crypto: Fix clippy warnings and don't use the PickleMode for signing pickling.

master
Damir Jelić 2020-10-14 16:01:52 +02:00
parent c85fe6bc21
commit 4e8ce4cb5d
1 changed files with 61 additions and 106 deletions

View File

@ -29,7 +29,7 @@ use std::{
}; };
use zeroize::Zeroizing; use zeroize::Zeroizing;
use olm_rs::{errors::OlmUtilityError, pk::OlmPkSigning, utility::OlmUtility, PicklingMode}; use olm_rs::{errors::OlmUtilityError, pk::OlmPkSigning, utility::OlmUtility};
use matrix_sdk_common::{ use matrix_sdk_common::{
api::r0::keys::{upload_signing_keys::Request as UploadRequest, CrossSigningKey, KeyUsage}, api::r0::keys::{upload_signing_keys::Request as UploadRequest, CrossSigningKey, KeyUsage},
@ -93,14 +93,14 @@ struct PickledSelfSigning {
} }
impl MasterSigning { impl MasterSigning {
async fn pickle(&self, pickle_mode: PicklingMode) -> PickledMasterSigning { async fn pickle(&self, pickle_key: &[u8]) -> PickledMasterSigning {
let pickle = self.inner.pickle(pickle_mode).await; let pickle = self.inner.pickle(pickle_key).await;
let public_key = self.public_key.clone().into(); let public_key = self.public_key.clone().into();
PickledMasterSigning { pickle, public_key } PickledMasterSigning { pickle, public_key }
} }
fn from_pickle(pickle: PickledMasterSigning, pickle_mode: PicklingMode) -> Self { fn from_pickle(pickle: PickledMasterSigning, pickle_key: &[u8]) -> Self {
let inner = Signing::from_pickle(pickle.pickle, pickle_mode); let inner = Signing::from_pickle(pickle.pickle, pickle_key);
Self { Self {
inner, inner,
@ -133,14 +133,14 @@ impl MasterSigning {
} }
impl UserSigning { impl UserSigning {
async fn pickle(&self, pickle_mode: PicklingMode) -> PickledUserSigning { async fn pickle(&self, pickle_key: &[u8]) -> PickledUserSigning {
let pickle = self.inner.pickle(pickle_mode).await; let pickle = self.inner.pickle(pickle_key).await;
let public_key = self.public_key.clone().into(); let public_key = self.public_key.clone().into();
PickledUserSigning { pickle, public_key } PickledUserSigning { pickle, public_key }
} }
fn from_pickle(pickle: PickledUserSigning, pickle_mode: PicklingMode) -> Self { fn from_pickle(pickle: PickledUserSigning, pickle_key: &[u8]) -> Self {
let inner = Signing::from_pickle(pickle.pickle, pickle_mode); let inner = Signing::from_pickle(pickle.pickle, pickle_key);
Self { Self {
inner, inner,
@ -150,14 +150,14 @@ impl UserSigning {
} }
impl SelfSigning { impl SelfSigning {
async fn pickle(&self, pickle_mode: PicklingMode) -> PickledSelfSigning { async fn pickle(&self, pickle_key: &[u8]) -> PickledSelfSigning {
let pickle = self.inner.pickle(pickle_mode).await; let pickle = self.inner.pickle(pickle_key).await;
let public_key = self.public_key.clone().into(); let public_key = self.public_key.clone().into();
PickledSelfSigning { pickle, public_key } PickledSelfSigning { pickle, public_key }
} }
fn from_pickle(pickle: PickledSelfSigning, pickle_mode: PicklingMode) -> Self { fn from_pickle(pickle: PickledSelfSigning, pickle_key: &[u8]) -> Self {
let inner = Signing::from_pickle(pickle.pickle, pickle_mode); let inner = Signing::from_pickle(pickle.pickle, pickle_key);
Self { Self {
inner, inner,
@ -230,6 +230,7 @@ impl PublicSigningKey {
&self.0 &self.0
} }
#[allow(clippy::inherent_to_string)]
fn to_string(&self) -> String { fn to_string(&self) -> String {
