ci(crypto-nodejs): fixing path to npm package for publishing

* feat(bindings/crypto-nodejs): Add `#[napi(strict)]` to force type checking from JavaScript.

* chore(bindings/crypto-nodejs): Use our own fork of `napi-rs` for the moment.

.cargo/config.toml

@@ -0,0 +1,41 @@
+# Pass the rustflags specified to host dependencies (build scripts, proc-macros)
+# when a `--target` is passed to Cargo. Historically this was not the case, and
+# because of that, cross-compilation would not set the rustflags configured
+# below in `target.'cfg(all())'` for them, resulting in cache invalidation.
+#
+# Since this is an unstable feature (enabled at the bottom of the file), this
+# setting is unfortunately ignored on stable toolchains, but it's still better
+# to have it apply on nightly than using the old behavior for all toolchains.
+target-applies-to-host = false
+
+[alias]
+xtask = "run --package xtask --"
+
+[doc.extern-map.registries]
+crates-io = "https://docs.rs/"
+
+[target.'cfg(all())']
+rustflags = [
+    "-Wrust_2018_idioms",
+    "-Wsemicolon_in_expressions_from_macros",
+    "-Wunused_extern_crates",
+    "-Wunused_import_braces",
+    "-Wunused_qualifications",
+    "-Wtrivial_casts",
+    "-Wtrivial_numeric_casts",
+    "-Wclippy::cloned_instead_of_copied",
+    "-Wclippy::dbg_macro",
+    "-Wclippy::inefficient_to_string",
+    "-Wclippy::macro_use_imports",
+    "-Wclippy::mut_mut",
+    "-Wclippy::needless_borrow",
+    "-Wclippy::nonstandard_macro_braces",
+    "-Wclippy::str_to_string",
+    "-Wclippy::todo",
+]
+
+# activate the target-applies-to-host feature.
+# Required for `target-applies-to-host` at the top to take effect.
+[unstable]
+rustdoc-map = true
+target-applies-to-host = true

.github/workflows/appservice.yml

@@ -0,0 +1,54 @@
+name: AppService
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+    types:
+      - opened
+      - reopened
+      - synchronize
+      - ready_for_review
+
+env:
+  CARGO_TERM_COLOR: always
+
+jobs:
+  test-appservice:
+    if: github.event_name == 'push' || !github.event.pull_request.draft
+    name: ${{ matrix.os-name }} [m]-appservice
+
+    runs-on: ${{ matrix.os }}
+    strategy:
+      fail-fast: true
+      matrix:
+        include:
+          - os: ubuntu-latest
+            os-name: 🐧
+
+          - os: macos-latest
+            os-name: 🍏
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v1
+
+      - name: Install Rust
+        uses: actions-rs/toolchain@v1
+        with:
+          toolchain: stable
+          profile: minimal
+          override: true
+
+      - name: Load cache
+        uses: Swatinem/rust-cache@v1
+
+      - name: Install nextest
+        uses: taiki-e/install-action@nextest
+
+      - name: Run checks
+        uses: actions-rs/cargo@v1
+        with:
+          command: run
+          args: -p xtask -- ci test-appservice

.github/workflows/audit.yml

@@ -0,0 +1,13 @@
+name: Security audit
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 0 * * *'
+jobs:
+  audit:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - uses: actions-rs/audit-check@v1
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/benchmarks.yml

@@ -0,0 +1,56 @@
+name: Benchmarks
+
+on:
+  workflow_dispatch:
+
+jobs:
+  benchmarks:
+    name: Run Benchmarks
+    runs-on: ubuntu-latest
+    environment: matrix-rust-bot
+    if: github.event_name == 'push' || !github.event.pull_request.draft
+
+    steps:
+    - name: Checkout the repo
+      uses: actions/checkout@v2
+
+    - name: Install Rust
+      uses: actions-rs/toolchain@v1
+      with:
+        toolchain: nightly
+        components: rustfmt
+        profile: minimal
+        override: true
+
+    - name: Run Benchmarks
+      run: cargo bench | tee benchmark-output.txt
+
+    - name: Check benchmark result for PR
+      if: github.event_name == 'pull_request'
+      uses: benchmark-action/github-action-benchmark@v1
+      with:
+        name: Rust Benchmark
+        tool: 'cargo'
+        output-file-path: benchmark-output.txt
+        auto-push: false
+        # comment to alert the user this has gone bad
+        github-token: ${{ secrets.MRB_ACCESS_TOKEN }}
+        alert-threshold: '120%'
+        comment-on-alert: true
+        fail-threshold: '150%'
+        fail-on-alert: true
+
+    - name: Store benchmark result
+      if: github.event_name != 'pull_request'
+      uses: benchmark-action/github-action-benchmark@v1
+      with:
+        name: Rust Benchmark
+        tool: 'cargo'
+        output-file-path: benchmark-output.txt
+        github-token: ${{ secrets.GITHUB_TOKEN }}
+        auto-push: true
+        # Show alert with commit comment on detecting possible performance regression
+        alert-threshold: '150%'
+        comment-on-alert: true
+        fail-on-alert: true
+        alert-comment-cc-users: '@gnunicornBen,@jplatte,@poljar'

.github/workflows/bindings_ci.yml

@@ -0,0 +1,173 @@
+name: Bindings tests
+
+on:
+  workflow_dispatch:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+    types:
+      - opened
+      - reopened
+      - synchronize
+      - ready_for_review
+
+env:
+  CARGO_TERM_COLOR: always
+  MATRIX_SDK_CRYPTO_NODEJS_PATH: bindings/matrix-sdk-crypto-nodejs
+  MATRIX_SDK_CRYPTO_JS_PATH: bindings/matrix-sdk-crypto-js
+
+jobs:
+  test-matrix-sdk-crypto-nodejs:
+    name: ${{ matrix.os-name }} [m]-crypto-nodejs, v${{ matrix.node-version }}
+    if: github.event_name == 'push' || !github.event.pull_request.draft
+
+    runs-on: ${{ matrix.os }}
+    strategy:
+      fail-fast: true
+      matrix:
+        os: [ubuntu-latest, macos-latest]
+        node-version: [14.0, 16.0, 18.0]
+        include:
+          - os: ubuntu-latest
+            os-name: 🐧
+
+          - os: macos-latest
+            os-name: 🍏
+
+          - node-version: 18.0
+            build-doc: true
+
+    steps:
+      - name: Checkout the repo
+        uses: actions/checkout@v2
+
+      - name: Install Rust
+        uses: actions-rs/toolchain@v1
+        with:
+          toolchain: stable
+          profile: minimal
+          override: true
+
+      - name: Load cache
+        uses: Swatinem/rust-cache@v1
+
+      - name: Install Node.js
+        uses: actions/setup-node@v3
+        with:
+          node-version: ${{ matrix.node-version }}
+
+      - name: Install NPM dependencies
+        working-directory: ${{ env.MATRIX_SDK_CRYPTO_NODEJS_PATH }}
+        run: npm install
+
+      - name: Build the Node.js binding
+        working-directory: ${{ env.MATRIX_SDK_CRYPTO_NODEJS_PATH }}
+        run: npm run release-build
+
+      - name: Test the Node.js binding
+        working-directory: ${{ env.MATRIX_SDK_CRYPTO_NODEJS_PATH }}
+        run: npm run test
+
+      # Building in dev-mode and copy lib in failure case
+      - name: Build the Node.js binding in non-release
+        if: failure()
+        working-directory: ${{ env.MATRIX_SDK_CRYPTO_NODEJS_PATH }}
+        run: |
+          cp *.node release-mode-lib.node
+          npm run build
+
+      - uses: actions/upload-artifact@v3
+        if: failure()
+        with:
+          name: Failure Files
+          path: |
+            bindings/matrix-sdk-crypto-nodejs/*.node
+            /var/crash/*.crash
+
+      - if: ${{ matrix.build-doc }}
+        name: Build the documentation
+        working-directory: ${{ env.MATRIX_SDK_CRYPTO_NODEJS_PATH }}
+        run: npm run doc
+
+  test-matrix-sdk-crypto-js:
+    name: 🕸 [m]-crypto-js
+    if: github.event_name == 'push' || !github.event.pull_request.draft
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout the repo
+        uses: actions/checkout@v2
+
+      - name: Install Rust
+        uses: actions-rs/toolchain@v1
+        with:
+          toolchain: stable
+          target: wasm32-unknown-unknown
+          profile: minimal
+          override: true
+
+      - name: Load cache
+        uses: Swatinem/rust-cache@v1
+
+      - name: Install Node.js
+        uses: actions/setup-node@v3
+
+      - name: Install NPM dependencies
+        working-directory: ${{ env.MATRIX_SDK_CRYPTO_JS_PATH }}
+        run: npm install
+
+      - name: Build the WebAssembly + JavaScript binding
+        working-directory: ${{ env.MATRIX_SDK_CRYPTO_JS_PATH }}
+        run: npm run build
+
+      - name: Test the JavaScript binding
+        working-directory: ${{ env.MATRIX_SDK_CRYPTO_JS_PATH }}
+        run: npm run test
+
+      - name: Build the documentation
+        working-directory: ${{ env.MATRIX_SDK_CRYPTO_JS_PATH }}
+        run: npm run doc
+
+  test-apple:
+    name: matrix-rust-components-swift
+    runs-on: macos-12
+    if: github.event_name == 'push' || !github.event.pull_request.draft
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v1
+
+      - name: Install Rust
+        uses: actions-rs/toolchain@v1
+        with:
+          toolchain: nightly
+          profile: minimal
+          override: true
+
+      - name: Install targets
+        run: |
+          rustup target add aarch64-apple-ios-sim --toolchain nightly
+          rustup target add x86_64-apple-ios --toolchain nightly
+
+      - name: Load cache
+        uses: Swatinem/rust-cache@v1
+
+      - name: Install Uniffi
+        uses: actions-rs/cargo@v1
+        with:
+          command: install
+          # keep in sync with uniffi dependency in Cargo.toml's
+          args: uniffi_bindgen --version ^0.18
+
+      - name: Generate .xcframework
+        run: sh bindings/apple/debug_build_xcframework.sh ci
+
+      - name: Run XCTests
+        run: |
+          xcodebuild test \
+            -project bindings/apple/MatrixRustSDK.xcodeproj \
+            -scheme MatrixRustSDK \
+            -sdk iphonesimulator \
+            -destination 'platform=iOS Simulator,name=iPhone 13,OS=15.4'

.github/workflows/ci.yml

@@ -0,0 +1,209 @@
+name: Rust tests
+
+on:
+  workflow_dispatch:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+    types:
+      - opened
+      - reopened
+      - synchronize
+      - ready_for_review
+
+env:
+  CARGO_TERM_COLOR: always
+
+jobs:
+  test-matrix-sdk-features:
+    name: 🐧 [m], ${{ matrix.name }}
+    if: github.event_name == 'push' || !github.event.pull_request.draft
+
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: true
+      matrix:
+        name:
+          - no-encryption
+          - no-sled
+          - no-encryption-and-sled
+          - sled-cryptostore
+          - rustls-tls
+          - markdown
+          - socks
+          - sso-login
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v1
+
+      - name: Install Rust
+        uses: actions-rs/toolchain@v1
+        with:
+          toolchain: stable
+          profile: minimal
+          override: true
+
+      - name: Load cache
+        uses: Swatinem/rust-cache@v1
+
+      - name: Install nextest
+        uses: taiki-e/install-action@nextest
+
+      - name: Test
+        uses: actions-rs/cargo@v1
+        with:
+          command: run
+          args: -p xtask -- ci test-features ${{ matrix.name }}
+
+  test-matrix-sdk-crypto:
+    name: 🐧 [m]-crypto
+    runs-on: ubuntu-latest
+    if: github.event_name == 'push' || !github.event.pull_request.draft
+
+    steps:
+    - name: Checkout the repo
+      uses: actions/checkout@v2
+
+    - name: Install Rust
+      uses: actions-rs/toolchain@v1
+      with:
+        toolchain: stable
+        profile: minimal
+        override: true
+
+    - name: Load cache
+      uses: Swatinem/rust-cache@v1
+
+    - name: Install nextest
+      uses: taiki-e/install-action@nextest
+
+    - name: Test
+      uses: actions-rs/cargo@v1
+      with:
+        command: run
+        args: -p xtask -- ci test-crypto
+
+  test-all-crates:
+    name: ${{ matrix.name }}
+    if: github.event_name == 'push' || !github.event.pull_request.draft
+
+    runs-on: ${{ matrix.os }}
+    strategy:
+      fail-fast: true
+      matrix:
+        include:
+          - name: 🐧 all crates, 🦀 stable
+            rust: stable
+            os: ubuntu-latest
+
+          - name: 🐧 all crates, 🦀 beta
+            rust: beta
+            os: ubuntu-latest
+
+          - name: 🍏 all crates, 🦀 stable
+            rust: stable
+            os: macos-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v1
+
+      - name: Install Rust
+        uses: actions-rs/toolchain@v1
+        with:
+          toolchain: ${{ matrix.rust }}
+          profile: minimal
+          override: true
+
+      - name: Load cache
+        uses: Swatinem/rust-cache@v1
+
+      - name: Install nextest
+        uses: taiki-e/install-action@nextest
+
+      - name: Test
+        uses: actions-rs/cargo@v1
+        with:
+          command: nextest
+          args: run --workspace
+
+      - name: Test documentation
+        uses: actions-rs/cargo@v1
+        with:
+          command: test
+          args: --doc
+
+  test-wasm:
+    name: 🕸️ ${{ matrix.name }}
+    if: github.event_name == 'push' || !github.event.pull_request.draft
+
+    runs-on: ubuntu-latest
+
+    strategy:
+      fail-fast: true
+      matrix:
+        include:
+          - name: '[m]-qrcode'
+            cmd: matrix-sdk-qrcode
+
+          - name: '[m]-base'
+            cmd: matrix-sdk-base
+
+          - name: '[m]-common'
+            cmd: matrix-sdk-common
+
+          - name: '[m]-indexeddb, no crypto'
+            cmd: indexeddb-no-crypto
+
+          - name: '[m]-indexeddb, with crypto'
+            cmd: indexeddb-with-crypto
+
+          - name: '[m], no-default, wasm-flags'
+            cmd: matrix-sdk-no-default
+
+          - name: '[m], indexeddb stores'
+            cmd: matrix-sdk-indexeddb-stores
+
+          - name: '[m], indexeddb stores, no crypto'
+            cmd: matrix-sdk-indexeddb-stores-no-crypto
+
+          - name: '[m], wasm-example'
+            cmd: matrix-sdk-command-bot
+
+    steps:
+      - name: Checkout the repo
+        uses: actions/checkout@v2
+
+      - name: Install Rust
+        uses: actions-rs/toolchain@v1
+        with:
+          toolchain: stable
+          target: wasm32-unknown-unknown
+          components: clippy
+          profile: minimal
+          override: true
+
+      - name: Install wasm-pack
+        uses: jetli/wasm-pack-action@v0.3.0
+        with:
+          version: latest
+
+      - name: Load cache
+        uses: Swatinem/rust-cache@v1
+
+      - name: Install nextest
+        uses: taiki-e/install-action@nextest
+
+      - name: Rust Check
+        uses: actions-rs/cargo@v1
+        with:
+          command: run
+          args: -p xtask -- ci wasm ${{ matrix.cmd }}
+
+      - name: Wasm-Pack test
+        uses: actions-rs/cargo@v1
+        with:
+          command: run
+          args: -p xtask -- ci wasm-pack ${{ matrix.cmd }}

.github/workflows/coverage.yml

@@ -0,0 +1,45 @@
+name: Code coverage
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+env:
+  CARGO_TERM_COLOR: always
+
+jobs:
+  code_coverage:
+    name: Code Coverage
+    runs-on: "ubuntu-latest"
+    if: github.event_name == 'push' || !github.event.pull_request.draft
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+
+    - name: Install Rust
+      uses: actions-rs/toolchain@v1
+      with:
+        toolchain: stable
+        profile: minimal
+        override: true
+
+    - name: Load cache
+      uses: Swatinem/rust-cache@v1
+
+    - name: Install tarpaulin
+      uses: actions-rs/cargo@v1
+      with:
+        command: install
+        args: cargo-tarpaulin
+
+    - name: Run tarpaulin
+      uses: actions-rs/cargo@v1
+      with:
+        command: tarpaulin
+        args: --out Xml
+
+    - name: Upload to codecov.io
+      uses: codecov/codecov-action@v3

.github/workflows/documentation.yml

@@ -0,0 +1,45 @@
+name: Documentation
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+
+jobs:
+  docs:
+    name: All crates
+    runs-on: ubuntu-latest
+    if: github.event_name == 'push' || !github.event.pull_request.draft
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+
+      - name: Install Rust
+        uses: actions-rs/toolchain@v1
+        with:
+          profile: minimal
+          toolchain: nightly
+          override: true
+
+      - name: Load cache
+        uses: Swatinem/rust-cache@v1
+
+      # Keep in sync with xtask docs
+      - name: Build documentation
+        uses: actions-rs/cargo@v1
+        env:
+          # Work around https://github.com/rust-lang/cargo/issues/10744
+          CARGO_TARGET_APPLIES_TO_HOST: "true"
+          RUSTDOCFLAGS: "--enable-index-page -Zunstable-options --cfg docsrs -Dwarnings"
+        with:
+          command: doc
+          args: --no-deps --workspace --features docsrs
+
+      - name: Deploy documentation
+        if: github.event_name == 'push' && github.ref == 'refs/heads/main'
+        uses: peaceiris/actions-gh-pages@v3
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          publish_dir: ./target/doc/
+          force_orphan: true

.github/workflows/prep-crypto-nodejs-release.yml

@@ -0,0 +1,109 @@
+name: Prepare Crypto-Node.js Release
+# 
+#  This is a helper workflow to craft a new Node.js release, trigger this via
+#  the Github Workflow UI by dispatching it manually. Provide the version, the 
+#  matrix-sdk-crypto-nodejs npm package should be set to, and a optionally the
+#  old version (as used in the git tag) this release should be compared to.
+#
+#  This will then:
+#    1. bump the npm version to the one you specified
+#    2. commit that change together with the changelog (if it changed, see below)
+#    3. create the appropriate tag on that commit
+#    4. create the Github draft release, including the changes (if given, see below)
+#    5. push these to a new branch, including tag, triggering the `release-crypto-nodejs` workflow
+#    6. create a PR to merge these back into `main`
+#
+#  Additionally, if you provide a tag to comapare this tag to, this will:
+#    1. create a changelog between the two releases, used for the github release
+#    2. update the Changelog.md and include it in the commit
+#
+#  The remaining tasks are done by the release-crypto-nodejs workflow.
+
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'New Node.js SemVer version to create'
+        required: true 
+        type: string
+      previous_version:
+        description: 'Create the changelog by comparing to this old SemVer Version (as used in the tag) '
+        type: string
+
+env:
+  PKG_PATH: "bindings/matrix-sdk-crypto-nodejs"
+  TAG_PREFIX: "matrix-sdk-crypto-nodejs-v"
+
+jobs:
+  prepare-release:
+    name: "Preparing crypto-nodejs release tag"
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-node@v3
+
+      # Generate changelog since last tag, if given
+      - name: Generate a changelog for upload
+        if: inputs.previous_version
+        uses: orhun/git-cliff-action@v1
+        with:
+          config: "${{ env.PKG_PATH }}/cliff.toml"
+          args: --strip header "${{env.TAG_PREFIX}}${{ inputs.previous_version }}..HEAD"
+        env:
+          GIT_CLIFF_TAG: "Changes ${{ inputs.previous_version }} -> ${{ inputs.version }}"
+          GIT_CLIFF_OUTPUT: "${{ env.PKG_PATH }}/CHANGES-${{ inputs.version }}.md"
+
+      # Update changelog since last tag, if given
+      - name: Update existing Changelog
+        if: inputs.previous_version
+        uses: orhun/git-cliff-action@v1
+        with:
+          config: "${{ env.PKG_PATH }}/cliff.toml"
+          args: "${{ inputs.previous_version }}..HEAD"
+        env:
+          GIT_CLIFF_TAG: "${{ inputs.version }}"
+          GIT_CLIFF_PREPEND: "${{ env.PKG_PATH }}/CHANGELOG.md"
+
+      - name: Set version
+        id: package_version
+        working-directory: ${{ env.PKG_PATH }}
+        run: npm version ${{ inputs.version }}
+
+      - uses: EndBug/add-and-commit@v9
+        with:
+          default_author: github_actions
+          message: "Tagging Crypto-Node.js for release"
+          tag: "${{env.TAG_PREFIX}}${{ inputs.version }}"
+          new_branch: "gh-action/release-${{ env.TAG_PREFIX }}${{ inputs.version }}"
+          push: true
+          add: |
+            ${{ env.PKG_PATH }}/package.json
+            ${{ env.PKG_PATH }}/CHANGELOG.md
+
+      # if we have generated changes
+      - name: Update Github Release notes
+        if: inputs.previous_version
+        uses: softprops/action-gh-release@v1
+        with:
+          draft: true
+          tag_name: ${{ env.TAG_PREFIX }}${{ inputs.version }}
+          body_path: "${{ env.PKG_PATH }}/CHANGES-${{ inputs.version }}.md"
+
+      # no changes, use the default changelog for the body
+      - name: Update Github Release notes
+        if: ${{!inputs.previous_version}}
+        uses: softprops/action-gh-release@v1
+        with:
+          draft: true
+          tag_name: ${{ env.TAG_PREFIX }}${{ inputs.version }}
+          body_path: "${{ env.PKG_PATH }}/CHANGELOG.md"
+
+      # finally, let's create a PR for all this, too
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@v4
+        with:
+          branch: "gh-action/release-${{ env.TAG_PREFIX }}${{ inputs.version }}"
+          base: "main"
+          title: "Preparing Release ${{ env.TAG_PREFIX }}${{ inputs.version }}"
+          body: |
+            Automatic Pull-Request to merge release ${{ env.TAG_PREFIX }}${{ inputs.version }} back into main

.github/workflows/release-crypto-nodejs.yml

@@ -0,0 +1,117 @@
+name: Release Crypto-Node.js
+#
+# This workflow releases the crypto-bindings for nodejs
+#
+# It is triggered when seeing a tag prefixed matching `matrix-sdk-crypto-nodejs-v[0-9]+.*`,
+# which then build the native bindings for linux, mac and windows via the CI and uploads
+# them to the corresponding Github Release tag. Once they are finished, this workflow will
+# package the npm tar.gz and uploads that to the Github Release tag as well, before publishing
+# it to npmjs.com automatically.
+#
+# The usual way to trigger this is by manually triggering the `prep-crypto-nodejs-release`
+# workflow. See its documentation for instructions how to use it.
+
+env:
+  PKG_PATH: "bindings/matrix-sdk-crypto-nodejs"
+  CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER: 'aarch64-linux-gnu-gcc'
+  CARGO_TARGET_I686_UNKNOWN_LINUX_GNU_LINKER: 'i686-linux-gnu-gcc'
+  CARGO_TARGET_ARM_UNKNOWN_LINUX_GNUEABIHF_LINKER: 'arm-linux-gnueabihf-gcc'
+
+on:
+  push:
+    tags:
+      - matrix-sdk-crypto-nodejs-v[0-9]+.*
+
+jobs:
+  upload-assets:
+    name: "Upload prebuilt libraries"
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          # ----------------------------------- Linux
+          - target: x86_64-unknown-linux-gnu
+            os: ubuntu-latest
+          - target: i686-unknown-linux-gnu
+            apt_install: gcc-i686-linux-gnu g++-i686-linux-gnu
+            os: ubuntu-latest
+          - target: aarch64-unknown-linux-gnu
+            os: ubuntu-latest
+            apt_install: gcc-aarch64-linux-gnu g++-aarch64-linux-gnu
+          - target: arm-unknown-linux-gnueabihf
+            os: ubuntu-latest
+            apt_install: gcc-arm-linux-gnueabihf
+          - target: x86_64-unknown-linux-musl
+            os: ubuntu-latest
+          # ----------------------------------- macOS
+          - target: aarch64-apple-darwin
+            os: macos-latest
+          - target: x86_64-apple-darwin
+            os: macos-latest
+          # ----------------------------------- Windows
+          - target: x86_64-pc-windows-msvc
+            os: windows-latest
+          - target: i686-pc-windows-msvc
+            os: windows-latest
+          - target: aarch64-pc-windows-msvc
+            os: windows-latest
+    runs-on: ${{ matrix.os }}
+    steps:
+      - uses: actions/checkout@v3
+      - name: Install Rust
+        uses: actions-rs/toolchain@v1
+        with:
+          toolchain: nightly
+          profile: minimal
+          target: ${{ matrix.target }}
+          override: true
+      - name: Install Node.js
+        uses: actions/setup-node@v3
+      - name: Load cache
+        uses: Swatinem/rust-cache@v1
+      - if: ${{ matrix.apt_install }}
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y ${{ matrix.apt_install }}
+      - name: Build lib
+        working-directory: ${{env.PKG_PATH}}
+        run: |
+          npm install --ignore-scripts
+          npx napi build --platform --release --strip --target ${{ matrix.target }}
+      - name: Upload artifacts to release
+        uses: softprops/action-gh-release@v1
+        with:
+          draft: true
+          files: ${{env.PKG_PATH}}/*.node
+
+  publish-nodejs-package:
+    name: "Package nodejs package"
+    runs-on: ubuntu-latest
+    needs:
+      - upload-assets
+    steps:
+      - uses: actions/checkout@v3
+      - name: Install Rust
+        uses: actions-rs/toolchain@v1
+        with:
+          toolchain: nightly
+          profile: minimal
+          override: true
+      - name: Install Node.js
+        uses: actions/setup-node@v3
+      - name: Build lib
+        working-directory: ${{env.PKG_PATH}}
+        run: |
+          npm install --ignore-scripts
+          npm run build
+          npm pack
+      - name: Upload npm package to release
+        uses: softprops/action-gh-release@v1
+        with:
+          draft: true
+          files: ${{env.PKG_PATH}}/*tgz
+      - name: Publish to npmjs.com
+        uses: JS-DevTools/npm-publish@v1
+        with:
+          package: ${{env.PKG_PATH}}/package.json
+          token: ${{ secrets.NPM_TOKEN }}

.github/workflows/style.yml

@@ -0,0 +1,105 @@
+name: Style
+
+on:
+  workflow_dispatch:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+    types:
+      - opened
+      - reopened
+      - synchronize
+      - ready_for_review
+
+env:
+  CARGO_TERM_COLOR: always
+
+jobs:
+  style:
+    name: Check Formatting
+    runs-on: ubuntu-latest
+    if: github.event_name == 'push' || !github.event.pull_request.draft
+
+    steps:
+    - name: Checkout the repo
+      uses: actions/checkout@v2
+
+    - name: Install Rust
+      uses: actions-rs/toolchain@v1
+      with:
+        toolchain: nightly
+        components: rustfmt
+        profile: minimal
+        override: true
+
+    - name: Cargo fmt
+      uses: actions-rs/cargo@v1
+      with:
+        command: fmt
+        args: -- --check
+
+  pre-commit-styles:
+    name: Check Style
+    if: github.event_name == 'push' || !github.event.pull_request.draft
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout Actions Repository
+      uses: actions/checkout@v2
+
+    - name: Install Rust
+      uses: actions-rs/toolchain@v1
+      with:
+        toolchain: nightly
+        components: clippy
+        profile: minimal
+        override: true
+
+    - name: Setup Python Env
+      uses: actions/setup-python@v2
+
+    - name: Check Styles with pre-commit
+      uses: pre-commit/action@v2.0.3
+      with:
+        # only run `commit`-hooks, excludes typos, clippy, etc
+        extra_args: --show-diff-on-failure --hook-stage commit
+
+  typos:
+    name: Spell Check with Typos
+    needs: [style]
+    runs-on: ubuntu-latest
+    if: github.event_name == 'push' || !github.event.pull_request.draft
+
+    steps:
+    - name: Checkout Actions Repository
+      uses: actions/checkout@v2
+
+    - name: Check the spelling of the files in our repo
+      uses: crate-ci/typos@master
+
+  clippy:
+    name: Run clippy
+    needs: [style]
+    runs-on: ubuntu-latest
+    if: github.event_name == 'push' || !github.event.pull_request.draft
+
+    steps:
+    - name: Checkout the repo
+      uses: actions/checkout@v2
+
+    - name: Install Rust
+      uses: actions-rs/toolchain@v1
+      with:
+        toolchain: nightly
+        components: clippy
+        profile: minimal
+        override: true
+
+    - name: Load cache
+      uses: Swatinem/rust-cache@v1
+
+    - name: Clippy
+      uses: actions-rs/cargo@v1
+      with:
+        command: run
+        args: -p xtask -- ci clippy

.gitignore

@@ -1,2 +1,13 @@
 Cargo.lock
 target
+generated
+master.zip
+emsdk-*
+.idea/
+
+## User settings
+xcuserdata/
+.vscode/
+
+## OS garbage
+.DS_Store

.pre-commit-config.yaml

@@ -1,10 +1,13 @@
 repos:
 -   repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v2.2.3
+    rev: v4.2.0
     hooks:
     -   id: check-yaml
+    -   id: check-toml
     -   id: end-of-file-fixer
     -   id: trailing-whitespace
+    -   id: check-merge-conflict
+    -   id: mixed-line-ending
 
 -   repo: local
     hooks:
@@ -16,6 +19,7 @@ repos:
 
       - id: clippy
         name: clippy
+        stages: [push]
         language: system
         types: [file, rust]
         entry: cargo clippy --all-targets --all
@@ -23,7 +27,15 @@ repos:
 
       - id: test
         name: test
+        stages: [push]
         language: system
         files: '\.rs$'
         entry: cargo test --lib
         pass_filenames: false
+
+      - id: typos
+        name: typos
+        stages: [push]
+        language: system
+        entry: typos
+        pass_filenames: false

.rustfmt.toml

@@ -0,0 +1,7 @@
+edition = "2018"
+max_width = 100
+comment_width = 80
+wrap_comments = true
+imports_granularity = "Crate"
+use_small_heuristics = "Max"
+group_imports = "StdExternalCrate"

.travis.yml

@@ -1,53 +0,0 @@
-language: rust
-rust: stable
-addons:
-  apt:
-    packages:
-      - libssl-dev
-
-jobs:
-  include:
-    - os: linux
-      dist: bionic
-
-    - os: osx
-    - os: linux
-      name: Coverage
-      before_script:
-          - cargo install cargo-tarpaulin
-      script:
-          - cargo tarpaulin --out Xml
-      after_success:
-          - bash <(curl -s https://codecov.io/bash)
-
-    - os: linux
-      name: wasm32-unknown-unknown
-      before_script:
-          - |
-            set -e
-            cargo install wasm-bindgen-cli
-            rustup target add wasm32-unknown-unknown
-            wget https://github.com/emscripten-core/emsdk/archive/master.zip
-            unzip master.zip
-            ./emsdk-master/emsdk install latest
-            ./emsdk-master/emsdk activate latest
-      script:
-          - |
-            set -e
-            source emsdk-master/emsdk_env.sh
-            cd matrix_sdk/examples/wasm_command_bot
-            cargo build --target wasm32-unknown-unknown
-            cd -
-
-            cd matrix_sdk_base
-            cargo test --target wasm32-unknown-unknown --no-default-features
-
-
-
-before_script:
-  - rustup component add rustfmt
-
-script:
-  - cargo fmt --all -- --check
-  - cargo build
-  - cargo test

.typos.toml

@@ -0,0 +1,11 @@
+[default.extend-words]
+# Remove this once base64 gets correctly ignored by typos
+# Or if we're able to ignore certain lines.
+Fo = "Fo"
+BA = "BA"
+UE = "UE"
+
+[files]
+# Our json files contain a bunch of base64 encoded ed25519 keys which aren't
+# automatically ignored, we ignore them here.
+extend-exclude = ["*.json"]

Cargo.toml

@@ -1,9 +1,23 @@
 [workspace]
 members = [
-    "matrix_sdk",
-    "matrix_sdk_base",
-    "matrix_sdk_test",
-    "matrix_sdk_test_macros",
-    "matrix_sdk_crypto",
-    "matrix_sdk_common",
+    "benchmarks",
+    "bindings/matrix-sdk-crypto-ffi",
+    "bindings/matrix-sdk-crypto-js",
+    "bindings/matrix-sdk-crypto-nodejs",
+    "bindings/matrix-sdk-ffi",
+    "crates/*",
+    "labs/*",
+    "xtask",
 ]
+# xtask, labs and the bindings should only be built when invoked explicitly.
+default-members = ["benchmarks", "crates/*"]
+resolver = "2"
+
+[profile.release]
+lto = true
+
+[profile.dev.package]
+# Optimize quote even in debug mode. Speeds up proc-macros enough to account
+# for the extra time of optimizing it for a clean build of matrix-sdk-ffi.
+quote = { opt-level = 2 }
+sha2 = { opt-level = 2 }

Makefile

@@ -1,17 +0,0 @@
-all: build
-
-build:
-	cargo build
-test:
-	cargo test
-
-coverage:
-	cargo tarpaulin -v
-
-clean:
-	cargo clean
-
-format:
-	cargo fmt
-
-.PHONY: clean test coverage

README.md

@@ -1,7 +1,9 @@
-[![Build Status](https://img.shields.io/travis/matrix-org/matrix-rust-sdk.svg?style=flat-square)](https://travis-ci.org/matrix-org/matrix-rust-sdk)
-[![codecov](https://img.shields.io/codecov/c/github/matrix-org/matrix-rust-sdk/master.svg?style=flat-square)](https://codecov.io/gh/matrix-org/matrix-rust-sdk)
+![Build Status](https://img.shields.io/github/workflow/status/matrix-org/matrix-rust-sdk/CI?style=flat-square)
+[![codecov](https://img.shields.io/codecov/c/github/matrix-org/matrix-rust-sdk/main.svg?style=flat-square)](https://codecov.io/gh/matrix-org/matrix-rust-sdk)
 [![License](https://img.shields.io/badge/License-Apache%202.0-yellowgreen.svg?style=flat-square)](https://opensource.org/licenses/Apache-2.0)
 [![#matrix-rust-sdk](https://img.shields.io/badge/matrix-%23matrix--rust--sdk-blue?style=flat-square)](https://matrix.to/#/#matrix-rust-sdk:matrix.org)
+[![Docs - Main](https://img.shields.io/badge/docs-main-blue.svg?style=flat-square)](https://matrix-org.github.io/matrix-rust-sdk/matrix_sdk/)
+[![Docs - Stable](https://img.shields.io/crates/v/matrix-sdk?color=blue&label=docs&style=flat-square)](https://docs.rs/matrix-sdk)
 
 # matrix-rust-sdk
 
@@ -22,6 +24,10 @@ The rust-sdk consists of multiple crates that can be picked at your convenience:
 - **matrix-sdk-crypto** - No (network) IO encryption state machine that can be
   used to add Matrix E2EE support to your client or client library.
 
+## Minimum Supported Rust Version (MSRV)
+
+These crates are built with the Rust language version 2021 and require a minimum compiler version of `1.60`
+
 ## Status
 
 The library is in an alpha state, things that are implemented generally work but
@@ -30,6 +36,12 @@ the API will change in breaking ways.
 If you are interested in using the matrix-sdk now is the time to try it out and
 provide feedback.
 
+## Bindings
+
+Some crates of the **matrix-rust-sdk** can be embedded inside other
+environments, like Swift, Kotlin, JavaScript, Node.js etc. Please,
+explore the [`bindings/`](./bindings/) directory to learn more.
+
 ## License
 
 [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0)

RELEASE-NOTES-0.5.md

@@ -0,0 +1,43 @@
+# SDK 0.5 - stores and native crypto
+
+The @matrix-org/rust team is happy to present to the wider public version 0.5 of the [`matrix-rust-sdk`][sdk], now available on crates.io for your convenience. This marks an important milestone after over half a year of work since the latest release (0.4) and with many new team members working on it. It comes with many bug fixes, improvements and updates, but a few we'd like to highlight here:
+
+## Better, safer, native-er crypto
+
+One of the biggest improvements under the hood is the replacement of the former crypto core written in C, libolm, with the fully rustic, fully audited [Vodozemac][vodozemac]. [Vodozemac][vodozemac] is a much more robust new implementation of the olm crypto primitives and engines with all the learning included and pitfalls from the previous C implementation avoided in a freshly baked, very robust library. With this release both matrix-sdk-crypto and matrix-sdk (when the `e2e-encryption` is enabled, which it is by default) use vodozemac to handle all crypto needs. 
+
+## Stores, stores, stores
+
+This release has also seen a major refactoring around the state and crypto store primitives and implementations. From this release forward, the implementation of the storage layer is truly modular and pluggable, with the default implementation (based on `sled`) even being a separate crate. Furthermore this release has also additional support for the [`indexeddb`-storage][indexeddb] layer for in-browser WASM needs. As before, the base still ships with an in-memory store, but if none of them fits your needs, you are very much invited to build your own - we recommend looking at the implementation of the existing [`matrix-sdk-sled`][sled] to understand what is needed.
+
+We've further extended and cleaned up the storage API and hardened the two existing implementations: both `sled` and `indexeddb` will now encrypt _all metadata_, including all keys, if a passphrase is given. Even a core dump of a database won't show any strings or other identifiable data. Both implementation also hold a database version string now, allowing future migrations of the database schema while we move forward.
+
+## WebAssembly 
+
+It already came through in the previous paragraph: we now fully support `wasm` as a primary target for the main sdk and its dependencies (browser for now). While it was already possible to build the SDK for wasm before, if you were lucky and had the specific emscripten setup, even crypto didn't always fail to compile, our move to vodozemac frees us from these problems and our CI now makes sure all our PRs will continue to build on WebAssembly, too. And with the `indexeddb`-store, we also have a fully persistent storage layer implementation for all your in-browser matrix needs built in.
+
+## More features
+
+Of course a lot more has happened over the last few months as we've ramped up our work on the SDK. Most notably, you can now check whether a room has been created as a `space`, and we offer nice automatic thumbnailing and resizing support if you enable `image`. Additionally, there is a very early event-timeline API behind the `experimental-timeline`-feature-flag. Just to name a few. We really recommend you migrate from the older version to this one. 
+
+## Process and Workflow
+
+We've also ramped up our CI, parallelized it a lot, while adding more tests. In general we don't merge anything breaking the tests, thus our `main` can also be considered `stable` to build again, though things might be changed without prior notice. We recommend keeping an eye out in our [team chat][chat] to stay current.
+
+### Versions
+
+This and all future releases of matrix-sdk adhere to [semver][semver] and we do our best to stick to it for the default-feature-set. As you will see only the main crate `matrix-sdk` is actually versioned at `0.5`, while other crates - especially newer ones - have different versions attached. We recommend to sticking to the high-level matrix-sdk-crate wherever reasonable as lower level crates might change more often, also in breaking fashion. 
+
+With this release all our crates are build with `rust v2021` and need a rust compiler of at least `1.60` (due to our need for weak-dependencies).
+
+### Conventional Commit
+
+We also want to make it easier for external parties to follow changes and stay up to date with what's-what, so, with this release, we are implementing the [conventional commits][cc] standard for our commits and will start putting in automatic changelog generation. Which makes it easier for us to create comprehensive changelogs for releases, but also for anyone following `main` to figure out what changed.
+
+[sdk]: https://crates.io/crates/matrix-sdk/
+[vodozemac]: https://github.com/matrix-org/vodozemac
+[sled]: https://crates.io/crates/matrix-sdk-sled/
+[indexeddb]: https://crates.io/crates/matrix-sdk-indexeddb/
+[chat]: https://matrix.to/#/#matrix-rust-sdk:matrix.org
+[semver]: https://semver.org/
+[cc]: http://conventionalcommits.org/ 

benchmarks/Cargo.toml

@@ -0,0 +1,25 @@
+[package]
+name = "benchmarks"
+description = "Matrix SDK benchmarks"
+edition = "2021"
+license = "Apache-2.0"
+rust-version = "1.56"
+version = "1.0.0"
+publish = false
+
+[dependencies]
+criterion = { version = "0.3.5", features = ["async", "async_tokio", "html_reports"] }
+matrix-sdk-crypto = { path = "../crates/matrix-sdk-crypto", version = "0.5.0" }
+matrix-sdk-sled = { path = "../crates/matrix-sdk-sled", version = "0.1.0", default-features = false, features = ["crypto-store"] }
+matrix-sdk-test = { path = "../crates/matrix-sdk-test", version = "0.5.0" }
+ruma = { git = "https://github.com/ruma/ruma", rev = "96155915f" }
+serde_json = "1.0.79"
+tempfile = "3.3.0"
+tokio = { version = "1.17.0", default-features = false, features = ["rt-multi-thread"] }
+
+[target.'cfg(target_os = "linux")'.dependencies]
+pprof = { version = "0.8.0", features = ["flamegraph", "criterion"] }
+
+[[bench]]
+name = "crypto_bench"
+harness = false

benchmarks/README.md

@@ -0,0 +1,80 @@
+# Benchmarks for the rust-sdk crypto layer
+
+This directory contains various benchmarks that test critical functionality in
+the crypto layer in the rust-sdk.
+
+We're using [Criterion] for the benchmarks, the full documentation for Criterion
+can be found [here](https://bheisler.github.io/criterion.rs/book/criterion_rs.html).
+
+## Running the benchmarks
+
+The benchmark can be simply run by using the `bench` command of `cargo`:
+
+```bash
+$ cargo bench
+```
+
+This will work from the workspace directory of the rust-sdk.
+
+If you want to pass options to the benchmark [you'll need to specify the name of
+the benchmark](https://bheisler.github.io/criterion.rs/book/faq.html#cargo-bench-gives-unrecognized-option-errors-for-valid-command-line-options):
+
+```bash
+$ cargo bench --bench crypto_bench -- # Your options go here
+```
+
+If you want to run only a specific benchmark, simply pass the name of the
+benchmark as an argument:
+
+```bash
+$ cargo bench --bench crypto_bench "Room key sharing/"
+```
+
+After the benchmarks are done, a HTML report can be found in `target/criterion/report/index.html`.
+
+### Using a baseline for the benchmark
+
+The benchmarks will by default compare the results to the previous run of the
+benchmark. If you are improving the performance of a specific feature and run
+the benchmark many times, it may be useful to store a baseline to compare
+against instead.
+
+The `--save-baseline` switch can be used to create a baseline for the benchmark.
+
+```bash
+$ cargo bench --bench crypto_bench -- --save-baseline libolm
+```
+
+After you make your changes you can use the baseline to compare the results like
+so:
+
+```bash
+$ cargo bench --bench crypto_bench -- --baseline libolm
+```
+
+### Generating Flame Graphs for the benchmarks
+
+The benchmarks support profiling and generating [Flame Graphs] while they run in
+profiling mode using [pprof].
+
+Profiling usually requires root permissions, to avoid the need for root
+permissions you can adjust the value of `perf_event_paranoid`, e.g. the most
+permisive value is `-1`:
+
+```bash
+$ echo -1 | sudo tee /proc/sys/kernel/perf_event_paranoid
+```
+
+To generate flame graphs feature simply enable the profiling mode using the
+`--profile-time` command line flag:
+
+```bash
+$ cargo bench --bench crypto_bench -- --profile-time=5
+```
+
+After the benchmarks are done, a flame graph for each individual benchmark can be
+found in `target/criterion/<name-of-benchmark>/profile/flamegraph.svg`.
+
+[pprof]: https://docs.rs/pprof/0.5.0/pprof/index.html#
+[Criterion]: https://docs.rs/criterion/0.3.5/criterion/
+[Flame Graphs]: https://www.brendangregg.com/flamegraphs.html

