crypto: Add support to check the cross signing verification state of a device.
This commit is contained in:
Damir Jelić
parent
c3e593d998
commit
3153a81cd2
2 changed files with 36 additions and 0 deletions
|
|
@ -83,6 +83,37 @@ impl Device {
|
||||||
.await
|
.await
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/// Get the trust state of the device.
|
||||||
|
pub fn trust_state(&self) -> bool {
|
||||||
|
// TODO we want to return an enum mentioning if the trust is local, if
|
||||||
|
// only the identity is trusted, if the identity and the device are
|
||||||
|
// trusted.
|
||||||
|
if self.inner.trust_state() == LocalTrust::Verified {
|
||||||
|
true
|
||||||
|
} else {
|
||||||
|
self.own_identity.as_ref().map_or(false, |own_identity| {
|
||||||
|
own_identity.is_verified()
|
||||||
|
&& self
|
||||||
|
.device_owner_identity
|
||||||
|
.as_ref()
|
||||||
|
.map(|device_identity| match device_identity {
|
||||||
|
UserIdentities::Own(_) => own_identity
|
||||||
|
.is_device_signed(&self.inner)
|
||||||
|
.map_or(false, |_| true),
|
||||||
|
UserIdentities::Other(device_identity) => {
|
||||||
|
own_identity
|
||||||
|
.is_identity_signed(&device_identity)
|
||||||
|
.map_or(false, |_| true)
|
||||||
|
&& device_identity
|
||||||
|
.is_device_signed(&self.inner)
|
||||||
|
.map_or(false, |_| true)
|
||||||
|
}
|
||||||
|
})
|
||||||
|
.unwrap_or(false)
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/// Set the trust state of the device to the given state.
|
/// Set the trust state of the device to the given state.
|
||||||
///
|
///
|
||||||
/// # Arguments
|
/// # Arguments
|
||||||
|
|
@ -90,6 +121,7 @@ impl Device {
|
||||||
/// * `trust_state` - The new trust state that should be set for the device.
|
/// * `trust_state` - The new trust state that should be set for the device.
|
||||||
pub async fn set_trust_state(&self, trust_state: LocalTrust) -> StoreResult<()> {
|
pub async fn set_trust_state(&self, trust_state: LocalTrust) -> StoreResult<()> {
|
||||||
self.inner.set_trust_state(trust_state);
|
self.inner.set_trust_state(trust_state);
|
||||||
|
|
||||||
self.verification_machine
|
self.verification_machine
|
||||||
.store
|
.store
|
||||||
.save_devices(&[self.inner.clone()])
|
.save_devices(&[self.inner.clone()])
|
||||||
|
|
|
||||||
|
|
@ -299,6 +299,10 @@ impl OwnUserIdentity {
|
||||||
.verify_master_key(&identity.master_key)
|
.verify_master_key(&identity.master_key)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
pub fn is_device_signed(&self, device: &ReadOnlyDevice) -> Result<(), SignatureError> {
|
||||||
|
self.self_signing_key.verify_device(device)
|
||||||
|
}
|
||||||
|
|
||||||
pub fn mark_as_verified(&self) {
|
pub fn mark_as_verified(&self) {
|
||||||
self.verified.store(true, Ordering::SeqCst)
|
self.verified.store(true, Ordering::SeqCst)
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue