Bump vodozemac

poljar · poljar · commit b4e81931e519 · 2025-08-07T14:10:28.000+02:00
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -39,7 +39,7 @@ eyeball-im-util = "0.9.0"
 futures-core = "0.3.31"
 futures-executor = "0.3.31"
 futures-util = "0.3.31"
-getrandom = { version = "0.2.15", default-features = false }
+getrandom = { version = "0.3.3", default-features = false }
 gloo-timers = "0.3.0"
 growable-bloom-filter = "2.1.1"
 hkdf = "0.12.4"
@@ -56,7 +56,7 @@ once_cell = "1.20.2"
 pbkdf2 = { version = "0.12.2" }
 pin-project-lite = "0.2.16"
 proptest = { version = "1.6.0", default-features = false, features = ["std"] }
-rand = "0.8.5"
+rand = "0.9.2"
 reqwest = { version = "0.12.12", default-features = false }
 rmp-serde = "1.3.0"
 ruma = { git = "https://github.com/ruma/ruma", rev = "a626e6b8521bcaa01bf8b7c4161b26b361b72aff", features = [
@@ -100,7 +100,7 @@ uniffi = { version = "0.28.0" }
 uniffi_bindgen = { version = "0.28.0" }
 url = "2.5.4"
 uuid = "1.12.1"
-vodozemac = { version = "0.9.0", features = ["insecure-pk-encryption"] }
+vodozemac = { git = "https://github.com/matrix-org/vodozemac/", rev = "d2b8743802f4ad7efc9ae9cf48baccbfb04d4d8a", features = ["insecure-pk-encryption"] }
 wasm-bindgen = "0.2.84"
 wasm-bindgen-test = "0.3.50"
 web-sys = "0.3.69"
diff --git a/benchmarks/Cargo.toml b/benchmarks/Cargo.toml
@@ -24,7 +24,7 @@ matrix-sdk-ui.workspace = true
 ruma.workspace = true
 serde.workspace = true
 serde_json.workspace = true
-tempfile = "3.3.0"
+tempfile = "3.20.0"
 tokio = { workspace = true, default-features = false, features = ["rt-multi-thread"] }
 wiremock.workspace = true
 
diff --git a/bindings/matrix-sdk-crypto-ffi/Cargo.toml b/bindings/matrix-sdk-crypto-ffi/Cargo.toml
@@ -66,7 +66,7 @@ vergen = { version = "8.2.5", features = ["build", "git", "gitcl"] }
 
 [dev-dependencies]
 assert_matches2.workspace = true
-tempfile = "3.8.0"
+tempfile = "3.20.0"
 
 [lints]
 workspace = true
diff --git a/crates/matrix-sdk-common/Cargo.toml b/crates/matrix-sdk-common/Cargo.toml
@@ -60,7 +60,7 @@ wasm-bindgen-test.workspace = true
 
 [target.'cfg(target_family = "wasm")'.dev-dependencies]
 # Enable the JS feature for getrandom.
-getrandom = { workspace = true, default-features = false, features = ["js"] }
+getrandom = { workspace = true, default-features = false, features = ["wasm_js"] }
 js-sys.workspace = true
 
 [lints]
diff --git a/crates/matrix-sdk-crypto/Cargo.toml b/crates/matrix-sdk-crypto/Cargo.toml
@@ -18,7 +18,7 @@ rustdoc-args = ["--cfg", "docsrs", "--generate-link-to-definition"]
 default = []
 automatic-room-key-forwarding = []
 experimental-send-custom-to-device = []
-js = ["ruma/js", "vodozemac/js", "matrix-sdk-common/js"]
+js = ["ruma/js", "vodozemac/wasm_js", "matrix-sdk-common/js"]
 qrcode = ["dep:matrix-sdk-qrcode"]
 experimental-algorithms = []
 uniffi = ["dep:uniffi"]
diff --git a/crates/matrix-sdk-crypto/src/backups/keys/decryption.rs b/crates/matrix-sdk-crypto/src/backups/keys/decryption.rs
@@ -177,9 +177,9 @@ impl BackupDecryptionKey {
     pub fn to_base58(&self) -> String {
         let bytes = Zeroizing::new(
             [
-                Self::PREFIX.as_ref(),
-                self.inner.as_ref(),
-                [Self::parity_byte(self.inner.as_ref())].as_ref(),
+                Self::PREFIX.as_slice(),
+                self.inner.as_slice(),
+                [Self::parity_byte(self.inner.as_slice())].as_slice(),
             ]
             .concat(),
         );
@@ -303,7 +303,7 @@ mod tests {
 