self.0.to_string() self.0.to_string()
} }
@ -252,16 +253,10 @@ impl Signing {
} }
} }
fn from_pickle(pickle: PickledSigning, pickle_mode: PicklingMode) -> Self { fn from_pickle(pickle: PickledSigning, pickle_key: &[u8]) -> Self {
let mode = if let PicklingMode::Encrypted { key } = &pickle_mode {
key
} else {
"DEFAULT_PICKLE_PASSPHRASE_123456".as_bytes()
};
let pickled: InnerPickle = serde_json::from_str(pickle.as_str()).unwrap(); let pickled: InnerPickle = serde_json::from_str(pickle.as_str()).unwrap();
let key = GenericArray::from_slice(mode); let key = GenericArray::from_slice(pickle_key);
let cipher = Aes256Gcm::new(key); let cipher = Aes256Gcm::new(key);
let nonce = decode(pickled.nonce).unwrap(); let nonce = decode(pickled.nonce).unwrap();
@ -275,14 +270,8 @@ impl Signing {
Self::from_seed(seed) Self::from_seed(seed)
} }
async fn pickle(&self, pickle_mode: PicklingMode) -> PickledSigning { async fn pickle(&self, pickle_key: &[u8]) -> PickledSigning {
let mode = if let PicklingMode::Encrypted { key } = &pickle_mode { let key = GenericArray::from_slice(pickle_key);
key
} else {
"DEFAULT_PICKLE_PASSPHRASE_123456".as_bytes()
};
let key = GenericArray::from_slice(mode);
let cipher = Aes256Gcm::new(key); let cipher = Aes256Gcm::new(key);
let nonce = GenericArray::from_slice(b"unique nonce"); let nonce = GenericArray::from_slice(b"unique nonce");
let ciphertext = cipher let ciphertext = cipher
@ -375,43 +364,21 @@ impl PrivateCrossSigningIdentity {
self.shared.load(Ordering::SeqCst) self.shared.load(Ordering::SeqCst)
} }
async fn pickle(&self, pickle_mode: PicklingMode) -> PickledCrossSigningIdentity { async fn pickle(&self, pickle_key: &[u8]) -> PickledCrossSigningIdentity {
let pickle_key = if let PicklingMode::Encrypted { key } = &pickle_mode {
key
} else {
"DEFAULT_PICKLE_PASSPHRASE_123456".as_bytes()
}
.to_vec();
let master_key = if let Some(m) = self.master_key.lock().await.as_ref() { let master_key = if let Some(m) = self.master_key.lock().await.as_ref() {
Some( Some(m.pickle(pickle_key).await)
m.pickle(PicklingMode::Encrypted {
key: pickle_key.clone(),
})
.await,
)
} else { } else {
None None
}; };
let self_signing_key = if let Some(m) = self.self_signing_key.lock().await.as_ref() { let self_signing_key = if let Some(m) = self.self_signing_key.lock().await.as_ref() {
Some( Some(m.pickle(pickle_key).await)
m.pickle(PicklingMode::Encrypted {
key: pickle_key.clone(),
})
.await,
)
} else { } else {
None None
}; };
let user_signing_key = if let Some(m) = self.user_signing_key.lock().await.as_ref() { let user_signing_key = if let Some(m) = self.user_signing_key.lock().await.as_ref() {
Some( Some(m.pickle(pickle_key).await)
m.pickle(PicklingMode::Encrypted {
key: pickle_key.clone(),
})
.await,
)
} else { } else {
None None
}; };
@ -425,41 +392,21 @@ impl PrivateCrossSigningIdentity {
} }
} }
async fn from_pickle(pickle: PickledCrossSigningIdentity, pickle_mode: PicklingMode) -> Self { async fn from_pickle(pickle: PickledCrossSigningIdentity, pickle_key: &[u8]) -> Self {
let pickle_key = if let PicklingMode::Encrypted { key } = &pickle_mode {
key
} else {
"DEFAULT_PICKLE_PASSPHRASE_123456".as_bytes()
}
.to_vec();
let master = if let Some(m) = pickle.master_key { let master = if let Some(m) = pickle.master_key {
Some(MasterSigning::from_pickle( Some(MasterSigning::from_pickle(m, pickle_key))
