Add an integration test for verification (#3436)

* Move existing crypto integ tests into a subdirectory * Factor out some common bits from `crypto.spec.ts` * Integration test for device verification * Ignore generated file in prettier
2025-07-30 04:23:07 +03:00 · 2023-06-02 16:01:21 +01:00
parent 946a1cef0f
commit 858155e0ef
11 changed files with 470 additions and 35 deletions
--- a/spec/test-utils/mockEndpoints.ts
+++ b/spec/test-utils/mockEndpoints.ts
@ -0,0 +1,30 @@
+/*
+Copyright 2023 The Matrix.org Foundation C.I.C.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+import fetchMock from "fetch-mock-jest";
+
+/**
+ * Mock out the endpoints that the js-sdk calls when we call `MatrixClient.start()`.
+ *
+ * @param homeserverUrl - the homeserver url for the client under test
+ */
+export function mockInitialApiRequests(homeserverUrl: string) {
+    fetchMock.getOnce(new URL("/_matrix/client/versions", homeserverUrl).toString(), { versions: ["r0.5.0"] });
+    fetchMock.getOnce(new URL("/_matrix/client/r0/pushrules/", homeserverUrl).toString(), {});
+    fetchMock.postOnce(new URL("/_matrix/client/r0/user/%40alice%3Alocalhost/filter", homeserverUrl).toString(), {
+        filter_id: "fid",
+    });
+}
--- a/spec/test-utils/test-data/.gitignore
+++ b/spec/test-utils/test-data/.gitignore
@ -0,0 +1 @@
+/env
--- a/spec/test-utils/test-data/generate-test-data.py
+++ b/spec/test-utils/test-data/generate-test-data.py
@ -0,0 +1,117 @@
+#!/bin/env python
+#
+# Copyright 2023 The Matrix.org Foundation C.I.C.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""
+This file is a Python script to generate test data for crypto tests.
+
+To run it:
+
+python -m venv env
+./env/bin/pip install cryptography canonicaljson
+./env/bin/python generate-test-data.py > index.ts
+"""
+
+import base64
+import json
+
+from canonicaljson import encode_canonical_json
+from cryptography.hazmat.primitives.asymmetric import ed25519
+from cryptography.hazmat.primitives.serialization import Encoding, PublicFormat
+
+# input data
+TEST_USER_ID = "@alice:localhost"
+TEST_DEVICE_ID = "test_device"
+# any 32-byte string can be an ed25519 private key.
+TEST_DEVICE_PRIVATE_KEY_BYTES = b"deadbeefdeadbeefdeadbeefdeadbeef"
+
+
+def main() -> None:
+    private_key = ed25519.Ed25519PrivateKey.from_private_bytes(
+        TEST_DEVICE_PRIVATE_KEY_BYTES
+    )
+    b64_public_key = encode_base64(
+        private_key.public_key().public_bytes(Encoding.Raw, PublicFormat.Raw)
+    )
+
+    device_data = {
+        "algorithms": ["m.olm.v1.curve25519-aes-sha2", "m.megolm.v1.aes-sha2"],
+        "device_id": TEST_DEVICE_ID,
+        "keys": {
+            f"curve25519:{TEST_DEVICE_ID}": "F4uCNNlcbRvc7CfBz95ZGWBvY1ALniG1J8+6rhVoKS0",
+            f"ed25519:{TEST_DEVICE_ID}": b64_public_key,
+        },
+        "signatures": {TEST_USER_ID: {}},
+        "user_id": TEST_USER_ID,
+    }
+
+    device_data["signatures"][TEST_USER_ID][ f"ed25519:{TEST_DEVICE_ID}"] = sign_json(
+        device_data, private_key
+    )
+
+    print(
+        f"""\
+/* Test data for cryptography tests
+ *
+ * Do not edit by hand! This file is generated by `./generate-test-data.py`
+ */
+
+import {{ IDeviceKeys }} from "../../../src/@types/crypto";
+
+/* eslint-disable comma-dangle */
+
+export const TEST_USER_ID = "{TEST_USER_ID}";
+export const TEST_DEVICE_ID = "{TEST_DEVICE_ID}";
+
+/** The base64-encoded public ed25519 key for this device */
+export const TEST_DEVICE_PUBLIC_ED25519_KEY_BASE64 = "{b64_public_key}";
+
+/** Signed device data, suitable for returning from a `/keys/query` call */
+export const SIGNED_TEST_DEVICE_DATA: IDeviceKeys = {json.dumps(device_data, indent=4)};
+""", end='',
+    )
+
+
+def encode_base64(input_bytes: bytes) -> str:
+    """Encode with unpadded base64"""
+    output_bytes = base64.b64encode(input_bytes)
+    output_string = output_bytes.decode("ascii")
+    return output_string.rstrip("=")
+
+
+def sign_json(json_object: dict, private_key: ed25519.Ed25519PrivateKey) -> str:
+    """
+    Sign the given json object
+
+    Returns the base64-encoded signature of signing `input` following the Matrix
+    JSON signature algorithm [1]
+
+    [1]: https://spec.matrix.org/v1.7/appendices/#signing-details
+    """
+    signatures = json_object.pop("signatures", {})
+    unsigned = json_object.pop("unsigned", None)
+
+    signature = private_key.sign(encode_canonical_json(json_object))
+    signature_base64 = encode_base64(signature)
+
+    json_object["signatures"] = signatures
+    if unsigned is not None:
+        json_object["unsigned"] = unsigned
+
+    return signature_base64
+
+
+if __name__ == "__main__":
+    main()
--- a/spec/test-utils/test-data/index.ts
+++ b/spec/test-utils/test-data/index.ts
@ -0,0 +1,33 @@
+/* Test data for cryptography tests
+ *
+ * Do not edit by hand! This file is generated by `./generate-test-data.py`
+ */
+
+import { IDeviceKeys } from "../../../src/@types/crypto";
+
+/* eslint-disable comma-dangle */
+
+export const TEST_USER_ID = "@alice:localhost";
+export const TEST_DEVICE_ID = "test_device";
+
+/** The base64-encoded public ed25519 key for this device */
+export const TEST_DEVICE_PUBLIC_ED25519_KEY_BASE64 = "YI/7vbGVLpGdYtuceQR8MSsKB/QjgfMXM1xqnn+0NWU";
+
+/** Signed device data, suitable for returning from a `/keys/query` call */
+export const SIGNED_TEST_DEVICE_DATA: IDeviceKeys = {
+    "algorithms": [
+        "m.olm.v1.curve25519-aes-sha2",
+        "m.megolm.v1.aes-sha2"
+    ],
+    "device_id": "test_device",
+    "keys": {
+        "curve25519:test_device": "F4uCNNlcbRvc7CfBz95ZGWBvY1ALniG1J8+6rhVoKS0",
+        "ed25519:test_device": "YI/7vbGVLpGdYtuceQR8MSsKB/QjgfMXM1xqnn+0NWU"
+    },
+    "user_id": "@alice:localhost",
+    "signatures": {
+        "@alice:localhost": {
+            "ed25519:test_device": "LmQC/yAUZJmkxZ+3L0nEwvtVWOzjqQqADWBhk+C47SPaFYHeV+E291mgXaSCJVeGltX+HC49Aw7nb6ga7sw0Aw"
+        }
+    }
+};