Add support for pushing secrets and receiving secret pushes (matrix-org#6164)

see MSC4385

Pushing secrets allow devices to send secrets to other devices without waiting for a secret request.

Author: uhoreg

crates/matrix-sdk-crypto/CHANGELOG.md

@@ -8,6 +8,12 @@ All notable changes to this project will be documented in this file.
 
 ### Features
 
+- Add support for MSC4385.
+  ([#6164](https://github.com/matrix-org/matrix-rust-sdk/pull/6164))
+  - Add new method `OlmMachine::push_secret_to_verified_devices`.
+  - Pushed secrets that we receive from verified devices are added to the
+    secrets inbox.
+
 - Add `Store::{store,clear}_room_pending_key_bundle`,
   `CryptoStore::get_pending_key_bundle_details_for_room` and
   `CryptoStore::get_all_rooms_pending_key_bundle`, which can be used by
@@ -34,18 +40,28 @@ All notable changes to this project will be documented in this file.
 
 ### Refactor
 
+- [**breaking**] `CryptoStore::get_secrets_from_inbox` now returns a `Vec` of
+  the secrets as strings, rather than a `Vec` of `GossippedSecret` structs.
+  ([#6164](https://github.com/matrix-org/matrix-rust-sdk/pull/6164))
+
+- [**breaking**] `store::types::Changes::sessions` now stores a `Vec` of
+  `SecretsInboxItem`.
+  ([#6164](https://github.com/matrix-org/matrix-rust-sdk/pull/6164))
+
 - **breaking** The `BackupDecryptionKey::new` and `DehydratedDeviceKey::new`
   methods became infallible, they don't return a `Result` anymore.
   ([#5502](https://github.com/matrix-org/matrix-rust-sdk/pull/5502))
 - [**breaking**] Remove cross-process lock generation logic from `OlmMachine`, which is now
   implemented more generally in `matrix_sdk_common::cross_process_lock::CrossProcessLock`.
   ([#6326](https://github.com/matrix-org/matrix-rust-sdk/pull/6326))
+
 - [**breaking**] The `MediaEncryptionInfo` fields changed to match the new fields of `EncryptedFile`
   from Ruma. The serialized JSON format did not change and still matches the format of
   `EncryptedFile` defined in the spec, without the `url` field. The `DecryptorError::KeyNonceLength`
   variant was removed because the length of the key and nonce are now enforced in
   `MediaEncryptionInfo`.
   ([#6346](https://github.com/matrix-org/matrix-rust-sdk/pull/6346))
+
 - [**breaking**] Removed `WithLocking` from `EncryptionSyncService` and replaced it with `CrossProcessLockConfig`.
   ([#6160](https://github.com/matrix-org/matrix-rust-sdk/pull/6160))
 - [**breaking**] The QrcodeData struct has been reworked in preparation to

crates/matrix-sdk-crypto/Cargo.toml

@@ -40,6 +40,10 @@ test-send-sync = []
 # Testing helpers for implementations based upon this
 testing = ["matrix-sdk-test"]
 
+# Enable experimental support for pushing secrets; see
+# https://github.com/matrix-org/matrix-spec-proposals/pull/4385
+experimental-push-secrets = []
+
 [dependencies]
 aes = { version = "0.8.4", default-features = false }
 aquamarine.workspace = true

crates/matrix-sdk-crypto/src/error.rs

@@ -444,3 +444,15 @@ pub enum SessionRecipientCollectionError {
     #[error("Encryption failed because your device is not verified")]
     SendingFromUnverifiedDevice,
 }
+
+/// Error representing a problem when pushing a secret
+#[derive(Error, Debug)]
+#[cfg(feature = "experimental-push-secrets")]
+pub enum SecretPushError {
+    #[error("The requested secret is not available")]
+    MissingSecret,
+
+    /// The storage layer returned an error.
+    #[error(transparent)]
+    StoreError(#[from] CryptoStoreError),
+}