Clean up megolm-backup integ test (#3631)

* Add `CryptoApi.setDeviceVerified`

I need a way to mark devices as trusted for the backup tests.

* More tests

* Simplify E2EKeyResponder.addDeviceKeys

The user and device IDs are in the test data, so no need to pass them in

* Clean up key backup integration test

Make it use the CryptoApi rather than legacy `MatrixClient.crypto`, and use a
pre-signed backup instead of requiring a "blindlySignAnything" method.

* run megolm-backup tests on both crypto stacks

* avoid internal backupManager

spec/test-utils/E2EKeyResponder.ts

@@ -89,12 +89,10 @@ export class E2EKeyResponder {
     /**
      * Add a set of device keys for return by a future `/keys/query`, as if they had been `/upload`ed
      *
-     * @param userId - user the keys belong to
-     * @param deviceId - device the keys belong to
      * @param keys - device keys for this device.
      */
-    public addDeviceKeys(userId: string, deviceId: string, keys: IDeviceKeys) {
-        this.deviceKeysByUserByDevice.getOrCreate(userId).set(deviceId, keys);
+    public addDeviceKeys(keys: IDeviceKeys) {
+        this.deviceKeysByUserByDevice.getOrCreate(keys.user_id).set(keys.device_id, keys);
     }
 
     /** Add a set of cross-signing keys for return by a future `/keys/query`, as if they had been `/keys/device_signing/upload`ed

spec/test-utils/test-data/generate-test-data.py

@@ -28,7 +28,7 @@ import base64
 import json
 
 from canonicaljson import encode_canonical_json
-from cryptography.hazmat.primitives.asymmetric import ed25519
+from cryptography.hazmat.primitives.asymmetric import ed25519, x25519
 from cryptography.hazmat.primitives.serialization import Encoding, PublicFormat
 
 # input data
@@ -41,6 +41,8 @@ MASTER_CROSS_SIGNING_PRIVATE_KEY_BYTES = b"doyouspeakwhaaaaaaaaaaaaaaaaaale"
 USER_CROSS_SIGNING_PRIVATE_KEY_BYTES = b"useruseruseruseruseruseruseruser"
 SELF_CROSS_SIGNING_PRIVATE_KEY_BYTES = b"selfselfselfselfselfselfselfself"
 
+# Private key for secure key backup. There are some sessions encrypted with this key in megolm-backup.spec.ts
+B64_BACKUP_DECRYPTION_KEY = "dwdtCnMYpX08FsFyUbJmRd9ML4frwJkqsXf7pR25LCo="
 
 def main() -> None:
     private_key = ed25519.Ed25519PrivateKey.from_private_bytes(
@@ -71,29 +73,47 @@ def main() -> None:
     b64_master_public_key = encode_base64(
         master_private_key.public_key().public_bytes(Encoding.Raw, PublicFormat.Raw)
     )
-    b64_master_private_key = encode_base64(
-        MASTER_CROSS_SIGNING_PRIVATE_KEY_BYTES
-    )
+    b64_master_private_key = encode_base64(MASTER_CROSS_SIGNING_PRIVATE_KEY_BYTES)
 
     self_signing_private_key = ed25519.Ed25519PrivateKey.from_private_bytes(
         SELF_CROSS_SIGNING_PRIVATE_KEY_BYTES
     )
     b64_self_signing_public_key = encode_base64(
-        self_signing_private_key.public_key().public_bytes(Encoding.Raw, PublicFormat.Raw)
-    )
-    b64_self_signing_private_key = encode_base64(
-        SELF_CROSS_SIGNING_PRIVATE_KEY_BYTES
+        self_signing_private_key.public_key().public_bytes(
+            Encoding.Raw, PublicFormat.Raw
+        )
     )
+    b64_self_signing_private_key = encode_base64(SELF_CROSS_SIGNING_PRIVATE_KEY_BYTES)
 
