summaryrefslogtreecommitdiffstats
path: root/comm/chat/protocols/matrix/lib/matrix-sdk/crypto/verification
diff options
context:
space:
mode:
Diffstat (limited to 'comm/chat/protocols/matrix/lib/matrix-sdk/crypto/verification')
-rw-r--r--comm/chat/protocols/matrix/lib/matrix-sdk/crypto/verification/Base.js345
-rw-r--r--comm/chat/protocols/matrix/lib/matrix-sdk/crypto/verification/Error.js100
-rw-r--r--comm/chat/protocols/matrix/lib/matrix-sdk/crypto/verification/IllegalMethod.js46
-rw-r--r--comm/chat/protocols/matrix/lib/matrix-sdk/crypto/verification/QRCode.js269
-rw-r--r--comm/chat/protocols/matrix/lib/matrix-sdk/crypto/verification/SAS.js454
-rw-r--r--comm/chat/protocols/matrix/lib/matrix-sdk/crypto/verification/SASDecimal.js39
-rw-r--r--comm/chat/protocols/matrix/lib/matrix-sdk/crypto/verification/request/Channel.js5
-rw-r--r--comm/chat/protocols/matrix/lib/matrix-sdk/crypto/verification/request/InRoomChannel.js349
-rw-r--r--comm/chat/protocols/matrix/lib/matrix-sdk/crypto/verification/request/ToDeviceChannel.js322
-rw-r--r--comm/chat/protocols/matrix/lib/matrix-sdk/crypto/verification/request/VerificationRequest.js870
10 files changed, 2799 insertions, 0 deletions
diff --git a/comm/chat/protocols/matrix/lib/matrix-sdk/crypto/verification/Base.js b/comm/chat/protocols/matrix/lib/matrix-sdk/crypto/verification/Base.js
new file mode 100644
index 0000000000..4da45f880e
--- /dev/null
+++ b/comm/chat/protocols/matrix/lib/matrix-sdk/crypto/verification/Base.js
@@ -0,0 +1,345 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+ value: true
+});
+exports.VerificationEvent = exports.VerificationBase = exports.SwitchStartEventError = void 0;
+var _event = require("../../models/event");
+var _event2 = require("../../@types/event");
+var _logger = require("../../logger");
+var _deviceinfo = require("../deviceinfo");
+var _Error = require("./Error");
+var _CrossSigning = require("../CrossSigning");
+var _typedEventEmitter = require("../../models/typed-event-emitter");
+var _verification = require("../../crypto-api/verification");
+function _defineProperty(obj, key, value) { key = _toPropertyKey(key); if (key in obj) { Object.defineProperty(obj, key, { value: value, enumerable: true, configurable: true, writable: true }); } else { obj[key] = value; } return obj; }
+function _toPropertyKey(arg) { var key = _toPrimitive(arg, "string"); return typeof key === "symbol" ? key : String(key); }
+function _toPrimitive(input, hint) { if (typeof input !== "object" || input === null) return input; var prim = input[Symbol.toPrimitive]; if (prim !== undefined) { var res = prim.call(input, hint || "default"); if (typeof res !== "object") return res; throw new TypeError("@@toPrimitive must return a primitive value."); } return (hint === "string" ? String : Number)(input); } /*
+ Copyright 2018 New Vector Ltd
+ Copyright 2020 The Matrix.org Foundation C.I.C.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ */ /**
+ * Base class for verification methods.
+ */
+const timeoutException = new Error("Verification timed out");
+class SwitchStartEventError extends Error {
+ constructor(startEvent) {
+ super();
+ this.startEvent = startEvent;
+ }
+}
+
+/** @deprecated use VerifierEvent */
+exports.SwitchStartEventError = SwitchStartEventError;
+/** @deprecated use VerifierEvent */
+const VerificationEvent = _verification.VerifierEvent;
+
+/** @deprecated use VerifierEventHandlerMap */
+exports.VerificationEvent = VerificationEvent;
+// The type parameters of VerificationBase are no longer used, but we need some placeholders to maintain
+// backwards compatibility with applications that reference the class.
+class VerificationBase extends _typedEventEmitter.TypedEventEmitter {
+ /**
+ * Base class for verification methods.
+ *
+ * <p>Once a verifier object is created, the verification can be started by
+ * calling the verify() method, which will return a promise that will
+ * resolve when the verification is completed, or reject if it could not
+ * complete.</p>
+ *
+ * <p>Subclasses must have a NAME class property.</p>
+ *
+ * @param channel - the verification channel to send verification messages over.
+ * TODO: Channel types
+ *
+ * @param baseApis - base matrix api interface
+ *
+ * @param userId - the user ID that is being verified
+ *
+ * @param deviceId - the device ID that is being verified
+ *
+ * @param startEvent - the m.key.verification.start event that
+ * initiated this verification, if any
+ *
+ * @param request - the key verification request object related to
+ * this verification, if any
+ */
+ constructor(channel, baseApis, userId, deviceId, startEvent, request) {
+ super();
+ this.channel = channel;
+ this.baseApis = baseApis;
+ this.userId = userId;
+ this.deviceId = deviceId;
+ this.startEvent = startEvent;
+ this.request = request;
+ _defineProperty(this, "cancelled", false);
+ _defineProperty(this, "_done", false);
+ _defineProperty(this, "promise", null);
+ _defineProperty(this, "transactionTimeoutTimer", null);
+ _defineProperty(this, "expectedEvent", void 0);
+ _defineProperty(this, "resolve", void 0);
+ _defineProperty(this, "reject", void 0);
+ _defineProperty(this, "resolveEvent", void 0);
+ _defineProperty(this, "rejectEvent", void 0);
+ _defineProperty(this, "started", void 0);
+ _defineProperty(this, "doVerification", void 0);
+ }
+ get initiatedByMe() {
+ // if there is no start event yet,
+ // we probably want to send it,
+ // which happens if we initiate
+ if (!this.startEvent) {
+ return true;
+ }
+ const sender = this.startEvent.getSender();
+ const content = this.startEvent.getContent();
+ return sender === this.baseApis.getUserId() && content.from_device === this.baseApis.getDeviceId();
+ }
+ get hasBeenCancelled() {
+ return this.cancelled;
+ }
+ resetTimer() {
+ _logger.logger.info("Refreshing/starting the verification transaction timeout timer");
+ if (this.transactionTimeoutTimer !== null) {
+ clearTimeout(this.transactionTimeoutTimer);
+ }
+ this.transactionTimeoutTimer = setTimeout(() => {
+ if (!this._done && !this.cancelled) {
+ _logger.logger.info("Triggering verification timeout");
+ this.cancel(timeoutException);
+ }
+ }, 10 * 60 * 1000); // 10 minutes
+ }
+
+ endTimer() {
+ if (this.transactionTimeoutTimer !== null) {
+ clearTimeout(this.transactionTimeoutTimer);
+ this.transactionTimeoutTimer = null;
+ }
+ }
+ send(type, uncompletedContent) {
+ return this.channel.send(type, uncompletedContent);
+ }
+ waitForEvent(type) {
+ if (this._done) {
+ return Promise.reject(new Error("Verification is already done"));
+ }
+ const existingEvent = this.request.getEventFromOtherParty(type);
+ if (existingEvent) {
+ return Promise.resolve(existingEvent);
+ }
+ this.expectedEvent = type;
+ return new Promise((resolve, reject) => {
+ this.resolveEvent = resolve;
+ this.rejectEvent = reject;
+ });
+ }
+ canSwitchStartEvent(event) {
+ return false;
+ }
+ switchStartEvent(event) {
+ if (this.canSwitchStartEvent(event)) {
+ _logger.logger.log("Verification Base: switching verification start event", {
+ restartingFlow: !!this.rejectEvent
+ });
+ if (this.rejectEvent) {
+ const reject = this.rejectEvent;
+ this.rejectEvent = undefined;
+ reject(new SwitchStartEventError(event));
+ } else {
+ this.startEvent = event;
+ }
+ }
+ }
+ handleEvent(e) {
+ if (this._done) {
+ return;
+ } else if (e.getType() === this.expectedEvent) {
+ // if we receive an expected m.key.verification.done, then just
+ // ignore it, since we don't need to do anything about it
+ if (this.expectedEvent !== _event2.EventType.KeyVerificationDone) {
+ this.expectedEvent = undefined;
+ this.rejectEvent = undefined;
+ this.resetTimer();
+ this.resolveEvent?.(e);
+ }
+ } else if (e.getType() === _event2.EventType.KeyVerificationCancel) {
+ const reject = this.reject;
+ this.reject = undefined;
+ // there is only promise to reject if verify has been called
+ if (reject) {
+ const content = e.getContent();
+ const {
+ reason,
+ code
+ } = content;
+ reject(new Error(`Other side cancelled verification ` + `because ${reason} (${code})`));
+ }
+ } else if (this.expectedEvent) {
+ // only cancel if there is an event expected.
+ // if there is no event expected, it means verify() wasn't called
+ // and we're just replaying the timeline events when syncing
+ // after a refresh when the events haven't been stored in the cache yet.
+ const exception = new Error("Unexpected message: expecting " + this.expectedEvent + " but got " + e.getType());
+ this.expectedEvent = undefined;
+ if (this.rejectEvent) {
+ const reject = this.rejectEvent;
+ this.rejectEvent = undefined;
+ reject(exception);
+ }
+ this.cancel(exception);
+ }
+ }
+ async done() {
+ this.endTimer(); // always kill the activity timer
+ if (!this._done) {
+ this.request.onVerifierFinished();
+ this.resolve?.();
+ return (0, _CrossSigning.requestKeysDuringVerification)(this.baseApis, this.userId, this.deviceId);
+ }
+ }
+ cancel(e) {
+ this.endTimer(); // always kill the activity timer
+ if (!this._done) {
+ this.cancelled = true;
+ this.request.onVerifierCancelled();
+ if (this.userId && this.deviceId) {
+ // send a cancellation to the other user (if it wasn't
+ // cancelled by the other user)
+ if (e === timeoutException) {
+ const timeoutEvent = (0, _Error.newTimeoutError)();
+ this.send(timeoutEvent.getType(), timeoutEvent.getContent());
+ } else if (e instanceof _event.MatrixEvent) {
+ const sender = e.getSender();
+ if (sender !== this.userId) {
+ const content = e.getContent();
+ if (e.getType() === _event2.EventType.KeyVerificationCancel) {
+ content.code = content.code || "m.unknown";
+ content.reason = content.reason || content.body || "Unknown reason";
+ this.send(_event2.EventType.KeyVerificationCancel, content);
+ } else {
+ this.send(_event2.EventType.KeyVerificationCancel, {
+ code: "m.unknown",
+ reason: content.body || "Unknown reason"
+ });
+ }
+ }
+ } else {
+ this.send(_event2.EventType.KeyVerificationCancel, {
+ code: "m.unknown",
+ reason: e.toString()
+ });
+ }
+ }
+ if (this.promise !== null) {
+ // when we cancel without a promise, we end up with a promise
+ // but no reject function. If cancel is called again, we'd error.
+ if (this.reject) this.reject(e);
+ } else {
+ // FIXME: this causes an "Uncaught promise" console message
+ // if nothing ends up chaining this promise.
+ this.promise = Promise.reject(e);
+ }
+ // Also emit a 'cancel' event that the app can listen for to detect cancellation
+ // before calling verify()
+ this.emit(VerificationEvent.Cancel, e);
+ }
+ }
+
+ /**
+ * Begin the key verification
+ *
+ * @returns Promise which resolves when the verification has
+ * completed.
+ */
+ verify() {
+ if (this.promise) return this.promise;
+ this.promise = new Promise((resolve, reject) => {
+ this.resolve = (...args) => {
+ this._done = true;
+ this.endTimer();
+ resolve(...args);
+ };
+ this.reject = e => {
+ this._done = true;
+ this.endTimer();
+ reject(e);
+ };
+ });
+ if (this.doVerification && !this.started) {
+ this.started = true;
+ this.resetTimer(); // restart the timeout
+ new Promise((resolve, reject) => {
+ const crossSignId = this.baseApis.crypto.deviceList.getStoredCrossSigningForUser(this.userId)?.getId();
+ if (crossSignId === this.deviceId) {
+ reject(new Error("Device ID is the same as the cross-signing ID"));
+ }
+ resolve();
+ }).then(() => this.doVerification()).then(this.done.bind(this), this.cancel.bind(this));
+ }
+ return this.promise;
+ }
+ async verifyKeys(userId, keys, verifier) {
+ // we try to verify all the keys that we're told about, but we might
+ // not know about all of them, so keep track of the keys that we know
+ // about, and ignore the rest
+ const verifiedDevices = [];
+ for (const [keyId, keyInfo] of Object.entries(keys)) {
+ const deviceId = keyId.split(":", 2)[1];
+ const device = this.baseApis.getStoredDevice(userId, deviceId);
+ if (device) {
+ verifier(keyId, device, keyInfo);
+ verifiedDevices.push([deviceId, keyId, device.keys[keyId]]);
+ } else {
+ const crossSigningInfo = this.baseApis.crypto.deviceList.getStoredCrossSigningForUser(userId);
+ if (crossSigningInfo && crossSigningInfo.getId() === deviceId) {
+ verifier(keyId, _deviceinfo.DeviceInfo.fromStorage({
+ keys: {
+ [keyId]: deviceId
+ }
+ }, deviceId), keyInfo);
+ verifiedDevices.push([deviceId, keyId, deviceId]);
+ } else {
+ _logger.logger.warn(`verification: Could not find device ${deviceId} to verify`);
+ }
+ }
+ }
+
+ // if none of the keys could be verified, then error because the app
+ // should be informed about that
+ if (!verifiedDevices.length) {
+ throw new Error("No devices could be verified");
+ }
+ _logger.logger.info("Verification completed! Marking devices verified: ", verifiedDevices);
+ // TODO: There should probably be a batch version of this, otherwise it's going
+ // to upload each signature in a separate API call which is silly because the
+ // API supports as many signatures as you like.
