151
152    /// We have found proof that this user, with this cross-signing key, sent
153    /// the to-device message that established this session, but we have not yet
154    /// verified the cross-signing key.
155    SenderUnverified(KnownSenderData),
156
157    /// We have found proof that this user, with this cross-signing key, sent
158    /// the to-device message that established this session, and we have
159    /// verified the cross-signing key.
160    SenderVerified(KnownSenderData),
161}
162
163impl SenderData {
164    /// Whether we should recalculate the Megolm sender's data, given the
165    /// current sender data. We only want to recalculate if it might
166    /// increase trust and allow us to decrypt messages that we
167    /// otherwise might refuse to decrypt.
168    ///
169    /// We recalculate for all states except:
170    ///
171    /// - SenderUnverified: the sender is trusted enough that we will decrypt
172    ///   their messages in all cases, or
173    /// - SenderVerified: the sender is the most trusted they can be.
174    pub fn should_recalculate(&self) -> bool {
175        matches!(
176            self,
177            SenderData::UnknownDevice { .. }
178                | SenderData::DeviceInfo { .. }
179                | SenderData::VerificationViolation { .. }
180        )
181    }
182
183    /// Create a [`SenderData`] which contains no device info.
184    pub fn unknown() -> Self {
185        Self::UnknownDevice { legacy_session: false, owner_check_failed: false }
186    }
187
188    /// Create a [`SenderData`] which contains device info.
189    pub fn device_info(device_keys: DeviceKeys) -> Self {
190        Self::DeviceInfo { device_keys, legacy_session: false }
191    }
192
193    /// Create a [`SenderData`] with a known but unverified sender, where the
194    /// sender was previously verified.
195    pub fn sender_verification_violation(
196        user_id: &UserId,
197        device_id: &DeviceId,
198        master_key: Ed25519PublicKey,
199    ) -> Self {
200        Self::VerificationViolation(KnownSenderData {
201            user_id: user_id.to_owned(),
202            device_id: Some(device_id.to_owned()),
203            master_key: Box::new(master_key),
204        })
205    }
206
207    /// Create a [`SenderData`] with a known but unverified sender.
208    pub fn sender_unverified(
209        user_id: &UserId,
210        device_id: &DeviceId,
211        master_key: Ed25519PublicKey,
212    ) -> Self {
213        Self::SenderUnverified(KnownSenderData {
214            user_id: user_id.to_owned(),
215            device_id: Some(device_id.to_owned()),
216            master_key: Box::new(master_key),
217        })
218    }
219
220    /// Create a [`SenderData`] with a verified sender.
221    pub fn sender_verified(
222        user_id: &UserId,
223        device_id: &DeviceId,
224        master_key: Ed25519PublicKey,
225    ) -> Self {
226        Self::SenderVerified(KnownSenderData {
227            user_id: user_id.to_owned(),
228            device_id: Some(device_id.to_owned()),
229            master_key: Box::new(master_key),
230        })
231    }
232
233    /// Create a [`SenderData`] which has the legacy flag set. Caution: messages
234    /// within sessions with this flag will be displayed in some contexts,
235    /// even when we are unable to verify the sender.
236    ///
237    /// The returned struct contains no device info.
238    pub fn legacy() -> Self {
239        Self::UnknownDevice { legacy_session: true, owner_check_failed: false }
240    }
241
242    /// Create a [`SenderData`] representing the current verification state of
243    /// the given device.
244    ///
245    /// Depending on whether the device is correctly cross-signed or not, and
246    /// whether the user has been verified or not, this can return
247    /// [`SenderData::DeviceInfo`], [`SenderData::VerificationViolation`],
248    /// [`SenderData::SenderUnverified`] or [`SenderData::SenderVerified`]
249    pub fn from_device(sender_device: &Device) -> Self {
250        // Is the device cross-signed?
251        // Does the cross-signing key match that used to sign the device?
252        // And is the signature in the device valid?
253        let cross_signed = sender_device.is_cross_signed_by_owner();
254
255        if cross_signed {
256            SenderData::from_cross_signed_device(sender_device)
257        } else {
258            // We have device keys, but they are not signed by the sender
259            SenderData::device_info(sender_device.as_device_keys().clone())
260        }
261    }
262
263    fn from_cross_signed_device(sender_device: &Device) -> Self {
264        let user_id = sender_device.user_id().to_owned();
265        let device_id = Some(sender_device.device_id().to_owned());
266
267        let device_owner = sender_device.device_owner_identity.as_ref();
268        let master_key = device_owner.and_then(|i| i.master_key().get_first_key());
269
270        match (device_owner, master_key) {
271            (Some(device_owner), Some(master_key)) => {
272                // We have user_id and master_key for the user sending the to-device message.
