Merge pull request #5654 from matrix-org/rav/identity_test_cleanups

crypto: Simplify `PrivateCrossSigningIdentity::with_account`

Author: richvdh

crates/matrix-sdk-crypto/src/identities/room_identity_state.rs

@@ -1122,7 +1122,7 @@ mod tests {
         let account = Account::with_device_id(user_id, &device_id);
 
         let private_identity =
-            Arc::new(Mutex::new(PrivateCrossSigningIdentity::with_account(&account).await.0));
+            Arc::new(Mutex::new(PrivateCrossSigningIdentity::for_account(&account)));
 
         let other_user_identity_data =
             OtherUserIdentityData::from_private(&*private_identity.lock().await).await;
@@ -1162,7 +1162,7 @@ mod tests {
         let account = Account::with_device_id(user_id, &device_id);
 
         let private_identity =
-            Arc::new(Mutex::new(PrivateCrossSigningIdentity::with_account(&account).await.0));
+            Arc::new(Mutex::new(PrivateCrossSigningIdentity::for_account(&account)));
 
         let own_user_identity_data =
             OwnUserIdentityData::from_private(&*private_identity.lock().await).await;

crates/matrix-sdk-crypto/src/identities/user.rs

@@ -1641,7 +1641,7 @@ pub(crate) mod tests {
         let (_, device) = device(&response);
 
         let account = Account::with_device_id(device.user_id(), device.device_id());
-        let (identity, _, _) = PrivateCrossSigningIdentity::with_account(&account).await;
+        let identity = PrivateCrossSigningIdentity::for_account(&account);
 
         let id = Arc::new(Mutex::new(identity.clone()));
 

crates/matrix-sdk-crypto/src/olm/account.rs

@@ -806,11 +806,30 @@ impl Account {
         device_keys
     }
 
-    /// Bootstrap Cross-Signing
+    /// Bootstraps cross-signing, generating new cross-signing keys and creating
+    /// the necessary upload and signature requests.
+    ///
+    /// # Returns
+    /// A tuple containing:
+    /// - [`PrivateCrossSigningIdentity`]: The newly-generated cross-signing
+    ///   identity (including a signature from this device).
+    /// - [`UploadSigningKeysRequest`]: The request to upload the
+    ///   newly-generated cross-signing keys to the server.
+    /// - [`SignatureUploadRequest`]: The request to upload the signature of
+    ///   this device to the server.
     pub async fn bootstrap_cross_signing(
         &self,
     ) -> (PrivateCrossSigningIdentity, UploadSigningKeysRequest, SignatureUploadRequest) {
-        PrivateCrossSigningIdentity::with_account(self).await
+        let identity = PrivateCrossSigningIdentity::for_account(self);
+
+        let signature_request = identity
+            .sign_account(self.static_data())
+            .await
+            .expect("Can't sign own device with new cross signing keys");
+
+        let upload_request = identity.as_upload_request().await;
+
+        (identity, upload_request, signature_request)
     }
 
     /// Sign the given CrossSigning Key in place

crates/matrix-sdk-crypto/src/olm/group_sessions/sender_data.rs

@@ -797,7 +797,7 @@ mod tests {
     async fn test_from_device_for_verified_user() {
         let alice_account =
             Account::with_device_id(user_id!("@alice:example.com"), device_id!("ALICE_DEVICE"));
-        let alice_identity = PrivateCrossSigningIdentity::with_account(&alice_account).await.0;
+        let alice_identity = PrivateCrossSigningIdentity::for_account(&alice_account);
 
         let bob_identity =
             PrivateCrossSigningIdentity::new(user_id!("@bob:example.com").to_owned());

crates/matrix-sdk-crypto/src/olm/group_sessions/sender_data_finder.rs

@@ -912,7 +912,8 @@ mod tests {
         ) -> Self {
             let account = Account::with_device_id(user_id, device_id);
             let user_id = user_id.to_owned();
-            let private_identity = Arc::new(Mutex::new(create_private_identity(&account).await));
+            let private_identity =
+                Arc::new(Mutex::new(PrivateCrossSigningIdentity::for_account(&account)));
 
             let user_identity =
                 create_user_identity(&*private_identity.lock().await, is_me, is_verified, signer)
@@ -978,10 +979,6 @@ mod tests {
         }
     }
 
-    async fn create_private_identity(account: &Account) -> PrivateCrossSigningIdentity {
-        PrivateCrossSigningIdentity::with_account(account).await.0
-    }
-
     fn create_room_key_event(
         sender: &UserId,
         receiver: &UserId,

crates/matrix-sdk-crypto/src/olm/signing/mod.rs

@@ -499,37 +499,6 @@ impl PrivateCrossSigningIdentity {
             .sign(message))
     }
 