+ for (const [deviceId, keyId, key] of verifiedDevices) {
+ await this.baseApis.crypto.setDeviceVerification(userId, deviceId, true, null, null, {
+ [keyId]: key
+ });
+ }
+
+ // if one of the user's own devices is being marked as verified / unverified,
+ // check the key backup status, since whether or not we use this depends on
+ // whether it has a signature from a verified device
+ if (userId == this.baseApis.credentials.userId) {
+ await this.baseApis.checkKeyBackup();
+ }
+ }
+ get events() {
+ return undefined;
+ }
+}
+exports.VerificationBase = VerificationBase; \ No newline at end of file
diff --git a/comm/chat/protocols/matrix/lib/matrix-sdk/crypto/verification/Error.js b/comm/chat/protocols/matrix/lib/matrix-sdk/crypto/verification/Error.js
new file mode 100644
index 0000000000..3d24c03955
--- /dev/null
+++ b/comm/chat/protocols/matrix/lib/matrix-sdk/crypto/verification/Error.js
@@ -0,0 +1,100 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+ value: true
+});
+exports.errorFactory = errorFactory;
+exports.errorFromEvent = errorFromEvent;
+exports.newUserCancelledError = exports.newUnknownMethodError = exports.newUnexpectedMessageError = exports.newTimeoutError = exports.newKeyMismatchError = exports.newInvalidMessageError = void 0;
+exports.newVerificationError = newVerificationError;
+var _event = require("../../models/event");
+var _event2 = require("../../@types/event");
+/*
+Copyright 2018 - 2021 The Matrix.org Foundation C.I.C.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+/**
+ * Error messages.
+ */
+
+function newVerificationError(code, reason, extraData) {
+ const content = Object.assign({}, {
+ code,
+ reason
+ }, extraData);
+ return new _event.MatrixEvent({
+ type: _event2.EventType.KeyVerificationCancel,
+ content
+ });
+}
+function errorFactory(code, reason) {
+ return function (extraData) {
+ return newVerificationError(code, reason, extraData);
+ };
+}
+
+/**
+ * The verification was cancelled by the user.
+ */
+const newUserCancelledError = errorFactory("m.user", "Cancelled by user");
+
+/**
+ * The verification timed out.
+ */
+exports.newUserCancelledError = newUserCancelledError;
+const newTimeoutError = errorFactory("m.timeout", "Timed out");
+
+/**
+ * An unknown method was selected.
+ */
+exports.newTimeoutError = newTimeoutError;
+const newUnknownMethodError = errorFactory("m.unknown_method", "Unknown method");
+
+/**
+ * An unexpected message was sent.
+ */
+exports.newUnknownMethodError = newUnknownMethodError;
+const newUnexpectedMessageError = errorFactory("m.unexpected_message", "Unexpected message");
+
+/**
+ * The key does not match.
+ */
+exports.newUnexpectedMessageError = newUnexpectedMessageError;
+const newKeyMismatchError = errorFactory("m.key_mismatch", "Key mismatch");
+
+/**
+ * An invalid message was sent.
+ */
+exports.newKeyMismatchError = newKeyMismatchError;
+const newInvalidMessageError = errorFactory("m.invalid_message", "Invalid message");
+exports.newInvalidMessageError = newInvalidMessageError;
+function errorFromEvent(event) {
+ const content = event.getContent();
+ if (content) {
+ const {
+ code,
+ reason
+ } = content;
+ return {
+ code,
+ reason
+ };
+ } else {
+ return {
+ code: "Unknown error",
+ reason: "m.unknown"
+ };
+ }
+} \ No newline at end of file
diff --git a/comm/chat/protocols/matrix/lib/matrix-sdk/crypto/verification/IllegalMethod.js b/comm/chat/protocols/matrix/lib/matrix-sdk/crypto/verification/IllegalMethod.js
new file mode 100644
index 0000000000..396d911eec
--- /dev/null
+++ b/comm/chat/protocols/matrix/lib/matrix-sdk/crypto/verification/IllegalMethod.js
@@ -0,0 +1,46 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+ value: true
+});
+exports.IllegalMethod = void 0;
+var _Base = require("./Base");
+function _defineProperty(obj, key, value) { key = _toPropertyKey(key); if (key in obj) { Object.defineProperty(obj, key, { value: value, enumerable: true, configurable: true, writable: true }); } else { obj[key] = value; } return obj; }
+function _toPropertyKey(arg) { var key = _toPrimitive(arg, "string"); return typeof key === "symbol" ? key : String(key); }
+function _toPrimitive(input, hint) { if (typeof input !== "object" || input === null) return input; var prim = input[Symbol.toPrimitive]; if (prim !== undefined) { var res = prim.call(input, hint || "default"); if (typeof res !== "object") return res; throw new TypeError("@@toPrimitive must return a primitive value."); } return (hint === "string" ? String : Number)(input); } /*
+ Copyright 2020 The Matrix.org Foundation C.I.C.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ */ /**
+ * Verification method that is illegal to have (cannot possibly
+ * do verification with this method).
+ */
+class IllegalMethod extends _Base.VerificationBase {
+ constructor(...args) {
+ super(...args);
+ _defineProperty(this, "doVerification", async () => {
+ throw new Error("Verification is not possible with this method");
+ });
+ }
+ static factory(channel, baseApis, userId, deviceId, startEvent, request) {
+ return new IllegalMethod(channel, baseApis, userId, deviceId, startEvent, request);
+ }
+
+ // eslint-disable-next-line @typescript-eslint/naming-convention
+ static get NAME() {
+ // Typically the name will be something else, but to complete
+ // the contract we offer a default one here.
+ return "org.matrix.illegal_method";
+ }
+}
+exports.IllegalMethod = IllegalMethod; \ No newline at end of file
diff --git a/comm/chat/protocols/matrix/lib/matrix-sdk/crypto/verification/QRCode.js b/comm/chat/protocols/matrix/lib/matrix-sdk/crypto/verification/QRCode.js
new file mode 100644
index 0000000000..e2334c64e7
--- /dev/null
+++ b/comm/chat/protocols/matrix/lib/matrix-sdk/crypto/verification/QRCode.js
@@ -0,0 +1,269 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+ value: true
+});
+exports.SHOW_QR_CODE_METHOD = exports.SCAN_QR_CODE_METHOD = exports.ReciprocateQRCode = exports.QrCodeEvent = exports.QRCodeData = void 0;
+var _Base = require("./Base");
+var _Error = require("./Error");
+var _olmlib = require("../olmlib");
+var _logger = require("../../logger");
+var _verification = require("../../crypto-api/verification");
+function _defineProperty(obj, key, value) { key = _toPropertyKey(key); if (key in obj) { Object.defineProperty(obj, key, { value: value, enumerable: true, configurable: true, writable: true }); } else { obj[key] = value; } return obj; }
+function _toPropertyKey(arg) { var key = _toPrimitive(arg, "string"); return typeof key === "symbol" ? key : String(key); }
+function _toPrimitive(input, hint) { if (typeof input !== "object" || input === null) return input; var prim = input[Symbol.toPrimitive]; if (prim !== undefined) { var res = prim.call(input, hint || "default"); if (typeof res !== "object") return res; throw new TypeError("@@toPrimitive must return a primitive value."); } return (hint === "string" ? String : Number)(input); } /*
+ Copyright 2018 - 2021 The Matrix.org Foundation C.I.C.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ */ /**
+ * QR code key verification.
+ */
+const SHOW_QR_CODE_METHOD = "m.qr_code.show.v1";
+exports.SHOW_QR_CODE_METHOD = SHOW_QR_CODE_METHOD;
+const SCAN_QR_CODE_METHOD = "m.qr_code.scan.v1";
+
+/** @deprecated use VerifierEvent */
+exports.SCAN_QR_CODE_METHOD = SCAN_QR_CODE_METHOD;
+/** @deprecated use VerifierEvent */
+const QrCodeEvent = _verification.VerifierEvent;
+exports.QrCodeEvent = QrCodeEvent;
+class ReciprocateQRCode extends _Base.VerificationBase {
+ constructor(...args) {
+ super(...args);
+ _defineProperty(this, "reciprocateQREvent", void 0);
+ _defineProperty(this, "doVerification", async () => {
+ if (!this.startEvent) {
+ // TODO: Support scanning QR codes
+ throw new Error("It is not currently possible to start verification" + "with this method yet.");
+ }
+ const {
+ qrCodeData
+ } = this.request;
+ // 1. check the secret
+ if (this.startEvent.getContent()["secret"] !== qrCodeData?.encodedSharedSecret) {
+ throw (0, _Error.newKeyMismatchError)();
+ }
+
+ // 2. ask if other user shows shield as well
+ await new Promise((resolve, reject) => {
+ this.reciprocateQREvent = {
+ confirm: resolve,
+ cancel: () => reject((0, _Error.newUserCancelledError)())
+ };
+ this.emit(QrCodeEvent.ShowReciprocateQr, this.reciprocateQREvent);
+ });
+
+ // 3. determine key to sign / mark as trusted
+ const keys = {};
+ switch (qrCodeData?.mode) {
+ case Mode.VerifyOtherUser:
+ {
+ // add master key to keys to be signed, only if we're not doing self-verification
+ const masterKey = qrCodeData.otherUserMasterKey;
+ keys[`ed25519:${masterKey}`] = masterKey;
+ break;
+ }
+ case Mode.VerifySelfTrusted:
+ {
+ const deviceId = this.request.targetDevice.deviceId;
+ keys[`ed25519:${deviceId}`] = qrCodeData.otherDeviceKey;
+ break;
+ }
+ case Mode.VerifySelfUntrusted:
+ {
+ const masterKey = qrCodeData.myMasterKey;
+ keys[`ed25519:${masterKey}`] = masterKey;
+ break;
+ }
+ }
+
+ // 4. sign the key (or mark own MSK as verified in case of MODE_VERIFY_SELF_TRUSTED)
+ await this.verifyKeys(this.userId, keys, (keyId, device, keyInfo) => {
+ // make sure the device has the expected keys
+ const targetKey = keys[keyId];
+ if (!targetKey) throw (0, _Error.newKeyMismatchError)();
+ if (keyInfo !== targetKey) {
+ _logger.logger.error("key ID from key info does not match");
+ throw (0, _Error.newKeyMismatchError)();
+ }
+ for (const deviceKeyId in device.keys) {
+ if (!deviceKeyId.startsWith("ed25519")) continue;
+ const deviceTargetKey = keys[deviceKeyId];
+ if (!deviceTargetKey) throw (0, _Error.newKeyMismatchError)();
+ if (device.keys[deviceKeyId] !== deviceTargetKey) {
+ _logger.logger.error("master key does not match");
+ throw (0, _Error.newKeyMismatchError)();
+ }
+ }
+ });
+ });
+ }
+ static factory(channel, baseApis, userId, deviceId, startEvent, request) {
+ return new ReciprocateQRCode(channel, baseApis, userId, deviceId, startEvent, request);
+ }
+
+ // eslint-disable-next-line @typescript-eslint/naming-convention
+ static get NAME() {
+ return "m.reciprocate.v1";
+ }
+}
+exports.ReciprocateQRCode = ReciprocateQRCode;
+const CODE_VERSION = 0x02; // the version of binary QR codes we support
+const BINARY_PREFIX = "MATRIX"; // ASCII, used to prefix the binary format
+var Mode = /*#__PURE__*/function (Mode) {
+ Mode[Mode["VerifyOtherUser"] = 0] = "VerifyOtherUser";
+ Mode[Mode["VerifySelfTrusted"] = 1] = "VerifySelfTrusted";
+ Mode[Mode["VerifySelfUntrusted"] = 2] = "VerifySelfUntrusted";
+ return Mode;
+}(Mode || {}); // We do not trust the master key
+class QRCodeData {
+ constructor(mode, sharedSecret,
+ // only set when mode is MODE_VERIFY_OTHER_USER, master key of other party at time of generating QR code
+ otherUserMasterKey,
+ // only set when mode is MODE_VERIFY_SELF_TRUSTED, device key of other party at time of generating QR code
+ otherDeviceKey,
+ // only set when mode is MODE_VERIFY_SELF_UNTRUSTED, own master key at time of generating QR code
+ myMasterKey, buffer) {
+ this.mode = mode;
+ this.sharedSecret = sharedSecret;
+ this.otherUserMasterKey = otherUserMasterKey;
+ this.otherDeviceKey = otherDeviceKey;
+ this.myMasterKey = myMasterKey;
+ this.buffer = buffer;
+ }
+ static async create(request, client) {
+ const sharedSecret = QRCodeData.generateSharedSecret();
+ const mode = QRCodeData.determineMode(request, client);
+ let otherUserMasterKey = null;
+ let otherDeviceKey = null;
+ let myMasterKey = null;
+ if (mode === Mode.VerifyOtherUser) {
+ const otherUserCrossSigningInfo = client.getStoredCrossSigningForUser(request.otherUserId);
+ otherUserMasterKey = otherUserCrossSigningInfo.getId("master");
+ } else if (mode === Mode.VerifySelfTrusted) {
+ otherDeviceKey = await QRCodeData.getOtherDeviceKey(request, client);
+ } else if (mode === Mode.VerifySelfUntrusted) {
+ const myUserId = client.getUserId();
+ const myCrossSigningInfo = client.getStoredCrossSigningForUser(myUserId);
+ myMasterKey = myCrossSigningInfo.getId("master");
+ }
+ const qrData = QRCodeData.generateQrData(request, client, mode, sharedSecret, otherUserMasterKey, otherDeviceKey, myMasterKey);
+ const buffer = QRCodeData.generateBuffer(qrData);
+ return new QRCodeData(mode, sharedSecret, otherUserMasterKey, otherDeviceKey, myMasterKey, buffer);
+ }
+
+ /**
+ * The unpadded base64 encoded shared secret.