273                let master_key = Box::new(master_key);
274                let known_sender_data = KnownSenderData { user_id, device_id, master_key };
275                if sender_device.is_cross_signing_trusted() {
276                    Self::SenderVerified(known_sender_data)
277                } else if device_owner.was_previously_verified() {
278                    Self::VerificationViolation(known_sender_data)
279                } else {
280                    Self::SenderUnverified(known_sender_data)
281                }
282            }
283
284            (_, _) => {
285                // Surprisingly, there was no key in the MasterPubkey. We did not expect this:
286                // treat it as if the device was not signed by this master key.
287                //
288                error!("MasterPubkey for user {user_id} does not contain any keys!");
289                Self::device_info(sender_device.as_device_keys().clone())
290            }
291        }
292    }
293
294    /// Returns `Greater` if this `SenderData` represents a greater level of
295    /// trust than the supplied one, `Equal` if they have the same level, and
296    /// `Less` if the supplied one has a greater level of trust.
297    ///
298    /// So calling this method on a `SenderKnown` or `DeviceInfo` `SenderData`
299    /// would return `Greater` if passed an `UnknownDevice` as its
300    /// argument, and a `SenderKnown` with `master_key_verified == true`
301    /// would return `Greater` if passed a `SenderKnown` with
302    /// `master_key_verified == false`.
303    pub(crate) fn compare_trust_level(&self, other: &Self) -> Ordering {
304        self.trust_number().cmp(&other.trust_number())
305    }
306
307    /// Internal function to give a numeric value of how much trust this
308    /// `SenderData` represents. Used to make the implementation of
309    /// compare_trust_level simpler.
310    fn trust_number(&self) -> u8 {
311        match self {
312            SenderData::UnknownDevice { .. } => 0,
313            SenderData::DeviceInfo { .. } => 1,
314            SenderData::VerificationViolation(..) => 2,
315            SenderData::SenderUnverified(..) => 3,
316            SenderData::SenderVerified(..) => 4,
317        }
318    }
319
320    /// Return our type as a [`SenderDataType`].
321    pub fn to_type(&self) -> SenderDataType {
322        match self {
323            Self::UnknownDevice { .. } => SenderDataType::UnknownDevice,
324            Self::DeviceInfo { .. } => SenderDataType::DeviceInfo,
325            Self::VerificationViolation { .. } => SenderDataType::VerificationViolation,
326            Self::SenderUnverified { .. } => SenderDataType::SenderUnverified,
327            Self::SenderVerified { .. } => SenderDataType::SenderVerified,
328        }
329    }
330
331    /// Return our best guess of the owner of the associated megolm session.
332    ///
333    /// For `SenderData::UnknownDevice`, we don't record any information about
334    /// the owner of the sender, so returns `None`.
335    pub(crate) fn user_id(&self) -> Option<OwnedUserId> {
336        match &self {
337            SenderData::UnknownDevice { .. } => None,
338            SenderData::DeviceInfo { device_keys, .. } => Some(device_keys.user_id.clone()),
339            SenderData::VerificationViolation(known_sender_data) => {
340                Some(known_sender_data.user_id.clone())
341            }
342            SenderData::SenderUnverified(known_sender_data) => {
343                Some(known_sender_data.user_id.clone())
344            }
345            SenderData::SenderVerified(known_sender_data) => {
346                Some(known_sender_data.user_id.clone())
347            }
348        }
349    }
350}
351
352/// Used when deserialising and the sender_data property is missing.
353/// If we are deserialising an InboundGroupSession session with missing
354/// sender_data, this must be a legacy session (i.e. it was created before we
355/// started tracking sender data). We set its legacy flag to true, so we can
356/// populate it with trust information if it is available later.
