Device Verification

[skylord123]

There is a thread on the matrix chat channel that we discussed this quite a bit. It has the latest info on the state of this feature: https://matrix.to/#/!ppQOFZPDOZdYkxhyRo:skylar.tech/$LpIQ9XmTe0VVj9TThKwLHqwfKbrAwfSdamXLTQOdkhk?via=skylar.tech&via=matrix.org&via=chat.rios.org.br

There is a branch called e2ee-wip that I have been working on this feature under. It's at a point where you can get two clients to verify each other but it throws this weird error trying to upload the keys to the server:

15 Apr 18:29:07 - [warn] [matrix-device-verification:5f9cd93bd4d1fab5] Device verification cancelled Error: Key upload failed
{"failures":{"@skylord123:skylar.tech":{"<removed>":{"status":404,"errcode":"M_NOT_FOUND","message":"404: No user_signing key found for @testaccount:skylar.tech"}}}}
[Verification Start] verify() error KeySignatureUploadError: Key upload failed
    at upload (/home/skylar/Projects/node-red-contrib-matrix-chat/node_modules/matrix-js-sdk/lib/crypto/index.js:1986:21)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
    at async Crypto.setDeviceVerification (/home/skylar/Projects/node-red-contrib-matrix-chat/node_modules/matrix-js-sdk/lib/crypto/index.js:1991:11)
    at async SAS.verifyKeys (/home/skylar/Projects/node-red-contrib-matrix-chat/node_modules/matrix-js-sdk/lib/crypto/verification/Base.js:336:7)
    at async SAS.checkMAC (/home/skylar/Projects/node-red-contrib-matrix-chat/node_modules/matrix-js-sdk/lib/crypto/verification/SAS.js:457:5)
    at async SAS.verifyAndCheckMAC (/home/skylar/Projects/node-red-contrib-matrix-chat/node_modules/matrix-js-sdk/lib/crypto/verification/SAS.js:335:5)
    at async SAS.doSendVerification (/home/skylar/Projects/node-red-contrib-matrix-chat/node_modules/matrix-js-sdk/lib/crypto/verification/SAS.js:386:7)
    at async SAS.doVerification (/home/skylar/Projects/node-red-contrib-matrix-chat/node_modules/matrix-js-sdk/lib/crypto/verification/SAS.js:266:20) {
  value: { failures: { '@skylord123:skylar.tech': [Object] } }
}

Despite that error though both clients show the other as verified.

Before we fix this though we need to get matrix-js-sdk dependency updated to the latest. On the latest release they have deprecated libolm in favor of rust crypto which is being tracked under #122

How This Works

Here is a flow you can import to see how this works: https://gist.github.com/skylord123/9678fb9534adf9bdf8e8183955a6509a

We have a single device verification node. When you move it into the palette you configure it to set the mode. There are four available modes:

• Receive: Receive verification requests
• Start: Start the verification requests (this will tell the other client we are starting verification and will give you a msg containing the emojis to validate)
• Accept: Accept verification requests
• Deny: Deny verification requests

[skylord123]

I rebased e2ee-wip off of dev so it has the latest.