Set local trust with Crypto V2 and deprecate legacy verification method

MatrixSDK.podspec

@@ -66,7 +66,7 @@ Pod::Spec.new do |s|
 
   # Experimental / NOT production-ready Rust-based crypto library
   s.subspec 'CryptoSDK' do |ss|
-    ss.dependency 'MatrixSDKCrypto', '0.1.2', :configurations => ["DEBUG"]
+    ss.dependency 'MatrixSDKCrypto', '0.1.3', :configurations => ["DEBUG"]
   end
 
 end

MatrixSDK/Crypto/CryptoMachine/MXCryptoMachine.swift

@@ -327,6 +327,10 @@ extension MXCryptoMachine: MXCryptoUserIdentitySource {
         let request = try machine.verifyDevice(userId: userId, deviceId: deviceId)
         try await requests.uploadSignatures(request: request)
     }
+
+    func setLocalTrust(userId: String, deviceId: String, trust: LocalTrust) throws {
+        try machine.setLocalTrust(userId: userId, deviceId: deviceId, trustState: trust)
+    }
 }
 
 extension MXCryptoMachine: MXCryptoRoomEventEncrypting {
@@ -540,6 +544,14 @@ extension MXCryptoMachine: MXCryptoVerificationRequesting {
         return request
     }
 
+    func requestVerification(userId: String, deviceId: String, methods: [String]) async throws -> VerificationRequest {
+        guard let result = try machine.requestVerificationWithDevice(userId: userId, deviceId: deviceId, methods: methods) else {
+            throw Error.missingVerificationRequest
+        }
+        try await handleOutgoingVerificationRequest(result.request)
+        return result.verification
+    }
+
     func verificationRequests(userId: String) -> [VerificationRequest] {
         return machine.getVerificationRequests(userId: userId)
     }
@@ -619,14 +631,6 @@ extension MXCryptoMachine: MXCryptoSASVerifying {
         return result.sas
     }
 
-    func startSasVerification(userId: String, deviceId: String) async throws -> Sas {
-        guard let result = try machine.startSasWithDevice(userId: userId, deviceId: deviceId) else {
-            throw Error.missingVerification
-        }
-        try await handleOutgoingVerificationRequest(result.request)
-        return result.sas
-    }
-
     func acceptSasVerification(userId: String, flowId: String) async throws {
         guard let request = machine.acceptSasVerification(userId: userId, flowId: flowId) else {
             throw Error.missingVerification

MatrixSDK/Crypto/CryptoMachine/MXCryptoProtocols.swift

@@ -55,6 +55,7 @@ protocol MXCryptoUserIdentitySource: MXCryptoIdentity {
     func downloadKeys(users: [String]) async throws
     func manuallyVerifyUser(userId: String) async throws
     func manuallyVerifyDevice(userId: String, deviceId: String) async throws
+    func setLocalTrust(userId: String, deviceId: String, trust: LocalTrust) throws
 }
 
 /// Event encryption and decryption
@@ -79,6 +80,7 @@ protocol MXCryptoVerificationRequesting: MXCryptoIdentity {
     func receiveUnencryptedVerificationEvent(event: MXEvent, roomId: String)
     func requestSelfVerification(methods: [String]) async throws -> VerificationRequest
     func requestVerification(userId: String, roomId: String, methods: [String]) async throws -> VerificationRequest
+    func requestVerification(userId: String, deviceId: String, methods: [String]) async throws -> VerificationRequest
     func verificationRequests(userId: String) -> [VerificationRequest]
     func verificationRequest(userId: String, flowId: String) -> VerificationRequest?
     func acceptVerificationRequest(userId: String, flowId: String, methods: [String]) async throws
@@ -95,7 +97,6 @@ protocol MXCryptoVerifying: MXCryptoIdentity {
 /// Lifecycle of SAS-specific verification transaction
 protocol MXCryptoSASVerifying: MXCryptoVerifying {
     func startSasVerification(userId: String, flowId: String) async throws -> Sas
-    func startSasVerification(userId: String, deviceId: String) async throws -> Sas
     func acceptSasVerification(userId: String, flowId: String) async throws
     func emojiIndexes(sas: Sas) throws -> [Int]
     func sasDecimals(sas: Sas) throws -> [Int]