     #[test]
     fn base64_decoding() -> Result<(), DecodeError> {
-        let key = BackupDecryptionKey::new().expect("Can't create a new recovery key");
+        let key = BackupDecryptionKey::new();
 
         let base64 = key.to_base64();
         let decoded_key = BackupDecryptionKey::from_base64(&base64)?;
@@ -316,7 +316,7 @@ mod tests {
 
     #[test]
     fn base58_decoding() -> Result<(), DecodeError> {
-        let key = BackupDecryptionKey::new().expect("Can't create a new recovery key");
+        let key = BackupDecryptionKey::new();
 
         let base64 = key.to_base58();
         let decoded_key = BackupDecryptionKey::from_base58(&base64)?;
@@ -394,7 +394,7 @@ mod tests {
     async fn test_encryption_cycle() {
         let session = InboundGroupSession::from_export(&room_key()).unwrap();
 
-        let decryption_key = BackupDecryptionKey::new().unwrap();
+        let decryption_key = BackupDecryptionKey::new();
         let encryption_key = decryption_key.megolm_v1_public_key();
 
         let encrypted = encryption_key.encrypt(session).await;
@@ -406,7 +406,7 @@ mod tests {
 
     #[test]
     fn key_matches() {
-        let decryption_key = BackupDecryptionKey::new().unwrap();
+        let decryption_key = BackupDecryptionKey::new();
 
         let key_info = decryption_key.to_backup_info();
 
diff --git a/crates/matrix-sdk-crypto/src/backups/mod.rs b/crates/matrix-sdk-crypto/src/backups/mod.rs
@@ -705,7 +705,7 @@ mod tests {
         assert_eq!(counts.total, 2, "Two room keys need to exist in the store");
         assert_eq!(counts.backed_up, 0, "No room keys have been backed up yet");
 
-        let decryption_key = BackupDecryptionKey::new().expect("Can't create new recovery key");
+        let decryption_key = BackupDecryptionKey::new();
         let backup_key = decryption_key.megolm_v1_public_key();
         backup_key.set_version("1".to_owned());
 
@@ -842,7 +842,7 @@ mod tests {
         let backup_machine = machine.backup_machine();
 
         // We set up a backup key, so that we can test `backup_machine.backup()` later.
-        let decryption_key = BackupDecryptionKey::new().expect("Couldn't create new recovery key");
+        let decryption_key = BackupDecryptionKey::new();
         let backup_key = decryption_key.megolm_v1_public_key();
         backup_key.set_version("1".to_owned());
         backup_machine.enable_backup_v1(backup_key).await.expect("Couldn't enable backup");
@@ -890,7 +890,7 @@ mod tests {
         let machine = OlmMachine::new(alice_id(), alice_device_id()).await;
         let backup_machine = machine.backup_machine();
 
-        let decryption_key = BackupDecryptionKey::new().unwrap();
+        let decryption_key = BackupDecryptionKey::new();
         let mut backup_info = decryption_key.to_backup_info();
 
         let result = backup_machine.verify_backup(backup_info.to_owned(), false).await.unwrap();
@@ -908,7 +908,7 @@ mod tests {
     async fn test_fix_backup_key_mismatch() {
         let store = MemoryStore::new();
 
-        let backup_decryption_key = BackupDecryptionKey::new().unwrap();
+        let backup_decryption_key = BackupDecryptionKey::new();
 
         store
             .save_changes(Changes {
diff --git a/crates/matrix-sdk-crypto/src/ciphers.rs b/crates/matrix-sdk-crypto/src/ciphers.rs
@@ -23,7 +23,7 @@ use hmac::{
     Hmac, Mac as _,
 };
 use pbkdf2::pbkdf2;
-use rand::{thread_rng, RngCore};
+use rand::{rng, RngCore};
 use sha2::{Sha256, Sha512};
 use zeroize::{Zeroize, ZeroizeOnDrop};
 
