refactor(qr-login): Prepare the secure channel to be usable with HPKE

This patch abstracts away the cryptographic channel which is used in the
SecureChannel implementation for the QR code login support.

This will allow us to use HPKE alongside of ECIES since MSC4108 recently
proposed the switch to HPKE.

Author: poljar

crates/matrix-sdk/src/authentication/oauth/qrcode/secure_channel/crypto_channel.rs

@@ -0,0 +1,126 @@
+// Copyright 2025 The Matrix.org Foundation C.I.C.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//! Module implementing the cryptographic part of a [`SecureChannel`].
+//!
+//! This implements an abstraction over the secure channel provided by
+//! vodozemac. As [MSC4108] evolved, the underlying cryptographic primitives
+//! have changed from ECIES to [HPKE]. Since QR code login has shipped in some
+//! clients before the MSC got approved and merged into the spec, we're in the
+//! unlucky position of having to support both cryptographic channels for a
+//! while.
+//!
+//! This module allows this backwards compatibility and adds a bit of
+//! cryptographic agility for the time when we will have to support post-quanum
+//! safe HPKE variants.
+//!
+//! [HPKE]: https://www.rfc-editor.org/rfc/rfc9180.html
+//! [MSC4108]: https://github.com/matrix-org/matrix-spec-proposals/pull/4108
+
+use vodozemac::{
+    Curve25519PublicKey,
+    ecies::{CheckCode, Ecies, EstablishedEcies, InboundCreationResult, InitialMessage, Message},
+};
+
+use crate::authentication::oauth::qrcode::SecureChannelError as Error;
+
+/// A cryptograhpic communication channel.
+pub(super) enum CryptoChannel {
+    Ecies(Ecies),
+}
+
+impl CryptoChannel {
+    /// Create a new ECIES-based [`CryptoChannel`].
+    pub(super) fn new_ecies() -> Self {
+        CryptoChannel::Ecies(Ecies::new())
+    }
+
+    /// Get the [`Curve25519PublicKey`] of this cryptographic channel.
+    pub(super) fn public_key(&self) -> Curve25519PublicKey {
+        match self {
+            CryptoChannel::Ecies(ecies) => ecies.public_key(),
+        }
+    }
+
+    /// Establish a cryptographic channel by unsealing an initial message.
+    pub(super) fn establish_inbound_channel(
+        self,
+        message: &[u8],
+    ) -> Result<CryptoChannelCreationResult, Error> {
+        let message = std::str::from_utf8(message)?;
+
+        match self {
+            CryptoChannel::Ecies(ecies) => {
+                let message = InitialMessage::decode(message)?;
+                Ok(CryptoChannelCreationResult::Ecies(ecies.establish_inbound_channel(&message)?))
+            }
+        }
+    }
+}
+
+pub(super) enum CryptoChannelCreationResult {
+    Ecies(InboundCreationResult),
+}
+
+impl CryptoChannelCreationResult {
+    /// Get the unsealed plaintext of the initial message.
+    pub(super) fn plaintext(&self) -> &[u8] {
+        match self {
+            CryptoChannelCreationResult::Ecies(inbound_creation_result) => {
+                &inbound_creation_result.message
+            }
+        }
+    }
+}
+
+/// A fully established cryptograhpic communication channel.
+///
+/// This channel allows you to seal/encrypt as well as open/decrypt
+/// cryptographic messages.
+pub(super) enum EstablishedCryptoChannel {
+    Ecies(EstablishedEcies),
+}
+
+impl EstablishedCryptoChannel {
+    /// Get the [`CheckCode`] of this [`EstablishedCryptoChannel`].
+    pub(super) fn check_code(&self) -> &CheckCode {
+        match self {
+            EstablishedCryptoChannel::Ecies(established_ecies) => established_ecies.check_code(),
+        }
+    }
+
+    /// Seal the given plaintext using this [`EstablishedCryptoChannel`].
+    pub(super) fn seal(&mut self, plaintext: &[u8]) -> Vec<u8> {
+        let message = match self {
+            EstablishedCryptoChannel::Ecies(channel) => {
+                let message = channel.encrypt(plaintext);
+                message.encode()
+            }
+        };
+
+        message.as_bytes().to_vec()
+    }
+
+    /// Open the given sealed message using this [`EstablishedCryptoChannel`].
+    pub(super) fn open(&mut self, message: &[u8]) -> Result<Vec<u8>, Error> {
+        let message = str::from_utf8(message)?;
+
+        match self {
+            EstablishedCryptoChannel::Ecies(channel) => {
+                let message = Message::decode(message)?;
+                Ok(channel.decrypt(&message)?)
+            }
+        }
+    }
+}

…ntication/oauth/qrcode/secure_channel.rs …ation/oauth/qrcode/secure_channel/mod.rscrates/matrix-sdk/src/authentication/oauth/qrcode/secure_channel.rs renamed to crates/matrix-sdk/src/authentication/oauth/qrcode/secure_channel/mod.rs crates/matrix-sdk/src/authentication/oauth/qrcode/secure_channel.rs renamed to crates/matrix-sdk/src/authentication/oauth/qrcode/secure_channel/mod.rs

@@ -12,28 +12,29 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+use crypto_channel::*;
 use matrix_sdk_base::crypto::types::qr_login::{QrCodeData, QrCodeMode, QrCodeModeData};
 use serde::{Serialize, de::DeserializeOwned};
 use tracing::{instrument, trace};
 use url::Url;
 use vodozemac::ecies::{
-    CheckCode, Ecies, EstablishedEcies, InboundCreationResult, InitialMessage, Message,
-    OutboundCreationResult,
+    CheckCode, Ecies, EstablishedEcies, InboundCreationResult, OutboundCreationResult,
 };
 
 use super::{
     SecureChannelError as Error,
     rendezvous_channel::{InboundChannelCreationResult, RendezvousChannel},
 };
 use crate::{config::RequestConfig, http_client::HttpClient};
+mod crypto_channel;
 
 const LOGIN_INITIATE_MESSAGE: &str = "MATRIX_QR_CODE_LOGIN_INITIATE";
 const LOGIN_OK_MESSAGE: &str = "MATRIX_QR_CODE_LOGIN_OK";
 
 pub(super) struct SecureChannel {
     channel: RendezvousChannel,
     qr_code_data: QrCodeData,
-    ecies: Ecies,
+    crypto_channel: CryptoChannel,
 }
 
 impl SecureChannel {
@@ -46,12 +47,12 @@ impl SecureChannel {
         let rendezvous_url = channel.rendezvous_url().to_owned();
         let mode_data = QrCodeModeData::Login;
 
-        let ecies = Ecies::new();
-        let public_key = ecies.public_key();
+        let crypto_channel = CryptoChannel::new_ecies();
+        let public_key = crypto_channel.public_key();
 
         let qr_code_data = QrCodeData { public_key, rendezvous_url, mode_data };
 
-        Ok(Self { channel, qr_code_data, ecies })
+        Ok(Self { channel, qr_code_data, crypto_channel })
     }
 
     /// Create a new secure channel to reciprocate an existing login with.
@@ -74,21 +75,26 @@ impl SecureChannel {
         trace!("Trying to connect the secure channel.");
 
         let message = self.channel.receive().await?;
-        let message = std::str::from_utf8(&message)?;
-        let message = InitialMessage::decode(message)?;
+        let result = self.crypto_channel.establish_inbound_channel(&message)?;
 
-        let InboundCreationResult { ecies, message } =
-            self.ecies.establish_inbound_channel(&message)?;
-        let message = std::str::from_utf8(&message)?;
+        let message = std::str::from_utf8(result.plaintext())?;
 
         trace!("Received the initial secure channel message");
 
         if message == LOGIN_INITIATE_MESSAGE {
-            let mut secure_channel = EstablishedSecureChannel { channel: self.channel, ecies };
+            let secure_channel = match result {
+                CryptoChannelCreationResult::Ecies(InboundCreationResult { ecies, .. }) => {
+                    let crypto_channel = EstablishedCryptoChannel::Ecies(ecies);
 
-            trace!("Sending the LOGIN OK message");
+                    let mut secure_channel =
+                        EstablishedSecureChannel { channel: self.channel, crypto_channel };
 
-            secure_channel.send(LOGIN_OK_MESSAGE).await?;
+                    trace!("Sending the LOGIN OK message");
+
+                    secure_channel.send(LOGIN_OK_MESSAGE).await?;
+                    secure_channel
+                }
+            };
 