benchmarks/benches/crypto_bench.rs

@@ -0,0 +1,272 @@
+use std::{ops::Deref, sync::Arc};
+
+use criterion::*;
+use matrix_sdk_crypto::{EncryptionSettings, OlmMachine};
+use matrix_sdk_sled::CryptoStore as SledCryptoStore;
+use matrix_sdk_test::response_from_file;
+use ruma::{
+    api::{
+        client::{
+            keys::{claim_keys, get_keys},
+            to_device::send_event_to_device::v3::Response as ToDeviceResponse,
+        },
+        IncomingResponse,
+    },
+    device_id, room_id, user_id, DeviceId, OwnedUserId, TransactionId, UserId,
+};
+use serde_json::Value;
+use tokio::runtime::Builder;
+
+fn alice_id() -> &'static UserId {
+    user_id!("@alice:example.org")
+}
+
+fn alice_device_id() -> &'static DeviceId {
+    device_id!("JLAFKJWSCS")
+}
+
+fn keys_query_response() -> get_keys::v3::Response {
+    let data = include_bytes!("crypto_bench/keys_query.json");
+    let data: Value = serde_json::from_slice(data).unwrap();
+    let data = response_from_file(&data);
+    get_keys::v3::Response::try_from_http_response(data)
+        .expect("Can't parse the keys upload response")
+}
+
+fn keys_claim_response() -> claim_keys::v3::Response {
+    let data = include_bytes!("crypto_bench/keys_claim.json");
+    let data: Value = serde_json::from_slice(data).unwrap();
+    let data = response_from_file(&data);
+    claim_keys::v3::Response::try_from_http_response(data)
+        .expect("Can't parse the keys upload response")
+}
+
+fn huge_keys_query_response() -> get_keys::v3::Response {
+    let data = include_bytes!("crypto_bench/keys_query_2000_members.json");
+    let data: Value = serde_json::from_slice(data).unwrap();
+    let data = response_from_file(&data);
+    get_keys::v3::Response::try_from_http_response(data)
+        .expect("Can't parse the keys query response")
+}
+
+pub fn keys_query(c: &mut Criterion) {
+    let runtime = Builder::new_multi_thread().build().expect("Can't create runtime");
+    let machine = runtime.block_on(OlmMachine::new(alice_id(), alice_device_id()));
+    let response = keys_query_response();
+    let txn_id = TransactionId::new();
+
+    let count = response.device_keys.values().fold(0, |acc, d| acc + d.len())
+        + response.master_keys.len()
+        + response.self_signing_keys.len()
+        + response.user_signing_keys.len();
+
+    let mut group = c.benchmark_group("Keys querying");
+    group.throughput(Throughput::Elements(count as u64));
+
+    let name = format!("{} device and cross signing keys", count);
+
+    group.bench_with_input(BenchmarkId::new("memory store", &name), &response, |b, response| {
+        b.to_async(&runtime)
+            .iter(|| async { machine.mark_request_as_sent(&txn_id, response).await.unwrap() })
+    });
+
+    let dir = tempfile::tempdir().unwrap();
+    let store = Arc::new(SledCryptoStore::open_with_passphrase(dir.path(), None).unwrap());
+    let machine =
+        runtime.block_on(OlmMachine::with_store(alice_id(), alice_device_id(), store)).unwrap();
+
+    group.bench_with_input(BenchmarkId::new("sled store", &name), &response, |b, response| {
+        b.to_async(&runtime)
+            .iter(|| async { machine.mark_request_as_sent(&txn_id, response).await.unwrap() })
+    });
+
+    group.finish()
+}
+
+pub fn keys_claiming(c: &mut Criterion) {
+    let runtime = Builder::new_multi_thread().build().expect("Can't create runtime");
+
+    let keys_query_response = keys_query_response();
+    let txn_id = TransactionId::new();
+
+    let response = keys_claim_response();
+
+    let count = response.one_time_keys.values().fold(0, |acc, d| acc + d.len());
+
+    let mut group = c.benchmark_group("Olm session creation");
+    group.throughput(Throughput::Elements(count as u64));
+
+    let name = format!("{} one-time keys", count);
+
+    group.bench_with_input(BenchmarkId::new("memory store", &name), &response, |b, response| {
+        b.iter_batched(
+            || {
+                let machine = runtime.block_on(OlmMachine::new(alice_id(), alice_device_id()));
+                runtime
+                    .block_on(machine.mark_request_as_sent(&txn_id, &keys_query_response))
+                    .unwrap();
+                (machine, &runtime, &txn_id)
+            },
+            move |(machine, runtime, txn_id)| {
+                runtime.block_on(machine.mark_request_as_sent(txn_id, response)).unwrap()
+            },
+            BatchSize::SmallInput,
+        )
+    });
+
+    group.bench_with_input(BenchmarkId::new("sled store", &name), &response, |b, response| {
+        b.iter_batched(
+            || {
+                let dir = tempfile::tempdir().unwrap();
+                let store =
+                    Arc::new(SledCryptoStore::open_with_passphrase(dir.path(), None).unwrap());
+
+                let machine = runtime
+                    .block_on(OlmMachine::with_store(alice_id(), alice_device_id(), store))
+                    .unwrap();
+                runtime
+                    .block_on(machine.mark_request_as_sent(&txn_id, &keys_query_response))
+                    .unwrap();
+                (machine, &runtime, &txn_id)
+            },
+            move |(machine, runtime, txn_id)| {
+                runtime.block_on(machine.mark_request_as_sent(txn_id, response)).unwrap()
+            },
+            BatchSize::SmallInput,
+        )
+    });
+
+    group.finish()
+}
+
+pub fn room_key_sharing(c: &mut Criterion) {
+    let runtime = Builder::new_multi_thread().build().expect("Can't create runtime");
+
+    let keys_query_response = keys_query_response();
+    let txn_id = TransactionId::new();
+    let response = keys_claim_response();
+    let room_id = room_id!("!test:localhost");
+
+    let to_device_response = ToDeviceResponse::new();
+    let users: Vec<OwnedUserId> = keys_query_response.device_keys.keys().cloned().collect();
+
+    let count = response.one_time_keys.values().fold(0, |acc, d| acc + d.len());
+
+    let machine = runtime.block_on(OlmMachine::new(alice_id(), alice_device_id()));
+    runtime.block_on(machine.mark_request_as_sent(&txn_id, &keys_query_response)).unwrap();
+    runtime.block_on(machine.mark_request_as_sent(&txn_id, &response)).unwrap();
+
+    let mut group = c.benchmark_group("Room key sharing");
+    group.throughput(Throughput::Elements(count as u64));
+    let name = format!("{} devices", count);
+
+    group.bench_function(BenchmarkId::new("memory store", &name), |b| {
+        b.to_async(&runtime).iter(|| async {
+            let requests = machine
+                .share_room_key(
+                    room_id,
+                    users.iter().map(Deref::deref),
+                    EncryptionSettings::default(),
+                )
+                .await
+                .unwrap();
+
+            assert!(!requests.is_empty());
+
+            for request in requests {
+                machine.mark_request_as_sent(&request.txn_id, &to_device_response).await.unwrap();
+            }
+
+            machine.invalidate_group_session(room_id).await.unwrap();
+        })
+    });
+    let dir = tempfile::tempdir().unwrap();
+    let store = Arc::new(SledCryptoStore::open_with_passphrase(dir.path(), None).unwrap());
+
+    let machine =
+        runtime.block_on(OlmMachine::with_store(alice_id(), alice_device_id(), store)).unwrap();
+    runtime.block_on(machine.mark_request_as_sent(&txn_id, &keys_query_response)).unwrap();
+    runtime.block_on(machine.mark_request_as_sent(&txn_id, &response)).unwrap();
+
+    group.bench_function(BenchmarkId::new("sled store", &name), |b| {
+        b.to_async(&runtime).iter(|| async {
+            let requests = machine
+                .share_room_key(
+                    room_id,
+                    users.iter().map(Deref::deref),
+                    EncryptionSettings::default(),
+                )
+                .await
+                .unwrap();
+
+            assert!(!requests.is_empty());
+
+            for request in requests {
+                machine.mark_request_as_sent(&request.txn_id, &to_device_response).await.unwrap();
+            }
+
+            machine.invalidate_group_session(room_id).await.unwrap();
+        })
+    });
+
+    group.finish()
+}
+
+pub fn devices_missing_sessions_collecting(c: &mut Criterion) {
+    let runtime = Builder::new_multi_thread().build().expect("Can't create runtime");
+
+    let machine = runtime.block_on(OlmMachine::new(alice_id(), alice_device_id()));
+    let response = huge_keys_query_response();
+    let txn_id = TransactionId::new();
+    let users: Vec<OwnedUserId> = response.device_keys.keys().cloned().collect();
+
+    let count = response.device_keys.values().fold(0, |acc, d| acc + d.len());
+
+    let mut group = c.benchmark_group("Devices missing sessions collecting");
+    group.throughput(Throughput::Elements(count as u64));
+
+    let name = format!("{} devices", count);
+
+    runtime.block_on(machine.mark_request_as_sent(&txn_id, &response)).unwrap();
+
+    group.bench_function(BenchmarkId::new("memory store", &name), |b| {
+        b.to_async(&runtime).iter_with_large_drop(|| async {
+            machine.get_missing_sessions(users.iter().map(Deref::deref)).await.unwrap()
+        })
+    });
+
+    let dir = tempfile::tempdir().unwrap();
+    let store = Arc::new(SledCryptoStore::open_with_passphrase(dir.path(), None).unwrap());
+
+    let machine =
+        runtime.block_on(OlmMachine::with_store(alice_id(), alice_device_id(), store)).unwrap();
+
+    runtime.block_on(machine.mark_request_as_sent(&txn_id, &response)).unwrap();
+
+    group.bench_function(BenchmarkId::new("sled store", &name), |b| {
+        b.to_async(&runtime).iter(|| async {
+            machine.get_missing_sessions(users.iter().map(Deref::deref)).await.unwrap()
+        })
+    });
+
+    group.finish()
+}
+
+fn criterion() -> Criterion {
+    #[cfg(target_os = "linux")]
+    let criterion = Criterion::default().with_profiler(pprof::criterion::PProfProfiler::new(
+        100,
+        pprof::criterion::Output::Flamegraph(None),
+    ));
+    #[cfg(not(target_os = "linux"))]
+    let criterion = Criterion::default();
+
+    criterion
+}
+
+criterion_group! {
+    name = benches;
+    config = criterion();
+    targets = keys_query, keys_claiming, room_key_sharing, devices_missing_sessions_collecting,
+}
+criterion_main!(benches);

bindings/README.md

@@ -0,0 +1,22 @@
+# Matrix Rust SDK bindings
+
+In this directory, one can find bindings to the Rust SDK that are
+maintained by the owners of the Matrix Rust SDK project.
+
+* [`apple`] or `matrix-rust-components-swift`, Swift bindings of the
+  [`matrix-sdk`] crate via [`matrix-sdk-ffi`],
+* [`matrix-sdk-crypto-ffi`], bindings of the [`matrix-sdk-crypto`]
+  crate,
+* [`matrix-sdk-crypto-js`], JavaScript bindings of the
+  [`matrix-sdk-crypto`] crate,
+* [`matrix-sdk-crypto-nodejs`], Node.js bindings of the
+  [`matrix-sdk-crypto`] crate,
+* [`matrix-sdk-ffi`], bindings of the [`matrix-sdk`] crate,
+
+[`apple`]: ./apple
+[`matrix-sdk-crypto-ffi`]: ./matrix-sdk-crypto-ffi
+[`matrix-sdk-crypto-js`]: ../crates/matrix-sdk-crypto
+[`matrix-sdk-crypto-nodejs`]: ../crates/matrix-sdk-crypto
+[`matrix-sdk-crypto`]: ../crates/matrix-sdk-crypto
+[`matrix-sdk-ffi`]: ./matrix-sdk-ffi
+[`matrix-sdk`]: ../crates/matrix-sdk

bindings/apple/MatrixRustSDK.xcodeproj/project.pbxproj

@@ -0,0 +1,513 @@
+// !$*UTF8*$!
+{
+	archiveVersion = 1;
+	classes = {
+	};
+	objectVersion = 55;
+	objects = {
+
+/* Begin PBXBuildFile section */
+		181AA19B27B52AB40005F102 /* MatrixSDKFFI.xcframework in Frameworks */ = {isa = PBXBuildFile; fileRef = 181AA19A27B52AB40005F102 /* MatrixSDKFFI.xcframework */; };
+		181AA19C27B52AB40005F102 /* MatrixSDKFFI.xcframework in Embed Frameworks */ = {isa = PBXBuildFile; fileRef = 181AA19A27B52AB40005F102 /* MatrixSDKFFI.xcframework */; settings = {ATTRIBUTES = (CodeSignOnCopy, RemoveHeadersOnCopy, ); }; };
+		189A89BA27B40BBF0048B0A5 /* sdk.swift in Sources */ = {isa = PBXBuildFile; fileRef = 189A89B927B40BBF0048B0A5 /* sdk.swift */; };
+		18CE89D827B2939900CA89E1 /* MatrixRustSDKApp.swift in Sources */ = {isa = PBXBuildFile; fileRef = 18CE89D727B2939900CA89E1 /* MatrixRustSDKApp.swift */; };
+		18CE89DA27B2939900CA89E1 /* ContentView.swift in Sources */ = {isa = PBXBuildFile; fileRef = 18CE89D927B2939900CA89E1 /* ContentView.swift */; };
+		18CE89DC27B2939A00CA89E1 /* Assets.xcassets in Resources */ = {isa = PBXBuildFile; fileRef = 18CE89DB27B2939A00CA89E1 /* Assets.xcassets */; };
+		18CE89E927B2939A00CA89E1 /* MatrixRustSDKTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 18CE89E827B2939A00CA89E1 /* MatrixRustSDKTests.swift */; };
+/* End PBXBuildFile section */
+
+/* Begin PBXContainerItemProxy section */
+		18CE89E527B2939A00CA89E1 /* PBXContainerItemProxy */ = {
+			isa = PBXContainerItemProxy;
+			containerPortal = 18CE89CC27B2939900CA89E1 /* Project object */;
+			proxyType = 1;
+			remoteGlobalIDString = 18CE89D327B2939900CA89E1;
+			remoteInfo = MatrixRustSDK;
+		};
+/* End PBXContainerItemProxy section */
+
+/* Begin PBXCopyFilesBuildPhase section */
+		18CE8A1F27B2941600CA89E1 /* Embed Frameworks */ = {
+			isa = PBXCopyFilesBuildPhase;
+			buildActionMask = 2147483647;
+			dstPath = "";
+			dstSubfolderSpec = 10;
+			files = (
+				181AA19C27B52AB40005F102 /* MatrixSDKFFI.xcframework in Embed Frameworks */,
+			);
+			name = "Embed Frameworks";
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+/* End PBXCopyFilesBuildPhase section */
+
+/* Begin PBXFileReference section */
+		181AA19927B52AA60005F102 /* Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist; path = Info.plist; sourceTree = "<group>"; };
+		181AA19A27B52AB40005F102 /* MatrixSDKFFI.xcframework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.xcframework; name = MatrixSDKFFI.xcframework; path = ../../generated/MatrixSDKFFI.xcframework; sourceTree = "<group>"; };
+		189A89B927B40BBF0048B0A5 /* sdk.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; name = sdk.swift; path = ../../../generated/swift/sdk.swift; sourceTree = "<group>"; };
+		189A89C327B417CA0048B0A5 /* MatrixRustSDK-Bridging-Header.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = "MatrixRustSDK-Bridging-Header.h"; sourceTree = "<group>"; };
+		18CE89D427B2939900CA89E1 /* MatrixRustSDK.app */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = MatrixRustSDK.app; sourceTree = BUILT_PRODUCTS_DIR; };
+		18CE89D727B2939900CA89E1 /* MatrixRustSDKApp.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = MatrixRustSDKApp.swift; sourceTree = "<group>"; };
+		18CE89D927B2939900CA89E1 /* ContentView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ContentView.swift; sourceTree = "<group>"; };
+		18CE89DB27B2939A00CA89E1 /* Assets.xcassets */ = {isa = PBXFileReference; lastKnownFileType = folder.assetcatalog; path = Assets.xcassets; sourceTree = "<group>"; };
+		18CE89E427B2939A00CA89E1 /* MatrixRustSDKTests.xctest */ = {isa = PBXFileReference; explicitFileType = wrapper.cfbundle; includeInIndex = 0; path = MatrixRustSDKTests.xctest; sourceTree = BUILT_PRODUCTS_DIR; };
+		18CE89E827B2939A00CA89E1 /* MatrixRustSDKTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = MatrixRustSDKTests.swift; sourceTree = "<group>"; };
+		18CE8A0127B293A900CA89E1 /* MatrixRustSDK.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.plist.entitlements; path = MatrixRustSDK.entitlements; sourceTree = "<group>"; };
+/* End PBXFileReference section */
+
+/* Begin PBXFrameworksBuildPhase section */
+		18CE89D127B2939900CA89E1 /* Frameworks */ = {
+			isa = PBXFrameworksBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+				181AA19B27B52AB40005F102 /* MatrixSDKFFI.xcframework in Frameworks */,
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+		18CE89E127B2939A00CA89E1 /* Frameworks */ = {
+			isa = PBXFrameworksBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+/* End PBXFrameworksBuildPhase section */
+
+/* Begin PBXGroup section */
+		189A89AB27B2E16B0048B0A5 /* Frameworks */ = {
+			isa = PBXGroup;
+			children = (
+				181AA19A27B52AB40005F102 /* MatrixSDKFFI.xcframework */,
+			);
+			name = Frameworks;
+			sourceTree = "<group>";
+		};
+		189A89B827B40BB10048B0A5 /* Generated */ = {
+			isa = PBXGroup;
+			children = (
+				189A89B927B40BBF0048B0A5 /* sdk.swift */,
+			);
+			name = Generated;
+			sourceTree = "<group>";
+		};
+		18CE89CB27B2939900CA89E1 = {
+			isa = PBXGroup;
+			children = (
+				18CE89D627B2939900CA89E1 /* MatrixRustSDK */,
+				18CE89E727B2939A00CA89E1 /* MatrixRustSDKTests */,
+				18CE89D527B2939900CA89E1 /* Products */,
+				189A89AB27B2E16B0048B0A5 /* Frameworks */,
+			);
+			sourceTree = "<group>";
+		};
+		18CE89D527B2939900CA89E1 /* Products */ = {
+			isa = PBXGroup;
+			children = (
+				18CE89D427B2939900CA89E1 /* MatrixRustSDK.app */,
+				18CE89E427B2939A00CA89E1 /* MatrixRustSDKTests.xctest */,
+			);
+			name = Products;
+			sourceTree = "<group>";
+		};
+		18CE89D627B2939900CA89E1 /* MatrixRustSDK */ = {
+			isa = PBXGroup;
+			children = (
+				181AA19927B52AA60005F102 /* Info.plist */,
+				189A89B827B40BB10048B0A5 /* Generated */,
+				18CE89D727B2939900CA89E1 /* MatrixRustSDKApp.swift */,
+				18CE89D927B2939900CA89E1 /* ContentView.swift */,
+				18CE8A0127B293A900CA89E1 /* MatrixRustSDK.entitlements */,
+				18CE89DB27B2939A00CA89E1 /* Assets.xcassets */,
+				189A89C327B417CA0048B0A5 /* MatrixRustSDK-Bridging-Header.h */,
+			);
+			path = MatrixRustSDK;
+			sourceTree = "<group>";
+		};
+		18CE89E727B2939A00CA89E1 /* MatrixRustSDKTests */ = {
+			isa = PBXGroup;
+			children = (
+				18CE89E827B2939A00CA89E1 /* MatrixRustSDKTests.swift */,
+			);
+			path = MatrixRustSDKTests;
+			sourceTree = "<group>";
+		};
+/* End PBXGroup section */
+
+/* Begin PBXNativeTarget section */
+		18CE89D327B2939900CA89E1 /* MatrixRustSDK */ = {
+			isa = PBXNativeTarget;
+			buildConfigurationList = 18CE89F827B2939A00CA89E1 /* Build configuration list for PBXNativeTarget "MatrixRustSDK" */;
+			buildPhases = (
+				18CE89D027B2939900CA89E1 /* Sources */,
+				18CE89D127B2939900CA89E1 /* Frameworks */,
+				18CE89D227B2939900CA89E1 /* Resources */,
+				18CE8A1F27B2941600CA89E1 /* Embed Frameworks */,
+			);
+			buildRules = (
+			);
+			dependencies = (
+			);
+			name = MatrixRustSDK;
+			productName = MatrixRustSDK;
+			productReference = 18CE89D427B2939900CA89E1 /* MatrixRustSDK.app */;
+			productType = "com.apple.product-type.application";
+		};
+		18CE89E327B2939A00CA89E1 /* MatrixRustSDKTests */ = {
+			isa = PBXNativeTarget;
+			buildConfigurationList = 18CE89FB27B2939A00CA89E1 /* Build configuration list for PBXNativeTarget "MatrixRustSDKTests" */;
+			buildPhases = (
+				18CE89E027B2939A00CA89E1 /* Sources */,
+				18CE89E127B2939A00CA89E1 /* Frameworks */,
+				18CE89E227B2939A00CA89E1 /* Resources */,
+			);
+			buildRules = (
+			);
+			dependencies = (
+				18CE89E627B2939A00CA89E1 /* PBXTargetDependency */,
+			);
+			name = MatrixRustSDKTests;
+			productName = MatrixRustSDKTests;
+			productReference = 18CE89E427B2939A00CA89E1 /* MatrixRustSDKTests.xctest */;
+			productType = "com.apple.product-type.bundle.unit-test";
+		};
+/* End PBXNativeTarget section */
+
+/* Begin PBXProject section */
+		18CE89CC27B2939900CA89E1 /* Project object */ = {
+			isa = PBXProject;
+			attributes = {
+				BuildIndependentTargetsInParallel = 1;
+				LastSwiftUpdateCheck = 1320;
+				LastUpgradeCheck = 1320;
+				TargetAttributes = {
+					18CE89D327B2939900CA89E1 = {
+						CreatedOnToolsVersion = 13.2.1;
+						LastSwiftMigration = 1320;
+					};
+					18CE89E327B2939A00CA89E1 = {
+						CreatedOnToolsVersion = 13.2.1;
+						TestTargetID = 18CE89D327B2939900CA89E1;
+					};
+				};
+			};
+			buildConfigurationList = 18CE89CF27B2939900CA89E1 /* Build configuration list for PBXProject "MatrixRustSDK" */;
+			compatibilityVersion = "Xcode 13.0";
+			developmentRegion = en;
+			hasScannedForEncodings = 0;
+			knownRegions = (
+				en,
+				Base,
+			);
+			mainGroup = 18CE89CB27B2939900CA89E1;
+			productRefGroup = 18CE89D527B2939900CA89E1 /* Products */;
+			projectDirPath = "";
+			projectRoot = "";
+			targets = (
+				18CE89D327B2939900CA89E1 /* MatrixRustSDK */,
+				18CE89E327B2939A00CA89E1 /* MatrixRustSDKTests */,
+			);
+		};
+/* End PBXProject section */
+
+/* Begin PBXResourcesBuildPhase section */
+		18CE89D227B2939900CA89E1 /* Resources */ = {
+			isa = PBXResourcesBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+				18CE89DC27B2939A00CA89E1 /* Assets.xcassets in Resources */,
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+		18CE89E227B2939A00CA89E1 /* Resources */ = {
+			isa = PBXResourcesBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+/* End PBXResourcesBuildPhase section */
+
+/* Begin PBXSourcesBuildPhase section */
+		18CE89D027B2939900CA89E1 /* Sources */ = {
+			isa = PBXSourcesBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+				18CE89DA27B2939900CA89E1 /* ContentView.swift in Sources */,
+				189A89BA27B40BBF0048B0A5 /* sdk.swift in Sources */,
+				18CE89D827B2939900CA89E1 /* MatrixRustSDKApp.swift in Sources */,
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+		18CE89E027B2939A00CA89E1 /* Sources */ = {
+			isa = PBXSourcesBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+				18CE89E927B2939A00CA89E1 /* MatrixRustSDKTests.swift in Sources */,
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+/* End PBXSourcesBuildPhase section */
+
+/* Begin PBXTargetDependency section */
+		18CE89E627B2939A00CA89E1 /* PBXTargetDependency */ = {
+			isa = PBXTargetDependency;
+			target = 18CE89D327B2939900CA89E1 /* MatrixRustSDK */;
+			targetProxy = 18CE89E527B2939A00CA89E1 /* PBXContainerItemProxy */;
+		};
+/* End PBXTargetDependency section */
+
+/* Begin XCBuildConfiguration section */
+		18CE89F627B2939A00CA89E1 /* Debug */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				ALWAYS_SEARCH_USER_PATHS = NO;
+				CLANG_ANALYZER_NONNULL = YES;
+				CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE;
+				CLANG_CXX_LANGUAGE_STANDARD = "gnu++17";
+				CLANG_CXX_LIBRARY = "libc++";
+				CLANG_ENABLE_MODULES = YES;
+				CLANG_ENABLE_OBJC_ARC = YES;
+				CLANG_ENABLE_OBJC_WEAK = YES;
+				CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES;
+				CLANG_WARN_BOOL_CONVERSION = YES;
+				CLANG_WARN_COMMA = YES;
+				CLANG_WARN_CONSTANT_CONVERSION = YES;
+				CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES;
+				CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR;
+				CLANG_WARN_DOCUMENTATION_COMMENTS = YES;
+				CLANG_WARN_EMPTY_BODY = YES;
+				CLANG_WARN_ENUM_CONVERSION = YES;
+				CLANG_WARN_INFINITE_RECURSION = YES;
+				CLANG_WARN_INT_CONVERSION = YES;
+				CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES;
+				CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES;
+				CLANG_WARN_OBJC_LITERAL_CONVERSION = YES;
+				CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR;
+				CLANG_WARN_QUOTED_INCLUDE_IN_FRAMEWORK_HEADER = YES;
+				CLANG_WARN_RANGE_LOOP_ANALYSIS = YES;
+				CLANG_WARN_STRICT_PROTOTYPES = YES;
+				CLANG_WARN_SUSPICIOUS_MOVE = YES;
+				CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE;
+				CLANG_WARN_UNREACHABLE_CODE = YES;
+				CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
+				COPY_PHASE_STRIP = NO;
+				DEBUG_INFORMATION_FORMAT = dwarf;
+				ENABLE_STRICT_OBJC_MSGSEND = YES;
+				ENABLE_TESTABILITY = YES;
+				GCC_C_LANGUAGE_STANDARD = gnu11;
+				GCC_DYNAMIC_NO_PIC = NO;
+				GCC_NO_COMMON_BLOCKS = YES;
+				GCC_OPTIMIZATION_LEVEL = 0;
+				GCC_PREPROCESSOR_DEFINITIONS = (
+					"DEBUG=1",
+					"$(inherited)",
+				);
+				GCC_WARN_64_TO_32_BIT_CONVERSION = YES;
+				GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR;
+				GCC_WARN_UNDECLARED_SELECTOR = YES;
+				GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE;
+				GCC_WARN_UNUSED_FUNCTION = YES;
+				GCC_WARN_UNUSED_VARIABLE = YES;
+				IPHONEOS_DEPLOYMENT_TARGET = 15.2;
+				MTL_ENABLE_DEBUG_INFO = INCLUDE_SOURCE;
+				MTL_FAST_MATH = YES;
+				ONLY_ACTIVE_ARCH = YES;
+				SDKROOT = iphoneos;
+				SWIFT_ACTIVE_COMPILATION_CONDITIONS = DEBUG;
+				SWIFT_OPTIMIZATION_LEVEL = "-Onone";
+			};
+			name = Debug;
+		};
+		18CE89F727B2939A00CA89E1 /* Release */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				ALWAYS_SEARCH_USER_PATHS = NO;
+				CLANG_ANALYZER_NONNULL = YES;
+				CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE;
+				CLANG_CXX_LANGUAGE_STANDARD = "gnu++17";
+				CLANG_CXX_LIBRARY = "libc++";
+				CLANG_ENABLE_MODULES = YES;
+				CLANG_ENABLE_OBJC_ARC = YES;
+				CLANG_ENABLE_OBJC_WEAK = YES;
+				CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES;
+				CLANG_WARN_BOOL_CONVERSION = YES;
+				CLANG_WARN_COMMA = YES;
+				CLANG_WARN_CONSTANT_CONVERSION = YES;
+				CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES;
+				CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR;
+				CLANG_WARN_DOCUMENTATION_COMMENTS = YES;
+				CLANG_WARN_EMPTY_BODY = YES;
+				CLANG_WARN_ENUM_CONVERSION = YES;
+				CLANG_WARN_INFINITE_RECURSION = YES;
+				CLANG_WARN_INT_CONVERSION = YES;
+				CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES;
+				CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES;
+				CLANG_WARN_OBJC_LITERAL_CONVERSION = YES;
+				CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR;
+				CLANG_WARN_QUOTED_INCLUDE_IN_FRAMEWORK_HEADER = YES;
+				CLANG_WARN_RANGE_LOOP_ANALYSIS = YES;
+				CLANG_WARN_STRICT_PROTOTYPES = YES;
+				CLANG_WARN_SUSPICIOUS_MOVE = YES;
+				CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE;
+				CLANG_WARN_UNREACHABLE_CODE = YES;
+				CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
+				COPY_PHASE_STRIP = NO;
+				DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym";
+				ENABLE_NS_ASSERTIONS = NO;
+				ENABLE_STRICT_OBJC_MSGSEND = YES;
+				GCC_C_LANGUAGE_STANDARD = gnu11;
+				GCC_NO_COMMON_BLOCKS = YES;
+				GCC_WARN_64_TO_32_BIT_CONVERSION = YES;
+				GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR;
+				GCC_WARN_UNDECLARED_SELECTOR = YES;
+				GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE;
+				GCC_WARN_UNUSED_FUNCTION = YES;
+				GCC_WARN_UNUSED_VARIABLE = YES;
+				IPHONEOS_DEPLOYMENT_TARGET = 15.2;
+				MTL_ENABLE_DEBUG_INFO = NO;
+				MTL_FAST_MATH = YES;
+				SDKROOT = iphoneos;
+				SWIFT_COMPILATION_MODE = wholemodule;
+				SWIFT_OPTIMIZATION_LEVEL = "-O";
+				VALIDATE_PRODUCT = YES;
+			};
+			name = Release;
+		};
+		18CE89F927B2939A00CA89E1 /* Debug */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon;
+				ASSETCATALOG_COMPILER_GLOBAL_ACCENT_COLOR_NAME = AccentColor;
+				CLANG_ENABLE_MODULES = YES;
+				CODE_SIGN_ENTITLEMENTS = MatrixRustSDK/MatrixRustSDK.entitlements;
+				"CODE_SIGN_IDENTITY[sdk=macosx*]" = "-";
+				CODE_SIGN_STYLE = Automatic;
+				CURRENT_PROJECT_VERSION = 1;
+				ENABLE_PREVIEWS = YES;
+				GENERATE_INFOPLIST_FILE = YES;
+				INFOPLIST_FILE = MatrixRustSDK/Info.plist;
+				INFOPLIST_KEY_UIApplicationSceneManifest_Generation = YES;
+				INFOPLIST_KEY_UIApplicationSupportsIndirectInputEvents = YES;
+				INFOPLIST_KEY_UILaunchScreen_Generation = YES;
+				INFOPLIST_KEY_UISupportedInterfaceOrientations_iPad = "UIInterfaceOrientationPortrait UIInterfaceOrientationPortraitUpsideDown UIInterfaceOrientationLandscapeLeft UIInterfaceOrientationLandscapeRight";
+				INFOPLIST_KEY_UISupportedInterfaceOrientations_iPhone = "UIInterfaceOrientationPortrait UIInterfaceOrientationLandscapeLeft UIInterfaceOrientationLandscapeRight";
+				LD_RUNPATH_SEARCH_PATHS = (
+					"$(inherited)",
+					"@executable_path/Frameworks",
+				);
+				MARKETING_VERSION = 1.0;
+				PRODUCT_BUNDLE_IDENTIFIER = org.matrix.MatrixRustSDK;
+				PRODUCT_NAME = "$(TARGET_NAME)";
+				SUPPORTS_MACCATALYST = YES;
+				SWIFT_EMIT_LOC_STRINGS = YES;
+				SWIFT_OBJC_BRIDGING_HEADER = "MatrixRustSDK/MatrixRustSDK-Bridging-Header.h";
+				SWIFT_OPTIMIZATION_LEVEL = "-Onone";
+				SWIFT_VERSION = 5.0;
+				TARGETED_DEVICE_FAMILY = "1,2";
+			};
+			name = Debug;
+		};
+		18CE89FA27B2939A00CA89E1 /* Release */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon;
+				ASSETCATALOG_COMPILER_GLOBAL_ACCENT_COLOR_NAME = AccentColor;
+				CLANG_ENABLE_MODULES = YES;
+				CODE_SIGN_ENTITLEMENTS = MatrixRustSDK/MatrixRustSDK.entitlements;
+				"CODE_SIGN_IDENTITY[sdk=macosx*]" = "-";
+				CODE_SIGN_STYLE = Automatic;
+				CURRENT_PROJECT_VERSION = 1;
+				ENABLE_PREVIEWS = YES;
+				GENERATE_INFOPLIST_FILE = YES;
+				INFOPLIST_FILE = MatrixRustSDK/Info.plist;
+				INFOPLIST_KEY_UIApplicationSceneManifest_Generation = YES;
+				INFOPLIST_KEY_UIApplicationSupportsIndirectInputEvents = YES;
+				INFOPLIST_KEY_UILaunchScreen_Generation = YES;
+				INFOPLIST_KEY_UISupportedInterfaceOrientations_iPad = "UIInterfaceOrientationPortrait UIInterfaceOrientationPortraitUpsideDown UIInterfaceOrientationLandscapeLeft UIInterfaceOrientationLandscapeRight";
+				INFOPLIST_KEY_UISupportedInterfaceOrientations_iPhone = "UIInterfaceOrientationPortrait UIInterfaceOrientationLandscapeLeft UIInterfaceOrientationLandscapeRight";
+				LD_RUNPATH_SEARCH_PATHS = (
+					"$(inherited)",
+					"@executable_path/Frameworks",
+				);
+				MARKETING_VERSION = 1.0;
+				PRODUCT_BUNDLE_IDENTIFIER = org.matrix.MatrixRustSDK;
+				PRODUCT_NAME = "$(TARGET_NAME)";
+				SUPPORTS_MACCATALYST = YES;
+				SWIFT_EMIT_LOC_STRINGS = YES;
+				SWIFT_OBJC_BRIDGING_HEADER = "MatrixRustSDK/MatrixRustSDK-Bridging-Header.h";
+				SWIFT_VERSION = 5.0;
+				TARGETED_DEVICE_FAMILY = "1,2";
+			};
+			name = Release;
+		};
+		18CE89FC27B2939A00CA89E1 /* Debug */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				ALWAYS_EMBED_SWIFT_STANDARD_LIBRARIES = YES;
+				BUNDLE_LOADER = "$(TEST_HOST)";
+				CODE_SIGN_STYLE = Automatic;
+				CURRENT_PROJECT_VERSION = 1;
+				GENERATE_INFOPLIST_FILE = YES;
+				IPHONEOS_DEPLOYMENT_TARGET = 15.2;
+				MARKETING_VERSION = 1.0;
+				PRODUCT_BUNDLE_IDENTIFIER = org.matrix.MatrixRustSDKTests;
+				PRODUCT_NAME = "$(TARGET_NAME)";
+				SWIFT_EMIT_LOC_STRINGS = NO;
+				SWIFT_VERSION = 5.0;
+				TARGETED_DEVICE_FAMILY = "1,2";
+				TEST_HOST = "$(BUILT_PRODUCTS_DIR)/MatrixRustSDK.app/MatrixRustSDK";
+			};
+			name = Debug;
+		};
+		18CE89FD27B2939A00CA89E1 /* Release */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				ALWAYS_EMBED_SWIFT_STANDARD_LIBRARIES = YES;
+				BUNDLE_LOADER = "$(TEST_HOST)";
+				CODE_SIGN_STYLE = Automatic;
+				CURRENT_PROJECT_VERSION = 1;
+				GENERATE_INFOPLIST_FILE = YES;
+				IPHONEOS_DEPLOYMENT_TARGET = 15.2;
+				MARKETING_VERSION = 1.0;
+				PRODUCT_BUNDLE_IDENTIFIER = org.matrix.MatrixRustSDKTests;
+				PRODUCT_NAME = "$(TARGET_NAME)";
+				SWIFT_EMIT_LOC_STRINGS = NO;
+				SWIFT_VERSION = 5.0;
+				TARGETED_DEVICE_FAMILY = "1,2";
+				TEST_HOST = "$(BUILT_PRODUCTS_DIR)/MatrixRustSDK.app/MatrixRustSDK";
+			};
+			name = Release;
+		};
+/* End XCBuildConfiguration section */
+
+/* Begin XCConfigurationList section */
+		18CE89CF27B2939900CA89E1 /* Build configuration list for PBXProject "MatrixRustSDK" */ = {
+			isa = XCConfigurationList;
+			buildConfigurations = (
+				18CE89F627B2939A00CA89E1 /* Debug */,
+				18CE89F727B2939A00CA89E1 /* Release */,
+			);
+			defaultConfigurationIsVisible = 0;
+			defaultConfigurationName = Release;
+		};
+		18CE89F827B2939A00CA89E1 /* Build configuration list for PBXNativeTarget "MatrixRustSDK" */ = {
+			isa = XCConfigurationList;
+			buildConfigurations = (
+				18CE89F927B2939A00CA89E1 /* Debug */,
+				18CE89FA27B2939A00CA89E1 /* Release */,
+			);
+			defaultConfigurationIsVisible = 0;
+			defaultConfigurationName = Release;
+		};
+		18CE89FB27B2939A00CA89E1 /* Build configuration list for PBXNativeTarget "MatrixRustSDKTests" */ = {
+			isa = XCConfigurationList;
+			buildConfigurations = (
+				18CE89FC27B2939A00CA89E1 /* Debug */,
+				18CE89FD27B2939A00CA89E1 /* Release */,
+			);
+			defaultConfigurationIsVisible = 0;
+			defaultConfigurationName = Release;
+		};
+/* End XCConfigurationList section */
+	};
+	rootObject = 18CE89CC27B2939900CA89E1 /* Project object */;
+}

bindings/apple/MatrixRustSDK.xcodeproj/project.xcworkspace/contents.xcworkspacedata

@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Workspace
+   version = "1.0">
+   <FileRef
+      location = "self:">
+   </FileRef>
+</Workspace>

bindings/apple/MatrixRustSDK.xcodeproj/project.xcworkspace/xcshareddata/IDEWorkspaceChecks.plist

@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>IDEDidComputeMac32BitWarning</key>
+	<true/>
+</dict>
+</plist>

bindings/apple/MatrixRustSDK.xcodeproj/xcshareddata/xcschemes/MatrixRustSDK.xcscheme

@@ -0,0 +1,98 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Scheme
+   LastUpgradeVersion = "1320"
+   version = "1.3">
+   <BuildAction
+      parallelizeBuildables = "YES"
+      buildImplicitDependencies = "YES">
+      <BuildActionEntries>
+         <BuildActionEntry
+            buildForTesting = "YES"
+            buildForRunning = "YES"
+            buildForProfiling = "YES"
+            buildForArchiving = "YES"
+            buildForAnalyzing = "YES">
+            <BuildableReference
+               BuildableIdentifier = "primary"
+               BlueprintIdentifier = "18CE89D327B2939900CA89E1"
+               BuildableName = "MatrixRustSDK.app"
+               BlueprintName = "MatrixRustSDK"
+               ReferencedContainer = "container:MatrixRustSDK.xcodeproj">
+            </BuildableReference>
+         </BuildActionEntry>
+      </BuildActionEntries>
+   </BuildAction>
+   <TestAction
+      buildConfiguration = "Debug"
+      selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
+      selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+      shouldUseLaunchSchemeArgsEnv = "YES">
+      <Testables>
+         <TestableReference
+            skipped = "NO">
+            <BuildableReference
+               BuildableIdentifier = "primary"
+               BlueprintIdentifier = "18CE89E327B2939A00CA89E1"
+               BuildableName = "MatrixRustSDKTests.xctest"
+               BlueprintName = "MatrixRustSDKTests"
+               ReferencedContainer = "container:MatrixRustSDK.xcodeproj">
+            </BuildableReference>
+         </TestableReference>
+         <TestableReference
+            skipped = "NO">
+            <BuildableReference
+               BuildableIdentifier = "primary"
+               BlueprintIdentifier = "18CE89ED27B2939A00CA89E1"
+               BuildableName = "MatrixRustSDKUITests.xctest"
+               BlueprintName = "MatrixRustSDKUITests"
+               ReferencedContainer = "container:MatrixRustSDK.xcodeproj">
+            </BuildableReference>
+         </TestableReference>
+      </Testables>
+   </TestAction>
+   <LaunchAction
+      buildConfiguration = "Debug"
+      selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
+      selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+      launchStyle = "0"
+      useCustomWorkingDirectory = "NO"
+      ignoresPersistentStateOnLaunch = "NO"
+      debugDocumentVersioning = "YES"
+      debugServiceExtension = "internal"
+      allowLocationSimulation = "YES">
+      <BuildableProductRunnable
+         runnableDebuggingMode = "0">
+         <BuildableReference
+            BuildableIdentifier = "primary"
+            BlueprintIdentifier = "18CE89D327B2939900CA89E1"
+            BuildableName = "MatrixRustSDK.app"
+            BlueprintName = "MatrixRustSDK"
+            ReferencedContainer = "container:MatrixRustSDK.xcodeproj">
+         </BuildableReference>
+      </BuildableProductRunnable>
+   </LaunchAction>
+   <ProfileAction
+      buildConfiguration = "Release"
+      shouldUseLaunchSchemeArgsEnv = "YES"
+      savedToolIdentifier = ""
+      useCustomWorkingDirectory = "NO"
+      debugDocumentVersioning = "YES">
+      <BuildableProductRunnable
+         runnableDebuggingMode = "0">
+         <BuildableReference
+            BuildableIdentifier = "primary"
+            BlueprintIdentifier = "18CE89D327B2939900CA89E1"
+            BuildableName = "MatrixRustSDK.app"
+            BlueprintName = "MatrixRustSDK"
+            ReferencedContainer = "container:MatrixRustSDK.xcodeproj">
+         </BuildableReference>
+      </BuildableProductRunnable>
+   </ProfileAction>
+   <AnalyzeAction
+      buildConfiguration = "Debug">
+   </AnalyzeAction>
+   <ArchiveAction
+      buildConfiguration = "Release"
+      revealArchiveInOrganizer = "YES">
+   </ArchiveAction>
+</Scheme>

bindings/apple/MatrixRustSDK/Assets.xcassets/AccentColor.colorset/Contents.json

@@ -0,0 +1,11 @@
+{
+  "colors" : [
+    {
+      "idiom" : "universal"
+    }
+  ],
+  "info" : {
+    "author" : "xcode",
+    "version" : 1
+  }
+}

bindings/apple/MatrixRustSDK/Assets.xcassets/AppIcon.appiconset/Contents.json

@@ -0,0 +1,98 @@
+{
+  "images" : [
+    {
+      "idiom" : "iphone",
+      "scale" : "2x",
+      "size" : "20x20"
+    },
+    {
+      "idiom" : "iphone",
+      "scale" : "3x",
+      "size" : "20x20"
+    },
+    {
+      "idiom" : "iphone",
+      "scale" : "2x",
+      "size" : "29x29"
+    },
+    {
+      "idiom" : "iphone",
+      "scale" : "3x",
+      "size" : "29x29"
+    },
+    {
+      "idiom" : "iphone",
+      "scale" : "2x",
+      "size" : "40x40"
+    },
+    {
+      "idiom" : "iphone",
+      "scale" : "3x",
+      "size" : "40x40"
+    },
+    {
+      "idiom" : "iphone",
+      "scale" : "2x",
+      "size" : "60x60"
+    },
+    {
+      "idiom" : "iphone",
+      "scale" : "3x",
+      "size" : "60x60"
+    },
+    {
+      "idiom" : "ipad",
+      "scale" : "1x",
+      "size" : "20x20"
+    },
+    {
+      "idiom" : "ipad",
+      "scale" : "2x",
+      "size" : "20x20"
+    },
+    {
+      "idiom" : "ipad",
+      "scale" : "1x",
+      "size" : "29x29"
+    },
+    {
+      "idiom" : "ipad",
+      "scale" : "2x",
+      "size" : "29x29"
+    },
+    {
+      "idiom" : "ipad",
+      "scale" : "1x",
+      "size" : "40x40"
+    },
+    {
+      "idiom" : "ipad",
+      "scale" : "2x",
+      "size" : "40x40"
+    },
+    {
+      "idiom" : "ipad",
+      "scale" : "1x",
+      "size" : "76x76"
+    },
+    {
+      "idiom" : "ipad",
+      "scale" : "2x",
+      "size" : "76x76"
+    },
+    {
+      "idiom" : "ipad",
+      "scale" : "2x",
+      "size" : "83.5x83.5"
+    },
+    {
+      "idiom" : "ios-marketing",
+      "scale" : "1x",
+      "size" : "1024x1024"
+    }
+  ],
+  "info" : {
+    "author" : "xcode",
+    "version" : 1
+  }
+}

bindings/apple/MatrixRustSDK/Assets.xcassets/Contents.json

@@ -0,0 +1,6 @@
+{
+  "info" : {
+    "author" : "xcode",
+    "version" : 1
+  }
+}

bindings/apple/MatrixRustSDK/ContentView.swift

@@ -0,0 +1,21 @@
+//
+//  ContentView.swift
+//  MatrixRustSDK
+//
+//  Created by Stefan Ceriu on 08.02.2022.
+//
+
+import SwiftUI
+
+struct ContentView: View {
+    var body: some View {
+        Text("Hello, Rust!")
+            .padding()
+    }
+}
+
+struct ContentView_Previews: PreviewProvider {
+    static var previews: some View {
+        ContentView()
+    }
+}

bindings/apple/MatrixRustSDK/Info.plist

@@ -0,0 +1,5 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict/>
+</plist>

bindings/apple/MatrixRustSDK/MatrixRustSDK-Bridging-Header.h

@@ -0,0 +1,5 @@
+//
+//  Use this file to import your target's public headers that you would like to expose to Swift.
+//
+
+#import "sdkFFI.h"

bindings/apple/MatrixRustSDK/MatrixRustSDK.entitlements

@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>com.apple.security.app-sandbox</key>
+	<true/>
+	<key>com.apple.security.network.client</key>
+	<true/>
+</dict>
+</plist>

bindings/apple/MatrixRustSDK/MatrixRustSDKApp.swift

@@ -0,0 +1,17 @@
+//
+//  MatrixRustSDKApp.swift
+//  MatrixRustSDK
+//
+//  Created by Stefan Ceriu on 08.02.2022.
+//
+
+import SwiftUI
+
+@main
+struct MatrixRustSDKApp: App {
+    var body: some Scene {
+        WindowGroup {
+            ContentView()
+        }
+    }
+}

bindings/apple/MatrixRustSDKTests/MatrixRustSDKTests.swift

@@ -0,0 +1,39 @@
+//
+//  MatrixRustSDKTests.swift
+//  MatrixRustSDKTests
+//
+//  Created by Stefan Ceriu on 08.02.2022.
+//
+
+import XCTest
+@testable import MatrixRustSDK
+
+class MatrixRustSDKTests: XCTestCase {
+    
+    func testReadOnlyFileSystemError() {
+        do {
+            let client = try ClientBuilder()
+                .basePath(path: "")
+                .username(username: "@test:domain")
+                .build()
+            
+            try client.login(username: "@test:domain", password: "test")
+        } catch ClientError.Generic(let message) {
+            XCTAssertNotNil(message.range(of: "Read-only file system"))
+        } catch {
+            XCTFail("Not expecting any other kind of exception")
+        }
+    }
+    
+    // MARK: - Private
+    
+    static private var basePath: String {
+        guard let url = FileManager.default.urls(for: .cachesDirectory, in: .userDomainMask).first else {
+            fatalError("Should always be able to retrieve the caches directory")
+        }
+        
+        try? FileManager.default.createDirectory(at: url, withIntermediateDirectories: false, attributes: nil)
+        
+        return url.path
+    }
+}

bindings/apple/MatrixSDKCrypto.podspec

@@ -0,0 +1,17 @@
+Pod::Spec.new do |s|
+
+    s.name                  = "MatrixSDKCrypto"
+    s.version               = "0.1.0"
+    s.summary               = "Uniffi based bindings for the Rust SDK crypto crate."
+    s.homepage              = "https://github.com/matrix-org/matrix-rust-sdk"
+    s.license               = { :type => "Apache License, Version 2.0", :file => "LICENSE" }
+    s.author                = { "matrix.org" => "support@matrix.org" }
+
+    s.ios.deployment_target = "11.0"
+    s.swift_versions = ['5.0']
+
+    s.source                = { :http => "https://github.com/matrix-org/matrix-rust-sdk/releases/download/matrix-sdk-crypto-ffi-#{s.version}/MatrixSDKCryptoFFI.zip" }
+    s.vendored_frameworks   = "MatrixSDKCryptoFFI.xcframework"
+    s.source_files          = "Sources/**/*.{swift}"
+  
+end

bindings/apple/README.md

@@ -0,0 +1,53 @@
+# Apple platforms support
+
+This project and build script demonstrate how to create an XCFramework that can be imported into an Xcode project and run on Apple platforms. It can compile and bundle an [entire SDK](#Building-the-SDK), or only a smaller [Crypto module](#Building-only-the-Crypto-SDK) that provides end-to-end encryption for clients that already depend on an SDK (e.g. [Matrix iOS SDK](https://github.com/matrix-org/matrix-ios-sdk))
+
+## Prerequisites for building universal frameworks
+
+* the Rust toolchain
+* UniFFI - `cargo install uniffi_bindgen`
+* Apple targets (e.g. `rustup target add aarch64-apple-ios`)
+* `xcodebuild` command line tool from [Apple](https://developer.apple.com/library/archive/technotes/tn2339/_index.html)
+* `lipo` for creating the fat static libs
+
+## Building the SDK
+
+```
+sh build_xcframework.sh
+```
+
+The `build_xcframework.sh` script will go through all the steps required to generate a fully usable `.xcframework`:
+
+1. compile `matrix-sdk-ffi` libraries for iOS, the iOS simulator, MacOS, and Mac Catalyst under `/target`. Some targets are not part of the standard library and they will be built using the nightly toolchain. 
+2. `lipo` together the libraries for the same platform under `/generated`
+3. run `uniffi` and generate the C header, module map and swift files
+4. `xcodebuild` an `xcframework` from the fat static libs and the original iOS one, and add the header and module map to it under `generated/MatrixSDKFFI.xcframework`
+5. cleanup and delete the generated files except the .xcframework and the swift sources (that aren't part of the framework)
+
+## Building only the Crypto SDK
+
+```
+sh build_crypto_xcframework.sh
+```
+
+The `build_crypto_xcframework.sh` script will go through all the steps required to generate a fully usable `.xcframework`:
+
+1. compile `matrix-sdk-crypto-ffi` libraries for iOS and the iOS simulator under `/target`
+2. `lipo` together the libraries for the same platform under `/generated`
+3. run `uniffi` and generate the C header, module map and swift files
+4. `xcodebuild` an `xcframework` from the fat static libs and the original iOS one, and add the header and module map to it under `generated/MatrixSDKCryptoFFI.xcframework`
+5. cleanup and delete the generated files except the .xcframework and the swift sources (that aren't part of the framework)
+
+## Running the Xcode project
+
+The Xcode project is meant to provide a simple example on how to integrate everything together but also a place to run unit and integration tests from.
+
+It's pre-configured to link to the generated .xcframework and .swift files so successfully running the script first is necessary for it to compile.
+
+It makes the compiled code available to swift by importing the C header through its bridging header.
+
+Once all the generated components are available running it should be as easy as choosing a platform and clicking run.
+
+## Distribution
+
+The generated framework and Swift code can be distributed and integrated directly but in order to make things simpler we bundle them together as a Swift package available [TBD](here) in the case of SDK, and as CocoaPods podspec in the case of Crypto SDK.