@@ -247,7 +247,7 @@ impl AesHmacSha2Key {
     /// The initialization vector will be clamped and will be used to encrypt
     /// the ciphertext.
     fn generate_iv() -> [u8; IV_SIZE] {
-        let mut rng = thread_rng();
+        let mut rng = rng();
         let mut iv = [0u8; IV_SIZE];
 
         rng.fill_bytes(&mut iv);
diff --git a/crates/matrix-sdk-crypto/src/dehydrated_devices.rs b/crates/matrix-sdk-crypto/src/dehydrated_devices.rs
@@ -611,7 +611,7 @@ mod tests {
         let stored_key = dehydrated_manager.get_dehydrated_device_pickle_key().await.unwrap();
         assert!(stored_key.is_none());
 
-        let pickle_key = DehydratedDeviceKey::new().unwrap();
+        let pickle_key = DehydratedDeviceKey::new();
 
         dehydrated_manager.save_dehydrated_device_pickle_key(&pickle_key).await.unwrap();
 
diff --git a/crates/matrix-sdk-crypto/src/file_encryption/attachments.rs b/crates/matrix-sdk-crypto/src/file_encryption/attachments.rs
@@ -21,7 +21,7 @@ use aes::{
     cipher::{generic_array::GenericArray, KeyIvInit, StreamCipher},
     Aes256,
 };
-use rand::{thread_rng, RngCore};
+use rand::{rng, RngCore};
 use ruma::{
     events::room::{EncryptedFile, JsonWebKey, JsonWebKeyInit},
     serde::Base64,
@@ -227,7 +227,7 @@ impl<'a, R: Read + ?Sized + 'a> AttachmentEncryptor<'a, R> {
         let mut key = [0u8; KEY_SIZE];
         let mut iv = [0u8; IV_SIZE];
 
-        let mut rng = thread_rng();
+        let mut rng = rng();
 
         rng.fill_bytes(&mut key);
         // Only populate the first 8 bytes with randomness, the rest is 0
diff --git a/crates/matrix-sdk-crypto/src/file_encryption/key_export.rs b/crates/matrix-sdk-crypto/src/file_encryption/key_export.rs
@@ -15,7 +15,7 @@
 use std::io::{Cursor, Read, Seek, SeekFrom};
 
 use byteorder::{BigEndian, ReadBytesExt};
-use rand::{thread_rng, RngCore};
+use rand::{rng, RngCore};
 use serde_json::Error as SerdeError;
 use thiserror::Error;
 use vodozemac::{base64_decode, base64_encode};
@@ -149,7 +149,7 @@ pub fn encrypt_room_key_export(
 
 fn encrypt_helper(plaintext: &[u8], passphrase: &str, rounds: u32) -> String {
     let mut salt = [0u8; SALT_SIZE];
-    let mut rng = thread_rng();
+    let mut rng = rng();
 
     rng.fill_bytes(&mut salt);
 
diff --git a/crates/matrix-sdk-crypto/src/gossiping/machine.rs b/crates/matrix-sdk-crypto/src/gossiping/machine.rs
@@ -2034,7 +2034,7 @@ mod tests {
         alice_machine.store().save_device_data(&[bob_device.inner]).await.unwrap();
         bob_machine.store().save_device_data(&[alice_device.inner]).await.unwrap();
 
-        let decryption_key = crate::store::types::BackupDecryptionKey::new().unwrap();
+        let decryption_key = crate::store::types::BackupDecryptionKey::new();
         alice_machine
             .backup_machine()
             .save_decryption_key(Some(decryption_key), None)
diff --git a/crates/matrix-sdk-crypto/src/machine/tests/mod.rs b/crates/matrix-sdk-crypto/src/machine/tests/mod.rs
@@ -1356,7 +1356,7 @@ async fn test_wait_on_key_query_doesnt_block_store() {
 async fn test_fix_incorrect_usage_of_backup_key_causing_decryption_errors() {
     let store = MemoryStore::new();
 
