crypto: Add a pickled account struct making account storing easier.

master
Damir Jelić 2020-09-02 09:37:10 +02:00
parent 987d87cd5d
commit 269cfc3d34
3 changed files with 102 additions and 68 deletions

View File

@ -37,6 +37,7 @@ use olm_rs::{
errors::{OlmAccountError, OlmSessionError}, errors::{OlmAccountError, OlmSessionError},
PicklingMode, PicklingMode,
}; };
use serde::{Deserialize, Serialize};
use serde_json::{json, Value}; use serde_json::{json, Value};
pub use olm_rs::{ pub use olm_rs::{
@ -66,6 +67,42 @@ pub struct Account {
uploaded_signed_key_count: Arc<AtomicI64>, uploaded_signed_key_count: Arc<AtomicI64>,
} }
#[derive(Debug, Clone, Serialize, Deserialize)]
/// A typed representation of a base64 encoded string containing the account
/// pickle.
pub struct AccountPickle(String);
impl AccountPickle {
/// Get the string representation of the pickle.
pub fn as_str(&self) -> &str {
&self.0
}
}
impl From<String> for AccountPickle {
fn from(value: String) -> Self {
Self(value)
}
}
#[derive(Debug, Clone, Serialize, Deserialize)]
/// A pickled version of an `Account`.
///
/// Holds all the information that needs to be stored in a database to restore
/// an account.
pub struct PickledAccount {
/// The user id of the account owner.
pub user_id: UserId,
/// The device id of the account owner.
pub device_id: DeviceIdBox,
/// The pickled version of the Olm account.
pub pickle: AccountPickle,
/// Was the account shared.
pub shared: bool,
/// The number of uploaded one-time keys we have on the server.
pub uploaded_signed_key_count: i64,
}
#[cfg(not(tarpaulin_include))] #[cfg(not(tarpaulin_include))]
impl fmt::Debug for Account { impl fmt::Debug for Account {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
@ -241,40 +278,40 @@ impl Account {
/// ///
/// * `pickle_mode` - The mode that was used to pickle the account, either an /// * `pickle_mode` - The mode that was used to pickle the account, either an
/// unencrypted mode or an encrypted using passphrase. /// unencrypted mode or an encrypted using passphrase.
pub async fn pickle(&self, pickle_mode: PicklingMode) -> String { pub async fn pickle(&self, pickle_mode: PicklingMode) -> PickledAccount {
self.inner.lock().await.pickle(pickle_mode) let pickle = AccountPickle(self.inner.lock().await.pickle(pickle_mode));
PickledAccount {
user_id: self.user_id().to_owned(),
device_id: self.device_id().to_owned(),
pickle,
shared: self.shared(),
uploaded_signed_key_count: self.uploaded_key_count(),
}
} }
/// Restore an account from a previously pickled string. /// Restore an account from a previously pickled one.
/// ///
/// # Arguments /// # Arguments
/// ///
/// * `pickle` - The pickled string of the account. /// * `pickle` - The pickled version of the Account.
/// ///
/// * `pickle_mode` - The mode that was used to pickle the account, either an /// * `pickle_mode` - The mode that was used to pickle the account, either an
/// unencrypted mode or an encrypted using passphrase. /// unencrypted mode or an encrypted using passphrase.
///
/// * `shared` - Boolean determining if the account was uploaded to the
/// server.
#[allow(clippy::ptr_arg)]
pub fn from_pickle( pub fn from_pickle(
pickle: String, pickle: PickledAccount,
pickle_mode: PicklingMode, pickle_mode: PicklingMode,
shared: bool,
uploaded_signed_key_count: i64,
user_id: &UserId,
device_id: &DeviceId,
) -> Result<Self, OlmAccountError> { ) -> Result<Self, OlmAccountError> {
let account = OlmAccount::unpickle(pickle, pickle_mode)?; let account = OlmAccount::unpickle(pickle.pickle.0, pickle_mode)?;
let identity_keys = account.parsed_identity_keys(); let identity_keys = account.parsed_identity_keys();
Ok(Account { Ok(Account {
user_id: Arc::new(user_id.to_owned()), user_id: Arc::new(pickle.user_id),
device_id: Arc::new(device_id.into()), device_id: Arc::new(pickle.device_id),
inner: Arc::new(Mutex::new(account)), inner: Arc::new(Mutex::new(account)),
identity_keys: Arc::new(identity_keys), identity_keys: Arc::new(identity_keys),
shared: Arc::new(AtomicBool::from(shared)), shared: Arc::new(AtomicBool::from(pickle.shared)),
uploaded_signed_key_count: Arc::new(AtomicI64::new(uploaded_signed_key_count)), uploaded_signed_key_count: Arc::new(AtomicI64::new(pickle.uploaded_signed_key_count)),
}) })
} }