+ */
+ get encodedSharedSecret() {
+ return this.sharedSecret;
+ }
+ getBuffer() {
+ return this.buffer;
+ }
+ static generateSharedSecret() {
+ const secretBytes = new Uint8Array(11);
+ global.crypto.getRandomValues(secretBytes);
+ return (0, _olmlib.encodeUnpaddedBase64)(secretBytes);
+ }
+ static async getOtherDeviceKey(request, client) {
+ const myUserId = client.getUserId();
+ const otherDevice = request.targetDevice;
+ const device = otherDevice.deviceId ? client.getStoredDevice(myUserId, otherDevice.deviceId) : undefined;
+ if (!device) {
+ throw new Error("could not find device " + otherDevice?.deviceId);
+ }
+ return device.getFingerprint();
+ }
+ static determineMode(request, client) {
+ const myUserId = client.getUserId();
+ const otherUserId = request.otherUserId;
+ let mode = Mode.VerifyOtherUser;
+ if (myUserId === otherUserId) {
+ // Mode changes depending on whether or not we trust the master cross signing key
+ const myTrust = client.checkUserTrust(myUserId);
+ if (myTrust.isCrossSigningVerified()) {
+ mode = Mode.VerifySelfTrusted;
+ } else {
+ mode = Mode.VerifySelfUntrusted;
+ }
+ }
+ return mode;
+ }
+ static generateQrData(request, client, mode, encodedSharedSecret, otherUserMasterKey, otherDeviceKey, myMasterKey) {
+ const myUserId = client.getUserId();
+ const transactionId = request.channel.transactionId;
+ const qrData = {
+ prefix: BINARY_PREFIX,
+ version: CODE_VERSION,
+ mode,
+ transactionId,
+ firstKeyB64: "",
+ // worked out shortly
+ secondKeyB64: "",
+ // worked out shortly
+ secretB64: encodedSharedSecret
+ };
+ const myCrossSigningInfo = client.getStoredCrossSigningForUser(myUserId);
+ if (mode === Mode.VerifyOtherUser) {
+ // First key is our master cross signing key
+ qrData.firstKeyB64 = myCrossSigningInfo.getId("master");
+ // Second key is the other user's master cross signing key
+ qrData.secondKeyB64 = otherUserMasterKey;
+ } else if (mode === Mode.VerifySelfTrusted) {
+ // First key is our master cross signing key
+ qrData.firstKeyB64 = myCrossSigningInfo.getId("master");
+ qrData.secondKeyB64 = otherDeviceKey;
+ } else if (mode === Mode.VerifySelfUntrusted) {
+ // First key is our device's key
+ qrData.firstKeyB64 = client.getDeviceEd25519Key();
+ // Second key is what we think our master cross signing key is
+ qrData.secondKeyB64 = myMasterKey;
+ }
+ return qrData;
+ }
+ static generateBuffer(qrData) {
+ let buf = Buffer.alloc(0); // we'll concat our way through life
+
+ const appendByte = b => {
+ const tmpBuf = Buffer.from([b]);
+ buf = Buffer.concat([buf, tmpBuf]);
+ };
+ const appendInt = i => {
+ const tmpBuf = Buffer.alloc(2);
+ tmpBuf.writeInt16BE(i, 0);
+ buf = Buffer.concat([buf, tmpBuf]);
+ };
+ const appendStr = (s, enc, withLengthPrefix = true) => {
+ const tmpBuf = Buffer.from(s, enc);
+ if (withLengthPrefix) appendInt(tmpBuf.byteLength);
+ buf = Buffer.concat([buf, tmpBuf]);
+ };
+ const appendEncBase64 = b64 => {
+ const b = (0, _olmlib.decodeBase64)(b64);
+ const tmpBuf = Buffer.from(b);
+ buf = Buffer.concat([buf, tmpBuf]);
+ };
+
+ // Actually build the buffer for the QR code
+ appendStr(qrData.prefix, "ascii", false);
+ appendByte(qrData.version);
+ appendByte(qrData.mode);
+ appendStr(qrData.transactionId, "utf-8");
+ appendEncBase64(qrData.firstKeyB64);
+ appendEncBase64(qrData.secondKeyB64);
+ appendEncBase64(qrData.secretB64);
+ return buf;
+ }
+}
+exports.QRCodeData = QRCodeData; \ No newline at end of file
diff --git a/comm/chat/protocols/matrix/lib/matrix-sdk/crypto/verification/SAS.js b/comm/chat/protocols/matrix/lib/matrix-sdk/crypto/verification/SAS.js
new file mode 100644
index 0000000000..fac79f7a00
--- /dev/null
+++ b/comm/chat/protocols/matrix/lib/matrix-sdk/crypto/verification/SAS.js
@@ -0,0 +1,454 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+ value: true
+});
+exports.SasEvent = exports.SAS = void 0;
+var _anotherJson = _interopRequireDefault(require("another-json"));
+var _Base = require("./Base");
+var _Error = require("./Error");
+var _logger = require("../../logger");
+var _SASDecimal = require("./SASDecimal");
+var _event = require("../../@types/event");
+var _verification = require("../../crypto-api/verification");
+function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
+function _defineProperty(obj, key, value) { key = _toPropertyKey(key); if (key in obj) { Object.defineProperty(obj, key, { value: value, enumerable: true, configurable: true, writable: true }); } else { obj[key] = value; } return obj; }
+function _toPropertyKey(arg) { var key = _toPrimitive(arg, "string"); return typeof key === "symbol" ? key : String(key); }
+function _toPrimitive(input, hint) { if (typeof input !== "object" || input === null) return input; var prim = input[Symbol.toPrimitive]; if (prim !== undefined) { var res = prim.call(input, hint || "default"); if (typeof res !== "object") return res; throw new TypeError("@@toPrimitive must return a primitive value."); } return (hint === "string" ? String : Number)(input); } /*
+ Copyright 2018 - 2021 The Matrix.org Foundation C.I.C.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ */ /**
+ * Short Authentication String (SAS) verification.
+ */
+// backwards-compatibility exports
+
+const START_TYPE = _event.EventType.KeyVerificationStart;
+const EVENTS = [_event.EventType.KeyVerificationAccept, _event.EventType.KeyVerificationKey, _event.EventType.KeyVerificationMac];
+let olmutil;
+const newMismatchedSASError = (0, _Error.errorFactory)("m.mismatched_sas", "Mismatched short authentication string");
+const newMismatchedCommitmentError = (0, _Error.errorFactory)("m.mismatched_commitment", "Mismatched commitment");
+const emojiMapping = [["🐶", "dog"],
+// 0
+["🐱", "cat"],
+// 1
+["🦁", "lion"],
+// 2
+["🐎", "horse"],
+// 3
+["🦄", "unicorn"],
+// 4
+["🐷", "pig"],
+// 5
+["🐘", "elephant"],
+// 6
+["🐰", "rabbit"],
+// 7
+["🐼", "panda"],
+// 8
+["🐓", "rooster"],
+// 9
+["🐧", "penguin"],
+// 10
+["🐢", "turtle"],
+// 11
+["🐟", "fish"],
+// 12
+["🐙", "octopus"],
+// 13
+["🦋", "butterfly"],
+// 14
+["🌷", "flower"],
+// 15
+["🌳", "tree"],
+// 16
+["🌵", "cactus"],
+// 17
+["🍄", "mushroom"],
+// 18
+["🌏", "globe"],
+// 19
+["🌙", "moon"],
+// 20
+["☁️", "cloud"],
+// 21
+["🔥", "fire"],
+// 22
+["🍌", "banana"],
+// 23
+["🍎", "apple"],
+// 24
+["🍓", "strawberry"],
+// 25
+["🌽", "corn"],
+// 26
+["🍕", "pizza"],
+// 27
+["🎂", "cake"],
+// 28
+["❤️", "heart"],
+// 29
+["🙂", "smiley"],
+// 30
+["🤖", "robot"],
+// 31
+["🎩", "hat"],
+// 32
+["👓", "glasses"],
+// 33
+["🔧", "spanner"],
+// 34
+["🎅", "santa"],
+// 35
+["👍", "thumbs up"],
+// 36
+["☂️", "umbrella"],
+// 37
+["⌛", "hourglass"],
+// 38
+["⏰", "clock"],
+// 39
+["🎁", "gift"],
+// 40
+["💡", "light bulb"],
+// 41
+["📕", "book"],
+// 42
+["✏️", "pencil"],
+// 43
+["📎", "paperclip"],
+// 44
+["✂️", "scissors"],
+// 45
+["🔒", "lock"],
+// 46
+["🔑", "key"],
+// 47
+["🔨", "hammer"],
+// 48
+["☎️", "telephone"],
+// 49
+["🏁", "flag"],
+// 50
+["🚂", "train"],
+// 51
+["🚲", "bicycle"],
+// 52
+["✈️", "aeroplane"],
+// 53
+["🚀", "rocket"],
+// 54
+["🏆", "trophy"],
+// 55
+["⚽", "ball"],
+// 56
+["🎸", "guitar"],
+// 57
+["🎺", "trumpet"],
+// 58
+["🔔", "bell"],
+// 59
+["⚓️", "anchor"],
+// 60
+["🎧", "headphones"],
+// 61
+["📁", "folder"],
+// 62
+["📌", "pin"] // 63
+];
+
+function generateEmojiSas(sasBytes) {
+ const emojis = [
+ // just like base64 encoding
+ sasBytes[0] >> 2, (sasBytes[0] & 0x3) << 4 | sasBytes[1] >> 4, (sasBytes[1] & 0xf) << 2 | sasBytes[2] >> 6, sasBytes[2] & 0x3f, sasBytes[3] >> 2, (sasBytes[3] & 0x3) << 4 | sasBytes[4] >> 4, (sasBytes[4] & 0xf) << 2 | sasBytes[5] >> 6];
+ return emojis.map(num => emojiMapping[num]);
+}
+const sasGenerators = {
+ decimal: _SASDecimal.generateDecimalSas,
+ emoji: generateEmojiSas
+};
+function generateSas(sasBytes, methods) {
+ const sas = {};
+ for (const method of methods) {
+ if (method in sasGenerators) {
+ // @ts-ignore - ts doesn't like us mixing types like this
+ sas[method] = sasGenerators[method](Array.from(sasBytes));
+ }
+ }
+ return sas;
+}
+const macMethods = {
+ "hkdf-hmac-sha256": "calculate_mac",
+ "org.matrix.msc3783.hkdf-hmac-sha256": "calculate_mac_fixed_base64",
+ "hkdf-hmac-sha256.v2": "calculate_mac_fixed_base64",
+ "hmac-sha256": "calculate_mac_long_kdf"
+};
+function calculateMAC(olmSAS, method) {
+ return function (input, info) {
+ const mac = olmSAS[macMethods[method]](input, info);
+ _logger.logger.log("SAS calculateMAC:", method, [input, info], mac);
+ return mac;
+ };
+}
+const calculateKeyAgreement = {
+ // eslint-disable-next-line @typescript-eslint/naming-convention
+ "curve25519-hkdf-sha256": function (sas, olmSAS, bytes) {
+ const ourInfo = `${sas.baseApis.getUserId()}|${sas.baseApis.deviceId}|` + `${sas.ourSASPubKey}|`;
+ const theirInfo = `${sas.userId}|${sas.deviceId}|${sas.theirSASPubKey}|`;
+ const sasInfo = "MATRIX_KEY_VERIFICATION_SAS|" + (sas.initiatedByMe ? ourInfo + theirInfo : theirInfo + ourInfo) + sas.channel.transactionId;
+ return olmSAS.generate_bytes(sasInfo, bytes);
+ },
+ "curve25519": function (sas, olmSAS, bytes) {
+ const ourInfo = `${sas.baseApis.getUserId()}${sas.baseApis.deviceId}`;
+ const theirInfo = `${sas.userId}${sas.deviceId}`;
+ const sasInfo = "MATRIX_KEY_VERIFICATION_SAS" + (sas.initiatedByMe ? ourInfo + theirInfo : theirInfo + ourInfo) + sas.channel.transactionId;
+ return olmSAS.generate_bytes(sasInfo, bytes);
+ }
+};
+/* lists of algorithms/methods that are supported. The key agreement, hashes,
+ * and MAC lists should be sorted in order of preference (most preferred
+ * first).