             Ok(AlmostEstablishedSecureChannel { secure_channel })
         } else {
@@ -122,7 +128,7 @@ impl AlmostEstablishedSecureChannel {
 
 pub(super) struct EstablishedSecureChannel {
     channel: RendezvousChannel,
-    ecies: EstablishedEcies,
+    crypto_channel: EstablishedCryptoChannel,
 }
 
 impl EstablishedSecureChannel {
@@ -133,22 +139,30 @@ impl EstablishedSecureChannel {
         qr_code_data: &QrCodeData,
         expected_mode: QrCodeMode,
     ) -> Result<Self, Error> {
+        enum ChannelType {
+            Ecies(EstablishedEcies),
+        }
+
         if qr_code_data.mode() == expected_mode {
             Err(Error::InvalidIntent)
         } else {
             trace!("Attempting to create a new inbound secure channel from a QR code.");
 
             let client = HttpClient::new(client, RequestConfig::short_retry());
-            let ecies = Ecies::new();
 
             // Let's establish an outbound ECIES channel, the other side won't know that
             // it's talking to us, the device that scanned the QR code, until it
             // receives and successfully decrypts the initial message. We're here encrypting
             // the `LOGIN_INITIATE_MESSAGE`.
-            let OutboundCreationResult { ecies, message } = ecies.establish_outbound_channel(
-                qr_code_data.public_key,
-                LOGIN_INITIATE_MESSAGE.as_bytes(),
-            )?;
+            let (crypto_channel, encoded_message) = {
+                let ecies = Ecies::new();
+
+                let OutboundCreationResult { ecies, message } = ecies.establish_outbound_channel(
+                    qr_code_data.public_key,
+                    LOGIN_INITIATE_MESSAGE.as_bytes(),
+                )?;
+                (ChannelType::Ecies(ecies), message.encode().as_bytes().to_vec())
+            };
 
             // The other side has crated a rendezvous channel, we're going to connect to it
             // and send this initial encrypted message through it. The initial message on
@@ -159,25 +173,31 @@ impl EstablishedSecureChannel {
 
             trace!(
                 "Received the initial message from the rendezvous channel, sending the LOGIN \
-                 INITIATE message"
+                     INITIATE message"
             );
 
             // Now we're sending the encrypted message through the rendezvous channel to the
             // other side.
-            let encoded_message = message.encode().as_bytes().to_vec();
             channel.send(encoded_message).await?;
 
             trace!("Waiting for the LOGIN OK message");
 
-            // We can create our EstablishedSecureChannel struct now and use the
-            // convenient helpers which transparently decrypt on receival.
-            let mut ret = Self { channel, ecies };
-            let response = ret.receive().await?;
+            let (response, channel) = match crypto_channel {
+                ChannelType::Ecies(ecies) => {
+                    // We can create our EstablishedSecureChannel struct now and use the
+                    // convenient helpers which transparently decrypt on receival.
+                    let crypto_channel = EstablishedCryptoChannel::Ecies(ecies);
+                    let mut channel = Self { channel, crypto_channel };
+
+                    let response = channel.receive().await?;
+                    (response, channel)
+                }
+            };
 
             trace!("Received the LOGIN OK message, maybe.");
 
             if response == LOGIN_OK_MESSAGE {
-                Ok(ret)
+                Ok(channel)
             } else {
                 Err(Error::SecureChannelMessage { expected: LOGIN_OK_MESSAGE, received: response })
             }
@@ -188,7 +208,7 @@ impl EstablishedSecureChannel {
     /// both sides of the channel are indeed communicating with each other and
     /// not with a 3rd party.
     pub(super) fn check_code(&self) -> &CheckCode {
-        self.ecies.check_code()
+        self.crypto_channel.check_code()
     }
 
     /// Send the given message over to the other side.
@@ -210,18 +230,14 @@ impl EstablishedSecureChannel {
     }
 
     async fn send(&mut self, message: &str) -> Result<(), Error> {
-        let message = self.ecies.encrypt(message.as_bytes());
-        let message = message.encode();
+        let message = self.crypto_channel.seal(message.as_bytes());
 
-        Ok(self.channel.send(message.as_bytes().to_vec()).await?)
+        Ok(self.channel.send(message).await?)
     }
 
     async fn receive(&mut self) -> Result<String, Error> {
         let message = self.channel.receive().await?;
-        let ciphertext = std::str::from_utf8(&message)?;
-        let message = Message::decode(ciphertext)?;
-
-        let decrypted = self.ecies.decrypt(&message)?;
+        let decrypted = self.crypto_channel.open(&message)?;
 
         Ok(String::from_utf8(decrypted).map_err(|e| e.utf8_error())?)
     }