View File

@ -21,7 +21,7 @@ mod account;
mod group_sessions; mod group_sessions;
mod session; mod session;
pub use account::{Account, IdentityKeys}; pub use account::{Account, AccountPickle, IdentityKeys, PickledAccount};
pub use group_sessions::{EncryptionSettings, InboundGroupSession}; pub use group_sessions::{EncryptionSettings, InboundGroupSession};
pub(crate) use group_sessions::{GroupSessionKey, OutboundGroupSession}; pub(crate) use group_sessions::{GroupSessionKey, OutboundGroupSession};
pub use olm_rs::PicklingMode; pub use olm_rs::PicklingMode;

View File

@ -29,7 +29,6 @@ use matrix_sdk_common::{
instant::{Duration, Instant}, instant::{Duration, Instant},
locks::Mutex, locks::Mutex,
}; };
use olm_rs::PicklingMode;
use sqlx::{query, query_as, sqlite::SqliteQueryAs, Connect, Executor, SqliteConnection}; use sqlx::{query, query_as, sqlite::SqliteQueryAs, Connect, Executor, SqliteConnection};
use url::Url; use url::Url;
use zeroize::Zeroizing; use zeroize::Zeroizing;
@ -38,7 +37,10 @@ use super::{CryptoStore, CryptoStoreError, Result};
use crate::{ use crate::{
device::{LocalTrust, ReadOnlyDevice}, device::{LocalTrust, ReadOnlyDevice},
memory_stores::{DeviceStore, GroupSessionStore, ReadOnlyUserDevices, SessionStore}, memory_stores::{DeviceStore, GroupSessionStore, ReadOnlyUserDevices, SessionStore},
olm::{Account, IdentityKeys, InboundGroupSession, Session}, olm::{
Account, AccountPickle, IdentityKeys, InboundGroupSession, PickledAccount, PicklingMode,
Session,
},
user_identity::UserIdentities, user_identity::UserIdentities,
}; };
@ -679,14 +681,15 @@ impl CryptoStore for SqliteStore {
.await?; .await?;
let result = if let Some((id, pickle, shared, uploaded_key_count)) = row { let result = if let Some((id, pickle, shared, uploaded_key_count)) = row {
let account = Account::from_pickle( let pickle = PickledAccount {
pickle, user_id: (&*self.user_id).clone(),
self.get_pickle_mode(), device_id: (&*self.device_id).clone(),
pickle: AccountPickle::from(pickle),
shared, shared,
uploaded_key_count, uploaded_signed_key_count: uploaded_key_count,
&self.user_id, };
&self.device_id,
)?; let account = Account::from_pickle(pickle, self.get_pickle_mode())?;
*self.account_info.lock().unwrap() = Some(AccountInfo { *self.account_info.lock().unwrap() = Some(AccountInfo {
account_id: id, account_id: id,
@ -720,18 +723,18 @@ impl CryptoStore for SqliteStore {
shared = excluded.shared shared = excluded.shared
", ",
) )
.bind(&*self.user_id.to_string()) .bind(pickle.user_id.as_str())
.bind(&*self.device_id.to_string()) .bind(pickle.device_id.as_str())
.bind(&pickle) .bind(pickle.pickle.as_str())
.bind(account.shared()) .bind(pickle.shared)
.bind(account.uploaded_key_count()) .bind(pickle.uploaded_signed_key_count)
.execute(&mut *connection) .execute(&mut *connection)
.await?; .await?;
let account_id: (i64,) = let account_id: (i64,) =
query_as("SELECT id FROM accounts WHERE user_id = ? and device_id = ?") query_as("SELECT id FROM accounts WHERE user_id = ? and device_id = ?")
.bind(&*self.user_id.to_string()) .bind(self.user_id.as_str())
.bind(&*self.device_id.to_string()) .bind(self.device_id.as_str())
.fetch_one(&mut *connection) .fetch_one(&mut *connection)
.await?; .await?;
@ -921,27 +924,37 @@ mod test {
use super::{CryptoStore, SqliteStore}; use super::{CryptoStore, SqliteStore};
fn example_user_id() -> UserId { fn alice_id() -> UserId {
user_id!("@example:localhost") user_id!("@alice:example.org")
} }
fn example_device_id() -> &'static DeviceId { fn alice_device_id() -> Box<DeviceId> {
"DEVICEID".into() "ALICEDEVICE".into()
}
fn bob_id() -> UserId {
user_id!("@bob:example.org")
}
fn bob_device_id() -> Box<DeviceId> {
"BOBDEVICE".into()
} }
async fn get_store(passphrase: Option<&str>) -> (SqliteStore, tempfile::TempDir) { async fn get_store(passphrase: Option<&str>) -> (SqliteStore, tempfile::TempDir) {