+ */
+const KEY_AGREEMENT_LIST = ["curve25519-hkdf-sha256", "curve25519"];
+const HASHES_LIST = ["sha256"];
+const MAC_LIST = ["hkdf-hmac-sha256.v2", "org.matrix.msc3783.hkdf-hmac-sha256", "hkdf-hmac-sha256", "hmac-sha256"];
+const SAS_LIST = Object.keys(sasGenerators);
+const KEY_AGREEMENT_SET = new Set(KEY_AGREEMENT_LIST);
+const HASHES_SET = new Set(HASHES_LIST);
+const MAC_SET = new Set(MAC_LIST);
+const SAS_SET = new Set(SAS_LIST);
+function intersection(anArray, aSet) {
+ return Array.isArray(anArray) ? anArray.filter(x => aSet.has(x)) : [];
+}
+
+/** @deprecated use VerifierEvent */
+
+/** @deprecated use VerifierEvent */
+const SasEvent = _verification.VerifierEvent;
+exports.SasEvent = SasEvent;
+class SAS extends _Base.VerificationBase {
+ constructor(...args) {
+ super(...args);
+ _defineProperty(this, "waitingForAccept", void 0);
+ _defineProperty(this, "ourSASPubKey", void 0);
+ _defineProperty(this, "theirSASPubKey", void 0);
+ _defineProperty(this, "sasEvent", void 0);
+ _defineProperty(this, "doVerification", async () => {
+ await global.Olm.init();
+ olmutil = olmutil || new global.Olm.Utility();
+
+ // make sure user's keys are downloaded
+ await this.baseApis.downloadKeys([this.userId]);
+ let retry = false;
+ do {
+ try {
+ if (this.initiatedByMe) {
+ return await this.doSendVerification();
+ } else {
+ return await this.doRespondVerification();
+ }
+ } catch (err) {
+ if (err instanceof _Base.SwitchStartEventError) {
+ // this changes what initiatedByMe returns
+ this.startEvent = err.startEvent;
+ retry = true;
+ } else {
+ throw err;
+ }
+ }
+ } while (retry);
+ });
+ }
+ // eslint-disable-next-line @typescript-eslint/naming-convention
+ static get NAME() {
+ return "m.sas.v1";
+ }
+ get events() {
+ return EVENTS;
+ }
+ canSwitchStartEvent(event) {
+ if (event.getType() !== START_TYPE) {
+ return false;
+ }
+ const content = event.getContent();
+ return content?.method === SAS.NAME && !!this.waitingForAccept;
+ }
+ async sendStart() {
+ const startContent = this.channel.completeContent(START_TYPE, {
+ method: SAS.NAME,
+ from_device: this.baseApis.deviceId,
+ key_agreement_protocols: KEY_AGREEMENT_LIST,
+ hashes: HASHES_LIST,
+ message_authentication_codes: MAC_LIST,
+ // FIXME: allow app to specify what SAS methods can be used
+ short_authentication_string: SAS_LIST
+ });
+ await this.channel.sendCompleted(START_TYPE, startContent);
+ return startContent;
+ }
+ async verifyAndCheckMAC(keyAgreement, sasMethods, olmSAS, macMethod) {
+ const sasBytes = calculateKeyAgreement[keyAgreement](this, olmSAS, 6);
+ const verifySAS = new Promise((resolve, reject) => {
+ this.sasEvent = {
+ sas: generateSas(sasBytes, sasMethods),
+ confirm: async () => {
+ try {
+ await this.sendMAC(olmSAS, macMethod);
+ resolve();
+ } catch (err) {
+ reject(err);
+ }
+ },
+ cancel: () => reject((0, _Error.newUserCancelledError)()),
+ mismatch: () => reject(newMismatchedSASError())
+ };
+ this.emit(SasEvent.ShowSas, this.sasEvent);
+ });
+ const [e] = await Promise.all([this.waitForEvent(_event.EventType.KeyVerificationMac).then(e => {
+ // we don't expect any more messages from the other
+ // party, and they may send a m.key.verification.done
+ // when they're done on their end
+ this.expectedEvent = _event.EventType.KeyVerificationDone;
+ return e;
+ }), verifySAS]);
+ const content = e.getContent();
+ await this.checkMAC(olmSAS, content, macMethod);
+ }
+ async doSendVerification() {
+ this.waitingForAccept = true;
+ let startContent;
+ if (this.startEvent) {
+ startContent = this.channel.completedContentFromEvent(this.startEvent);
+ } else {
+ startContent = await this.sendStart();
+ }
+
+ // we might have switched to a different start event,
+ // but was we didn't call _waitForEvent there was no
+ // call that could throw yet. So check manually that
+ // we're still on the initiator side
+ if (!this.initiatedByMe) {
+ throw new _Base.SwitchStartEventError(this.startEvent);
+ }
+ let e;
+ try {
+ e = await this.waitForEvent(_event.EventType.KeyVerificationAccept);
+ } finally {
+ this.waitingForAccept = false;
+ }
+ let content = e.getContent();
+ const sasMethods = intersection(content.short_authentication_string, SAS_SET);
+ if (!(KEY_AGREEMENT_SET.has(content.key_agreement_protocol) && HASHES_SET.has(content.hash) && MAC_SET.has(content.message_authentication_code) && sasMethods.length)) {
+ throw (0, _Error.newUnknownMethodError)();
+ }
+ if (typeof content.commitment !== "string") {
+ throw (0, _Error.newInvalidMessageError)();
+ }
+ const keyAgreement = content.key_agreement_protocol;
+ const macMethod = content.message_authentication_code;
+ const hashCommitment = content.commitment;
+ const olmSAS = new global.Olm.SAS();
+ try {
+ this.ourSASPubKey = olmSAS.get_pubkey();
+ await this.send(_event.EventType.KeyVerificationKey, {
+ key: this.ourSASPubKey
+ });
+ e = await this.waitForEvent(_event.EventType.KeyVerificationKey);
+ // FIXME: make sure event is properly formed
+ content = e.getContent();
+ const commitmentStr = content.key + _anotherJson.default.stringify(startContent);
+ // TODO: use selected hash function (when we support multiple)
+ if (olmutil.sha256(commitmentStr) !== hashCommitment) {
+ throw newMismatchedCommitmentError();
+ }
+ this.theirSASPubKey = content.key;
+ olmSAS.set_their_key(content.key);
+ await this.verifyAndCheckMAC(keyAgreement, sasMethods, olmSAS, macMethod);
+ } finally {
+ olmSAS.free();
+ }
+ }
+ async doRespondVerification() {
+ // as m.related_to is not included in the encrypted content in e2e rooms,
+ // we need to make sure it is added
+ let content = this.channel.completedContentFromEvent(this.startEvent);
+
+ // Note: we intersect using our pre-made lists, rather than the sets,
+ // so that the result will be in our order of preference. Then
+ // fetching the first element from the array will give our preferred
+ // method out of the ones offered by the other party.
+ const keyAgreement = intersection(KEY_AGREEMENT_LIST, new Set(content.key_agreement_protocols))[0];
+ const hashMethod = intersection(HASHES_LIST, new Set(content.hashes))[0];
+ const macMethod = intersection(MAC_LIST, new Set(content.message_authentication_codes))[0];
+ // FIXME: allow app to specify what SAS methods can be used
+ const sasMethods = intersection(content.short_authentication_string, SAS_SET);
+ if (!(keyAgreement !== undefined && hashMethod !== undefined && macMethod !== undefined && sasMethods.length)) {
+ throw (0, _Error.newUnknownMethodError)();
+ }
+ const olmSAS = new global.Olm.SAS();
+ try {
+ const commitmentStr = olmSAS.get_pubkey() + _anotherJson.default.stringify(content);
+ await this.send(_event.EventType.KeyVerificationAccept, {
+ key_agreement_protocol: keyAgreement,
+ hash: hashMethod,
+ message_authentication_code: macMethod,
+ short_authentication_string: sasMethods,
+ // TODO: use selected hash function (when we support multiple)
+ commitment: olmutil.sha256(commitmentStr)
+ });
+ const e = await this.waitForEvent(_event.EventType.KeyVerificationKey);
+ // FIXME: make sure event is properly formed
+ content = e.getContent();
+ this.theirSASPubKey = content.key;
+ olmSAS.set_their_key(content.key);
+ this.ourSASPubKey = olmSAS.get_pubkey();
+ await this.send(_event.EventType.KeyVerificationKey, {
+ key: this.ourSASPubKey
+ });
+ await this.verifyAndCheckMAC(keyAgreement, sasMethods, olmSAS, macMethod);
+ } finally {
+ olmSAS.free();
+ }
+ }
+ sendMAC(olmSAS, method) {
+ const mac = {};
+ const keyList = [];
+ const baseInfo = "MATRIX_KEY_VERIFICATION_MAC" + this.baseApis.getUserId() + this.baseApis.deviceId + this.userId + this.deviceId + this.channel.transactionId;
+ const deviceKeyId = `ed25519:${this.baseApis.deviceId}`;
+ mac[deviceKeyId] = calculateMAC(olmSAS, method)(this.baseApis.getDeviceEd25519Key(), baseInfo + deviceKeyId);
+ keyList.push(deviceKeyId);
+ const crossSigningId = this.baseApis.getCrossSigningId();
+ if (crossSigningId) {
+ const crossSigningKeyId = `ed25519:${crossSigningId}`;
+ mac[crossSigningKeyId] = calculateMAC(olmSAS, method)(crossSigningId, baseInfo + crossSigningKeyId);
+ keyList.push(crossSigningKeyId);
+ }
+ const keys = calculateMAC(olmSAS, method)(keyList.sort().join(","), baseInfo + "KEY_IDS");
+ return this.send(_event.EventType.KeyVerificationMac, {
+ mac,
+ keys
+ });
+ }
+ async checkMAC(olmSAS, content, method) {
+ const baseInfo = "MATRIX_KEY_VERIFICATION_MAC" + this.userId + this.deviceId + this.baseApis.getUserId() + this.baseApis.deviceId + this.channel.transactionId;
+ if (content.keys !== calculateMAC(olmSAS, method)(Object.keys(content.mac).sort().join(","), baseInfo + "KEY_IDS")) {
+ throw (0, _Error.newKeyMismatchError)();
+ }
+ await this.verifyKeys(this.userId, content.mac, (keyId, device, keyInfo) => {
+ if (keyInfo !== calculateMAC(olmSAS, method)(device.keys[keyId], baseInfo + keyId)) {
+ throw (0, _Error.newKeyMismatchError)();
+ }
+ });
+ }
+}
+exports.SAS = SAS; \ No newline at end of file
diff --git a/comm/chat/protocols/matrix/lib/matrix-sdk/crypto/verification/SASDecimal.js b/comm/chat/protocols/matrix/lib/matrix-sdk/crypto/verification/SASDecimal.js
new file mode 100644
index 0000000000..7cd8fb2505
--- /dev/null
+++ b/comm/chat/protocols/matrix/lib/matrix-sdk/crypto/verification/SASDecimal.js
@@ -0,0 +1,39 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+ value: true
+});
+exports.generateDecimalSas = generateDecimalSas;
+/*
+Copyright 2018 - 2022 The Matrix.org Foundation C.I.C.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+/**
+ * Implementation of decimal encoding of SAS as per:
+ * https://spec.matrix.org/v1.4/client-server-api/#sas-method-decimal
+ * @param sasBytes - the five bytes generated by HKDF
+ * @returns the derived three numbers between 1000 and 9191 inclusive
+ */
+function generateDecimalSas(sasBytes) {
+ /*
+ * +--------+--------+--------+--------+--------+
+ * | Byte 0 | Byte 1 | Byte 2 | Byte 3 | Byte 4 |
+ * +--------+--------+--------+--------+--------+
+ * bits: 87654321 87654321 87654321 87654321 87654321
+ * \____________/\_____________/\____________/
+ * 1st number 2nd number 3rd number
+ */
+ return [(sasBytes[0] << 5 | sasBytes[1] >> 3) + 1000, ((sasBytes[1] & 0x7) << 10 | sasBytes[2] << 2 | sasBytes[3] >> 6) + 1000, ((sasBytes[3] & 0x3f) << 7 | sasBytes[4] >> 1) + 1000];
+} \ No newline at end of file
diff --git a/comm/chat/protocols/matrix/lib/matrix-sdk/crypto/verification/request/Channel.js b/comm/chat/protocols/matrix/lib/matrix-sdk/crypto/verification/request/Channel.js
new file mode 100644
index 0000000000..430afc16cd
--- /dev/null
+++ b/comm/chat/protocols/matrix/lib/matrix-sdk/crypto/verification/request/Channel.js
@@ -0,0 +1,5 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+ value: true
+}); \ No newline at end of file
diff --git a/comm/chat/protocols/matrix/lib/matrix-sdk/crypto/verification/request/InRoomChannel.js b/comm/chat/protocols/matrix/lib/matrix-sdk/crypto/verification/request/InRoomChannel.js
new file mode 100644
index 0000000000..15c7fcae5a
--- /dev/null
+++ b/comm/chat/protocols/matrix/lib/matrix-sdk/crypto/verification/request/InRoomChannel.js
@@ -0,0 +1,349 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+ value: true
+});
+exports.InRoomRequests = exports.InRoomChannel = void 0;
+var _VerificationRequest = require("./VerificationRequest");
+var _logger = require("../../../logger");
+var _event = require("../../../@types/event");
+function _defineProperty(obj, key, value) { key = _toPropertyKey(key); if (key in obj) { Object.defineProperty(obj, key, { value: value, enumerable: true, configurable: true, writable: true }); } else { obj[key] = value; } return obj; }
+function _toPropertyKey(arg) { var key = _toPrimitive(arg, "string"); return typeof key === "symbol" ? key : String(key); }
+function _toPrimitive(input, hint) { if (typeof input !== "object" || input === null) return input; var prim = input[Symbol.toPrimitive]; if (prim !== undefined) { var res = prim.call(input, hint || "default"); if (typeof res !== "object") return res; throw new TypeError("@@toPrimitive must return a primitive value."); } return (hint === "string" ? String : Number)(input); } /*
+ Copyright 2018 New Vector Ltd
+ Copyright 2019 The Matrix.org Foundation C.I.C.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ */
+const MESSAGE_TYPE = _event.EventType.RoomMessage;
+const M_REFERENCE = "m.reference";
+const M_RELATES_TO = "m.relates_to";
+
+/**
+ * A key verification channel that sends verification events in the timeline of a room.
+ * Uses the event id of the initial m.key.verification.request event as a transaction id.
+ */
+class InRoomChannel {
+ /**
+ * @param client - the matrix client, to send messages with and get current user & device from.
+ * @param roomId - id of the room where verification events should be posted in, should be a DM with the given user.
+ * @param userId - id of user that the verification request is directed at, should be present in the room.
+ */
+ constructor(client, roomId, userId) {
+ this.client = client;
+ this.roomId = roomId;
+ this.userId = userId;
+ _defineProperty(this, "requestEventId", void 0);
+ }
+ get receiveStartFromOtherDevices() {
+ return true;
+ }
+
+ /** The transaction id generated/used by this verification channel */
+ get transactionId() {
+ return this.requestEventId;
+ }
+ static getOtherPartyUserId(event, client) {
+ const type = InRoomChannel.getEventType(event);
+ if (type !== _VerificationRequest.REQUEST_TYPE) {
+ return;
+ }
+ const ownUserId = client.getUserId();
+ const sender = event.getSender();
+ const content = event.getContent();
+ const receiver = content.to;
+ if (sender === ownUserId) {
+ return receiver;
+ } else if (receiver === ownUserId) {
+ return sender;
+ }
+ }
+
+ /**
+ * @param event - the event to get the timestamp of
+ * @returns the timestamp when the event was sent
+ */
+ getTimestamp(event) {
+ return event.getTs();
+ }
+
+ /**
+ * Checks whether the given event type should be allowed to initiate a new VerificationRequest over this channel
+ * @param type - the event type to check
+ * @returns boolean flag
+ */
+ static canCreateRequest(type) {
+ return type === _VerificationRequest.REQUEST_TYPE;
+ }
+ canCreateRequest(type) {
+ return InRoomChannel.canCreateRequest(type);
+ }
+
+ /**
+ * Extract the transaction id used by a given key verification event, if any
+ * @param event - the event
+ * @returns the transaction id
+ */
+ static getTransactionId(event) {
+ if (InRoomChannel.getEventType(event) === _VerificationRequest.REQUEST_TYPE) {
+ return event.getId();
+ } else {
+ const relation = event.getRelation();
+ if (relation?.rel_type === M_REFERENCE) {
+ return relation.event_id;
+ }
+ }
+ }
+
+ /**
+ * Checks whether this event is a well-formed key verification event.