bindings/apple/build_crypto_xcframework.sh

@@ -0,0 +1,73 @@
+#!/usr/bin/env bash
+set -eEu
+
+cd "$(dirname "$0")"
+
+# Path to the repo root
+SRC_ROOT=../..
+
+TARGET_DIR="${SRC_ROOT}/target"
+
+GENERATED_DIR="${SRC_ROOT}/generated"
+if [ -d "${GENERATED_DIR}" ]; then rm -rf "${GENERATED_DIR}"; fi
+mkdir -p ${GENERATED_DIR}
+
+REL_FLAG="--release"
+REL_TYPE_DIR="release"
+
+TARGET_CRATE=matrix-sdk-crypto-ffi
+
+# Build static libs for all the different architectures
+
+# iOS
+cargo build -p ${TARGET_CRATE} ${REL_FLAG} --target "aarch64-apple-ios"
+
+# iOS Simulator
+cargo build -p ${TARGET_CRATE} ${REL_FLAG} --target "aarch64-apple-ios-sim"
+cargo build -p ${TARGET_CRATE} ${REL_FLAG} --target "x86_64-apple-ios"
+
+# Lipo together the libraries for the same platform
+
+# iOS Simulator
+lipo -create \
+  "${TARGET_DIR}/x86_64-apple-ios/${REL_TYPE_DIR}/libmatrix_crypto_ffi.a" \
+  "${TARGET_DIR}/aarch64-apple-ios-sim/${REL_TYPE_DIR}/libmatrix_crypto_ffi.a" \
+  -output "${GENERATED_DIR}/libmatrix_crypto_ffi.a"
+
+# Generate uniffi files
+uniffi-bindgen generate "${SRC_ROOT}/bindings/${TARGET_CRATE}/src/olm.udl" --language swift --config "${SRC_ROOT}/bindings/${TARGET_CRATE}/uniffi.toml" --out-dir ${GENERATED_DIR}
+
+# Move headers to the right place
+HEADERS_DIR=${GENERATED_DIR}/headers
+mkdir -p ${HEADERS_DIR}
+mv ${GENERATED_DIR}/*.h ${HEADERS_DIR}
+
+# Rename and move modulemap to the right place
+mv ${GENERATED_DIR}/*.modulemap ${HEADERS_DIR}/module.modulemap
+
+# Move source files to the right place
+SWIFT_DIR="${GENERATED_DIR}/Sources"
+mkdir -p ${SWIFT_DIR}
+mv ${GENERATED_DIR}/*.swift ${SWIFT_DIR}
+
+# Build the xcframework
+
+if [ -d "${GENERATED_DIR}/MatrixSDKCryptoFFI.xcframework" ]; then rm -rf "${GENERATED_DIR}/MatrixSDKCryptoFFI.xcframework"; fi
+
+xcodebuild -create-xcframework \
+  -library "${TARGET_DIR}/aarch64-apple-ios/${REL_TYPE_DIR}/libmatrix_crypto_ffi.a" \
+  -headers ${HEADERS_DIR} \
+  -library "${GENERATED_DIR}/libmatrix_crypto_ffi.a" \
+  -headers ${HEADERS_DIR} \
+  -output "${GENERATED_DIR}/MatrixSDKCryptoFFI.xcframework"
+
+# Cleanup
+
+if [ -f "${TARGET_DIR}/aarch64-apple-ios-sim/${REL_TYPE_DIR}/libmatrix_crypto_ffi.a" ]; then rm -rf "${TARGET_DIR}/aarch64-apple-ios-sim/${REL_TYPE_DIR}/libmatrix_crypto_ffi.a"; fi
+if [ -f "${GENERATED_DIR}/libmatrix_crypto_ffi.a" ]; then rm -rf "${GENERATED_DIR}/libmatrix_crypto_ffi.a"; fi
+if [ -d ${HEADERS_DIR} ]; then rm -rf ${HEADERS_DIR}; fi
+
+# Zip up framework, sources and LICENSE, ready to be uploaded to GitHub Releases and used by MatrixSDKCrypto.podspec
+cp ${SRC_ROOT}/LICENSE $GENERATED_DIR
+cd $GENERATED_DIR
+zip -r MatrixSDKCryptoFFI.zip MatrixSDKCryptoFFI.xcframework Sources LICENSE

bindings/apple/build_xcframework.sh

@@ -0,0 +1,89 @@
+#!/usr/bin/env bash
+set -eEu
+
+cd "$(dirname "$0")"
+
+# Path to the repo root
+SRC_ROOT=../..
+
+TARGET_DIR="${SRC_ROOT}/target"
+
+GENERATED_DIR="${SRC_ROOT}/generated"
+mkdir -p ${GENERATED_DIR}
+
+REL_FLAG="--release"
+REL_TYPE_DIR="release"
+
+# Build static libs for all the different architectures
+
+# iOS
+cargo build -p matrix-sdk-ffi ${REL_FLAG} --target "aarch64-apple-ios"
+
+# MacOS
+cargo build -p matrix-sdk-ffi ${REL_FLAG} --target "aarch64-apple-darwin"
+cargo build -p matrix-sdk-ffi ${REL_FLAG} --target "x86_64-apple-darwin"
+
+# iOS Simulator
+cargo build -p matrix-sdk-ffi ${REL_FLAG} --target "aarch64-apple-ios-sim"
+cargo build -p matrix-sdk-ffi ${REL_FLAG} --target "x86_64-apple-ios"
+
+# Mac Catalyst
+cargo +nightly build -Z build-std -p matrix-sdk-ffi ${REL_FLAG} --target "aarch64-apple-ios-macabi"
+cargo +nightly build -Z build-std -p matrix-sdk-ffi ${REL_FLAG} --target "x86_64-apple-ios-macabi"
+
+# Lipo together the libraries for the same platform
+
+# MacOS
+lipo -create \
+  "${TARGET_DIR}/x86_64-apple-darwin/${REL_TYPE_DIR}/libmatrix_sdk_ffi.a" \
+  "${TARGET_DIR}/aarch64-apple-darwin/${REL_TYPE_DIR}/libmatrix_sdk_ffi.a" \
+  -output "${GENERATED_DIR}/libmatrix_sdk_ffi_macos.a"
+
+# iOS Simulator
+lipo -create \
+  "${TARGET_DIR}/x86_64-apple-ios/${REL_TYPE_DIR}/libmatrix_sdk_ffi.a" \
+  "${TARGET_DIR}/aarch64-apple-ios-sim/${REL_TYPE_DIR}/libmatrix_sdk_ffi.a" \
+  -output "${GENERATED_DIR}/libmatrix_sdk_ffi_iossimulator.a"
+
+# Mac Catalyst
+lipo -create \
+  "${TARGET_DIR}/x86_64-apple-ios-macabi/${REL_TYPE_DIR}/libmatrix_sdk_ffi.a" \
+  "${TARGET_DIR}/aarch64-apple-ios-macabi/${REL_TYPE_DIR}/libmatrix_sdk_ffi.a" \
+  -output "${GENERATED_DIR}/libmatrix_sdk_ffi_maccatalyst.a"
+
+
+# Generate uniffi files
+uniffi-bindgen generate "${SRC_ROOT}/bindings/matrix-sdk-ffi/src/api.udl" --language swift --out-dir ${GENERATED_DIR}
+
+# Move them to the right place
+HEADERS_DIR=${GENERATED_DIR}/headers
+mkdir -p ${HEADERS_DIR}
+
+mv ${GENERATED_DIR}/*.h ${GENERATED_DIR}/*.modulemap ${HEADERS_DIR}
+
+SWIFT_DIR="${GENERATED_DIR}/swift"
+mkdir -p ${SWIFT_DIR}
+
+mv ${GENERATED_DIR}/*.swift ${SWIFT_DIR}
+
+# Build the xcframework
+
+if [ -d "${GENERATED_DIR}/MatrixSDKFFI.xcframework" ]; then rm -rf "${GENERATED_DIR}/MatrixSDKFFI.xcframework"; fi
+
+xcodebuild -create-xcframework \
+  -library "${GENERATED_DIR}/libmatrix_sdk_ffi_macos.a" \
+  -headers ${HEADERS_DIR} \
+  -library "${GENERATED_DIR}/libmatrix_sdk_ffi_iossimulator.a" \
+  -headers ${HEADERS_DIR} \
+  -library "${GENERATED_DIR}/libmatrix_sdk_ffi_maccatalyst.a" \
+  -headers ${HEADERS_DIR} \
+  -library "${TARGET_DIR}/aarch64-apple-ios/${REL_TYPE_DIR}/libmatrix_sdk_ffi.a" \
+  -headers ${HEADERS_DIR} \
+  -output "${GENERATED_DIR}/MatrixSDKFFI.xcframework"
+
+# Cleanup
+
+if [ -f "${GENERATED_DIR}/libmatrix_sdk_ffi_macos.a" ]; then rm -rf "${GENERATED_DIR}/libmatrix_sdk_ffi_macos.a"; fi
+if [ -f "${GENERATED_DIR}/libmatrix_sdk_ffi_iossimulator.a" ]; then rm -rf "${GENERATED_DIR}/libmatrix_sdk_ffi_iossimulator.a"; fi
+if [ -f "${GENERATED_DIR}/libmatrix_sdk_ffi_maccatalyst.a" ]; then rm -rf "${GENERATED_DIR}/libmatrix_sdk_ffi_maccatalyst.a"; fi
+if [ -d ${HEADERS_DIR} ]; then rm -rf ${HEADERS_DIR}; fi

bindings/apple/debug_build_xcframework.sh

@@ -0,0 +1,71 @@
+#!/usr/bin/env bash
+set -eEu
+
+cd "$(dirname "$0")"
+
+IS_CI=false
+
+if [ $# -eq 1 ]; then
+  IS_CI=true
+  echo "Running CI build"
+else
+  echo "Running debug build"
+fi
+
+# Path to the repo root
+SRC_ROOT=../..
+
+TARGET_DIR="${SRC_ROOT}/target"
+
+GENERATED_DIR="${SRC_ROOT}/generated"
+mkdir -p ${GENERATED_DIR}
+
+REL_FLAG=""
+REL_TYPE_DIR="debug"
+
+# iOS Simulator
+cargo +nightly build -p matrix-sdk-ffi ${REL_FLAG} --target "aarch64-apple-ios-sim"
+cargo +nightly build -p matrix-sdk-ffi ${REL_FLAG} --target "x86_64-apple-ios"
+
+lipo -create \
+  "${TARGET_DIR}/x86_64-apple-ios/${REL_TYPE_DIR}/libmatrix_sdk_ffi.a" \
+  "${TARGET_DIR}/aarch64-apple-ios-sim/${REL_TYPE_DIR}/libmatrix_sdk_ffi.a" \
+  -output "${GENERATED_DIR}/libmatrix_sdk_ffi_iossimulator.a"
+
+# Generate uniffi files
+uniffi-bindgen generate "${SRC_ROOT}/bindings/matrix-sdk-ffi/src/api.udl" --language swift --out-dir ${GENERATED_DIR}
+
+# Move them to the right place
+HEADERS_DIR=${GENERATED_DIR}/headers
+mkdir -p ${HEADERS_DIR}
+
+mv ${GENERATED_DIR}/*.h ${GENERATED_DIR}/*.modulemap ${HEADERS_DIR}
+
+SWIFT_DIR="${GENERATED_DIR}/swift"
+mkdir -p ${SWIFT_DIR}
+
+mv ${GENERATED_DIR}/*.swift ${SWIFT_DIR}
+
+# Build the xcframework
+
+if [ -d "${GENERATED_DIR}/MatrixSDKFFI.xcframework" ]; then rm -rf "${GENERATED_DIR}/MatrixSDKFFI.xcframework"; fi
+
+xcodebuild -create-xcframework \
+  -library "${GENERATED_DIR}/libmatrix_sdk_ffi_iossimulator.a" \
+  -headers ${HEADERS_DIR} \
+  -output "${GENERATED_DIR}/MatrixSDKFFI.xcframework"
+
+# Cleanup
+
+# if [ -f "${GENERATED_DIR}/libmatrix_sdk_ffi_iossimulator.a" ]; then rm -rf "${GENERATED_DIR}/libmatrix_sdk_ffi_iossimulator.a"; fi
+# if [ -d ${HEADERS_DIR} ]; then rm -rf ${HEADERS_DIR}; fi
+
+if [ "$IS_CI" = false ] ; then
+  echo "Preparing matrix-rust-components-swift"
+
+  # Debug -> Copy generated files over to ../../../matrix-rust-components-swift
+  echo "$(printf "import MatrixSDKFFIWrapper\n\n"; cat "${SWIFT_DIR}/sdk.swift")" > "${SWIFT_DIR}/sdk.swift"
+
+  rsync -a --delete "${GENERATED_DIR}/MatrixSDKFFI.xcframework" "${SRC_ROOT}/../matrix-rust-components-swift/"
+  rsync -a --delete "${GENERATED_DIR}/swift/" "${SRC_ROOT}/../matrix-rust-components-swift/Sources/MatrixRustSDK"
+fi

bindings/matrix-sdk-crypto-ffi/Cargo.toml

@@ -0,0 +1,66 @@
+[package]
+name = "matrix-sdk-crypto-ffi"
+version = "0.1.0"
+authors = ["Damir Jelić <poljar@termina.org.uk>"]
+edition = "2018"
+rust-version = "1.60"
+description = "Uniffi based bindings for the Rust SDK crypto crate"
+repository = "https://github.com/matrix-org/matrix-rust-sdk"
+license = "Apache-2.0"
+publish = false
+
+[lib]
+crate-type = ["cdylib", "staticlib"]
+name = "matrix_crypto_ffi"
+
+[dependencies]
+anyhow = "1.0.57"
+base64 = "0.13.0"
+hmac = "0.12.1"
+http = "0.2.6"
+pbkdf2 = "0.11.0"
+rand = "0.8.5"
+ruma = { git = "https://github.com/ruma/ruma", rev = "96155915f", features = ["client-api-c"] }
+serde = "1.0.136"
+serde_json = "1.0.79"
+sha2 = "0.10.2"
+thiserror = "1.0.30"
+tracing = "0.1.34"
+tracing-subscriber = { version = "0.3.11", features = ["env-filter"] }
+# keep in sync with uniffi dependency in matrix-sdk-ffi, and uniffi_bindgen in ffi CI job
+uniffi = "0.18.0"
+zeroize = { version = "1.3.0", features = ["zeroize_derive"] }
+
+[dependencies.js_int]
+version = "0.2.2"
+features = ["lax_deserialize"]
+
+[dependencies.matrix-sdk-common]
+path = "../../crates/matrix-sdk-common"
+version = "0.5.0"
+
+[dependencies.matrix-sdk-crypto]
+path = "../../crates/matrix-sdk-crypto"
+version = "0.5.0"
+features = ["qrcode", "backups_v1"]
+
+[dependencies.matrix-sdk-sled]
+path = "../../crates/matrix-sdk-sled"
+version = "0.1.0"
+default_features = false
+features = ["crypto-store"]
+
+[dependencies.tokio]
+version = "1.17.0"
+default_features = false
+features = ["rt-multi-thread"]
+
+[dependencies.vodozemac]
+git = "https://github.com/matrix-org/vodozemac/"
+rev = "2404f83f7d3a3779c1f518e4d949f7da9677c3dd"
+
+[build-dependencies]
+uniffi_build = { version = "0.18.0", features = ["builtin-bindgen"] }
+
+[dev-dependencies]
+tempfile = "3.3.0"

bindings/matrix-sdk-crypto-ffi/README.md

@@ -0,0 +1,84 @@
+# Uniffi based bindings for the Rust SDK crypto crate.
+
+This crate contains Uniffi based bindings for the `matrix-sdk-crypto` crate. The
+README mainly describes how to build and integrate the bindings into a Kotlin
+based Android project, but the Android specific bits can be skipped if you are
+targeting an x86 Linux project.
+
+## Prerequisites
+
+### Rust
+
+To build the bindings [Rust] will be needed it can be either installed using an
+OS specific package manager or directly with the provided [installer](https://rustup.rs/).
+
+### Android NDK
+
+The Android NDK will be required as well, it can be installed either through
+Android Studio or directly using an [installer](https://developer.android.com/ndk/downloads).
+
+### Configuring Rust for cross compilation
+
+First we'll need to install the Rust target for our desired Android architecture,
+for example:
+
+```
+# rustup target add aarch64-linux-android
+```
+
+This will add support to cross-compile for the aarch64-linux-android target,
+Rust supports many different [targets], you'll have to make sure to pick the
+right one for your device or emulator.
+
+After this is done, we'll have to configure [Cargo] to use the correct linker
+for our target. Cargo is configured using a TOML file that will be found in
+`%USERPROFILE%\.cargo\config.toml` on Windows or `$HOME/.cargo/config` on Unix
+platforms. More details and configuration options for Cargo can be found in the
+official docs over [here](https://doc.rust-lang.org/cargo/reference/config.html).
+
+```
+[target.aarch64-linux-android]
+ar = "NDK_HOME/toolchains/llvm/prebuilt/linux-x86_64/bin/ar"
+linker = "NDK_HOME/toolchains/llvm/prebuilt/linux-x86_64/bin/aarch64-linux-android30-clang"
+```
+
+## Building
+
+To enable cross compilation for `olm-sys` which builds our `libolm` C library
+we'll need to set the `ANDROID_NDK` environment variable to the location of our
+Android NDK installation.
+
+```
+$ export ANDROID_NDK=$HOME/Android/Sdk/ndk/22.0.7026061/
+```
+
+### Building for a target
+
+The bindings can built for the `aarch64` target with:
+
+```
+$ cargo build --target aarch64-linux-android
+```
+
+After that, a dynamic library can be found in the `target/aarch64-linux-android/debug` directory.
+The library will be called `libmatrix_crypto.so` and needs to be renamed and
+copied into the `jniLibs` directory of your Android project, for Element Android:
+
+```
+$ cp ../../target/aarch64-linux-android/debug/libmatrix_crypto.so \
+     /home/example/matrix-sdk-android/src/main/jniLibs/aarch64/libuniffi_olm.so
+```
+
+## Minimum Supported Rust Version (MSRV)
+
+These crates are built with the Rust language version 2021 and require a minimum compiler version of `1.60`.
+
+## License
+
+[Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0)
+
+[Rust]: https://www.rust-lang.org/
+[installer]: https://rustup.rs/
+[targets]: https://doc.rust-lang.org/nightly/rustc/platform-support.html
+[Cargo]: https://doc.rust-lang.org/cargo/
+[uniffi]: https://github.com/mozilla/uniffi-rs/

bindings/matrix-sdk-crypto-ffi/build.rs

@@ -0,0 +1,3 @@
+fn main() {
+    uniffi_build::generate_scaffolding("./src/olm.udl").unwrap();
+}

bindings/matrix-sdk-crypto-ffi/src/backup_recovery_key.rs

@@ -0,0 +1,157 @@
+use std::{collections::HashMap, iter, ops::DerefMut};
+
+use hmac::Hmac;
+use matrix_sdk_crypto::{
+    backups::OlmPkDecryptionError,
+    store::{CryptoStoreError as InnerStoreError, RecoveryKey},
+};
+use pbkdf2::pbkdf2;
+use rand::{distributions::Alphanumeric, thread_rng, Rng};
+use sha2::Sha512;
+use thiserror::Error;
+use zeroize::Zeroize;
+
+/// The private part of the backup key, the one used for recovery.
+pub struct BackupRecoveryKey {
+    pub(crate) inner: RecoveryKey,
+    pub(crate) passphrase_info: Option<PassphraseInfo>,
+}
+
+/// Error type for the decryption of backed up room keys.
+#[derive(Debug, Error)]
+pub enum PkDecryptionError {
+    /// An internal libolm error happened during decryption.
+    #[error("Error decryption a PkMessage {0}")]
+    Olm(#[from] OlmPkDecryptionError),
+}
+
+/// Error type for the decoding and storing of the backup key.
+#[derive(Debug, Error)]
+pub enum DecodeError {
+    /// An error happened while decoding the recovery key.
+    #[error(transparent)]
+    Decode(#[from] matrix_sdk_crypto::backups::DecodeError),
+    /// An error happened in the storage layer while trying to save the
+    /// decoded recovery key.
+    #[error(transparent)]
+    CryptoStore(#[from] InnerStoreError),
+}
+
+/// Struct containing info about the way the backup key got derived from a
+/// passphrase.
+#[derive(Debug, Clone)]
+pub struct PassphraseInfo {
+    /// The salt that was used during key derivation.
+    pub private_key_salt: String,
+    /// The number of PBKDF rounds that were used for key derivation.
+    pub private_key_iterations: i32,
+}
+
+/// The public part of the backup key.
+pub struct MegolmV1BackupKey {
+    /// The actual base64 encoded public key.
+    pub public_key: String,
+    /// Signatures that have signed our backup key.
+    pub signatures: HashMap<String, HashMap<String, String>>,
+    /// The passphrase info, if the key was derived from one.
+    pub passphrase_info: Option<PassphraseInfo>,
+    /// Get the full name of the backup algorithm this backup key supports.
+    pub backup_algorithm: String,
+}
+
+impl BackupRecoveryKey {
+    const KEY_SIZE: usize = 32;
+    const SALT_SIZE: usize = 32;
+    const PBKDF_ROUNDS: i32 = 500_000;
+
+    /// Create a new random [`BackupRecoveryKey`].
+    #[allow(clippy::new_without_default)]
+    pub fn new() -> Self {
+        Self {
+            inner: RecoveryKey::new()
+                .expect("Can't gather enough randomness to create a recovery key"),
+            passphrase_info: None,
+        }
+    }
+
+    /// Try to create a [`BackupRecoveryKey`] from a base 64 encoded string.
+    pub fn from_base64(key: String) -> Result<Self, DecodeError> {
+        Ok(Self { inner: RecoveryKey::from_base64(&key)?, passphrase_info: None })
+    }
+
+    /// Try to create a [`BackupRecoveryKey`] from a base 58 encoded string.
+    pub fn from_base58(key: String) -> Result<Self, DecodeError> {
+        Ok(Self { inner: RecoveryKey::from_base58(&key)?, passphrase_info: None })
+    }
+
+    /// Create a new [`BackupRecoveryKey`] from the given passphrase.
+    pub fn new_from_passphrase(passphrase: String) -> Self {
+        let mut rng = thread_rng();
+        let salt: String = iter::repeat(())
+            .map(|()| rng.sample(Alphanumeric))
+            .map(char::from)
+            .take(Self::SALT_SIZE)
+            .collect();
+
+        Self::from_passphrase(passphrase, salt, Self::PBKDF_ROUNDS)
+    }
+
+    /// Restore a [`BackupRecoveryKey`] from the given passphrase.
+    pub fn from_passphrase(passphrase: String, salt: String, rounds: i32) -> Self {
+        let mut key = Box::new([0u8; Self::KEY_SIZE]);
+        let rounds = rounds as u32;
+
+        pbkdf2::<Hmac<Sha512>>(passphrase.as_bytes(), salt.as_bytes(), rounds, key.deref_mut());
+
+        let recovery_key = RecoveryKey::from_bytes(&key);
+
+        key.zeroize();
+
+        Self {
+            inner: recovery_key,
+            passphrase_info: Some(PassphraseInfo {
+                private_key_salt: salt,
+                private_key_iterations: rounds as i32,
+            }),
+        }
+    }
+
+    /// Get the public part of the backup key.
+    pub fn megolm_v1_public_key(&self) -> MegolmV1BackupKey {
+        let public_key = self.inner.megolm_v1_public_key();
+
+        let signatures: HashMap<String, HashMap<String, String>> = public_key
+            .signatures()
+            .into_iter()
+            .map(|(k, v)| (k.to_string(), v.into_iter().map(|(k, v)| (k.to_string(), v)).collect()))
+            .collect();
+
+        MegolmV1BackupKey {
+            public_key: public_key.to_base64(),
+            signatures,
+            passphrase_info: self.passphrase_info.clone(),
+            backup_algorithm: public_key.backup_algorithm().to_owned(),
+        }
+    }
+
+    /// Convert the recovery key to a base 58 encoded string.
+    pub fn to_base58(&self) -> String {
+        self.inner.to_base58()
+    }
+
+    /// Convert the recovery key to a base 64 encoded string.
+    pub fn to_base64(&self) -> String {
+        self.inner.to_base64()
+    }
+
+    /// Try to decrypt a message that was encrypted using the public part of the
+    /// backup key.
+    pub fn decrypt_v1(
+        &self,
+        ephemeral_key: String,
+        mac: String,
+        ciphertext: String,
+    ) -> Result<String, PkDecryptionError> {
+        self.inner.decrypt_v1(ephemeral_key, mac, ciphertext).map_err(|e| e.into())
+    }
+}

bindings/matrix-sdk-crypto-ffi/src/device.rs

@@ -0,0 +1,42 @@
+use std::collections::HashMap;
+
+use matrix_sdk_crypto::Device as InnerDevice;
+
+/// An E2EE capable Matrix device.
+pub struct Device {
+    /// The device owner.
+    pub user_id: String,
+    /// The unique ID of the device.
+    pub device_id: String,
+    /// The published public identity keys of the devices
+    ///
+    /// A map from the key type (e.g. curve25519) to the base64 encoded key.
+    pub keys: HashMap<String, String>,
+    /// The supported algorithms of the device.
+    pub algorithms: Vec<String>,
+    /// The human readable name of the device.
+    pub display_name: Option<String>,
+    /// A flag indicating if the device has been blocked, blocked devices don't
+    /// receive any room keys from us.
+    pub is_blocked: bool,
+    /// Is the device locally trusted
+    pub locally_trusted: bool,
+    /// Is our cross signing identity trusted and does the identity trust the
+    /// device.
+    pub cross_signing_trusted: bool,
+}
+
+impl From<InnerDevice> for Device {
+    fn from(d: InnerDevice) -> Self {
+        Device {
+            user_id: d.user_id().to_string(),
+            device_id: d.device_id().to_string(),
+            keys: d.keys().iter().map(|(k, v)| (k.to_string(), v.to_base64())).collect(),
+            algorithms: d.algorithms().iter().map(|a| a.to_string()).collect(),
+            display_name: d.display_name().map(|d| d.to_owned()),
+            is_blocked: d.is_blacklisted(),
+            locally_trusted: d.is_locally_trusted(),
+            cross_signing_trusted: d.is_cross_signing_trusted(),
+        }
+    }
+}

bindings/matrix-sdk-crypto-ffi/src/error.rs

@@ -0,0 +1,63 @@
+#![allow(missing_docs)]
+
+use matrix_sdk_crypto::{
+    store::CryptoStoreError as InnerStoreError, KeyExportError, MegolmError, OlmError,
+    SecretImportError as RustSecretImportError, SignatureError as InnerSignatureError,
+};
+use ruma::{IdParseError, OwnedUserId};
+
+#[derive(Debug, thiserror::Error)]
+pub enum KeyImportError {
+    #[error(transparent)]
+    Export(#[from] KeyExportError),
+    #[error(transparent)]
+    CryptoStore(#[from] InnerStoreError),
+    #[error(transparent)]
+    Json(#[from] serde_json::Error),
+}
+
+#[derive(Debug, thiserror::Error)]
+pub enum SecretImportError {
+    #[error(transparent)]
+    CryptoStore(#[from] InnerStoreError),
+    #[error(transparent)]
+    Import(#[from] RustSecretImportError),
+}
+
+#[derive(Debug, thiserror::Error)]
+pub enum SignatureError {
+    #[error(transparent)]
+    Signature(#[from] InnerSignatureError),
+    #[error(transparent)]
+    Identifier(#[from] IdParseError),
+    #[error(transparent)]
+    CryptoStore(#[from] InnerStoreError),
+    #[error("Unknown device {0} {1}")]
+    UnknownDevice(OwnedUserId, String),
+    #[error("Unknown user identity {0}")]
+    UnknownUserIdentity(String),
+}
+
+#[derive(Debug, thiserror::Error)]
+pub enum CryptoStoreError {
+    #[error(transparent)]
+    CryptoStore(#[from] InnerStoreError),
+    #[error(transparent)]
+    OlmError(#[from] OlmError),
+    #[error(transparent)]
+    Serialization(#[from] serde_json::Error),
+    #[error("The given string is not a valid user ID: source {0}, error {1}")]
+    InvalidUserId(String, IdParseError),
+    #[error(transparent)]
+    Identifier(#[from] IdParseError),
+}
+
+#[derive(Debug, thiserror::Error)]
+pub enum DecryptionError {
+    #[error(transparent)]
+    Serialization(#[from] serde_json::Error),
+    #[error(transparent)]
+    Identifier(#[from] IdParseError),
+    #[error(transparent)]
+    Megolm(#[from] MegolmError),
+}

bindings/matrix-sdk-crypto-ffi/src/lib.rs

@@ -0,0 +1,591 @@
+//! Uniffi based bindings for the `matrix-sdk-crypto` crate.
+//!
+//! This crate can be used to introduce E2EE support into an existing Matrix
+//! client or client library in any of the language targets Uniffi supports.
+
+#![warn(missing_docs)]
+
+mod backup_recovery_key;
+mod device;
+mod error;
+mod logger;
+mod machine;
+mod responses;
+mod users;
+mod verification;
+
+use std::{borrow::Borrow, collections::HashMap, convert::TryFrom, str::FromStr, sync::Arc};
+
+pub use backup_recovery_key::{
+    BackupRecoveryKey, DecodeError, MegolmV1BackupKey, PassphraseInfo, PkDecryptionError,
+};
+pub use device::Device;
+pub use error::{
+    CryptoStoreError, DecryptionError, KeyImportError, SecretImportError, SignatureError,
+};
+use js_int::UInt;
+pub use logger::{set_logger, Logger};
+pub use machine::{KeyRequestPair, OlmMachine};
+pub use responses::{
+    BootstrapCrossSigningResult, DeviceLists, KeysImportResult, OutgoingVerificationRequest,
+    Request, RequestType, SignatureUploadRequest, UploadSigningKeysRequest,
+};
+use ruma::{DeviceId, DeviceKeyAlgorithm, OwnedUserId, RoomId, SecondsSinceUnixEpoch, UserId};
+use serde::{Deserialize, Serialize};
+pub use users::UserIdentity;
+pub use verification::{
+    CancelInfo, ConfirmVerificationResult, QrCode, RequestVerificationResult, Sas, ScanResult,
+    StartSasResult, Verification, VerificationRequest,
+};
+
+/// Struct collecting data that is important to migrate to the rust-sdk
+#[derive(Deserialize, Serialize)]
+pub struct MigrationData {
+    /// The pickled version of the Olm Account
+    account: PickledAccount,
+    /// The list of pickleds Olm Sessions.
+    sessions: Vec<PickledSession>,
+    /// The list of Megolm inbound group sessions.
+    inbound_group_sessions: Vec<PickledInboundGroupSession>,
+    /// The Olm pickle key that was used to pickle all the Olm objects.
+    pickle_key: Vec<u8>,
+    /// The backup version that is currently active.
+    backup_version: Option<String>,
+    // The backup recovery key, as a base58 encoded string.
+    backup_recovery_key: Option<String>,
+    /// The private cross signing keys.
+    cross_signing: CrossSigningKeyExport,
+    /// The list of users that the Rust SDK should track.
+    tracked_users: Vec<String>,
+}
+
+/// A pickled version of an `Account`.
+///
+/// Holds all the information that needs to be stored in a database to restore
+/// an account.
+#[derive(Debug, Deserialize, Serialize)]
+pub struct PickledAccount {
+    /// The user id of the account owner.
+    pub user_id: String,
+    /// The device ID of the account owner.
+    pub device_id: String,
+    /// The pickled version of the Olm account.
+    pub pickle: String,
+    /// Was the account shared.
+    pub shared: bool,
+    /// The number of uploaded one-time keys we have on the server.
+    pub uploaded_signed_key_count: i64,
+}
+
+/// A pickled version of a `Session`.
+///
+/// Holds all the information that needs to be stored in a database to restore
+/// a Session.
+#[derive(Debug, Deserialize, Serialize)]
+pub struct PickledSession {
+    /// The pickle string holding the Olm Session.
+    pub pickle: String,
+    /// The curve25519 key of the other user that we share this session with.
+    pub sender_key: String,
+    /// Was the session created using a fallback key.
+    pub created_using_fallback_key: bool,
+    /// The Unix timestamp when the session was created.
+    pub creation_time: String,
+    /// The Unix timestamp when the session was last used.
+    pub last_use_time: String,
+}
+
+/// A pickled version of an `InboundGroupSession`.
+///
+/// Holds all the information that needs to be stored in a database to restore
+/// an InboundGroupSession.
+#[derive(Debug, Deserialize, Serialize)]
+pub struct PickledInboundGroupSession {
+    /// The pickle string holding the InboundGroupSession.
+    pub pickle: String,
+    /// The public curve25519 key of the account that sent us the session
+    pub sender_key: String,
+    /// The public ed25519 key of the account that sent us the session.
+    pub signing_key: HashMap<String, String>,
+    /// The id of the room that the session is used in.
+    pub room_id: String,
+    /// The list of claimed ed25519 that forwarded us this key. Will be empty if
+    /// we directly received this session.
+    pub forwarding_chains: Vec<String>,
+    /// Flag remembering if the session was directly sent to us by the sender
+    /// or if it was imported.
+    pub imported: bool,
+    /// Flag remembering if the session has been backed up.
+    pub backed_up: bool,
+}
+
+/// Error type for the migration process.
+#[derive(thiserror::Error, Debug)]
+pub enum MigrationError {
+    /// Generic catch all error variant.
+    #[error("error migrating database: {error_message}")]
+    Generic {
+        /// The error message
+        error_message: String,
+    },
+}
+
+impl From<anyhow::Error> for MigrationError {
+    fn from(e: anyhow::Error) -> MigrationError {
+        MigrationError::Generic { error_message: e.to_string() }
+    }
+}
+
+/// Migrate a libolm based setup to a vodozemac based setup stored in a Sled
+/// store.
+///
+/// # Arguments
+///
+/// * `data` - The data that should be migrated over to the Sled store.
+///
+/// * `path` - The path where the Sled store should be created.
+///
+/// * `passphrase` - The passphrase that should be used to encrypt the data at
+/// rest in the Sled store. **Warning**, if no passphrase is given, the store
+/// and all its data will remain unencrypted.
+///
+/// * `progress_listener` - A callback that can be used to introspect the
+/// progress of the migration.
+pub fn migrate(
+    mut data: MigrationData,
+    path: &str,
+    passphrase: Option<String>,
+    progress_listener: Box<dyn ProgressListener>,
+) -> anyhow::Result<()> {
+    use matrix_sdk_crypto::{
+        olm::PrivateCrossSigningIdentity,
+        store::{Changes as RustChanges, CryptoStore, RecoveryKey},
+    };
+    use matrix_sdk_sled::CryptoStore as SledStore;
+    use tokio::runtime::Runtime;
+    use vodozemac::{
+        megolm::InboundGroupSession,
+        olm::{Account, Session},
+        Curve25519PublicKey,
+    };
+    use zeroize::Zeroize;
+
+    // The total steps here include all the sessions/inbound group sessions and
+    // additionally some static number of steps:
+    //
+    // 1. opening the store
+    // 2. the Account
+    // 3. the cross signing keys
+    // 4. the tracked users
+    // 5. the final save operation
+    let total_steps = 5 + data.sessions.len() + data.inbound_group_sessions.len();
+    let mut processed_steps = 0;
+    let listener = |progress: usize, total: usize| {
+        progress_listener.on_progress(progress as i32, total as i32)
+    };
+
+    let store = SledStore::open_with_passphrase(path, passphrase.as_deref())?;
+    let runtime = Runtime::new()?;
+
+    processed_steps += 1;
+    listener(processed_steps, total_steps);
+
+    let user_id: Arc<UserId> = {
+        let user_id: OwnedUserId = parse_user_id(&data.account.user_id)?;
+        let user_id: &UserId = user_id.borrow();
+
+        user_id.into()
+    };
+    let device_id: Box<DeviceId> = data.account.device_id.into();
+    let device_id: Arc<DeviceId> = device_id.into();
+
+    let account = Account::from_libolm_pickle(&data.account.pickle, &data.pickle_key)?;
+    let pickle = account.pickle();
+    let identity_keys = Arc::new(account.identity_keys());
+    let pickled_account = matrix_sdk_crypto::olm::PickledAccount {
+        user_id: parse_user_id(&data.account.user_id)?,
+        device_id: device_id.as_ref().to_owned(),
+        pickle,
+        shared: data.account.shared,
+        uploaded_signed_key_count: data.account.uploaded_signed_key_count as u64,
+    };
+    let account = matrix_sdk_crypto::olm::ReadOnlyAccount::from_pickle(pickled_account)?;
+
+    processed_steps += 1;
+    listener(processed_steps, total_steps);
+
+    let mut sessions = Vec::new();
+
+    for session_pickle in data.sessions {
+        let pickle =
+            Session::from_libolm_pickle(&session_pickle.pickle, &data.pickle_key)?.pickle();
+
+        let creation_time = SecondsSinceUnixEpoch(UInt::from_str(&session_pickle.creation_time)?);
+        let last_use_time = SecondsSinceUnixEpoch(UInt::from_str(&session_pickle.last_use_time)?);
+
+        let pickle = matrix_sdk_crypto::olm::PickledSession {
+            pickle,
+            sender_key: Curve25519PublicKey::from_base64(&session_pickle.sender_key)?,
+            created_using_fallback_key: session_pickle.created_using_fallback_key,
+            creation_time,
+            last_use_time,
+        };
+
+        let session = matrix_sdk_crypto::olm::Session::from_pickle(
+            user_id.clone(),
+            device_id.clone(),
+            identity_keys.clone(),
+            pickle,
+        );
+
+        sessions.push(session);
+        processed_steps += 1;
+        listener(processed_steps, total_steps);
+    }
+
+    let mut inbound_group_sessions = Vec::new();
+
+    for session in data.inbound_group_sessions {
+        let pickle =
+            InboundGroupSession::from_libolm_pickle(&session.pickle, &data.pickle_key)?.pickle();
+
+        let pickle = matrix_sdk_crypto::olm::PickledInboundGroupSession {
+            pickle,
+            sender_key: session.sender_key,
+            signing_key: session
+                .signing_key
+                .into_iter()
+                .map(|(k, v)| Ok((DeviceKeyAlgorithm::try_from(k)?, v)))
+                .collect::<anyhow::Result<_>>()?,
+            room_id: RoomId::parse(session.room_id)?,
+            forwarding_chains: session.forwarding_chains,
+            imported: session.imported,
+            backed_up: session.backed_up,
+            history_visibility: None,
+        };
+
+        let session = matrix_sdk_crypto::olm::InboundGroupSession::from_pickle(pickle)?;
+
+        inbound_group_sessions.push(session);
+        processed_steps += 1;
+        listener(processed_steps, total_steps);
+    }
+
+    let recovery_key =
+        data.backup_recovery_key.map(|k| RecoveryKey::from_base58(k.as_str())).transpose()?;
+
+    let cross_signing = PrivateCrossSigningIdentity::empty((*user_id).into());
+    runtime.block_on(cross_signing.import_secrets_unchecked(
+        data.cross_signing.master_key.as_deref(),
+        data.cross_signing.self_signing_key.as_deref(),
+        data.cross_signing.user_signing_key.as_deref(),
+    ))?;
+
+    data.cross_signing.master_key.zeroize();
+    data.cross_signing.self_signing_key.zeroize();
+    data.cross_signing.user_signing_key.zeroize();
+
+    processed_steps += 1;
+    listener(processed_steps, total_steps);
+
+    let tracked_users: Vec<_> = data
+        .tracked_users
+        .into_iter()
+        .map(|u| Ok(((parse_user_id(&u)?), true)))
+        .collect::<anyhow::Result<_>>()?;
+
+    let tracked_users: Vec<_> = tracked_users.iter().map(|(u, d)| (&**u, *d)).collect();
+
+    runtime.block_on(store.save_tracked_users(tracked_users.as_slice()))?;
+
+    processed_steps += 1;
+    listener(processed_steps, total_steps);
+
+    let changes = RustChanges {
+        account: Some(account),
+        private_identity: Some(cross_signing),
+        sessions,
+        inbound_group_sessions,
+        recovery_key,
+        backup_version: data.backup_version,
+        ..Default::default()
+    };
+    runtime.block_on(store.save_changes(changes))?;
+
+    processed_steps += 1;
+    listener(processed_steps, total_steps);
+
+    Ok(())
+}
+
+/// Callback that will be passed over the FFI to report progress
+pub trait ProgressListener {
+    /// The callback that should be called on the Rust side
+    ///
+    /// # Arguments
+    ///
+    /// * `progress` - The current number of items that have been handled
+    ///
+    /// * `total` - The total number of items that will be handled
+    fn on_progress(&self, progress: i32, total: i32);
+}
+
+impl<T: Fn(i32, i32)> ProgressListener for T {
+    fn on_progress(&self, progress: i32, total: i32) {
+        self(progress, total)
+    }
+}
+
+/// An event that was successfully decrypted.
+pub struct DecryptedEvent {
+    /// The decrypted version of the event.
+    pub clear_event: String,
+    /// The claimed curve25519 key of the sender.
+    pub sender_curve25519_key: String,
+    /// The claimed ed25519 key of the sender.
+    pub claimed_ed25519_key: Option<String>,
+    /// The curve25519 chain of the senders that forwarded the Megolm decryption
+    /// key to us. Is empty if the key came directly from the sender of the
+    /// event.
+    pub forwarding_curve25519_chain: Vec<String>,
+}
+
+/// Struct representing the state of our private cross signing keys, it shows
+/// which private cross signing keys we have locally stored.
+#[derive(Debug, Clone)]
+pub struct CrossSigningStatus {
+    /// Do we have the master key.
+    pub has_master: bool,
+    /// Do we have the self signing key, this one is necessary to sign our own
+    /// devices.
+    pub has_self_signing: bool,
+    /// Do we have the user signing key, this one is necessary to sign other
+    /// users.
+    pub has_user_signing: bool,
+}
+
+/// A struct containing private cross signing keys that can be backed up or
+/// uploaded to the secret store.
+#[derive(Deserialize, Serialize)]
+pub struct CrossSigningKeyExport {
+    /// The seed of the master key encoded as unpadded base64.
+    pub master_key: Option<String>,
+    /// The seed of the self signing key encoded as unpadded base64.
+    pub self_signing_key: Option<String>,
+    /// The seed of the user signing key encoded as unpadded base64.
+    pub user_signing_key: Option<String>,
+}
+
+/// Struct holding the number of room keys we have.
+pub struct RoomKeyCounts {
+    /// The total number of room keys.
+    pub total: i64,
+    /// The number of backed up room keys.
+    pub backed_up: i64,
+}
+
+/// Backup keys and information we load from the store.
+pub struct BackupKeys {
+    /// The recovery key as a base64 encoded string.
+    recovery_key: Arc<BackupRecoveryKey>,
+    /// The version that is used with the recovery key.
+    backup_version: String,
+}
+
+impl BackupKeys {
+    /// Get the recovery key that we're holding on to.
+    pub fn recovery_key(&self) -> Arc<BackupRecoveryKey> {
+        self.recovery_key.clone()
+    }
+
+    /// Get the backups version that we're holding on to.
+    pub fn backup_version(&self) -> String {
+        self.backup_version.to_owned()
+    }
+}
+
+impl TryFrom<matrix_sdk_crypto::store::BackupKeys> for BackupKeys {
+    type Error = ();
+
+    fn try_from(keys: matrix_sdk_crypto::store::BackupKeys) -> Result<Self, Self::Error> {
+        Ok(Self {
+            recovery_key: BackupRecoveryKey {
+                inner: keys.recovery_key.ok_or(())?,
+                passphrase_info: None,
+            }
+            .into(),
+            backup_version: keys.backup_version.ok_or(())?,
+        })
+    }
+}
+
+impl From<matrix_sdk_crypto::store::RoomKeyCounts> for RoomKeyCounts {
+    fn from(count: matrix_sdk_crypto::store::RoomKeyCounts) -> Self {
+        Self { total: count.total as i64, backed_up: count.backed_up as i64 }
+    }
+}
+
+impl From<matrix_sdk_crypto::CrossSigningKeyExport> for CrossSigningKeyExport {
+    fn from(e: matrix_sdk_crypto::CrossSigningKeyExport) -> Self {
+        Self {
+            master_key: e.master_key.clone(),
+            self_signing_key: e.self_signing_key.clone(),
+            user_signing_key: e.user_signing_key.clone(),
+        }
+    }
+}
+
+impl From<CrossSigningKeyExport> for matrix_sdk_crypto::CrossSigningKeyExport {
+    fn from(e: CrossSigningKeyExport) -> Self {
+        matrix_sdk_crypto::CrossSigningKeyExport {
+            master_key: e.master_key,
+            self_signing_key: e.self_signing_key,
+            user_signing_key: e.user_signing_key,
+        }
+    }
+}
+
+impl From<matrix_sdk_crypto::CrossSigningStatus> for CrossSigningStatus {
+    fn from(s: matrix_sdk_crypto::CrossSigningStatus) -> Self {
+        Self {
+            has_master: s.has_master,
+            has_self_signing: s.has_self_signing,
+            has_user_signing: s.has_user_signing,
+        }
+    }
+}
+
+fn parse_user_id(user_id: &str) -> Result<OwnedUserId, CryptoStoreError> {
+    ruma::UserId::parse(user_id).map_err(|e| CryptoStoreError::InvalidUserId(user_id.to_owned(), e))
+}
+
+#[allow(warnings)]
+mod generated {
+    use super::*;
+    include!(concat!(env!("OUT_DIR"), "/olm.uniffi.rs"));
+}
+
+pub use generated::*;
+
+#[cfg(test)]
+mod test {
+    use anyhow::Result;
+    use serde_json::{json, Value};
+    use tempfile::tempdir;
+
+    use super::MigrationData;
+    use crate::{migrate, OlmMachine};
+
+    #[test]
+    fn android_migration() -> Result<()> {
+        let data: Value = json!({
+            "account":{
+               "user_id":"@ganfra146:matrix.org",
+               "device_id":"DEWRCMENGS",
+               "pickle":"FFGTGho89T3Xgd56l+EedOPV37s09RR8aYnS9305qPKF66LG+ly29YpCibjJOvkwm0dZwN9A2bOH/z7WscriqwZn/p0GE6YSNwLzffCy5iROzYzpYzFe0HtiyJmCQWCezvLc5lHV8YsfD00C1pKGX2R9M1wwp3/n4/3VjtTyPsdnmtwAPu4WdcPSkisCaQ3a6JaSKqv8zYzUjnpzgcpXHvPUR5d5+TzXgrVz3BeCOe8NEOWIW6xYUxFtGteYP0BczOkkJ22t7Css0tSMSrYgCll4zZUGNrd6D9b/z7KwcDnb978epsZ16DcZ/aaTxPdM5uDIkHgF/qHWerfxcaqsqs4EQfJdSgOTeqhjHBw1k0uWF2bByJLK+n7sGkYXEAuTzc4+0XvSFvu3Qp+1bHZuT7QejngRZzyxznORyBxd8la3/JjeJlehSK80OL7zSmohoYZD59S6i3tFWfopjQThJ0/eIyVOhEN/c3tfIcVr3lFEQeokgpCRNOVldhPcQWq994NHaL7jtb6yhUqT1gShY4zYayFL/VRz6nBSXXYwzrC9jho67knqXSri3lIKYevP9aOi384IvzbkinQdumc804dYwiCbs5hZppfEnfhfgiDDm+kVrJ9WaPRF4SySCTlS8jdGmBeL2CfCQ5IcZ5nK6X7tZM3tmtYwva0RuQiTNltp3XTfbMa0EoaEBximv25165hFTpzrWgoszBTpZPfgsMuWENWBcIX4AcLSk0CJ0qzPDeUwvmRcFStstGYV4drs5u5HEqovFSI48CoHPSEZfwwERCI4c/0efZ0CVEfnm8VcMv3AbnAfedD7v3QNdVwWOEhz/fGR76BQi2WjZP4MWvYRJ/vsLO5hcVWUvaJGQs5kANUFZMWuJQeJv3DmkV9kKKXnyfFUerlQ4Uk/5tp2mXiG+adHjuRp/Eeh5V/biCcIaX3rNuIY6MJaPz6SOwlFe79MMBaNwaS3j4Kh/Aq9BRw0QXdjO4CqMI4p2xCE1N5QTPdeaRTHTZ3r7mLkHX3FpZMxitc8vDl9L2FRoSOMMh/sRD1boBCkjrsty9rvTUGYY3li05jBuTXnYMjA4zj79dC9TGo4g+/wi+h537EhtP5+170LwqnIzfHt8yfjbsMMC7iwLpC1C57sTwxpMkNo3nQEvZOfqCxjq+ihiGuL9iN5lSstu9/C4qP2tQll86ASXf1axxRZQlUB0hlLHbEW6/7O7xOU6FTs4yXAZC04souRkggmfhDzZ9kQmN/zRTbqlATFI7l9/0VGxwLOVnCMUhgiDX5yL8CYK9I4ENMLf5zOuO6P3GbYISjEoHC7fUOzQ6OwGgLyI0wCEVdSJzQcdKh+W15VV+eDjhE/qEJHQWx024hTQFTKYHlDn95+lMmRI9BJLP1HU2JW6onVWsTsE5zSYu9jLj739EKfV4gS/pWzoQDRa7a9ZG6+m+RrwyJhCso3gkUekDNobhFlDX6YeH+Btj91N0uS3F9qr8lbo491s/z2fNV42zT4NYObzgrAYDQAV/2WYF8tXtxLV/Jzk8AMmyr/cfNaT2dXxVJKWq+nN2BYHBmg9CCWPJ2aB/1WWIcHfcDOlngtH991gP6246f/DEaVC/Ayxz7bPtSH5tlZ4Xbpc2P4BYxaRp/yxhhQ2C9H2I/PTt3mnNNgky/t8PZrN3W5+eiSVE9sONF8G3mYsa4XFqM+KxfbPUqsrEnrRBmvmJ250hpTPkFcIF775RvvRRKALXdlTKs+S4HKDW7KoP0Dm9+r4RlO0UHpWND9w0WSMItvWQyo0VViXJgZfBjYtWDoO0Ud+Kc7PLWNX6RUKY7RlDjXadJTC4adH6CN3UBC/ouqqfTrYvPOkyd2oKf4RLjEVcFAUIftFbLy+WBcWv8072nnAFJIlm3CxGq++80TyjqFR45P+qfIJavxQNIt5zhHPfMgHjX27OA3+l7rHDxqfMLBPxhtARwlyF+qx1IJiSWbmlHkdz2ylD9unoLSpf+DmmFvvgTj+3EEP4bY2jA/t91XFeG3uaTQSy3ryDvhbX21U7G2HGOEl9rCkmz+hG0YRB/6KxZZ0eMIDr7OWfpPEuHV8oYwDNYbsT9zCGsR1hHxBJtdo60b36mjMemtf761DhJ/oQZ4eU738yzx1hvVS3aCJsfyp70H5u+pUjgrA565uG2lEMNLu4T4NFVw0UdrVudyrhmT8P7vF4v+mR4pp+OzRbLf8AtZrKmHlMqRst+/wOHUHug/Tpz6EwZPDWGiQyFyPUkjHWW7ACouegBFOWFabsk+zCDhyxoSNrSMCtdB1L+qK72jRPGOvXk8p/1kBOIJfAjaK1ZWz8hTc30hOSWYxkRP296zPHiQF0ibNYSPNZ9tNxgq9nV/cEQ68TsNr3SULfDr0TSjCPf4AfmJ0k1k5xphSYv/TtGIbjg/9yGVFqclg4Y/6rrfkApbx36PQEBNxLiRsZ4hGpCfVU6h0jOekk8TV6CAguXVX/G31UqsAEa4sOD2g10Ir+5JD7bdd3JE/999kHGdiCqc0DNcgSqWYbq2QYwrN/mb+mMUbiQSNMcc34kK1n+7dGxppnt7YN7UsJqBWJdH0Lw1Epxi11ViTeVma9bqioJYXi6N5exdpZTT7KmcGYFsoTqO958EX6AppgcML7N9oP3TO8qSgCpV3Bbbemq4bvjV43aM6Rdx17pC4GZo0jjU97p4K8jE4PvgoHlYkuPwSJDOSAdnYPh+Inq/vCk48UfIlup0ATJFVUXD7uf84v9roZSwZPXZ5j/88+MkHBIJwPv8cugmz5uN2EuBW5IScMuEqG7Cmk72SU3/QA39G79S0Gpw7iPhTos5LXxhfvohGcnSaNEvfNeecQf7fpVciTdHwuvcgqJizUKpSFg2P+LDBiO44mJD15RNAaT37Rrj5P06YITO4PDj+FMdc6gx+JQUFbcSRhScE/0gfsVm0P1BYIH5q0k/QDgEVoerf/n19lITTzPib1F2OHP4hyF3BEq1pd9NwuPhhsVVqTVTK5MzFwFIOH7cwJyY7aBykmsWBavdb2J7UA5wjKqMHl1auUGPlNL+lZjqG4tw05bchtFAF+PGWQXJhJCtRSkkzTOCrLRyYyyI9mWYEjoc23cGLanlIs7WA1Nd0Jz+5RSNlf9Gtnd65yQp/W1eqY6yzURPHUUa7FrynyORmjaR9adT9utSQkXy8++IeDNzhMtFr+SqQ/gKECLe0GeuyTs6E5bImUtqpN+xopBXnEeq8wp+bvLf76d98qPE5ibTRwlsSyCE4c1Y7vrJrlc15Yc2R9ciIuKUS8rUKLSdGBFe/TD4R3cPhCKAnnRLGWnJiPPgxoTVwHVZMISdsAjNaWblBmiAOzFcu7443d3PCLyXVcfR9xgvW51HTumo91t5Qyx4HIXGoZxayZYFm2hrhSlieUqLnDL2j2gYgGU5NGoQl4OnEY2QqobpRUF4xJ4HhLzYbLrBeXmTDPvj0MasC3kKsRlm/HrsRRWZ2iPSMw9601tLvDfyjG53ddPISiVNnkdXcaAN5np7dwipdBOC1s4a0sEmKakNbkkDb8LsGBNte/g6UYs5yYaKr0bnXlDjMCznHQa7pypBjE7S55T3UeRpwo3IvZ1tfIGdb+z9RIA/PDvUksxJ3Xq3lqtZzkZJF5aeedfIOekGS/G0LiCSYsELgRceH5veknHqoGoL6xi4Q6/VjmfpZVXT19bDcTNtaR9Dlaq4LDjpQl9rl5C3O/X1hgADvJUuINCiLrD114sLY1DG/TDXE0sp+TK7utnjLAoHuAuj+6anY5vN66CSbwyUNmvo+m8li/AMkRYdtSDoPWkV7Y1ixMBPcua0Llwn2HSKKwnCjvhDIDIIVwbWwb1s6b9cztH81WF5RWUgFujewPvTElM1Sy10y7BcZohKw28uLRFVsKunc9yX2PiQoTSB4PHBHRA4U5dEQV3GHQJ93nee7VT3oeQPMVebWhuhOhi34Z33LQajzpCF3OjIbJb0tOPP6L6N/ODqkNsYViI3kgCnkNhexadOuGFWIqen2Q8iv2uOZWbPirt0YEeKZIk2dpND07L8Q3OsoQCk2rjpnw9LuFrjgu7gN9gFyPq25HJRBn7PM/lS60DF+xVkJq94PwN+CiZWC43SVcBGx65DFZIs/N78MZCUzZbFlsS7FsIrDJt878cp9eZdq/Ai4LZhL8QYHpVUrQxRxZGSqooA755N6nOxw66JkA1VPnjECCMgoNNtWox0JzhMe8PBdh2ZliXf8yQ6/eTvsG6FD84F+49pc7m0L99pfWHb9ClyO3KRHscp/MOIC1MJmqoB4dNxV20U+z8/lSTIvcmM8DiaAZj/yxlst90drlGydlyPjQzYd/XtIYcO5gHoeD1KUCZRapE5dkyk5vh97WZJn/JkR8hsslU3D6x3rNGwJbQVRu0IiA3PpeAQNZBNAJHHfv8IzIYxPhMJdYq0YqLIGSUYu87D04cDOxJY7hgawYs+ExOWb7XkbpuRoITQd8zpwVDFlSCS+wFO+qah3Vn8RBTc6cXHO5xRWfUNj+NrEtPdVmax+9EXqXtHQyFpxaauvL96RH+mGwpKHOk3aisXbZ6gLE2mF4egGjjJOIJdHyb2ZR+kj+4GIvkoBwipDgUfr4UBXY8pvFxQOxRgtI4LgOY9Z1Aco7Mwp6qi1KoMFJW8d+gJwsgM3cMsyEeYH1n/mdpJW6VDbIWzOHkP5n+OKKNm2vJTkQFFwF9eOtGy9fNBtS4qo4jvOUJnnAPsrPbGMbBYd1dMC3daHLEwvIKCAVBn7q1Z2c4zAD5eEoY0EwZj/j8x8lGQ8TswFT81ZotW7ZBDai/YtV8mkGfuaWJRI5yHc/bV7GWLF+yrMji/jicBF5jy2UoqwxseqjgTut49FRgBH3h1qwnfYbXD3FvQljyAAgBCiZV726pFRG+sZv0FjDbq0iCKILVSEUDZgmQ",
+               "shared":true,
+               "uploaded_signed_key_count":50
+
+            },
+            "sessions":[
+               {
+                  "pickle":"cryZlFaQv0hwWe6tTgv75RExFKGnC8tMHBXJYMHOw4s+SdrKUYAMUdGcYD7QukrPklEOy7fJho9YGK/jV04QdA8JABiOfD+ngJTR4V8eZdmDuG08+Q5EL79V81hQwU2fKndP0y/9nAXPUIADYq0Zrg4EsOnXz7aE+hAeBAm0IBog1s8RYUvynZ15uwjbd/OTLP+gpqpX33DwVg2leiBkQetiUSpOpZCuQ8CcZwIA0MoGCqvaT7h76VHX9JxJx+2fCMhsJMx1nhd99WJH1W9ge5CtdbC4KUP92OSxIrPOnMrNcOPJPp/paZP+HFNQ3PDL+z8pGKXmCnrXGSbd7iPHurPYESrVkBzr",
+                  "sender_key":"WJ6Ce7U67a6jqkHYHd8o0+5H4bqdi9hInZdk0+swuXs",
+                  "created_using_fallback_key":false,
+                  "creation_time":"1649425011424",
+                  "last_use_time":"1649425011424"
+               },
+               {
+                  "pickle":"cryZlFaQv0hwWe6tTgv75RExFKGnC8tMHBXJYMHOw4t2W/lowyrV6SXVZp+uG59im0AAfNSKjhjZuiOpQlX7MS+AOJkCNvyujJ2g3KSjLZ94IkoHxkBDHLWSjwaLPu40rfOzJPDpm0XZsR6bQrsxKOmXLGEw2qw5jOTouzMVL2gvuuTix97nSYSU8j3XvTMRUoh0AF/tUpRLcvEFZeGrdUYmTMlyTv4na+FVUalUZ+jrk8t1/sM99JNq3SY1IBSjrBq/0rCOHieiippz0sw2fe2b87id4rqj1g3R9w2MWTWEdOz3ugjMGYF1YDBQZA1tJZ/hmgppk2AU2xKQXE2X3DgSC6fC66D4",
+                  "sender_key":"RzRROfmHNlBfzxnNCUYBfn/5oZNQ11XYjDg59hS+mV0",
+                  "created_using_fallback_key":false,
+                  "creation_time":"1649425011503",
+                  "last_use_time":"1649425011503"
+               },
+               {
+                  "pickle":"cryZlFaQv0hwWe6tTgv75RExFKGnC8tMHBXJYMHOw4titbL3SS12PYHpcBPJc6hXnOnZXqrjtjYOD545fck+3utEo8cqqwWubc9tsvxGW3tOWPttLBdAW30Vn8V1M8ebqVCNVWEAb1GKjV4ni8xG7G9SlEcCjLjnF4lJpddSZkqVMFoN0ITr9aSz/eJwXpc3HLreUFXwc8LuQp7krQ4Vt1e5EE/klduqsdurZf5V14RHsmWz2lKjt7nVgtIz/dhtF5F/sGJdg8kCGaHIMSbGAPuPPpa4/Laicb/5otrYt4pg4W4KdFpSGJIcvUQNjXaOZMx3cu/RPJIOyNhx7whG1QiYAUBqAJvr",
+                  "sender_key":"IXSZugAHig1v8MowE1jxi2wDDDfuZBeJynHlegJVwUc",
+                  "created_using_fallback_key":false,
+                  "creation_time":"1649425011566",
+                  "last_use_time":"1649425011566"
+               },
+               {
+                  "pickle":"SmkDiFZjNukiarQ7XHQo25FILHsuhNOnxy56cMSQU/Y71jaGbJes4YrvN4Dfy4RSONfejEDXDkbW2JudlHHRP/rWEmnfJiGbK6ArbrG2puqIZgOecPnOUgPfCisr49p1Gmf36dPaO5lm/ZSrngfSoxahoeJJE/CcJN98sYM15XytRk2LBwc+CyYDqr4V1qxfsBt6tzJ4+tsAZeRdD0UtipQgysgH56o8N7nKTCkaZz5lfpYCl3FEgwXpLJ0MGQvtQmbORFvOLqR1jZ/EbmNGKiqDDIYsqG0sf78ii1jqfpLDBXLuYDccsg",
+                  "sender_key":"EB9SC4jVAydKhM6/GcwMc9biKwVNywqW3TerNTrtb1M",
+                  "created_using_fallback_key":false,
+                  "creation_time":"1649542063182",
+                  "last_use_time":"1649542063182"
+               }
+            ],
+            "inbound_group_sessions":[
+               {
+                  "pickle":"KoA0sxDNQ7lz0vylU9zlmar0VCVQRMCfRrIfTh1bdMhlAgy8/D2ToT+oKRaKy1HiW6H862bzdpgxprlseSjmip9OfLbIuyd2YZcEinwc2666oEI/hpk4oTlE61uE1M+ThfdFf41yGCmaAP7mhjwF234ZrZ6i/F/qx42TLQ8Unc30wDJaJgyheO5eW85SD/0g0cdg2WnEKrx2/wl7Vg/YijT3JMDZ+OsdfJfSZtxBNjlG+PQ/9D31qb1eHfaovc8vFZh5QLfAFg/5rBrF1PhRsC7xOAZbUNdrTbvypNfMM4mznf84C2SzZRSMeAfg5v/YticM3Keg4eHuEj1WO9DrmRXYl6b/pITdf1xuk5euVT0pyxJpXmq41AoAZKAo1l94HGy1LG1RpruD1uQPhiponh5PGHSOf43Q",
+                  "sender_key":"vJfH7wiYmGos3C8U1XcJ//YWSmkueAYqrmUA6/ukfAM",
+                  "signing_key":{
+                     "ed25519":"JGgPQRuYj3ScMdPS+A0P+k/1qS9Hr3qeKXLscI+hS78"
+                  },
+                  "room_id":"!AZkqtjvtwPAuyNOXEt:matrix.org",
+                  "forwarding_chains":[
+                  ],
+                  "imported":true,
+                  "backed_up":true
+               },
+               {
+                  "pickle":"9RF6GBu9CvjZZx2hxIlw2gMdKs36LFhXhLTHAPrLSjT2OTbeE/jK263+iiFdSpF7Cblp/lXzljPKJN6sL8JGzoT7ssYh56nI0kKsp7/y88z+tTOH/5NYYTmZzHYw6yy4Cmaxh0pdHDs+RQpSSIe9jhF/EJJna5jcKYXxDY52m8H4LECQzVuDlYfblCr9zoYWhQrVhiRDGy7eLhk4X6Rp0Yoek4YUKcCQArDfZ/Vf43qfHUpOJgRpm5Oyj42HA/j4xZBb5U0Fmo6YHRPt0/KuWrDfpgJSGiN0zza7641IfADg8f3WdhlPAWMyri7k4vOZMBjlwFNcMpc0wM2TaTmbi2zqXEKZy9Oh/eJqBapFx0oNWaQ1VQ++iXxGUbZhwy7x2vd6UkqUTwYeym+aP23ee3TCtnNWN0aC",
+                  "sender_key":"EB9SC4jVAydKhM6/GcwMc9biKwVNywqW3TerNTrtb1M",
+                  "signing_key":{
+                     "ed25519":"1NXa5GyJ+p2ruAClEque+TL1VktrBzMW4dZFNfNGrvc"
+                  },
+                  "room_id":"!CWLUCoEWXSFyTCOtfL:matrix.org",
+                  "forwarding_chains":[],
+                  "imported":true,
+                  "backed_up":true
+               }
+            ],
+            "pickle_key": [17, 36, 120, 74, 95, 78, 56, 36, 62, 123, 5, 105, 74,
+                           111, 70, 48, 51, 101, 66, 86, 116, 14, 114, 85, 85,
+                           92, 44, 71, 89, 99, 55, 74],
+            "backup_version":"3",
+            "backup_recovery_key":"EsTHScmRV5oT1WBhe2mj2Gn3odeYantZ4NEk7L51p6L8hrmB",
+            "cross_signing":{
+               "master_key":"trnK/dBv/M2x2zZt8lnORHQqmFHWvjYE6rdlAONRUPY",
+               "self_signing_key":"SJhsj9jXC4hxhqS/1B3RZ65zWMHuF+1fUjWHrzVRh6w",
+               "user_signing_key":"LPYrV11T9Prm4ZIUxrq2a8Y/F64R1+NaGNyo6GlXjGg"
+            },
+            "tracked_users":[
+               "@ganfra146:matrix.org",
+               "@this-is-me:matrix.org",
+               "@Amandine:matrix.org",
+               "@ganfra:matrix.org"
+            ]
+        });
+
+        let migration_data: MigrationData = serde_json::from_value(data)?;
+
+        let dir = tempdir()?;
+        let path =
+            dir.path().to_str().expect("Creating a string from the tempdir path should not fail");
+
+        migrate(migration_data, path, None, Box::new(|_, _| {}))?;
+
+        let machine = OlmMachine::new("@ganfra146:matrix.org", "DEWRCMENGS", path, None)?;
+
+        assert_eq!(
+            machine.identity_keys()["ed25519"],
+            "JGgPQRuYj3ScMdPS+A0P+k/1qS9Hr3qeKXLscI+hS78"
+        );
+
+        let room_keys = machine.runtime.block_on(machine.inner.export_keys(|_| true))?;
+        assert_eq!(room_keys.len(), 2);
+
+        let cross_signing_status = machine.cross_signing_status();
+        assert!(cross_signing_status.has_master);
+        assert!(cross_signing_status.has_user_signing);
+        assert!(cross_signing_status.has_self_signing);
+
+        let backup_keys = machine.get_backup_keys()?;
+        assert!(backup_keys.is_some());
+
+        Ok(())
+    }
+}

bindings/matrix-sdk-crypto-ffi/src/logger.rs

@@ -0,0 +1,56 @@
+use std::{
+    io::{Result, Write},
+    sync::{Arc, Mutex},
+};
+
+use tracing_subscriber::{fmt::MakeWriter, EnvFilter};
+
+/// Trait that can be used to forward Rust logs over FFI to a language specific
+/// logger.
+pub trait Logger: Send {
+    /// Called every time the Rust side wants to post a log line.
+    fn log(&self, log_line: String);
+    // TODO add support for different log levels, do this by adding more methods
+    // to the trait.
+}
+
+impl Write for LoggerWrapper {
+    fn write(&mut self, buf: &[u8]) -> Result<usize> {
+        let data = String::from_utf8_lossy(buf).to_string();
+        self.inner.lock().unwrap().log(data);
+
+        Ok(buf.len())
+    }
+
+    fn flush(&mut self) -> Result<()> {
+        Ok(())
+    }
+}
+
+impl MakeWriter<'_> for LoggerWrapper {
+    type Writer = LoggerWrapper;
+
+    fn make_writer(&self) -> Self::Writer {
+        self.clone()
+    }
+}
+
+#[derive(Clone)]
+pub struct LoggerWrapper {
+    inner: Arc<Mutex<Box<dyn Logger>>>,
+}
+
+/// Set the logger that should be used to forward Rust logs over FFI.
+pub fn set_logger(logger: Box<dyn Logger>) {
+    let logger = LoggerWrapper { inner: Arc::new(Mutex::new(logger)) };
+
+    let filter = EnvFilter::from_default_env().add_directive(
+        "matrix_sdk_crypto=trace".parse().expect("Can't parse logging filter directive"),
+    );
+
+    let _ = tracing_subscriber::fmt()
+        .with_writer(logger)
+        .with_env_filter(filter)
+        .without_time()
+        .try_init();
+}

bindings/matrix-sdk-crypto-ffi/src/olm.udl

@@ -0,0 +1,483 @@
+namespace olm {
+    void set_logger(Logger logger);
+    [Throws=MigrationError]
+    void migrate(
+        MigrationData data,
+        [ByRef] string path,
+        string? passphrase,
+        ProgressListener progress_listener
+    );
+};
+
+[Error]
+interface MigrationError {
+  Generic(string error_message);
+};
+
+callback interface Logger {
+    void log(string logLine);
+};
+
+callback interface ProgressListener {
+    void on_progress(i32 progress, i32 total);
+};
+
+[Error]
+enum PkDecryptionError {
+    "Olm",
+};
+
+[Error]
+enum KeyImportError {
+    "Export",
+    "CryptoStore",
+    "Json",
+};
+
+[Error]
+enum SignatureError {
+    "Signature",
+    "Identifier",
+    "CryptoStore",
+    "UnknownDevice",
+    "UnknownUserIdentity",
+};
+
+[Error]
+enum SecretImportError {
+    "Import",
+    "CryptoStore",
+};
+
+
+[Error]
+enum CryptoStoreError {
+    "CryptoStore",
+    "OlmError",
+    "Serialization",
+    "Identifier",
+    "InvalidUserId",
+};
+
+[Error]
+enum DecryptionError {
+    "Identifier",
+    "Serialization",
+    "Megolm",
+};
+
+dictionary DeviceLists {
+    sequence<string> changed;
+    sequence<string> left;
+};
+
+dictionary KeysImportResult {
+    i64 imported;
+    i64 total;
+    record<DOMString, record<DOMString, sequence<string>>> keys;
+};
+
+dictionary DecryptedEvent {
+    string clear_event;
+    string sender_curve25519_key;
+    string? claimed_ed25519_key;
+    sequence<string> forwarding_curve25519_chain;
+};
+
+dictionary Device {
+    string user_id;
+    string device_id;
+    record<DOMString, string> keys;
+    sequence<string> algorithms;
+    string? display_name;
+    boolean is_blocked;
+    boolean locally_trusted;
+    boolean cross_signing_trusted;
+};
+
+[Enum]
+interface UserIdentity {
+    Own(
+        string user_id,
+        boolean trusts_our_own_device,
+        string master_key,
+        string self_signing_key,
+        string user_signing_key
+    );
+    Other(
+        string user_id,
+        string master_key,
+        string self_signing_key
+    );
+};
+
+dictionary CrossSigningStatus {
+    boolean has_master;
+    boolean has_self_signing;
+    boolean has_user_signing;
+};
+
+dictionary CrossSigningKeyExport {
+    string? master_key;
+    string? self_signing_key;
+    string? user_signing_key;
+};
+
+dictionary UploadSigningKeysRequest {
+    string master_key;
+    string self_signing_key;
+    string user_signing_key;
+};
+
+dictionary BootstrapCrossSigningResult {
+   UploadSigningKeysRequest upload_signing_keys_request;
+   SignatureUploadRequest signature_request;
+};
+
+dictionary CancelInfo {
+    string cancel_code;
+    string reason;
+    boolean cancelled_by_us;
+};
+
+dictionary StartSasResult {
+    Sas sas;
+    OutgoingVerificationRequest request;
+};
+
+dictionary Sas {
+    string other_user_id;
+    string other_device_id;
+    string flow_id;
+    string? room_id;
+    boolean we_started;
+    boolean has_been_accepted;
+    boolean can_be_presented;
+    boolean supports_emoji;
+    boolean have_we_confirmed;
+    boolean is_done;
+    boolean is_cancelled;
+    CancelInfo? cancel_info;
+};
+
+dictionary ScanResult {
+    QrCode qr;
+    OutgoingVerificationRequest request;
+};
+
+dictionary QrCode {
+    string other_user_id;
+    string other_device_id;
+    string flow_id;
+    string? room_id;
+    boolean we_started;
+    boolean other_side_scanned;
+    boolean has_been_confirmed;
+    boolean reciprocated;
+    boolean is_done;
+    boolean is_cancelled;
+    CancelInfo? cancel_info;
+};
+
+dictionary VerificationRequest {
+    string other_user_id;
+    string? other_device_id;
+    string flow_id;
+    string? room_id;
+    boolean we_started;
+    boolean is_ready;
+    boolean is_passive;
+    boolean is_done;
+    boolean is_cancelled;
+    CancelInfo? cancel_info;
+    sequence<string>? their_methods;
+    sequence<string>? our_methods;
+
+};
+
+dictionary RequestVerificationResult {
+    VerificationRequest verification;
+    OutgoingVerificationRequest request;
+};
+
+dictionary ConfirmVerificationResult {
+    sequence<OutgoingVerificationRequest> requests;
+    SignatureUploadRequest? signature_request;
+};
+
+[Enum]
+interface Verification {
+    SasV1(Sas sas);
+    QrCodeV1(QrCode qrcode);
+};
+
+dictionary KeyRequestPair {
+    Request? cancellation;
+    Request key_request;
+};
+
+[Enum]
+interface OutgoingVerificationRequest {
+    ToDevice(string request_id, string event_type, string body);
+    InRoom(string request_id, string room_id, string event_type, string content);
+};
+
+[Enum]
+interface Request {
+    ToDevice(string request_id, string event_type, string body);
+    KeysUpload(string request_id, string body);
+    KeysQuery(string request_id, sequence<string> users);
+    KeysClaim(string request_id, record<DOMString, record<DOMString, string>> one_time_keys);
+    KeysBackup(string request_id, string version, string rooms);
+    RoomMessage(string request_id, string room_id, string event_type, string content);
+    SignatureUpload(string request_id, string body);
+};
+
+dictionary SignatureUploadRequest {
+    string body;
+};
+
+enum RequestType {
+    "KeysQuery",
+    "KeysClaim",
+    "KeysUpload",
+    "ToDevice",
+    "SignatureUpload",
+    "KeysBackup",
+    "RoomMessage",
+};
+
+interface OlmMachine {
+    [Throws=CryptoStoreError]
+    constructor(
+        [ByRef] string user_id,
+        [ByRef] string device_id,
+        [ByRef] string path,
+        string? passphrase
+    );
+
+    record<DOMString, string> identity_keys();
+    string user_id();
+    string device_id();
+
+    [Throws=CryptoStoreError]
+    string receive_sync_changes([ByRef] string events,
+                              DeviceLists device_changes,
+                              record<DOMString, i32> key_counts,
+                              sequence<string>? unused_fallback_keys);
+    [Throws=CryptoStoreError]
+    sequence<Request> outgoing_requests();
+    [Throws=CryptoStoreError]
+    void mark_request_as_sent(
+        [ByRef] string request_id,
+        RequestType request_type,
+        [ByRef] string response
+    );
+
+    [Throws=DecryptionError]
+    DecryptedEvent decrypt_room_event([ByRef] string event, [ByRef] string room_id);
+    [Throws=CryptoStoreError]
+    string encrypt([ByRef] string room_id, [ByRef] string event_type, [ByRef] string content);
+
+    [Throws=CryptoStoreError]
+    UserIdentity? get_identity([ByRef] string user_id, u32 timeout);
+    [Throws=SignatureError]
+    SignatureUploadRequest verify_identity([ByRef] string user_id);
+    [Throws=CryptoStoreError]
+    Device? get_device([ByRef] string user_id, [ByRef] string device_id, u32 timeout);
+    [Throws=CryptoStoreError]
+    void mark_device_as_trusted([ByRef] string user_id, [ByRef] string device_id);
+    [Throws=SignatureError]
+    SignatureUploadRequest verify_device([ByRef] string user_id, [ByRef] string device_id);
+    [Throws=CryptoStoreError]
+    sequence<Device> get_user_devices([ByRef] string user_id, u32 timeout);
+
+    [Throws=CryptoStoreError]
+    boolean is_user_tracked([ByRef] string user_id);
+    void update_tracked_users(sequence<string> users);
+    [Throws=CryptoStoreError]
+    Request? get_missing_sessions(sequence<string> users);
+    [Throws=CryptoStoreError]
+    sequence<Request> share_room_key([ByRef] string room_id, sequence<string> users);
+
+    [Throws=CryptoStoreError]
+    void receive_unencrypted_verification_event([ByRef] string event, [ByRef] string room_id);
+    sequence<VerificationRequest> get_verification_requests([ByRef] string user_id);
+    VerificationRequest? get_verification_request([ByRef] string user_id, [ByRef] string flow_id);
+    Verification? get_verification([ByRef] string user_id, [ByRef] string flow_id);
+
+    [Throws=CryptoStoreError]
+    VerificationRequest? request_verification(
+        [ByRef] string user_id,
+        [ByRef] string room_id,
+        [ByRef] string event_id,
+        sequence<string> methods
+    );
+    [Throws=CryptoStoreError]
+    string? verification_request_content(
+        [ByRef] string user_id,
+        sequence<string> methods
+    );
+    [Throws=CryptoStoreError]
+    RequestVerificationResult? request_self_verification(sequence<string> methods);
+    [Throws=CryptoStoreError]
+    RequestVerificationResult? request_verification_with_device(
+        [ByRef] string user_id,
+        [ByRef] string device_id,
+        sequence<string> methods
+    );
+
+    OutgoingVerificationRequest? accept_verification_request(
+        [ByRef] string user_id,
+        [ByRef] string flow_id,
+        sequence<string> methods
+    );
+
+    [Throws=CryptoStoreError]
+    ConfirmVerificationResult? confirm_verification([ByRef] string user_id, [ByRef] string flow_id);
+    OutgoingVerificationRequest? cancel_verification(
+        [ByRef] string user_id,
+        [ByRef] string flow_id,
+        [ByRef] string cancel_code
+    );
+
+    [Throws=CryptoStoreError]
+    StartSasResult? start_sas_with_device([ByRef] string user_id, [ByRef] string device_id);
+    [Throws=CryptoStoreError]
+    StartSasResult? start_sas_verification([ByRef] string user_id, [ByRef] string flow_id);
+    OutgoingVerificationRequest? accept_sas_verification([ByRef] string user_id, [ByRef] string flow_id);
+    sequence<i32>? get_emoji_index([ByRef] string user_id, [ByRef] string flow_id);
+    sequence<i32>? get_decimals([ByRef] string user_id, [ByRef] string flow_id);
+
+    [Throws=CryptoStoreError]
+    QrCode? start_qr_verification([ByRef] string user_id, [ByRef] string flow_id);
+    ScanResult? scan_qr_code([ByRef] string user_id, [ByRef] string flow_id, [ByRef] string data);
+    string? generate_qr_code([ByRef] string user_id, [ByRef] string flow_id);
+
+    [Throws=DecryptionError]
+    KeyRequestPair request_room_key([ByRef] string event, [ByRef] string room_id);
+
+    [Throws=CryptoStoreError]
+    string export_keys([ByRef] string passphrase, i32 rounds);
+    [Throws=KeyImportError]
+    KeysImportResult import_keys(
+        [ByRef] string keys,
+        [ByRef] string passphrase,
+        ProgressListener progress_listener
+    );
+    [Throws=KeyImportError]
+    KeysImportResult import_decrypted_keys(
+        [ByRef] string keys,
+        ProgressListener progress_listener
+    );
+    [Throws=CryptoStoreError]
+    void discard_room_key([ByRef] string room_id);
+
+    CrossSigningStatus cross_signing_status();
+    [Throws=CryptoStoreError]
+    BootstrapCrossSigningResult bootstrap_cross_signing();
+    CrossSigningKeyExport? export_cross_signing_keys();
+    [Throws=SecretImportError]
+    void import_cross_signing_keys(CrossSigningKeyExport export);
+    [Throws=CryptoStoreError]
+    boolean is_identity_verified([ByRef] string user_id);
+
+    record<DOMString, record<DOMString, string>> sign([ByRef] string message);
+    [Throws=DecodeError]
+    void enable_backup_v1(MegolmV1BackupKey key, string version);
+    [Throws=CryptoStoreError]
+    void disable_backup();
+    [Throws=CryptoStoreError]
+    Request? backup_room_keys();
+    [Throws=CryptoStoreError]
+    void save_recovery_key(BackupRecoveryKey? key, string? version);
+    [Throws=CryptoStoreError]
+    RoomKeyCounts room_key_counts();
+    [Throws=CryptoStoreError]
+    BackupKeys? get_backup_keys();
+    boolean backup_enabled();
+    [Throws=CryptoStoreError]
+    boolean verify_backup([ByRef] string auth_data);
+};
+
+dictionary PassphraseInfo {
+    string private_key_salt;
+    i32 private_key_iterations;
+};
+
+dictionary MegolmV1BackupKey {
+    string public_key;
+    record<DOMString, record<DOMString, string>> signatures;
+    PassphraseInfo? passphrase_info;
+    string backup_algorithm;
+};
+
+interface BackupKeys {
+    BackupRecoveryKey recovery_key();
+    string backup_version();
+};
+
+dictionary RoomKeyCounts {
+    i64 total;
+    i64 backed_up;
+};
+
+[Error]
+enum DecodeError {
+    "Decode",
+    "CryptoStore",
+};
+
+interface BackupRecoveryKey {
+    constructor();
+    [Name=from_passphrase]
+    constructor(string passphrase, string salt, i32 rounds);
+    [Name=new_from_passphrase]
+    constructor(string passphrase);
+    [Name=from_base64, Throws=DecodeError]
+    constructor(string key);
+    [Name=from_base58, Throws=DecodeError]
+    constructor(string key);
+    string to_base58();
+    string to_base64();
+    MegolmV1BackupKey megolm_v1_public_key();
+    [Throws=PkDecryptionError]
+    string decrypt_v1(string ephemeral_key, string mac, string ciphertext);
+};
+
+dictionary MigrationData {
+    PickledAccount account;
+    sequence<PickledSession> sessions;
+    sequence<PickledInboundGroupSession> inbound_group_sessions;
+    string? backup_version;
+    string? backup_recovery_key;
+    sequence<u8> pickle_key;
+    CrossSigningKeyExport cross_signing;
+    sequence<string> tracked_users;
+};
+
+dictionary PickledAccount {
+    string user_id;
+    string device_id;
+    string pickle;
+    boolean shared;
+    i64 uploaded_signed_key_count;
+};
+
+dictionary PickledSession {
+    string pickle;
+    string sender_key;
+    boolean created_using_fallback_key;
+    string creation_time;
+    string last_use_time;
+};
+
+dictionary PickledInboundGroupSession {
+    string pickle;
+    string sender_key;
+    record<DOMString, string> signing_key;
+    string room_id;
+    sequence<string> forwarding_chains;
+    boolean imported;
+    boolean backed_up;
+};

bindings/matrix-sdk-crypto-ffi/src/responses.rs

@@ -0,0 +1,332 @@
+#![allow(missing_docs)]
+
+use std::collections::HashMap;
+
+use http::Response;
+use matrix_sdk_crypto::{
+    IncomingResponse, OutgoingRequest, OutgoingVerificationRequest as SdkVerificationRequest,
+    RoomMessageRequest, ToDeviceRequest, UploadSigningKeysRequest as RustUploadSigningKeysRequest,
+};
+use ruma::{
+    api::client::{
+        backup::add_backup_keys::v3::Response as KeysBackupResponse,
+        keys::{
+            claim_keys::v3::{Request as KeysClaimRequest, Response as KeysClaimResponse},
+            get_keys::v3::Response as KeysQueryResponse,
+            upload_keys::v3::Response as KeysUploadResponse,
+            upload_signatures::v3::{
+                Request as RustSignatureUploadRequest, Response as SignatureUploadResponse,
+            },
+        },
+        message::send_message_event::v3::Response as RoomMessageResponse,
+        sync::sync_events::v3::DeviceLists as RumaDeviceLists,
+        to_device::send_event_to_device::v3::Response as ToDeviceResponse,
+    },
+    assign,
+    events::EventContent,
+    OwnedTransactionId, UserId,
+};
+use serde_json::json;
+
+pub struct SignatureUploadRequest {
+    pub body: String,
+}
+
+impl From<RustSignatureUploadRequest> for SignatureUploadRequest {
+    fn from(r: RustSignatureUploadRequest) -> Self {
+        Self {
+            body: serde_json::to_string(&r.signed_keys)
+                .expect("Can't serialize signature upload request"),
+        }
+    }
+}
+
+pub struct UploadSigningKeysRequest {
+    pub master_key: String,
+    pub self_signing_key: String,
+    pub user_signing_key: String,
+}
+
+impl From<RustUploadSigningKeysRequest> for UploadSigningKeysRequest {
+    fn from(r: RustUploadSigningKeysRequest) -> Self {
+        Self {
+            master_key: serde_json::to_string(
+                &r.master_key.expect("Request didn't contain a master key"),
+            )
+            .expect("Can't serialize cross signing master key"),
+            self_signing_key: serde_json::to_string(
+                &r.self_signing_key.expect("Request didn't contain a self-signing key"),
+            )
+            .expect("Can't serialize cross signing self-signing key"),
+            user_signing_key: serde_json::to_string(
+                &r.user_signing_key.expect("Request didn't contain a user-signing key"),
+            )
+            .expect("Can't serialize cross signing user-signing key"),
+        }
+    }
+}
+
+pub struct BootstrapCrossSigningResult {
+    pub upload_signing_keys_request: UploadSigningKeysRequest,
+    pub signature_request: SignatureUploadRequest,
+}
+
+impl From<(RustUploadSigningKeysRequest, RustSignatureUploadRequest)>
+    for BootstrapCrossSigningResult
+{
+    fn from(requests: (RustUploadSigningKeysRequest, RustSignatureUploadRequest)) -> Self {
+        Self {
+            upload_signing_keys_request: requests.0.into(),
+            signature_request: requests.1.into(),
+        }
+    }
+}
+
+pub enum OutgoingVerificationRequest {
+    ToDevice { request_id: String, event_type: String, body: String },
+    InRoom { request_id: String, room_id: String, event_type: String, content: String },
+}
+
+impl From<SdkVerificationRequest> for OutgoingVerificationRequest {
+    fn from(r: SdkVerificationRequest) -> Self {
+        match r {
+            SdkVerificationRequest::ToDevice(r) => r.into(),
+            SdkVerificationRequest::InRoom(r) => Self::InRoom {
+                request_id: r.txn_id.to_string(),
+                room_id: r.room_id.to_string(),
+                content: serde_json::to_string(&r.content)
+                    .expect("Can't serialize message content"),
+                event_type: r.content.event_type().to_string(),
+            },
+        }
+    }
+}
+
+impl From<ToDeviceRequest> for OutgoingVerificationRequest {
+    fn from(r: ToDeviceRequest) -> Self {
+        Self::ToDevice {
+            request_id: r.txn_id.to_string(),
+            event_type: r.event_type.to_string(),
+            body: serde_json::to_string(&r.messages).expect("Can't serialize to-device body"),
+        }
+    }
+}
+
+#[derive(Debug)]
+pub enum Request {
+    ToDevice { request_id: String, event_type: String, body: String },
+    KeysUpload { request_id: String, body: String },
+    KeysQuery { request_id: String, users: Vec<String> },
+    KeysClaim { request_id: String, one_time_keys: HashMap<String, HashMap<String, String>> },
+    RoomMessage { request_id: String, room_id: String, event_type: String, content: String },
+    SignatureUpload { request_id: String, body: String },
+    KeysBackup { request_id: String, version: String, rooms: String },
+}
+
+impl From<OutgoingRequest> for Request {
+    fn from(r: OutgoingRequest) -> Self {
+        use matrix_sdk_crypto::OutgoingRequests::*;
+
+        match r.request() {
+            KeysUpload(u) => {
+                let body = json!({
+                    "device_keys": u.device_keys,
+                    "one_time_keys": u.one_time_keys,
+                    "fallback_keys": u.fallback_keys,
+                });
+
+                Request::KeysUpload {
+                    request_id: r.request_id().to_string(),
+                    body: serde_json::to_string(&body)
+                        .expect("Can't serialize keys upload request"),
+                }
+            }
+            KeysQuery(k) => {
+                let users: Vec<String> = k.device_keys.keys().map(|u| u.to_string()).collect();
+                Request::KeysQuery { request_id: r.request_id().to_string(), users }
+            }
+            ToDeviceRequest(t) => Request::from(t),
+            SignatureUpload(t) => Request::SignatureUpload {
+                request_id: r.request_id().to_string(),
+                body: serde_json::to_string(&t.signed_keys)
+                    .expect("Can't serialize signature upload request"),
+            },
+            RoomMessage(r) => Request::from(r),
+            KeysClaim(c) => (r.request_id().to_owned(), c.clone()).into(),
+            KeysBackup(b) => Request::KeysBackup {
+                request_id: r.request_id().to_string(),
+                version: b.version.to_owned(),
+                rooms: serde_json::to_string(&b.rooms)
+                    .expect("Can't serialize keys backup request"),
+            },
+        }
+    }
+}
+
+impl From<ToDeviceRequest> for Request {
+    fn from(r: ToDeviceRequest) -> Self {
+        Request::ToDevice {
+            request_id: r.txn_id.to_string(),
+            event_type: r.event_type.to_string(),
+            body: serde_json::to_string(&r.messages).expect("Can't serialize to-device body"),
+        }
+    }
+}
+
+impl From<(OwnedTransactionId, KeysClaimRequest)> for Request {
+    fn from(request_tuple: (OwnedTransactionId, KeysClaimRequest)) -> Self {
+        let (request_id, request) = request_tuple;
+
+        Request::KeysClaim {
+            request_id: request_id.to_string(),
+            one_time_keys: request
+                .one_time_keys
+                .into_iter()
+                .map(|(u, d)| {
+                    (
+                        u.to_string(),
+                        d.into_iter().map(|(k, v)| (k.to_string(), v.to_string())).collect(),
+                    )
+                })
+                .collect(),
+        }
+    }
+}
+
+impl From<&ToDeviceRequest> for Request {
+    fn from(r: &ToDeviceRequest) -> Self {
+        Request::ToDevice {
+            request_id: r.txn_id.to_string(),
+            event_type: r.event_type.to_string(),
+            body: serde_json::to_string(&r.messages).expect("Can't serialize to-device body"),
+        }
+    }
+}
+
+impl From<&RoomMessageRequest> for Request {
+    fn from(r: &RoomMessageRequest) -> Self {
+        Self::RoomMessage {
+            request_id: r.txn_id.to_string(),
+            room_id: r.room_id.to_string(),
+            event_type: r.content.event_type().to_string(),
+            content: serde_json::to_string(&r.content).expect("Can't serialize message content"),
+        }
+    }
+}
+
+pub(crate) fn response_from_string(body: &str) -> Response<Vec<u8>> {
+    Response::builder()
+        .status(200)
+        .body(body.as_bytes().to_vec())
+        .expect("Can't create HTTP response")
+}
+
+pub enum RequestType {
+    KeysQuery,
+    KeysClaim,
+    KeysUpload,
+    ToDevice,
+    SignatureUpload,
+    KeysBackup,
+    RoomMessage,
+}
+
+pub struct DeviceLists {
+    pub changed: Vec<String>,
+    pub left: Vec<String>,
+}
+
+impl From<DeviceLists> for RumaDeviceLists {
+    fn from(d: DeviceLists) -> Self {
+        assign!(RumaDeviceLists::new(), {
+            changed: d
+                .changed
+                .into_iter()
+                .filter_map(|u| UserId::parse(u).ok())
+                .collect(),
+            left: d
+                .left
+                .into_iter()
+                .filter_map(|u| UserId::parse(u).ok())
+                .collect(),
+        })
+    }
+}
+
+pub struct KeysImportResult {
+    /// The number of room keys that were imported.
+    pub imported: i64,
+    /// The total number of room keys that were found in the export.
+    pub total: i64,
+    /// The map of keys that were imported.
+    ///
+    /// It's a map from room id to a map of the sender key to a list of session
+    /// ids.
+    pub keys: HashMap<String, HashMap<String, Vec<String>>>,
+}
+
+pub(crate) enum OwnedResponse {
+    KeysClaim(KeysClaimResponse),
+    KeysUpload(KeysUploadResponse),
+    KeysQuery(KeysQueryResponse),
+    ToDevice(ToDeviceResponse),
+    SignatureUpload(SignatureUploadResponse),
+    KeysBackup(KeysBackupResponse),
+    RoomMessage(RoomMessageResponse),
+}
+
+impl From<KeysClaimResponse> for OwnedResponse {
+    fn from(response: KeysClaimResponse) -> Self {
+        OwnedResponse::KeysClaim(response)
+    }
+}
+
+impl From<KeysQueryResponse> for OwnedResponse {
+    fn from(response: KeysQueryResponse) -> Self {
+        OwnedResponse::KeysQuery(response)
+    }
+}
+
+impl From<KeysUploadResponse> for OwnedResponse {
+    fn from(response: KeysUploadResponse) -> Self {
+        OwnedResponse::KeysUpload(response)
+    }
+}
+
+impl From<ToDeviceResponse> for OwnedResponse {
+    fn from(response: ToDeviceResponse) -> Self {
+        OwnedResponse::ToDevice(response)
+    }
+}
+
+impl From<SignatureUploadResponse> for OwnedResponse {
+    fn from(response: SignatureUploadResponse) -> Self {
+        Self::SignatureUpload(response)
+    }
+}
+
+impl From<KeysBackupResponse> for OwnedResponse {
+    fn from(r: KeysBackupResponse) -> Self {
+        Self::KeysBackup(r)
+    }
+}
+
+impl From<RoomMessageResponse> for OwnedResponse {
+    fn from(response: RoomMessageResponse) -> Self {
+        OwnedResponse::RoomMessage(response)
+    }
+}
+
+impl<'a> From<&'a OwnedResponse> for IncomingResponse<'a> {
+    fn from(r: &'a OwnedResponse) -> Self {
+        match r {
+            OwnedResponse::KeysClaim(r) => IncomingResponse::KeysClaim(r),
+            OwnedResponse::KeysQuery(r) => IncomingResponse::KeysQuery(r),
+            OwnedResponse::KeysUpload(r) => IncomingResponse::KeysUpload(r),
+            OwnedResponse::ToDevice(r) => IncomingResponse::ToDevice(r),
+            OwnedResponse::SignatureUpload(r) => IncomingResponse::SignatureUpload(r),
+            OwnedResponse::KeysBackup(r) => IncomingResponse::KeysBackup(r),
+            OwnedResponse::RoomMessage(r) => IncomingResponse::RoomMessage(r),
+        }
+    }
+}

bindings/matrix-sdk-crypto-ffi/src/users.rs

@@ -0,0 +1,60 @@
+use matrix_sdk_crypto::{types::CrossSigningKey, UserIdentities};
+
+use crate::CryptoStoreError;
+
+/// Enum representing cross signing identities of our own user or some other
+/// user.
+pub enum UserIdentity {
+    /// Our own user identity.
+    Own {
+        /// The unique id of our own user.
+        user_id: String,
+        /// Does our own user identity trust our own device.
+        trusts_our_own_device: bool,
+        /// The public master key of our identity.
+        master_key: String,
+        /// The public user-signing key of our identity.
+        user_signing_key: String,
+        /// The public self-signing key of our identity.
+        self_signing_key: String,
+    },
+    /// The user identity of other users.
+    Other {
+        /// The unique id of the user.
+        user_id: String,
+        /// The public master key of the identity.
+        master_key: String,
+        /// The public self-signing key of our identity.
+        self_signing_key: String,
+    },
+}
+
+impl UserIdentity {
+    pub(crate) async fn from_rust(i: UserIdentities) -> Result<Self, CryptoStoreError> {
+        Ok(match i {
+            UserIdentities::Own(i) => {
+                let master: CrossSigningKey = i.master_key().as_ref().to_owned();
+                let user_signing: CrossSigningKey = i.user_signing_key().as_ref().to_owned();
+                let self_signing: CrossSigningKey = i.self_signing_key().as_ref().to_owned();
+
+                UserIdentity::Own {
+                    user_id: i.user_id().to_string(),
+                    trusts_our_own_device: i.trusts_our_own_device().await?,
+                    master_key: serde_json::to_string(&master)?,
+                    user_signing_key: serde_json::to_string(&user_signing)?,
+                    self_signing_key: serde_json::to_string(&self_signing)?,
+                }
+            }
+            UserIdentities::Other(i) => {
+                let master: CrossSigningKey = i.master_key().as_ref().to_owned();
+                let self_signing: CrossSigningKey = i.self_signing_key().as_ref().to_owned();
+
+                UserIdentity::Other {
+                    user_id: i.user_id().to_string(),
+                    master_key: serde_json::to_string(&master)?,
+                    self_signing_key: serde_json::to_string(&self_signing)?,
+                }
+            }
+        })
+    }
+}

bindings/matrix-sdk-crypto-ffi/src/verification.rs

@@ -0,0 +1,232 @@
+use matrix_sdk_crypto::{
+    CancelInfo as RustCancelInfo, QrVerification as InnerQr, Sas as InnerSas,
+    VerificationRequest as InnerVerificationRequest,
+};
+
+use crate::{OutgoingVerificationRequest, SignatureUploadRequest};
+
+/// Enum representing the different verification flows we support.
+pub enum Verification {
+    /// The `m.sas.v1` verification flow.
+    SasV1 {
+        #[allow(missing_docs)]
+        sas: Sas,
+    },
+    /// The `m.qr_code.scan.v1`, `m.qr_code.show.v1`, and `m.reciprocate.v1`
+    /// verification flow.
+    QrCodeV1 {
+        #[allow(missing_docs)]
+        qrcode: QrCode,
+    },
+}
+
+/// The `m.sas.v1` verification flow.
+pub struct Sas {
+    /// The other user that is participating in the verification flow
+    pub other_user_id: String,
+    /// The other user's device that is participating in the verification flow
+    pub other_device_id: String,
+    /// The unique ID of this verification flow, will be a random string for
+    /// to-device events or a event ID for in-room events.
+    pub flow_id: String,
+    /// The room ID where this verification is happening, will be `None` if the
+    /// verification is going through to-device messages
+    pub room_id: Option<String>,
+    /// Did we initiate the verification flow
+    pub we_started: bool,
+    /// Has the non-initiating side accepted the verification flow
+    pub has_been_accepted: bool,
+    /// Can the short auth string be presented
+    pub can_be_presented: bool,
+    /// Does the flow support the emoji representation of the short auth string
+    pub supports_emoji: bool,
+    /// Have we confirmed that the short auth strings match
+    pub have_we_confirmed: bool,
+    /// Has the verification completed successfully
+    pub is_done: bool,
+    /// Has the flow been cancelled
+    pub is_cancelled: bool,
+    /// Information about the cancellation of the flow, will be `None` if the
+    /// flow hasn't been cancelled
+    pub cancel_info: Option<CancelInfo>,
+}
+
+/// The `m.qr_code.scan.v1`, `m.qr_code.show.v1`, and `m.reciprocate.v1`
+/// verification flow.
+pub struct QrCode {
+    /// The other user that is participating in the verification flow
+    pub other_user_id: String,
+    /// The other user's device that is participating in the verification flow
+    pub other_device_id: String,
+    /// The unique ID of this verification flow, will be a random string for
+    /// to-device events or a event ID for in-room events.
+    pub flow_id: String,
+    /// The room ID where this verification is happening, will be `None` if the
+    /// verification is going through to-device messages
+    pub room_id: Option<String>,
+    /// Did we initiate the verification flow
+    pub we_started: bool,
+    /// Has the QR code been scanned by the other side
+    pub other_side_scanned: bool,
+    /// Has the scanning of the QR code been confirmed by us
+    pub has_been_confirmed: bool,
+    /// Did we scan the QR code and sent out a reciprocation
+    pub reciprocated: bool,
+    /// Has the verification completed successfully
+    pub is_done: bool,
+    /// Has the flow been cancelled
+    pub is_cancelled: bool,
+    /// Information about the cancellation of the flow, will be `None` if the
+    /// flow hasn't been cancelled
+    pub cancel_info: Option<CancelInfo>,
+}
+
+impl From<InnerQr> for QrCode {
+    fn from(qr: InnerQr) -> Self {
+        Self {
+            other_user_id: qr.other_user_id().to_string(),
+            flow_id: qr.flow_id().as_str().to_owned(),
+            is_cancelled: qr.is_cancelled(),
+            is_done: qr.is_done(),
+            cancel_info: qr.cancel_info().map(|c| c.into()),
+            reciprocated: qr.reciprocated(),
+            we_started: qr.we_started(),
+            other_side_scanned: qr.has_been_scanned(),
+            has_been_confirmed: qr.has_been_confirmed(),
+            other_device_id: qr.other_device_id().to_string(),
+            room_id: qr.room_id().map(|r| r.to_string()),
+        }
+    }
+}
+
+/// Information on why a verification flow has been cancelled and by whom.
+pub struct CancelInfo {
+    /// The textual representation of the cancel reason
+    pub reason: String,
+    /// The code describing the cancel reason
+    pub cancel_code: String,
+    /// Was the verification flow cancelled by us
+    pub cancelled_by_us: bool,
+}
+
+impl From<RustCancelInfo> for CancelInfo {
+    fn from(c: RustCancelInfo) -> Self {
+        Self {
+            reason: c.reason().to_owned(),
+            cancel_code: c.cancel_code().to_string(),
+            cancelled_by_us: c.cancelled_by_us(),
+        }
+    }
+}
+
+/// A result type for starting SAS verifications.
+pub struct StartSasResult {
+    /// The SAS verification object that got created.
+    pub sas: Sas,
+    /// The request that needs to be sent out to notify the other side that a
+    /// SAS verification should start.
+    pub request: OutgoingVerificationRequest,
+}
+
+/// A result type for scanning QR codes.
+pub struct ScanResult {
+    /// The QR code verification object that got created.
+    pub qr: QrCode,
+    /// The request that needs to be sent out to notify the other side that a
+    /// QR code verification should start.
+    pub request: OutgoingVerificationRequest,
+}
+
+impl From<InnerSas> for Sas {
+    fn from(sas: InnerSas) -> Self {
+        Self {
+            other_user_id: sas.other_user_id().to_string(),
+            other_device_id: sas.other_device_id().to_string(),
+            flow_id: sas.flow_id().as_str().to_owned(),
+            is_cancelled: sas.is_cancelled(),
+            is_done: sas.is_done(),
+            can_be_presented: sas.can_be_presented(),
+            supports_emoji: sas.supports_emoji(),
+            have_we_confirmed: sas.have_we_confirmed(),
+            we_started: sas.we_started(),
+            room_id: sas.room_id().map(|r| r.to_string()),
+            has_been_accepted: sas.has_been_accepted(),
+            cancel_info: sas.cancel_info().map(|c| c.into()),
+        }
+    }
+}
+
+/// A result type for requesting verifications.
+pub struct RequestVerificationResult {
+    /// The verification request object that got created.
+    pub verification: VerificationRequest,
+    /// The request that needs to be sent out to notify the other side that
+    /// we're requesting verification to begin.
+    pub request: OutgoingVerificationRequest,
+}
+
+/// A result type for confirming verifications.
+pub struct ConfirmVerificationResult {
+    /// The requests that needs to be sent out to notify the other side that we
+    /// confirmed the verification.
+    pub requests: Vec<OutgoingVerificationRequest>,
+    /// A request that will upload signatures of the verified device or user, if
+    /// the verification is completed and we're able to sign devices or users
+    pub signature_request: Option<SignatureUploadRequest>,
+}
+
+/// The verificatoin request object which then can transition into some concrete
+/// verification method
+pub struct VerificationRequest {
+    /// The other user that is participating in the verification flow
+    pub other_user_id: String,
+    /// The other user's device that is participating in the verification flow
+    pub other_device_id: Option<String>,
+    /// The unique ID of this verification flow, will be a random string for
+    /// to-device events or a event ID for in-room events.
+    pub flow_id: String,
+    /// The room ID where this verification is happening, will be `None` if the
+    /// verification is going through to-device messages
+    pub room_id: Option<String>,
+    /// Did we initiate the verification flow
+    pub we_started: bool,
+    /// Did both parties aggree to verification
+    pub is_ready: bool,
+    /// Did another device respond to the verification request
+    pub is_passive: bool,
+    /// Has the verification completed successfully
+    pub is_done: bool,
+    /// Has the flow been cancelled
+    pub is_cancelled: bool,
+    /// The list of verification methods that the other side advertised as
+    /// supported
+    pub their_methods: Option<Vec<String>>,
+    /// The list of verification methods that we advertised as supported
+    pub our_methods: Option<Vec<String>>,
+    /// Information about the cancellation of the flow, will be `None` if the
+    /// flow hasn't been cancelled
+    pub cancel_info: Option<CancelInfo>,
+}
+
+impl From<InnerVerificationRequest> for VerificationRequest {
+    fn from(v: InnerVerificationRequest) -> Self {
+        Self {
+            other_user_id: v.other_user().to_string(),
+            other_device_id: v.other_device_id().map(|d| d.to_string()),
+            flow_id: v.flow_id().as_str().to_owned(),
+            is_cancelled: v.is_cancelled(),
+            is_done: v.is_done(),
+            is_ready: v.is_ready(),
+            room_id: v.room_id().map(|r| r.to_string()),
+            we_started: v.we_started(),
+            is_passive: v.is_passive(),
+            cancel_info: v.cancel_info().map(|c| c.into()),
+            their_methods: v
+                .their_supported_methods()
+                .map(|v| v.into_iter().map(|m| m.to_string()).collect()),
+            our_methods: v
+                .our_supported_methods()
+                .map(|v| v.into_iter().map(|m| m.to_string()).collect()),
+        }
+    }
+}

bindings/matrix-sdk-crypto-ffi/uniffi.toml

@@ -0,0 +1,2 @@
+[bindings.swift]
+module_name = "MatrixSDKCrypto"

bindings/matrix-sdk-crypto-js/.cargo/config

@@ -0,0 +1,2 @@
+[build]
+target = "wasm32-unknown-unknown"

bindings/matrix-sdk-crypto-js/.gitignore

@@ -0,0 +1,3 @@
+/docs
+/node_modules
+/package-lock.json

bindings/matrix-sdk-crypto-js/Cargo.toml

@@ -0,0 +1,39 @@
+[package]
+authors = ["Ivan Enderlin <ivane@element.io>"]
+description = "Matrix encryption library, for JavaScript"
+edition = "2021"
+homepage = "https://github.com/matrix-org/matrix-rust-sdk"
+keywords = ["matrix", "chat", "messaging", "ruma", "nio"]
+license = "Apache-2.0"
+name = "matrix-sdk-crypto-js"
+readme = "README.md"
+repository = "https://github.com/matrix-org/matrix-rust-sdk"
+rust-version = "1.60"
+version = "0.5.0"
+
+[package.metadata.docs.rs]
+features = ["docsrs"]
+rustdoc-args = ["--cfg", "docsrs"]
+
+[package.metadata.wasm-pack.profile.release]
+wasm-opt = ['-Oz']
+
+[lib]
+crate-type = ["cdylib"]
+
+[features]
+default = []
+qrcode = ["matrix-sdk-crypto/qrcode"]
+docsrs = []
+
+[dependencies]
+matrix-sdk-common = { version = "0.5.0", path = "../../crates/matrix-sdk-common" }
+matrix-sdk-crypto = { version = "0.5.0", path = "../../crates/matrix-sdk-crypto" }
+ruma = { git = "https://github.com/ruma/ruma", rev = "96155915f", features = ["client-api-c", "js", "rand", "unstable-msc2676", "unstable-msc2677"] }
+vodozemac = { git = "https://github.com/matrix-org/vodozemac/", rev = "2404f83f7d3a3779c1f518e4d949f7da9677c3dd", features = ["js"] }
+wasm-bindgen = "0.2.80"
+wasm-bindgen-futures = "0.4.30"
+js-sys = "0.3.49"
+serde_json = "1.0.79"
+http = "0.2.6"
+anyhow = "1.0"

bindings/matrix-sdk-crypto-js/README.md

@@ -0,0 +1,55 @@
+# `matrix-sdk-crypto-js`
+
+Welcome to the [WebAssembly] + JavaScript binding for the Rust
+[`matrix-sdk-crypto`] library! WebAssembly can run anywhere, but these
+bindings are designed to run on a JavaScript host. These bindings are
+part of the [`matrix-rust-sdk`] project, which is a library
+implementation of a [Matrix] client-server.
+
+`matrix-sdk-crypto` is a no-network-IO implementation of a state
+machine, named `OlmMachine`, that handles E2EE ([End-to-End
+Encryption](https://en.wikipedia.org/wiki/End-to-end_encryption)) for
+[Matrix] clients.
+
+## Usage
+
+These WebAssembly bindings are written in [Rust]. To build them, you
+need to install the Rust compiler, see [the Install Rust
+Page](https://www.rust-lang.org/tools/install). Then, the workflow is
+pretty classical by using [npm], see [the Downloading and installing
+Node.js and npm
+Page](https://docs.npmjs.com/downloading-and-installing-node-js-and-npm).
+
+Once the Rust compiler, Node.js and npm are installed, you can run the
+following commands:
+
+```sh
+$ npm install
+$ npm run build
+$ npm run test
+```
+
+A `matrix_sdk_crypto.js`, `matrix_sdk_crypto.d.ts` and a
+`matrix_sdk_crypto_bg.wasm` files should be generated in the `pkg/`
+directory.
+
+TBD
+
+## Documentation
+
+To generate the documentation, please run the following command:
+
+```sh
+$ npm run doc
+```
+
+The documentation is generated in the `./docs` directory.
+
+
+
+[WebAssembly]: https://webassembly.org/
+[`matrix-sdk-crypto`]: https://github.com/matrix-org/matrix-rust-sdk/tree/main/crates/matrix-sdk-crypto
+[`matrix-rust-sdk`]: https://github.com/matrix-org/matrix-rust-sdk
+[Matrix]: https://matrix.org/
+[Rust]: https://www.rust-lang.org/
+[npm]: https://www.npmjs.com/

bindings/matrix-sdk-crypto-js/package.json

@@ -0,0 +1,41 @@
+{
+    "name": "@matrix-org/matrix-sdk-crypto-js",
+    "version": "0.5.0",
+    "homepage": "https://github.com/matrix-org/matrix-rust-sdk",
+    "description": "Matrix encryption library, for JavaScript",
+    "license": "Apache-2.0",
+    "collaborators": [
+        "Ivan Enderlin <ivane@element.io>"
+    ],
+    "repository": {
+        "type": "git",
+        "url": "https://github.com/matrix-org/matrix-rust-sdk"
+    },
+    "keywords": [
+        "matrix",
+        "chat",
+        "messaging",
+        "ruma",
+        "nio"
+    ],
+    "main": "matrix_sdk_crypto.js",
+    "types": "pkg/matrix_sdk_crypto.d.ts",
+    "files": [
+        "pkg/matrix_sdk_crypto_bg.wasm",
+        "pkg/matrix_sdk_crypto.js",
+        "pkg/matrix_sdk_crypto.d.ts"
+    ],
+    "devDependencies": {
+        "wasm-pack": "^0.10.2",
+        "jest": "^28.1.0",
+        "typedoc": "^0.22.17"
+    },
+    "engines": {
+        "node": ">= 10"
+    },
+    "scripts": {
+        "build": "RUSTFLAGS='-C opt-level=z' wasm-pack build --release --target nodejs --out-name matrix_sdk_crypto --out-dir ./pkg",
+        "test": "jest --verbose",
+        "doc": "typedoc --tsconfig ."
+    }
+}

bindings/matrix-sdk-crypto-js/src/encryption.rs

@@ -0,0 +1,126 @@
+//! Encryption types & siblings.
+
+use std::time::Duration;
+
+use wasm_bindgen::prelude::*;
+
+use crate::events;
+
+/// Settings for an encrypted room.
+///
+/// This determines the algorithm and rotation periods of a group
+/// session.
+#[wasm_bindgen(getter_with_clone)]
+#[derive(Debug, Clone)]
+pub struct EncryptionSettings {
+    /// The encryption algorithm that should be used in the room.
+    pub algorithm: EncryptionAlgorithm,
+
+    /// How long the session should be used before changing it,
+    /// expressed in microseconds.
+    #[wasm_bindgen(js_name = "rotationPeriod")]
+    pub rotation_period: u64,
+
+    /// How many messages should be sent before changing the session.
+    #[wasm_bindgen(js_name = "rotationPeriodMessages")]
+    pub rotation_period_messages: u64,
+
+    /// The history visibility of the room when the session was
+    /// created.
+    #[wasm_bindgen(js_name = "historyVisibility")]
+    pub history_visibility: events::HistoryVisibility,
+}
+
+impl Default for EncryptionSettings {
+    fn default() -> Self {
+        let default = matrix_sdk_crypto::olm::EncryptionSettings::default();
+
+        Self {
+            algorithm: default.algorithm.into(),
+            rotation_period: default.rotation_period.as_micros().try_into().unwrap(),
+            rotation_period_messages: default.rotation_period_msgs,
+            history_visibility: default.history_visibility.into(),
+        }
+    }
+}
+
+#[wasm_bindgen]
+impl EncryptionSettings {
+    /// Create a new `EncryptionSettings` with default values.
+    #[wasm_bindgen(constructor)]
+    pub fn new() -> EncryptionSettings {
+        Self::default()
+    }
+}
+
+impl From<&EncryptionSettings> for matrix_sdk_crypto::olm::EncryptionSettings {
+    fn from(value: &EncryptionSettings) -> Self {
+        Self {
+            algorithm: value.algorithm.clone().into(),
+            rotation_period: Duration::from_micros(value.rotation_period),
+            rotation_period_msgs: value.rotation_period_messages,
+            history_visibility: value.history_visibility.clone().into(),
+        }
+    }
+}
+
+/// An encryption algorithm to be used to encrypt messages sent to a
+/// room.
+#[wasm_bindgen]
+#[derive(Debug, Clone)]
+pub enum EncryptionAlgorithm {
+    /// Olm version 1 using Curve25519, AES-256, and SHA-256.
+    OlmV1Curve25519AesSha2,
+
+    /// Megolm version 1 using AES-256 and SHA-256.
+    MegolmV1AesSha2,
+}
+
+impl From<EncryptionAlgorithm> for ruma::EventEncryptionAlgorithm {
+    fn from(value: EncryptionAlgorithm) -> Self {
+        use EncryptionAlgorithm::*;
+
+        match value {
+            OlmV1Curve25519AesSha2 => Self::OlmV1Curve25519AesSha2,
+            MegolmV1AesSha2 => Self::MegolmV1AesSha2,
+        }
+    }
+}
+
+impl From<ruma::EventEncryptionAlgorithm> for EncryptionAlgorithm {
+    fn from(value: ruma::EventEncryptionAlgorithm) -> Self {
+        use ruma::EventEncryptionAlgorithm::*;
+
+        match value {
+            OlmV1Curve25519AesSha2 => Self::OlmV1Curve25519AesSha2,
+            MegolmV1AesSha2 => Self::MegolmV1AesSha2,
+            _ => unreachable!("Unknown variant"),
+        }
+    }
+}
+
+/// The verification state of the device that sent an event to us.
+#[wasm_bindgen]
+#[derive(Debug)]
+pub enum VerificationState {
+    /// The device is trusted.
+    Trusted,
+
+    /// The device is not trusted.
+    Untrusted,
+
+    /// The device is not known to us.
+    UnknownDevice,
+}
+
+impl From<&matrix_sdk_common::deserialized_responses::VerificationState> for VerificationState {
+    fn from(value: &matrix_sdk_common::deserialized_responses::VerificationState) -> Self {
+        use matrix_sdk_common::deserialized_responses::VerificationState::*;
+
+        match value {
+            Trusted => Self::Trusted,
+            Untrusted => Self::Untrusted,
+            UnknownDevice => Self::UnknownDevice,
+        }
+    }
+}

bindings/matrix-sdk-crypto-js/src/events.rs

@@ -0,0 +1,61 @@
+//! Types related to events.
+
+use ruma::events::room::history_visibility::HistoryVisibility as RumaHistoryVisibility;
+use wasm_bindgen::prelude::*;
+
+/// Who can see a room's history.
+#[wasm_bindgen]
+#[derive(Debug, Clone)]
+pub enum HistoryVisibility {
+    /// Previous events are accessible to newly joined members from
+    /// the point they were invited onwards.
+    ///
+    /// Events stop being accessible when the member's state changes
+    /// to something other than *invite* or *join*.
+    Invited,
+
+    /// Previous events are accessible to newly joined members from
+    /// the point they joined the room onwards.
+    ///
+    /// Events stop being accessible when the member's state changes
+    /// to something other than *join*.
+    Joined,
+
+    /// Previous events are always accessible to newly joined members.
+    ///
+    /// All events in the room are accessible, even those sent when
+    /// the member was not a part of the room.
+    Shared,
+
+    /// All events while this is the `HistoryVisibility` value may be
+    /// shared by any participating homeserver with anyone, regardless
+    /// of whether they have ever joined the room.
+    WorldReadable,
+}
+
+impl From<HistoryVisibility> for RumaHistoryVisibility {
+    fn from(value: HistoryVisibility) -> Self {
+        use HistoryVisibility::*;
+
+        match value {
+            Invited => Self::Invited,
+            Joined => Self::Joined,
+            Shared => Self::Shared,
+            WorldReadable => Self::WorldReadable,
+        }
+    }
+}
+
+impl From<RumaHistoryVisibility> for HistoryVisibility {
+    fn from(value: RumaHistoryVisibility) -> Self {
+        use RumaHistoryVisibility::*;
+
+        match value {
+            Invited => Self::Invited,
+            Joined => Self::Joined,
+            Shared => Self::Shared,
+            WorldReadable => Self::WorldReadable,
+            _ => unreachable!("Unknown variant"),
+        }
+    }
+}

bindings/matrix-sdk-crypto-js/src/future.rs

@@ -0,0 +1,26 @@
+use std::future::Future;
+
+use js_sys::Promise;
+use wasm_bindgen::{JsValue, UnwrapThrowExt};
+use wasm_bindgen_futures::spawn_local;
+
+pub(crate) fn future_to_promise<F, T>(future: F) -> Promise
+where
+    F: Future<Output = Result<T, anyhow::Error>> + 'static,
+    T: Into<JsValue>,
+{
+    let mut future = Some(future);
+
+    Promise::new(&mut |resolve, reject| {
+        let future = future.take().unwrap_throw();
+
+        spawn_local(async move {
+            match future.await {
+                Ok(value) => resolve.call1(&JsValue::UNDEFINED, &value.into()).unwrap_throw(),
+                Err(value) => {
+                    reject.call1(&JsValue::UNDEFINED, &value.to_string().into()).unwrap_throw()
+                }
+            };
+        });
+    })
+}

bindings/matrix-sdk-crypto-js/src/identifiers.rs

@@ -0,0 +1,175 @@
+//! Types for [Matrix](https://matrix.org/) identifiers for devices,
+//! events, keys, rooms, servers, users and URIs.
+
+use wasm_bindgen::prelude::*;
+
+/// A Matrix [user ID].
+///
+/// [user ID]: https://spec.matrix.org/v1.2/appendices/#user-identifiers
+#[wasm_bindgen]
+#[derive(Debug, Clone)]
+pub struct UserId {
+    pub(crate) inner: ruma::OwnedUserId,
+}
+
+impl From<ruma::OwnedUserId> for UserId {
+    fn from(inner: ruma::OwnedUserId) -> Self {
+        Self { inner }
+    }
+}
+
+#[wasm_bindgen]
+impl UserId {
+    /// Parse/validate and create a new `UserId`.
+    #[wasm_bindgen(constructor)]
+    pub fn new(id: &str) -> Result<UserId, JsError> {
+        Ok(Self::from(ruma::UserId::parse(id)?))
+    }
+
+    /// Returns the user's localpart.
+    #[wasm_bindgen(getter)]
+    pub fn localpart(&self) -> String {
+        self.inner.localpart().to_owned()
+    }
+
+    /// Returns the server name of the user ID.
+    #[wasm_bindgen(getter, js_name = "serverName")]
+    pub fn server_name(&self) -> ServerName {
+        ServerName { inner: self.inner.server_name().to_owned() }
+    }
+
+    /// Whether this user ID is a historical one.
+    ///
+    /// A historical user ID is one that doesn't conform to the latest
+    /// specification of the user ID grammar but is still accepted
+    /// because it was previously allowed.
+    #[wasm_bindgen(js_name = "isHistorical")]
+    pub fn is_historical(&self) -> bool {
+        self.inner.is_historical()
+    }
+
+    /// Return the user ID as a string.
+    #[wasm_bindgen(js_name = "toString")]
+    #[allow(clippy::inherent_to_string)]
+    pub fn to_string(&self) -> String {
+        self.inner.as_str().to_owned()
+    }
+}
+
+/// A Matrix key ID.
+///
+/// Device identifiers in Matrix are completely opaque character
+/// sequences. This type is provided simply for its semantic value.
+#[wasm_bindgen]
+#[derive(Debug, Clone)]
+pub struct DeviceId {
+    pub(crate) inner: ruma::OwnedDeviceId,
+}
+
+impl From<ruma::OwnedDeviceId> for DeviceId {
+    fn from(inner: ruma::OwnedDeviceId) -> Self {
+        Self { inner }
+    }
+}
+
+#[wasm_bindgen]
+impl DeviceId {
+    /// Create a new `DeviceId`.
+    #[wasm_bindgen(constructor)]
+    pub fn new(id: &str) -> DeviceId {
+        Self::from(ruma::OwnedDeviceId::from(id))
+    }
+
+    /// Return the device ID as a string.
+    #[wasm_bindgen(js_name = "toString")]
+    #[allow(clippy::inherent_to_string)]
+    pub fn to_string(&self) -> String {
+        self.inner.as_str().to_owned()
+    }
+}
+
+/// A Matrix [room ID].
+///
+/// [room ID]: https://spec.matrix.org/v1.2/appendices/#room-ids-and-event-ids
+#[wasm_bindgen]
+#[derive(Debug, Clone)]
+pub struct RoomId {
+    pub(crate) inner: ruma::OwnedRoomId,
+}
+
+impl From<ruma::OwnedRoomId> for RoomId {
+    fn from(inner: ruma::OwnedRoomId) -> Self {
+        Self { inner }
+    }
+}
+
+#[wasm_bindgen]
+impl RoomId {
+    /// Parse/validate and create a new `RoomId`.
+    #[wasm_bindgen(constructor)]
+    pub fn new(id: &str) -> Result<RoomId, JsError> {
+        Ok(Self::from(ruma::RoomId::parse(id)?))
+    }
+
+    /// Returns the user's localpart.
+    #[wasm_bindgen(getter)]
+    pub fn localpart(&self) -> String {
+        self.inner.localpart().to_owned()
+    }
+
+    /// Returns the server name of the room ID.
+    #[wasm_bindgen(getter, js_name = "serverName")]
+    pub fn server_name(&self) -> ServerName {
+        ServerName { inner: self.inner.server_name().to_owned() }
+    }
+
+    /// Return the room ID as a string.
+    #[wasm_bindgen(js_name = "toString")]
+    #[allow(clippy::inherent_to_string)]
+    pub fn to_string(&self) -> String {
+        self.inner.as_str().to_owned()
+    }
+}
+
+/// A Matrix-spec compliant [server name].
+///
+/// It consists of a host and an optional port (separated by a colon if
+/// present).
+///
+/// [server name]: https://spec.matrix.org/v1.2/appendices/#server-name
+#[wasm_bindgen]
+#[derive(Debug)]
+pub struct ServerName {
+    inner: ruma::OwnedServerName,
+}
+
+#[wasm_bindgen]
+impl ServerName {
+    /// Parse/validate and create a new `ServerName`.
+    #[wasm_bindgen(constructor)]
+    pub fn new(name: &str) -> Result<ServerName, JsError> {
+        Ok(Self { inner: ruma::ServerName::parse(name)? })
+    }
+
+    /// Returns the host of the server name.
+    ///
+    /// That is: Return the part of the server before `:<port>` or the
+    /// full server name if there is no port.
+    #[wasm_bindgen(getter)]
+    pub fn host(&self) -> String {
+        self.inner.host().to_owned()
+    }
+
+    /// Returns the port of the server name if any.
+    #[wasm_bindgen(getter)]
+    pub fn port(&self) -> Option<u16> {
+        self.inner.port()
+    }
+
+    /// Returns true if and only if the server name is an IPv4 or IPv6
+    /// address.
+    #[wasm_bindgen(js_name = "isIpLiteral")]
+    pub fn is_ip_literal(&self) -> bool {
+        self.inner.is_ip_literal()
+    }
+}

bindings/matrix-sdk-crypto-js/src/lib.rs

@@ -0,0 +1,58 @@
+// Copyright 2022 The Matrix.org Foundation C.I.C.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#![doc = include_str!("../README.md")]
+#![cfg_attr(docsrs, feature(doc_auto_cfg))]
+#![warn(missing_docs, missing_debug_implementations)]
+#![allow(clippy::drop_non_drop)] // triggered by wasm_bindgen code
+
+pub mod encryption;
+pub mod events;
+mod future;
+pub mod identifiers;
+pub mod machine;
+pub mod requests;
+pub mod responses;
+pub mod sync_events;
+
+use js_sys::{Object, Reflect};
+use wasm_bindgen::{convert::RefFromWasmAbi, prelude::*};
+
+/// A really hacky and dirty code to downcast a `JsValue` to `T:
+/// RefFromWasmAbi`, inspired by
+/// https://github.com/rustwasm/wasm-bindgen/issues/2231#issuecomment-656293288.
+///
+/// The returned value is likely to be a `wasm_bindgen::__ref::Ref<T>`.
+fn downcast<T>(value: &JsValue, classname: &str) -> Result<T::Anchor, JsError>
+where
+    T: RefFromWasmAbi<Abi = u32>,
+{
+    let constructor_name = Object::get_prototype_of(value).constructor().name();
+
+    if constructor_name == classname {
+        let pointer = Reflect::get(value, &JsValue::from_str("ptr"))
+            .map_err(|_| JsError::new("Failed to read the `JsValue` pointer"))?;
+        let pointer = pointer
+            .as_f64()
+            .ok_or_else(|| JsError::new("Failed to read the `JsValue` pointer as a `f64`"))?
+            as u32;
+
+        Ok(unsafe { T::ref_from_abi(pointer) })
+    } else {
+        Err(JsError::new(&format!(
+            "Expect an `{}` instance, received `{}` instead",
+            classname, constructor_name,
+        )))
+    }
+}