357impl Default for SenderData {
358    fn default() -> Self {
359        Self::legacy()
360    }
361}
362
363/// Deserialisation type, to handle conversion from older formats
364#[derive(Deserialize)]
365enum SenderDataReader {
366    UnknownDevice {
367        legacy_session: bool,
368        #[serde(default)]
369        owner_check_failed: bool,
370    },
371
372    DeviceInfo {
373        device_keys: DeviceKeys,
374        legacy_session: bool,
375    },
376
377    #[serde(alias = "SenderUnverifiedButPreviouslyVerified")]
378    VerificationViolation(KnownSenderData),
379
380    SenderUnverified(KnownSenderData),
381
382    SenderVerified(KnownSenderData),
383
384    // If we read this older variant, it gets changed to SenderUnverified or
385    // SenderVerified, depending on the master_key_verified flag.
386    SenderKnown {
387        user_id: OwnedUserId,
388        device_id: Option<OwnedDeviceId>,
389        master_key: Box<Ed25519PublicKey>,
390        master_key_verified: bool,
391    },
392}
393
394impl From<SenderDataReader> for SenderData {
395    fn from(data: SenderDataReader) -> Self {
396        match data {
397            SenderDataReader::UnknownDevice { legacy_session, owner_check_failed } => {
398                Self::UnknownDevice { legacy_session, owner_check_failed }
399            }
400            SenderDataReader::DeviceInfo { device_keys, legacy_session } => {
401                Self::DeviceInfo { device_keys, legacy_session }
402            }
403            SenderDataReader::VerificationViolation(data) => Self::VerificationViolation(data),
404            SenderDataReader::SenderUnverified(data) => Self::SenderUnverified(data),
405            SenderDataReader::SenderVerified(data) => Self::SenderVerified(data),
406            SenderDataReader::SenderKnown {
407                user_id,
408                device_id,
409                master_key,
410                master_key_verified,
411            } => {
412                let known_sender_data = KnownSenderData { user_id, device_id, master_key };
413                if master_key_verified {
414                    Self::SenderVerified(known_sender_data)
415                } else {
416                    Self::SenderUnverified(known_sender_data)
417                }
418            }
419        }
420    }
421}
422
423/// Used when serializing [`crate::olm::group_sessions::InboundGroupSession`]s.
424/// We want just the type of the session's [`SenderData`] to be queryable, so we
425/// store the type as a separate column/property in the database.
426#[derive(Clone, Copy, Debug, PartialEq, Deserialize, Serialize)]
427pub enum SenderDataType {
428    /// The [`SenderData`] is of type `UnknownDevice`.
429    UnknownDevice = 1,
430    /// The [`SenderData`] is of type `DeviceInfo`.
431    DeviceInfo = 2,
432    /// The [`SenderData`] is of type `VerificationViolation`.
433    VerificationViolation = 3,
434    /// The [`SenderData`] is of type `SenderUnverified`.
435    SenderUnverified = 4,
436    /// The [`SenderData`] is of type `SenderVerified`.
437    SenderVerified = 5,
438}
439
440#[cfg(test)]
441mod tests {
442    use std::{cmp::Ordering, collections::BTreeMap, ops::Deref};
443
444    use assert_matches2::assert_let;
445    use insta::assert_json_snapshot;
446    use matrix_sdk_test::async_test;
447    use ruma::{
448        device_id, owned_device_id, owned_user_id, user_id, DeviceKeyAlgorithm, DeviceKeyId,
449    };
450    use serde_json::json;
451    use vodozemac::{base64_decode, Curve25519PublicKey, Ed25519PublicKey};
452
453    use super::SenderData;
454    use crate::{
455        machine::test_helpers::{
456            create_signed_device_of_unverified_user, create_signed_device_of_verified_user,
457            create_unsigned_device,
458        },
459        olm::{KnownSenderData, PickledInboundGroupSession, PrivateCrossSigningIdentity},
460        types::{DeviceKey, DeviceKeys, EventEncryptionAlgorithm, Signatures},
461        Account,
462    };
463
464    #[test]
465    fn serializing_unknown_device_correctly_preserves_owner_check_failed_if_true() {
466        // Given an unknown device SenderData with failed owner check
467        let start = SenderData::UnknownDevice { legacy_session: false, owner_check_failed: true };
468
469        // When we round-trip it to JSON and back
470        let json = serde_json::to_string(&start).unwrap();
471        let end: SenderData = serde_json::from_str(&json).unwrap();
472
473        // Then the failed owner check flag is preserved
474        assert_let!(SenderData::UnknownDevice { owner_check_failed, .. } = &end);
475        assert!(owner_check_failed);
476
477        // And for good measure, everything is preserved
478        assert_eq!(start, end);
479    }
480
481    #[test]
482    fn serializing_unknown_device_without_failed_owner_check_excludes_it() {
483        // Given an unknown device SenderData with owner_check_failed==false
484        let start = SenderData::UnknownDevice { legacy_session: false, owner_check_failed: false };
485
486        // When we write it to JSON
487        let json = serde_json::to_string(&start).unwrap();
488
489        // Then the JSON does not mention `owner_check_failed`
490        assert!(!json.contains("owner_check_failed"), "JSON contains 'owner_check_failed'!");
491
492        // And for good measure, it round-trips fully
493        let end: SenderData = serde_json::from_str(&json).unwrap();
494        assert_eq!(start, end);
495    }
496
497    #[test]
498    fn deserializing_unknown_device_with_extra_retry_info_ignores_it() {
499        // Previously, SenderData contained `retry_details` but it is no longer needed -
500        // just check that we are able to deserialize even if it is present.