MatrixSDK/Crypto/MXCryptoV2.swift

@@ -123,6 +123,8 @@ private class MXCryptoV2: MXCrypto {
     private let keyBackup: MXKeyBackup
     private var recovery: MXRecoveryService
 
+    private var undecryptableEvents = [String: MXEvent]()
+
     private let log = MXNamedLog(name: "MXCryptoV2")
 
     public init(userId: String, deviceId: String, session: MXSession, restClient: MXRestClient) throws {
@@ -281,7 +283,11 @@ private class MXCryptoV2: MXCrypto {
             return MXEventDecryptionResult()
         }
 
-        return machine.decryptRoomEvent(event)
+        let result = machine.decryptRoomEvent(event)
+        if result.clearEvent == nil {
+            undecryptableEvents[event.eventId] = event
+        }
+        return result
     }
 
     public override func decryptEvents(
@@ -334,6 +340,15 @@ private class MXCryptoV2: MXCrypto {
         onComplete?()
     }
 
+    private func retryDecryptEvent(event: MXEvent) -> Bool {
+        guard let result = decryptEvent(event, inTimeline: nil) else {
+            log.error("Cannot get decryption result")
+            return false
+        }
+        event.setClearData(result)
+        return result.clearEvent != nil
+    }
+
     // MARK: - Sync
 
     public override func handle(_ syncResponse: MXSyncResponse!) {
@@ -476,17 +491,19 @@ private class MXCryptoV2: MXCrypto {
             return
         }
 
-        log.debug("Setting device verification status manually")
+        log.debug("Setting device verification status manually to \(verificationStatus)")
 
-        switch verificationStatus {
-        case .unverified, .blocked, .unknown:
-            log.error("Not implemented")
+        let localTrust = verificationStatus.localTrust
+        switch localTrust {
         case .verified:
+            // If we want to set verified status, we will manually verify the device,
+            // including uploading relevant signatures
+
             Task {
                 do {
                     try await machine.manuallyVerifyDevice(userId: userId, deviceId: deviceId)
                     log.debug("Successfully marked device as verified")
-                    await MainActor.run {                        
+                    await MainActor.run {
                         success?()
                     }
                 } catch {
@@ -496,11 +513,18 @@ private class MXCryptoV2: MXCrypto {
                     }
                 }
             }
-        @unknown default:
-            log.failure("Unknown verification status", context: [
-                "status": verificationStatus
-            ])
-            failure?(nil)
+
+        case .blackListed, .ignored, .unset:
+            // In other cases we will only set local trust level
+
+            do {
+                try machine.setLocalTrust(userId: userId, deviceId: deviceId, trust: localTrust)
+                log.debug("Successfully set local trust to \(localTrust)")
+                success?()
+            } catch {
+                log.error("Failed setting local trust", context: error)
+                failure?(error)
+            }
         }
     }
 
@@ -613,13 +637,21 @@ private class MXCryptoV2: MXCrypto {
         success: ((Data?) -> Void)!,
         failure: ((Swift.Error?) -> Void)!
     ) {
-        do {
-            let data = try backupEngine.exportRoomKeys(passphrase: password)
-            log.debug("Exported room keys")
-            success(data)
-        } catch {
-            log.error("Failed exporting room keys", context: error)
-            failure(error)
+        Task.detached { [weak self] in
+            guard let self = self else { return }
+
+            do {
+                let data = try self.backupEngine.exportRoomKeys(passphrase: password)
+                await MainActor.run {
+                    self.log.debug("Exported room keys")
+                    success(data)
+                }
+            } catch {
+                await MainActor.run {
+                    self.log.error("Failed exporting room keys", context: error)
+                    failure(error)
+                }
+            }
         }
     }
 
@@ -635,13 +667,28 @@ private class MXCryptoV2: MXCrypto {
             return
         }
 
