From 01e2a99fdc940c3ab02e03a0de96c134373fc474 Mon Sep 17 00:00:00 2001
From: Hubert Chathi <hubertc@matrix.org>
Date: Sun, 15 Sep 2024 20:01:24 -0400
Subject: [PATCH 1/2] return finer-grained errors for sender-not-trusted

---
 src/error.rs | 35 ++++++++++++++++++++++++++++-------
 1 file changed, 28 insertions(+), 7 deletions(-)

diff --git a/src/error.rs b/src/error.rs
index 4aaeef2..09c28cf 100644
--- a/src/error.rs
+++ b/src/error.rs
@@ -1,6 +1,7 @@
 //! Errors related to room event decryption.
 
 use js_sys::JsString;
+use matrix_sdk_common::deserialized_responses::VerificationLevel;
 use matrix_sdk_crypto::{vodozemac, MegolmError};
 use wasm_bindgen::prelude::wasm_bindgen;
 
@@ -16,8 +17,12 @@ pub enum DecryptionErrorCode {
     /// device we received the room key from and the identity keys recorded in
     /// the plaintext of the room key to-device message.
     MismatchedIdentityKeys,
-    /// The sender does not satisfy the requested trust requirement.
-    SenderIdentityNotTrusted,
+    /// We weren't able to link the message back to any known device.
+    UnknownSenderDevice,
+    /// The sender device is not cross-signed.
+    UnsignedSenderDevice,
+    /// The sender's identity is unverified, but was previously verified.
+    SenderIdentityPreviouslyVerified,
     /// Other failure.
     UnableToDecrypt,
 }
@@ -70,11 +75,27 @@ impl From<MegolmError> for MegolmDecryptionError {
                 description: value.to_string().into(),
                 maybe_withheld: None,
             },
-            MegolmError::SenderIdentityNotTrusted(..) => MegolmDecryptionError {
-                code: DecryptionErrorCode::SenderIdentityNotTrusted,
-                description: value.to_string().into(),
-                maybe_withheld: None,
-            },
+            MegolmError::SenderIdentityNotTrusted(VerificationLevel::PreviouslyVerified) => {
+                MegolmDecryptionError {
+                    code: DecryptionErrorCode::SenderIdentityPreviouslyVerified,
+                    description: value.to_string().into(),
+                    maybe_withheld: None,
+                }
+            }
+            MegolmError::SenderIdentityNotTrusted(VerificationLevel::UnsignedDevice) => {
+                MegolmDecryptionError {
+                    code: DecryptionErrorCode::UnsignedSenderDevice,
+                    description: value.to_string().into(),
+                    maybe_withheld: None,
+                }
+            }
+            MegolmError::SenderIdentityNotTrusted(VerificationLevel::None(..)) => {
+                MegolmDecryptionError {
+                    code: DecryptionErrorCode::UnknownSenderDevice,
+                    description: value.to_string().into(),
+                    maybe_withheld: None,
+                }
+            }
             _ => MegolmDecryptionError {
                 code: DecryptionErrorCode::UnableToDecrypt,
                 description: value.to_string().into(),

From 1abdbecb1b4d39429104c1145b4c15353138eebc Mon Sep 17 00:00:00 2001
From: Hubert Chathi <hubertc@matrix.org>
Date: Mon, 16 Sep 2024 15:44:21 -0400
Subject: [PATCH 2/2] add changelog

---
 CHANGELOG.md | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index c87a46a..eb392cf 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,12 @@
 # UNRELEASED
 
+**BREAKING CHANGES**
+
+-   The `SenderIdentityNotTrusted` value in the `DecryptionErrorCode` was
+    replaced with `UnknownSenderDevice`, `UnsignedSenderDevice`, and
+    `SenderIdentityPreviouslyVerified` to allow the application to distinguish
+    between the different reasons that the sender identity is not trusted.
+
 # matrix-sdk-crypto-wasm v8.0.0
 
 **BREAKING CHANGES**