2020-02-24 16:19:00 +00:00
|
|
|
// Copyright 2020 The Matrix.org Foundation C.I.C.
|
|
|
|
|
//
|
|
|
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
|
// you may not use this file except in compliance with the License.
|
|
|
|
|
// You may obtain a copy of the License at
|
|
|
|
|
//
|
|
|
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
//
|
|
|
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
|
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
|
// See the License for the specific language governing permissions and
|
|
|
|
|
// limitations under the License.
|
|
|
|
|
|
2020-04-29 07:48:00 +00:00
|
|
|
//! This is the encryption part of the matrix-sdk. It contains a state machine
|
|
|
|
|
//! that will aid in adding encryption support to a client library.
|
|
|
|
|
|
2020-04-30 15:10:12 +00:00
|
|
|
#![deny(
|
|
|
|
|
missing_debug_implementations,
|
2020-05-05 13:29:25 +00:00
|
|
|
dead_code,
|
2020-04-30 15:10:12 +00:00
|
|
|
missing_docs,
|
|
|
|
|
trivial_casts,
|
|
|
|
|
trivial_numeric_casts,
|
|
|
|
|
unused_extern_crates,
|
|
|
|
|
unused_import_braces,
|
|
|
|
|
unused_qualifications
|
|
|
|
|
)]
|
2020-08-13 09:06:26 +00:00
|
|
|
#![cfg_attr(feature = "docs", feature(doc_cfg))]
|
2020-04-30 15:10:12 +00:00
|
|
|
|
2020-04-02 09:14:23 +00:00
|
|
|
mod device;
|
2020-04-21 09:03:28 +00:00
|
|
|
mod error;
|
2020-02-25 13:24:18 +00:00
|
|
|
mod machine;
|
2020-08-21 13:06:54 +00:00
|
|
|
pub mod memory_stores;
|
|
|
|
|
pub mod olm;
|
2020-08-21 11:34:25 +00:00
|
|
|
mod requests;
|
2020-03-18 08:41:49 +00:00
|
|
|
mod store;
|
2020-08-14 12:10:29 +00:00
|
|
|
#[allow(dead_code)]
|
|
|
|
|
mod user_identity;
|
2020-07-14 15:04:08 +00:00
|
|
|
mod verification;
|
2020-03-11 09:06:33 +00:00
|
|
|
|
2020-08-19 09:20:08 +00:00
|
|
|
pub use device::{Device, LocalTrust, ReadOnlyDevice, UserDevices};
|
2020-04-30 11:16:10 +00:00
|
|
|
pub use error::{MegolmError, OlmError};
|
2020-08-21 12:40:49 +00:00
|
|
|
pub use machine::OlmMachine;
|
2020-08-21 13:06:54 +00:00
|
|
|
use memory_stores::ReadOnlyUserDevices;
|
|
|
|
|
pub use olm::EncryptionSettings;
|
|
|
|
|
pub(crate) use olm::{Account, IdentityKeys, InboundGroupSession, Session};
|
2020-08-21 11:34:25 +00:00
|
|
|
pub use requests::{IncomingResponse, OutgoingRequest, OutgoingRequests};
|
2020-08-13 09:06:26 +00:00
|
|
|
#[cfg(feature = "sqlite_cryptostore")]
|
2020-04-30 12:29:58 +00:00
|
|
|
pub use store::sqlite::SqliteStore;
|
2020-03-18 14:50:32 +00:00
|
|
|
pub use store::{CryptoStore, CryptoStoreError};
|
2020-07-28 09:29:13 +00:00
|
|
|
pub use verification::Sas;
|
2020-07-14 10:23:42 +00:00
|
|
|
|
|
|
|
|
use error::SignatureError;
|
2020-08-10 10:39:00 +00:00
|
|
|
use matrix_sdk_common::identifiers::{DeviceKeyAlgorithm, DeviceKeyId, UserId};
|
2020-07-14 10:23:42 +00:00
|
|
|
use olm_rs::utility::OlmUtility;
|
|
|
|
|
use serde_json::Value;
|
|
|
|
|
|
2020-07-14 10:49:40 +00:00
|
|
|
/// Verify a signed JSON object.
|
|
|
|
|
///
|
|
|
|
|
/// The object must have a signatures key associated with an object of the
|
|
|
|
|
/// form `user_id: {key_id: signature}`.
|
|
|
|
|
///
|
|
|
|
|
/// Returns Ok if the signature was successfully verified, otherwise an
|
|
|
|
|
/// SignatureError.
|
|
|
|
|
///
|
|
|
|
|
/// # Arguments
|
|
|
|
|
///
|
|
|
|
|
/// * `user_id` - The user who signed the JSON object.
|
|
|
|
|
///
|
|
|
|
|
/// * `key_id` - The id of the key that signed the JSON object.
|
|
|
|
|
///
|
|
|
|
|
/// * `signing_key` - The public ed25519 key which was used to sign the JSON
|
|
|
|
|
/// object.
|
|
|
|
|
///
|
|
|
|
|
/// * `json` - The JSON object that should be verified.
|
2020-07-14 10:23:42 +00:00
|
|
|
pub(crate) fn verify_json(
|
|
|
|
|
user_id: &UserId,
|
2020-08-14 12:08:53 +00:00
|
|
|
key_id: &DeviceKeyId,
|
2020-07-14 10:23:42 +00:00
|
|
|
signing_key: &str,
|
|
|
|
|
json: &mut Value,
|
|
|
|
|
) -> Result<(), SignatureError> {
|
2020-08-14 12:08:53 +00:00
|
|
|
if key_id.algorithm() != DeviceKeyAlgorithm::Ed25519 {
|
|
|
|
|
return Err(SignatureError::UnsupportedAlgorithm);
|
|
|
|
|
}
|
|
|
|
|
|
2020-07-14 10:23:42 +00:00
|
|
|
let json_object = json.as_object_mut().ok_or(SignatureError::NotAnObject)?;
|
|
|
|
|
let unsigned = json_object.remove("unsigned");
|
|
|
|
|
let signatures = json_object.remove("signatures");
|
|
|
|
|
|
|
|
|
|
let canonical_json = cjson::to_string(json_object)?;
|
|
|
|
|
|
|
|
|
|
if let Some(u) = unsigned {
|
|
|
|
|
json_object.insert("unsigned".to_string(), u);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
let signatures = signatures.ok_or(SignatureError::NoSignatureFound)?;
|
|
|
|
|
let signature_object = signatures
|
|
|
|
|
.as_object()
|
|
|
|
|
.ok_or(SignatureError::NoSignatureFound)?;
|
|
|
|
|
let signature = signature_object
|
|
|
|
|
.get(user_id.as_str())
|
|
|
|
|
.ok_or(SignatureError::NoSignatureFound)?;
|
|
|
|
|
let signature = signature
|
|
|
|
|
.get(key_id.to_string())
|
|
|
|
|
.ok_or(SignatureError::NoSignatureFound)?;
|
|
|
|
|
let signature = signature.as_str().ok_or(SignatureError::NoSignatureFound)?;
|
|
|
|
|
|
|
|
|
|
let utility = OlmUtility::new();
|
|
|
|
|
|
|
|
|
|
let ret = if utility
|
|
|
|
|
.ed25519_verify(signing_key, &canonical_json, signature)
|
|
|
|
|
.is_ok()
|
|
|
|
|
{
|
|
|
|
|
Ok(())
|
|
|
|
|
} else {
|
|
|
|
|
Err(SignatureError::VerificationError)
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
json_object.insert("signatures".to_string(), signatures);
|
|
|
|
|
|
|
|
|
|
ret
|
|
|
|
|
}
|
