Verification message in room ordering problem in Element Android R.

[BillCarsonFr]

It is possible to send out of order messages when doing verification in rooms. When a client receive a m.key.verification.key message, the verification machine will then queue up the reciprocate m.key.verification.key in the outgoing_requestslist. Meanwhile the transaction state will pass from canBePresented to true. Now if machine.confirmVerification is called quickly, the macmessage is sent immediatly as returned by confirmVerification, it is not queued in outgoing_requestslist. This will result in mac beeing sent before key

[poljar]

So this turns out to be a bit of a contrived test, where the test confirms that the SAS bytes match without checking that they actually do so.

Nevertheless we should at least ensure that the key event has been sent out, before we let users confirm the verification. This still means that users may confirm without checking that the bytes match, but at least we have done everything we can to enforce the correct behavior and in turn the correct order the verification events will get sent out.

A new SAS state should be introduced that we're going to transition to iff we mark the request carrying the key event as sent.