crypto: Add methods to check if a cross signing key signed a device.
Damir Jelić
parent
b0de9d1809
commit
0fc5134563
|
|
@ -187,6 +187,16 @@ impl Device {
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
pub(crate) fn as_signature_message(&self) -> Value {
|
||||||
|
json!({
|
||||||
|
"user_id": &*self.user_id,
|
||||||
|
"device_id": &*self.device_id,
|
||||||
|
"keys": &*self.keys,
|
||||||
|
"algorithms": &*self.algorithms,
|
||||||
|
"signatures": &*self.signatures,
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
pub(crate) fn verify_device_keys(
|
pub(crate) fn verify_device_keys(
|
||||||
&self,
|
&self,
|
||||||
device_keys: &DeviceKeys,
|
device_keys: &DeviceKeys,
|
||||||
|
|
|
||||||
|
|
@ -24,7 +24,7 @@ use matrix_sdk_common::{
|
||||||
identifiers::{DeviceKeyId, UserId},
|
identifiers::{DeviceKeyId, UserId},
|
||||||
};
|
};
|
||||||
|
|
||||||
use crate::{error::SignatureError, verify_json};
|
use crate::{error::SignatureError, verify_json, Device};
|
||||||
|
|
||||||
#[derive(Debug, Clone)]
|
#[derive(Debug, Clone)]
|
||||||
pub struct MasterPubkey(Arc<CrossSigningKey>);
|
pub struct MasterPubkey(Arc<CrossSigningKey>);
|
||||||
|
|
@ -111,6 +111,42 @@ impl MasterPubkey {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
impl UserSigningPubkey {
|
||||||
|
fn verify_master_key(&self, master_key: &MasterPubkey) -> Result<(), SignatureError> {
|
||||||
|
let (key_id, key) = self
|
||||||
|
.0
|
||||||
|
.keys
|
||||||
|
.iter()
|
||||||
|
.next()
|
||||||
|
.ok_or(SignatureError::MissingSigningKey)?;
|
||||||
|
|
||||||
|
verify_json(
|
||||||
|
&self.0.user_id,
|
||||||
|
&DeviceKeyId::try_from(key_id.as_str())?,
|
||||||
|
key,
|
||||||
|
&mut to_value(&*master_key.0).map_err(|_| SignatureError::NotAnObject)?,
|
||||||
|
)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl SelfSigningPubkey {
|
||||||
|
fn verify_device(&self, device: &Device) -> Result<(), SignatureError> {
|
||||||
|
let (key_id, key) = self
|
||||||
|
.0
|
||||||
|
.keys
|
||||||
|
.iter()
|
||||||
|
.next()
|
||||||
|
.ok_or(SignatureError::MissingSigningKey)?;
|
||||||
|
|
||||||
|
verify_json(
|
||||||
|
&self.0.user_id,
|
||||||
|
&DeviceKeyId::try_from(key_id.as_str())?,
|
||||||
|
key,
|
||||||
|
&mut device.as_signature_message(),
|
||||||
|
)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
impl UserIdentity {
|
impl UserIdentity {
|
||||||
pub fn new(
|
pub fn new(
|
||||||
master_key: MasterPubkey,
|
master_key: MasterPubkey,
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue