matrix-org · andybalaam · Oct 3, 2024 · Oct 3, 2024
@@ -29,7 +29,8 @@ use crate::debug::{DebugRawEvent, DebugStructExt};
 const AUTHENTICITY_NOT_GUARANTEED: &str =
     "The authenticity of this encrypted message can't be guaranteed on this device.";
 const UNVERIFIED_IDENTITY: &str = "Encrypted by an unverified user.";
-const PREVIOUSLY_VERIFIED: &str = "Encrypted by a previously-verified user.";
+const VERIFICATION_VIOLATION: &str =
+    "Encrypted by a previously-verified user who is no longer verified.";
 const UNSIGNED_DEVICE: &str = "Encrypted by a device not verified by its owner.";
 const UNKNOWN_DEVICE: &str = "Encrypted by an unknown or deleted device.";
 pub const SENT_IN_CLEAR: &str = "Not encrypted.";
@@ -92,7 +93,7 @@ impl VerificationState {
             VerificationState::Verified => ShieldState::None,
             VerificationState::Unverified(level) => match level {
                 VerificationLevel::UnverifiedIdentity
-                | VerificationLevel::PreviouslyVerified
+                | VerificationLevel::VerificationViolation
                 | VerificationLevel::UnsignedDevice => ShieldState::Red {
                     code: ShieldStateCode::UnverifiedIdentity,
                     message: UNVERIFIED_IDENTITY,
@@ -127,12 +128,12 @@ impl VerificationState {
                     // nag you with an error message.
                     ShieldState::None
                 }
-                VerificationLevel::PreviouslyVerified => {
+                VerificationLevel::VerificationViolation => {
                     // This is a high warning. The sender was previously
                     // verified, but changed their identity.
                     ShieldState::Red {
-                        code: ShieldStateCode::PreviouslyVerified,
-                        message: PREVIOUSLY_VERIFIED,
+                        code: ShieldStateCode::VerificationViolation,
+                        message: VERIFICATION_VIOLATION,
                     }
                 }
                 VerificationLevel::UnsignedDevice => {
@@ -175,7 +176,7 @@ pub enum VerificationLevel {
 
     /// The message was sent by a user identity we have not verified, but the
     /// user was previously verified.
-    PreviouslyVerified,
+    VerificationViolation,
 
     /// The message was sent by a device not linked to (signed by) any user
     /// identity.
@@ -193,7 +194,7 @@ impl fmt::Display for VerificationLevel {
     fn fmt(&self, f: &mut fmt::Formatter<'_>) -> Result<(), fmt::Error> {
         let display = match self {
             VerificationLevel::UnverifiedIdentity => "The sender's identity was not verified",
-            VerificationLevel::PreviouslyVerified => {
+            VerificationLevel::VerificationViolation => {
                 "The sender's identity was previously verified but has changed"
             }
             VerificationLevel::UnsignedDevice => {
@@ -258,7 +259,7 @@ pub enum ShieldStateCode {
     /// An unencrypted event in an encrypted room.
     SentInClear,
     /// The sender was previously verified but changed their identity.
-    PreviouslyVerified,
+    VerificationViolation,
 }
 
 /// The algorithm specific information of a decrypted event.

@@ -57,6 +57,9 @@ Breaking changes:
   the CryptoStore, meaning that, once upgraded, it will not be possible to roll
   back applications to earlier versions without breaking user sessions.
 
+- Renamed `VerificationLevel::PreviouslyVerified` to
+  `VerificationLevel::VerificationViolation`.
+
 - `OlmMachine::decrypt_room_event` now takes a `DecryptionSettings` argument,
   which includes a `TrustRequirement` indicating the required trust level for
   the sending device.  When it is called with `TrustRequirement` other than

@@ -2200,7 +2200,7 @@ pub(crate) mod tests {
     // Set up a machine do initial own key query and import cross-signing secret to
     // make the current session verified.
     async fn common_verified_identity_changes_machine_setup() -> OlmMachine {
-        use test_json::keys_query_sets::PreviouslyVerifiedTestData as DataSet;
+        use test_json::keys_query_sets::VerificationViolationTestData as DataSet;
 
         let machine = OlmMachine::new(DataSet::own_id(), device_id!("LOCAL")).await;
 