+ * This only does checks that don't rely on the current state of a potentially already channel
+ * so we can prevent channels being created by invalid events.
+ * `handleEvent` can do more checks and choose to ignore invalid events.
+ * @param event - the event to validate
+ * @param client - the client to get the current user and device id from
+ * @returns whether the event is valid and should be passed to handleEvent
+ */
+ static validateEvent(event, client) {
+ const txnId = InRoomChannel.getTransactionId(event);
+ if (typeof txnId !== "string" || txnId.length === 0) {
+ return false;
+ }
+ const type = InRoomChannel.getEventType(event);
+ const content = event.getContent();
+
+ // from here on we're fairly sure that this is supposed to be
+ // part of a verification request, so be noisy when rejecting something
+ if (type === _VerificationRequest.REQUEST_TYPE) {
+ if (!content || typeof content.to !== "string" || !content.to.length) {
+ _logger.logger.log("InRoomChannel: validateEvent: " + "no valid to " + content.to);
+ return false;
+ }
+
+ // ignore requests that are not direct to or sent by the syncing user
+ if (!InRoomChannel.getOtherPartyUserId(event, client)) {
+ _logger.logger.log("InRoomChannel: validateEvent: " + `not directed to or sent by me: ${event.getSender()}` + `, ${content.to}`);
+ return false;
+ }
+ }
+ return _VerificationRequest.VerificationRequest.validateEvent(type, event, client);
+ }
+
+ /**
+ * As m.key.verification.request events are as m.room.message events with the InRoomChannel
+ * to have a fallback message in non-supporting clients, we map the real event type
+ * to the symbolic one to keep things in unison with ToDeviceChannel
+ * @param event - the event to get the type of
+ * @returns the "symbolic" event type
+ */
+ static getEventType(event) {
+ const type = event.getType();
+ if (type === MESSAGE_TYPE) {
+ const content = event.getContent();
+ if (content) {
+ const {
+ msgtype
+ } = content;
+ if (msgtype === _VerificationRequest.REQUEST_TYPE) {
+ return _VerificationRequest.REQUEST_TYPE;
+ }
+ }
+ }
+ if (type && type !== _VerificationRequest.REQUEST_TYPE) {
+ return type;
+ } else {
+ return "";
+ }
+ }
+
+ /**
+ * Changes the state of the channel, request, and verifier in response to a key verification event.
+ * @param event - to handle
+ * @param request - the request to forward handling to
+ * @param isLiveEvent - whether this is an even received through sync or not
+ * @returns a promise that resolves when any requests as an answer to the passed-in event are sent.
+ */
+ async handleEvent(event, request, isLiveEvent = false) {
+ // prevent processing the same event multiple times, as under
+ // some circumstances Room.timeline can get emitted twice for the same event
+ if (request.hasEventId(event.getId())) {
+ return;
+ }
+ const type = InRoomChannel.getEventType(event);
+ // do validations that need state (roomId, userId),
+ // ignore if invalid
+
+ if (event.getRoomId() !== this.roomId) {
+ return;
+ }
+ // set userId if not set already
+ if (!this.userId) {
+ const userId = InRoomChannel.getOtherPartyUserId(event, this.client);
+ if (userId) {
+ this.userId = userId;
+ }
+ }
+ // ignore events not sent by us or the other party
+ const ownUserId = this.client.getUserId();
+ const sender = event.getSender();
+ if (this.userId) {
+ if (sender !== ownUserId && sender !== this.userId) {
+ _logger.logger.log(`InRoomChannel: ignoring verification event from non-participating sender ${sender}`);
+ return;
+ }
+ }
+ if (!this.requestEventId) {
+ this.requestEventId = InRoomChannel.getTransactionId(event);
+ }
+
+ // With pendingEventOrdering: "chronological", we will see events that have been sent but not yet reflected
+ // back via /sync. These are "local echoes" and are identifiable by their txnId
+ const isLocalEcho = !!event.getTxnId();
+
+ // Alternatively, we may see an event that we sent that is reflected back via /sync. These are "remote echoes"
+ // and have a transaction ID in the "unsigned" data
+ const isRemoteEcho = !!event.getUnsigned().transaction_id;
+ const isSentByUs = event.getSender() === this.client.getUserId();
+ return request.handleEvent(type, event, isLiveEvent, isLocalEcho || isRemoteEcho, isSentByUs);
+ }
+
+ /**
+ * Adds the transaction id (relation) back to a received event
+ * so it has the same format as returned by `completeContent` before sending.
+ * The relation can not appear on the event content because of encryption,
+ * relations are excluded from encryption.
+ * @param event - the received event
+ * @returns the content object with the relation added again
+ */
+ completedContentFromEvent(event) {
+ // ensure m.related_to is included in e2ee rooms
+ // as the field is excluded from encryption
+ const content = Object.assign({}, event.getContent());
+ content[M_RELATES_TO] = event.getRelation();
+ return content;
+ }
+
+ /**
+ * Add all the fields to content needed for sending it over this channel.
+ * This is public so verification methods (SAS uses this) can get the exact
+ * content that will be sent independent of the used channel,
+ * as they need to calculate the hash of it.
+ * @param type - the event type
+ * @param content - the (incomplete) content
+ * @returns the complete content, as it will be sent.
+ */
+ completeContent(type, content) {
+ content = Object.assign({}, content);
+ if (type === _VerificationRequest.REQUEST_TYPE || type === _VerificationRequest.READY_TYPE || type === _VerificationRequest.START_TYPE) {
+ content.from_device = this.client.getDeviceId();
+ }
+ if (type === _VerificationRequest.REQUEST_TYPE) {
+ // type is mapped to m.room.message in the send method
+ content = {
+ body: this.client.getUserId() + " is requesting to verify " + "your key, but your client does not support in-chat key " + "verification. You will need to use legacy key " + "verification to verify keys.",
+ msgtype: _VerificationRequest.REQUEST_TYPE,
+ to: this.userId,
+ from_device: content.from_device,
+ methods: content.methods
+ };
+ } else {
+ content[M_RELATES_TO] = {
+ rel_type: M_REFERENCE,
+ event_id: this.transactionId
+ };
+ }
+ return content;
+ }
+
+ /**
+ * Send an event over the channel with the content not having gone through `completeContent`.
+ * @param type - the event type
+ * @param uncompletedContent - the (incomplete) content
+ * @returns the promise of the request
+ */
+ send(type, uncompletedContent) {
+ const content = this.completeContent(type, uncompletedContent);
+ return this.sendCompleted(type, content);
+ }
+
+ /**
+ * Send an event over the channel with the content having gone through `completeContent` already.
+ * @param type - the event type
+ * @returns the promise of the request
+ */
+ async sendCompleted(type, content) {
+ let sendType = type;
+ if (type === _VerificationRequest.REQUEST_TYPE) {
+ sendType = MESSAGE_TYPE;
+ }
+ const response = await this.client.sendEvent(this.roomId, sendType, content);
+ if (type === _VerificationRequest.REQUEST_TYPE) {
+ this.requestEventId = response.event_id;
+ }
+ }
+}
+exports.InRoomChannel = InRoomChannel;
+class InRoomRequests {
+ constructor() {
+ _defineProperty(this, "requestsByRoomId", new Map());
+ }
+ getRequest(event) {
+ const roomId = event.getRoomId();
+ const txnId = InRoomChannel.getTransactionId(event);
+ return this.getRequestByTxnId(roomId, txnId);
+ }
+ getRequestByChannel(channel) {
+ return this.getRequestByTxnId(channel.roomId, channel.transactionId);
+ }
+ getRequestByTxnId(roomId, txnId) {
+ const requestsByTxnId = this.requestsByRoomId.get(roomId);
+ if (requestsByTxnId) {
+ return requestsByTxnId.get(txnId);
+ }
+ }
+ setRequest(event, request) {
+ this.doSetRequest(event.getRoomId(), InRoomChannel.getTransactionId(event), request);
+ }
+ setRequestByChannel(channel, request) {
+ this.doSetRequest(channel.roomId, channel.transactionId, request);
+ }
+ doSetRequest(roomId, txnId, request) {
+ let requestsByTxnId = this.requestsByRoomId.get(roomId);
+ if (!requestsByTxnId) {
+ requestsByTxnId = new Map();
+ this.requestsByRoomId.set(roomId, requestsByTxnId);
+ }
+ requestsByTxnId.set(txnId, request);
+ }
+ removeRequest(event) {
+ const roomId = event.getRoomId();
+ const requestsByTxnId = this.requestsByRoomId.get(roomId);
+ if (requestsByTxnId) {
+ requestsByTxnId.delete(InRoomChannel.getTransactionId(event));
+ if (requestsByTxnId.size === 0) {
+ this.requestsByRoomId.delete(roomId);
+ }
+ }
+ }
+ findRequestInProgress(roomId) {
+ const requestsByTxnId = this.requestsByRoomId.get(roomId);
+ if (requestsByTxnId) {
+ for (const request of requestsByTxnId.values()) {
+ if (request.pending) {
+ return request;
+ }
+ }
+ }
+ }
+}
+exports.InRoomRequests = InRoomRequests; \ No newline at end of file
diff --git a/comm/chat/protocols/matrix/lib/matrix-sdk/crypto/verification/request/ToDeviceChannel.js b/comm/chat/protocols/matrix/lib/matrix-sdk/crypto/verification/request/ToDeviceChannel.js
new file mode 100644
index 0000000000..781ec9358f
--- /dev/null
+++ b/comm/chat/protocols/matrix/lib/matrix-sdk/crypto/verification/request/ToDeviceChannel.js
@@ -0,0 +1,322 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+ value: true
+});
+exports.ToDeviceRequests = exports.ToDeviceChannel = void 0;
+var _randomstring = require("../../../randomstring");
+var _logger = require("../../../logger");
+var _VerificationRequest = require("./VerificationRequest");
+var _Error = require("../Error");
+var _event = require("../../../models/event");
+function _defineProperty(obj, key, value) { key = _toPropertyKey(key); if (key in obj) { Object.defineProperty(obj, key, { value: value, enumerable: true, configurable: true, writable: true }); } else { obj[key] = value; } return obj; }
+function _toPropertyKey(arg) { var key = _toPrimitive(arg, "string"); return typeof key === "symbol" ? key : String(key); }
+function _toPrimitive(input, hint) { if (typeof input !== "object" || input === null) return input; var prim = input[Symbol.toPrimitive]; if (prim !== undefined) { var res = prim.call(input, hint || "default"); if (typeof res !== "object") return res; throw new TypeError("@@toPrimitive must return a primitive value."); } return (hint === "string" ? String : Number)(input); } /*
+ Copyright 2018 New Vector Ltd
+ Copyright 2019 The Matrix.org Foundation C.I.C.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ */
+/**
+ * A key verification channel that sends verification events over to_device messages.
+ * Generates its own transaction ids.
+ */
+class ToDeviceChannel {
+ // userId and devices of user we're about to verify
+ constructor(client, userId, devices, transactionId, deviceId) {
+ this.client = client;
+ this.userId = userId;
+ this.devices = devices;
+ this.transactionId = transactionId;
+ this.deviceId = deviceId;
+ _defineProperty(this, "request", void 0);
+ }
+ isToDevices(devices) {
+ if (devices.length === this.devices.length) {
+ for (const device of devices) {
+ if (!this.devices.includes(device)) {
+ return false;
+ }
+ }
+ return true;
+ } else {
+ return false;
+ }
+ }
+ static getEventType(event) {
+ return event.getType();
+ }
+
+ /**
+ * Extract the transaction id used by a given key verification event, if any
+ * @param event - the event
+ * @returns the transaction id
+ */
+ static getTransactionId(event) {
+ const content = event.getContent();
+ return content && content.transaction_id;
+ }
+
+ /**
+ * Checks whether the given event type should be allowed to initiate a new VerificationRequest over this channel
+ * @param type - the event type to check
+ * @returns boolean flag
+ */
+ static canCreateRequest(type) {
+ return type === _VerificationRequest.REQUEST_TYPE || type === _VerificationRequest.START_TYPE;
+ }
+ canCreateRequest(type) {
+ return ToDeviceChannel.canCreateRequest(type);
+ }
+
+ /**
+ * Checks whether this event is a well-formed key verification event.
+ * This only does checks that don't rely on the current state of a potentially already channel
+ * so we can prevent channels being created by invalid events.
+ * `handleEvent` can do more checks and choose to ignore invalid events.
+ * @param event - the event to validate
+ * @param client - the client to get the current user and device id from
+ * @returns whether the event is valid and should be passed to handleEvent
+ */
+ static validateEvent(event, client) {
+ if (event.isCancelled()) {
+ _logger.logger.warn("Ignoring flagged verification request from " + event.getSender());
+ return false;
+ }
+ const content = event.getContent();
+ if (!content) {
+ _logger.logger.warn("ToDeviceChannel.validateEvent: invalid: no content");
+ return false;
+ }
+ if (!content.transaction_id) {
+ _logger.logger.warn("ToDeviceChannel.validateEvent: invalid: no transaction_id");
+ return false;
+ }
+ const type = event.getType();
+ if (type === _VerificationRequest.REQUEST_TYPE) {
+ if (!Number.isFinite(content.timestamp)) {
+ _logger.logger.warn("ToDeviceChannel.validateEvent: invalid: no timestamp");
+ return false;
+ }
+ if (event.getSender() === client.getUserId() && content.from_device == client.getDeviceId()) {
+ // ignore requests from ourselves, because it doesn't make sense for a
+ // device to verify itself
+ _logger.logger.warn("ToDeviceChannel.validateEvent: invalid: from own device");
+ return false;
+ }
+ }
+ return _VerificationRequest.VerificationRequest.validateEvent(type, event, client);
+ }
+
+ /**
+ * @param event - the event to get the timestamp of
+ * @returns the timestamp when the event was sent
+ */
+ getTimestamp(event) {
+ const content = event.getContent();
+ return content && content.timestamp;
+ }
+
+ /**
+ * Changes the state of the channel, request, and verifier in response to a key verification event.