bindings/matrix-sdk-crypto-js/src/machine.rs

@@ -0,0 +1,446 @@
+//! The crypto specific Olm objects.
+
+use std::collections::BTreeMap;
+
+use js_sys::{Array, Map, Promise, Set};
+use ruma::{
+    events::room::encrypted::OriginalSyncRoomEncryptedEvent, DeviceKeyAlgorithm,
+    OwnedTransactionId, UInt,
+};
+use serde_json::Value as JsonValue;
+use wasm_bindgen::prelude::*;
+
+use crate::{
+    downcast, encryption,
+    future::future_to_promise,
+    identifiers, requests,
+    requests::OutgoingRequest,
+    responses::{self, response_from_string},
+    sync_events,
+};
+
+/// State machine implementation of the Olm/Megolm encryption protocol
+/// used for Matrix end to end encryption.
+#[wasm_bindgen]
+#[derive(Debug, Clone)]
+pub struct OlmMachine {
+    inner: matrix_sdk_crypto::OlmMachine,
+}
+
+#[wasm_bindgen]
+impl OlmMachine {
+    /// Create a new memory based `OlmMachine`.
+    ///
+    /// The created machine will keep the encryption keys only in
+    /// memory and once the objects is dropped, the keys will be lost.
+    ///
+    /// `user_id` represents the unique ID of the user that owns this
+    /// machine. `device_id` represents the unique ID of the device
+    /// that owns this machine.
+    #[wasm_bindgen(constructor)]
+    #[allow(clippy::new_ret_no_self)]
+    pub fn new(user_id: &identifiers::UserId, device_id: &identifiers::DeviceId) -> Promise {
+        let user_id = user_id.inner.clone();
+        let device_id = device_id.inner.clone();
+
+        future_to_promise(async move {
+            Ok(OlmMachine {
+                inner: matrix_sdk_crypto::OlmMachine::new(user_id.as_ref(), device_id.as_ref())
+                    .await,
+            })
+        })
+    }
+
+    /// The unique user ID that owns this `OlmMachine` instance.
+    #[wasm_bindgen(getter, js_name = "userId")]
+    pub fn user_id(&self) -> identifiers::UserId {
+        identifiers::UserId::from(self.inner.user_id().to_owned())
+    }
+
+    /// The unique device ID that identifies this `OlmMachine`.
+    #[wasm_bindgen(getter, js_name = "deviceId")]
+    pub fn device_id(&self) -> identifiers::DeviceId {
+        identifiers::DeviceId::from(self.inner.device_id().to_owned())
+    }
+
+    /// Get the public parts of our Olm identity keys.
+    #[wasm_bindgen(getter, js_name = "identityKeys")]
+    pub fn identity_keys(&self) -> IdentityKeys {
+        self.inner.identity_keys().into()
+    }
+
+    /// Get the display name of our own device.
+    #[wasm_bindgen(getter, js_name = "displayName")]
+    pub fn display_name(&self) -> Promise {
+        let me = self.inner.clone();
+
+        future_to_promise(async move { Ok(me.display_name().await?) })
+    }
+
+    /// Get all the tracked users of our own device.
+    ///
+    /// Returns a `Set<UserId>`.
+    #[wasm_bindgen(js_name = "trackedUsers")]
+    pub fn tracked_users(&self) -> Set {
+        let set = Set::new(&JsValue::UNDEFINED);
+
+        for user in self.inner.tracked_users() {
+            set.add(&identifiers::UserId::from(user).into());
+        }
+
+        set
+    }
+
+    /// Update the tracked users.
+    ///
+    /// `users` is an iterator over user IDs that should be marked for
+    /// tracking.
+    ///
+    /// This will mark users that weren't seen before for a key query
+    /// and tracking.
+    ///
+    /// If the user is already known to the Olm machine, it will not
+    /// be considered for a key query.
+    #[wasm_bindgen(js_name = "updateTrackedUsers")]
+    pub fn update_tracked_users(&self, users: &Array) -> Result<Promise, JsError> {
+        let users = users
+            .iter()
+            .map(|user| Ok(downcast::<identifiers::UserId>(&user, "UserId")?.inner.clone()))
+            .collect::<Result<Vec<ruma::OwnedUserId>, JsError>>()?;
+
+        let me = self.inner.clone();
+
+        Ok(future_to_promise(async move {
+            me.update_tracked_users(users.iter().map(AsRef::as_ref)).await;
+            Ok(JsValue::UNDEFINED)
+        }))
+    }
+
+    /// Handle to-device events and one-time key counts from a sync
+    /// response.
+    ///
+    /// This will decrypt and handle to-device events returning the
+    /// decrypted versions of them.
+    ///
+    /// To decrypt an event from the room timeline call
+    /// `decrypt_room_event`.
+    #[wasm_bindgen(js_name = "receiveSyncChanges")]
+    pub fn receive_sync_changes(
+        &self,
+        to_device_events: &str,
+        changed_devices: &sync_events::DeviceLists,
+        one_time_key_counts: &Map,
+        unused_fallback_keys: &Set,
+    ) -> Result<Promise, JsError> {
+        let to_device_events = serde_json::from_str(to_device_events)?;
+        let changed_devices = changed_devices.inner.clone();
+        let one_time_key_counts: BTreeMap<DeviceKeyAlgorithm, UInt> = one_time_key_counts
+            .entries()
+            .into_iter()
+            .filter_map(|js_value| {
+                let pair = Array::from(&js_value.ok()?);
+                let (key, value) = (
+                    DeviceKeyAlgorithm::from(pair.at(0).as_string()?),
+                    UInt::new(pair.at(1).as_f64()? as u64)?,
+                );
+
+                Some((key, value))
+            })
+            .collect();
+        let unused_fallback_keys: Option<Vec<DeviceKeyAlgorithm>> = Some(
+            unused_fallback_keys
+                .values()
+                .into_iter()
+                .filter_map(|js_value| Some(DeviceKeyAlgorithm::from(js_value.ok()?.as_string()?)))
+                .collect(),
+        );
+
+        let me = self.inner.clone();
+
+        Ok(future_to_promise(async move {
+            Ok(serde_json::to_string(
+                &me.receive_sync_changes(
+                    to_device_events,
+                    &changed_devices,
+                    &one_time_key_counts,
+                    unused_fallback_keys.as_deref(),
+                )
+                .await?,
+            )?)
+        }))
+    }
+
+    /// Get the outgoing requests that need to be sent out.
+    ///
+    /// This returns a list of `JsValue` to represent either:
+    ///   * `KeysUploadRequest`,
+    ///   * `KeysQueryRequest`,
+    ///   * `KeysClaimRequest`,
+    ///   * `ToDeviceRequest`,
+    ///   * `SignatureUploadRequest`,
+    ///   * `RoomMessageRequest` or
+    ///   * `KeysBackupRequest`.
+    ///
+    /// Those requests need to be sent out to the server and the
+    /// responses need to be passed back to the state machine using
+    /// `mark_request_as_sent`.
+    #[wasm_bindgen(js_name = "outgoingRequests")]
+    pub fn outgoing_requests(&self) -> Promise {
+        let me = self.inner.clone();
+
+        future_to_promise(async move {
+            Ok(me
+                .outgoing_requests()
+                .await?
+                .into_iter()
+                .map(OutgoingRequest)
+                .map(TryFrom::try_from)
+                .collect::<Result<Vec<JsValue>, _>>()?
+                .into_iter()
+                .collect::<Array>())
+        })
+    }
+
+    /// Mark the request with the given request ID as sent (see
+    /// `outgoing_requests`).
+    ///
+    /// Arguments are:
+    ///
+    /// * `request_id` represents the unique ID of the request that was sent
+    ///   out. This is needed to couple the response with the now sent out
+    ///   request.
+    /// * `response_type` represents the type of the request that was sent out.
+    /// * `response` represents the response that was received from the server
+    ///   after the outgoing request was sent out.
+    #[wasm_bindgen(js_name = "markRequestAsSent")]
+    pub fn mark_request_as_sent(
+        &self,
+        request_id: &str,
+        request_type: requests::RequestType,
+        response: &str,
+    ) -> Result<Promise, JsError> {
+        let transaction_id = OwnedTransactionId::from(request_id);
+        let response = response_from_string(response)?;
+        let incoming_response = responses::OwnedResponse::try_from((request_type, response))?;
+
+        let me = self.inner.clone();
+
+        Ok(future_to_promise(async move {
+            Ok(me.mark_request_as_sent(&transaction_id, &incoming_response).await.map(|_| true)?)
+        }))
+    }
+
+    /// Encrypt a room message for the given room.
+    ///
+    /// Beware that a room key needs to be shared before this
+    /// method can be called using the `share_room_key` method.
+    ///
+    /// `room_id` is the ID of the room for which the message should
+    /// be encrypted. `event_type` is the type of the event. `content`
+    /// is the plaintext content of the message that should be
+    /// encrypted.
+    ///
+    /// # Panics
+    ///
+    /// Panics if a group session for the given room wasn't shared
+    /// beforehand.
+    #[wasm_bindgen(js_name = "encryptRoomEvent")]
+    pub fn encrypt_room_event(
+        &self,
+        room_id: &identifiers::RoomId,
+        event_type: String,
+        content: &str,
+    ) -> Result<Promise, JsError> {
+        let room_id = room_id.inner.clone();
+        let content: JsonValue = serde_json::from_str(content)?;
+        let me = self.inner.clone();
+
+        Ok(future_to_promise(async move {
+            Ok(serde_json::to_string(
+                &me.encrypt_room_event_raw(&room_id, content, event_type.as_ref()).await?,
+            )?)
+        }))
+    }
+
+    /// Decrypt an event from a room timeline.
+    ///
+    /// # Arguments
+    ///
+    /// * `event`, the event that should be decrypted.
+    /// * `room_id`, the ID of the room where the event was sent to.
+    #[wasm_bindgen(js_name = "decryptRoomEvent")]
+    pub fn decrypt_room_event(
+        &self,
+        event: &str,
+        room_id: &identifiers::RoomId,
+    ) -> Result<Promise, JsError> {
+        let event: OriginalSyncRoomEncryptedEvent = serde_json::from_str(event)?;
+        let room_id = room_id.inner.clone();
+        let me = self.inner.clone();
+
+        Ok(future_to_promise(async move {
+            let room_event = me.decrypt_room_event(&event, room_id.as_ref()).await?;
+
+            Ok(responses::DecryptedRoomEvent::from(room_event))
+        }))
+    }
+
+    /// Invalidate the currently active outbound group session for the
+    /// given room.
+    ///
+    /// Returns true if a session was invalidated, false if there was
+    /// no session to invalidate.
+    #[wasm_bindgen(js_name = "invalidateGroupSession")]
+    pub fn invalidate_group_session(&self, room_id: &identifiers::RoomId) -> Promise {
+        let room_id = room_id.inner.clone();
+        let me = self.inner.clone();
+
+        future_to_promise(async move { Ok(me.invalidate_group_session(&room_id).await?) })
+    }
+
+    /// Get to-device requests to share a room key with users in a room.
+    ///
+    /// `room_id` is the room ID. `users` is an array of `UserId`
+    /// objects. `encryption_settings` are an `EncryptionSettings`
+    /// object.
+    #[wasm_bindgen(js_name = "shareRoomKey")]
+    pub fn share_room_key(
+        &self,
+        room_id: &identifiers::RoomId,
+        users: &Array,
+        encryption_settings: &encryption::EncryptionSettings,
+    ) -> Result<Promise, JsError> {
+        let room_id = room_id.inner.clone();
+        let users = users
+            .iter()
+            .map(|user| Ok(downcast::<identifiers::UserId>(&user, "UserId")?.inner.clone()))
+            .collect::<Result<Vec<ruma::OwnedUserId>, JsError>>()?;
+        let encryption_settings =
+            matrix_sdk_crypto::olm::EncryptionSettings::from(encryption_settings);
+
+        let me = self.inner.clone();
+
+        Ok(future_to_promise(async move {
+            Ok(serde_json::to_string(
+                &me.share_room_key(&room_id, users.iter().map(AsRef::as_ref), encryption_settings)
+                    .await?,
+            )?)
+        }))
+    }
+
+    /// Get the a key claiming request for the user/device pairs that
+    /// we are missing Olm sessions for.
+    ///
+    /// Returns `NULL` if no key claiming request needs to be sent
+    /// out, otherwise it returns an `Array` where the first key is
+    /// the transaction ID as a string, and the second key is the keys
+    /// claim request serialized to JSON.
+    ///
+    /// Sessions need to be established between devices so group
+    /// sessions for a room can be shared with them.
+    ///
+    /// This should be called every time a group session needs to be
+    /// shared as well as between sync calls. After a sync some
+    /// devices may request room keys without us having a valid Olm
+    /// session with them, making it impossible to server the room key
+    /// request, thus it’s necessary to check for missing sessions
+    /// between sync as well.
+    ///
+    /// Note: Care should be taken that only one such request at a
+    /// time is in flight, e.g. using a lock.
+    ///
+    /// The response of a successful key claiming requests needs to be
+    /// passed to the `OlmMachine` with the `mark_request_as_sent`.
+    ///
+    /// `users` represents the list of users that we should check if
+    /// we lack a session with one of their devices. This can be an
+    /// empty iterator when calling this method between sync requests.
+    #[wasm_bindgen(js_name = "getMissingSessions")]
+    pub fn get_missing_sessions(&self, users: &Array) -> Result<Promise, JsError> {
+        let users = users
+            .iter()
+            .map(|user| Ok(downcast::<identifiers::UserId>(&user, "UserId")?.inner.clone()))
+            .collect::<Result<Vec<ruma::OwnedUserId>, JsError>>()?;
+
+        let me = self.inner.clone();
+
+        Ok(future_to_promise(async move {
+            match me.get_missing_sessions(users.iter().map(AsRef::as_ref)).await? {
+                Some((transaction_id, keys_claim_request)) => {
+                    Ok(JsValue::from(requests::KeysClaimRequest::try_from((
+                        transaction_id.to_string(),
+                        &keys_claim_request,
+                    ))?))
+                }
+
+                None => Ok(JsValue::NULL),
+            }
+        }))
+    }
+}
+
+/// An Ed25519 public key, used to verify digital signatures.
+#[wasm_bindgen]
+#[derive(Debug, Clone)]
+pub struct Ed25519PublicKey {
+    inner: vodozemac::Ed25519PublicKey,
+}
+
+#[wasm_bindgen]
+impl Ed25519PublicKey {
+    /// The number of bytes an Ed25519 public key has.
+    #[wasm_bindgen(getter)]
+    pub fn length(&self) -> usize {
+        vodozemac::Ed25519PublicKey::LENGTH
+    }
+
+    /// Serialize an Ed25519 public key to an unpadded base64
+    /// representation.
+    #[wasm_bindgen(js_name = "toBase64")]
+    pub fn to_base64(&self) -> String {
+        self.inner.to_base64()
+    }
+}
+
+/// A Curve25519 public key.
+#[wasm_bindgen]
+#[derive(Debug, Clone)]
+pub struct Curve25519PublicKey {
+    inner: vodozemac::Curve25519PublicKey,
+}
+
+#[wasm_bindgen]
+impl Curve25519PublicKey {
+    /// The number of bytes a Curve25519 public key has.
+    #[wasm_bindgen(getter)]
+    pub fn length(&self) -> usize {
+        vodozemac::Curve25519PublicKey::LENGTH
+    }
+
+    /// Serialize an Curve25519 public key to an unpadded base64
+    /// representation.
+    #[wasm_bindgen(js_name = "toBase64")]
+    pub fn to_base64(&self) -> String {
+        self.inner.to_base64()
+    }
+}
+
+/// Struct holding the two public identity keys of an account.
+#[wasm_bindgen(getter_with_clone)]
+#[derive(Debug)]
+pub struct IdentityKeys {
+    /// The Ed25519 public key, used for signing.
+    pub ed25519: Ed25519PublicKey,
+
+    /// The Curve25519 public key, used for establish shared secrets.
+    pub curve25519: Curve25519PublicKey,
+}
+
+impl From<matrix_sdk_crypto::olm::IdentityKeys> for IdentityKeys {
+    fn from(value: matrix_sdk_crypto::olm::IdentityKeys) -> Self {
+        Self {
+            ed25519: Ed25519PublicKey { inner: value.ed25519 },
+            curve25519: Curve25519PublicKey { inner: value.curve25519 },
+        }
+    }
+}

bindings/matrix-sdk-crypto-js/src/requests.rs

@@ -0,0 +1,372 @@
+//! Types to handle requests.
+
+use js_sys::JsString;
+use matrix_sdk_crypto::{
+    requests::{
+        KeysBackupRequest as RumaKeysBackupRequest, KeysQueryRequest as RumaKeysQueryRequest,
+        RoomMessageRequest as RumaRoomMessageRequest, ToDeviceRequest as RumaToDeviceRequest,
+    },
+    OutgoingRequests,
+};
+use ruma::api::client::keys::{
+    claim_keys::v3::Request as RumaKeysClaimRequest,
+    upload_keys::v3::Request as RumaKeysUploadRequest,
+    upload_signatures::v3::Request as RumaSignatureUploadRequest,
+};
+use wasm_bindgen::prelude::*;
+
+/// Data for a request to the `/keys/upload` API endpoint
+/// ([specification]).
+///
+/// Publishes end-to-end encryption keys for the device.
+///
+/// [specification]: https://spec.matrix.org/unstable/client-server-api/#post_matrixclientv3keysupload
+#[derive(Debug)]
+#[wasm_bindgen(getter_with_clone)]
+pub struct KeysUploadRequest {
+    /// The request ID.
+    #[wasm_bindgen(readonly)]
+    pub id: JsString,
+
+    /// A JSON-encoded object of form:
+    ///
+    /// ```json
+    /// {"device_keys": …, "one_time_keys": …, "fallback_keys": …}
+    /// ```
+    #[wasm_bindgen(readonly)]
+    pub body: JsString,
+}
+
+#[wasm_bindgen]
+impl KeysUploadRequest {
+    /// Create a new `KeysUploadRequest`.
+    #[wasm_bindgen(constructor)]
+    pub fn new(id: JsString, body: JsString) -> KeysUploadRequest {
+        Self { id, body }
+    }
+
+    /// Get its request type.
+    #[wasm_bindgen(getter, js_name = "type")]
+    pub fn request_type(&self) -> RequestType {
+        RequestType::KeysUpload
+    }
+}
+
+/// Data for a request to the `/keys/query` API endpoint
+/// ([specification]).
+///
+/// Returns the current devices and identity keys for the given users.
+///
+/// [specification]: https://spec.matrix.org/unstable/client-server-api/#post_matrixclientv3keysquery
+#[derive(Debug)]
+#[wasm_bindgen(getter_with_clone)]
+pub struct KeysQueryRequest {
+    /// The request ID.
+    #[wasm_bindgen(readonly)]
+    pub id: JsString,
+
+    /// A JSON-encoded object of form:
+    ///
+    /// ```json
+    /// {"timeout": …, "device_keys": …, "token": …}
+    /// ```
+    #[wasm_bindgen(readonly)]
+    pub body: JsString,
+}
+
+#[wasm_bindgen]
+impl KeysQueryRequest {
+    /// Create a new `KeysQueryRequest`.
+    #[wasm_bindgen(constructor)]
+    pub fn new(id: JsString, body: JsString) -> KeysQueryRequest {
+        Self { id, body }
+    }
+
+    /// Get its request type.
+    #[wasm_bindgen(getter, js_name = "type")]
+    pub fn request_type(&self) -> RequestType {
+        RequestType::KeysQuery
+    }
+}
+
+/// Data for a request to the `/keys/claim` API endpoint
+/// ([specification]).
+///
+/// Claims one-time keys that can be used to establish 1-to-1 E2EE
+/// sessions.
+///
+/// [specification]: https://spec.matrix.org/unstable/client-server-api/#post_matrixclientv3keysclaim
+#[derive(Debug)]
+#[wasm_bindgen(getter_with_clone)]
+pub struct KeysClaimRequest {
+    /// The request ID.
+    #[wasm_bindgen(readonly)]
+    pub id: JsString,
+
+    /// A JSON-encoded object of form:
+    ///
+    /// ```json
+    /// {"timeout": …, "one_time_keys": …}
+    /// ```
+    #[wasm_bindgen(readonly)]
+    pub body: JsString,
+}
+
+#[wasm_bindgen]
+impl KeysClaimRequest {
+    /// Create a new `KeysClaimRequest`.
+    #[wasm_bindgen(constructor)]
+    pub fn new(id: JsString, body: JsString) -> KeysClaimRequest {
+        Self { id, body }
+    }
+
+    /// Get its request type.
+    #[wasm_bindgen(getter, js_name = "type")]
+    pub fn request_type(&self) -> RequestType {
+        RequestType::KeysClaim
+    }
+}
+
+/// Data for a request to the `/sendToDevice` API endpoint
+/// ([specification]).
+///
+/// Send an event to a single device or to a group of devices.
+///
+/// [specification]: https://spec.matrix.org/unstable/client-server-api/#put_matrixclientv3sendtodeviceeventtypetxnid
+#[derive(Debug)]
+#[wasm_bindgen(getter_with_clone)]
+pub struct ToDeviceRequest {
+    /// The request ID.
+    #[wasm_bindgen(readonly)]
+    pub id: JsString,
+
+    /// A JSON-encoded object of form:
+    ///
+    /// ```json
+    /// {"event_type": …, "txn_id": …, "messages": …}
+    /// ```
+    #[wasm_bindgen(readonly)]
+    pub body: JsString,
+}
+
+#[wasm_bindgen]
+impl ToDeviceRequest {
+    /// Create a new `ToDeviceRequest`.
+    #[wasm_bindgen(constructor)]
+    pub fn new(id: JsString, body: JsString) -> ToDeviceRequest {
+        Self { id, body }
+    }
+
+    /// Get its request type.
+    #[wasm_bindgen(getter, js_name = "type")]
+    pub fn request_type(&self) -> RequestType {
+        RequestType::ToDevice
+    }
+}
+
+/// Data for a request to the `/keys/signatures/upload` API endpoint
+/// ([specification]).
+///
+/// Publishes cross-signing signatures for the user.
+///
+/// [specification]: https://spec.matrix.org/unstable/client-server-api/#post_matrixclientv3keyssignaturesupload
+#[derive(Debug)]
+#[wasm_bindgen(getter_with_clone)]
+pub struct SignatureUploadRequest {
+    /// The request ID.
+    #[wasm_bindgen(readonly)]
+    pub id: JsString,
+
+    /// A JSON-encoded object of form:
+    ///
+    /// ```json
+    /// {"signed_keys": …, "txn_id": …, "messages": …}
+    /// ```
+    #[wasm_bindgen(readonly)]
+    pub body: JsString,
+}
+
+#[wasm_bindgen]
+impl SignatureUploadRequest {
+    /// Create a new `SignatureUploadRequest`.
+    #[wasm_bindgen(constructor)]
+    pub fn new(id: JsString, body: JsString) -> SignatureUploadRequest {
+        Self { id, body }
+    }
+
+    /// Get its request type.
+    #[wasm_bindgen(getter, js_name = "type")]
+    pub fn request_type(&self) -> RequestType {
+        RequestType::SignatureUpload
+    }
+}
+
+/// A customized owned request type for sending out room messages
+/// ([specification]).
+///
+/// [specification]: https://spec.matrix.org/unstable/client-server-api/#put_matrixclientv3roomsroomidsendeventtypetxnid
+#[derive(Debug)]
+#[wasm_bindgen(getter_with_clone)]
+pub struct RoomMessageRequest {
+    /// The request ID.
+    #[wasm_bindgen(readonly)]
+    pub id: JsString,
+
+    /// A JSON-encoded object of form:
+    ///
+    /// ```json
+    /// {"room_id": …, "txn_id": …, "content": …}
+    /// ```
+    #[wasm_bindgen(readonly)]
+    pub body: JsString,
+}
+
+#[wasm_bindgen]
+impl RoomMessageRequest {
+    /// Create a new `RoomMessageRequest`.
+    #[wasm_bindgen(constructor)]
+    pub fn new(id: JsString, body: JsString) -> RoomMessageRequest {
+        Self { id, body }
+    }
+
+    /// Get its request type.
+    #[wasm_bindgen(getter, js_name = "type")]
+    pub fn request_type(&self) -> RequestType {
+        RequestType::RoomMessage
+    }
+}
+
+/// A request that will back up a batch of room keys to the server
+/// ([specification]).
+///
+/// [specification]: https://spec.matrix.org/unstable/client-server-api/#put_matrixclientv3room_keyskeys
+#[derive(Debug)]
+#[wasm_bindgen(getter_with_clone)]
+pub struct KeysBackupRequest {
+    /// The request ID.
+    #[wasm_bindgen(readonly)]
+    pub id: JsString,
+
+    /// A JSON-encoded object of form:
+    ///
+    /// ```json
+    /// {"rooms": …}
+    /// ```
+    #[wasm_bindgen(readonly)]
+    pub body: JsString,
+}
+
+#[wasm_bindgen]
+impl KeysBackupRequest {
+    /// Create a new `KeysBackupRequest`.
+    #[wasm_bindgen(constructor)]
+    pub fn new(id: JsString, body: JsString) -> KeysBackupRequest {
+        Self { id, body }
+    }
+
+    /// Get its request type.
+    #[wasm_bindgen(getter, js_name = "type")]
+    pub fn request_type(&self) -> RequestType {
+        RequestType::KeysBackup
+    }
+}
+
+macro_rules! request {
+    ($request:ident from $ruma_request:ident maps fields $( $field:ident ),+ $(,)? ) => {
+        impl TryFrom<(String, &$ruma_request)> for $request {
+            type Error = serde_json::Error;
+
+            fn try_from(
+                (request_id, request): (String, &$ruma_request),
+            ) -> Result<Self, Self::Error> {
+                let mut map = serde_json::Map::new();
+                $(
+                    map.insert(stringify!($field).to_owned(), serde_json::to_value(&request.$field).unwrap());
+                )+
+                let value = serde_json::Value::Object(map);
+
+                Ok($request {
+                    id: request_id.into(),
+                    body: serde_json::to_string(&value)?.into(),
+                })
+            }
+        }
+    };
+}
+
+request!(KeysUploadRequest from RumaKeysUploadRequest maps fields device_keys, one_time_keys, fallback_keys);
+request!(KeysQueryRequest from RumaKeysQueryRequest maps fields timeout, device_keys, token);
+request!(KeysClaimRequest from RumaKeysClaimRequest maps fields timeout, one_time_keys);
+request!(ToDeviceRequest from RumaToDeviceRequest maps fields event_type, txn_id, messages);
+request!(SignatureUploadRequest from RumaSignatureUploadRequest maps fields signed_keys);
+request!(RoomMessageRequest from RumaRoomMessageRequest maps fields room_id, txn_id, content);
+request!(KeysBackupRequest from RumaKeysBackupRequest maps fields rooms);
+
+// JavaScript has no complex enums like Rust. To return structs of
+// different types, we have no choice that hiding everything behind a
+// `JsValue`.
+pub(crate) struct OutgoingRequest(pub(crate) matrix_sdk_crypto::OutgoingRequest);
+
+impl TryFrom<OutgoingRequest> for JsValue {
+    type Error = serde_json::Error;
+
+    fn try_from(outgoing_request: OutgoingRequest) -> Result<Self, Self::Error> {
+        let request_id = outgoing_request.0.request_id().to_string();
+
+        Ok(match outgoing_request.0.request() {
+            OutgoingRequests::KeysUpload(request) => {
+                JsValue::from(KeysUploadRequest::try_from((request_id, request))?)
+            }
+
+            OutgoingRequests::KeysQuery(request) => {
+                JsValue::from(KeysQueryRequest::try_from((request_id, request))?)
+            }
+
+            OutgoingRequests::KeysClaim(request) => {
+                JsValue::from(KeysClaimRequest::try_from((request_id, request))?)
+            }
+
+            OutgoingRequests::ToDeviceRequest(request) => {
+                JsValue::from(ToDeviceRequest::try_from((request_id, request))?)
+            }
+
+            OutgoingRequests::SignatureUpload(request) => {
+                JsValue::from(SignatureUploadRequest::try_from((request_id, request))?)
+            }
+
+            OutgoingRequests::RoomMessage(request) => {
+                JsValue::from(RoomMessageRequest::try_from((request_id, request))?)
+            }
+
+            OutgoingRequests::KeysBackup(request) => {
+                JsValue::from(KeysBackupRequest::try_from((request_id, request))?)
+            }
+        })
+    }
+}
+
+/// Represent the type of a request.
+#[wasm_bindgen]
+#[derive(Debug)]
+pub enum RequestType {
+    /// Represents a `KeysUploadRequest`.
+    KeysUpload,
+
+    /// Represents a `KeysQueryRequest`.
+    KeysQuery,
+
+    /// Represents a `KeysClaimRequest`.
+    KeysClaim,
+
+    /// Represents a `ToDeviceRequest`.
+    ToDevice,
+
+    /// Represents a `SignatureUploadRequest`.
+    SignatureUpload,
+
+    /// Represents a `RoomMessageRequest`.
+    RoomMessage,
+
+    /// Represents a `KeysBackupRequest`.
+    KeysBackup,
+}

bindings/matrix-sdk-crypto-js/src/responses.rs

@@ -0,0 +1,210 @@
+//! Types related to responses.
+
+use std::borrow::Borrow;
+
+use js_sys::{Array, JsString};
+use matrix_sdk_common::deserialized_responses::{AlgorithmInfo, EncryptionInfo};
+use matrix_sdk_crypto::IncomingResponse;
+pub(crate) use ruma::api::client::{
+    backup::add_backup_keys::v3::Response as KeysBackupResponse,
+    keys::{
+        claim_keys::v3::Response as KeysClaimResponse, get_keys::v3::Response as KeysQueryResponse,
+        upload_keys::v3::Response as KeysUploadResponse,
+        upload_signatures::v3::Response as SignatureUploadResponse,
+    },
+    message::send_message_event::v3::Response as RoomMessageResponse,
+    to_device::send_event_to_device::v3::Response as ToDeviceResponse,
+};
+use ruma::api::IncomingResponse as RumaIncomingResponse;
+use wasm_bindgen::prelude::*;
+
+use crate::{encryption, identifiers, requests::RequestType};
+
+pub(crate) fn response_from_string(body: &str) -> http::Result<http::Response<Vec<u8>>> {
+    http::Response::builder().status(200).body(body.as_bytes().to_vec())
+}
+
+/// Intermediate private type to store an incoming owned response,
+/// without the need to manage lifetime.
+pub(crate) enum OwnedResponse {
+    KeysUpload(KeysUploadResponse),
+    KeysQuery(KeysQueryResponse),
+    KeysClaim(KeysClaimResponse),
+    ToDevice(ToDeviceResponse),
+    SignatureUpload(SignatureUploadResponse),
+    RoomMessage(RoomMessageResponse),
+    KeysBackup(KeysBackupResponse),
+}
+
+impl From<KeysUploadResponse> for OwnedResponse {
+    fn from(response: KeysUploadResponse) -> Self {
+        OwnedResponse::KeysUpload(response)
+    }
+}
+
+impl From<KeysQueryResponse> for OwnedResponse {
+    fn from(response: KeysQueryResponse) -> Self {
+        OwnedResponse::KeysQuery(response)
+    }
+}
+
+impl From<KeysClaimResponse> for OwnedResponse {
+    fn from(response: KeysClaimResponse) -> Self {
+        OwnedResponse::KeysClaim(response)
+    }
+}
+
+impl From<ToDeviceResponse> for OwnedResponse {
+    fn from(response: ToDeviceResponse) -> Self {
+        OwnedResponse::ToDevice(response)
+    }
+}
+
+impl From<SignatureUploadResponse> for OwnedResponse {
+    fn from(response: SignatureUploadResponse) -> Self {
+        Self::SignatureUpload(response)
+    }
+}
+
+impl From<RoomMessageResponse> for OwnedResponse {
+    fn from(response: RoomMessageResponse) -> Self {
+        OwnedResponse::RoomMessage(response)
+    }
+}
+
+impl From<KeysBackupResponse> for OwnedResponse {
+    fn from(r: KeysBackupResponse) -> Self {
+        Self::KeysBackup(r)
+    }
+}
+
+impl TryFrom<(RequestType, http::Response<Vec<u8>>)> for OwnedResponse {
+    type Error = JsError;
+
+    fn try_from(
+        (request_type, response): (RequestType, http::Response<Vec<u8>>),
+    ) -> Result<Self, Self::Error> {
+        match request_type {
+            RequestType::KeysUpload => {
+                KeysUploadResponse::try_from_http_response(response).map(Into::into)
+            }
+
+            RequestType::KeysQuery => {
+                KeysQueryResponse::try_from_http_response(response).map(Into::into)
+            }
+
+            RequestType::KeysClaim => {
+                KeysClaimResponse::try_from_http_response(response).map(Into::into)
+            }
+
+            RequestType::ToDevice => {
+                ToDeviceResponse::try_from_http_response(response).map(Into::into)
+            }
+
+            RequestType::SignatureUpload => {
+                SignatureUploadResponse::try_from_http_response(response).map(Into::into)
+            }
+
+            RequestType::RoomMessage => {
+                RoomMessageResponse::try_from_http_response(response).map(Into::into)
+            }
+
+            RequestType::KeysBackup => {
+                KeysBackupResponse::try_from_http_response(response).map(Into::into)
+            }
+        }
+        .map_err(JsError::from)
+    }
+}
+
+impl<'a> From<&'a OwnedResponse> for IncomingResponse<'a> {
+    fn from(response: &'a OwnedResponse) -> Self {
+        match response {
+            OwnedResponse::KeysUpload(response) => IncomingResponse::KeysUpload(response),
+            OwnedResponse::KeysQuery(response) => IncomingResponse::KeysQuery(response),
+            OwnedResponse::KeysClaim(response) => IncomingResponse::KeysClaim(response),
+            OwnedResponse::ToDevice(response) => IncomingResponse::ToDevice(response),
+            OwnedResponse::SignatureUpload(response) => IncomingResponse::SignatureUpload(response),
+            OwnedResponse::RoomMessage(response) => IncomingResponse::RoomMessage(response),
+            OwnedResponse::KeysBackup(response) => IncomingResponse::KeysBackup(response),
+        }
+    }
+}
+
+/// A decrypted room event.
+#[wasm_bindgen(getter_with_clone)]
+#[derive(Debug)]
+pub struct DecryptedRoomEvent {
+    /// The JSON-encoded decrypted event.
+    #[wasm_bindgen(readonly)]
+    pub event: JsString,
+
+    encryption_info: Option<EncryptionInfo>,
+}
+
+#[wasm_bindgen]
+impl DecryptedRoomEvent {
+    /// The user ID of the event sender, note this is untrusted data
+    /// unless the `verification_state` is as well trusted.
+    #[wasm_bindgen(getter)]
+    pub fn sender(&self) -> Option<identifiers::UserId> {
+        Some(identifiers::UserId::from(self.encryption_info.as_ref()?.sender.clone()))
+    }
+
+    /// The device ID of the device that sent us the event, note this
+    /// is untrusted data unless `verification_state` is as well
+    /// trusted.
+    #[wasm_bindgen(getter, js_name = "senderDevice")]
+    pub fn sender_device(&self) -> Option<identifiers::DeviceId> {
+        Some(identifiers::DeviceId::from(self.encryption_info.as_ref()?.sender_device.clone()))
+    }
+
+    /// The Curve25519 key of the device that created the megolm
+    /// decryption key originally.
+    #[wasm_bindgen(getter, js_name = "senderCurve25519Key")]
+    pub fn sender_curve25519_key(&self) -> Option<JsString> {
+        Some(match &self.encryption_info.as_ref()?.algorithm_info {
+            AlgorithmInfo::MegolmV1AesSha2 { curve25519_key, .. } => curve25519_key.clone().into(),
+        })
+    }
+
+    /// The signing Ed25519 key that have created the megolm key that
+    /// was used to decrypt this session.
+    #[wasm_bindgen(getter, js_name = "senderClaimedEd25519Key")]
+    pub fn sender_claimed_ed25519_key(&self) -> Option<JsString> {
+        match &self.encryption_info.as_ref()?.algorithm_info {
+            AlgorithmInfo::MegolmV1AesSha2 { sender_claimed_keys, .. } => {
+                sender_claimed_keys.get(&ruma::DeviceKeyAlgorithm::Ed25519).cloned().map(Into::into)
+            }
+        }
+    }
+
+    /// Chain of Curve25519 keys through which this session was
+    /// forwarded, via `m.forwarded_room_key` events.
+    #[wasm_bindgen(getter, js_name = "forwardingCurve25519KeyChain")]
+    pub fn forwarding_curve25519_key_chain(&self) -> Option<Array> {
+        Some(match &self.encryption_info.as_ref()?.algorithm_info {
+            AlgorithmInfo::MegolmV1AesSha2 { forwarding_curve25519_key_chain, .. } => {
+                forwarding_curve25519_key_chain.iter().map(JsValue::from).collect()
+            }
+        })
+    }
+
+    /// The verification state of the device that sent us the event,
+    /// note this is the state of the device at the time of
+    /// decryption. It may change in the future if a device gets
+    /// verified or deleted.
+    #[wasm_bindgen(getter, js_name = "verificationState")]
+    pub fn verification_state(&self) -> Option<encryption::VerificationState> {
+        Some((self.encryption_info.as_ref()?.verification_state.borrow()).into())
+    }
+}
+
+impl From<matrix_sdk_common::deserialized_responses::RoomEvent> for DecryptedRoomEvent {
+    fn from(value: matrix_sdk_common::deserialized_responses::RoomEvent) -> Self {
+        Self {
+            event: value.event.json().get().to_owned().into(),
+            encryption_info: value.encryption_info,
+        }
+    }
+}

bindings/matrix-sdk-crypto-js/src/sync_events.rs

@@ -0,0 +1,69 @@
+//! `GET /_matrix/client/*/sync`
+
+use js_sys::Array;
+use wasm_bindgen::prelude::*;
+
+use crate::{downcast, identifiers};
+
+/// Information on E2E device updates.
+#[wasm_bindgen]
+#[derive(Debug)]
+pub struct DeviceLists {
+    pub(crate) inner: ruma::api::client::sync::sync_events::v3::DeviceLists,
+}
+
+#[wasm_bindgen]
+impl DeviceLists {
+    /// Create an empty `DeviceLists`.
+    ///
+    /// `changed` and `left` must be an array of `UserId`.
+    #[wasm_bindgen(constructor)]
+    pub fn new(changed: Option<Array>, left: Option<Array>) -> Result<DeviceLists, JsError> {
+        let mut inner = ruma::api::client::sync::sync_events::v3::DeviceLists::default();
+
+        inner.changed = changed
+            .unwrap_or_default()
+            .iter()
+            .map(|user| Ok(downcast::<identifiers::UserId>(&user, "UserId")?.inner.clone()))
+            .collect::<Result<Vec<ruma::OwnedUserId>, JsError>>()?;
+
+        inner.left = left
+            .unwrap_or_default()
+            .iter()
+            .map(|user| Ok(downcast::<identifiers::UserId>(&user, "UserId")?.inner.clone()))
+            .collect::<Result<Vec<ruma::OwnedUserId>, JsError>>()?;
+
+        Ok(Self { inner })
+    }
+
+    /// Returns true if there are no device list updates.
+    #[wasm_bindgen(js_name = "isEmpty")]
+    pub fn is_empty(&self) -> bool {
+        self.inner.is_empty()
+    }
+
+    /// List of users who have updated their device identity keys or
+    /// who now share an encrypted room with the client since the
+    /// previous sync
+    #[wasm_bindgen(getter)]
+    pub fn changed(&self) -> Array {
+        self.inner
+            .changed
+            .iter()
+            .map(|user| identifiers::UserId::from(user.clone()))
+            .map(JsValue::from)
+            .collect()
+    }
+
+    /// List of users who no longer share encrypted rooms since the
+    /// previous sync response.
+    #[wasm_bindgen(getter)]
+    pub fn left(&self) -> Array {
+        self.inner
+            .left
+            .iter()
+            .map(|user| identifiers::UserId::from(user.clone()))
+            .map(JsValue::from)
+            .collect()
+    }
+}

bindings/matrix-sdk-crypto-js/tests/encryption.test.js

@@ -0,0 +1,36 @@
+const { EncryptionAlgorithm, EncryptionSettings, HistoryVisibility, VerificationState } = require('../pkg/matrix_sdk_crypto');
+
+describe('EncryptionAlgorithm', () => {
+    test('has the correct variant values', () => {
+        expect(EncryptionAlgorithm.OlmV1Curve25519AesSha2).toStrictEqual(0);
+        expect(EncryptionAlgorithm.MegolmV1AesSha2).toStrictEqual(1);
+    });
+});
+
+describe(EncryptionSettings.name, () => {
+    test('can be instantiated with default values', () => {
+        const es = new EncryptionSettings();
+
+        expect(es.algorithm).toStrictEqual(EncryptionAlgorithm.MegolmV1AesSha2);
+        expect(es.rotationPeriod).toStrictEqual(604800000000n);
+        expect(es.rotationPeriodMessages).toStrictEqual(100n);
+        expect(es.historyVisibility).toStrictEqual(HistoryVisibility.Shared);
+    });
+
+    test('checks the history visibility values', () => {
+        const es = new EncryptionSettings();
+
+        es.historyVisibility = HistoryVisibility.Invited;
+
+        expect(es.historyVisibility).toStrictEqual(HistoryVisibility.Invited);
+        expect(() => { es.historyVisibility = 42 }).toThrow();
+    });
+});
+
+describe('VerificationState', () => {
+    test('has the correct variant values', () => {
+        expect(VerificationState.Trusted).toStrictEqual(0);
+        expect(VerificationState.Untrusted).toStrictEqual(1);
+        expect(VerificationState.UnknownDevice).toStrictEqual(2);
+    });
+});

bindings/matrix-sdk-crypto-js/tests/events.test.js

@@ -0,0 +1,10 @@
+const { HistoryVisibility } = require('../pkg/matrix_sdk_crypto');
+
+describe('HistoryVisibility', () => {
+    test('has the correct variant values', () => {
+        expect(HistoryVisibility.Invited).toStrictEqual(0);
+        expect(HistoryVisibility.Joined).toStrictEqual(1);
+        expect(HistoryVisibility.Shared).toStrictEqual(2);
+        expect(HistoryVisibility.WorldReadable).toStrictEqual(3);
+    });
+});

bindings/matrix-sdk-crypto-js/tests/identifiers.test.js

@@ -0,0 +1,72 @@
+const { UserId, DeviceId, RoomId, ServerName } = require('../pkg/matrix_sdk_crypto');
+
+describe(UserId.name, () => {
+    test('cannot be invalid', () => {
+        expect(() => { new UserId('@foobar') }).toThrow();
+    });
+
+    const user = new UserId('@foo:bar.org');
+
+    test('localpart is present', () => {
+        expect(user.localpart).toStrictEqual('foo');
+    });
+
+    test('server name is present', () => {
+        expect(user.serverName).toBeInstanceOf(ServerName);
+    });
+
+    test('user ID is not historical', () => {
+        expect(user.isHistorical()).toStrictEqual(false);
+    });
+
+    test('can read the user ID as a string', () => {
+        expect(user.toString()).toStrictEqual('@foo:bar.org');
+    })
+});
+
+describe(DeviceId.name, () => {
+    const device = new DeviceId('foo');
+
+    test('can read the device ID as a string', () => {
+        expect(device.toString()).toStrictEqual('foo');
+    })
+});
+
+describe(RoomId.name, () => {
+    test('cannot be invalid', () => {
+        expect(() => { new RoomId('!foo') }).toThrow();
+    });
+
+    const room = new RoomId('!foo:bar.org');
+
+    test('localpart is present', () => {
+        expect(room.localpart).toStrictEqual('foo');
+    });
+
+    test('server name is present', () => {
+        expect(room.serverName).toBeInstanceOf(ServerName);
+    });
+
+    test('can read the room ID as string', () => {
+        expect(room.toString()).toStrictEqual('!foo:bar.org');
+    });
+});
+
+describe(ServerName.name, () => {
+    test('cannot be invalid', () => {
+        expect(() => { new ServerName('@foobar') }).toThrow()
+    });
+
+    test('host is present', () => {
+        expect(new ServerName('foo.org').host).toStrictEqual('foo.org');
+    });
+
+    test('port can be optional', () => {
+        expect(new ServerName('foo.org').port).toStrictEqual(undefined);
+        expect(new ServerName('foo.org:1234').port).toStrictEqual(1234);
+    });
+
+    test('server is not an IP literal', () => {
+        expect(new ServerName('foo.org').isIpLiteral()).toStrictEqual(false);
+    });
+});