501        let json = r#"
502            {
503                "UnknownDevice":{
504                    "retry_details":{
505                        "retry_count":3,
506                        "next_retry_time_ms":10000
507                    },
508                    "legacy_session":false
509                }
510            }
511            "#;
512
513        let end: SenderData = serde_json::from_str(json).expect("Failed to parse!");
514        assert_let!(SenderData::UnknownDevice { .. } = end);
515    }
516
517    #[test]
518    fn deserializing_senderknown_without_device_id_defaults_to_none() {
519        let json = r#"
520            {
521                "SenderKnown":{
522                    "user_id":"@u:s.co",
523                    "master_key":[
524                        150,140,249,139,141,29,63,230,179,14,213,175,176,61,11,255,
525                        26,103,10,51,100,154,183,47,181,117,87,204,33,215,241,92
526                    ],
527                    "master_key_verified":true
528                }
529            }
530            "#;
531
532        let end: SenderData = serde_json::from_str(json).expect("Failed to parse!");
533        assert_let!(SenderData::SenderVerified { .. } = end);
534    }
535
536    #[test]
537    fn deserializing_sender_unverified_but_previously_verified_migrates_to_verification_violation()
538    {
539        let json = r#"
540            {
541                "SenderUnverifiedButPreviouslyVerified":{
542                    "user_id":"@u:s.co",
543                    "master_key":[
544                        150,140,249,139,141,29,63,230,179,14,213,175,176,61,11,255,
545                        26,103,10,51,100,154,183,47,181,117,87,204,33,215,241,92
546                    ],
547                    "master_key_verified":true
548                }
549            }
550            "#;
551
552        let end: SenderData = serde_json::from_str(json).expect("Failed to parse!");
553        assert_let!(SenderData::VerificationViolation(KnownSenderData { user_id, .. }) = end);
554        assert_eq!(user_id, owned_user_id!("@u:s.co"));
555    }
556
557    #[test]
558    fn deserializing_verification_violation() {
559        let json = r#"
560            {
561                "VerificationViolation":{
562                    "user_id":"@u:s.co",
563                    "master_key":[
564                        150,140,249,139,141,29,63,230,179,14,213,175,176,61,11,255,
565                        26,103,10,51,100,154,183,47,181,117,87,204,33,215,241,92
566                    ],
567                    "master_key_verified":true
568                }
569            }
570            "#;
571
572        let end: SenderData = serde_json::from_str(json).expect("Failed to parse!");
573        assert_let!(SenderData::VerificationViolation(KnownSenderData { user_id, .. }) = end);
574        assert_eq!(user_id, owned_user_id!("@u:s.co"));
575    }
576
577    #[test]
578    fn equal_sessions_have_same_trust_level() {
579        let unknown = SenderData::unknown();
580        let device_keys = SenderData::device_info(DeviceKeys::new(
581            owned_user_id!("@u:s.co"),
582            owned_device_id!("DEV"),
583            Vec::new(),
584            BTreeMap::new(),
585            Signatures::new(),
586        ));
587        let master_key =
588            Ed25519PublicKey::from_base64("2/5LWJMow5zhJqakV88SIc7q/1pa8fmkfgAzx72w9G4").unwrap();
589        let sender_unverified =
590            SenderData::sender_unverified(user_id!("@u:s.co"), device_id!("DEV"), master_key);
591        let sender_verified =
592            SenderData::sender_verified(user_id!("@u:s.co"), device_id!("DEV"), master_key);
593
594        assert_eq!(unknown.compare_trust_level(&unknown), Ordering::Equal);
595        assert_eq!(device_keys.compare_trust_level(&device_keys), Ordering::Equal);
596        assert_eq!(sender_unverified.compare_trust_level(&sender_unverified), Ordering::Equal);