     user_signing_private_key = ed25519.Ed25519PrivateKey.from_private_bytes(
         USER_CROSS_SIGNING_PRIVATE_KEY_BYTES
     )
     b64_user_signing_public_key = encode_base64(
-        user_signing_private_key.public_key().public_bytes(Encoding.Raw, PublicFormat.Raw)
+        user_signing_private_key.public_key().public_bytes(
+            Encoding.Raw, PublicFormat.Raw
+        )
     )
-    b64_user_signing_private_key = encode_base64(
-        USER_CROSS_SIGNING_PRIVATE_KEY_BYTES
+    b64_user_signing_private_key = encode_base64(USER_CROSS_SIGNING_PRIVATE_KEY_BYTES)
+
+    backup_decryption_key = x25519.X25519PrivateKey.from_private_bytes(
+        base64.b64decode(B64_BACKUP_DECRYPTION_KEY)
     )
+    b64_backup_public_key = encode_base64(
+        backup_decryption_key.public_key().public_bytes(Encoding.Raw, PublicFormat.Raw)
+    )
+
+    backup_data = {
+        "algorithm": "m.megolm_backup.v1.curve25519-aes-sha2",
+        "version": "1",
+        "auth_data": {
+            "public_key": b64_backup_public_key,
+        },
+    }
+    # sign with our device key
+    sig = sign_json(backup_data["auth_data"], private_key)
+    backup_data["auth_data"]["signatures"] = {
+        TEST_USER_ID: {f"ed25519:{TEST_DEVICE_ID}": sig}
+    }
 
     print(
         f"""\
@@ -104,6 +124,7 @@ def main() -> None:
 
 import {{ IDeviceKeys }} from "../../../src/@types/crypto";
 import {{ IDownloadKeyResult }} from "../../../src";
+import {{ KeyBackupInfo }} from "../../../src/crypto-api";
 
 /* eslint-disable comma-dangle */
 
@@ -138,6 +159,12 @@ export const USER_CROSS_SIGNING_PRIVATE_KEY_BASE64 = "{b64_user_signing_private_
 export const SIGNED_CROSS_SIGNING_KEYS_DATA: Partial<IDownloadKeyResult> = {
         json.dumps(build_cross_signing_keys_data(), indent=4)
 };
+
+/** base64-encoded backup decryption (private) key */
+export const BACKUP_DECRYPTION_KEY_BASE64 = "{ B64_BACKUP_DECRYPTION_KEY }";
+
+/** Signed backup data, suitable for return from `GET /_matrix/client/v3/room_keys/keys/{{roomId}}/{{sessionId}}` */
+export const SIGNED_BACKUP_DATA: KeyBackupInfo = { json.dumps(backup_data, indent=4) };
 """,
         end="",
     )

spec/test-utils/test-data/index.ts

@@ -5,6 +5,7 @@
 
 import { IDeviceKeys } from "../../../src/@types/crypto";
 import { IDownloadKeyResult } from "../../../src";
+import { KeyBackupInfo } from "../../../src/crypto-api";
 
 /* eslint-disable comma-dangle */
 
@@ -97,3 +98,20 @@ export const SIGNED_CROSS_SIGNING_KEYS_DATA: Partial<IDownloadKeyResult> = {
         }
     }
 };
+
+/** base64-encoded backup decryption (private) key */
+export const BACKUP_DECRYPTION_KEY_BASE64 = "dwdtCnMYpX08FsFyUbJmRd9ML4frwJkqsXf7pR25LCo=";
+
+/** Signed backup data, suitable for return from `GET /_matrix/client/v3/room_keys/keys/{roomId}/{sessionId}` */
+export const SIGNED_BACKUP_DATA: KeyBackupInfo = {
+    "algorithm": "m.megolm_backup.v1.curve25519-aes-sha2",
+    "version": "1",
+    "auth_data": {
+        "public_key": "hSDwCYkwp1R0i33ctD73Wg2/Og0mOBr066SpjqqbTmo",
+        "signatures": {
+            "@alice:localhost": {
+                "ed25519:test_device": "KDSNeumirTsd8piI0oVfv/wzg4J4HlEc7rs5XhODFcJ/YAcUdg65ajsZG+rLI0TQOSSGjorJqcrSiSB1HRSCAA"
+            }
+        }
+    }
+};