-        do {
-            let result = try backupEngine.importRoomKeys(data, passphrase: password)
-            log.debug("Imported room keys")
-            success(UInt(result.total), UInt(result.imported))
-        } catch {
-            log.error("Failed importing room keys", context: error)
-            failure(error)
+        Task.detached { [weak self] in
+            guard let self = self else { return }
+
+            do {
+                let result = try self.backupEngine.importRoomKeys(data, passphrase: password)
+
+                await MainActor.run {
+                    for (eventId, event) in self.undecryptableEvents {
+                        if self.retryDecryptEvent(event: event) {
+                            self.undecryptableEvents[eventId] = nil
+                        }
+                    }
+
+                    self.log.debug("Imported room keys")
+                    success(UInt(result.total), UInt(result.imported))
+                }
+            } catch {
+                await MainActor.run {
+                    self.log.error("Failed importing room keys", context: error)
+                    failure(error)
+                }
+            }
         }
     }
 
@@ -731,9 +778,12 @@ private class MXCryptoV2: MXCrypto {
     }
 
     public override func isRoomEncrypted(_ roomId: String!) -> Bool {
-        log.debug("Not implemented")
-        // All rooms encrypted by default for now
-        return true
+        guard let roomId = roomId, let summary = session?.room(withRoomId: roomId)?.summary else {
+            log.error("Missing room")
+            return false
+        }
+        // State of room encryption will be moved to MatrixSDKCrypto
+        return summary.isEncrypted
     }
 
     public override func isRoomSharingHistory(_ roomId: String!) -> Bool {
@@ -754,4 +804,22 @@ private class MXCryptoV2: MXCrypto {
     }
 }
 
+private extension MXDeviceVerification {
+    var localTrust: LocalTrust {
+        switch self {
+        case .unverified:
+            return .unset
+        case .verified:
+            return .verified
+        case .blocked:
+            return .blackListed
+        case .unknown:
+            return .unset
+        @unknown default:
+            MXNamedLog(name: "MXDeviceVerification").failure("Unknown device verification", context: self)
+            return .unset
+        }
+    }
+}
+
 #endif

MatrixSDK/Crypto/Verification/MXKeyVerificationManager.h

@@ -124,21 +124,6 @@ FOUNDATION_EXPORT NSString *const MXKeyVerificationManagerNotificationTransactio
 
 #pragma mark - Transactions
 
-/**
- Begin a device verification.
-
- @param userId the other user id.
- @param deviceId the other user device id.
- @param method the verification method (ex: MXKeyVerificationMethodSAS).
- @param success a block called when the operation succeeds.
- @param failure a block called when the operation fails.
- */
-- (void)beginKeyVerificationWithUserId:(NSString*)userId
-                           andDeviceId:(NSString*)deviceId
-                                method:(NSString*)method
-                               success:(void(^)(id<MXKeyVerificationTransaction> transaction))success
-                               failure:(void(^)(NSError *error))failure __attribute__((deprecated("Start key verification with a request (requestVerificationByToDeviceWithUserId) instead")));
-
 /**
  Begin a device verification from a request.
 

MatrixSDK/Crypto/Verification/MXKeyVerificationManager.m

@@ -243,15 +243,6 @@ - (void)requestVerificationByDMWithUserId2:(NSString*)userId
 
 #pragma mark Transactions
 
-- (void)beginKeyVerificationWithUserId:(NSString*)userId
-                           andDeviceId:(NSString*)deviceId
-                                method:(NSString*)method
-                               success:(void(^)(id<MXKeyVerificationTransaction> transaction))success
-                               failure:(void(^)(NSError *error))failure
-{
-    [self beginKeyVerificationWithUserId:userId andDeviceId:deviceId transactionId:nil dmRoomId:nil dmEventId:nil method:method success:success failure:failure];
-}
-
 - (void)beginKeyVerificationFromRequest:(id<MXKeyVerificationRequest>)request
                                  method:(NSString*)method
                                 success:(void(^)(id<MXKeyVerificationTransaction> transaction))success