char
/
matrix-rust-sdk
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

crypto: Prepare the sas structs to handle in-room verifications.

master
Damir Jelić 2020-12-10 14:53:43 +01:00
parent b9ddbb11af
commit 1bb5b42b1d
6 changed files with 80 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
matrix_sdk_crypto/src/machine.rs
View File

@ -1825,7 +1825,7 @@ pub(crate) mod test {
let mut event = request_to_event(alice.user_id(), &request);
bob.handle_verification_event(&mut event).await;
let bob_sas = bob.get_verification(alice_sas.flow_id()).unwrap();
let bob_sas = bob.get_verification(alice_sas.flow_id().as_str()).unwrap();
assert!(alice_sas.emoji().is_none());
assert!(bob_sas.emoji().is_none());

6
matrix_sdk_crypto/src/verification/machine.rs
View File

@ -88,7 +88,7 @@ impl VerificationMachine {
);
self.verifications
.insert(sas.flow_id().to_owned(), sas.clone());
.insert(sas.flow_id().to_string(), sas.clone());
Ok((sas, request))
}
@ -367,7 +367,7 @@ mod test {
async fn full_flow() {
let (alice_machine, bob) = setup_verification_machine().await;
let alice = alice_machine.get_sas(bob.flow_id()).unwrap();
let alice = alice_machine.get_sas(bob.flow_id().as_str()).unwrap();
let mut event = alice
.accept()
@ -428,7 +428,7 @@ mod test {
#[tokio::test]
async fn timing_out() {
let (alice_machine, bob) = setup_verification_machine().await;
let alice = alice_machine.get_sas(bob.flow_id()).unwrap();
let alice = alice_machine.get_sas(bob.flow_id().as_str()).unwrap();
assert!(!alice.timed_out());
assert!(alice_machine.outgoing_to_device_messages.is_empty());

17
matrix_sdk_crypto/src/verification/sas/helpers.rs
View File

@ -38,6 +38,8 @@ use crate::{
ReadOnlyAccount, ToDeviceRequest,
};
use super::sas_state::FlowId;
#[derive(Clone, Debug)]
pub struct SasIds {
pub account: ReadOnlyAccount,
@ -298,12 +300,12 @@ fn extra_mac_info_send(ids: &SasIds, flow_id: &str) -> String {
/// # Panics
///
/// This will panic if the public key of the other side wasn't set.
pub fn get_mac_content(sas: &OlmSas, ids: &SasIds, flow_id: &str) -> MacToDeviceEventContent {
pub fn get_mac_content(sas: &OlmSas, ids: &SasIds, flow_id: &FlowId) -> MacToDeviceEventContent {
let mut mac: BTreeMap<String, String> = BTreeMap::new();
let key_id = DeviceKeyId::from_parts(DeviceKeyAlgorithm::Ed25519, ids.account.device_id());
let key = ids.account.identity_keys().ed25519();
let info = extra_mac_info_send(ids, flow_id);
let info = extra_mac_info_send(ids, flow_id.as_str());
mac.insert(
key_id.to_string(),
@ -319,10 +321,13 @@ pub fn get_mac_content(sas: &OlmSas, ids: &SasIds, flow_id: &str) -> MacToDevice
.calculate_mac(&keys.join(","), &format!("{}KEY_IDS", &info))
.expect("Can't calculate SAS MAC");
MacToDeviceEventContent {
transaction_id: flow_id.to_owned(),
keys,
mac,
match flow_id {
FlowId::ToDevice(s) => MacToDeviceEventContent {
transaction_id: s.to_string(),
keys,
mac,
},
_ => todo!(),
}
}

5
matrix_sdk_crypto/src/verification/sas/inner_sas.rs
View File

@ -31,7 +31,8 @@ use crate::{
};
use super::sas_state::{
Accepted, Canceled, Confirmed, Created, Done, KeyReceived, MacReceived, SasState, Started,
Accepted, Canceled, Confirmed, Created, Done, FlowId, KeyReceived, MacReceived, SasState,
Started,
};
#[derive(Clone, Debug)]
@ -220,7 +221,7 @@ impl InnerSas {
}
}
pub fn verification_flow_id(&self) -> Arc<str> {
pub fn verification_flow_id(&self) -> Arc<FlowId> {
match self {
InnerSas::Created(s) => s.verification_flow_id.clone(),
InnerSas::Started(s) => s.verification_flow_id.clone(),