bindings/matrix-sdk-crypto-js/tests/machine.test.js

@@ -0,0 +1,341 @@
+const { OlmMachine, UserId, DeviceId, RoomId, DeviceLists, RequestType, KeysUploadRequest, KeysQueryRequest, KeysClaimRequest, EncryptionSettings, DecryptedRoomEvent, VerificationState } = require('../pkg/matrix_sdk_crypto');
+
+describe(OlmMachine.name, () => {
+    test('can be instantiated with the async initializer', async () => {
+        expect(await new OlmMachine(new UserId('@foo:bar.org'), new DeviceId('baz'))).toBeInstanceOf(OlmMachine);
+    });
+
+    const user = new UserId('@alice:example.org');
+    const device = new DeviceId('foobar');
+    const room = new RoomId('!baz:matrix.org');
+
+    function machine(new_user, new_device) {
+        return new OlmMachine(new_user || user, new_device || device);
+    }
+
+    test('can read user ID', async () => {
+        expect((await machine()).userId.toString()).toStrictEqual(user.toString());
+    });
+
+    test('can read device ID', async () => {
+        expect((await machine()).deviceId.toString()).toStrictEqual(device.toString());
+    });
+
+    test('can read identity keys', async () => {
+        const identityKeys = (await machine()).identityKeys;
+
+        expect(identityKeys.ed25519.toBase64()).toMatch(/^[A-Za-z0-9+/]+$/);
+        expect(identityKeys.curve25519.toBase64()).toMatch(/^[A-Za-z0-9+/]+$/);
+    });
+
+    test('can read display name', async () => {
+        expect(await machine().displayName).toBeUndefined();
+    });
+
+    test('can read tracked users', async () => {
+        const trackedUsers = (await machine()).trackedUsers();
+
+        expect(trackedUsers).toBeInstanceOf(Set);
+        expect(trackedUsers.size).toStrictEqual(0);
+    });
+
+    test('can update tracked users', async () => {
+        const m = await machine();
+
+        expect(await m.updateTrackedUsers([user])).toStrictEqual(undefined);
+    });
+
+    test('can receive sync changes', async () => {
+        const m = await machine();
+        const toDeviceEvents = JSON.stringify({});
+        const changedDevices = new DeviceLists();
+        const oneTimeKeyCounts = new Map();
+        const unusedFallbackKeys = new Set();
+
+        const receiveSyncChanges = JSON.parse(await m.receiveSyncChanges(toDeviceEvents, changedDevices, oneTimeKeyCounts, unusedFallbackKeys));
+
+        expect(receiveSyncChanges).toEqual({});
+    });
+
+    test('can get the outgoing requests that need to be send out', async () => {
+        const m = await machine();
+        const toDeviceEvents = JSON.stringify({});
+        const changedDevices = new DeviceLists();
+        const oneTimeKeyCounts = new Map();
+        const unusedFallbackKeys = new Set();
+
+        const receiveSyncChanges = JSON.parse(await m.receiveSyncChanges(toDeviceEvents, changedDevices, oneTimeKeyCounts, unusedFallbackKeys));
+
+        expect(receiveSyncChanges).toEqual({});
+
+        const outgoingRequests = await m.outgoingRequests();
+
+        expect(outgoingRequests).toHaveLength(2);
+
+        {
+            expect(outgoingRequests[0]).toBeInstanceOf(KeysUploadRequest);
+            expect(outgoingRequests[0].id).toBeDefined();
+            expect(outgoingRequests[0].type).toStrictEqual(RequestType.KeysUpload);
+
+            const body = JSON.parse(outgoingRequests[0].body);
+            expect(body.device_keys).toBeDefined();
+            expect(body.one_time_keys).toBeDefined();
+        }
+
+        {
+            expect(outgoingRequests[1]).toBeInstanceOf(KeysQueryRequest);
+            expect(outgoingRequests[1].id).toBeDefined();
+            expect(outgoingRequests[1].type).toStrictEqual(RequestType.KeysQuery);
+
+            const body = JSON.parse(outgoingRequests[1].body);
+            expect(body.timeout).toBeDefined();
+            expect(body.device_keys).toBeDefined();
+            expect(body.token).toBeDefined();
+        }
+    });
+
+    describe('setup workflow to mark requests as sent', () => {
+        let m;
+        let ougoingRequests;
+
+        beforeAll(async () => {
+            m = await machine(new UserId('@alice:example.org'), new DeviceId('DEVICEID'));
+
+            const toDeviceEvents = JSON.stringify({});
+            const changedDevices = new DeviceLists();
+            const oneTimeKeyCounts = new Map();
+            const unusedFallbackKeys = new Set();
+
+            const receiveSyncChanges = await m.receiveSyncChanges(toDeviceEvents, changedDevices, oneTimeKeyCounts, unusedFallbackKeys);
+            outgoingRequests = await m.outgoingRequests();
+
+            expect(outgoingRequests).toHaveLength(2);
+        });
+
+        test('can mark requests as sent', async () => {
+            {
+                const request = outgoingRequests[0];
+                expect(request).toBeInstanceOf(KeysUploadRequest);
+
+                // https://spec.matrix.org/v1.2/client-server-api/#post_matrixclientv3keysupload
+                const hypothetical_response = JSON.stringify({
+                    "one_time_key_counts": {
+                        "curve25519": 10,
+                        "signed_curve25519": 20
+                    }
+                });
+                const marked = await m.markRequestAsSent(request.id, request.type, hypothetical_response);
+                expect(marked).toStrictEqual(true);
+            }
+
+            {
+                const request = outgoingRequests[1];
+                expect(request).toBeInstanceOf(KeysQueryRequest);
+
+                // https://spec.matrix.org/v1.2/client-server-api/#post_matrixclientv3keysquery
+                const hypothetical_response = JSON.stringify({
+                    "device_keys": {
+                        "@alice:example.org": {
+                            "JLAFKJWSCS": {
+                                "algorithms": [
+                                    "m.olm.v1.curve25519-aes-sha2",
+                                    "m.megolm.v1.aes-sha2"
+                                ],
+                                "device_id": "JLAFKJWSCS",
+                                "keys": {
+                                    "curve25519:JLAFKJWSCS": "wjLpTLRqbqBzLs63aYaEv2Boi6cFEbbM/sSRQ2oAKk4",
+                                    "ed25519:JLAFKJWSCS": "nE6W2fCblxDcOFmeEtCHNl8/l8bXcu7GKyAswA4r3mM"
+                                },
+                                "signatures": {
+                                    "@alice:example.org": {
+                                        "ed25519:JLAFKJWSCS": "m53Wkbh2HXkc3vFApZvCrfXcX3AI51GsDHustMhKwlv3TuOJMj4wistcOTM8q2+e/Ro7rWFUb9ZfnNbwptSUBA"
+                                    }
+                                },
+                                "unsigned": {
+                                    "device_display_name": "Alice's mobile phone"
+                                },
+                                "user_id": "@alice:example.org"
+                            }
+                        }
+                    },
+                    "failures": {}
+                });
+                const marked = await m.markRequestAsSent(request.id, request.type, hypothetical_response);
+                expect(marked).toStrictEqual(true);
+            }
+        });
+    });
+
+    describe('setup workflow to encrypt/decrypt events', () => {
+        let m;
+        const user = new UserId('@alice:example.org');
+        const device = new DeviceId('JLAFKJWSCS');
+        const room = new RoomId('!test:localhost');
+
+        beforeAll(async () => {
+            m = await machine(user, device);
+        });
+        
+        test('can pass keysquery and keysclaim requests directly', async () => {
+            {
+                // derived from https://github.com/matrix-org/matrix-rust-sdk/blob/7f49618d350fab66b7e1dc4eaf64ec25ceafd658/benchmarks/benches/crypto_bench/keys_query.json
+                const hypothetical_response = JSON.stringify({
+                    "device_keys": {
+                        "@example:localhost": {
+                            "AFGUOBTZWM": {
+                                "algorithms": [
+                                    "m.olm.v1.curve25519-aes-sha2",
+                                    "m.megolm.v1.aes-sha2"
+                                ],
+                                "device_id": "AFGUOBTZWM",
+                                "keys": {
+                                    "curve25519:AFGUOBTZWM": "boYjDpaC+7NkECQEeMh5dC+I1+AfriX0VXG2UV7EUQo",
+                                    "ed25519:AFGUOBTZWM": "NayrMQ33ObqMRqz6R9GosmHdT6HQ6b/RX/3QlZ2yiec"
+                                },
+                                "signatures": {
+                                    "@example:localhost": {
+                                        "ed25519:AFGUOBTZWM": "RoSWvru1jj6fs2arnTedWsyIyBmKHMdOu7r9gDi0BZ61h9SbCK2zLXzuJ9ZFLao2VvA0yEd7CASCmDHDLYpXCA"
+                                    }
+                                },
+                                "user_id": "@example:localhost",
+                                "unsigned": {
+                                    "device_display_name": "rust-sdk"
+                                }
+                            },
+                        }
+                    },
+                    "failures": {},
+                    "master_keys": {
+                        "@example:localhost": {
+                            "user_id": "@example:localhost",
+                            "usage": [
+                                "master"
+                            ],
+                            "keys": {
+                                "ed25519:n2lpJGx0LiKnuNE1IucZP3QExrD4SeRP0veBHPe3XUU": "n2lpJGx0LiKnuNE1IucZP3QExrD4SeRP0veBHPe3XUU"
+                            },
+                            "signatures": {
+                                "@example:localhost": {
+                                    "ed25519:TCSJXPWGVS": "+j9G3L41I1fe0++wwusTTQvbboYW0yDtRWUEujhwZz4MAltjLSfJvY0hxhnz+wHHmuEXvQDen39XOpr1p29sAg"
+                                }
+                            }
+                        }
+                    },
+                    "self_signing_keys": {
+                        "@example:localhost": {
+                            "user_id": "@example:localhost",
+                            "usage": [
+                                "self_signing"
+                            ],
+                            "keys": {
+                                "ed25519:kQXOuy639Yt47mvNTdrIluoC6DMvfbZLYbxAmwiDyhI": "kQXOuy639Yt47mvNTdrIluoC6DMvfbZLYbxAmwiDyhI"
+                            },
+                            "signatures": {
+                                "@example:localhost": {
+                                    "ed25519:n2lpJGx0LiKnuNE1IucZP3QExrD4SeRP0veBHPe3XUU": "q32ifix/qyRpvmegw2BEJklwoBCAJldDNkcX+fp+lBA4Rpyqtycxge6BA4hcJdxYsy3oV0IHRuugS8rJMMFyAA"
+                                }
+                            }
+                        }
+                    },
+                    "user_signing_keys": {
+                        "@example:localhost": {
+                            "user_id": "@example:localhost",
+                            "usage": [
+                                "user_signing"
+                            ],
+                            "keys": {
+                                "ed25519:g4ED07Fnqf3GzVWNN1pZ0IFrPQVdqQf+PYoJNH4eE0s": "g4ED07Fnqf3GzVWNN1pZ0IFrPQVdqQf+PYoJNH4eE0s"
+                            },
+                            "signatures": {
+                                "@example:localhost": {
+                                    "ed25519:n2lpJGx0LiKnuNE1IucZP3QExrD4SeRP0veBHPe3XUU": "nKQu8alQKDefNbZz9luYPcNj+Z+ouQSot4fU/A23ELl1xrI06QVBku/SmDx0sIW1ytso0Cqwy1a+3PzCa1XABg"
+                                }
+                            }
+                        }
+                    }
+                });
+                const marked = await m.markRequestAsSent('foo', RequestType.KeysQuery, hypothetical_response);
+            }
+
+            {
+                // derived from https://github.com/matrix-org/matrix-rust-sdk/blob/7f49618d350fab66b7e1dc4eaf64ec25ceafd658/benchmarks/benches/crypto_bench/keys_claim.json
+                const hypothetical_response = JSON.stringify({
+                    "one_time_keys": {
+                        "@example:localhost": {
+                            "AFGUOBTZWM": {
+                                "signed_curve25519:AAAABQ": {
+                                    "key": "9IGouMnkB6c6HOd4xUsNv4i3Dulb4IS96TzDordzOws",
+                                    "signatures": {
+                                        "@example:localhost": {
+                                            "ed25519:AFGUOBTZWM": "2bvUbbmJegrV0eVP/vcJKuIWC3kud+V8+C0dZtg4dVovOSJdTP/iF36tQn2bh5+rb9xLlSeztXBdhy4c+LiOAg"
+                                        }
+                                    }
+                                }
+                            },
+                        }
+                    },
+                    "failures": {}
+                });
+                const marked = await m.markRequestAsSent('bar', RequestType.KeysClaim, hypothetical_response);
+            }
+        });
+
+        test('can share a room key', async () => {
+            const other_users = [new UserId('@example:localhost')];
+
+            const requests = JSON.parse(await m.shareRoomKey(room, other_users, new EncryptionSettings()));
+
+            expect(requests).toHaveLength(1);
+            expect(requests[0].event_type).toBeDefined();
+            expect(requests[0].txn_id).toBeDefined();
+            expect(requests[0].messages).toBeDefined();
+            expect(requests[0].messages['@example:localhost']).toBeDefined();
+        });
+
+        let encrypted;
+
+        test('can encrypt an event', async () => {
+            encrypted = JSON.parse(await m.encryptRoomEvent(
+                room,
+                'm.room.message',
+                JSON.stringify({
+                    "hello": "world"
+                }),
+            ));
+
+            expect(encrypted.algorithm).toBeDefined();
+            expect(encrypted.ciphertext).toBeDefined();
+            expect(encrypted.sender_key).toBeDefined();
+            expect(encrypted.device_id).toStrictEqual(device.toString());
+            expect(encrypted.session_id).toBeDefined();
+        });
+
+        test('can decrypt an event', async () => {
+            const decrypted = await m.decryptRoomEvent(
+                JSON.stringify({
+                    "type": "m.room.encrypted",
+                    "event_id": "$xxxxx:example.org",
+                    "origin_server_ts": Date.now(),
+                    "sender": user.toString(),
+                    content: encrypted,
+                    unsigned: {
+                        "age": 1234
+                    }
+                }),
+                room,
+            );
+
+            expect(decrypted).toBeInstanceOf(DecryptedRoomEvent);
+
+            const event = JSON.parse(decrypted.event);
+            expect(event.content.hello).toStrictEqual("world");
+
+            expect(decrypted.sender.toString()).toStrictEqual(user.toString());
+            expect(decrypted.senderDevice.toString()).toStrictEqual(device.toString());
+            expect(decrypted.senderCurve25519Key).toBeDefined();
+            expect(decrypted.senderClaimedEd25519Key).toBeDefined();
+            expect(decrypted.forwardingCurve25519KeyChain).toHaveLength(0);
+            expect(decrypted.verificationState).toStrictEqual(VerificationState.Trusted);
+        });
+    });
+});

bindings/matrix-sdk-crypto-js/tests/requests.test.js

@@ -0,0 +1,35 @@
+const { RequestType, KeysUploadRequest, KeysQueryRequest, KeysClaimRequest, ToDeviceRequest, SignatureUploadRequest, RoomMessageRequest, KeysBackupRequest } = require('../pkg/matrix_sdk_crypto');
+
+describe('RequestType', () => {
+    test('has the correct variant values', () => {
+        expect(RequestType.KeysUpload).toStrictEqual(0);
+        expect(RequestType.KeysQuery).toStrictEqual(1);
+        expect(RequestType.KeysClaim).toStrictEqual(2);
+        expect(RequestType.ToDevice).toStrictEqual(3);
+        expect(RequestType.SignatureUpload).toStrictEqual(4);
+        expect(RequestType.RoomMessage).toStrictEqual(5);
+        expect(RequestType.KeysBackup).toStrictEqual(6);
+    });
+});
+
+for (const [request, request_type] of [
+    [KeysUploadRequest, RequestType.KeysUpload],
+    [KeysQueryRequest, RequestType.KeysQuery],
+    [KeysClaimRequest, RequestType.KeysClaim],
+    [ToDeviceRequest, RequestType.ToDevice],
+    [SignatureUploadRequest, RequestType.SignatureUpload],
+    [RoomMessageRequest, RequestType.RoomMessage],
+    [KeysBackupRequest, RequestType.KeysBackup],
+]) {
+    describe(request.name, () => {
+        test('can be instantiated', () => {
+            const r = new (request)('foo', '{"bar": "baz"}');
+
+            expect(r).toBeInstanceOf(request);
+            expect(r.id).toStrictEqual('foo');
+            expect(r.body).toStrictEqual('{"bar": "baz"}');
+            expect(r.type).toStrictEqual(request_type);
+        });
+    })
+
+}

bindings/matrix-sdk-crypto-js/tests/sync_events.test.js

@@ -0,0 +1,31 @@
+const { DeviceLists, UserId } = require('../pkg/matrix_sdk_crypto');
+
+describe(DeviceLists.name, () => {
+    test('can be empty', () => {
+        const empty = new DeviceLists();
+
+        expect(empty.isEmpty()).toStrictEqual(true);
+        expect(empty.changed).toHaveLength(0);
+        expect(empty.left).toHaveLength(0);
+    });
+
+    test('can be coerced empty', () => {
+        const empty = new DeviceLists([], []);
+
+        expect(empty.isEmpty()).toStrictEqual(true);
+        expect(empty.changed).toHaveLength(0);
+        expect(empty.left).toHaveLength(0);
+    });
+
+    test('returns the correct `changed` and `left`', () => {
+        const list = new DeviceLists([new UserId('@foo:bar.org')], [new UserId('@baz:qux.org')]);
+
+        expect(list.isEmpty()).toStrictEqual(false);
+
+        expect(list.changed).toHaveLength(1);
+        expect(list.changed[0].toString()).toStrictEqual('@foo:bar.org');
+
+        expect(list.left).toHaveLength(1);
+        expect(list.left[0].toString()).toStrictEqual('@baz:qux.org');
+    });
+});

bindings/matrix-sdk-crypto-js/tsconfig.json

@@ -0,0 +1,10 @@
+{
+    "compilerOptions": {
+        "strict": true
+    },
+    "typedocOptions": {
+        "entryPoints": ["pkg/matrix_sdk_crypto.d.ts"],
+        "out": "docs",
+        "readme": "README.md",
+    }
+}

bindings/matrix-sdk-crypto-nodejs/.gitignore

@@ -0,0 +1,7 @@
+/node_modules
+/package-lock.json
+/index.js
+/index.d.ts
+/matrix-sdk-crypto.*.node
+/docs/*
+*.tgz

bindings/matrix-sdk-crypto-nodejs/.npmignore

@@ -0,0 +1,8 @@
+src/
+tests/
+Cargo.toml
+build.rs
+*.node
+*.tgz
+tsconfig.json
+cliff.toml

bindings/matrix-sdk-crypto-nodejs/CHANGELOG.md

@@ -0,0 +1,28 @@
+# Matrix-Rust-SDK Node.js Bindings
+
+## 0.1.0-beta.0 - 2022-07-21
+
+Welcome to the first release of `matrix-sdk-crypto-nodejs`. This is a
+Node.js binding for the Rust `matrix-sdk-crypto` library. This is a
+no-network-IO implementation of a state machine, named `OlmMachine`,
+that handles E2EE (End-to-End Encryption) for Matrix clients.
+
+The goal of this binding is _not_ to cover the entirety of the
+`matrix-sdk-crypto` API, but only what's required to build Matrix bots
+or Matrix bridges (i.e. to connect different networks together via the
+Matrix protocol).
+
+This project replaces and deprecates a previous project, with the same
+name and same goals, inside [the `matrix-rust-sdk-bindings`
+repository](https://github.com/matrix-org/matrix-rust-sdk-bindings),
+with the NPM package name `@turt2live/matrix-sdk-crypto-nodejs`. The
+The new official package name is
+`@matrix-org/matrix-sdk-crypto-nodejs`.
+
+Note: All bindings are now part of [the `matrix-rust-sdk`
+repository](https://github.com/matrix-org/matrix-rust-sdk) (see the
+`bindings/` root directory).
+
+[A documentation is available inside the new
+`matrix-sdk-crypto-nodejs`
+project](https://github.com/matrix-org/matrix-rust-sdk/tree/0bde5ccf38f8cda3865297a2d12ddcdaf4b80ca7/bindings/matrix-sdk-crypto-nodejs).

bindings/matrix-sdk-crypto-nodejs/Cargo.toml

@@ -0,0 +1,41 @@
+[package]
+authors = ["Ivan Enderlin <ivane@element.io>"]
+description = "Matrix encryption library, for NodeJS"
+edition = "2021"
+homepage = "https://github.com/matrix-org/matrix-rust-sdk"
+keywords = ["matrix", "chat", "messaging", "ruma", "nio"]
+license = "Apache-2.0"
+name = "matrix-sdk-crypto-nodejs"
+readme = "README.md"
+repository = "https://github.com/matrix-org/matrix-rust-sdk"
+rust-version = "1.60"
+version = "0.5.0"
+
+[package.metadata.docs.rs]
+features = ["docsrs"]
+rustdoc-args = ["--cfg", "docsrs"]
+
+[lib]
+crate-type = ["cdylib"]
+
+[features]
+default = []
+qrcode = ["matrix-sdk-crypto/qrcode"]
+docsrs = []
+tracing = ["tracing-subscriber"]
+
+[dependencies]
+matrix-sdk-crypto = { version = "0.5.0", path = "../../crates/matrix-sdk-crypto" }
+matrix-sdk-common = { version = "0.5.0", path = "../../crates/matrix-sdk-common" }
+matrix-sdk-sled = { version = "0.1.0", path = "../../crates/matrix-sdk-sled", default-features = false, features = ["crypto-store"] }
+ruma = { git = "https://github.com/ruma/ruma", rev = "96155915f", features = ["client-api-c", "rand", "unstable-msc2676", "unstable-msc2677"] }
+vodozemac = {  git = "https://github.com/matrix-org/vodozemac/", rev = "2404f83f7d3a3779c1f518e4d949f7da9677c3dd" }
+napi = { git = "https://github.com/Hywan/napi-rs", branch = "fix-napi-strict-on-t-and-ref-t", default-features = false, features = ["napi6", "tokio_rt"] }
+napi-derive = { git = "https://github.com/Hywan/napi-rs", branch = "fix-napi-strict-on-t-and-ref-t" }
+serde_json = "1.0.79"
+http = "0.2.6"
+zeroize = "1.3.0"
+tracing-subscriber = { version = "0.3", default-features = false, features = ["tracing-log", "time", "smallvec", "fmt", "env-filter"], optional = true }
+
+[build-dependencies]
+napi-build = "2.0.0"

bindings/matrix-sdk-crypto-nodejs/README.md

@@ -0,0 +1,204 @@
+# `matrix-sdk-crypto-nodejs`
+
+Welcome to the [Node.js] binding for the Rust [`matrix-sdk-crypto`]
+library! This binding is part of the [`matrix-rust-sdk`] project,
+which is a library implementation of a [Matrix] client-server.
+
+`matrix-sdk-crypto-nodejs` is a no-network-IO implementation of a
+state machine, named `OlmMachine`, that handles E2EE ([End-to-End
+Encryption](https://en.wikipedia.org/wiki/End-to-end_encryption)) for
+[Matrix] clients.
+
+## Usage
+
+Just add the latest release to your `package.json`:
+```sh
+$ npm install --save matrix-sdk-crypto
+```
+
+When installing, NPM will download the corresponding prebuilt Rust library for your current host system. The following are supported:
+
+<table>
+  <thead>
+    <tr>
+      <th>Platform</th>
+      <th>Architecture</th>
+      <th>Triple</th>
+      <th>Prebuilt available</th>
+    </tr>
+  </thead>
+  <tbody>
+    <tr>
+      <td rowspan="5">Linux</td>
+      <td rowspan="2"><code>aarch</code></td>
+      <td><code>aarch64-unknown-linux-gnu</code></td>
+      <td>✅</td>
+    </tr>
+    <tr>
+      <td><code>arm-unknown-linux-gnueabihf</code></td>
+      <td>✅</td>
+    </tr>
+    <tr>
+      <td rowspan="3"><code>amd</code></td>
+      <td><code>x86_64-unknown-linux-gnu</code></td>
+      <td>✅</td>
+    </tr>
+    <tr>
+      <td><code>x86_64-unknown-linux-musl</code></td>
+      <td>✅</td>
+    </tr>
+    <tr>
+      <td><code>i686-unknown-linux-gnu</code></td>
+      <td>✅</td>
+    </tr>
+    <tr>
+      <td rowspan="2">macOS</td>
+      <td><code>aarch</code></td>
+      <td><code>arch64-apple-darwin</code></td>
+      <td>✅</td>
+    </tr>
+    <tr>
+      <td><code>amd</code></td>
+      <td><code>x86_64-apple-darwin</code></td>
+      <td>✅</td>
+    </tr>
+    <tr>
+      <td rowspan="3">Windows</td>
+      <td><code>aarch</code></td>
+      <td><code>aarch64-pc-windows-msvc</code></td>
+      <td>✅</td>
+    </tr>
+    <tr>
+      <td rowspan="2"><code>amd</code></td>
+      <td><code>x86_64-pc-windows-msvc</code></td>
+      <td>✅</td>
+    </tr>
+    <tr>
+      <td><code>i686-pc-windows-msvc</code></td>
+      <td>✅</td>
+    </tr>
+  </tbody>
+</table>
+
+## Development
+
+This Node.js binding is written in [Rust]. To build this binding, you
+need to install the Rust compiler, see [the Install Rust
+Page](https://www.rust-lang.org/tools/install). Then, the workflow is
+pretty classical by using [npm], see [the Downloading and installing
+Node.js and npm
+Page](https://docs.npmjs.com/downloading-and-installing-node-js-and-npm).
+
+The binding is compatible with, and tested against, the Node.js
+versions that are in “current”, “active” or “maintenance” states,
+according to [the Node.js Releases
+Page](https://nodejs.org/en/about/releases/), _and_ which are
+compatible with [NAPI v6 (Node.js
+API)](https://nodejs.org/api/n-api.html#node-api-version-matrix). It
+means that this binding will work with the following versions: 14.0.0,
+16.0.0 and 18.0.0.
+
+Once the Rust compiler, Node.js and npm are installed, you can run the
+following commands:
+
+```sh
+$ npm install --ignore-scripts
+$ npm run build
+$ npm run test
+```
+
+An `index.js`, `index.d.ts` and a `*.node` files should be
+generated. At the same level of those files, you can edit a file and
+try this:
+
+```javascript
+const { OlmMachine } = require('./index.js');
+
+// Let's see what we can do.
+```
+
+The `OlmMachine` state machine works in a push/pull manner:
+
+* You push state changes and events retrieved from a Matrix homeserver
+  `/sync` response, into the state machine,
+  
+* You pull requests that you will need to send back to the homeserver
+  out of the state machine.
+  
+```javascript
+const { OlmMachine, UserId, DeviceId, RoomId, DeviceLists } = require('./index.js');
+
+async function main() {
+    // Define a user ID.
+    const alice = new UserId('@alice:example.org');
+
+    // Define a device ID.
+    const device = new DeviceId('DEVICEID');
+
+    // Let's create the `OlmMachine` state machine.
+    const machine = await OlmMachine.initialize(alice, device);
+
+    // Let's pretend we have received changes and events from a
+    // `/sync` endpoint of a Matrix homeserver, …
+    const toDeviceEvents = "{}"; // JSON-encoded
+    const changedDevices = new DeviceLists();
+    const oneTimeKeyCounts = {};
+    const unusedFallbackKeys = [];
+
+    // … and push them into the state machine.
+    const decryptedToDevice = await machine.receiveSyncChanges(
+        toDeviceEvents,
+        changedDevices,
+        oneTimeKeyCounts,
+        unusedFallbackKeys,
+    );
+
+    // Now, let's pull requests that we need to send out to the Matrix
+    // homeserver.
+    const outgoingRequests = await machine.outgoingRequests();
+
+    // To complete the workflow, send the requests here out and call
+    // `machine.markRequestAsSent`.
+}
+
+main();
+```
+
+### With tracing (experimental)
+
+If you want to enable [tracing](https://tracing.rs), i.e. to get the
+logs, you should re-compile the extension with the `tracing` feature
+turned on:
+
+```sh
+$ npm run build -- --features tracing
+```
+
+Now, you can use the `MATRIX_LOG` environment variable to tweak the log filtering, such as:
+
+```sh
+$ MATRIX_LOG=debug npm run test
+```
+
+See
+[`tracing-subscriber`](https://tracing.rs/tracing_subscriber/index.html)
+to learn more about the `RUST_LOG`/`MATRIX_LOG` environment variable.
+
+## Documentation
+
+To generate the documentation, please run the following command:
+
+```sh
+$ npm run doc
+```
+
+The documentation is generated in the `./docs` directory.
+
+
+
+[Node.js]: https://nodejs.org/
+[`matrix-sdk-crypto`]: https://github.com/matrix-org/matrix-rust-sdk/tree/main/crates/matrix-sdk-crypto
+[`matrix-rust-sdk`]: https://github.com/matrix-org/matrix-rust-sdk
+[Matrix]: https://matrix.org/
+[Rust]: https://www.rust-lang.org/
+[npm]: https://www.npmjs.com/

bindings/matrix-sdk-crypto-nodejs/build.rs

@@ -0,0 +1,3 @@
+fn main() {
+    napi_build::setup();
+}

bindings/matrix-sdk-crypto-nodejs/cliff.toml

@@ -0,0 +1,59 @@
+# configuration file for git-cliff (0.1.0)
+
+[changelog]
+# changelog header
+header = """
+# Matrix SDK Crypto Node.js Changelog\n
+All notable changes to this project will be documented in this file.\n
+"""
+# template for the changelog body
+# https://tera.netlify.app/docs/#introduction
+body = """
+{% if version %}\
+    ## [{{ version | trim_start_matches(pat="v") }}] - {{ timestamp | date(format="%Y-%m-%d") }}
+{% else %}\
+    ## [unreleased]
+{% endif %}\
+{% for group, commits in commits | filter(attribute="scope", value="crypto-nodejs") | group_by(attribute="group") %}
+    ### {{ group | upper_first }}
+    {% for commit in commits %}
+        - {{ commit.id | truncate(length=7, end="") }}{% if commit.breaking %} [**breaking**] {% endif %}: {{ commit.message | upper_first }}\
+    {% endfor %}
+{% endfor %}\n
+"""
+# remove the leading and trailing whitespace from the template
+trim = true
+# changelog footer
+footer = """
+"""
+
+[git]
+# parse the commits based on https://www.conventionalcommits.org
+conventional_commits = true
+# filter out the commits that are not conventional
+filter_unconventional = true
+# regex for preprocessing the commit messages
+commit_preprocessors = [
+    { pattern = '\((\w+\s)?#([0-9]+)\)', replace = "([#${2}](https://github.com/matrix-org/matrix-rust-sdk/issues/${2}))"},
+]
+# regex for parsing and grouping commits
+commit_parsers = [
+    { message = "^feat", group = "Features"},
+    { message = "^fix", group = "Bug Fixes"},
+    { message = "^doc", group = "Documentation"},
+    { message = "^perf", group = "Performance"},
+    { message = "^test", group = "Testing"},
+    { body = ".*security", group = "Security"},
+]
+# filter out the commits that are not matched by commit parsers
+filter_commits = true
+# glob pattern for matching git tags
+tag_pattern = "v[0-9]*"
+# regex for skipping tags
+skip_tags = "v0.1.0-beta.1"
+# regex for ignoring tags
+ignore_tags = ""
+# sort the tags chronologically
+date_order = false
+# sort the commits inside sections by oldest/newest order
+sort_commits = "oldest"

bindings/matrix-sdk-crypto-nodejs/download-lib.js

@@ -0,0 +1,113 @@
+const { DownloaderHelper } = require('node-downloader-helper');
+const { version } = require("./package.json");
+const { platform, arch } = process
+
+const DOWNLOADS_BASE_URL = "https://github.com/matrix-org/matrix-rust-sdk/releases/download";
+const CURRENT_VERSION = `matrix-sdk-crypto-nodejs-${version}`;
+
+const byteHelper = function (value) {
+    if (value === 0) {
+        return '0 b';
+    }
+    const units = ['b', 'kB', 'MB', 'GB', 'TB'];
+    const number = Math.floor(Math.log(value) / Math.log(1024));
+    return (value / Math.pow(1024, Math.floor(number))).toFixed(1) + ' ' +
+        units[number];
+};
+
+function download_lib(libname) {
+    let startTime = new Date();
+
+    const url = `${DOWNLOADS_BASE_URL}/${CURRENT_VERSION}/${libname}`;
+    console.info(`Downloading lib ${libname} from ${url}`);
+    const dl = new DownloaderHelper(url, __dirname, {
+        override: true,
+    });
+
+    dl.on('end', () => console.info('Download Completed'));
+    dl.on('error', (err) => console.info('Download Failed', err));
+    dl.on('progress', stats => {
+        const progress = stats.progress.toFixed(1);
+        const speed = byteHelper(stats.speed);
+        const downloaded = byteHelper(stats.downloaded);
+        const total = byteHelper(stats.total);
+
+        // print every one second (`progress.throttled` can be used instead)
+        const currentTime = new Date();
+        const elaspsedTime = currentTime - startTime;
+        if (elaspsedTime > 1000) {
+            startTime = currentTime;
+            console.info(`${speed}/s - ${progress}% [${downloaded}/${total}]`);
+        }
+    });
+    dl.start().catch(err => console.error(err));
+}
+
+function isMusl() {
+  // For Node 10
+  if (!process.report || typeof process.report.getReport !== 'function') {
+    try {
+      return readFileSync('/usr/bin/ldd', 'utf8').includes('musl')
+    } catch (e) {
+      return true
+    }
+  } else {
+    const { glibcVersionRuntime } = process.report.getReport().header
+    return !glibcVersionRuntime
+  }
+}
+
+switch (platform) {
+  case 'win32':
+    switch (arch) {
+      case 'x64':
+        download_lib('matrix-sdk-crypto.win32-x64-msvc.node')
+        break
+      case 'ia32':
+        download_lib('matrix-sdk-crypto.win32-ia32-msvc.node')
+        break
+      case 'arm64':
+        download_lib('matrix-sdk-crypto.win32-arm64-msvc.node')
+        break
+      default:
+        throw new Error(`Unsupported architecture on Windows: ${arch}`)
+    }
+    break
+  case 'darwin':
+    switch (arch) {
+      case 'x64':
+        download_lib('matrix-sdk-crypto.darwin-x64.node')
+        break
+      case 'arm64':
+        download_lib('matrix-sdk-crypto.darwin-arm64.node')
+        break
+      default:
+        throw new Error(`Unsupported architecture on macOS: ${arch}`)
+    }
+    break
+  case 'linux':
+    switch (arch) {
+      case 'x64':
+        if (isMusl()) {
+          download_lib('matrix-sdk-crypto.linux-x64-musl.node')
+        } else {
+          download_lib('matrix-sdk-crypto.linux-x64-gnu.node')
+        }
+        break
+      case 'arm64':
+        if (isMusl()) {
+            throw new Error('Linux for arm64 musl isn\'t support at the moment')
+        } else {
+          download_lib('matrix-sdk-crypto.linux-arm64-gnu.node')
+        }
+        break
+      case 'arm':
+        download_lib('matrix-sdk-crypto.linux-arm-gnueabihf.node')
+        break
+      default:
+        throw new Error(`Unsupported architecture on Linux: ${arch}`)
+    }
+    break
+  default:
+    throw new Error(`Unsupported OS: ${platform}, architecture: ${arch}`)
+}

bindings/matrix-sdk-crypto-nodejs/package.json

@@ -0,0 +1,33 @@
+{
+    "name": "@matrix-org/matrix-sdk-crypto-nodejs",
+    "version": "0.1.0-beta.0",
+    "main": "index.js",
+    "types": "index.d.ts",
+    "napi": {
+        "name": "matrix-sdk-crypto",
+        "triples": {
+            "additional": [
+                "aarch64-apple-darwin"
+            ]
+        }
+    },
+    "license": "Apache-2.0",
+    "devDependencies": {
+        "@napi-rs/cli": "^2.9.0",
+        "jest": "^28.1.0",
+        "typedoc": "^0.22.17"
+    },
+    "engines": {
+        "node": ">= 14"
+    },
+    "scripts": {
+        "release-build": "napi build --platform --release --strip",
+        "build": "napi build --platform",
+        "postinstall": "node download-lib.js",
+        "test": "jest --verbose --testTimeout 10000",
+        "doc": "typedoc --tsconfig ."
+    },
+    "dependencies": {
+        "node-downloader-helper": "^2.1.1"
+    }
+}

bindings/matrix-sdk-crypto-nodejs/src/attachment.rs

@@ -0,0 +1,126 @@
+use std::{
+    io::{Cursor, Read},
+    ops::Deref,
+};
+
+use napi::bindgen_prelude::Uint8Array;
+use napi_derive::*;
+
+use crate::into_err;
+
+/// A type to encrypt and to decrypt anything that can fit in an
+/// `Uint8Array`, usually big buffer.
+#[napi]
+pub struct Attachment;
+
+#[napi]
+impl Attachment {
+    /// Encrypt the content of the `Uint8Array`.
+    ///
+    /// It produces an `EncryptedAttachment`, we can be used to
+    /// retrieve the media encryption information, or the encrypted
+    /// data.
+    #[napi]
+    pub fn encrypt(array: Uint8Array) -> napi::Result<EncryptedAttachment> {
+        let buffer: &[u8] = array.deref();
+
+        let mut cursor = Cursor::new(buffer);
+        let mut encryptor = matrix_sdk_crypto::AttachmentEncryptor::new(&mut cursor);
+
+        let mut encrypted_data = Vec::new();
+        encryptor.read_to_end(&mut encrypted_data).map_err(into_err)?;
+
+        let media_encryption_info = Some(encryptor.finish());
+
+        Ok(EncryptedAttachment {
+            encrypted_data: Uint8Array::new(encrypted_data),
+            media_encryption_info,
+        })
+    }
+
+    /// Decrypt an `EncryptedAttachment`.
+    ///
+    /// The encrypted attachment can be created manually, or from the
+    /// `encrypt` method.
+    ///
+    /// **Warning**: The encrypted attachment can be used only
+    /// **once**! The encrypted data will still be present, but the
+    /// media encryption info (which contain secrets) will be
+    /// destroyed. It is still possible to get a JSON-encoded backup
+    /// by calling `EncryptedAttachment.mediaEncryptionInfo`.
+    #[napi]
+    pub fn decrypt(attachment: &mut EncryptedAttachment) -> napi::Result<Uint8Array> {
+        let media_encryption_info = match attachment.media_encryption_info.take() {
+            Some(media_encryption_info) => media_encryption_info,
+            None => {
+                return Err(napi::Error::from_reason(
+                    "The media encryption info are absent from the given encrypted attachment"
+                        .to_string(),
+                ))
+            }
+        };
+
+        let encrypted_data: &[u8] = attachment.encrypted_data.deref();
+
+        let mut cursor = Cursor::new(encrypted_data);
+        let mut decryptor =
+            matrix_sdk_crypto::AttachmentDecryptor::new(&mut cursor, media_encryption_info)
+                .map_err(into_err)?;
+
+        let mut decrypted_data = Vec::new();
+        decryptor.read_to_end(&mut decrypted_data).map_err(into_err)?;
+
+        Ok(Uint8Array::new(decrypted_data))
+    }
+}
+
+/// An encrypted attachment, usually created from `Attachment.encrypt`.
+#[napi]
+pub struct EncryptedAttachment {
+    media_encryption_info: Option<matrix_sdk_crypto::MediaEncryptionInfo>,
+
+    /// The actual encrypted data.
+    pub encrypted_data: Uint8Array,
+}
+
+#[napi]
+impl EncryptedAttachment {
+    /// Create a new encrypted attachment manually.
+    ///
+    /// It needs encrypted data, stored in an `Uint8Array`, and a
+    /// [media encryption
+    /// information](https://docs.rs/matrix-sdk-crypto/latest/matrix_sdk_crypto/struct.MediaEncryptionInfo.html),
+    /// as a JSON-encoded string.
+    ///
+    /// The media encryption information aren't stored as a string:
+    /// they are parsed, validated and fully deserialized.
+    ///
+    /// See [the specification to learn
+    /// more](https://spec.matrix.org/unstable/client-server-api/#extensions-to-mroommessage-msgtypes).
+    #[napi(constructor)]
+    pub fn new(encrypted_data: Uint8Array, media_encryption_info: String) -> napi::Result<Self> {
+        Ok(Self {
+            encrypted_data,
+            media_encryption_info: Some(
+                serde_json::from_str(media_encryption_info.as_str()).map_err(into_err)?,
+            ),
+        })
+    }
+
+    /// Return the media encryption info as a JSON-encoded string. The
+    /// structure is fully valid.
+    ///
+    /// If the media encryption info have been consumed already, it
+    /// will return `null`.
+    #[napi(getter)]
+    pub fn media_encryption_info(&self) -> Option<String> {
+        serde_json::to_string(self.media_encryption_info.as_ref()?).ok()
+    }
+
+    /// Check whether the media encryption info has been consumed by
+    /// `Attachment.decrypt` already.
+    #[napi(getter)]
+    pub fn has_media_encryption_info_been_consumed(&self) -> bool {
+        self.media_encryption_info.is_none()
+    }
+}

bindings/matrix-sdk-crypto-nodejs/src/encryption.rs

@@ -0,0 +1,127 @@
+use std::time::Duration;
+
+use napi::bindgen_prelude::{BigInt, ToNapiValue};
+use napi_derive::*;
+
+use crate::events;
+
+/// An encryption algorithm to be used to encrypt messages sent to a
+/// room.
+#[napi]
+pub enum EncryptionAlgorithm {
+    /// Olm version 1 using Curve25519, AES-256, and SHA-256.
+    OlmV1Curve25519AesSha2,
+
+    /// Megolm version 1 using AES-256 and SHA-256.
+    MegolmV1AesSha2,
+}
+
+impl From<EncryptionAlgorithm> for ruma::EventEncryptionAlgorithm {
+    fn from(value: EncryptionAlgorithm) -> Self {
+        use EncryptionAlgorithm::*;
+
+        match value {
+            OlmV1Curve25519AesSha2 => Self::OlmV1Curve25519AesSha2,
+            MegolmV1AesSha2 => Self::MegolmV1AesSha2,
+        }
+    }
+}
+
+impl From<ruma::EventEncryptionAlgorithm> for EncryptionAlgorithm {
+    fn from(value: ruma::EventEncryptionAlgorithm) -> Self {
+        use ruma::EventEncryptionAlgorithm::*;
+
+        match value {
+            OlmV1Curve25519AesSha2 => Self::OlmV1Curve25519AesSha2,
+            MegolmV1AesSha2 => Self::MegolmV1AesSha2,
+            _ => unreachable!("Unknown variant"),
+        }
+    }
+}
+
+/// Settings for an encrypted room.
+///
+/// This determines the algorithm and rotation periods of a group
+/// session.
+#[napi]
+pub struct EncryptionSettings {
+    /// The encryption algorithm that should be used in the room.
+    pub algorithm: EncryptionAlgorithm,
+
+    /// How long the session should be used before changing it,
+    /// expressed in microseconds.
+    pub rotation_period: BigInt,
+
+    /// How many messages should be sent before changing the session.
+    pub rotation_period_messages: BigInt,
+
+    /// The history visibility of the room when the session was
+    /// created.
+    pub history_visibility: events::HistoryVisibility,
+}
+
+impl Default for EncryptionSettings {
+    fn default() -> Self {
+        let default = matrix_sdk_crypto::olm::EncryptionSettings::default();
+
+        Self {
+            algorithm: default.algorithm.into(),
+            rotation_period: {
+                let n: u64 = default.rotation_period.as_micros().try_into().unwrap();
+
+                n.into()
+            },
+            rotation_period_messages: {
+                let n = default.rotation_period_msgs;
+
+                n.into()
+            },
+            history_visibility: default.history_visibility.into(),
+        }
+    }
+}
+
+#[napi]
+impl EncryptionSettings {
+    /// Create a new `EncryptionSettings` with default values.
+    #[napi(constructor)]
+    pub fn new() -> EncryptionSettings {
+        Self::default()
+    }
+}
+
+impl From<&EncryptionSettings> for matrix_sdk_crypto::olm::EncryptionSettings {
+    fn from(value: &EncryptionSettings) -> Self {
+        Self {
+            algorithm: value.algorithm.into(),
+            rotation_period: Duration::from_micros(value.rotation_period.get_u64().1),
+            rotation_period_msgs: value.rotation_period_messages.get_u64().1,
+            history_visibility: value.history_visibility.into(),
+        }
+    }
+}
+
+/// The verification state of the device that sent an event to us.
+#[napi]
+pub enum VerificationState {
+    /// The device is trusted.
+    Trusted,
+
+    /// The device is not trusted.
+    Untrusted,
+
+    /// The device is not known to us.
+    UnknownDevice,
+}
+
+impl From<&matrix_sdk_common::deserialized_responses::VerificationState> for VerificationState {
+    fn from(value: &matrix_sdk_common::deserialized_responses::VerificationState) -> Self {
+        use matrix_sdk_common::deserialized_responses::VerificationState::*;
+
+        match value {
+            Trusted => Self::Trusted,
+            Untrusted => Self::Untrusted,
+            UnknownDevice => Self::UnknownDevice,
+        }
+    }
+}

bindings/matrix-sdk-crypto-nodejs/src/errors.rs

@@ -0,0 +1,28 @@
+/// Generic error wrapping `napi::Error`.
+#[derive(Debug)]
+pub struct Error(napi::Error);
+
+impl<E> From<E> for Error
+where
+    E: std::error::Error,
+{
+    fn from(error: E) -> Self {
+        Self(napi::Error::from_reason(error.to_string()))
+    }
+}
+
+impl From<Error> for napi::Error {
+    #[inline]
+    fn from(value: Error) -> Self {
+        value.0
+    }
+}
+
+/// Helper to replace the `E` to `Error` to `napi::Error` conversion.
+#[inline]
+pub fn into_err<E>(error: E) -> napi::Error
+where
+    E: std::error::Error,
+{
+    Error::from(error).into()
+}

bindings/matrix-sdk-crypto-nodejs/src/events.rs

@@ -0,0 +1,62 @@
+//! Types related to events.
+
+use napi::bindgen_prelude::ToNapiValue;
+use napi_derive::*;
+use ruma::events::room::history_visibility::HistoryVisibility as RumaHistoryVisibility;
+
+/// Who can see a room's history.
+#[napi]
+#[derive(Debug)]
+pub enum HistoryVisibility {
+    /// Previous events are accessible to newly joined members from
+    /// the point they were invited onwards.
+    ///
+    /// Events stop being accessible when the member's state changes
+    /// to something other than *invite* or *join*.
+    Invited,
+
+    /// Previous events are accessible to newly joined members from
+    /// the point they joined the room onwards.
+    ///
+    /// Events stop being accessible when the member's state changes
+    /// to something other than *join*.
+    Joined,
+
+    /// Previous events are always accessible to newly joined members.
+    ///
+    /// All events in the room are accessible, even those sent when
+    /// the member was not a part of the room.
+    Shared,
+
+    /// All events while this is the `HistoryVisibility` value may be
+    /// shared by any participating homeserver with anyone, regardless
+    /// of whether they have ever joined the room.
+    WorldReadable,
+}
+
+impl From<HistoryVisibility> for RumaHistoryVisibility {
+    fn from(value: HistoryVisibility) -> Self {
+        use HistoryVisibility::*;
+
+        match value {
+            Invited => Self::Invited,
+            Joined => Self::Joined,
+            Shared => Self::Shared,
+            WorldReadable => Self::WorldReadable,
+        }
+    }
+}
+
+impl From<RumaHistoryVisibility> for HistoryVisibility {
+    fn from(value: RumaHistoryVisibility) -> Self {
+        use RumaHistoryVisibility::*;
+
+        match value {
+            Invited => Self::Invited,
+            Joined => Self::Joined,
+            Shared => Self::Shared,
+            WorldReadable => Self::WorldReadable,
+            _ => unreachable!("Unknown variant"),
+        }
+    }
+}