597        assert_eq!(sender_verified.compare_trust_level(&sender_verified), Ordering::Equal);
598    }
599
600    #[test]
601    fn more_trust_data_makes_you_more_trusted() {
602        let unknown = SenderData::unknown();
603        let device_keys = SenderData::device_info(DeviceKeys::new(
604            owned_user_id!("@u:s.co"),
605            owned_device_id!("DEV"),
606            Vec::new(),
607            BTreeMap::new(),
608            Signatures::new(),
609        ));
610        let master_key =
611            Ed25519PublicKey::from_base64("2/5LWJMow5zhJqakV88SIc7q/1pa8fmkfgAzx72w9G4").unwrap();
612        let sender_verification_violation = SenderData::sender_verification_violation(
613            user_id!("@u:s.co"),
614            device_id!("DEV"),
615            master_key,
616        );
617        let sender_unverified =
618            SenderData::sender_unverified(user_id!("@u:s.co"), device_id!("DEV"), master_key);
619        let sender_verified =
620            SenderData::sender_verified(user_id!("@u:s.co"), device_id!("DEV"), master_key);
621
622        assert_eq!(unknown.compare_trust_level(&device_keys), Ordering::Less);
623        assert_eq!(unknown.compare_trust_level(&sender_verification_violation), Ordering::Less);
624        assert_eq!(unknown.compare_trust_level(&sender_unverified), Ordering::Less);
625        assert_eq!(unknown.compare_trust_level(&sender_verified), Ordering::Less);
626        assert_eq!(device_keys.compare_trust_level(&unknown), Ordering::Greater);
627        assert_eq!(sender_verification_violation.compare_trust_level(&unknown), Ordering::Greater);
628        assert_eq!(sender_unverified.compare_trust_level(&unknown), Ordering::Greater);
629        assert_eq!(sender_verified.compare_trust_level(&unknown), Ordering::Greater);
630
631        assert_eq!(device_keys.compare_trust_level(&sender_unverified), Ordering::Less);
632        assert_eq!(device_keys.compare_trust_level(&sender_verified), Ordering::Less);
633        assert_eq!(
634            sender_verification_violation.compare_trust_level(&device_keys),
635            Ordering::Greater
636        );
637        assert_eq!(sender_unverified.compare_trust_level(&device_keys), Ordering::Greater);
638        assert_eq!(sender_verified.compare_trust_level(&device_keys), Ordering::Greater);
639
640        assert_eq!(
641            sender_verification_violation.compare_trust_level(&sender_verified),
642            Ordering::Less
643        );
644        assert_eq!(
645            sender_verification_violation.compare_trust_level(&sender_unverified),
646            Ordering::Less
647        );
648        assert_eq!(sender_unverified.compare_trust_level(&sender_verified), Ordering::Less);
649        assert_eq!(sender_verified.compare_trust_level(&sender_unverified), Ordering::Greater);
650    }
651
652    #[test]
653    fn snapshot_sender_data() {
654        assert_json_snapshot!(SenderData::UnknownDevice {
655            legacy_session: false,
656            owner_check_failed: true,
657        });
658
659        assert_json_snapshot!(SenderData::UnknownDevice {
660            legacy_session: true,
661            owner_check_failed: false,
662        });
663
664        assert_json_snapshot!(SenderData::DeviceInfo {
665            device_keys: DeviceKeys::new(
666                owned_user_id!("@foo:bar.baz"),
667                owned_device_id!("DEV"),
668                vec![
669                    EventEncryptionAlgorithm::MegolmV1AesSha2,
670                    EventEncryptionAlgorithm::OlmV1Curve25519AesSha2
671                ],
672                BTreeMap::from_iter(vec![(
673                    DeviceKeyId::from_parts(DeviceKeyAlgorithm::Ed25519, device_id!("ABCDEFGH")),
674                    DeviceKey::Curve25519(Curve25519PublicKey::from_bytes([0u8; 32])),
675                )]),
676                Default::default(),
