crypto: Pass the device key id to the verify signature method.

This commit is contained in:
Damir Jelić 2020-08-14 14:08:53 +02:00
parent 5b758b8344
commit 08d76f2ff4
4 changed files with 22 additions and 10 deletions

View file

@ -179,7 +179,12 @@ impl Device {
.get_key(DeviceKeyAlgorithm::Ed25519)
.ok_or(SignatureError::MissingSigningKey)?;
verify_json(&self.user_id, &self.device_id.as_str(), signing_key, json)
verify_json(
&self.user_id,
&DeviceKeyId::from_parts(DeviceKeyAlgorithm::Ed25519, self.device_id()),
signing_key,
json,
)
}
pub(crate) fn verify_device_keys(

View file

@ -117,6 +117,9 @@ pub enum EventError {
#[derive(Error, Debug)]
pub enum SignatureError {
#[error("the signature used a unsupported algorithm")]
UnsupportedAlgorithm,
#[error("the signing key is missing from the object that signed the message")]
MissingSigningKey,

View file

@ -72,10 +72,14 @@ use serde_json::Value;
/// * `json` - The JSON object that should be verified.
pub(crate) fn verify_json(
user_id: &UserId,
key_id: &str,
key_id: &DeviceKeyId,
signing_key: &str,
json: &mut Value,
) -> Result<(), SignatureError> {
if key_id.algorithm() != DeviceKeyAlgorithm::Ed25519 {
return Err(SignatureError::UnsupportedAlgorithm);
}
let json_object = json.as_object_mut().ok_or(SignatureError::NotAnObject)?;
let unsigned = json_object.remove("unsigned");
let signatures = json_object.remove("signatures");
@ -86,8 +90,6 @@ pub(crate) fn verify_json(
json_object.insert("unsigned".to_string(), u);
}
let key_id = DeviceKeyId::from_parts(DeviceKeyAlgorithm::Ed25519, key_id.into());
let signatures = signatures.ok_or(SignatureError::NoSignatureFound)?;
let signature_object = signatures
.as_object()

View file

@ -1407,7 +1407,9 @@ mod test {
AnySyncMessageEvent, AnySyncRoomEvent, AnyToDeviceEvent, EventType, SyncMessageEvent,
ToDeviceEvent, Unsigned,
},
identifiers::{event_id, room_id, user_id, DeviceId, DeviceKeyAlgorithm, UserId},
identifiers::{
event_id, room_id, user_id, DeviceId, DeviceKeyAlgorithm, DeviceKeyId, UserId,
},
Raw,
};
use matrix_sdk_test::test_json;
@ -1626,7 +1628,7 @@ mod test {
let ret = verify_json(
&machine.user_id,
machine.device_id.as_str(),
&DeviceKeyId::from_parts(DeviceKeyAlgorithm::Ed25519, machine.device_id()),
ed25519_key,
&mut json!(&mut device_keys),
);
@ -1657,7 +1659,7 @@ mod test {
let ret = verify_json(
&machine.user_id,
machine.device_id.as_str(),
&DeviceKeyId::from_parts(DeviceKeyAlgorithm::Ed25519, machine.device_id()),
"fake_key",
&mut json!(&mut device_keys),
);
@ -1677,7 +1679,7 @@ mod test {
let ret = verify_json(
&machine.user_id,
machine.device_id.as_str(),
&DeviceKeyId::from_parts(DeviceKeyAlgorithm::Ed25519, machine.device_id()),
ed25519_key,
&mut json!(&mut one_time_key),
);
@ -1699,7 +1701,7 @@ mod test {
let ret = verify_json(
&machine.user_id,
machine.device_id.as_str(),
&DeviceKeyId::from_parts(DeviceKeyAlgorithm::Ed25519, machine.device_id()),
ed25519_key,
&mut json!(&mut request.one_time_keys.as_mut().unwrap().values_mut().next()),
);
@ -1707,7 +1709,7 @@ mod test {
let ret = verify_json(
&machine.user_id,
machine.device_id.as_str(),
&DeviceKeyId::from_parts(DeviceKeyAlgorithm::Ed25519, machine.device_id()),
ed25519_key,
&mut json!(&mut request.device_keys.unwrap()),
);