7
matrix_sdk_crypto/src/verification/sas/mod.rs
View File

@ -31,7 +31,7 @@ use matrix_sdk_common::{
},
AnyToDeviceEvent, AnyToDeviceEventContent, ToDeviceEvent,
},
identifiers::{DeviceId, UserId},
identifiers::{DeviceId, EventId, RoomId, UserId},
};
use crate::{
@ -44,6 +44,7 @@ use crate::{
pub use helpers::content_to_request;
use inner_sas::InnerSas;
pub use sas_state::FlowId;
#[derive(Debug)]
/// A result of a verification flow.
@ -65,7 +66,7 @@ pub struct Sas {
private_identity: PrivateCrossSigningIdentity,
other_device: ReadOnlyDevice,
other_identity: Option<UserIdentities>,
flow_id: Arc<str>,
flow_id: Arc<FlowId>,
}
impl Sas {
@ -95,7 +96,7 @@ impl Sas {
}
/// Get the unique ID that identifies this SAS verification flow.
pub fn flow_id(&self) -> &str {
pub fn flow_id(&self) -> &FlowId {
&self.flow_id
}

81
matrix_sdk_crypto/src/verification/sas/sas_state.rs
View File

@ -36,7 +36,7 @@ use matrix_sdk_common::{
},
AnyToDeviceEventContent, ToDeviceEvent,
},
identifiers::{DeviceId, UserId},
identifiers::{DeviceId, RoomId, UserId},
uuid::Uuid,
};
use tracing::error;
@ -65,6 +65,28 @@ const MAX_AGE: Duration = Duration::from_secs(60 * 5);
// The max time a SAS object will wait for a new event to arrive.
const MAX_EVENT_TIMEOUT: Duration = Duration::from_secs(60);
#[derive(Clone, Debug)]
pub enum FlowId {
ToDevice(String),
InRoom(RoomId),
}
impl FlowId {
pub fn to_string(&self) -> String {
match self {
FlowId::InRoom(r) => r.to_string(),
FlowId::ToDevice(t) => t.to_string(),
}
}
pub fn as_str(&self) -> &str {
match self {
FlowId::InRoom(r) => r.as_str(),
FlowId::ToDevice(t) => t.as_str(),
}
}
}
/// Struct containing the protocols that were agreed to be used for the SAS
/// flow.
#[derive(Clone, Debug)]
@ -143,7 +165,7 @@ pub struct SasState<S: Clone> {
///
/// This will be the transaction id for to-device events and the relates_to
/// field for in-room events.
pub verification_flow_id: Arc<str>,
pub verification_flow_id: Arc<FlowId>,
/// The SAS state we're in.
state: Arc<S>,
@ -268,7 +290,7 @@ impl<S: Clone> SasState<S> {
}
fn check_event(&self, sender: &UserId, flow_id: &str) -> Result<(), CancelCode> {
if *flow_id != *self.verification_flow_id {
if *flow_id != *self.verification_flow_id.as_str() {
Err(CancelCode::UnknownTransaction)
} else if sender != self.ids.other_device.user_id() {
Err(CancelCode::UserMismatch)
@ -302,7 +324,7 @@ impl SasState<Created> {
other_device,
other_identity,
},
verification_flow_id: verification_flow_id.into(),
verification_flow_id: FlowId::ToDevice(verification_flow_id).into(),
creation_time: Arc::new(Instant::now()),
last_event_time: Arc::new(Instant::now()),
@ -413,7 +435,7 @@ impl SasState<Started> {
creation_time: Arc::new(Instant::now()),
last_event_time: Arc::new(Instant::now()),
verification_flow_id: event.content.transaction_id.as_str().into(),
verification_flow_id: FlowId::ToDevice(event.content.transaction_id.clone()).into(),
state: Arc::new(Started {
protocol_definitions: content.clone(),
@ -452,7 +474,7 @@ impl SasState<Started> {
other_identity,
},
verification_flow_id: event.content.transaction_id.as_str().into(),