+ * @param event - to handle
+ * @param request - the request to forward handling to
+ * @param isLiveEvent - whether this is an even received through sync or not
+ * @returns a promise that resolves when any requests as an answer to the passed-in event are sent.
+ */
+ async handleEvent(event, request, isLiveEvent = false) {
+ const type = event.getType();
+ const content = event.getContent();
+ if (type === _VerificationRequest.REQUEST_TYPE || type === _VerificationRequest.READY_TYPE || type === _VerificationRequest.START_TYPE) {
+ if (!this.transactionId) {
+ this.transactionId = content.transaction_id;
+ }
+ const deviceId = content.from_device;
+ // adopt deviceId if not set before and valid
+ if (!this.deviceId && this.devices.includes(deviceId)) {
+ this.deviceId = deviceId;
+ }
+ // if no device id or different from adopted one, cancel with sender
+ if (!this.deviceId || this.deviceId !== deviceId) {
+ // also check that message came from the device we sent the request to earlier on
+ // and do send a cancel message to that device
+ // (but don't cancel the request for the device we should be talking to)
+ const cancelContent = this.completeContent(_VerificationRequest.CANCEL_TYPE, (0, _Error.errorFromEvent)((0, _Error.newUnexpectedMessageError)()));
+ return this.sendToDevices(_VerificationRequest.CANCEL_TYPE, cancelContent, [deviceId]);
+ }
+ }
+ const wasStarted = request.phase === _VerificationRequest.PHASE_STARTED || request.phase === _VerificationRequest.PHASE_READY;
+ await request.handleEvent(event.getType(), event, isLiveEvent, false, false);
+ const isStarted = request.phase === _VerificationRequest.PHASE_STARTED || request.phase === _VerificationRequest.PHASE_READY;
+ const isAcceptingEvent = type === _VerificationRequest.START_TYPE || type === _VerificationRequest.READY_TYPE;
+ // the request has picked a ready or start event, tell the other devices about it
+ if (isAcceptingEvent && !wasStarted && isStarted && this.deviceId) {
+ const nonChosenDevices = this.devices.filter(d => d !== this.deviceId && d !== this.client.getDeviceId());
+ if (nonChosenDevices.length) {
+ const message = this.completeContent(_VerificationRequest.CANCEL_TYPE, {
+ code: "m.accepted",
+ reason: "Verification request accepted by another device"
+ });
+ await this.sendToDevices(_VerificationRequest.CANCEL_TYPE, message, nonChosenDevices);
+ }
+ }
+ }
+
+ /**
+ * See {@link InRoomChannel#completedContentFromEvent} for why this is needed.
+ * @param event - the received event
+ * @returns the content object
+ */
+ completedContentFromEvent(event) {
+ return event.getContent();
+ }
+
+ /**
+ * Add all the fields to content needed for sending it over this channel.
+ * This is public so verification methods (SAS uses this) can get the exact
+ * content that will be sent independent of the used channel,
+ * as they need to calculate the hash of it.
+ * @param type - the event type
+ * @param content - the (incomplete) content
+ * @returns the complete content, as it will be sent.
+ */
+ completeContent(type, content) {
+ // make a copy
+ content = Object.assign({}, content);
+ if (this.transactionId) {
+ content.transaction_id = this.transactionId;
+ }
+ if (type === _VerificationRequest.REQUEST_TYPE || type === _VerificationRequest.READY_TYPE || type === _VerificationRequest.START_TYPE) {
+ content.from_device = this.client.getDeviceId();
+ }
+ if (type === _VerificationRequest.REQUEST_TYPE) {
+ content.timestamp = Date.now();
+ }
+ return content;
+ }
+
+ /**
+ * Send an event over the channel with the content not having gone through `completeContent`.
+ * @param type - the event type
+ * @param uncompletedContent - the (incomplete) content
+ * @returns the promise of the request
+ */
+ send(type, uncompletedContent = {}) {
+ // create transaction id when sending request
+ if ((type === _VerificationRequest.REQUEST_TYPE || type === _VerificationRequest.START_TYPE) && !this.transactionId) {
+ this.transactionId = ToDeviceChannel.makeTransactionId();
+ }
+ const content = this.completeContent(type, uncompletedContent);
+ return this.sendCompleted(type, content);
+ }
+
+ /**
+ * Send an event over the channel with the content having gone through `completeContent` already.
+ * @param type - the event type
+ * @returns the promise of the request
+ */
+ async sendCompleted(type, content) {
+ let result;
+ if (type === _VerificationRequest.REQUEST_TYPE || type === _VerificationRequest.CANCEL_TYPE && !this.deviceId) {
+ result = await this.sendToDevices(type, content, this.devices);
+ } else {
+ result = await this.sendToDevices(type, content, [this.deviceId]);
+ }
+ // the VerificationRequest state machine requires remote echos of the event
+ // the client sends itself, so we fake this for to_device messages
+ const remoteEchoEvent = new _event.MatrixEvent({
+ sender: this.client.getUserId(),
+ content,
+ type
+ });
+ await this.request.handleEvent(type, remoteEchoEvent, /*isLiveEvent=*/true, /*isRemoteEcho=*/true, /*isSentByUs=*/true);
+ return result;
+ }
+ async sendToDevices(type, content, devices) {
+ if (devices.length) {
+ const deviceMessages = new Map();
+ for (const deviceId of devices) {
+ deviceMessages.set(deviceId, content);
+ }
+ await this.client.sendToDevice(type, new Map([[this.userId, deviceMessages]]));
+ }
+ }
+
+ /**
+ * Allow Crypto module to create and know the transaction id before the .start event gets sent.
+ * @returns the transaction id
+ */
+ static makeTransactionId() {
+ return (0, _randomstring.randomString)(32);
+ }
+}
+exports.ToDeviceChannel = ToDeviceChannel;
+class ToDeviceRequests {
+ constructor() {
+ _defineProperty(this, "requestsByUserId", new Map());
+ }
+ getRequest(event) {
+ return this.getRequestBySenderAndTxnId(event.getSender(), ToDeviceChannel.getTransactionId(event));
+ }
+ getRequestByChannel(channel) {
+ return this.getRequestBySenderAndTxnId(channel.userId, channel.transactionId);
+ }
+ getRequestBySenderAndTxnId(sender, txnId) {
+ const requestsByTxnId = this.requestsByUserId.get(sender);
+ if (requestsByTxnId) {
+ return requestsByTxnId.get(txnId);
+ }
+ }
+ setRequest(event, request) {
+ this.setRequestBySenderAndTxnId(event.getSender(), ToDeviceChannel.getTransactionId(event), request);
+ }
+ setRequestByChannel(channel, request) {
+ this.setRequestBySenderAndTxnId(channel.userId, channel.transactionId, request);
+ }
+ setRequestBySenderAndTxnId(sender, txnId, request) {
+ let requestsByTxnId = this.requestsByUserId.get(sender);
+ if (!requestsByTxnId) {
+ requestsByTxnId = new Map();
+ this.requestsByUserId.set(sender, requestsByTxnId);
+ }
+ requestsByTxnId.set(txnId, request);
+ }
+ removeRequest(event) {
+ const userId = event.getSender();
+ const requestsByTxnId = this.requestsByUserId.get(userId);
+ if (requestsByTxnId) {
+ requestsByTxnId.delete(ToDeviceChannel.getTransactionId(event));
+ if (requestsByTxnId.size === 0) {
+ this.requestsByUserId.delete(userId);
+ }
+ }
+ }
+ findRequestInProgress(userId, devices) {
+ const requestsByTxnId = this.requestsByUserId.get(userId);
+ if (requestsByTxnId) {
+ for (const request of requestsByTxnId.values()) {
+ if (request.pending && request.channel.isToDevices(devices)) {
+ return request;
+ }
+ }
+ }
+ }
+ getRequestsInProgress(userId) {
+ const requestsByTxnId = this.requestsByUserId.get(userId);
+ if (requestsByTxnId) {
+ return Array.from(requestsByTxnId.values()).filter(r => r.pending);
+ }
+ return [];
+ }
+}
+exports.ToDeviceRequests = ToDeviceRequests; \ No newline at end of file
diff --git a/comm/chat/protocols/matrix/lib/matrix-sdk/crypto/verification/request/VerificationRequest.js b/comm/chat/protocols/matrix/lib/matrix-sdk/crypto/verification/request/VerificationRequest.js
new file mode 100644
index 0000000000..d7987f367f
--- /dev/null
+++ b/comm/chat/protocols/matrix/lib/matrix-sdk/crypto/verification/request/VerificationRequest.js
@@ -0,0 +1,870 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+ value: true
+});
+exports.VerificationRequestEvent = exports.VerificationRequest = exports.START_TYPE = exports.REQUEST_TYPE = exports.READY_TYPE = exports.Phase = exports.PHASE_UNSENT = exports.PHASE_STARTED = exports.PHASE_REQUESTED = exports.PHASE_READY = exports.PHASE_DONE = exports.PHASE_CANCELLED = exports.EVENT_PREFIX = exports.DONE_TYPE = exports.CANCEL_TYPE = void 0;
+var _logger = require("../../../logger");
+var _Error = require("../Error");
+var _QRCode = require("../QRCode");
+var _event = require("../../../@types/event");
+var _typedEventEmitter = require("../../../models/typed-event-emitter");
+function _defineProperty(obj, key, value) { key = _toPropertyKey(key); if (key in obj) { Object.defineProperty(obj, key, { value: value, enumerable: true, configurable: true, writable: true }); } else { obj[key] = value; } return obj; }
+function _toPropertyKey(arg) { var key = _toPrimitive(arg, "string"); return typeof key === "symbol" ? key : String(key); }
+function _toPrimitive(input, hint) { if (typeof input !== "object" || input === null) return input; var prim = input[Symbol.toPrimitive]; if (prim !== undefined) { var res = prim.call(input, hint || "default"); if (typeof res !== "object") return res; throw new TypeError("@@toPrimitive must return a primitive value."); } return (hint === "string" ? String : Number)(input); } /*
+ Copyright 2018 - 2021 The Matrix.org Foundation C.I.C.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ */
+// How long after the event's timestamp that the request times out
+const TIMEOUT_FROM_EVENT_TS = 10 * 60 * 1000; // 10 minutes
+
+// How long after we receive the event that the request times out
+const TIMEOUT_FROM_EVENT_RECEIPT = 2 * 60 * 1000; // 2 minutes
+
+// to avoid almost expired verification notifications
+// from showing a notification and almost immediately
+// disappearing, also ignore verification requests that
+// are this amount of time away from expiring.
+const VERIFICATION_REQUEST_MARGIN = 3 * 1000; // 3 seconds
+
+const EVENT_PREFIX = "m.key.verification.";
+exports.EVENT_PREFIX = EVENT_PREFIX;
+const REQUEST_TYPE = EVENT_PREFIX + "request";
+exports.REQUEST_TYPE = REQUEST_TYPE;
+const START_TYPE = EVENT_PREFIX + "start";
+exports.START_TYPE = START_TYPE;
+const CANCEL_TYPE = EVENT_PREFIX + "cancel";
+exports.CANCEL_TYPE = CANCEL_TYPE;
+const DONE_TYPE = EVENT_PREFIX + "done";
+exports.DONE_TYPE = DONE_TYPE;
+const READY_TYPE = EVENT_PREFIX + "ready";
+exports.READY_TYPE = READY_TYPE;
+let Phase = /*#__PURE__*/function (Phase) {
+ Phase[Phase["Unsent"] = 1] = "Unsent";
+ Phase[Phase["Requested"] = 2] = "Requested";
+ Phase[Phase["Ready"] = 3] = "Ready";
+ Phase[Phase["Started"] = 4] = "Started";
+ Phase[Phase["Cancelled"] = 5] = "Cancelled";
+ Phase[Phase["Done"] = 6] = "Done";
+ return Phase;
+}({}); // Legacy export fields
+exports.Phase = Phase;
+const PHASE_UNSENT = Phase.Unsent;
+exports.PHASE_UNSENT = PHASE_UNSENT;
+const PHASE_REQUESTED = Phase.Requested;
+exports.PHASE_REQUESTED = PHASE_REQUESTED;
+const PHASE_READY = Phase.Ready;
+exports.PHASE_READY = PHASE_READY;
+const PHASE_STARTED = Phase.Started;
+exports.PHASE_STARTED = PHASE_STARTED;
+const PHASE_CANCELLED = Phase.Cancelled;
+exports.PHASE_CANCELLED = PHASE_CANCELLED;
+const PHASE_DONE = Phase.Done;
+exports.PHASE_DONE = PHASE_DONE;
+let VerificationRequestEvent = /*#__PURE__*/function (VerificationRequestEvent) {
+ VerificationRequestEvent["Change"] = "change";
+ return VerificationRequestEvent;
+}({});
+exports.VerificationRequestEvent = VerificationRequestEvent;
+/**
+ * State machine for verification requests.
+ * Things that differ based on what channel is used to
+ * send and receive verification events are put in `InRoomChannel` or `ToDeviceChannel`.
+ */
+class VerificationRequest extends _typedEventEmitter.TypedEventEmitter {
+ constructor(channel, verificationMethods, client) {
+ super();
+ this.channel = channel;
+ this.verificationMethods = verificationMethods;
+ this.client = client;
+ _defineProperty(this, "eventsByUs", new Map());
+ _defineProperty(this, "eventsByThem", new Map());
+ _defineProperty(this, "_observeOnly", false);
+ _defineProperty(this, "timeoutTimer", null);
+ _defineProperty(this, "_accepting", false);
+ _defineProperty(this, "_declining", false);
+ _defineProperty(this, "verifierHasFinished", false);
+ _defineProperty(this, "_cancelled", false);
+ _defineProperty(this, "_chosenMethod", null);
+ // we keep a copy of the QR Code data (including other user master key) around
+ // for QR reciprocate verification, to protect against
+ // cross-signing identity reset between the .ready and .start event
+ // and signing the wrong key after .start
+ _defineProperty(this, "_qrCodeData", null);
+ // The timestamp when we received the request event from the other side
+ _defineProperty(this, "requestReceivedAt", null);
+ _defineProperty(this, "commonMethods", []);
+ _defineProperty(this, "_phase", void 0);
+ _defineProperty(this, "_cancellingUserId", void 0);
+ // Used in tests only
+ _defineProperty(this, "_verifier", void 0);
+ _defineProperty(this, "cancelOnTimeout", async () => {
+ try {
+ if (this.initiatedByMe) {
+ await this.cancel({
+ reason: "Other party didn't accept in time",
+ code: "m.timeout"
+ });
+ } else {
+ await this.cancel({
+ reason: "User didn't accept in time",
+ code: "m.timeout"
+ });
+ }
+ } catch (err) {
+ _logger.logger.error("Error while cancelling verification request", err);
+ }
+ });
+ this.channel.request = this;
+ this.setPhase(PHASE_UNSENT, false);
+ }
+
+ /**
+ * Stateless validation logic not specific to the channel.
