From 0fc5134563d6b8b9b8578aa5b9d4fbdc2b214f9d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Damir=20Jeli=C4=87?= <poljar@termina.org.uk>
Date: Fri, 14 Aug 2020 15:05:48 +0200
Subject: [PATCH] crypto: Add methods to check if a cross signing key signed a
 device.

---
 matrix_sdk_crypto/src/device.rs        | 10 +++++++
 matrix_sdk_crypto/src/user_identity.rs | 38 +++++++++++++++++++++++++-
 2 files changed, 47 insertions(+), 1 deletion(-)

diff --git a/matrix_sdk_crypto/src/device.rs b/matrix_sdk_crypto/src/device.rs
index 5cc53102..ce9e8ece 100644
--- a/matrix_sdk_crypto/src/device.rs
+++ b/matrix_sdk_crypto/src/device.rs
@@ -187,6 +187,16 @@ impl Device {
         )
     }
 
+    pub(crate) fn as_signature_message(&self) -> Value {
+        json!({
+            "user_id": &*self.user_id,
+            "device_id": &*self.device_id,
+            "keys": &*self.keys,
+            "algorithms": &*self.algorithms,
+            "signatures": &*self.signatures,
+        })
+    }
+
     pub(crate) fn verify_device_keys(
         &self,
         device_keys: &DeviceKeys,
diff --git a/matrix_sdk_crypto/src/user_identity.rs b/matrix_sdk_crypto/src/user_identity.rs
index a000bd73..9fd87033 100644
--- a/matrix_sdk_crypto/src/user_identity.rs
+++ b/matrix_sdk_crypto/src/user_identity.rs
@@ -24,7 +24,7 @@ use matrix_sdk_common::{
     identifiers::{DeviceKeyId, UserId},
 };
 
-use crate::{error::SignatureError, verify_json};
+use crate::{error::SignatureError, verify_json, Device};
 
 #[derive(Debug, Clone)]
 pub struct MasterPubkey(Arc<CrossSigningKey>);
@@ -111,6 +111,42 @@ impl MasterPubkey {
     }
 }
 
+impl UserSigningPubkey {
+    fn verify_master_key(&self, master_key: &MasterPubkey) -> Result<(), SignatureError> {
+        let (key_id, key) = self
+            .0
+            .keys
+            .iter()
+            .next()
+            .ok_or(SignatureError::MissingSigningKey)?;
+
+        verify_json(
+            &self.0.user_id,
+            &DeviceKeyId::try_from(key_id.as_str())?,
+            key,
+            &mut to_value(&*master_key.0).map_err(|_| SignatureError::NotAnObject)?,
+        )
+    }
+}
+
+impl SelfSigningPubkey {
+    fn verify_device(&self, device: &Device) -> Result<(), SignatureError> {
+        let (key_id, key) = self
+            .0
+            .keys
+            .iter()
+            .next()
+            .ok_or(SignatureError::MissingSigningKey)?;
+
+        verify_json(
+            &self.0.user_id,
+            &DeviceKeyId::try_from(key_id.as_str())?,
+            key,
+            &mut device.as_signature_message(),
+        )
+    }
+}
+
 impl UserIdentity {
     pub fn new(
         master_key: MasterPubkey,