refactor(crypto): Pass DecryptionSettings in to OlmMachine::decrypt_to_device_event

This will be used in the next commit, but it was very noisy, so I
separated it out into this commit to make the next one easier to read.

Author: andybalaam

bindings/matrix-sdk-crypto-ffi/src/dehydrated_devices.rs

@@ -7,6 +7,7 @@ use matrix_sdk_crypto::{
         RehydratedDevice as InnerRehydratedDevice,
     },
     store::types::DehydratedDeviceKey as InnerDehydratedDeviceKey,
+    DecryptionSettings,
 };
 use ruma::{api::client::dehydrated_device, events::AnyToDeviceEvent, serde::Raw, OwnedDeviceId};
 use serde_json::json;
@@ -154,9 +155,13 @@ impl Drop for RehydratedDevice {
 
 #[matrix_sdk_ffi_macros::export]
 impl RehydratedDevice {
-    pub fn receive_events(&self, events: String) -> Result<(), crate::CryptoStoreError> {
+    pub fn receive_events(
+        &self,
+        events: String,
+        decryption_settings: &DecryptionSettings,
+    ) -> Result<(), crate::CryptoStoreError> {
         let events: Vec<Raw<AnyToDeviceEvent>> = serde_json::from_str(&events)?;
-        self.runtime.block_on(self.inner.receive_events(events))?;
+        self.runtime.block_on(self.inner.receive_events(events, decryption_settings))?;
 
         Ok(())
     }

bindings/matrix-sdk-crypto-ffi/src/machine.rs

@@ -526,6 +526,7 @@ impl OlmMachine {
         key_counts: HashMap<String, i32>,
         unused_fallback_keys: Option<Vec<String>>,
         next_batch_token: String,
+        decryption_settings: &DecryptionSettings,
     ) -> Result<SyncChangesResult, CryptoStoreError> {
         let to_device: ToDevice = serde_json::from_str(&events)?;
         let device_changes: RumaDeviceLists = device_changes.into();
@@ -544,15 +545,17 @@ impl OlmMachine {
         let unused_fallback_keys: Option<Vec<OneTimeKeyAlgorithm>> =
             unused_fallback_keys.map(|u| u.into_iter().map(OneTimeKeyAlgorithm::from).collect());
 
-        let (to_device_events, room_key_infos) = self.runtime.block_on(
-            self.inner.receive_sync_changes(matrix_sdk_crypto::EncryptionSyncChanges {
-                to_device_events: to_device.events,
-                changed_devices: &device_changes,
-                one_time_keys_counts: &key_counts,
-                unused_fallback_keys: unused_fallback_keys.as_deref(),
-                next_batch_token: Some(next_batch_token),
-            }),
-        )?;
+        let (to_device_events, room_key_infos) =
+            self.runtime.block_on(self.inner.receive_sync_changes(
+                matrix_sdk_crypto::EncryptionSyncChanges {
+                    to_device_events: to_device.events,
+                    changed_devices: &device_changes,
+                    one_time_keys_counts: &key_counts,
+                    unused_fallback_keys: unused_fallback_keys.as_deref(),
+                    next_batch_token: Some(next_batch_token),
+                },
+                decryption_settings,
+            ))?;
 
         let to_device_events = to_device_events
             .into_iter()

crates/matrix-sdk-base/src/client.rs

@@ -500,7 +500,12 @@ impl BaseClient {
             let processors::e2ee::to_device::Output {
                 processed_to_device_events: to_device,
                 room_key_updates,
-            } = processors::e2ee::to_device::from_sync_v2(&response, olm_machine.as_ref()).await?;
+            } = processors::e2ee::to_device::from_sync_v2(
+                &response,
+                olm_machine.as_ref(),
+                &self.decryption_settings,
+            )
+            .await?;
 
             processors::latest_event::decrypt_from_rooms(
                 &mut context,

crates/matrix-sdk-base/src/response_processors/e2ee/to_device.rs

@@ -15,7 +15,9 @@
 use std::collections::BTreeMap;
 