bindings/matrix-sdk-crypto-nodejs/src/identifiers.rs

@@ -0,0 +1,281 @@
+//! Types for [Matrix](https://matrix.org/) identifiers for devices,
+//! events, keys, rooms, servers, users and URIs.
+
+use napi::bindgen_prelude::ToNapiValue;
+use napi_derive::*;
+
+use crate::into_err;
+
+/// A Matrix [user ID].
+///
+/// [user ID]: https://spec.matrix.org/v1.2/appendices/#user-identifiers
+#[napi]
+#[derive(Debug, Clone)]
+pub struct UserId {
+    pub(crate) inner: ruma::OwnedUserId,
+}
+
+impl From<ruma::OwnedUserId> for UserId {
+    fn from(inner: ruma::OwnedUserId) -> Self {
+        Self { inner }
+    }
+}
+
+#[napi]
+impl UserId {
+    /// Parse/validate and create a new `UserId`.
+    #[napi(constructor, strict)]
+    pub fn new(id: String) -> napi::Result<Self> {
+        Ok(Self::from(ruma::UserId::parse(id.as_str()).map_err(into_err)?))
+    }
+
+    /// Returns the user's localpart.
+    #[napi(getter)]
+    pub fn localpart(&self) -> String {
+        self.inner.localpart().to_owned()
+    }
+
+    /// Returns the server name of the user ID.
+    #[napi(getter)]
+    pub fn server_name(&self) -> ServerName {
+        ServerName { inner: self.inner.server_name().to_owned() }
+    }
+
+    /// Whether this user ID is a historical one.
+    ///
+    /// A historical user ID is one that doesn't conform to the latest
+    /// specification of the user ID grammar but is still accepted
+    /// because it was previously allowed.
+    #[napi]
+    pub fn is_historical(&self) -> bool {
+        self.inner.is_historical()
+    }
+
+    /// Return the user ID as a string.
+    #[napi]
+    #[allow(clippy::inherent_to_string)]
+    pub fn to_string(&self) -> String {
+        self.inner.as_str().to_owned()
+    }
+}
+
+/// A Matrix device ID.
+///
+/// Device identifiers in Matrix are completely opaque character
+/// sequences. This type is provided simply for its semantic value.
+#[napi]
+#[derive(Debug, Clone)]
+pub struct DeviceId {
+    pub(crate) inner: ruma::OwnedDeviceId,
+}
+
+impl From<ruma::OwnedDeviceId> for DeviceId {
+    fn from(inner: ruma::OwnedDeviceId) -> Self {
+        Self { inner }
+    }
+}
+
+#[napi]
+impl DeviceId {
+    /// Create a new `DeviceId`.
+    #[napi(constructor, strict)]
+    pub fn new(id: String) -> Self {
+        Self::from(Into::<ruma::OwnedDeviceId>::into(id))
+    }
+
+    /// Return the device ID as a string.
+    #[napi]
+    #[allow(clippy::inherent_to_string)]
+    pub fn to_string(&self) -> String {
+        self.inner.as_str().to_owned()
+    }
+}
+
+/// A Matrix device key ID.
+///
+/// A key algorithm and a device ID, combined with a ‘:’.
+#[napi]
+#[derive(Debug, Clone)]
+pub struct DeviceKeyId {
+    pub(crate) inner: ruma::OwnedDeviceKeyId,
+}
+
+impl From<ruma::OwnedDeviceKeyId> for DeviceKeyId {
+    fn from(inner: ruma::OwnedDeviceKeyId) -> Self {
+        Self { inner }
+    }
+}
+
+#[napi]
+impl DeviceKeyId {
+    /// Parse/validate and create a new `DeviceKeyId`.
+    #[napi(constructor, strict)]
+    pub fn new(id: String) -> napi::Result<Self> {
+        Ok(Self::from(ruma::DeviceKeyId::parse(id.as_str()).map_err(into_err)?))
+    }
+
+    /// Returns key algorithm of the device key ID.
+    #[napi(getter)]
+    pub fn algorithm(&self) -> DeviceKeyAlgorithm {
+        self.inner.algorithm().into()
+    }
+
+    /// Returns device ID of the device key ID.
+    #[napi(getter)]
+    pub fn device_id(&self) -> DeviceId {
+        self.inner.device_id().to_owned().into()
+    }
+
+    /// Return the device key ID as a string.
+    #[napi]
+    #[allow(clippy::inherent_to_string)]
+    pub fn to_string(&self) -> String {
+        self.inner.to_string()
+    }
+}
+
+/// The basic key algorithms in the specification.
+#[napi]
+pub struct DeviceKeyAlgorithm {
+    inner: ruma::DeviceKeyAlgorithm,
+}
+
+impl From<ruma::DeviceKeyAlgorithm> for DeviceKeyAlgorithm {
+    fn from(inner: ruma::DeviceKeyAlgorithm) -> Self {
+        Self { inner }
+    }
+}
+
+#[napi]
+impl DeviceKeyAlgorithm {
+    /// Read the device key algorithm's name. If the name is
+    /// `Unknown`, one may be interested by the `to_string` method to
+    /// read the original name.
+    #[napi(getter)]
+    pub fn name(&self) -> DeviceKeyAlgorithmName {
+        self.inner.clone().into()
+    }
+
+    /// Return the device key algorithm as a string.
+    #[napi]
+    #[allow(clippy::inherent_to_string)]
+    pub fn to_string(&self) -> String {
+        self.inner.to_string()
+    }
+}
+
+/// The basic key algorithm names in the specification.
+#[napi]
+pub enum DeviceKeyAlgorithmName {
+    /// The Ed25519 signature algorithm.
+    Ed25519,
+
+    /// The Curve25519 ECDH algorithm.
+    Curve25519,
+
+    /// The Curve25519 ECDH algorithm, but the key also contains
+    /// signatures.
+    SignedCurve25519,
+
+    /// An unknown device key algorithm.
+    Unknown,
+}
+
+impl From<ruma::DeviceKeyAlgorithm> for DeviceKeyAlgorithmName {
+    fn from(value: ruma::DeviceKeyAlgorithm) -> Self {
+        use ruma::DeviceKeyAlgorithm::*;
+
+        match value {
+            Ed25519 => Self::Ed25519,
+            Curve25519 => Self::Curve25519,
+            SignedCurve25519 => Self::SignedCurve25519,
+            _ => Self::Unknown,
+        }
+    }
+}
+
+/// A Matrix [room ID].
+///
+/// [room ID]: https://spec.matrix.org/v1.2/appendices/#room-ids-and-event-ids
+#[napi]
+#[derive(Debug, Clone)]
+pub struct RoomId {
+    pub(crate) inner: ruma::OwnedRoomId,
+}
+
+impl From<ruma::OwnedRoomId> for RoomId {
+    fn from(inner: ruma::OwnedRoomId) -> Self {
+        Self { inner }
+    }
+}
+
+#[napi]
+impl RoomId {
+    /// Parse/validate and create a new `RoomId`.
+    #[napi(constructor, strict)]
+    pub fn new(id: String) -> napi::Result<Self> {
+        Ok(Self::from(ruma::RoomId::parse(id).map_err(into_err)?))
+    }
+
+    /// Returns the user's localpart.
+    #[napi(getter)]
+    pub fn localpart(&self) -> String {
+        self.inner.localpart().to_owned()
+    }
+
+    /// Returns the server name of the room ID.
+    #[napi(getter)]
+    pub fn server_name(&self) -> ServerName {
+        ServerName { inner: self.inner.server_name().to_owned() }
+    }
+
+    /// Return the room ID as a string.
+    #[napi]
+    #[allow(clippy::inherent_to_string)]
+    pub fn to_string(&self) -> String {
+        self.inner.as_str().to_owned()
+    }
+}
+
+/// A Matrix-spec compliant [server name].
+///
+/// It consists of a host and an optional port (separated by a colon if
+/// present).
+///
+/// [server name]: https://spec.matrix.org/v1.2/appendices/#server-name
+#[napi]
+#[derive(Debug)]
+pub struct ServerName {
+    inner: ruma::OwnedServerName,
+}
+
+#[napi]
+impl ServerName {
+    /// Parse/validate and create a new `ServerName`.
+    #[napi(constructor, strict)]
+    pub fn new(name: String) -> napi::Result<Self> {
+        Ok(Self { inner: ruma::ServerName::parse(name).map_err(into_err)? })
+    }
+
+    /// Returns the host of the server name.
+    ///
+    /// That is: Return the part of the server before `:<port>` or the
+    /// full server name if there is no port.
+    #[napi(getter)]
+    pub fn host(&self) -> String {
+        self.inner.host().to_owned()
+    }
+
+    /// Returns the port of the server name if any.
+    #[napi(getter)]
+    pub fn port(&self) -> Option<u16> {
+        self.inner.port()
+    }
+
+    /// Returns true if and only if the server name is an IPv4 or IPv6
+    /// address.
+    #[napi]
+    pub fn is_ip_literal(&self) -> bool {
+        self.inner.is_ip_literal()
+    }
+}

bindings/matrix-sdk-crypto-nodejs/src/lib.rs

@@ -0,0 +1,34 @@
+// Copyright 2022 The Matrix.org Foundation C.I.C.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#![doc = include_str!("../README.md")]
+#![cfg_attr(docsrs, feature(doc_auto_cfg))]
+//#![warn(missing_docs, missing_debug_implementations)]
+
+pub mod attachment;
+pub mod encryption;
+mod errors;
+pub mod events;
+pub mod identifiers;
+pub mod machine;
+pub mod olm;
+pub mod requests;
+pub mod responses;
+pub mod sync_events;
+#[cfg(feature = "tracing")]
+pub mod tracing;
+pub mod types;
+pub mod vodozemac;
+
+use crate::errors::into_err;

bindings/matrix-sdk-crypto-nodejs/src/machine.rs

@@ -0,0 +1,416 @@
+//! The crypto specific Olm objects.
+
+use std::{
+    collections::{BTreeMap, HashMap},
+    sync::Arc,
+};
+
+use napi::bindgen_prelude::Either7;
+use napi_derive::*;
+use ruma::{
+    events::room::encrypted::OriginalSyncRoomEncryptedEvent, DeviceKeyAlgorithm,
+    OwnedTransactionId, UInt,
+};
+use serde_json::Value as JsonValue;
+use zeroize::Zeroize;
+
+use crate::{
+    encryption, identifiers, into_err, olm, requests, responses, responses::response_from_string,
+    sync_events, types, vodozemac,
+};
+
+/// State machine implementation of the Olm/Megolm encryption protocol
+/// used for Matrix end to end encryption.
+#[napi]
+pub struct OlmMachine {
+    inner: matrix_sdk_crypto::OlmMachine,
+}
+
+#[napi]
+impl OlmMachine {
+    // JavaScript doesn't support asynchronous constructor. So let's
+    // use a factory pattern, where the constructor cannot be used (it
+    // returns an error), and a new method is provided to construct
+    // the object. napi provides `#[napi(factory)]` to address those
+    // needs automatically. Unfortunately, it doesn't support
+    // asynchronous factory methods.
+    //
+    // So let's do this manually. The `initialize` async method _is_
+    // the factory function. We also manually implement the
+    // constructor to raise an error when called.
+
+    /// Create a new memory-based `OlmMachine` asynchronously.
+    ///
+    /// The persistence of the encryption keys and all the inner
+    /// objects are controlled by the `store_path` argument.
+    ///
+    /// # Arguments
+    ///
+    /// * `user_id`, the unique ID of the user that owns this machine.
+    /// * `device_id`, the unique id of the device that owns this machine.
+    /// * `store_path`, the path to a directory where the state of the machine
+    ///   should be persisted; if not set, the created machine will keep the
+    ///   encryption keys only in memory, and once the object is dropped, the
+    ///   keys will be lost.
+    /// * `store_passphrase`, the passphrase that should be used to encrypt the
+    ///   data at rest in the store. **Warning**, if no passphrase is given, the
+    ///   store and all its data will remain unencrypted. This argument is
+    ///   ignored if `store_path` is not set.
+    #[napi(strict)]
+    pub async fn initialize(
+        user_id: &identifiers::UserId,
+        device_id: &identifiers::DeviceId,
+        store_path: Option<String>,
+        mut store_passphrase: Option<String>,
+    ) -> napi::Result<OlmMachine> {
+        let user_id = user_id.clone();
+        let device_id = device_id.clone();
+
+        let store = store_path
+            .map(|store_path| {
+                matrix_sdk_sled::CryptoStore::open_with_passphrase(
+                    store_path,
+                    store_passphrase.as_deref(),
+                )
+                .map(Arc::new)
+                .map_err(into_err)
+            })
+            .transpose()?;
+
+        store_passphrase.zeroize();
+
+        Ok(OlmMachine {
+            inner: match store {
+                Some(store) => matrix_sdk_crypto::OlmMachine::with_store(
+                    user_id.inner.as_ref(),
+                    device_id.inner.as_ref(),
+                    store,
+                )
+                .await
+                .map_err(into_err)?,
+                None => {
+                    matrix_sdk_crypto::OlmMachine::new(
+                        user_id.inner.as_ref(),
+                        device_id.inner.as_ref(),
+                    )
+                    .await
+                }
+            },
+        })
+    }
+
+    /// It's not possible to construct an `OlmMachine` with its
+    /// constructor because building an `OlmMachine` is
+    /// asynchronous. Please use the `finalize` method.
+    #[napi(constructor)]
+    #[allow(clippy::new_ret_no_self)]
+    pub fn new() -> napi::Result<()> {
+        Err(napi::Error::from_reason(
+            "To build an `OldMachine`, please use the `initialize` method",
+        ))
+    }
+
+    /// The unique user ID that owns this `OlmMachine` instance.
+    #[napi(getter)]
+    pub fn user_id(&self) -> identifiers::UserId {
+        identifiers::UserId::from(self.inner.user_id().to_owned())
+    }
+
+    /// The unique device ID that identifies this `OlmMachine`.
+    #[napi(getter)]
+    pub fn device_id(&self) -> identifiers::DeviceId {
+        identifiers::DeviceId::from(self.inner.device_id().to_owned())
+    }
+
+    /// Get the public parts of our Olm identity keys.
+    #[napi(getter)]
+    pub fn identity_keys(&self) -> vodozemac::IdentityKeys {
+        self.inner.identity_keys().into()
+    }
+
+    /// Handle a to-device and one-time key counts from a sync response.
+    ///
+    /// This will decrypt and handle to-device events returning the
+    /// decrypted versions of them, as a JSON-encoded string.
+    ///
+    /// To decrypt an event from the room timeline, please use
+    /// `decrypt_room_event`.
+    ///
+    /// # Arguments
+    ///
+    /// * `to_device_events`, thhe to-device events of the current sync
+    ///   response.
+    /// * `changed_devices`, the list of devices that changed in this sync
+    ///   response.
+    /// * `one_time_keys_count`, the current one-time keys counts that the sync
+    ///   response returned.
+    #[napi(strict)]
+    pub async fn receive_sync_changes(
+        &self,
+        to_device_events: String,
+        changed_devices: &sync_events::DeviceLists,
+        one_time_key_counts: HashMap<String, u32>,
+        unused_fallback_keys: Vec<String>,
+    ) -> napi::Result<String> {
+        let to_device_events = serde_json::from_str(to_device_events.as_ref()).map_err(into_err)?;
+        let changed_devices = changed_devices.inner.clone();
+        let one_time_key_counts = one_time_key_counts
+            .iter()
+            .map(|(key, value)| (DeviceKeyAlgorithm::from(key.as_str()), UInt::from(*value)))
+            .collect::<BTreeMap<_, _>>();
+        let unused_fallback_keys = Some(
+            unused_fallback_keys
+                .into_iter()
+                .map(|key| DeviceKeyAlgorithm::from(key.as_str()))
+                .collect::<Vec<_>>(),
+        );
+
+        serde_json::to_string(
+            &self
+                .inner
+                .receive_sync_changes(
+                    to_device_events,
+                    &changed_devices,
+                    &one_time_key_counts,
+                    unused_fallback_keys.as_deref(),
+                )
+                .await
+                .map_err(into_err)?,
+        )
+        .map_err(into_err)
+    }
+
+    /// Get the outgoing requests that need to be sent out.
+    ///
+    /// This returns a list of `KeysUploadRequest`, or
+    /// `KeysQueryRequest`, or `KeysClaimRequest`, or
+    /// `ToDeviceRequest`, or `SignatureUploadRequest`, or
+    /// `RoomMessageRequest`, or `KeysBackupRequest`. Those requests
+    /// need to be sent out to the server and the responses need to be
+    /// passed back to the state machine using `mark_request_as_sent`.
+    #[napi]
+    pub async fn outgoing_requests(
+        &self,
+    ) -> napi::Result<
+        Vec<
+            // We could be tempted to use `requests::OutgoingRequests` as its
+            // a type alias for this giant `Either7`. But `napi` won't unfold
+            // it properly into a valid TypeScript definition, so…  let's
+            // copy-paste :-(.
+            Either7<
+                requests::KeysUploadRequest,
+                requests::KeysQueryRequest,
+                requests::KeysClaimRequest,
+                requests::ToDeviceRequest,
+                requests::SignatureUploadRequest,
+                requests::RoomMessageRequest,
+                requests::KeysBackupRequest,
+            >,
+        >,
+    > {
+        self.inner
+            .outgoing_requests()
+            .await
+            .map_err(into_err)?
+            .into_iter()
+            .map(requests::OutgoingRequest)
+            .map(TryFrom::try_from)
+            .collect()
+    }
+
+    /// Mark the request with the given request ID as sent.
+    ///
+    /// # Arguments
+    ///
+    /// * `request_id`, the unique ID of the request that was sent out. This is
+    ///   needed to couple the response with the now sent out request.
+    /// * `request_type`, the request type associated to the request ID.
+    /// * `response`, the response that was received from the server after the
+    ///   outgoing request was sent out.
+    #[napi(strict)]
+    pub async fn mark_request_as_sent(
+        &self,
+        request_id: String,
+        request_type: requests::RequestType,
+        response: String,
+    ) -> napi::Result<bool> {
+        let transaction_id = OwnedTransactionId::from(request_id);
+        let response = response_from_string(response.as_str()).map_err(into_err)?;
+        let incoming_response = responses::OwnedResponse::try_from((request_type, response))?;
+
+        self.inner
+            .mark_request_as_sent(&transaction_id, &incoming_response)
+            .await
+            .map(|_| true)
+            .map_err(into_err)
+    }
+
+    /// Get the a key claiming request for the user/device pairs that
+    /// we are missing Olm sessions for.
+    ///
+    /// Returns `null` if no key claiming request needs to be sent
+    /// out.
+    ///
+    /// Sessions need to be established between devices so group
+    /// sessions for a room can be shared with them.
+    ///
+    /// This should be called every time a group session needs to be
+    /// shared as well as between sync calls. After a sync some
+    /// devices may request room keys without us having a valid Olm
+    /// session with them, making it impossible to server the room key
+    /// request, thus it’s necessary to check for missing sessions
+    /// between sync as well.
+    ///
+    /// Note: Care should be taken that only one such request at a
+    /// time is in flight, e.g. using a lock.
+    ///
+    /// The response of a successful key claiming requests needs to be
+    /// passed to the `OlmMachine` with the `mark_request_as_sent`.
+    ///
+    /// # Arguments
+    ///
+    /// * `users`, the list of users that we should check if we lack a session
+    ///   with one of their devices. This can be an empty array or `null` when
+    ///   calling this method between sync requests.
+    #[napi(strict)]
+    pub async fn get_missing_sessions(
+        &self,
+        users: Option<Vec<&identifiers::UserId>>,
+    ) -> napi::Result<Option<requests::KeysClaimRequest>> {
+        let users = users
+            .unwrap_or_default()
+            .into_iter()
+            .map(|user| user.inner.clone())
+            .collect::<Vec<_>>();
+
+        match self
+            .inner
+            .get_missing_sessions(users.iter().map(AsRef::as_ref))
+            .await
+            .map_err(into_err)?
+        {
+            Some((transaction_id, keys_claim_request)) => Ok(Some(
+                requests::KeysClaimRequest::try_from((
+                    transaction_id.to_string(),
+                    &keys_claim_request,
+                ))
+                .map_err(into_err)?,
+            )),
+
+            None => Ok(None),
+        }
+    }
+
+    /// Update the tracked users.
+    ///
+    /// This will mark users that weren’t seen before for a key query
+    /// and tracking.
+    ///
+    /// If the user is already known to the Olm machine it will not be
+    /// considered for a key query.
+    ///
+    /// # Arguments
+    ///
+    /// * `users`, an array over user IDs that should be marked for tracking.
+    #[napi(strict)]
+    pub async fn update_tracked_users(&self, users: Vec<&identifiers::UserId>) {
+        let users = users.into_iter().map(|user| user.inner.clone()).collect::<Vec<_>>();
+
+        self.inner.update_tracked_users(users.iter().map(AsRef::as_ref)).await;
+    }
+
+    /// Get to-device requests to share a room key with users in a room.
+    ///
+    /// # Arguments
+    ///
+    /// * `room_id`, the room ID of the room where the room key will be used.
+    /// * `users`, the list of users that should receive the room key.
+    /// * `encryption_settings`, the encryption settings.
+    #[napi(strict)]
+    pub async fn share_room_key(
+        &self,
+        room_id: &identifiers::RoomId,
+        users: Vec<&identifiers::UserId>,
+        encryption_settings: &encryption::EncryptionSettings,
+    ) -> napi::Result<String> {
+        let room_id = room_id.inner.clone();
+        let users = users.into_iter().map(|user| user.inner.clone()).collect::<Vec<_>>();
+        let encryption_settings =
+            matrix_sdk_crypto::olm::EncryptionSettings::from(encryption_settings);
+
+        serde_json::to_string(
+            &self
+                .inner
+                .share_room_key(&room_id, users.iter().map(AsRef::as_ref), encryption_settings)
+                .await
+                .map_err(into_err)?,
+        )
+        .map_err(into_err)
+    }
+
+    /// Encrypt a JSON-encoded content for the given room.
+    ///
+    /// # Arguments
+    ///
+    /// * `room_id`, the ID of the room for which the message should be
+    ///   encrypted.
+    /// * `event_type`, the plaintext type of the event.
+    /// * `content`, the JSON-encoded content of the message that should be
+    ///   encrypted.
+    #[napi(strict)]
+    pub async fn encrypt_room_event(
+        &self,
+        room_id: &identifiers::RoomId,
+        event_type: String,
+        content: String,
+    ) -> napi::Result<String> {
+        let room_id = room_id.inner.clone();
+        let content: JsonValue = serde_json::from_str(content.as_str()).map_err(into_err)?;
+
+        serde_json::to_string(
+            &self
+                .inner
+                .encrypt_room_event_raw(&room_id, content, event_type.as_ref())
+                .await
+                .map_err(into_err)?,
+        )
+        .map_err(into_err)
+    }
+
+    /// Decrypt an event from a room timeline.
+    ///
+    /// # Arguments
+    ///
+    /// * `event`, the event that should be decrypted.
+    /// * `room_id`, the ID of the room where the event was sent to.
+    #[napi(strict)]
+    pub async fn decrypt_room_event(
+        &self,
+        event: String,
+        room_id: &identifiers::RoomId,
+    ) -> napi::Result<responses::DecryptedRoomEvent> {
+        let event: OriginalSyncRoomEncryptedEvent =
+            serde_json::from_str(event.as_str()).map_err(into_err)?;
+        let room_id = room_id.inner.clone();
+
+        let room_event = self.inner.decrypt_room_event(&event, &room_id).await.map_err(into_err)?;
+
+        Ok(room_event.into())
+    }
+
+    /// Get the status of the private cross signing keys.
+    ///
+    /// This can be used to check which private cross signing keys we
+    /// have stored locally.
+    #[napi]
+    pub async fn cross_signing_status(&self) -> olm::CrossSigningStatus {
+        self.inner.cross_signing_status().await.into()
+    }
+
+    /// Sign the given message using our device key and if available
+    /// cross-signing master key.
+    #[napi(strict)]
+    pub async fn sign(&self, message: String) -> types::Signatures {
+        self.inner.sign(message.as_str()).await.into()
+    }
+}

bindings/matrix-sdk-crypto-nodejs/src/olm.rs

@@ -0,0 +1,40 @@
+//! Olm types.
+
+use napi_derive::*;
+
+/// Struct representing the state of our private cross signing keys,
+/// it shows which private cross signing keys we have locally stored.
+#[napi]
+#[derive(Debug)]
+pub struct CrossSigningStatus {
+    inner: matrix_sdk_crypto::olm::CrossSigningStatus,
+}
+
+impl From<matrix_sdk_crypto::olm::CrossSigningStatus> for CrossSigningStatus {
+    fn from(inner: matrix_sdk_crypto::olm::CrossSigningStatus) -> Self {
+        Self { inner }
+    }
+}
+
+#[napi]
+impl CrossSigningStatus {
+    /// Do we have the master key.
+    #[napi(getter)]
+    pub fn has_master(&self) -> bool {
+        self.inner.has_master
+    }
+
+    /// Do we have the self signing key, this one is necessary to sign
+    /// our own devices.
+    #[napi(getter)]
+    pub fn has_self_signing(&self) -> bool {
+        self.inner.has_self_signing
+    }
+
+    /// Do we have the user signing key, this one is necessary to sign
+    /// other users.
+    #[napi(getter)]
+    pub fn has_user_signing(&self) -> bool {
+        self.inner.has_user_signing
+    }
+}

bindings/matrix-sdk-crypto-nodejs/src/requests.rs

@@ -0,0 +1,338 @@
+//! Types to handle requests.
+
+use std::time::Duration;
+
+use matrix_sdk_crypto::requests::{
+    KeysBackupRequest as RumaKeysBackupRequest, KeysQueryRequest as RumaKeysQueryRequest,
+    RoomMessageRequest as RumaRoomMessageRequest, ToDeviceRequest as RumaToDeviceRequest,
+};
+use napi::bindgen_prelude::{Either7, ToNapiValue};
+use napi_derive::*;
+use ruma::api::client::keys::{
+    claim_keys::v3::Request as RumaKeysClaimRequest,
+    upload_keys::v3::Request as RumaKeysUploadRequest,
+    upload_signatures::v3::Request as RumaSignatureUploadRequest,
+};
+
+use crate::into_err;
+
+/// Data for a request to the `/keys/upload` API endpoint
+/// ([specification]).
+///
+/// Publishes end-to-end encryption keys for the device.
+///
+/// [specification]: https://spec.matrix.org/unstable/client-server-api/#post_matrixclientv3keysupload
+#[napi]
+pub struct KeysUploadRequest {
+    /// The request ID.
+    #[napi(readonly)]
+    pub id: String,
+
+    /// A JSON-encoded object of form:
+    ///
+    /// ```json
+    /// {"device_keys": …, "one_time_keys": …, "fallback_keys": …}
+    /// ```
+    #[napi(readonly)]
+    pub body: String,
+}
+
+#[napi]
+impl KeysUploadRequest {
+    /// Get its request type.
+    #[napi(getter, js_name = "type")]
+    pub fn request_type(&self) -> RequestType {
+        RequestType::KeysUpload
+    }
+}
+
+/// Data for a request to the `/keys/query` API endpoint
+/// ([specification]).
+///
+/// Returns the current devices and identity keys for the given users.
+///
+/// [specification]: https://spec.matrix.org/unstable/client-server-api/#post_matrixclientv3keysquery
+#[napi]
+pub struct KeysQueryRequest {
+    /// The request ID.
+    #[napi(readonly)]
+    pub id: String,
+
+    /// A JSON-encoded object of form:
+    ///
+    /// ```json
+    /// {"timeout": …, "device_keys": …, "token": …}
+    /// ```
+    #[napi(readonly)]
+    pub body: String,
+}
+
+#[napi]
+impl KeysQueryRequest {
+    /// Get its request type.
+    #[napi(getter, js_name = "type")]
+    pub fn request_type(&self) -> RequestType {
+        RequestType::KeysQuery
+    }
+}
+
+/// Data for a request to the `/keys/claim` API endpoint
+/// ([specification]).
+///
+/// Claims one-time keys that can be used to establish 1-to-1 E2EE
+/// sessions.
+///
+/// [specification]: https://spec.matrix.org/unstable/client-server-api/#post_matrixclientv3keysclaim
+#[napi]
+pub struct KeysClaimRequest {
+    /// The request ID.
+    #[napi(readonly)]
+    pub id: String,
+
+    /// A JSON-encoded object of form:
+    ///
+    /// ```json
+    /// {"timeout": …, "one_time_keys": …}
+    /// ```
+    #[napi(readonly)]
+    pub body: String,
+}
+
+#[napi]
+impl KeysClaimRequest {
+    /// Get its request type.
+    #[napi(getter, js_name = "type")]
+    pub fn request_type(&self) -> RequestType {
+        RequestType::KeysClaim
+    }
+}
+
+/// Data for a request to the `/sendToDevice` API endpoint
+/// ([specification]).
+///
+/// Send an event to a single device or to a group of devices.
+///
+/// [specification]: https://spec.matrix.org/unstable/client-server-api/#put_matrixclientv3sendtodeviceeventtypetxnid
+#[napi]
+pub struct ToDeviceRequest {
+    /// The request ID.
+    #[napi(readonly)]
+    pub id: String,
+
+    /// A JSON-encoded object of form:
+    ///
+    /// ```json
+    /// {"event_type": …, "txn_id": …, "messages": …}
+    /// ```
+    #[napi(readonly)]
+    pub body: String,
+}
+
+#[napi]
+impl ToDeviceRequest {
+    /// Get its request type.
+    #[napi(getter, js_name = "type")]
+    pub fn request_type(&self) -> RequestType {
+        RequestType::ToDevice
+    }
+}
+
+/// Data for a request to the `/keys/signatures/upload` API endpoint
+/// ([specification]).
+///
+/// Publishes cross-signing signatures for the user.
+///
+/// [specification]: https://spec.matrix.org/unstable/client-server-api/#post_matrixclientv3keyssignaturesupload
+#[napi]
+pub struct SignatureUploadRequest {
+    /// The request ID.
+    #[napi(readonly)]
+    pub id: String,
+
+    /// A JSON-encoded object of form:
+    ///
+    /// ```json
+    /// {"signed_keys": …, "txn_id": …, "messages": …}
+    /// ```
+    #[napi(readonly)]
+    pub body: String,
+}
+
+#[napi]
+impl SignatureUploadRequest {
+    /// Get its request type.
+    #[napi(getter, js_name = "type")]
+    pub fn request_type(&self) -> RequestType {
+        RequestType::SignatureUpload
+    }
+}
+
+/// A customized owned request type for sending out room messages
+/// ([specification]).
+///
+/// [specification]: https://spec.matrix.org/unstable/client-server-api/#put_matrixclientv3roomsroomidsendeventtypetxnid
+#[napi]
+pub struct RoomMessageRequest {
+    /// The request ID.
+    #[napi(readonly)]
+    pub id: String,
+
+    /// A JSON-encoded object of form:
+    ///
+    /// ```json
+    /// {"room_id": …, "txn_id": …, "content": …}
+    /// ```
+    #[napi(readonly)]
+    pub body: String,
+}
+
+#[napi]
+impl RoomMessageRequest {
+    /// Get its request type.
+    #[napi(getter, js_name = "type")]
+    pub fn request_type(&self) -> RequestType {
+        RequestType::RoomMessage
+    }
+}
+
+/// A request that will back up a batch of room keys to the server
+/// ([specification]).
+///
+/// [specification]: https://spec.matrix.org/unstable/client-server-api/#put_matrixclientv3room_keyskeys
+#[napi]
+pub struct KeysBackupRequest {
+    /// The request ID.
+    #[napi(readonly)]
+    pub id: String,
+
+    /// A JSON-encoded object of form:
+    ///
+    /// ```json
+    /// {"rooms": …}
+    /// ```
+    #[napi(readonly)]
+    pub body: String,
+}
+
+#[napi]
+impl KeysBackupRequest {
+    /// Get its request type.
+    #[napi(getter, js_name = "type")]
+    pub fn request_type(&self) -> RequestType {
+        RequestType::KeysBackup
+    }
+}
+
+macro_rules! request {
+    ($request:ident from $ruma_request:ident maps fields $( $field:ident $( { $transformation:expr } )? ),+ $(,)? ) => {
+        impl TryFrom<(String, &$ruma_request)> for $request {
+            type Error = napi::Error;
+
+            fn try_from(
+                (request_id, request): (String, &$ruma_request),
+            ) -> Result<Self, Self::Error> {
+                let mut map = serde_json::Map::new();
+                $(
+                    let field = &request.$field;
+                    $(
+                        let field = {
+                            let $field = field;
+
+                            $transformation
+                        };
+                    )?
+                    map.insert(stringify!($field).to_owned(), serde_json::to_value(field).map_err(into_err)?);
+                )+
+                let value = serde_json::Value::Object(map);
+
+                Ok($request {
+                    id: request_id,
+                    body: serde_json::to_string(&value).map_err(into_err)?.into(),
+                })
+            }
+        }
+    };
+}
+
+request!(KeysUploadRequest from RumaKeysUploadRequest maps fields device_keys, one_time_keys, fallback_keys);
+request!(KeysQueryRequest from RumaKeysQueryRequest maps fields timeout { timeout.as_ref().map(Duration::as_millis).map(u64::try_from).transpose().map_err(into_err)? }, device_keys, token);
+request!(KeysClaimRequest from RumaKeysClaimRequest maps fields timeout { timeout.as_ref().map(Duration::as_millis).map(u64::try_from).transpose().map_err(into_err)? }, one_time_keys);
+request!(ToDeviceRequest from RumaToDeviceRequest maps fields event_type, txn_id, messages);
+request!(SignatureUploadRequest from RumaSignatureUploadRequest maps fields signed_keys);
+request!(RoomMessageRequest from RumaRoomMessageRequest maps fields room_id, txn_id, content);
+request!(KeysBackupRequest from RumaKeysBackupRequest maps fields rooms);
+
+pub type OutgoingRequests = Either7<
+    KeysUploadRequest,
+    KeysQueryRequest,
+    KeysClaimRequest,
+    ToDeviceRequest,
+    SignatureUploadRequest,
+    RoomMessageRequest,
+    KeysBackupRequest,
+>;
+
+pub(crate) struct OutgoingRequest(pub(crate) matrix_sdk_crypto::OutgoingRequest);
+
+impl TryFrom<OutgoingRequest> for OutgoingRequests {
+    type Error = napi::Error;
+
+    fn try_from(outgoing_request: OutgoingRequest) -> Result<Self, Self::Error> {
+        let request_id = outgoing_request.0.request_id().to_string();
+
+        Ok(match outgoing_request.0.request() {
+            matrix_sdk_crypto::OutgoingRequests::KeysUpload(request) => {
+                Either7::A(KeysUploadRequest::try_from((request_id, request))?)
+            }
+
+            matrix_sdk_crypto::OutgoingRequests::KeysQuery(request) => {
+                Either7::B(KeysQueryRequest::try_from((request_id, request))?)
+            }
+
+            matrix_sdk_crypto::OutgoingRequests::KeysClaim(request) => {
+                Either7::C(KeysClaimRequest::try_from((request_id, request))?)
+            }
+
+            matrix_sdk_crypto::OutgoingRequests::ToDeviceRequest(request) => {
+                Either7::D(ToDeviceRequest::try_from((request_id, request))?)
+            }
+
+            matrix_sdk_crypto::OutgoingRequests::SignatureUpload(request) => {
+                Either7::E(SignatureUploadRequest::try_from((request_id, request))?)
+            }
+
+            matrix_sdk_crypto::OutgoingRequests::RoomMessage(request) => {
+                Either7::F(RoomMessageRequest::try_from((request_id, request))?)
+            }
+
+            matrix_sdk_crypto::OutgoingRequests::KeysBackup(request) => {
+                Either7::G(KeysBackupRequest::try_from((request_id, request))?)
+            }
+        })
+    }
+}
+
+/// Represent the type of a request.
+#[napi]
+pub enum RequestType {
+    /// Represents a `KeysUploadRequest`.
+    KeysUpload,
+
+    /// Represents a `KeysQueryRequest`.
+    KeysQuery,
+
+    /// Represents a `KeysClaimRequest`.
+    KeysClaim,
+
+    /// Represents a `ToDeviceRequest`.
+    ToDevice,
+
+    /// Represents a `SignatureUploadRequest`.
+    SignatureUpload,
+
+    /// Represents a `RoomMessageRequest`.
+    RoomMessage,
+
+    /// Represents a `KeysBackupRequest`.
+    KeysBackup,
+}

bindings/matrix-sdk-crypto-nodejs/src/responses.rs

@@ -0,0 +1,203 @@
+use std::borrow::Borrow;
+
+use matrix_sdk_common::deserialized_responses::{AlgorithmInfo, EncryptionInfo};
+use matrix_sdk_crypto::IncomingResponse;
+use napi_derive::*;
+pub(crate) use ruma::api::client::{
+    backup::add_backup_keys::v3::Response as KeysBackupResponse,
+    keys::{
+        claim_keys::v3::Response as KeysClaimResponse, get_keys::v3::Response as KeysQueryResponse,
+        upload_keys::v3::Response as KeysUploadResponse,
+        upload_signatures::v3::Response as SignatureUploadResponse,
+    },
+    message::send_message_event::v3::Response as RoomMessageResponse,
+    to_device::send_event_to_device::v3::Response as ToDeviceResponse,
+};
+use ruma::api::IncomingResponse as RumaIncomingResponse;
+
+use crate::{encryption, identifiers, into_err, requests::RequestType};
+
+pub(crate) fn response_from_string(body: &str) -> http::Result<http::Response<Vec<u8>>> {
+    http::Response::builder().status(200).body(body.as_bytes().to_vec())
+}
+
+/// Intermediate private type to store an incoming owned response,
+/// without the need to manage lifetime.
+pub(crate) enum OwnedResponse {
+    KeysUpload(KeysUploadResponse),
+    KeysQuery(KeysQueryResponse),
+    KeysClaim(KeysClaimResponse),
+    ToDevice(ToDeviceResponse),
+    SignatureUpload(SignatureUploadResponse),
+    RoomMessage(RoomMessageResponse),
+    KeysBackup(KeysBackupResponse),
+}
+
+impl From<KeysUploadResponse> for OwnedResponse {
+    fn from(response: KeysUploadResponse) -> Self {
+        OwnedResponse::KeysUpload(response)
+    }
+}
+
+impl From<KeysQueryResponse> for OwnedResponse {
+    fn from(response: KeysQueryResponse) -> Self {
+        OwnedResponse::KeysQuery(response)
+    }
+}
+
+impl From<KeysClaimResponse> for OwnedResponse {
+    fn from(response: KeysClaimResponse) -> Self {
+        OwnedResponse::KeysClaim(response)
+    }
+}
+
+impl From<ToDeviceResponse> for OwnedResponse {
+    fn from(response: ToDeviceResponse) -> Self {
+        OwnedResponse::ToDevice(response)
+    }
+}
+
+impl From<SignatureUploadResponse> for OwnedResponse {
+    fn from(response: SignatureUploadResponse) -> Self {
+        Self::SignatureUpload(response)
+    }
+}
+
+impl From<RoomMessageResponse> for OwnedResponse {
+    fn from(response: RoomMessageResponse) -> Self {
+        OwnedResponse::RoomMessage(response)
+    }
+}
+
+impl From<KeysBackupResponse> for OwnedResponse {
+    fn from(r: KeysBackupResponse) -> Self {
+        Self::KeysBackup(r)
+    }
+}
+
+impl TryFrom<(RequestType, http::Response<Vec<u8>>)> for OwnedResponse {
+    type Error = napi::Error;
+
+    fn try_from(
+        (request_type, response): (RequestType, http::Response<Vec<u8>>),
+    ) -> Result<Self, Self::Error> {
+        match request_type {
+            RequestType::KeysUpload => {
+                KeysUploadResponse::try_from_http_response(response).map(Into::into)
+            }
+
+            RequestType::KeysQuery => {
+                KeysQueryResponse::try_from_http_response(response).map(Into::into)
+            }
+
+            RequestType::KeysClaim => {
+                KeysClaimResponse::try_from_http_response(response).map(Into::into)
+            }
+
+            RequestType::ToDevice => {
+                ToDeviceResponse::try_from_http_response(response).map(Into::into)
+            }
+
+            RequestType::SignatureUpload => {
+                SignatureUploadResponse::try_from_http_response(response).map(Into::into)
+            }
+
+            RequestType::RoomMessage => {
+                RoomMessageResponse::try_from_http_response(response).map(Into::into)
+            }
+
+            RequestType::KeysBackup => {
+                KeysBackupResponse::try_from_http_response(response).map(Into::into)
+            }
+        }
+        .map_err(into_err)
+    }
+}
+
+impl<'a> From<&'a OwnedResponse> for IncomingResponse<'a> {
+    fn from(response: &'a OwnedResponse) -> Self {
+        match response {
+            OwnedResponse::KeysUpload(response) => IncomingResponse::KeysUpload(response),
+            OwnedResponse::KeysQuery(response) => IncomingResponse::KeysQuery(response),
+            OwnedResponse::KeysClaim(response) => IncomingResponse::KeysClaim(response),
+            OwnedResponse::ToDevice(response) => IncomingResponse::ToDevice(response),
+            OwnedResponse::SignatureUpload(response) => IncomingResponse::SignatureUpload(response),
+            OwnedResponse::RoomMessage(response) => IncomingResponse::RoomMessage(response),
+            OwnedResponse::KeysBackup(response) => IncomingResponse::KeysBackup(response),
+        }
+    }
+}
+
+/// A decrypted room event.
+#[napi]
+pub struct DecryptedRoomEvent {
+    /// The JSON-encoded decrypted event.
+    #[napi(readonly)]
+    pub event: String,
+
+    encryption_info: Option<EncryptionInfo>,
+}
+
+#[napi]
+impl DecryptedRoomEvent {
+    /// The user ID of the event sender, note this is untrusted data
+    /// unless the `verification_state` is as well trusted.
+    #[napi(getter)]
+    pub fn sender(&self) -> Option<identifiers::UserId> {
+        Some(identifiers::UserId::from(self.encryption_info.as_ref()?.sender.clone()))
+    }
+
+    /// The device ID of the device that sent us the event, note this
+    /// is untrusted data unless `verification_state` is as well
+    /// trusted.
+    #[napi(getter)]
+    pub fn sender_device(&self) -> Option<identifiers::DeviceId> {
+        Some(identifiers::DeviceId::from(self.encryption_info.as_ref()?.sender_device.clone()))
+    }
+
+    /// The Curve25519 key of the device that created the megolm
+    /// decryption key originally.
+    #[napi(getter)]
+    pub fn sender_curve25519_key(&self) -> Option<String> {
+        Some(match &self.encryption_info.as_ref()?.algorithm_info {
+            AlgorithmInfo::MegolmV1AesSha2 { curve25519_key, .. } => curve25519_key.clone(),
+        })
+    }
+
+    /// The signing Ed25519 key that have created the megolm key that
+    /// was used to decrypt this session.
+    #[napi(getter)]
+    pub fn sender_claimed_ed25519_key(&self) -> Option<String> {
+        match &self.encryption_info.as_ref()?.algorithm_info {
+            AlgorithmInfo::MegolmV1AesSha2 { sender_claimed_keys, .. } => {
+                sender_claimed_keys.get(&ruma::DeviceKeyAlgorithm::Ed25519).cloned()
+            }
+        }
+    }
+
+    /// Chain of Curve25519 keys through which this session was
+    /// forwarded, via `m.forwarded_room_key` events.
+    #[napi(getter)]
+    pub fn forwarding_curve25519_key_chain(&self) -> Option<Vec<String>> {
+        Some(match &self.encryption_info.as_ref()?.algorithm_info {
+            AlgorithmInfo::MegolmV1AesSha2 { forwarding_curve25519_key_chain, .. } => {
+                forwarding_curve25519_key_chain.clone()
+            }
+        })
+    }
+
+    /// The verification state of the device that sent us the event,
+    /// note this is the state of the device at the time of
+    /// decryption. It may change in the future if a device gets
+    /// verified or deleted.
+    #[napi(getter)]
+    pub fn verification_state(&self) -> Option<encryption::VerificationState> {
+        Some(self.encryption_info.as_ref()?.verification_state.borrow().into())
+    }
+}
+
+impl From<matrix_sdk_common::deserialized_responses::RoomEvent> for DecryptedRoomEvent {
+    fn from(value: matrix_sdk_common::deserialized_responses::RoomEvent) -> Self {
+        Self { event: value.event.json().get().to_owned(), encryption_info: value.encryption_info }
+    }
+}

bindings/matrix-sdk-crypto-nodejs/src/sync_events.rs

@@ -0,0 +1,49 @@
+//! `GET /_matrix/client/*/sync`.
+
+use napi_derive::*;
+
+use crate::identifiers;
+
+/// Information on E2E device updates.
+#[napi]
+pub struct DeviceLists {
+    pub(crate) inner: ruma::api::client::sync::sync_events::v3::DeviceLists,
+}
+
+#[napi]
+impl DeviceLists {
+    /// Create an empty `DeviceLists`.
+    #[napi(constructor, strict)]
+    pub fn new(
+        changed: Option<Vec<&identifiers::UserId>>,
+        left: Option<Vec<&identifiers::UserId>>,
+    ) -> Self {
+        let mut inner = ruma::api::client::sync::sync_events::v3::DeviceLists::default();
+
+        inner.changed = changed.into_iter().flatten().map(|user| user.inner.clone()).collect();
+        inner.left = left.into_iter().flatten().map(|user| user.inner.clone()).collect();
+
+        Self { inner }
+    }
+
+    /// Returns true if there are no device list updates.
+    #[napi]
+    pub fn is_empty(&self) -> bool {
+        self.inner.is_empty()
+    }
+
+    /// List of users who have updated their device identity keys or
+    /// who now share an encrypted room with the client since the
+    /// previous sync.
+    #[napi(getter)]
+    pub fn changed(&self) -> Vec<identifiers::UserId> {
+        self.inner.changed.iter().map(|user| identifiers::UserId::from(user.to_owned())).collect()
+    }
+
+    /// List of users who no longer share encrypted rooms since the
+    /// previous sync response.
+    #[napi(getter)]
+    pub fn left(&self) -> Vec<identifiers::UserId> {
+        self.inner.left.iter().map(|user| identifiers::UserId::from(user.to_owned())).collect()
+    }
+}