-
Notifications
You must be signed in to change notification settings - Fork 499
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
17 changed files
with
249 additions
and
62 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
File renamed without changes.
File renamed without changes.
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
// | ||
// Copyright 2023 New Vector Ltd | ||
// | ||
// Licensed under the Apache License, Version 2.0 (the "License"); | ||
// you may not use this file except in compliance with the License. | ||
// You may obtain a copy of the License at | ||
// | ||
// http://www.apache.org/licenses/LICENSE-2.0 | ||
// | ||
// Unless required by applicable law or agreed to in writing, software | ||
// distributed under the License is distributed on an "AS IS" BASIS, | ||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
// See the License for the specific language governing permissions and | ||
// limitations under the License. | ||
// | ||
|
||
import Foundation | ||
|
||
/// Object responsible for calculating user and room trust level | ||
@objc class EncryptionTrustLevel: NSObject { | ||
|
||
/// Calculate trust level for a single user given their cross-signing info | ||
@objc func userTrustLevel( | ||
crossSigning: MXCrossSigningInfo?, | ||
devicesTrust: MXTrustSummary | ||
) -> UserEncryptionTrustLevel { | ||
|
||
// If we could cross-sign but we haven't, the user is simply not verified | ||
if let crossSigning, !crossSigning.isVerified { | ||
return .notVerified | ||
|
||
// If we cannot cross-sign the user (legacy behaviour) and have not signed | ||
// any devices manually, the user is not verified | ||
} else if crossSigning == nil && devicesTrust.trustedCount == 0 { | ||
return .notVerified | ||
} | ||
|
||
return devicesTrust.areAllTrusted ? .trusted : .warning | ||
} | ||
|
||
/// Calculate trust level for a room given trust level of users and their devices | ||
@objc func roomTrustLevel(summary: MXUsersTrustLevelSummary) -> RoomEncryptionTrustLevel { | ||
guard summary.usersTrust.areAllTrusted else { | ||
return .normal | ||
} | ||
return summary.devicesTrust.areAllTrusted ? .trusted : .warning | ||
} | ||
} |
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
// | ||
// Copyright 2023 New Vector Ltd | ||
// | ||
// Licensed under the Apache License, Version 2.0 (the "License"); | ||
// you may not use this file except in compliance with the License. | ||
// You may obtain a copy of the License at | ||
// | ||
// http://www.apache.org/licenses/LICENSE-2.0 | ||
// | ||
// Unless required by applicable law or agreed to in writing, software | ||
// distributed under the License is distributed on an "AS IS" BASIS, | ||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
// See the License for the specific language governing permissions and | ||
// limitations under the License. | ||
// | ||
|
||
/** | ||
RoomEncryptionTrustLevel represents the trust level in an encrypted room. | ||
*/ | ||
typedef NS_ENUM(NSUInteger, RoomEncryptionTrustLevel) { | ||
RoomEncryptionTrustLevelTrusted, | ||
RoomEncryptionTrustLevelWarning, | ||
RoomEncryptionTrustLevelNormal, | ||
RoomEncryptionTrustLevelUnknown | ||
}; |
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
156 changes: 156 additions & 0 deletions
156
RiotTests/Modules/Encryption/EncryptionTrustLevelTests.swift
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,156 @@ | ||
// | ||
// Copyright 2023 New Vector Ltd | ||
// | ||
// Licensed under the Apache License, Version 2.0 (the "License"); | ||
// you may not use this file except in compliance with the License. | ||
// You may obtain a copy of the License at | ||
// | ||
// http://www.apache.org/licenses/LICENSE-2.0 | ||
// | ||
// Unless required by applicable law or agreed to in writing, software | ||
// distributed under the License is distributed on an "AS IS" BASIS, | ||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
// See the License for the specific language governing permissions and | ||
// limitations under the License. | ||
// | ||
|
||
import Foundation | ||
import XCTest | ||
@testable import Element | ||
@testable import MatrixSDK | ||
|
||
class EncryptionTrustLevelTests: XCTestCase { | ||
|
||
var encryption: EncryptionTrustLevel! | ||
override func setUp() { | ||
encryption = EncryptionTrustLevel() | ||
} | ||
|
||
// MARK: - Helpers | ||
|
||
func makeCrossSigning(isVerified: Bool) -> MXCrossSigningInfo { | ||
return .init( | ||
userIdentity: .init( | ||
identity: .other( | ||
userId: "Bob", | ||