 use matrix_sdk_common::deserialized_responses::ProcessedToDeviceEvent;
-use matrix_sdk_crypto::{store::types::RoomKeyInfo, EncryptionSyncChanges, OlmMachine};
+use matrix_sdk_crypto::{
+    store::types::RoomKeyInfo, DecryptionSettings, EncryptionSyncChanges, OlmMachine,
+};
 use ruma::{
     api::client::sync::sync_events::{v3, v5, DeviceLists},
     events::AnyToDeviceEvent,
@@ -34,6 +36,7 @@ pub async fn from_msc4186(
     to_device: Option<&v5::response::ToDevice>,
     e2ee: &v5::response::E2EE,
     olm_machine: Option<&OlmMachine>,
+    decryption_settings: &DecryptionSettings,
 ) -> Result<Output> {
     process(
         olm_machine,
@@ -42,6 +45,7 @@ pub async fn from_msc4186(
         &e2ee.device_one_time_keys_count,
         e2ee.device_unused_fallback_key_types.as_deref(),
         to_device.as_ref().map(|to_device| to_device.next_batch.clone()),
+        decryption_settings,
     )
     .await
 }
@@ -54,6 +58,7 @@ pub async fn from_msc4186(
 pub async fn from_sync_v2(
     response: &v3::Response,
     olm_machine: Option<&OlmMachine>,
+    decryption_settings: &DecryptionSettings,
 ) -> Result<Output> {
     process(
         olm_machine,
@@ -62,6 +67,7 @@ pub async fn from_sync_v2(
         &response.device_one_time_keys_count,
         response.device_unused_fallback_key_types.as_deref(),
         Some(response.next_batch.clone()),
+        decryption_settings,
     )
     .await
 }
@@ -77,6 +83,7 @@ async fn process(
     one_time_keys_counts: &BTreeMap<OneTimeKeyAlgorithm, UInt>,
     unused_fallback_keys: Option<&[OneTimeKeyAlgorithm]>,
     next_batch_token: Option<String>,
+    decryption_settings: &DecryptionSettings,
 ) -> Result<Output> {
     let encryption_sync_changes = EncryptionSyncChanges {
         to_device_events,
@@ -92,7 +99,7 @@ async fn process(
         // This makes sure that we have the decryption keys for the room
         // events at hand.
         let (events, room_key_updates) =
-            olm_machine.receive_sync_changes(encryption_sync_changes).await?;
+            olm_machine.receive_sync_changes(encryption_sync_changes, decryption_settings).await?;
 
         Output { processed_to_device_events: events, room_key_updates: Some(room_key_updates) }
     } else {

crates/matrix-sdk-base/src/sliding_sync.rs

@@ -63,8 +63,13 @@ impl BaseClient {
         let mut context = processors::Context::default();
 
         let processors::e2ee::to_device::Output { processed_to_device_events, room_key_updates } =
-            processors::e2ee::to_device::from_msc4186(to_device, e2ee, olm_machine.as_ref())
-                .await?;
+            processors::e2ee::to_device::from_msc4186(
+                to_device,
+                e2ee,
+                olm_machine.as_ref(),
+                &self.decryption_settings,
+            )
+            .await?;
 
