Implement CryptoApi.isKeyBackupTrusted (#3632)

* Implement `CryptoApi.isKeyBackupTrusted`

Fixes https://github.com/vector-im/crypto-internal/issues/110

* Bump matrix-sdk-crypto-wasm to v1.2.0

* Back out some changes

These are unneeded, and break backwards compat

src/rust-crypto/backup.ts

@@ -14,7 +14,17 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
+import { OlmMachine, SignatureVerification } from "@matrix-org/matrix-sdk-crypto-wasm";
+import * as RustSdkCryptoJs from "@matrix-org/matrix-sdk-crypto-wasm";
+
+import { BackupTrustInfo, Curve25519AuthData, KeyBackupInfo } from "../crypto-api/keybackup";
+
+/**
+ * @internal
+ */
 export class RustBackupManager {
+    public constructor(private readonly olmMachine: OlmMachine) {}
+
     /**
      * Get the backup version we are currently backing up to, if any
      */
@@ -22,4 +32,24 @@ export class RustBackupManager {
         // TODO stub
         return null;
     }
+
+    /**
+     * Determine if a key backup can be trusted.
+     *
+     * @param info - key backup info dict from {@link MatrixClient#getKeyBackupVersion}.
+     */
+    public async isKeyBackupTrusted(info: KeyBackupInfo): Promise<BackupTrustInfo> {
+        const signatureVerification: SignatureVerification = await this.olmMachine.verifyBackup(info);
+
+        const backupKeys: RustSdkCryptoJs.BackupKeys = await this.olmMachine.getBackupKeys();
+        const pubKeyForSavedPrivateKey = backupKeys?.decryptionKey?.megolmV1PublicKey;
+        const backupMatchesSavedPrivateKey =
+            info.algorithm === pubKeyForSavedPrivateKey?.algorithm &&
+            (info.auth_data as Curve25519AuthData)?.public_key === pubKeyForSavedPrivateKey.publicKeyBase64;
+
+        return {
+            matchesDecryptionKey: backupMatchesSavedPrivateKey,
+            trusted: signatureVerification.trusted(),
+        };
+    }
 }