History sharing: do /keys/query before checking for key bundle (#4992)

richvdh · web-flow · commit 32f51e852bad · 2025-09-11T10:38:14.000Z
* History sharing: do `/keys/query` before checking for key bundle The next release of matrix-sdk-crypto-wasm will check that the device that sent us the key bundle data was correctly cross-signed by its owner, which means we need to have the owner's cross-signing keys before we check if we have the bundle. This replicates a change made in the Rust SDK, at https://github.com/matrix-org/matrix-rust-sdk/pull/5510/files#diff-9f89fa75c4eb3743ae674be1bb90f75169bd815a259917799c71b8a546449d51R133-R140. * fix unit test * Comment
diff --git a/spec/unit/rust-crypto/rust-crypto.spec.ts b/spec/unit/rust-crypto/rust-crypto.spec.ts
@@ -2353,6 +2353,7 @@ describe("RustCrypto", () => {
 
         beforeEach(async () => {
             mockOlmMachine = {
+                queryKeysForUsers: jest.fn().mockReturnValue({}),
                 getReceivedRoomKeyBundleData: jest.fn(),
                 receiveRoomKeyBundle: jest.fn(),
             } as unknown as Mocked<OlmMachine>;
@@ -2377,6 +2378,7 @@ describe("RustCrypto", () => {
         it("does nothing if there is no key bundle", async () => {
             mockOlmMachine.getReceivedRoomKeyBundleData.mockResolvedValue(undefined);
             await rustCrypto.maybeAcceptKeyBundle("!room_id", "@bob:example.org");
+            expect(mockOlmMachine.queryKeysForUsers).toHaveBeenCalledTimes(1);
             expect(mockOlmMachine.getReceivedRoomKeyBundleData).toHaveBeenCalledTimes(1);
             expect(mockOlmMachine.getReceivedRoomKeyBundleData.mock.calls[0][0].toString()).toEqual("!room_id");
             expect(mockOlmMachine.getReceivedRoomKeyBundleData.mock.calls[0][1].toString()).toEqual("@bob:example.org");
diff --git a/src/rust-crypto/rust-crypto.ts b/src/rust-crypto/rust-crypto.ts
@@ -326,12 +326,22 @@ export class RustCrypto extends TypedEventEmitter<RustCryptoEvents, CryptoEventH
      * Implementation of {@link CryptoBackend.maybeAcceptKeyBundle}.
      */
     public async maybeAcceptKeyBundle(roomId: string, inviter: string): Promise<void> {
-        // TODO: retry this if it gets interrupted or it fails.
+        // TODO: retry this if it gets interrupted or it fails. (https://github.com/matrix-org/matrix-rust-sdk/issues/5112)
         // TODO: do this in the background.
-        // TODO: handle the bundle message arriving after the invite.
+        // TODO: handle the bundle message arriving after the invite (https://github.com/element-hq/element-web/issues/30740)
 
         const logger = new LogSpan(this.logger, `maybeAcceptKeyBundle(${roomId}, ${inviter})`);
 
+        // Make sure we have an up-to-date idea of the inviter's cross-signing keys, so that we can check if the
+        // device that sent us the bundle data was correctly cross-signed.
+        //
+        // TODO: it would be nice to skip this step if we have an up-to-date copy of the inviter's cross-signing keys,
+        //   but we don't have an easy way to check that. Possibly the rust side could trigger a key request and then
+        //   block until it happens.
+        logger.info(`Checking inviter cross-signing keys`);
+        const request = this.olmMachine.queryKeysForUsers([new RustSdkCryptoJs.UserId(inviter)]);
+        await this.outgoingRequestProcessor.makeOutgoingRequest(request);
+
         const bundleData = await this.olmMachine.getReceivedRoomKeyBundleData(
             new RustSdkCryptoJs.RoomId(roomId),
             new RustSdkCryptoJs.UserId(inviter),
