ruma_signatures

Function verify_event

Source
pub fn verify_event(
    public_key_map: &PublicKeyMap,
    object: &CanonicalJsonObject,
    version: &RoomVersionId,
) -> Result<Verified, Error>
Expand description

Verifies that the signed event contains all the required valid signatures.

Some room versions may require signatures from multiple homeservers, so this function takes a map from servers to sets of public keys. Signatures are verified for each required homeserver. All known public keys for a homeserver should be provided. The first one found on the given event will be used.

If the Ok variant is returned by this function, it will contain a Verified value which distinguishes an event with valid signatures and a matching content hash with an event with only valid signatures. See the documentation for Verified for details.

§Parameters

  • public_key_map: A map from entity identifiers to a map from key identifiers to public keys. Generally, entity identifiers are server names—the host/IP/port of a homeserver (e.g. “example.com”) for which a signature must be verified. Key identifiers for each server (e.g. “ed25519:1”) then map to their respective public keys.
  • object: The JSON object of the event that was signed.
  • version: Room version of the given event

§Examples

const PUBLIC_KEY: &[u8] = b"XGX0JRS2Af3be3knz2fBiRbApjm2Dh61gXDJA8kcJNI";

// Deserialize an event from JSON.
let object = serde_json::from_str(
    r#"{
        "auth_events": [],
        "content": {},
        "depth": 3,
        "hashes": {
            "sha256": "5jM4wQpv6lnBo7CLIghJuHdW+s2CMBJPUOGOC89ncos"
        },
        "origin": "domain",
        "origin_server_ts": 1000000,
        "prev_events": [],
        "room_id": "!x:domain",
        "sender": "@a:domain",
        "signatures": {
            "domain": {
                "ed25519:1": "KxwGjPSDEtvnFgU00fwFz+l6d2pJM6XBIaMEn81SXPTRl16AqLAYqfIReFGZlHi5KLjAWbOoMszkwsQma+lYAg"
            }
        },
        "type": "X",
        "unsigned": {
            "age_ts": 1000000
        }
    }"#
).unwrap();

// Create the `PublicKeyMap` that will inform `verify_json` which signatures to verify.
let mut public_key_set = BTreeMap::new();
public_key_set.insert("ed25519:1".into(), Base64::parse(PUBLIC_KEY.to_owned()).unwrap());
let mut public_key_map = BTreeMap::new();
public_key_map.insert("domain".into(), public_key_set);

// Verify at least one signature for each entity in `public_key_map`.
let verification_result = verify_event(&public_key_map, &object, &RoomVersionId::V6);
assert!(verification_result.is_ok());
assert_eq!(verification_result.unwrap(), Verified::All);