From 69647a33b6ed227e9cf433a8f20ee74cae59f59a Mon Sep 17 00:00:00 2001 From: Hubert Chathi Date: Tue, 26 Nov 2024 10:06:57 -0500 Subject: [PATCH] Use shield status codes from Rust rather than string matching (#4529) --- spec/unit/rust-crypto/rust-crypto.spec.ts | 32 +++++++++++++++---- src/crypto-api/index.ts | 10 ++++++ src/rust-crypto/rust-crypto.ts | 39 +++++++++++++---------- 3 files changed, 58 insertions(+), 23 deletions(-) diff --git a/spec/unit/rust-crypto/rust-crypto.spec.ts b/spec/unit/rust-crypto/rust-crypto.spec.ts index 8fedadd0d42..fc9b571acb2 100644 --- a/spec/unit/rust-crypto/rust-crypto.spec.ts +++ b/spec/unit/rust-crypto/rust-crypto.spec.ts @@ -991,23 +991,41 @@ describe("RustCrypto", () => { }); it.each([ - [undefined, null], - ["Encrypted by an unverified user.", EventShieldReason.UNVERIFIED_IDENTITY], - ["Encrypted by a device not verified by its owner.", EventShieldReason.UNSIGNED_DEVICE], + [undefined, undefined, null], + [ + "Encrypted by an unverified user.", + RustSdkCryptoJs.ShieldStateCode.UnverifiedIdentity, + EventShieldReason.UNVERIFIED_IDENTITY, + ], + [ + "Encrypted by a device not verified by its owner.", + RustSdkCryptoJs.ShieldStateCode.UnsignedDevice, + EventShieldReason.UNSIGNED_DEVICE, + ], [ "The authenticity of this encrypted message can't be guaranteed on this device.", + RustSdkCryptoJs.ShieldStateCode.AuthenticityNotGuaranteed, EventShieldReason.AUTHENTICITY_NOT_GUARANTEED, ], - ["Encrypted by an unknown or deleted device.", EventShieldReason.UNKNOWN_DEVICE], - ["bloop", EventShieldReason.UNKNOWN], - ])("gets the right shield reason (%s)", async (rustReason, expectedReason) => { + [ + "Encrypted by an unknown or deleted device.", + RustSdkCryptoJs.ShieldStateCode.UnknownDevice, + EventShieldReason.UNKNOWN_DEVICE, + ], + ["Not encrypted.", RustSdkCryptoJs.ShieldStateCode.SentInClear, EventShieldReason.SENT_IN_CLEAR], + [ + "Encrypted by a previously-verified user who is no longer verified.", + RustSdkCryptoJs.ShieldStateCode.PreviouslyVerified, + EventShieldReason.VERIFICATION_VIOLATION, + ], + ])("gets the right shield reason (%s)", async (rustReason, rustCode, expectedReason) => { // suppress the warning from the unknown shield reason jest.spyOn(console, "warn").mockImplementation(() => {}); const mockEncryptionInfo = { shieldState: jest .fn() - .mockReturnValue({ color: RustSdkCryptoJs.ShieldColor.None, message: rustReason }), + .mockReturnValue({ color: RustSdkCryptoJs.ShieldColor.None, code: rustCode, message: rustReason }), } as unknown as RustSdkCryptoJs.EncryptionInfo; olmMachine.getRoomEventEncryptionInfo.mockResolvedValue(mockEncryptionInfo); diff --git a/src/crypto-api/index.ts b/src/crypto-api/index.ts index 89ece07acbe..94c4ac5a5c2 100644 --- a/src/crypto-api/index.ts +++ b/src/crypto-api/index.ts @@ -1157,6 +1157,16 @@ export enum EventShieldReason { * decryption keys. */ MISMATCHED_SENDER_KEY, + + /** + * The event was sent unencrypted in an encrypted room. + */ + SENT_IN_CLEAR, + + /** + * The sender was previously verified but changed their identity. + */ + VERIFICATION_VIOLATION, } /** The result of a call to {@link CryptoApi.getOwnDeviceKeys} */ diff --git a/src/rust-crypto/rust-crypto.ts b/src/rust-crypto/rust-crypto.ts index 82760bed13e..d18461e7b22 100644 --- a/src/rust-crypto/rust-crypto.ts +++ b/src/rust-crypto/rust-crypto.ts @@ -2180,22 +2180,29 @@ function rustEncryptionInfoToJsEncryptionInfo( } let shieldReason: EventShieldReason | null; - if (shieldState.message === undefined) { - shieldReason = null; - } else if (shieldState.message === "Encrypted by an unverified user.") { - // this case isn't actually used with lax shield semantics. - shieldReason = EventShieldReason.UNVERIFIED_IDENTITY; - } else if (shieldState.message === "Encrypted by a device not verified by its owner.") { - shieldReason = EventShieldReason.UNSIGNED_DEVICE; - } else if ( - shieldState.message === "The authenticity of this encrypted message can't be guaranteed on this device." - ) { - shieldReason = EventShieldReason.AUTHENTICITY_NOT_GUARANTEED; - } else if (shieldState.message === "Encrypted by an unknown or deleted device.") { - shieldReason = EventShieldReason.UNKNOWN_DEVICE; - } else { - logger.warn(`Unknown shield state message '${shieldState.message}'`); - shieldReason = EventShieldReason.UNKNOWN; + switch (shieldState.code) { + case undefined: + case null: + shieldReason = null; + break; + case RustSdkCryptoJs.ShieldStateCode.AuthenticityNotGuaranteed: + shieldReason = EventShieldReason.AUTHENTICITY_NOT_GUARANTEED; + break; + case RustSdkCryptoJs.ShieldStateCode.UnknownDevice: + shieldReason = EventShieldReason.UNKNOWN_DEVICE; + break; + case RustSdkCryptoJs.ShieldStateCode.UnsignedDevice: + shieldReason = EventShieldReason.UNSIGNED_DEVICE; + break; + case RustSdkCryptoJs.ShieldStateCode.UnverifiedIdentity: + shieldReason = EventShieldReason.UNVERIFIED_IDENTITY; + break; + case RustSdkCryptoJs.ShieldStateCode.SentInClear: + shieldReason = EventShieldReason.SENT_IN_CLEAR; + break; + case RustSdkCryptoJs.ShieldStateCode.PreviouslyVerified: + shieldReason = EventShieldReason.VERIFICATION_VIOLATION; + break; } return { shieldColour, shieldReason };