         processors::latest_event::decrypt_from_rooms(
             &mut context,

crates/matrix-sdk-crypto/README.md

@@ -17,11 +17,10 @@ The state machine works in a push/pull manner:
 ```rust,no_run
 use std::collections::BTreeMap;
 
-use matrix_sdk_crypto::{EncryptionSyncChanges, OlmMachine, OlmError};
-use ruma::{
-    api::client::sync::sync_events::{v3::ToDevice, DeviceLists},
-    device_id, user_id,
+use matrix_sdk_crypto::{
+    DecryptionSettings, EncryptionSyncChanges, OlmError, OlmMachine, TrustRequirement,
 };
+use ruma::{api::client::sync::sync_events::DeviceLists, device_id, user_id};
 
 #[tokio::main]
 async fn main() -> Result<(), OlmError> {
@@ -33,19 +32,27 @@ async fn main() -> Result<(), OlmError> {
     let unused_fallback_keys = Some(Vec::new());
     let next_batch_token = "T0K3N".to_owned();
 
+    let decryption_settings =
+        DecryptionSettings { sender_device_trust_requirement: TrustRequirement::Untrusted };
+
     // Push changes that the server sent to us in a sync response.
-    let decrypted_to_device = machine.receive_sync_changes(EncryptionSyncChanges {
-        to_device_events: vec![],
-        changed_devices: &changed_devices,
-        one_time_keys_counts: &one_time_key_counts,
-        unused_fallback_keys: unused_fallback_keys.as_deref(),
-        next_batch_token: Some(next_batch_token),
-    }).await?;
+    let decrypted_to_device = machine
+        .receive_sync_changes(
+            EncryptionSyncChanges {
+                to_device_events: vec![],
+                changed_devices: &changed_devices,
+                one_time_keys_counts: &one_time_key_counts,
+                unused_fallback_keys: unused_fallback_keys.as_deref(),
+                next_batch_token: Some(next_batch_token),
+            },
+            &decryption_settings,
+        )
+        .await?;
 
     // Pull requests that we need to send out.
     let outgoing_requests = machine.outgoing_requests().await?;
 
-    // Send the requests here out and call machine.mark_request_as_sent().
+    // Send the requests out here and call machine.mark_request_as_sent().
 
     Ok(())
 }

crates/matrix-sdk-crypto/src/dehydrated_devices.rs

@@ -60,7 +60,8 @@ use crate::{
         CryptoStoreWrapper, MemoryStore, Store,
     },
     verification::VerificationMachine,
-    Account, CryptoStoreError, EncryptionSyncChanges, OlmError, OlmMachine, SignatureError,
+    Account, CryptoStoreError, DecryptionSettings, EncryptionSyncChanges, OlmError, OlmMachine,
+    SignatureError,
 };
 
 /// Error type for device dehydration issues.
@@ -215,7 +216,9 @@ impl RehydratedDevice {
     ///
     /// ```no_run
     /// # use anyhow::Result;
-    /// # use matrix_sdk_crypto::{ OlmMachine, store::types::DehydratedDeviceKey };
+    /// # use matrix_sdk_crypto::{
+    ///     DecryptionSettings, OlmMachine, TrustRequirement, store::types::DehydratedDeviceKey
+    /// };
     /// # use ruma::{api::client::dehydrated_device, DeviceId};
     /// # async fn example() -> Result<()> {
     /// # let machine: OlmMachine = unimplemented!();
@@ -245,6 +248,9 @@ impl RehydratedDevice {
     ///
     /// let mut since_token = None;
     /// let mut imported_room_keys = 0;
+    /// let decryption_settings = DecryptionSettings {
+    ///     sender_device_trust_requirement: TrustRequirement::Untrusted
+    /// };
     ///
     /// loop {
     ///     let response =
@@ -255,7 +261,7 @@ impl RehydratedDevice {
     ///     }
     ///
     ///     since_token = response.next_batch.as_deref();
-    ///     imported_room_keys += rehydrated.receive_events(response.events).await?.len();
+    ///     imported_room_keys += rehydrated.receive_events(response.events, &decryption_settings).await?.len();
     /// }
     ///
     /// println!("Successfully imported {imported_room_keys} from the dehydrated device.");
@@ -273,6 +279,7 @@ impl RehydratedDevice {
     pub async fn receive_events(
         &self,
         events: Vec<Raw<AnyToDeviceEvent>>,
+        decryption_settings: &DecryptionSettings,
     ) -> Result<Vec<RoomKeyInfo>, OlmError> {
         trace!("Receiving events for a rehydrated Device");
 
@@ -290,7 +297,7 @@ impl RehydratedDevice {
 
         let (_, changes) = self
             .rehydrated
-            .preprocess_sync_changes(&mut rehydrated_transaction, sync_changes)
+            .preprocess_sync_changes(&mut rehydrated_transaction, sync_changes, decryption_settings)
             .await?;
 
         // Now take the room keys and persist them in our original `OlmMachine`.
@@ -423,7 +430,7 @@ mod tests {
         store::types::DehydratedDeviceKey,
         types::{events::ToDeviceEvent, DeviceKeys as DeviceKeysType},
         utilities::json_convert,
-        EncryptionSettings, OlmMachine,
+        DecryptionSettings, EncryptionSettings, OlmMachine, TrustRequirement,
     };
 
     fn pickle_key() -> DehydratedDeviceKey {
@@ -568,9 +575,12 @@ mod tests {
         assert_eq!(rehydrated.rehydrated.device_id(), request.device_id);