-    /// Create a new identity for the given Olm Account.
-    ///
-    /// Returns the new identity, the upload signing keys request and a
-    /// signature upload request that contains the signature of the account
-    /// signed by the self signing key.
-    ///
-    /// # Arguments
-    ///
-    /// * `account` - The Olm account that is creating the new identity. The
-    ///   account will sign the master key and the self signing key will sign
-    ///   the account.
-    pub(crate) async fn with_account(
-        account: &Account,
-    ) -> (Self, UploadSigningKeysRequest, SignatureUploadRequest) {
-        let mut master = MasterSigning::new(account.user_id().into());
-
-        account
-            .sign_cross_signing_key(master.public_key_mut().as_mut())
-            .expect("Can't sign our freshly created master key with our account");
-
-        let identity = Self::new_helper(account.user_id(), master);
-        let signature_request = identity
-            .sign_account(account.static_data())
-            .await
-            .expect("Can't sign own device with new cross signing keys");
-
-        let request = identity.as_upload_request().await;
-
-        (identity, request, signature_request)
-    }
-
     fn new_helper(user_id: &UserId, master: MasterSigning) -> Self {
         let (user, self_signing) = master.new_subkeys();
 
@@ -551,6 +520,32 @@ impl PrivateCrossSigningIdentity {
         Self::new_helper(&user_id, master)
     }
 
+    /**
+     * Create a new private identity, suitable for the given [`Account`].
+     *
+     * The identity will be created with a fresh set of cross-signing keys.
+     * The master key will be signed by the `OlmAccount` (i.e. the device).
+     * The user-signing and self-signing keys will be signed by the
+     * master key.
+     *
+     * Note that after creating a new identity, the device will need to be
+     * signed by the self-signing key. This can be done via
+     * [`PrivateCrossSigningIdentity::sign_account`].
+     *
+     * # Arguments
+     *
+     * * `account` - The Olm account that is creating the new identity.
+     */
+    pub(crate) fn for_account(account: &Account) -> PrivateCrossSigningIdentity {
+        let mut master = MasterSigning::new(account.user_id().into());
+
+        account
+            .sign_cross_signing_key(master.public_key_mut().as_mut())
+            .expect("Can't sign our freshly created master key with our account");
+
+        Self::new_helper(account.user_id(), master)
+    }
+
     #[cfg(any(test, feature = "testing"))]
     #[allow(dead_code)]
     /// Testing helper to reset this CrossSigning with a fresh one using the
@@ -726,7 +721,7 @@ mod tests {
     #[async_test]
     async fn test_private_identity_signed_by_account() {
         let account = Account::with_device_id(user_id(), device_id!("DEVICEID"));
-        let (identity, _, _) = PrivateCrossSigningIdentity::with_account(&account).await;
+        let identity = PrivateCrossSigningIdentity::for_account(&account);
         let master = identity.master_key.lock().await;
         let master = master.as_ref().unwrap();
 
@@ -749,7 +744,7 @@ mod tests {
     #[async_test]
     async fn test_sign_device() {
         let account = Account::with_device_id(user_id(), device_id!("DEVICEID"));
-        let (identity, _, _) = PrivateCrossSigningIdentity::with_account(&account).await;
+        let identity = PrivateCrossSigningIdentity::for_account(&account);
 
         let mut device = DeviceData::from_account(&account);
         let self_signing = identity.self_signing_key.lock().await;
@@ -766,11 +761,11 @@ mod tests {
     #[async_test]
     async fn test_sign_user_identity() {
         let account = Account::with_device_id(user_id(), device_id!("DEVICEID"));
-        let (identity, _, _) = PrivateCrossSigningIdentity::with_account(&account).await;
+        let identity = PrivateCrossSigningIdentity::for_account(&account);
 
         let bob_account =
             Account::with_device_id(user_id!("@bob:localhost"), device_id!("DEVICEID"));
-        let (bob_private, _, _) = PrivateCrossSigningIdentity::with_account(&bob_account).await;
+        let bob_private = PrivateCrossSigningIdentity::for_account(&bob_account);
         let mut bob_public = OtherUserIdentityData::from_private(&bob_private).await;
 
         let user_signing = identity.user_signing_key.lock().await;

crates/matrix-sdk-crypto/src/verification/mod.rs

@@ -830,13 +830,12 @@ pub(crate) mod tests {
     pub(crate) async fn setup_stores() -> (Account, VerificationStore, Account, VerificationStore) {
         let alice = Account::with_device_id(alice_id(), alice_device_id());
         let alice_store = MemoryStore::new();
-        let (alice_private_identity, _, _) =
-            PrivateCrossSigningIdentity::with_account(&alice).await;
+        let alice_private_identity = PrivateCrossSigningIdentity::for_account(&alice);
         let alice_private_identity = Mutex::new(alice_private_identity);
 
         let bob = Account::with_device_id(bob_id(), bob_device_id());
         let bob_store = MemoryStore::new();
-        let (bob_private_identity, _, _) = PrivateCrossSigningIdentity::with_account(&bob).await;
+        let bob_private_identity = PrivateCrossSigningIdentity::for_account(&bob);
         let bob_private_identity = Mutex::new(bob_private_identity);
 
         let alice_public_identity =