crypto: Add methods to check if a cross signing key signed a device.

matrix_sdk_crypto/src/device.rs

@@ -187,6 +187,16 @@ impl Device {
         )
     }
 
+    pub(crate) fn as_signature_message(&self) -> Value {
+        json!({
+            "user_id": &*self.user_id,
+            "device_id": &*self.device_id,
+            "keys": &*self.keys,
+            "algorithms": &*self.algorithms,
+            "signatures": &*self.signatures,
+        })
+    }
+
     pub(crate) fn verify_device_keys(
         &self,
         device_keys: &DeviceKeys,

matrix_sdk_crypto/src/user_identity.rs

@@ -24,7 +24,7 @@ use matrix_sdk_common::{
     identifiers::{DeviceKeyId, UserId},
 };
 
-use crate::{error::SignatureError, verify_json};
+use crate::{error::SignatureError, verify_json, Device};
 
 #[derive(Debug, Clone)]
 pub struct MasterPubkey(Arc<CrossSigningKey>);
@@ -111,6 +111,42 @@ impl MasterPubkey {
     }
 }
 
+impl UserSigningPubkey {
+    fn verify_master_key(&self, master_key: &MasterPubkey) -> Result<(), SignatureError> {
+        let (key_id, key) = self
+            .0
+            .keys
+            .iter()
+            .next()
+            .ok_or(SignatureError::MissingSigningKey)?;
+
+        verify_json(
+            &self.0.user_id,
+            &DeviceKeyId::try_from(key_id.as_str())?,
+            key,
+            &mut to_value(&*master_key.0).map_err(|_| SignatureError::NotAnObject)?,
+        )
+    }
+}
+
+impl SelfSigningPubkey {
+    fn verify_device(&self, device: &Device) -> Result<(), SignatureError> {
+        let (key_id, key) = self
+            .0
+            .keys
+            .iter()
+            .next()
+            .ok_or(SignatureError::MissingSigningKey)?;
+
+        verify_json(
+            &self.0.user_id,
+            &DeviceKeyId::try_from(key_id.as_str())?,
+            key,
+            &mut device.as_signature_message(),
+        )
+    }
+}
+
 impl UserIdentity {
     pub fn new(
         master_key: MasterPubkey,