-    let backup_decryption_key = BackupDecryptionKey::new().unwrap();
+    let backup_decryption_key = BackupDecryptionKey::new();
 
     store
         .save_changes(Changes {
diff --git a/crates/matrix-sdk-crypto/src/secret_storage.rs b/crates/matrix-sdk-crypto/src/secret_storage.rs
@@ -23,8 +23,8 @@ pub use hmac::digest::MacError;
 use hmac::Hmac;
 use pbkdf2::pbkdf2;
 use rand::{
-    distributions::{Alphanumeric, DistString},
-    thread_rng, RngCore,
+    distr::{Alphanumeric, SampleString},
+    rng, RngCore,
 };
 use ruma::{
     events::{
@@ -308,7 +308,7 @@ impl SecretStorageKey {
     /// Create a new random [`SecretStorageKey`].
     pub fn new() -> Self {
         let mut key = Box::new([0u8; KEY_SIZE]);
-        let mut rng = thread_rng();
+        let mut rng = rng();
         rng.fill_bytes(key.as_mut_slice());
 
         let key_id = Alphanumeric.sample_string(&mut rng, Self::DEFAULT_KEY_ID_LEN);
@@ -324,7 +324,7 @@ impl SecretStorageKey {
     /// [spec]: https://spec.matrix.org/v1.8/client-server-api/#deriving-keys-from-passphrases
     pub fn new_from_passphrase(passphrase: &str) -> Self {
         let mut key = Box::new([0u8; 32]);
-        let mut rng = thread_rng();
+        let mut rng = rng();
         let salt = Alphanumeric.sample_string(&mut rng, Self::DEFAULT_KEY_ID_LEN);
 
         pbkdf2::<Hmac<Sha512>>(
diff --git a/crates/matrix-sdk-crypto/src/store/integration_tests.rs b/crates/matrix-sdk-crypto/src/store/integration_tests.rs
@@ -1204,7 +1204,7 @@ macro_rules! cryptostore_integration_tests {
                 let restored = store.load_backup_keys().await.unwrap();
                 assert!(restored.decryption_key.is_none(), "Initially no backup decryption key should be present");
 
-                let backup_decryption_key = Some(BackupDecryptionKey::new().unwrap());
+                let backup_decryption_key = Some(BackupDecryptionKey::new());
 
                 let changes = Changes { backup_decryption_key, ..Default::default() };
                 store.save_changes(changes).await.unwrap();
@@ -1228,7 +1228,7 @@ macro_rules! cryptostore_integration_tests {
                 let restored = store.load_dehydrated_device_pickle_key().await.unwrap();
                 assert!(restored.is_none(), "Initially no pickle key should be present");
 
-                let dehydrated_device_pickle_key = Some(DehydratedDeviceKey::new().unwrap());
+                let dehydrated_device_pickle_key = Some(DehydratedDeviceKey::new());
                 let exported_base64 = dehydrated_device_pickle_key.clone().unwrap().to_base64();
 
                 let changes = Changes { dehydrated_device_pickle_key, ..Default::default() };
@@ -1252,7 +1252,7 @@ macro_rules! cryptostore_integration_tests {
             async fn test_delete_dehydration_pickle_key() {
                 let (_account, store) = get_loaded_store("delete_dehydration_pickle_key").await;
 
-                let dehydrated_device_pickle_key = DehydratedDeviceKey::new().unwrap();
+                let dehydrated_device_pickle_key = DehydratedDeviceKey::new();
 
                 let changes = Changes { dehydrated_device_pickle_key: Some(dehydrated_device_pickle_key), ..Default::default() };
                 store.save_changes(changes).await.unwrap();
diff --git a/crates/matrix-sdk-crypto/src/store/mod.rs b/crates/matrix-sdk-crypto/src/store/mod.rs
@@ -1856,8 +1856,7 @@ mod tests {
 