let tmpdir = tempdir().unwrap(); let tmpdir = tempdir().unwrap();
let tmpdir_path = tmpdir.path().to_str().unwrap(); let tmpdir_path = tmpdir.path().to_str().unwrap();
let user_id = &example_user_id();
let device_id = example_device_id();
let store = if let Some(passphrase) = passphrase { let store = if let Some(passphrase) = passphrase {
SqliteStore::open_with_passphrase(&user_id, device_id, tmpdir_path, passphrase) SqliteStore::open_with_passphrase(
&alice_id(),
&alice_device_id(),
tmpdir_path,
passphrase,
)
.await .await
.expect("Can't create a passphrase protected store") .expect("Can't create a passphrase protected store")
} else { } else {
SqliteStore::open(&user_id, device_id, tmpdir_path) SqliteStore::open(&alice_id(), &alice_device_id(), tmpdir_path)
.await .await
.expect("Can't create store") .expect("Can't create store")
}; };
@ -960,22 +973,6 @@ mod test {
(account, store, dir) (account, store, dir)
} }
fn alice_id() -> UserId {
user_id!("@alice:example.org")
}
fn alice_device_id() -> Box<DeviceId> {
"ALICEDEVICE".into()
}
fn bob_id() -> UserId {
user_id!("@bob:example.org")
}
fn bob_device_id() -> Box<DeviceId> {
"BOBDEVICE".into()
}
fn get_account() -> Account { fn get_account() -> Account {
Account::new(&alice_id(), &alice_device_id()) Account::new(&alice_id(), &alice_device_id())
} }
@ -1011,7 +1008,7 @@ mod test {
async fn create_store() { async fn create_store() {
let tmpdir = tempdir().unwrap(); let tmpdir = tempdir().unwrap();
let tmpdir_path = tmpdir.path().to_str().unwrap(); let tmpdir_path = tmpdir.path().to_str().unwrap();
let _ = SqliteStore::open(&example_user_id(), "DEVICEID".into(), tmpdir_path) let _ = SqliteStore::open(&alice_id(), &alice_device_id(), tmpdir_path)
.await .await
.expect("Can't create store"); .expect("Can't create store");
} }
@ -1138,7 +1135,7 @@ mod test {
drop(store); drop(store);
let store = SqliteStore::open(&example_user_id(), example_device_id(), dir.path()) let store = SqliteStore::open(&alice_id(), &alice_device_id(), dir.path())
.await .await
.expect("Can't create store"); .expect("Can't create store");
@ -1224,7 +1221,7 @@ mod test {
assert!(store.users_for_key_query().contains(device.user_id())); assert!(store.users_for_key_query().contains(device.user_id()));
drop(store); drop(store);
let store = SqliteStore::open(&example_user_id(), example_device_id(), dir.path()) let store = SqliteStore::open(&alice_id(), &alice_device_id(), dir.path())
.await .await
.expect("Can't create store"); .expect("Can't create store");
@ -1239,7 +1236,7 @@ mod test {
.unwrap(); .unwrap();
assert!(!store.users_for_key_query().contains(device.user_id())); assert!(!store.users_for_key_query().contains(device.user_id()));
let store = SqliteStore::open(&example_user_id(), example_device_id(), dir.path()) let store = SqliteStore::open(&alice_id(), &alice_device_id(), dir.path())
.await .await
.expect("Can't create store"); .expect("Can't create store");
@ -1257,7 +1254,7 @@ mod test {
drop(store); drop(store);
let store = SqliteStore::open(&example_user_id(), example_device_id(), dir.path()) let store = SqliteStore::open(&alice_id(), &alice_device_id(), dir.path())
.await .await
.expect("Can't create store"); .expect("Can't create store");
@ -1290,7 +1287,7 @@ mod test {
store.save_devices(&[device.clone()]).await.unwrap(); store.save_devices(&[device.clone()]).await.unwrap();
store.delete_device(device.clone()).await.unwrap(); store.delete_device(device.clone()).await.unwrap();
let store = SqliteStore::open(&example_user_id(), example_device_id(), dir.path()) let store = SqliteStore::open(&alice_id(), &alice_device_id(), dir.path())
.await .await
.expect("Can't create store"); .expect("Can't create store");