Update mautrix-go and add new e2be verification config options

config/bridge.go

@@ -137,6 +137,14 @@ func (bc BridgeConfig) GetEncryptionConfig() bridgeconfig.EncryptionConfig {
 	return bc.Encryption
 }
 
+func (bc BridgeConfig) EnableMessageStatusEvents() bool {
+	return bc.MessageStatusEvents
+}
+
+func (bc BridgeConfig) EnableMessageErrorNotices() bool {
+	return bc.MessageErrorNotices
+}
+
 func (bc BridgeConfig) GetCommandPrefix() string {
 	return bc.CommandPrefix
 }

config/upgrade.go

@@ -97,9 +97,23 @@ func DoUpgrade(helper *up.Helper) {
 	helper.Copy(up.Str|up.Null, "bridge", "management_room_text", "additional_help")
 	helper.Copy(up.Bool, "bridge", "encryption", "allow")
 	helper.Copy(up.Bool, "bridge", "encryption", "default")
-	helper.Copy(up.Bool, "bridge", "encryption", "key_sharing", "allow")
-	helper.Copy(up.Bool, "bridge", "encryption", "key_sharing", "require_cross_signing")
-	helper.Copy(up.Bool, "bridge", "encryption", "key_sharing", "require_verification")
+	helper.Copy(up.Bool, "bridge", "encryption", "require")
+	helper.Copy(up.Str, "bridge", "encryption", "verification_levels", "receive")
+	helper.Copy(up.Str, "bridge", "encryption", "verification_levels", "send")
+	helper.Copy(up.Str, "bridge", "encryption", "verification_levels", "share")
+
+	legacyKeyShareAllow, ok := helper.Get(up.Bool, "bridge", "encryption", "key_sharing", "allow")
+	if ok {
+		helper.Set(up.Bool, legacyKeyShareAllow, "bridge", "encryption", "allow_key_sharing")
+		legacyKeyShareRequireCS, legacyOK1 := helper.Get(up.Bool, "bridge", "encryption", "key_sharing", "require_cross_signing")
+		legacyKeyShareRequireVerification, legacyOK2 := helper.Get(up.Bool, "bridge", "encryption", "key_sharing", "require_verification")
+		if legacyOK1 && legacyOK2 && legacyKeyShareRequireVerification == "false" && legacyKeyShareRequireCS == "false" {
+			helper.Set(up.Str, "unverified", "bridge", "encryption", "verification_levels", "share")
+		}
+	} else {
+		helper.Copy(up.Bool, "bridge", "encryption", "allow_key_sharing")
+	}
+
 	helper.Copy(up.Bool, "bridge", "encryption", "rotation", "enable_custom")
 	helper.Copy(up.Int, "bridge", "encryption", "rotation", "milliseconds")
 	helper.Copy(up.Int, "bridge", "encryption", "rotation", "messages")

example-config.yaml

@@ -306,18 +306,27 @@ bridge:
         # This will cause the bridge bot to be in private chats for the encryption to work properly.
         # It is recommended to also set private_chat_portal_meta to true when using this.
         default: false
-        # Options for automatic key sharing.
-        key_sharing:
-            # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
-            # You must use a client that supports requesting keys from other users to use this feature.
-            allow: false
-            # Require the requesting device to have a valid cross-signing signature?
-            # This doesn't require that the bridge has verified the device, only that the user has verified it.
-            # Not yet implemented.
-            require_cross_signing: false
-            # Require devices to be verified by the bridge?
-            # Verification by the bridge is not yet implemented.
-            require_verification: true
+        # Require encryption, drop any unencrypted messages.
+        require: false
+        # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
+        # You must use a client that supports requesting keys from other users to use this feature.
+        allow_key_sharing: false
+        # What level of device verification should be required from users?
+        #
+        # Valid levels:
+        #   unverified - Send keys to all device in the room.
+        #   cross-signed - Require valid cross-signing. TOFU for the cross-signing keys themselves.
+        #   cross-signed-trusted - Require valid cross-signing, plus a valid user signature from the bridge bot.
+        #                          Note that creating user signatures from the bridge bot is not currently possible.
+        #   verified - Require manual per-device verification
+        #              (currently only possible by modifying the `trust` column in the `crypto_device` database table).
+        verification_levels:
+            # Minimum level for which the bridge should send keys to when bridging messages from WhatsApp to Matrix.
+            receive: unverified
+            # Minimum level that the bridge should accept for incoming Matrix messages.
+            send: unverified
+            # Minimum level that the bridge should require for accepting key requests.
+            share: cross-signed
         # Options for Megolm room key rotation. These options allow you to
         # configure the m.room.encryption event content. See:
         # https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for

go.mod

@@ -15,7 +15,7 @@ require (
 	golang.org/x/net v0.0.0-20220513224357-95641704303c
 	google.golang.org/protobuf v1.28.0
 	maunium.net/go/maulogger/v2 v2.3.2
-	maunium.net/go/mautrix v0.11.1-0.20220621185022-13661cab583c
+	maunium.net/go/mautrix v0.11.1-0.20220622170840-a7f7bd52176c
 )
 
 require (

go.sum

@@ -107,5 +107,5 @@ maunium.net/go/mauflag v1.0.0 h1:YiaRc0tEI3toYtJMRIfjP+jklH45uDHtT80nUamyD4M=
 maunium.net/go/mauflag v1.0.0/go.mod h1:nLivPOpTpHnpzEh8jEdSL9UqO9+/KBJFmNRlwKfkPeA=
 maunium.net/go/maulogger/v2 v2.3.2 h1:1XmIYmMd3PoQfp9J+PaHhpt80zpfmMqaShzUTC7FwY0=
 maunium.net/go/maulogger/v2 v2.3.2/go.mod h1:TYWy7wKwz/tIXTpsx8G3mZseIRiC5DoMxSZazOHy68A=
-maunium.net/go/mautrix v0.11.1-0.20220621185022-13661cab583c h1:zG+3JH4mKZCnLyjjvSmlnEfO/UD/BymbT6zq9Pgc2Z0=
-maunium.net/go/mautrix v0.11.1-0.20220621185022-13661cab583c/go.mod h1:CiKpMhAx5QZFHK03jpWb0iKI3sGU8x6+LfsOjDrcO8I=
+maunium.net/go/mautrix v0.11.1-0.20220622170840-a7f7bd52176c h1:SyZWQT08tJjb3Je+U1UZa14WIr5d51wLge8LK5AdJC8=
+maunium.net/go/mautrix v0.11.1-0.20220622170840-a7f7bd52176c/go.mod h1:CiKpMhAx5QZFHK03jpWb0iKI3sGU8x6+LfsOjDrcO8I=