677            ),
678            legacy_session: false,
679        });
680
681        assert_json_snapshot!(SenderData::VerificationViolation(KnownSenderData {
682            user_id: owned_user_id!("@foo:bar.baz"),
683            device_id: Some(owned_device_id!("DEV")),
684            master_key: Box::new(Ed25519PublicKey::from_slice(&[0u8; 32]).unwrap()),
685        }));
686
687        assert_json_snapshot!(SenderData::SenderUnverified(KnownSenderData {
688            user_id: owned_user_id!("@foo:bar.baz"),
689            device_id: None,
690            master_key: Box::new(Ed25519PublicKey::from_slice(&[1u8; 32]).unwrap()),
691        }));
692
693        assert_json_snapshot!(SenderData::SenderVerified(KnownSenderData {
694            user_id: owned_user_id!("@foo:bar.baz"),
695            device_id: None,
696            master_key: Box::new(Ed25519PublicKey::from_slice(&[1u8; 32]).unwrap()),
697        }));
698    }
699
700    #[test]
701    fn test_sender_known_data_migration() {
702        let old_format = json!(
703        {
704            "SenderVerified": {
705                "user_id": "@foo:bar.baz",
706                "device_id": null,
707                "master_key": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
708            }
709        });
710
711        let migrated: SenderData = serde_json::from_value(old_format).unwrap();
712
713        assert_let!(SenderData::SenderVerified(KnownSenderData { master_key, .. }) = migrated);
714
715        assert_eq!(
716            master_key.to_base64(),
717            Ed25519PublicKey::from_slice(&[0u8; 32]).unwrap().to_base64()
718        );
719    }
720
721    #[test]
722    fn test_sender_known_data_migration_with_efficient_bytes_array() {
723        // This is an serialized PickledInboundGroupSession as rmp_serde will generate.
724        //
725        // This export usse a more efficient serialization format for bytes. This was
726        // exported when the `KnownSenderData` master_key was serialized as an byte
727        // array instead of a base64 encoded string.
728        const SERIALIZED_B64: &str = "\
729            iaZwaWNrbGWEr2luaXRpYWxfcmF0Y2hldIKlaW5uZXLcAIABYMzfSnBRzMlPKF1uKjYbzLtkzNJ4RcylzN0HzP\
730            9DzON1Tm05zO7M2MzFQsy9Acz9zPnMqDvM4syQzNrMzxF5KzbM4sy9zPUbBWfM7m4/zJzM18zDzMESKgfMkE7M\
731            yszIHszqWjYyQURbzKTMkx7M58zANsy+AGPM2A8tbcyFYczge8ykzMFdbVxJMMyAzN8azJEXGsy8zPJazMMaP8\
732            ziDszmWwfM+My2ajLMr8y+eczTRm9TFadjb3VudGVyAKtzaWduaW5nX2tlecQgefpCr6Duu7QUWzKIeMOFmxv/\
733            NjfcsYwZz8IN2ZOhdaS0c2lnbmluZ19rZXlfdmVyaWZpZWTDpmNvbmZpZ4GndmVyc2lvbqJWMapzZW5kZXJfa2\
734            V52StoMkIySDg2ajFpYmk2SW13ak9UUkhzbTVMamtyT2kyUGtiSXVUb0w0TWtFq3NpZ25pbmdfa2V5gadlZDI1\
735            NTE52StUWHJqNS9UYXpia3Yram1CZDl4UlB4NWNVaFFzNUNnblc1Q1pNRjgvNjZzq3NlbmRlcl9kYXRhgbBTZW\
736            5kZXJVbnZlcmlmaWVkg6d1c2VyX2lks0B2YWxvdTM1Om1hdHJpeC5vcmepZGV2aWNlX2lkqkZJQlNaRlJLUE2q\
737            bWFzdGVyX2tlecQgkOp9s4ClyQujYD7rRZA8xgE6kvYlqKSNnMrQNmSrcuGncm9vbV9pZL4hRWt5VEtGdkViYl\
738            B6SmxhaUhFOm1hdHJpeC5vcmeoaW1wb3J0ZWTCqWJhY2tlZF91cMKyaGlzdG9yeV92aXNpYmlsaXR5wKlhbGdv\
739            cml0aG20bS5tZWdvbG0udjEuYWVzLXNoYTI";
740
741        let input = base64_decode(SERIALIZED_B64).unwrap();
742        let sender_data: PickledInboundGroupSession = rmp_serde::from_slice(&input)
743            .expect("Should be able to deserialize serialized inbound group session");
744
745        assert_let!(
746            SenderData::SenderUnverified(KnownSenderData { master_key, .. }) =
747                sender_data.sender_data
748        );
749
750        assert_eq!(master_key.to_base64(), "kOp9s4ClyQujYD7rRZA8xgE6kvYlqKSNnMrQNmSrcuE");
751    }
752
753    #[async_test]
754    async fn test_from_device_for_unsigned_device() {
755        let bob_account =
756            Account::with_device_id(user_id!("@bob:example.com"), device_id!("BOB_DEVICE"));