verification_flow_id: FlowId::ToDevice(event.content.transaction_id.clone()).into(),
state: Arc::new(Canceled::new(CancelCode::UnknownMethod)),
})
}
@ -575,9 +597,14 @@ impl SasState<Accepted> {
///
/// The content needs to be automatically sent to the other side.
pub fn as_content(&self) -> KeyToDeviceEventContent {
KeyToDeviceEventContent {
transaction_id: self.verification_flow_id.to_string(),
key: self.inner.lock().unwrap().public_key(),
match &*self.verification_flow_id {
FlowId::ToDevice(s) => KeyToDeviceEventContent {
transaction_id: s.to_string(),
key: self.inner.lock().unwrap().public_key(),
},
FlowId::InRoom(r) => {
todo!("In-room verifications aren't implemented")
}
}
}
}
@ -588,9 +615,12 @@ impl SasState<KeyReceived> {
/// The content needs to be automatically sent to the other side if and only
/// if we_started is false.
pub fn as_content(&self) -> KeyToDeviceEventContent {
KeyToDeviceEventContent {
transaction_id: self.verification_flow_id.to_string(),
key: self.inner.lock().unwrap().public_key(),
match self.verification_flow_id.as_ref() {
FlowId::ToDevice(s) => KeyToDeviceEventContent {
transaction_id: s.to_string(),
key: self.inner.lock().unwrap().public_key(),
},
_ => todo!(),
}
}
@ -603,7 +633,7 @@ impl SasState<KeyReceived> {
&self.inner.lock().unwrap(),
&self.ids,
&self.state.their_pubkey,
&self.verification_flow_id,
self.verification_flow_id.as_str(),
self.state.we_started,
)
}
@ -617,7 +647,7 @@ impl SasState<KeyReceived> {
&self.inner.lock().unwrap(),
&self.ids,
&self.state.their_pubkey,
&self.verification_flow_id,
self.verification_flow_id.as_str(),
self.state.we_started,
)
}
@ -639,7 +669,7 @@ impl SasState<KeyReceived> {
let (devices, master_keys) = receive_mac_event(
&self.inner.lock().unwrap(),
&self.ids,
&self.verification_flow_id,
self.verification_flow_id.as_str(),
event,
)
.map_err(|c| self.clone().cancel(c))?;
@ -695,7 +725,7 @@ impl SasState<Confirmed> {
let (devices, master_keys) = receive_mac_event(
&self.inner.lock().unwrap(),
&self.ids,
&self.verification_flow_id,
&self.verification_flow_id.as_str(),
event,
)
.map_err(|c| self.clone().cancel(c))?;
@ -754,7 +784,7 @@ impl SasState<MacReceived> {
&self.inner.lock().unwrap(),
&self.ids,
&self.state.their_pubkey,
&self.verification_flow_id,
&self.verification_flow_id.as_str(),
self.state.we_started,
)
}
@ -768,7 +798,7 @@ impl SasState<MacReceived> {
&self.inner.lock().unwrap(),
&self.ids,
&self.state.their_pubkey,
&self.verification_flow_id,
&self.verification_flow_id.as_str(),
self.state.we_started,
)
}
@ -828,11 +858,16 @@ impl Canceled {
impl SasState<Canceled> {
pub fn as_content(&self) -> AnyToDeviceEventContent {
AnyToDeviceEventContent::KeyVerificationCancel(CancelToDeviceEventContent {
transaction_id: self.verification_flow_id.to_string(),
reason: self.state.reason.to_string(),
code: self.state.cancel_code.clone(),
})
match self.verification_flow_id.as_ref() {
FlowId::ToDevice(s) => {
AnyToDeviceEventContent::KeyVerificationCancel(CancelToDeviceEventContent {
transaction_id: self.verification_flow_id.to_string(),
reason: self.state.reason.to_string(),
code: self.state.cancel_code.clone(),
})
}
_ => todo!(),
}
}
}