Merge pull request #144 from uhoreg/granular_sender_not_trusted_error

Return finer-grained errors for sender-not-trusted
matrix-org · Sep 17, 2024 · 05450de · 05450de
2 parents c8da41c + 1abdbec
commit 05450de
Show file tree

Hide file tree

Showing 2 changed files with 35 additions and 7 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,12 @@
 # UNRELEASED
 
+**BREAKING CHANGES**
+
+-   The `SenderIdentityNotTrusted` value in the `DecryptionErrorCode` was
+    replaced with `UnknownSenderDevice`, `UnsignedSenderDevice`, and
+    `SenderIdentityPreviouslyVerified` to allow the application to distinguish
+    between the different reasons that the sender identity is not trusted.
+
 # matrix-sdk-crypto-wasm v8.0.0
 
 **BREAKING CHANGES**

diff --git a/src/error.rs b/src/error.rs
@@ -1,6 +1,7 @@
 //! Errors related to room event decryption.
 
 use js_sys::JsString;
+use matrix_sdk_common::deserialized_responses::VerificationLevel;
 use matrix_sdk_crypto::{vodozemac, MegolmError};
 use wasm_bindgen::prelude::wasm_bindgen;
 
@@ -16,8 +17,12 @@ pub enum DecryptionErrorCode {
     /// device we received the room key from and the identity keys recorded in
     /// the plaintext of the room key to-device message.
     MismatchedIdentityKeys,
-    /// The sender does not satisfy the requested trust requirement.
-    SenderIdentityNotTrusted,
+    /// We weren't able to link the message back to any known device.
+    UnknownSenderDevice,
+    /// The sender device is not cross-signed.
+    UnsignedSenderDevice,
+    /// The sender's identity is unverified, but was previously verified.
+    SenderIdentityPreviouslyVerified,
     /// Other failure.
     UnableToDecrypt,
 }
@@ -70,11 +75,27 @@ impl From<MegolmError> for MegolmDecryptionError {
                 description: value.to_string().into(),
                 maybe_withheld: None,
             },
-            MegolmError::SenderIdentityNotTrusted(..) => MegolmDecryptionError {
-                code: DecryptionErrorCode::SenderIdentityNotTrusted,
-                description: value.to_string().into(),
-                maybe_withheld: None,
-            },
+            MegolmError::SenderIdentityNotTrusted(VerificationLevel::PreviouslyVerified) => {
+                MegolmDecryptionError {
+                    code: DecryptionErrorCode::SenderIdentityPreviouslyVerified,
+                    description: value.to_string().into(),
+                    maybe_withheld: None,
+                }
+            }
+            MegolmError::SenderIdentityNotTrusted(VerificationLevel::UnsignedDevice) => {
+                MegolmDecryptionError {
+                    code: DecryptionErrorCode::UnsignedSenderDevice,
+                    description: value.to_string().into(),
+                    maybe_withheld: None,
+                }
+            }
+            MegolmError::SenderIdentityNotTrusted(VerificationLevel::None(..)) => {
+                MegolmDecryptionError {
+                    code: DecryptionErrorCode::UnknownSenderDevice,
+                    description: value.to_string().into(),
+                    maybe_withheld: None,
+                }
+            }
             _ => MegolmDecryptionError {
                 code: DecryptionErrorCode::UnableToDecrypt,
                 description: value.to_string().into(),