757        let bob_device = create_unsigned_device(bob_account.device_keys());
758
759        let sender_data = SenderData::from_device(&bob_device);
760
761        assert_eq!(
762            sender_data,
763            SenderData::DeviceInfo {
764                device_keys: bob_device.device_keys.deref().clone(),
765                legacy_session: false
766            }
767        );
768    }
769
770    #[async_test]
771    async fn test_from_device_for_unverified_user() {
772        let bob_identity =
773            PrivateCrossSigningIdentity::new(user_id!("@bob:example.com").to_owned());
774        let bob_account =
775            Account::with_device_id(user_id!("@bob:example.com"), device_id!("BOB_DEVICE"));
776        let bob_device = create_signed_device_of_unverified_user(
777            bob_account.device_keys().clone(),
778            &bob_identity,
779        )
780        .await;
781
782        let sender_data = SenderData::from_device(&bob_device);
783
784        assert_eq!(
785            sender_data,
786            SenderData::SenderUnverified(KnownSenderData {
787                user_id: bob_account.user_id().to_owned(),
788                device_id: Some(bob_account.device_id().to_owned()),
789                master_key: Box::new(
790                    bob_identity.master_public_key().await.unwrap().get_first_key().unwrap()
791                ),
792            })
793        );
794    }
795
796    #[async_test]
797    async fn test_from_device_for_verified_user() {
798        let alice_account =
799            Account::with_device_id(user_id!("@alice:example.com"), device_id!("ALICE_DEVICE"));
800        let alice_identity = PrivateCrossSigningIdentity::with_account(&alice_account).await.0;
801
802        let bob_identity =
803            PrivateCrossSigningIdentity::new(user_id!("@bob:example.com").to_owned());
804        let bob_account =
805            Account::with_device_id(user_id!("@bob:example.com"), device_id!("BOB_DEVICE"));
806        let bob_device = create_signed_device_of_verified_user(
807            bob_account.device_keys().clone(),
808            &bob_identity,
809            &alice_identity,
810        )
811        .await;
812
813        let sender_data = SenderData::from_device(&bob_device);
814
815        assert_eq!(
816            sender_data,
817            SenderData::SenderVerified(KnownSenderData {
818                user_id: bob_account.user_id().to_owned(),
819                device_id: Some(bob_account.device_id().to_owned()),
820                master_key: Box::new(
821                    bob_identity.master_public_key().await.unwrap().get_first_key().unwrap()
822                ),
823            })
824        );
825    }
826
827    #[async_test]
828    async fn test_from_device_for_verification_violation_user() {
829        let bob_identity =
830            PrivateCrossSigningIdentity::new(user_id!("@bob:example.com").to_owned());
831        let bob_account =
832            Account::with_device_id(user_id!("@bob:example.com"), device_id!("BOB_DEVICE"));
833        let bob_device =
834            create_signed_device_of_unverified_user(bob_account.device_keys(), &bob_identity).await;
835        bob_device
836            .device_owner_identity
837            .as_ref()
838            .unwrap()
839            .other()
840            .unwrap()
841            .mark_as_previously_verified();
842
843        let sender_data = SenderData::from_device(&bob_device);
844
845        assert_eq!(
846            sender_data,
847            SenderData::VerificationViolation(KnownSenderData {
848                user_id: bob_account.user_id().to_owned(),
849                device_id: Some(bob_account.device_id().to_owned()),
850                master_key: Box::new(
851                    bob_identity.master_public_key().await.unwrap().get_first_key().unwrap()
852                ),
853            })
854        );
855    }
856}