     #[async_test]
     async fn test_create_dehydrated_device_key() {
-        let pickle_key = DehydratedDeviceKey::new()
-            .expect("Should be able to create a random dehydrated device key");
+        let pickle_key = DehydratedDeviceKey::new();
 
         let to_vec = pickle_key.inner.to_vec();
         let pickle_key_from_slice = DehydratedDeviceKey::from_slice(to_vec.as_slice())
diff --git a/crates/matrix-sdk-crypto/src/store/types.rs b/crates/matrix-sdk-crypto/src/store/types.rs
@@ -247,13 +247,13 @@ impl BackupDecryptionKey {
     pub const KEY_SIZE: usize = 32;
 
     /// Create a new random decryption key.
-    pub fn new() -> Result<Self, rand::Error> {
-        let mut rng = rand::thread_rng();
+    pub fn new() -> Self {
+        let mut rng = rand::rng();
 
         let mut key = Box::new([0u8; Self::KEY_SIZE]);
-        rand::Fill::try_fill(key.as_mut_slice(), &mut rng)?;
+        rand::Fill::fill(key.as_mut_slice(), &mut rng);
 
-        Ok(Self { inner: key })
+        Self { inner: key }
     }
 
     /// Export the [`BackupDecryptionKey`] as a base64 encoded string.
@@ -284,13 +284,13 @@ impl DehydratedDeviceKey {
     pub const KEY_SIZE: usize = 32;
 
     /// Generates a new random pickle key.
-    pub fn new() -> Result<Self, rand::Error> {
-        let mut rng = rand::thread_rng();
+    pub fn new() -> Self {
+        let mut rng = rand::rng();
 
         let mut key = Box::new([0u8; Self::KEY_SIZE]);
-        rand::Fill::try_fill(key.as_mut_slice(), &mut rng)?;
+        rand::Fill::fill(key.as_mut_slice(), &mut rng);
 
-        Ok(Self { inner: key })
+        Self { inner: key }
     }
 
     /// Creates a new dehydration pickle key from the given slice.
diff --git a/crates/matrix-sdk-indexeddb/Cargo.toml b/crates/matrix-sdk-indexeddb/Cargo.toml
@@ -46,7 +46,7 @@ zeroize.workspace = true
 
 [target.'cfg(target_family = "wasm")'.dependencies]
 # for wasm32 we need to activate this
-getrandom = { workspace = true, features = ["js"] }
+getrandom = { workspace = true, features = ["wasm_js"] }
 
 [dev-dependencies]
 assert_matches.workspace = true
diff --git a/crates/matrix-sdk-qrcode/Cargo.toml b/crates/matrix-sdk-qrcode/Cargo.toml
@@ -16,7 +16,7 @@ all-features = true
 rustdoc-args = ["--cfg", "docsrs", "--generate-link-to-definition"]
 
 [features]
-js = ["vodozemac/js"]
+js = ["vodozemac/wasm_js"]
 
 [dependencies]
 byteorder.workspace = true
diff --git a/crates/matrix-sdk-store-encryption/Cargo.toml b/crates/matrix-sdk-store-encryption/Cargo.toml
@@ -14,12 +14,12 @@ rustdoc-args = ["--cfg", "docsrs", "--generate-link-to-definition"]
 ignored = ["getrandom"] # We do manually enable a feature for it.
 
 [features]
-js = ["dep:getrandom", "getrandom?/js"]
+js = ["dep:getrandom", "getrandom?/wasm_js"]
 
 [dependencies]
 base64.workspace = true
-blake3 = "1.8.1"
-chacha20poly1305 = { version = "0.10.1", features = ["std"] }
+blake3 = "1.8.2"
+chacha20poly1305 = { version = "0.11.0-rc.0", features = ["alloc"] }
 getrandom = { workspace = true, optional = true }
 hmac.workspace = true
 pbkdf2.workspace = true
diff --git a/crates/matrix-sdk-store-encryption/src/lib.rs b/crates/matrix-sdk-store-encryption/src/lib.rs
diff --git a/crates/matrix-sdk/src/encryption/backups/mod.rs b/crates/matrix-sdk/src/encryption/backups/mod.rs
diff --git a/crates/matrix-sdk/src/encryption/mod.rs b/crates/matrix-sdk/src/encryption/mod.rs
diff --git a/crates/matrix-sdk/src/utils/local_server.rs b/crates/matrix-sdk/src/utils/local_server.rs