m,
PicklingMode::Encrypted {
key: pickle_key.clone(),
},
))
} else { } else {
None None
}; };
let self_signing = if let Some(s) = pickle.self_signing_key { let self_signing = if let Some(s) = pickle.self_signing_key {
Some(SelfSigning::from_pickle( Some(SelfSigning::from_pickle(s, pickle_key))
s,
PicklingMode::Encrypted {
key: pickle_key.clone(),
},
))
} else { } else {
None None
}; };
let user_signing = if let Some(u) = pickle.user_signing_key { let user_signing = if let Some(u) = pickle.user_signing_key {
Some(UserSigning::from_pickle( Some(UserSigning::from_pickle(u, pickle_key))
u,
PicklingMode::Encrypted { key: pickle_key },
))
} else { } else {
None None
}; };
@ -474,29 +421,35 @@ impl PrivateCrossSigningIdentity {
} }
async fn as_upload_request(&self) -> UploadRequest<'_> { async fn as_upload_request(&self) -> UploadRequest<'_> {
UploadRequest { let master_key = self
auth: None,
master_key: self
.master_key .master_key
.lock() .lock()
.await .await
.as_ref() .as_ref()
.cloned() .cloned()
.map(|k| k.public_key.into()), .map(|k| k.public_key.into());
user_signing_key: self
let user_signing_key = self
.user_signing_key .user_signing_key
.lock() .lock()
.await .await
.as_ref() .as_ref()
.cloned() .cloned()
.map(|k| k.public_key.into()), .map(|k| k.public_key.into());
self_signing_key: self
let self_signing_key = self
.self_signing_key .self_signing_key
.lock() .lock()
.await .await
.as_ref() .as_ref()
.cloned() .cloned()
.map(|k| k.public_key.into()), .map(|k| k.public_key.into());
UploadRequest {
auth: None,
master_key,
user_signing_key,
self_signing_key,
} }
} }
} }
@ -507,12 +460,15 @@ mod test {
use matrix_sdk_common::identifiers::{user_id, UserId}; use matrix_sdk_common::identifiers::{user_id, UserId};
use matrix_sdk_test::async_test; use matrix_sdk_test::async_test;
use olm_rs::PicklingMode;
fn user_id() -> UserId { fn user_id() -> UserId {
user_id!("@example:localhost") user_id!("@example:localhost")
} }
fn pickle_key() -> &'static [u8] {
&[0u8; 32]
}
#[test] #[test]
fn signing_creation() { fn signing_creation() {
let signing = Signing::new(); let signing = Signing::new();
@ -532,9 +488,9 @@ mod test {
#[async_test] #[async_test]
async fn pickling_signing() { async fn pickling_signing() {
let signing = Signing::new(); let signing = Signing::new();
let pickled = signing.pickle(PicklingMode::Unencrypted).await; let pickled = signing.pickle(pickle_key()).await;
let unpickled = Signing::from_pickle(pickled, PicklingMode::Unencrypted); let unpickled = Signing::from_pickle(pickled, pickle_key());
assert_eq!(signing.public_key(), unpickled.public_key()); assert_eq!(signing.public_key(), unpickled.public_key());
} }
@ -584,10 +540,9 @@ mod test {
async fn identity_pickling() { async fn identity_pickling() {
let identity = PrivateCrossSigningIdentity::new(user_id()).await; let identity = PrivateCrossSigningIdentity::new(user_id()).await;
let pickled = identity.pickle(PicklingMode::Unencrypted).await; let pickled = identity.pickle(pickle_key()).await;
let unpickled = let unpickled = PrivateCrossSigningIdentity::from_pickle(pickled, pickle_key()).await;
PrivateCrossSigningIdentity::from_pickle(pickled, PicklingMode::Unencrypted).await;
assert_eq!(identity.user_id, unpickled.user_id); assert_eq!(identity.user_id, unpickled.user_id);
assert_eq!( assert_eq!(