crypto: Add methods to check if a cross signing key signed a device.

This commit is contained in:
Damir Jelić 2020-08-14 15:05:48 +02:00
parent b0de9d1809
commit 0fc5134563
2 changed files with 47 additions and 1 deletions

View file

@ -187,6 +187,16 @@ impl Device {
)
}
pub(crate) fn as_signature_message(&self) -> Value {
json!({
"user_id": &*self.user_id,
"device_id": &*self.device_id,
"keys": &*self.keys,
"algorithms": &*self.algorithms,
"signatures": &*self.signatures,
})
}
pub(crate) fn verify_device_keys(
&self,
device_keys: &DeviceKeys,

View file

@ -24,7 +24,7 @@ use matrix_sdk_common::{
identifiers::{DeviceKeyId, UserId},
};
use crate::{error::SignatureError, verify_json};
use crate::{error::SignatureError, verify_json, Device};
#[derive(Debug, Clone)]
pub struct MasterPubkey(Arc<CrossSigningKey>);
@ -111,6 +111,42 @@ impl MasterPubkey {
}
}
impl UserSigningPubkey {
fn verify_master_key(&self, master_key: &MasterPubkey) -> Result<(), SignatureError> {
let (key_id, key) = self
.0
.keys
.iter()
.next()
.ok_or(SignatureError::MissingSigningKey)?;
verify_json(
&self.0.user_id,
&DeviceKeyId::try_from(key_id.as_str())?,
key,
&mut to_value(&*master_key.0).map_err(|_| SignatureError::NotAnObject)?,
)
}
}
impl SelfSigningPubkey {
fn verify_device(&self, device: &Device) -> Result<(), SignatureError> {
let (key_id, key) = self
.0
.keys
.iter()
.next()
.ok_or(SignatureError::MissingSigningKey)?;
verify_json(
&self.0.user_id,
&DeviceKeyId::try_from(key_id.as_str())?,
key,
&mut device.as_signature_message(),
)
}
}
impl UserIdentity {
pub fn new(
master_key: MasterPubkey,