@@ -2220,7 +2220,7 @@ pub(crate) mod tests {
     }
     #[async_test]
     async fn test_manager_verified_latch_setup_on_new_identities() {
-        use test_json::keys_query_sets::PreviouslyVerifiedTestData as DataSet;
+        use test_json::keys_query_sets::VerificationViolationTestData as DataSet;
 
         let machine = common_verified_identity_changes_machine_setup().await;
 
@@ -2276,7 +2276,7 @@ pub(crate) mod tests {
 
     #[async_test]
     async fn test_manager_verified_identity_changes_setup_on_updated_identities() {
-        use test_json::keys_query_sets::PreviouslyVerifiedTestData as DataSet;
+        use test_json::keys_query_sets::VerificationViolationTestData as DataSet;
 
         let machine = common_verified_identity_changes_machine_setup().await;
 
@@ -2318,7 +2318,7 @@ pub(crate) mod tests {
     // The cross signing secrets are not yet uploaded.
     // Then query keys for carol and bob (both signed by own identity)
     async fn common_verified_identity_changes_own_trust_change_machine_setup() -> OlmMachine {
-        use test_json::keys_query_sets::PreviouslyVerifiedTestData as DataSet;
+        use test_json::keys_query_sets::VerificationViolationTestData as DataSet;
 
         // Start on a non-verified session
         let machine = OlmMachine::new(DataSet::own_id(), device_id!("LOCAL")).await;
@@ -2352,7 +2352,7 @@ pub(crate) mod tests {
 
     #[async_test]
     async fn test_manager_verified_identity_changes_setup_on_own_identity_trust_change() {
-        use test_json::keys_query_sets::PreviouslyVerifiedTestData as DataSet;
+        use test_json::keys_query_sets::VerificationViolationTestData as DataSet;
         let machine = common_verified_identity_changes_own_trust_change_machine_setup().await;
 
         let own_identity =
@@ -2389,7 +2389,7 @@ pub(crate) mod tests {
 
     #[async_test]
     async fn test_manager_verified_identity_change_setup_on_import_secrets() {
-        use test_json::keys_query_sets::PreviouslyVerifiedTestData as DataSet;
+        use test_json::keys_query_sets::VerificationViolationTestData as DataSet;
         let machine = common_verified_identity_changes_own_trust_change_machine_setup().await;
 
         let own_identity =

@@ -871,7 +871,7 @@ enum OwnUserIdentityVerifiedState {
     NeverVerified,
 
     /// We previously verified this identity, but it has changed.
-    PreviouslyVerifiedButNoLonger,
+    VerificationViolation,
 
     /// We have verified the current identity.
     Verified,
@@ -1022,7 +1022,7 @@ impl OwnUserIdentityData {
     pub(crate) fn mark_as_unverified(&self) {
         let mut guard = self.verified.write().unwrap();
         if *guard == OwnUserIdentityVerifiedState::Verified {
-            *guard = OwnUserIdentityVerifiedState::PreviouslyVerifiedButNoLonger;
+            *guard = OwnUserIdentityVerifiedState::VerificationViolation;
         }
     }
 
@@ -1039,7 +1039,7 @@ impl OwnUserIdentityData {
         matches!(
             *self.verified.read().unwrap(),
             OwnUserIdentityVerifiedState::Verified
-                | OwnUserIdentityVerifiedState::PreviouslyVerifiedButNoLonger
+                | OwnUserIdentityVerifiedState::VerificationViolation
         )
     }
 