masterKey: "MSK", | ||
selfSigningKey: "SSK" | ||
), | ||
isVerified: isVerified | ||
) | ||
) | ||
} | ||
|
||
func makeProgress(trusted: Int, total: Int) -> Progress { | ||
let progress = Progress(totalUnitCount: Int64(total)) | ||
progress.completedUnitCount = Int64(trusted) | ||
return progress | ||
} | ||
|
||
// MARK: - Users | ||
|
||
func test_userTrustLevel_whenCrossSigningDisabled() { | ||
let devicesToTrustLevel: [(Progress, UserEncryptionTrustLevel)] = [ | ||
(makeProgress(trusted: 0, total: 0), .notVerified), | ||
(makeProgress(trusted: 0, total: 2), .notVerified), | ||
(makeProgress(trusted: 1, total: 2), .warning), | ||
(makeProgress(trusted: 3, total: 4), .warning), | ||
(makeProgress(trusted: 5, total: 5), .trusted) | ||
] | ||
|
||
for (devices, expected) in devicesToTrustLevel { | ||
let trustLevel = encryption.userTrustLevel( | ||
crossSigning: nil, | ||
trustedDevices: devices | ||
) | ||
XCTAssertEqual(trustLevel, expected, "\(devices.completedUnitCount) trusted device(s) out of \(devices.totalUnitCount)") | ||
} | ||
} | ||
|
||
func test_userTrustLevel_whenCrossSigningNotVerified() { | ||
let devicesToTrustLevel: [(Progress, UserEncryptionTrustLevel)] = [ | ||
(makeProgress(trusted: 0, total: 0), .notVerified), | ||
(makeProgress(trusted: 0, total: 2), .notVerified), | ||
(makeProgress(trusted: 1, total: 2), .notVerified), | ||
(makeProgress(trusted: 3, total: 4), .notVerified), | ||
(makeProgress(trusted: 5, total: 5), .notVerified) | ||
] | ||
|
||
for (devices, expected) in devicesToTrustLevel { | ||
let trustLevel = encryption.userTrustLevel( | ||
crossSigning: makeCrossSigning(isVerified: false), | ||
trustedDevices: devices | ||
) | ||
XCTAssertEqual(trustLevel, expected, "\(devices.completedUnitCount) trusted device(s) out of \(devices.totalUnitCount)") | ||
} | ||
} | ||
|
||
func test_userTrustLevel_whenCrossSigningVerified() { | ||
let devicesToTrustLevel: [(Progress, UserEncryptionTrustLevel)] = [ | ||
(makeProgress(trusted: 0, total: 0), .trusted), | ||
(makeProgress(trusted: 0, total: 2), .warning), | ||
(makeProgress(trusted: 1, total: 2), .warning), | ||
(makeProgress(trusted: 3, total: 4), .warning), | ||
(makeProgress(trusted: 5, total: 5), .trusted) | ||
] | ||
|
||
for (devices, expected) in devicesToTrustLevel { | ||
let trustLevel = encryption.userTrustLevel( | ||
crossSigning: makeCrossSigning(isVerified: true), | ||
trustedDevices: devices | ||
) | ||
XCTAssertEqual(trustLevel, expected, "\(devices.completedUnitCount) trusted device(s) out of \(devices.totalUnitCount)") | ||
} | ||
} | ||
|
||
// MARK: - Rooms | ||
|
||
func test_roomTrustLevel() { | ||
let usersDevicesToTrustLevel: [(Progress, Progress, RoomEncryptionTrustLevel)] = [ | ||
// No users verified | ||
(makeProgress(trusted: 0, total: 0), makeProgress(trusted: 0, total: 0), .normal), | ||
|
||
// Only some users verified | ||
(makeProgress(trusted: 0, total: 1), makeProgress(trusted: 0, total: 1), .normal), | ||
(makeProgress(trusted: 3, total: 4), makeProgress(trusted: 5, total: 5), .normal), | ||
(makeProgress(trusted: 3, total: 4), makeProgress(trusted: 5, total: 5), .normal), | ||
|
||
// All users verified | ||
(makeProgress(trusted: 2, total: 2), makeProgress(trusted: 0, total: 0), .trusted), | ||
(makeProgress(trusted: 3, total: 3), makeProgress(trusted: 0, total: 1), .warning), | ||
(makeProgress(trusted: 3, total: 3), makeProgress(trusted: 3, total: 4), .warning), | ||
(makeProgress(trusted: 4, total: 4), makeProgress(trusted: 5, total: 5), .trusted), | ||
] | ||
|
||
for (users, devices, expected) in usersDevicesToTrustLevel { | ||
let trustLevel = encryption.roomTrustLevel( | ||
summary: MXUsersTrustLevelSummary( | ||
trustedUsersProgress: users, | ||
andTrustedDevicesProgress: devices | ||
) | ||
) | ||
XCTAssertEqual(trustLevel, expected, "\(users.completedUnitCount) trusted users(s) out of \(users.totalUnitCount) and \(devices.completedUnitCount) trusted device(s) out of \(devices.totalUnitCount)") | ||
} | ||
} | ||
} | ||
|
||
extension UserEncryptionTrustLevel: CustomStringConvertible { | ||
public var description: String { | ||
switch self { | ||
case .trusted: | ||
return "trusted" | ||
case .warning: | ||
return "warning" | ||
case .notVerified: | ||
return "notVerified" | ||
case .noCrossSigning: | ||
return "noCrossSigning" | ||
case .none: | ||
return "none" | ||
case .unknown: | ||
return "unknown" | ||
@unknown default: | ||
return "unknown" | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
Encryption: Refactor user / room encryption trust level |