feat: Support room key bundle withheld info.

Cargo.toml

@@ -64,9 +64,9 @@ futures-util = "0.3.27"
 getrandom = { version = "0.3.0", features = ["wasm_js"] }
 http = "1.1.0"
 js-sys = "0.3.49"
-matrix-sdk-common = { features = ["js",  "experimental-encrypted-state-events"] , version = "0.14.0" }
-matrix-sdk-indexeddb = { default-features = false, features = ["e2e-encryption"] , version = "0.14.0" }
-matrix-sdk-qrcode = { optional = true , version = "0.14.0" }
+matrix-sdk-common = { features = ["js",  "experimental-encrypted-state-events"] , git = "https://github.com/matrix-org/matrix-rust-sdk", rev = "0d563459f49d8940b6ebdc8464642accf1c78aa4" }
+matrix-sdk-indexeddb = { default-features = false, features = ["e2e-encryption"] , git = "https://github.com/matrix-org/matrix-rust-sdk", rev = "0d563459f49d8940b6ebdc8464642accf1c78aa4" }
+matrix-sdk-qrcode = { optional = true , git = "https://github.com/matrix-org/matrix-rust-sdk", rev = "0d563459f49d8940b6ebdc8464642accf1c78aa4" }
 serde = "1.0.91"
 serde_json = "1.0.91"
 serde-wasm-bindgen = "0.6.5"
@@ -85,7 +85,8 @@ vergen-gitcl = { version = "1.0.0", features = ["build"] }
 [dependencies.matrix-sdk-crypto]
 default-features = false
 features = ["js", "automatic-room-key-forwarding", "experimental-encrypted-state-events"]
-version = "0.14.0"
+git = "https://github.com/matrix-org/matrix-rust-sdk"
+rev = "0d563459f49d8940b6ebdc8464642accf1c78aa4"
 
 [lints.rust]
 # Workaround for https://github.com/rustwasm/wasm-bindgen/issues/4283, while we work up the courage to upgrade

src/error.rs

@@ -63,7 +63,7 @@ impl From<MegolmError> for MegolmDecryptionError {
                                 maybe_withheld: Option<&WithheldCode>|
          -> MegolmDecryptionError {
             let description = value.to_string().into();
-            let maybe_withheld = maybe_withheld.map(|code| code.to_string().to_owned().into());
+            let maybe_withheld = maybe_withheld.map(|code| code.as_str().to_owned().into());
             MegolmDecryptionError { code, description, maybe_withheld }
         };
 

src/store.rs

@@ -234,20 +234,28 @@ impl_from_to_inner!(matrix_sdk_crypto::store::types::RoomKeyWithheldInfo => Room
 
 #[wasm_bindgen]
 impl RoomKeyWithheldInfo {
-    /// The User ID of the user that sent us the `m.room_key.withheld` message.
+    /// The User ID of the sender of the withheld information.
+    ///
+    /// This may be the sender of an `m.room_key.withheld` event, or the sender
+    /// of a shared room key bundle under MSC4268.
     #[wasm_bindgen(getter)]
     pub fn sender(&self) -> UserId {
         self.inner.withheld_event.sender.to_owned().into()
     }
 
     /// The encryption algorithm of the session that is being withheld.
+    ///
+    /// This may be from an `m.room_key.withheld` event, or from a shared room
+    /// key bundle under MSC4268.
     #[wasm_bindgen(getter)]
     pub fn algorithm(&self) -> EncryptionAlgorithm {
         self.inner.withheld_event.content.algorithm().into()
     }
 
-    /// The `code` from the `m.room_key.withheld` message, such as
-    /// `m.unverified`.
+    /// The `code` indicating why the key was withheld.
+    ///
+    /// This may be the `code` from an `m.room_key.withheld` event (such as
+    /// `m.unverified`), or from a shared room key bundle under MSC4268.
     #[wasm_bindgen(getter, js_name = "withheldCode")]
     pub fn withheld_code(&self) -> String {
         self.inner.withheld_event.content.withheld_code().as_str().to_owned()

tests/machine.test.ts

@@ -899,6 +899,59 @@ describe(OlmMachine.name, () => {
         expect(withheld[0].withheldCode).toEqual("m.unverified");
     });
 
+    test("decrypting a message from a withheld session throws MegolmDecryptionError with correct withheld code", async () => {
+        const m = await machine();
+
+        // Simulate receiving a withheld event for a session
+        const withheldEvent = {
+            sender: "@alice:example.com",
+            type: "m.room_key.withheld",
+            content: {
+                algorithm: "m.megolm.v1.aes-sha2",
+                code: "m.unverified",
+                reason: "Device not verified",
+                room_id: room.toString(),
+                sender_key: m.identityKeys.curve25519.toBase64(),
+                session_id: "SESSION_ID_WITHHELD",
+            },
+        };
+        await m.receiveSyncChanges(
+            JSON.stringify([withheldEvent]),
+            new DeviceLists(),
+            new Map<string, number>(),
+            undefined,
+        );
+
+        // Now try to decrypt a message from that session
+        const encryptedEvent = {
+            type: "m.room.encrypted",
+            event_id: "$xxxxx:example.org",
+            origin_server_ts: Date.now(),
+            sender: user.toString(),
+            content: {
+                algorithm: "m.megolm.v1.aes-sha2",
+                ciphertext:
+                    "AwgAEpABhetEzzZzyYrxtEVUtlJnZtJcURBlQUQJ9irVeklCTs06LwgTMQj61PMUS4VyYOX+PD67+hhU40/8olOww+Ud0m2afjMjC3wFX+4fFfSkoWPVHEmRVucfcdSF1RSB4EmKPIP4eo1X6x8kCIMewBvxl2sI9j4VNvDvAN7M3zkLJfFLOFHbBviI4FN7hSFHFeM739ZgiwxEs3hIkUXEiAfrobzaMEM/zY7SDrTdyffZndgJo7CZOVhoV6vuaOhmAy4X2t4UnbuVJGJjKfV57NAhp8W+9oT7ugwO",
+                sender_key: m.identityKeys.curve25519.toBase64(),
+                session_id: "SESSION_ID_WITHHELD",
+            },
+            unsigned: {
+                age: 1234,
+            },
+        };
+
+        try {
+            const decryptionSettings = new DecryptionSettings(TrustRequirement.Untrusted);
+            await m.decryptRoomEvent(JSON.stringify(encryptedEvent), room, decryptionSettings);
+            fail("Expected MegolmDecryptionError to be thrown");
+        } catch (err) {
+            expect(err).toBeInstanceOf(MegolmDecryptionError);
+            console.log((err as MegolmDecryptionError).description);
+            expect((err as MegolmDecryptionError).code).toStrictEqual(DecryptionErrorCode.MissingRoomKey);
+            expect((err as MegolmDecryptionError).maybe_withheld).toEqual("m.unverified");
+        }
+    });
+
     test("can export room keys", async () => {
         let m = await machine();
         await m.shareRoomKey(room, [new UserId("@bob:example.org")], new EncryptionSettings());