Fix the ed25519 key checking

Finish plumbing in the Ed25519 key checks. Make sure we store the claimed key
correctly in the megolm sessions, and keep them as a separate field in
MatrixEvent rather than stuffing them into _clearEvent

lib/models/event.js

@@ -54,6 +54,12 @@ module.exports.EventStatus = {
  * @param {Object=} clearEvent For encrypted events, the plaintext payload for
  * the event (typically containing <tt>type</tt> and <tt>content</tt> fields).
  *
+ * @param {Object=} keysProved Keys owned by the sender of this event.
+ *    See {@link module:models/event.MatrixEvent#getKeysProved}.
+ *
+ * @param {Object=} keysClaimed Keys the sender of this event claims.
+ *    See {@link module:models/event.MatrixEvent#getKeysClaimed}.
+ *
  * @prop {Object} event The raw (possibly encrypted) event. <b>Do not access
  * this property</b> directly unless you absolutely have to. Prefer the getter
  * methods defined on this class. Using the getter methods shields your app
@@ -68,7 +74,9 @@ module.exports.EventStatus = {
  * that getDirectionalContent() will return event.content and not event.prev_content.
  * Default: true. <strong>This property is experimental and may change.</strong>
  */
-module.exports.MatrixEvent = function MatrixEvent(event, clearEvent) {
+module.exports.MatrixEvent = function MatrixEvent(
+    event, clearEvent, keysProved, keysClaimed
+) {
     this.event = event || {};
     this.sender = null;
     this.target = null;
@@ -77,6 +85,9 @@ module.exports.MatrixEvent = function MatrixEvent(event, clearEvent) {
 
     this._clearEvent = clearEvent || {};
     this._pushActions = null;
+
+    this._keysProved = keysProved || {};
+    this._keysClaimed = keysClaimed || {};
 };
 
 module.exports.MatrixEvent.prototype = {
@@ -221,11 +232,11 @@ module.exports.MatrixEvent.prototype = {
         this._clearEvent = {
             type: this.event.type,
             content: this.event.content,
-            keysProved: keys,
-            keysClaimed: keys,
         };
         this.event.type = crypto_type;
         this.event.content = crypto_content;
+        this._keysProved = keys;
+        this._keysClaimed = keys;
     },
 
     /**
@@ -246,32 +257,28 @@ module.exports.MatrixEvent.prototype = {
 
     /**
      * The keys that must have been owned by the sender of this encrypted event.
+     * <p>
      * These don't necessarily have to come from this event itself, but may be
      * implied by the cryptographic session.
-     * For example megolm messages don't prove keys directly, but instead
-     * inherit a proof from the olm message that established the session.
-     * @return {object}
+     *
+     * @return {Object<string, string>}
      */
     getKeysProved: function() {
-        // The keysProved property usually isn't actually part of the decrypted
-        // plaintext. Instead it is added after decryption by the crypto
-        // algorithm in lib/crypto/algorithms.
-        return this._clearEvent.keysProved || {};
+        return this._keysProved;
     },
 
     /**
-     * The additional keys the sender of this encrypted event claims to possess
+     * The additional keys the sender of this encrypted event claims to possess.
+     * <p>
      * These don't necessarily have to come from this event itself, but may be
      * implied by the cryptographic session.
      * For example megolm messages don't claim keys directly, but instead
      * inherit a claim from the olm message that established the session.
-     * @return {object}
+     *
+     * @return {Object<string, string>}
      */
     getKeysClaimed: function() {
-        // The keysClaimed property usually isn't actually part of the
-        // decrypted plaintext. Instead it is added after decryption by the
-        // crypto algorithm in lib/crypto/algorithms.
-        return this._clearEvent.keysClaimed || {};
+        return this._keysClaimed;
     },
 
     getUnsigned: function() {