Update Rust SDK to latest version

CHANGELOG.md

@@ -1,5 +1,15 @@
 # UNRELEASED
 
+**BREAKING CHANGES**
+
+-   `EncryptionSettings.onlyAllowTrustedDevices` has been replaced with
+    `EncryptionSettings.sharingStrategy`, which adds the ability to share only
+    with cross-signed devices.
+
+-   Update matrix-rust-sdk to `11cbf849c`, which includes:
+
+    -   refactor(sdk-crypto): Room key sharing, introduce extensible strategy ([#3605](https://github.com/matrix-org/matrix-rust-sdk/pull/3605))
+
 # matrix-sdk-crypto-wasm v6.2.1
 
 -   Update matrix-rust-sdk to `7b25a1c2f`, which includes fixes to bugs introduced in v6.2.0.

src/encryption.rs

@@ -33,8 +33,8 @@ pub struct EncryptionSettings {
 
     /// Should untrusted devices receive the room key, or should they be
     /// excluded from the conversation.
-    #[wasm_bindgen(js_name = "onlyAllowTrustedDevices")]
-    pub only_allow_trusted_devices: bool,
+    #[wasm_bindgen(js_name = "sharingStrategy")]
+    pub sharing_strategy: CollectStrategy,
 }
 
 impl Default for EncryptionSettings {
@@ -46,7 +46,7 @@ impl Default for EncryptionSettings {
             rotation_period: default.rotation_period.as_micros().try_into().unwrap(),
             rotation_period_messages: default.rotation_period_msgs,
             history_visibility: default.history_visibility.into(),
-            only_allow_trusted_devices: default.only_allow_trusted_devices,
+            sharing_strategy: default.sharing_strategy.into(),
         }
     }
 }
@@ -69,7 +69,7 @@ impl From<&EncryptionSettings> for matrix_sdk_crypto::olm::EncryptionSettings {
             rotation_period: Duration::from_micros(value.rotation_period),
             rotation_period_msgs: value.rotation_period_messages,
             history_visibility: value.history_visibility.clone().into(),
-            only_allow_trusted_devices: value.only_allow_trusted_devices,
+            sharing_strategy: value.sharing_strategy.clone().into(),
         }
     }
 }
@@ -116,6 +116,57 @@ impl From<matrix_sdk_crypto::types::EventEncryptionAlgorithm> for EncryptionAlgo
     }
 }
 
+/// Strategy to collect the devices that should receive room keys for the
+/// current discussion.
+#[wasm_bindgen()]
+#[derive(Debug, Clone, PartialEq, Eq)]
+pub enum CollectStrategy {
+    /// Device based sharing strategy, excluding devices that are not trusted.
+    /// A device is trusted if any of the following is true:
+    ///     - It was manually marked as trusted.
+    ///     - It was marked as verified via interactive verification.
+    ///     - It is signed by its owner identity, and this identity has been
+    ///       trusted via interactive verification.
+    ///     - It is the current own device of the user.
+    DeviceBasedStrategyOnlyTrustedDevices,
+    /// Device based sharing strategy, including all devices.
+    DeviceBasedStrategyAllDevices,
+    /// Share based on identity. Only distribute to devices signed by their
+    /// owner. If a user has no published identity he will not receive
+    /// any room keys.
+    IdentityBasedStrategy,
+}
+
+impl From<CollectStrategy> for matrix_sdk_crypto::CollectStrategy {
+    fn from(value: CollectStrategy) -> Self {
+        match value {
+            CollectStrategy::DeviceBasedStrategyOnlyTrustedDevices => {
+                Self::DeviceBasedStrategy { only_allow_trusted_devices: true }
+            }
+            CollectStrategy::DeviceBasedStrategyAllDevices => {
+                Self::DeviceBasedStrategy { only_allow_trusted_devices: false }
+            }
+            CollectStrategy::IdentityBasedStrategy => Self::IdentityBasedStrategy,
+        }
+    }
+}
+
+impl From<matrix_sdk_crypto::CollectStrategy> for CollectStrategy {
+    fn from(value: matrix_sdk_crypto::CollectStrategy) -> Self {
+        match value {
+            matrix_sdk_crypto::CollectStrategy::DeviceBasedStrategy {
+                only_allow_trusted_devices: true,
+            } => Self::DeviceBasedStrategyOnlyTrustedDevices,
+            matrix_sdk_crypto::CollectStrategy::DeviceBasedStrategy {
+                only_allow_trusted_devices: false,
+            } => Self::DeviceBasedStrategyAllDevices,
+            matrix_sdk_crypto::CollectStrategy::IdentityBasedStrategy => {
+                Self::IdentityBasedStrategy
+            }
+        }
+    }
+}
+
 /// Take a look at [`matrix_sdk_common::deserialized_responses::ShieldState`]
 /// for more info.
 #[wasm_bindgen]

src/libolm_migration.rs

@@ -300,19 +300,15 @@ async fn import_olm_sessions_to_store(
         .await?
         .context("Base data must be imported before calling `migrateOlmSessions`")?;
 
-    let user_id = account.user_id();
-    let device_id = account.device_id();
-    let identity_keys = &account.identity_keys;
-
     let sessions = pickled_sessions
         .into_iter()
         .map(|pickled_session| {
-            Session::from_pickle(
-                user_id.to_owned(),
-                device_id.to_owned(),
-                identity_keys.clone(),
-                pickled_session,
-            )
+            // Session::from_pickle normally needs the device keys from storage
+            // (which will include cross-signing signatures), for embedding the
+            // key in outgoing messages.  But in this case, it is just getting
+            // stored, so we can use the device keys generated by the account.
+            Session::from_pickle(account.device_keys(), pickled_session)
+                .expect("The account is invalid")
         })
         .collect();
 
@@ -441,6 +437,7 @@ fn libolm_pickled_megolm_session_to_rust_pickled_session(
         pickle,
         sender_key,
         signing_key: sender_signing_keys,
+        sender_data: Default::default(),
         room_id: libolm_session
             .room_id
             .clone()

tests/encryption.test.js

@@ -1,4 +1,10 @@
-const { EncryptionAlgorithm, EncryptionSettings, HistoryVisibility, VerificationState } = require("../pkg");
+const {
+    CollectStrategy,
+    EncryptionAlgorithm,
+    EncryptionSettings,
+    HistoryVisibility,
+    VerificationState,
+} = require("../pkg");
 
 describe("EncryptionAlgorithm", () => {
     test("has the correct variant values", () => {
@@ -27,4 +33,15 @@ describe(EncryptionSettings.name, () => {
             es.historyVisibility = 42;
         }).toThrow();
     });
+
+    test("checks the sharing strategy values", () => {
+        const es = new EncryptionSettings();
+
+        es.sharingStrategy = CollectStrategy.DeviceBasedStrategyAllDevices;
+
+        expect(es.sharingStrategy).toStrictEqual(CollectStrategy.DeviceBasedStrategyAllDevices);
+        expect(() => {
+            es.historyVisibility = 42;
+        }).toThrow();
+    });
 });