char
/
matrix-rust-sdk
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

crypto: Check that the other device had a valid MAC.

master
Damir Jelić 2020-08-04 12:14:19 +02:00
parent 28a7831ffd
commit 408fe5da4b
3 changed files with 40 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
matrix_sdk_crypto/src/verification/sas/helpers.rs
View File

@ -142,9 +142,9 @@ pub fn receive_mac_event(
ids: &SasIds, ids: &SasIds,
flow_id: &str, flow_id: &str,
event: &ToDeviceEvent<MacEventContent>, event: &ToDeviceEvent<MacEventContent>,
) -> (Vec<Box<DeviceId>>, Vec<String>) { ) -> (Vec<Device>, Vec<String>) {
// TODO check the event and cancel if it isn't ok (sender, transaction id) // TODO check the event and cancel if it isn't ok (sender, transaction id)
let mut verified_devices: Vec<Box<DeviceId>> = Vec::new(); let mut verified_devices = Vec::new();
let info = extra_mac_info_receive(&ids, flow_id); let info = extra_mac_info_receive(&ids, flow_id);
@ -180,7 +180,7 @@ pub fn receive_mac_event(
.calculate_mac(key, &format!("{}{}", info, key_id)) .calculate_mac(key, &format!("{}{}", info, key_id))
.expect("Can't calculate SAS MAC") .expect("Can't calculate SAS MAC")
{ {
verified_devices.push(ids.other_device.device_id().into()); verified_devices.push(ids.other_device.clone());
} else { } else {
// TODO cancel here // TODO cancel here
} }

42
matrix_sdk_crypto/src/verification/sas/mod.rs
View File

@ -182,16 +182,30 @@ impl Sas {
if let Some(device) = device { if let Some(device) = device {
if device.keys() == self.other_device.keys() { if device.keys() == self.other_device.keys() {
trace!( if self
"Marking device {} {} as verified.", .verified_devices()
device.user_id(), .map_or(false, |v| v.contains(&device))
device.device_id() {
); trace!(
"Marking device {} {} as verified.",
device.user_id(),
device.device_id()
);
device.set_trust_state(TrustState::Verified); device.set_trust_state(TrustState::Verified);
self.store.read().await.save_devices(&[device]).await?; self.store.read().await.save_devices(&[device]).await?;
Ok(true) Ok(true)
} else {
info!(
"The interactive verification process didn't contain a \
MAC for the device {} {}",
device.user_id(),
device.device_id()
);
Ok(false)
}
} else { } else {
warn!( warn!(
"The device keys of {} {} have changed while an interactive \ "The device keys of {} {} have changed while an interactive \
@ -273,7 +287,7 @@ impl Sas {
content content
} }
pub(crate) fn verified_devices(&self) -> Option<Arc<Vec<Box<DeviceId>>>> { pub(crate) fn verified_devices(&self) -> Option<Arc<Vec<Device>>> {
self.inner.lock().unwrap().verified_devices() self.inner.lock().unwrap().verified_devices()
} }
@ -472,7 +486,7 @@ impl InnerSas {
} }
} }
fn verified_devices(&self) -> Option<Arc<Vec<Box<DeviceId>>>> { fn verified_devices(&self) -> Option<Arc<Vec<Device>>> {
if let InnerSas::Done(s) = self { if let InnerSas::Done(s) = self {
Some(s.verified_devices()) Some(s.verified_devices())
} else { } else {
@ -609,8 +623,8 @@ mod test {
let event = wrap_to_device_event(alice.user_id(), alice.as_content()); let event = wrap_to_device_event(alice.user_id(), alice.as_content());
let bob = bob.into_done(&event).unwrap(); let bob = bob.into_done(&event).unwrap();
assert!(bob.verified_devices().contains(&alice.device_id().into())); assert!(bob.verified_devices().contains(&bob.other_device()));
assert!(alice.verified_devices().contains(&bob.device_id().into())); assert!(alice.verified_devices().contains(&alice.other_device()));
} }
#[tokio::test] #[tokio::test]
@ -674,10 +688,10 @@ mod test {
assert!(alice assert!(alice
.verified_devices() .verified_devices()
.unwrap() .unwrap()
.contains(&bob.device_id().into())); .contains(&alice.other_device()));
assert!(bob assert!(bob
.verified_devices() .verified_devices()
.unwrap() .unwrap()
.contains(&alice.device_id().into())); .contains(&bob.other_device()));
} }
} }

14
matrix_sdk_crypto/src/verification/sas/sas_state.rs
View File

@ -165,7 +165,7 @@ pub struct Confirmed {
#[derive(Clone, Debug)] #[derive(Clone, Debug)]
pub struct MacReceived { pub struct MacReceived {
we_started: bool, we_started: bool,
verified_devices: Arc<Vec<Box<DeviceId>>>, verified_devices: Arc<Vec<Device>>,
verified_master_keys: Arc<Vec<String>>, verified_master_keys: Arc<Vec<String>>,
} }
@ -175,7 +175,7 @@ pub struct MacReceived {
/// the master keys in the verified devices list. /// the master keys in the verified devices list.
#[derive(Clone, Debug)] #[derive(Clone, Debug)]
pub struct Done { pub struct Done {
verified_devices: Arc<Vec<Box<DeviceId>>>, verified_devices: Arc<Vec<Device>>,
verified_master_keys: Arc<Vec<String>>, verified_master_keys: Arc<Vec<String>>,
} }
@ -196,6 +196,10 @@ impl<S: Clone> SasState<S> {
&self.ids.account.device_id() &self.ids.account.device_id()
} }
pub fn other_device(&self) -> Device {
self.ids.other_device.clone()
}
pub fn cancel(self, cancel_code: CancelCode) -> SasState<Canceled> { pub fn cancel(self, cancel_code: CancelCode) -> SasState<Canceled> {
SasState { SasState {
inner: self.inner, inner: self.inner,
@ -691,7 +695,7 @@ impl SasState<Done> {
} }
/// Get the list of verified devices. /// Get the list of verified devices.
pub fn verified_devices(&self) -> Arc<Vec<Box<DeviceId>>> { pub fn verified_devices(&self) -> Arc<Vec<Device>> {
self.state.verified_devices.clone() self.state.verified_devices.clone()
} }
@ -853,7 +857,7 @@ mod test {
let event = wrap_to_device_event(alice.user_id(), alice.as_content()); let event = wrap_to_device_event(alice.user_id(), alice.as_content());
let bob = bob.into_done(&event).unwrap(); let bob = bob.into_done(&event).unwrap();
assert!(bob.verified_devices().contains(&alice.device_id().into())); assert!(bob.verified_devices().contains(&bob.other_device()));
assert!(alice.verified_devices().contains(&bob.device_id().into())); assert!(alice.verified_devices().contains(&alice.other_device()));
} }
} }