@@ -1050,7 +1050,7 @@ impl OwnUserIdentityData {
     /// verify again or to withdraw the verification requirement.
     pub fn withdraw_verification(&self) {
         let mut guard = self.verified.write().unwrap();
-        if *guard == OwnUserIdentityVerifiedState::PreviouslyVerifiedButNoLonger {
+        if *guard == OwnUserIdentityVerifiedState::VerificationViolation {
             *guard = OwnUserIdentityVerifiedState::NeverVerified;
         }
     }
@@ -1065,8 +1065,7 @@ impl OwnUserIdentityData {
     /// - Or by withdrawing the verification requirement
     ///   [`OwnUserIdentity::withdraw_verification`].
     pub fn has_verification_violation(&self) -> bool {
-        *self.verified.read().unwrap()
-            == OwnUserIdentityVerifiedState::PreviouslyVerifiedButNoLonger
+        *self.verified.read().unwrap() == OwnUserIdentityVerifiedState::VerificationViolation
     }
 
     /// Update the identity with a new master key and self signing key.
@@ -1632,7 +1631,7 @@ pub(crate) mod tests {
 
     #[async_test]
     async fn test_resolve_identity_verification_violation_with_withdraw() {
-        use test_json::keys_query_sets::PreviouslyVerifiedTestData as DataSet;
+        use test_json::keys_query_sets::VerificationViolationTestData as DataSet;
 
         let machine = OlmMachine::new(DataSet::own_id(), device_id!("LOCAL")).await;
 
@@ -1672,7 +1671,7 @@ pub(crate) mod tests {
 
     #[async_test]
     async fn test_reset_own_keys_creates_verification_violation() {
-        use test_json::keys_query_sets::PreviouslyVerifiedTestData as DataSet;
+        use test_json::keys_query_sets::VerificationViolationTestData as DataSet;
 
         let machine = OlmMachine::new(DataSet::own_id(), device_id!("LOCAL")).await;
 
@@ -1713,7 +1712,7 @@ pub(crate) mod tests {
     /// verification violation on our own identity.
     #[async_test]
     async fn test_own_keys_update_creates_own_identity_verification_violation() {
-        use test_json::keys_query_sets::PreviouslyVerifiedTestData as DataSet;
+        use test_json::keys_query_sets::VerificationViolationTestData as DataSet;
 
         let machine = OlmMachine::new(DataSet::own_id(), device_id!("LOCAL")).await;
 

@@ -1477,7 +1477,7 @@ impl OlmMachine {
                 sender_data,
                 SenderData::UnknownDevice { .. }
                     | SenderData::DeviceInfo { .. }
-                    | SenderData::SenderUnverifiedButPreviouslyVerified { .. }
+                    | SenderData::VerificationViolation { .. }
             )
         }
 
@@ -1689,8 +1689,8 @@ impl OlmMachine {
             TrustRequirement::CrossSignedOrLegacy => match &session.sender_data {
                 // Reject if the sender was previously verified, but changed
                 // their identity and is not verified any more.
-                SenderData::SenderUnverifiedButPreviouslyVerified(..) => Err(
-                    MegolmError::SenderIdentityNotTrusted(VerificationLevel::PreviouslyVerified),
+                SenderData::VerificationViolation(..) => Err(
+                    MegolmError::SenderIdentityNotTrusted(VerificationLevel::VerificationViolation),
                 ),
                 SenderData::SenderUnverified(..) => Ok(()),
                 SenderData::SenderVerified(..) => Ok(()),
@@ -1702,8 +1702,8 @@ impl OlmMachine {
             TrustRequirement::CrossSigned => match &session.sender_data {
                 // Reject if the sender was previously verified, but changed
                 // their identity and is not verified any more.
-                SenderData::SenderUnverifiedButPreviouslyVerified(..) => Err(
-                    MegolmError::SenderIdentityNotTrusted(VerificationLevel::PreviouslyVerified),
+                SenderData::VerificationViolation(..) => Err(
+                    MegolmError::SenderIdentityNotTrusted(VerificationLevel::VerificationViolation),
                 ),
                 SenderData::SenderUnverified(..) => Ok(()),
                 SenderData::SenderVerified(..) => Ok(()),
@@ -2493,9 +2493,9 @@ fn sender_data_to_verification_state(
             VerificationState::Unverified(VerificationLevel::UnsignedDevice),
             Some(device_keys.device_id),
         ),
-        SenderData::SenderUnverifiedButPreviouslyVerified(KnownSenderData {
-            device_id, ..
-        }) => (VerificationState::Unverified(VerificationLevel::PreviouslyVerified), device_id),
+        SenderData::VerificationViolation(KnownSenderData { device_id, .. }) => {
+            (VerificationState::Unverified(VerificationLevel::VerificationViolation), device_id)
+        }
         SenderData::SenderUnverified(KnownSenderData { device_id, .. }) => {
             (VerificationState::Unverified(VerificationLevel::UnverifiedIdentity), device_id)
         }

@@ -41,7 +41,7 @@ pub struct KnownSenderData {
 /// Sessions start off in `UnknownDevice` state, and progress into `DeviceInfo`
 /// state when we get the device info. Finally, if we can look up the sender
 /// using the device info, the session can be moved into
-/// `SenderUnverifiedButPreviouslyVerified`, `SenderUnverified`, or
+/// `VerificationViolation`, `SenderUnverified`, or
 /// `SenderVerified` state, depending on the verification status of the user.
 /// If the user's verification state changes, the state may change accordingly.
 #[derive(Clone, Debug, PartialEq, Deserialize, Serialize)]
@@ -79,7 +79,7 @@ pub enum SenderData {
     /// the to-device message that established this session, but we have not yet
     /// verified the cross-signing key, and we had verified a previous
     /// cross-signing key for this user.
-    SenderUnverifiedButPreviouslyVerified(KnownSenderData),
+    VerificationViolation(KnownSenderData),
 
     /// We have found proof that this user, with this cross-signing key, sent
     /// the to-device message that established this session, but we have not yet
@@ -105,12 +105,12 @@ impl SenderData {
 
     /// Create a [`SenderData`] with a known but unverified sender, where the
     /// sender was previously verified.
-    pub fn sender_previously_verified(
+    pub fn sender_verification_violation(
         user_id: &UserId,
         device_id: &DeviceId,
         master_key: Ed25519PublicKey,
     ) -> Self {
-        Self::SenderUnverifiedButPreviouslyVerified(KnownSenderData {
+        Self::VerificationViolation(KnownSenderData {
             user_id: user_id.to_owned(),
             device_id: Some(device_id.to_owned()),
             master_key: Box::new(master_key),
@@ -172,7 +172,7 @@ impl SenderData {
         match self {
             SenderData::UnknownDevice { .. } => 0,
             SenderData::DeviceInfo { .. } => 1,
-            SenderData::SenderUnverifiedButPreviouslyVerified(..) => 2,
+            SenderData::VerificationViolation(..) => 2,
             SenderData::SenderUnverified(..) => 3,
             SenderData::SenderVerified(..) => 4,
         }
@@ -183,9 +183,7 @@ impl SenderData {
         match self {
             Self::UnknownDevice { .. } => SenderDataType::UnknownDevice,
             Self::DeviceInfo { .. } => SenderDataType::DeviceInfo,
-            Self::SenderUnverifiedButPreviouslyVerified { .. } => {
-                SenderDataType::SenderUnverifiedButPreviouslyVerified
-            }
+            Self::VerificationViolation { .. } => SenderDataType::VerificationViolation,
             Self::SenderUnverified { .. } => SenderDataType::SenderUnverified,
             Self::SenderVerified { .. } => SenderDataType::SenderVerified,
         }
@@ -217,7 +215,7 @@ enum SenderDataReader {
         legacy_session: bool,
     },
 
-    SenderUnverifiedButPreviouslyVerified(KnownSenderData),
+    VerificationViolation(KnownSenderData),
 
     SenderUnverified(KnownSenderData),
 
@@ -242,9 +240,7 @@ impl From<SenderDataReader> for SenderData {
             SenderDataReader::DeviceInfo { device_keys, legacy_session } => {
                 Self::DeviceInfo { device_keys, legacy_session }
             }
-            SenderDataReader::SenderUnverifiedButPreviouslyVerified(data) => {
-                Self::SenderUnverifiedButPreviouslyVerified(data)
-            }
+            SenderDataReader::VerificationViolation(data) => Self::VerificationViolation(data),
             SenderDataReader::SenderUnverified(data) => Self::SenderUnverified(data),
             SenderDataReader::SenderVerified(data) => Self::SenderVerified(data),
             SenderDataReader::SenderKnown {
@@ -273,8 +269,8 @@ pub enum SenderDataType {
     UnknownDevice = 1,
     /// The [`SenderData`] is of type `DeviceInfo`.
     DeviceInfo = 2,
-    /// The [`SenderData`] is of type `SenderUnverifiedButPreviouslyVerified`.
-    SenderUnverifiedButPreviouslyVerified = 3,
+    /// The [`SenderData`] is of type `VerificationViolation`.
+    VerificationViolation = 3,
     /// The [`SenderData`] is of type `SenderUnverified`.
     SenderUnverified = 4,
     /// The [`SenderData`] is of type `SenderVerified`.
@@ -399,7 +395,7 @@ mod tests {
         ));
         let master_key =
             Ed25519PublicKey::from_base64("2/5LWJMow5zhJqakV88SIc7q/1pa8fmkfgAzx72w9G4").unwrap();
-        let sender_previously_verified = SenderData::sender_previously_verified(
+        let sender_verification_violation = SenderData::sender_verification_violation(
             user_id!("@u:s.co"),
             device_id!("DEV"),
             master_key,
@@ -410,26 +406,29 @@ mod tests {
             SenderData::sender_verified(user_id!("@u:s.co"), device_id!("DEV"), master_key);
 
         assert_eq!(unknown.compare_trust_level(&device_keys), Ordering::Less);
-        assert_eq!(unknown.compare_trust_level(&sender_previously_verified), Ordering::Less);
+        assert_eq!(unknown.compare_trust_level(&sender_verification_violation), Ordering::Less);
         assert_eq!(unknown.compare_trust_level(&sender_unverified), Ordering::Less);
         assert_eq!(unknown.compare_trust_level(&sender_verified), Ordering::Less);
         assert_eq!(device_keys.compare_trust_level(&unknown), Ordering::Greater);
-        assert_eq!(sender_previously_verified.compare_trust_level(&unknown), Ordering::Greater);
+        assert_eq!(sender_verification_violation.compare_trust_level(&unknown), Ordering::Greater);
         assert_eq!(sender_unverified.compare_trust_level(&unknown), Ordering::Greater);
         assert_eq!(sender_verified.compare_trust_level(&unknown), Ordering::Greater);
 
         assert_eq!(device_keys.compare_trust_level(&sender_unverified), Ordering::Less);
         assert_eq!(device_keys.compare_trust_level(&sender_verified), Ordering::Less);
-        assert_eq!(sender_previously_verified.compare_trust_level(&device_keys), Ordering::Greater);
+        assert_eq!(
+            sender_verification_violation.compare_trust_level(&device_keys),
+            Ordering::Greater
+        );
         assert_eq!(sender_unverified.compare_trust_level(&device_keys), Ordering::Greater);
         assert_eq!(sender_verified.compare_trust_level(&device_keys), Ordering::Greater);
 
         assert_eq!(
-            sender_previously_verified.compare_trust_level(&sender_verified),
+            sender_verification_violation.compare_trust_level(&sender_verified),
             Ordering::Less
         );
         assert_eq!(
-            sender_previously_verified.compare_trust_level(&sender_unverified),
+            sender_verification_violation.compare_trust_level(&sender_unverified),
             Ordering::Less
         );
         assert_eq!(sender_unverified.compare_trust_level(&sender_verified), Ordering::Less);

@@ -267,7 +267,7 @@ impl<'a> SenderDataFinder<'a> {
                 .expect("User with master key must have identity")
                 .was_previously_verified()
             {
-                SenderData::SenderUnverifiedButPreviouslyVerified(known_sender_data)
+                SenderData::VerificationViolation(known_sender_data)
             } else {
                 SenderData::SenderUnverified(known_sender_data)
             }