         assert_eq!(rehydrated.original.device_id(), alice.device_id());
 
+        let decryption_settings =
+            DecryptionSettings { sender_device_trust_requirement: TrustRequirement::Untrusted };
+
         // Push the to-device event containing the room key into the rehydrated device.
         let ret = rehydrated
-            .receive_events(vec![event])
+            .receive_events(vec![event], &decryption_settings)
             .await
             .expect("We should be able to push to-device events into the rehydrated device");
 
@@ -680,9 +690,12 @@ mod tests {
         assert_eq!(rehydrated.rehydrated.device_id(), &device_id);
         assert_eq!(rehydrated.original.device_id(), alice.device_id());
 
+        let decryption_settings =
+            DecryptionSettings { sender_device_trust_requirement: TrustRequirement::Untrusted };
+
         // Push the to-device event containing the room key into the rehydrated device.
         let ret = rehydrated
-            .receive_events(vec![event])
+            .receive_events(vec![event], &decryption_settings)
             .await
             .expect("We should be able to push to-device events into the rehydrated device");
 

crates/matrix-sdk-crypto/src/gossiping/machine.rs

@@ -1142,6 +1142,7 @@ mod tests {
             EncryptedEvent, EncryptedToDeviceEvent, RoomEncryptedEventContent,
         },
         verification::VerificationMachine,
+        DecryptionSettings, TrustRequirement,
     };
 
     fn alice_id() -> &'static UserId {
@@ -2051,14 +2052,20 @@ mod tests {
         let stream = bob_machine.store().secrets_stream();
         pin_mut!(stream);
 
+        let decryption_settings =
+            DecryptionSettings { sender_device_trust_requirement: TrustRequirement::Untrusted };
+
         bob_machine
-            .receive_sync_changes(EncryptionSyncChanges {
-                to_device_events: vec![event],
-                changed_devices: &Default::default(),
-                one_time_keys_counts: &Default::default(),
-                unused_fallback_keys: None,
-                next_batch_token: None,
-            })
+            .receive_sync_changes(
+                EncryptionSyncChanges {
+                    to_device_events: vec![event],
+                    changed_devices: &Default::default(),
+                    one_time_keys_counts: &Default::default(),
+                    unused_fallback_keys: None,
+                    next_batch_token: None,
+                },
+                &decryption_settings,
+            )
             .await
             .unwrap();
 

crates/matrix-sdk-crypto/src/lib.rs

@@ -590,7 +590,9 @@ pub enum RoomEventDecryptionResult {
 ///
 /// ```no_run
 /// # use anyhow::Result;
-/// # use matrix_sdk_crypto::{EncryptionSyncChanges, OlmMachine};
+/// # use matrix_sdk_crypto::{
+///     DecryptionSettings, EncryptionSyncChanges, OlmMachine, TrustRequirement
+/// };
 /// # use ruma::api::client::sync::sync_events::v3::Response;
 /// # #[tokio::main]
 /// # async fn main() -> Result<()> {
@@ -617,11 +619,15 @@ pub enum RoomEventDecryptionResult {
 ///         next_batch_token: Some(response.next_batch),
 ///     };
 ///
+///     let decryption_settings = DecryptionSettings {
+///         sender_device_trust_requirement: TrustRequirement::Untrusted
+///     };
+///
 ///     // Push the sync changes into the OlmMachine, make sure that this is
 ///     // happening before the `next_batch` token of the sync is persisted.
 ///     let to_device_events = client
 ///         .olm_machine
-///         .receive_sync_changes(sync_changes)
+///         .receive_sync_changes(sync_changes, &decryption_settings)
 ///         .await?;
 ///
 ///     // Send the outgoing requests out that the sync changes produced.
@@ -768,7 +774,9 @@ pub enum RoomEventDecryptionResult {
 /// ```no_run
 /// # use anyhow::Result;
 /// # use std::ops::Deref;
-/// # use matrix_sdk_crypto::{EncryptionSyncChanges, OlmMachine};
+/// # use matrix_sdk_crypto::{
+/// #     DecryptionSettings, EncryptionSyncChanges, OlmMachine, TrustRequirement
+/// # };
 /// # use ruma::api::client::sync::sync_events::v3::{Response, JoinedRoom};
 /// # use ruma::{OwnedUserId, serde::Raw, events::AnySyncStateEvent};
 /// # #[tokio::main]
@@ -805,11 +813,15 @@ pub enum RoomEventDecryptionResult {
 ///         next_batch_token: Some(response.next_batch),
 ///     };
 ///
+///     let decryption_settings = DecryptionSettings {
+///         sender_device_trust_requirement: TrustRequirement::Untrusted
+///     };
+///
 ///     // Push the sync changes into the OlmMachine, make sure that this is
 ///     // happening before the `next_batch` token of the sync is persisted.
 ///     let to_device_events = client
 ///         .olm_machine
-///         .receive_sync_changes(sync_changes)
+///         .receive_sync_changes(sync_changes, &decryption_settings)
 ///         .await?;
 ///
 ///     // Send the outgoing requests out that the sync changes produced.