+ * Invoked by the same static method in either channel.
+ * @param type - the "symbolic" event type, as returned by the `getEventType` function on the channel.
+ * @param event - the event to validate. Don't call getType() on it but use the `type` parameter instead.
+ * @param client - the client to get the current user and device id from
+ * @returns whether the event is valid and should be passed to handleEvent
+ */
+ static validateEvent(type, event, client) {
+ const content = event.getContent();
+ if (!type || !type.startsWith(EVENT_PREFIX)) {
+ return false;
+ }
+
+ // from here on we're fairly sure that this is supposed to be
+ // part of a verification request, so be noisy when rejecting something
+ if (!content) {
+ _logger.logger.log("VerificationRequest: validateEvent: no content");
+ return false;
+ }
+ if (type === REQUEST_TYPE || type === READY_TYPE) {
+ if (!Array.isArray(content.methods)) {
+ _logger.logger.log("VerificationRequest: validateEvent: " + "fail because methods");
+ return false;
+ }
+ }
+ if (type === REQUEST_TYPE || type === READY_TYPE || type === START_TYPE) {
+ if (typeof content.from_device !== "string" || content.from_device.length === 0) {
+ _logger.logger.log("VerificationRequest: validateEvent: " + "fail because from_device");
+ return false;
+ }
+ }
+ return true;
+ }
+ get invalid() {
+ return this.phase === PHASE_UNSENT;
+ }
+
+ /** returns whether the phase is PHASE_REQUESTED */
+ get requested() {
+ return this.phase === PHASE_REQUESTED;
+ }
+
+ /** returns whether the phase is PHASE_CANCELLED */
+ get cancelled() {
+ return this.phase === PHASE_CANCELLED;
+ }
+
+ /** returns whether the phase is PHASE_READY */
+ get ready() {
+ return this.phase === PHASE_READY;
+ }
+
+ /** returns whether the phase is PHASE_STARTED */
+ get started() {
+ return this.phase === PHASE_STARTED;
+ }
+
+ /** returns whether the phase is PHASE_DONE */
+ get done() {
+ return this.phase === PHASE_DONE;
+ }
+
+ /** once the phase is PHASE_STARTED (and !initiatedByMe) or PHASE_READY: common methods supported by both sides */
+ get methods() {
+ return this.commonMethods;
+ }
+
+ /** the method picked in the .start event */
+ get chosenMethod() {
+ return this._chosenMethod;
+ }
+ calculateEventTimeout(event) {
+ let effectiveExpiresAt = this.channel.getTimestamp(event) + TIMEOUT_FROM_EVENT_TS;
+ if (this.requestReceivedAt && !this.initiatedByMe && this.phase <= PHASE_REQUESTED) {
+ const expiresAtByReceipt = this.requestReceivedAt + TIMEOUT_FROM_EVENT_RECEIPT;
+ effectiveExpiresAt = Math.min(effectiveExpiresAt, expiresAtByReceipt);
+ }
+ return Math.max(0, effectiveExpiresAt - Date.now());
+ }
+
+ /** The current remaining amount of ms before the request should be automatically cancelled */
+ get timeout() {
+ const requestEvent = this.getEventByEither(REQUEST_TYPE);
+ if (requestEvent) {
+ return this.calculateEventTimeout(requestEvent);
+ }
+ return 0;
+ }
+
+ /**
+ * The key verification request event.
+ * @returns The request event, or falsey if not found.
+ */
+ get requestEvent() {
+ return this.getEventByEither(REQUEST_TYPE);
+ }
+
+ /** current phase of the request. Some properties might only be defined in a current phase. */
+ get phase() {
+ return this._phase;
+ }
+
+ /** The verifier to do the actual verification, once the method has been established. Only defined when the `phase` is PHASE_STARTED. */
+ get verifier() {
+ return this._verifier;
+ }
+ get canAccept() {
+ return this.phase < PHASE_READY && !this._accepting && !this._declining;
+ }
+ get accepting() {
+ return this._accepting;
+ }
+ get declining() {
+ return this._declining;
+ }
+
+ /** whether this request has sent it's initial event and needs more events to complete */
+ get pending() {
+ return !this.observeOnly && this._phase !== PHASE_DONE && this._phase !== PHASE_CANCELLED;
+ }
+
+ /** Only set after a .ready if the other party can scan a QR code */
+ get qrCodeData() {
+ return this._qrCodeData;
+ }
+
+ /** Checks whether the other party supports a given verification method.
+ * This is useful when setting up the QR code UI, as it is somewhat asymmetrical:
+ * if the other party supports SCAN_QR, we should show a QR code in the UI, and vice versa.
+ * For methods that need to be supported by both ends, use the `methods` property.
+ * @param method - the method to check
+ * @param force - to check even if the phase is not ready or started yet, internal usage
+ * @returns whether or not the other party said the supported the method */
+ otherPartySupportsMethod(method, force = false) {
+ if (!force && !this.ready && !this.started) {
+ return false;
+ }
+ const theirMethodEvent = this.eventsByThem.get(REQUEST_TYPE) || this.eventsByThem.get(READY_TYPE);
+ if (!theirMethodEvent) {
+ // if we started straight away with .start event,
+ // we are assuming that the other side will support the
+ // chosen method, so return true for that.
+ if (this.started && this.initiatedByMe) {
+ const myStartEvent = this.eventsByUs.get(START_TYPE);
+ const content = myStartEvent && myStartEvent.getContent();
+ const myStartMethod = content && content.method;
+ return method == myStartMethod;
+ }
+ return false;
+ }
+ const content = theirMethodEvent.getContent();
+ if (!content) {
+ return false;
+ }
+ const {
+ methods
+ } = content;
+ if (!Array.isArray(methods)) {
+ return false;
+ }
+ return methods.includes(method);
+ }
+
+ /** Whether this request was initiated by the syncing user.
+ * For InRoomChannel, this is who sent the .request event.
+ * For ToDeviceChannel, this is who sent the .start event
+ */
+ get initiatedByMe() {
+ // event created by us but no remote echo has been received yet
+ const noEventsYet = this.eventsByUs.size + this.eventsByThem.size === 0;
+ if (this._phase === PHASE_UNSENT && noEventsYet) {
+ return true;
+ }
+ const hasMyRequest = this.eventsByUs.has(REQUEST_TYPE);
+ const hasTheirRequest = this.eventsByThem.has(REQUEST_TYPE);
+ if (hasMyRequest && !hasTheirRequest) {
+ return true;
+ }
+ if (!hasMyRequest && hasTheirRequest) {
+ return false;
+ }
+ const hasMyStart = this.eventsByUs.has(START_TYPE);
+ const hasTheirStart = this.eventsByThem.has(START_TYPE);
+ if (hasMyStart && !hasTheirStart) {
+ return true;
+ }
+ return false;
+ }
+
+ /** The id of the user that initiated the request */
+ get requestingUserId() {
+ if (this.initiatedByMe) {
+ return this.client.getUserId();
+ } else {
+ return this.otherUserId;
+ }
+ }
+
+ /** The id of the user that (will) receive(d) the request */
+ get receivingUserId() {
+ if (this.initiatedByMe) {
+ return this.otherUserId;
+ } else {
+ return this.client.getUserId();
+ }
+ }
+
+ /** The user id of the other party in this request */
+ get otherUserId() {
+ return this.channel.userId;
+ }
+ get isSelfVerification() {
+ return this.client.getUserId() === this.otherUserId;
+ }
+
+ /**
+ * The id of the user that cancelled the request,
+ * only defined when phase is PHASE_CANCELLED
+ */
+ get cancellingUserId() {
+ const myCancel = this.eventsByUs.get(CANCEL_TYPE);
+ const theirCancel = this.eventsByThem.get(CANCEL_TYPE);
+ if (myCancel && (!theirCancel || myCancel.getId() < theirCancel.getId())) {
+ return myCancel.getSender();
+ }
+ if (theirCancel) {
+ return theirCancel.getSender();
+ }
+ return undefined;
+ }
+
+ /**
+ * The cancellation code e.g m.user which is responsible for cancelling this verification
+ */
+ get cancellationCode() {
+ const ev = this.getEventByEither(CANCEL_TYPE);
+ return ev ? ev.getContent().code : null;
+ }
+ get observeOnly() {
+ return this._observeOnly;
+ }
+
+ /**
+ * Gets which device the verification should be started with
+ * given the events sent so far in the verification. This is the
+ * same algorithm used to determine which device to send the
+ * verification to when no specific device is specified.
+ * @returns The device information
+ */
+ get targetDevice() {
+ const theirFirstEvent = this.eventsByThem.get(REQUEST_TYPE) || this.eventsByThem.get(READY_TYPE) || this.eventsByThem.get(START_TYPE);
+ const theirFirstContent = theirFirstEvent?.getContent();
+ const fromDevice = theirFirstContent?.from_device;
+ return {
+ userId: this.otherUserId,
+ deviceId: fromDevice
+ };
+ }
+
+ /* Start the key verification, creating a verifier and sending a .start event.
+ * If no previous events have been sent, pass in `targetDevice` to set who to direct this request to.
+ * @param method - the name of the verification method to use.
+ * @param targetDevice.userId the id of the user to direct this request to
+ * @param targetDevice.deviceId the id of the device to direct this request to
+ * @returns the verifier of the given method
+ */
+ beginKeyVerification(method, targetDevice = null) {
+ // need to allow also when unsent in case of to_device
+ if (!this.observeOnly && !this._verifier) {
+ const validStartPhase = this.phase === PHASE_REQUESTED || this.phase === PHASE_READY || this.phase === PHASE_UNSENT && this.channel.canCreateRequest(START_TYPE);
+ if (validStartPhase) {
+ // when called on a request that was initiated with .request event
+ // check the method is supported by both sides
+ if (this.commonMethods.length && !this.commonMethods.includes(method)) {
+ throw (0, _Error.newUnknownMethodError)();
+ }
+ this._verifier = this.createVerifier(method, null, targetDevice);
+ if (!this._verifier) {
+ throw (0, _Error.newUnknownMethodError)();
+ }
+ this._chosenMethod = method;
+ }
+ }
+ return this._verifier;
+ }
+
+ /**
+ * sends the initial .request event.
+ * @returns resolves when the event has been sent.
+ */
+ async sendRequest() {
+ if (!this.observeOnly && this._phase === PHASE_UNSENT) {
+ const methods = [...this.verificationMethods.keys()];
+ await this.channel.send(REQUEST_TYPE, {
+ methods
+ });
+ }
+ }
+
+ /**
+ * Cancels the request, sending a cancellation to the other party
+ * @param reason - the error reason to send the cancellation with
+ * @param code - the error code to send the cancellation with
+ * @returns resolves when the event has been sent.
+ */
+ async cancel({
+ reason = "User declined",
+ code = "m.user"
+ } = {}) {
+ if (!this.observeOnly && this._phase !== PHASE_CANCELLED) {
+ this._declining = true;
+ this.emit(VerificationRequestEvent.Change);
+ if (this._verifier) {
+ return this._verifier.cancel((0, _Error.errorFactory)(code, reason)());
+ } else {
+ this._cancellingUserId = this.client.getUserId();
+ await this.channel.send(CANCEL_TYPE, {
+ code,
+ reason
+ });
+ }
+ }
+ }
+
+ /**
+ * Accepts the request, sending a .ready event to the other party
+ * @returns resolves when the event has been sent.
+ */
+ async accept() {
+ if (!this.observeOnly && this.phase === PHASE_REQUESTED && !this.initiatedByMe) {
+ const methods = [...this.verificationMethods.keys()];
+ this._accepting = true;
+ this.emit(VerificationRequestEvent.Change);
+ await this.channel.send(READY_TYPE, {
+ methods
+ });
+ }
+ }
+
+ /**
+ * Can be used to listen for state changes until the callback returns true.
+ * @param fn - callback to evaluate whether the request is in the desired state.
+ * Takes the request as an argument.
+ * @returns that resolves once the callback returns true
+ * @throws Error when the request is cancelled
+ */
+ waitFor(fn) {
+ return new Promise((resolve, reject) => {
+ const check = () => {
+ let handled = false;
+ if (fn(this)) {
+ resolve(this);
+ handled = true;
+ } else if (this.cancelled) {
+ reject(new Error("cancelled"));
+ handled = true;
+ }
+ if (handled) {
+ this.off(VerificationRequestEvent.Change, check);
+ }
+ return handled;
+ };
+ if (!check()) {
+ this.on(VerificationRequestEvent.Change, check);
+ }
+ });
+ }
+ setPhase(phase, notify = true) {
+ this._phase = phase;
+ if (notify) {
+ this.emit(VerificationRequestEvent.Change);
+ }
+ }
+ getEventByEither(type) {
+ return this.eventsByThem.get(type) || this.eventsByUs.get(type);
+ }
+ getEventBy(type, byThem = false) {
+ if (byThem) {
+ return this.eventsByThem.get(type);
+ } else {
+ return this.eventsByUs.get(type);
+ }
+ }
+ calculatePhaseTransitions() {
+ const transitions = [{
+ phase: PHASE_UNSENT
+ }];
+ const phase = () => transitions[transitions.length - 1].phase;
+
+ // always pass by .request first to be sure channel.userId has been set
+ const hasRequestByThem = this.eventsByThem.has(REQUEST_TYPE);
+ const requestEvent = this.getEventBy(REQUEST_TYPE, hasRequestByThem);
+ if (requestEvent) {
+ transitions.push({
+ phase: PHASE_REQUESTED,
+ event: requestEvent
+ });
+ }
+ const readyEvent = requestEvent && this.getEventBy(READY_TYPE, !hasRequestByThem);
+ if (readyEvent && phase() === PHASE_REQUESTED) {
+ transitions.push({
+ phase: PHASE_READY,
+ event: readyEvent
+ });
+ }
+ let startEvent;
+ if (readyEvent || !requestEvent) {
+ const theirStartEvent = this.eventsByThem.get(START_TYPE);
+ const ourStartEvent = this.eventsByUs.get(START_TYPE);
+ // any party can send .start after a .ready or unsent
+ if (theirStartEvent && ourStartEvent) {
+ startEvent = theirStartEvent.getSender() < ourStartEvent.getSender() ? theirStartEvent : ourStartEvent;
+ } else {
+ startEvent = theirStartEvent ? theirStartEvent : ourStartEvent;
+ }
+ } else {
+ startEvent = this.getEventBy(START_TYPE, !hasRequestByThem);
+ }
+ if (startEvent) {
+ const fromRequestPhase = phase() === PHASE_REQUESTED && requestEvent?.getSender() !== startEvent.getSender();
+ const fromUnsentPhase = phase() === PHASE_UNSENT && this.channel.canCreateRequest(START_TYPE);
+ if (fromRequestPhase || phase() === PHASE_READY || fromUnsentPhase) {
+ transitions.push({
+ phase: PHASE_STARTED,
+ event: startEvent
+ });
+ }
+ }
+ const ourDoneEvent = this.eventsByUs.get(DONE_TYPE);
+ if (this.verifierHasFinished || ourDoneEvent && phase() === PHASE_STARTED) {
+ transitions.push({
+ phase: PHASE_DONE
+ });
+ }
+ const cancelEvent = this.getEventByEither(CANCEL_TYPE);
+ if ((this._cancelled || cancelEvent) && phase() !== PHASE_DONE) {
+ transitions.push({
+ phase: PHASE_CANCELLED,
+ event: cancelEvent
+ });
+ return transitions;
+ }
+ return transitions;
+ }
+ transitionToPhase(transition) {
+ const {
+ phase,
+ event
+ } = transition;
+ // get common methods
+ if (phase === PHASE_REQUESTED || phase === PHASE_READY) {
+ if (!this.wasSentByOwnDevice(event)) {
+ const content = event.getContent();
+ this.commonMethods = content.methods.filter(m => this.verificationMethods.has(m));
+ }
+ }
+ // detect if we're not a party in the request, and we should just observe
+ if (!this.observeOnly) {
+ // if requested or accepted by one of my other devices
+ if (phase === PHASE_REQUESTED || phase === PHASE_STARTED || phase === PHASE_READY) {
+ if (this.channel.receiveStartFromOtherDevices && this.wasSentByOwnUser(event) && !this.wasSentByOwnDevice(event)) {
+ this._observeOnly = true;
+ }
+ }
+ }
+ // create verifier
+ if (phase === PHASE_STARTED) {
+ const {
+ method
+ } = event.getContent();
+ if (!this._verifier && !this.observeOnly) {
+ this._verifier = this.createVerifier(method, event);
+ if (!this._verifier) {
+ this.cancel({
+ code: "m.unknown_method",
+ reason: `Unknown method: ${method}`
+ });
+ } else {
+ this._chosenMethod = method;
+ }
+ }
+ }
+ }
+ applyPhaseTransitions() {
+ const transitions = this.calculatePhaseTransitions();
+ const existingIdx = transitions.findIndex(t => t.phase === this.phase);
+ // trim off phases we already went through, if any
+ const newTransitions = transitions.slice(existingIdx + 1);
+ // transition to all new phases
+ for (const transition of newTransitions) {
+ this.transitionToPhase(transition);
+ }
+ return newTransitions;
+ }
+ isWinningStartRace(newEvent) {
+ if (newEvent.getType() !== START_TYPE) {
+ return false;
+ }
+ const oldEvent = this._verifier.startEvent;
+ let oldRaceIdentifier;
+ if (this.isSelfVerification) {
+ // if the verifier does not have a startEvent,
+ // it is because it's still sending and we are on the initator side
+ // we know we are sending a .start event because we already
+ // have a verifier (checked in calling method)
+ if (oldEvent) {
+ const oldContent = oldEvent.getContent();
+ oldRaceIdentifier = oldContent && oldContent.from_device;
+ } else {
+ oldRaceIdentifier = this.client.getDeviceId();
+ }
+ } else {
+ if (oldEvent) {
+ oldRaceIdentifier = oldEvent.getSender();
+ } else {
+ oldRaceIdentifier = this.client.getUserId();
+ }
+ }
+ let newRaceIdentifier;
+ if (this.isSelfVerification) {
+ const newContent = newEvent.getContent();
+ newRaceIdentifier = newContent && newContent.from_device;
+ } else {
+ newRaceIdentifier = newEvent.getSender();
+ }
+ return newRaceIdentifier < oldRaceIdentifier;
+ }
+ hasEventId(eventId) {
+ for (const event of this.eventsByUs.values()) {
+ if (event.getId() === eventId) {
+ return true;
+ }
+ }
+ for (const event of this.eventsByThem.values()) {
+ if (event.getId() === eventId) {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ /**
+ * Changes the state of the request and verifier in response to a key verification event.
+ * @param type - the "symbolic" event type, as returned by the `getEventType` function on the channel.
+ * @param event - the event to handle. Don't call getType() on it but use the `type` parameter instead.
+ * @param isLiveEvent - whether this is an even received through sync or not
+ * @param isRemoteEcho - whether this is the remote echo of an event sent by the same device
+ * @param isSentByUs - whether this event is sent by a party that can accept and/or observe the request like one of our peers.
+ * For InRoomChannel this means any device for the syncing user. For ToDeviceChannel, just the syncing device.
+ * @returns a promise that resolves when any requests as an answer to the passed-in event are sent.
+ */
+ async handleEvent(type, event, isLiveEvent, isRemoteEcho, isSentByUs) {
+ // if reached phase cancelled or done, ignore anything else that comes
+ if (this.done || this.cancelled) {
+ return;
+ }
+ const wasObserveOnly = this._observeOnly;
+ this.adjustObserveOnly(event, isLiveEvent);
+ if (!this.observeOnly && !isRemoteEcho) {
+ if (await this.cancelOnError(type, event)) {
+ return;
+ }
+ }
+
+ // This assumes verification won't need to send an event with
+ // the same type for the same party twice.
+ // This is true for QR and SAS verification, and was
+ // added here to prevent verification getting cancelled
+ // when the server duplicates an event (https://github.com/matrix-org/synapse/issues/3365)
+ const isDuplicateEvent = isSentByUs ? this.eventsByUs.has(type) : this.eventsByThem.has(type);
+ if (isDuplicateEvent) {
+ return;
+ }
+ const oldPhase = this.phase;
+ this.addEvent(type, event, isSentByUs);
+
+ // this will create if needed the verifier so needs to happen before calling it
+ const newTransitions = this.applyPhaseTransitions();
+ try {
+ // only pass events from the other side to the verifier,
+ // no remote echos of our own events
+ if (this._verifier && !this.observeOnly) {
+ const newEventWinsRace = this.isWinningStartRace(event);
+ if (this._verifier.canSwitchStartEvent(event) && newEventWinsRace) {
+ this._verifier.switchStartEvent(event);
+ } else if (!isRemoteEcho) {
+ if (type === CANCEL_TYPE || this._verifier.events?.includes(type)) {
+ this._verifier.handleEvent(event);
+ }
+ }
+ }
+ if (newTransitions.length) {
+ // create QRCodeData if the other side can scan
+ // important this happens before emitting a phase change,
+ // so listeners can rely on it being there already
+ // We only do this for live events because it is important that
+ // we sign the keys that were in the QR code, and not the keys
+ // we happen to have at some later point in time.
+ if (isLiveEvent && newTransitions.some(t => t.phase === PHASE_READY)) {
+ const shouldGenerateQrCode = this.otherPartySupportsMethod(_QRCode.SCAN_QR_CODE_METHOD, true);
+ if (shouldGenerateQrCode) {
+ this._qrCodeData = await _QRCode.QRCodeData.create(this, this.client);
+ }
+ }
+ const lastTransition = newTransitions[newTransitions.length - 1];
+ const {
+ phase
+ } = lastTransition;
+ this.setupTimeout(phase);
+ // set phase as last thing as this emits the "change" event
+ this.setPhase(phase);
+ } else if (this._observeOnly !== wasObserveOnly) {
+ this.emit(VerificationRequestEvent.Change);
+ }
+ } finally {
+ // log events we processed so we can see from rageshakes what events were added to a request
+ _logger.logger.log(`Verification request ${this.channel.transactionId}: ` + `${type} event with id:${event.getId()}, ` + `content:${JSON.stringify(event.getContent())} ` + `deviceId:${this.channel.deviceId}, ` + `sender:${event.getSender()}, isSentByUs:${isSentByUs}, ` + `isLiveEvent:${isLiveEvent}, isRemoteEcho:${isRemoteEcho}, ` + `phase:${oldPhase}=>${this.phase}, ` + `observeOnly:${wasObserveOnly}=>${this._observeOnly}`);
+ }
+ }
+ setupTimeout(phase) {
+ const shouldTimeout = !this.timeoutTimer && !this.observeOnly && phase === PHASE_REQUESTED;
+ if (shouldTimeout) {
+ this.timeoutTimer = setTimeout(this.cancelOnTimeout, this.timeout);
+ }
+ if (this.timeoutTimer) {
+ const shouldClear = phase === PHASE_STARTED || phase === PHASE_READY || phase === PHASE_DONE || phase === PHASE_CANCELLED;
+ if (shouldClear) {
+ clearTimeout(this.timeoutTimer);
+ this.timeoutTimer = null;
+ }
+ }
+ }
+ async cancelOnError(type, event) {
+ if (type === START_TYPE) {
+ const method = event.getContent().method;
+ if (!this.verificationMethods.has(method)) {
+ await this.cancel((0, _Error.errorFromEvent)((0, _Error.newUnknownMethodError)()));
+ return true;
+ }
+ }
+ const isUnexpectedRequest = type === REQUEST_TYPE && this.phase !== PHASE_UNSENT;
+ const isUnexpectedReady = type === READY_TYPE && this.phase !== PHASE_REQUESTED && this.phase !== PHASE_STARTED;
+ // only if phase has passed from PHASE_UNSENT should we cancel, because events
+ // are allowed to come in in any order (at least with InRoomChannel). So we only know
+ // we're dealing with a valid request we should participate in once we've moved to PHASE_REQUESTED.
+ // Before that, we could be looking at somebody else's verification request and we just
+ // happen to be in the room
+ if (this.phase !== PHASE_UNSENT && (isUnexpectedRequest || isUnexpectedReady)) {
+ _logger.logger.warn(`Cancelling, unexpected ${type} verification ` + `event from ${event.getSender()}`);
+ const reason = `Unexpected ${type} event in phase ${this.phase}`;
+ await this.cancel((0, _Error.errorFromEvent)((0, _Error.newUnexpectedMessageError)({
+ reason
+ })));
+ return true;
+ }
+ return false;
+ }
+ adjustObserveOnly(event, isLiveEvent = false) {
+ // don't send out events for historical requests
+ if (!isLiveEvent) {
+ this._observeOnly = true;
+ }
+ if (this.calculateEventTimeout(event) < VERIFICATION_REQUEST_MARGIN) {
+ this._observeOnly = true;
+ }
+ }
+ addEvent(type, event, isSentByUs = false) {
+ if (isSentByUs) {
+ this.eventsByUs.set(type, event);
+ } else {
+ this.eventsByThem.set(type, event);
+ }
+
+ // once we know the userId of the other party (from the .request event)
+ // see if any event by anyone else crept into this.eventsByThem
+ if (type === REQUEST_TYPE) {
+ for (const [type, event] of this.eventsByThem.entries()) {
+ if (event.getSender() !== this.otherUserId) {
+ this.eventsByThem.delete(type);
+ }
+ }
+ // also remember when we received the request event
+ this.requestReceivedAt = Date.now();
+ }
+ }
+ createVerifier(method, startEvent = null, targetDevice = null) {
+ if (!targetDevice) {
+ targetDevice = this.targetDevice;
+ }
+ const {
+ userId,
+ deviceId
+ } = targetDevice;
+ const VerifierCtor = this.verificationMethods.get(method);
+ if (!VerifierCtor) {
+ _logger.logger.warn("could not find verifier constructor for method", method);
+ return;
+ }
+ return new VerifierCtor(this.channel, this.client, userId, deviceId, startEvent, this);
+ }
+ wasSentByOwnUser(event) {
+ return event?.getSender() === this.client.getUserId();
+ }
+
+ // only for .request, .ready or .start
+ wasSentByOwnDevice(event) {
+ if (!this.wasSentByOwnUser(event)) {
+ return false;
+ }
+ const content = event.getContent();
+ if (!content || content.from_device !== this.client.getDeviceId()) {
+ return false;
+ }
+ return true;
+ }
+ onVerifierCancelled() {
+ this._cancelled = true;
+ // move to cancelled phase
+ const newTransitions = this.applyPhaseTransitions();
+ if (newTransitions.length) {
+ this.setPhase(newTransitions[newTransitions.length - 1].phase);
+ }
+ }
+ onVerifierFinished() {
+ this.channel.send(_event.EventType.KeyVerificationDone, {});
+ this.verifierHasFinished = true;
+ // move to .done phase
+ const newTransitions = this.applyPhaseTransitions();
+ if (newTransitions.length) {
+ this.setPhase(newTransitions[newTransitions.length - 1].phase);
+ }
+ }
+ getEventFromOtherParty(type) {
+ return this.eventsByThem.get(type);
+ }
+}
+exports.VerificationRequest = VerificationRequest; \ No newline at end of file