crypto: Connect the private identity to the verification machine.
parent
7de002b128
commit
5fd004bae5
|
@ -378,6 +378,7 @@ pub(crate) mod test {
|
||||||
use matrix_sdk_common::{
|
use matrix_sdk_common::{
|
||||||
api::r0::keys::get_keys::Response as KeyQueryResponse,
|
api::r0::keys::get_keys::Response as KeyQueryResponse,
|
||||||
identifiers::{room_id, user_id, DeviceIdBox, RoomId, UserId},
|
identifiers::{room_id, user_id, DeviceIdBox, RoomId, UserId},
|
||||||
|
locks::Mutex,
|
||||||
};
|
};
|
||||||
|
|
||||||
use matrix_sdk_test::async_test;
|
use matrix_sdk_test::async_test;
|
||||||
|
@ -387,7 +388,7 @@ pub(crate) mod test {
|
||||||
use crate::{
|
use crate::{
|
||||||
identities::IdentityManager,
|
identities::IdentityManager,
|
||||||
machine::test::response_from_file,
|
machine::test::response_from_file,
|
||||||
olm::{Account, ReadOnlyAccount},
|
olm::{Account, PrivateCrossSigningIdentity, ReadOnlyAccount},
|
||||||
session_manager::GroupSessionManager,
|
session_manager::GroupSessionManager,
|
||||||
store::{CryptoStore, MemoryStore, Store},
|
store::{CryptoStore, MemoryStore, Store},
|
||||||
verification::VerificationMachine,
|
verification::VerificationMachine,
|
||||||
|
@ -410,10 +411,11 @@ pub(crate) mod test {
|
||||||
}
|
}
|
||||||
|
|
||||||
fn manager() -> IdentityManager {
|
fn manager() -> IdentityManager {
|
||||||
|
let identity = Arc::new(Mutex::new(PrivateCrossSigningIdentity::empty(user_id())));
|
||||||
let user_id = Arc::new(user_id());
|
let user_id = Arc::new(user_id());
|
||||||
let account = ReadOnlyAccount::new(&user_id, &device_id());
|
let account = ReadOnlyAccount::new(&user_id, &device_id());
|
||||||
let store: Arc<Box<dyn CryptoStore>> = Arc::new(Box::new(MemoryStore::new()));
|
let store: Arc<Box<dyn CryptoStore>> = Arc::new(Box::new(MemoryStore::new()));
|
||||||
let verification = VerificationMachine::new(account.clone(), store);
|
let verification = VerificationMachine::new(account.clone(), identity, store);
|
||||||
let store = Store::new(
|
let store = Store::new(
|
||||||
user_id.clone(),
|
user_id.clone(),
|
||||||
Arc::new(Box::new(MemoryStore::new())),
|
Arc::new(Box::new(MemoryStore::new())),
|
||||||
|
|
|
@ -684,13 +684,13 @@ pub(crate) mod test {
|
||||||
manager::test::{other_key_query, own_key_query},
|
manager::test::{other_key_query, own_key_query},
|
||||||
Device, ReadOnlyDevice,
|
Device, ReadOnlyDevice,
|
||||||
},
|
},
|
||||||
olm::ReadOnlyAccount,
|
olm::{PrivateCrossSigningIdentity, ReadOnlyAccount},
|
||||||
store::MemoryStore,
|
store::MemoryStore,
|
||||||
verification::VerificationMachine,
|
verification::VerificationMachine,
|
||||||
};
|
};
|
||||||
|
|
||||||
use matrix_sdk_common::{
|
use matrix_sdk_common::{
|
||||||
api::r0::keys::get_keys::Response as KeyQueryResponse, identifiers::user_id,
|
api::r0::keys::get_keys::Response as KeyQueryResponse, identifiers::user_id, locks::Mutex,
|
||||||
};
|
};
|
||||||
|
|
||||||
use super::{OwnUserIdentity, UserIdentities, UserIdentity};
|
use super::{OwnUserIdentity, UserIdentities, UserIdentity};
|
||||||
|
@ -752,8 +752,12 @@ pub(crate) mod test {
|
||||||
assert!(identity.is_device_signed(&first).is_err());
|
assert!(identity.is_device_signed(&first).is_err());
|
||||||
assert!(identity.is_device_signed(&second).is_ok());
|
assert!(identity.is_device_signed(&second).is_ok());
|
||||||
|
|
||||||
|
let private_identity = Arc::new(Mutex::new(PrivateCrossSigningIdentity::empty(
|
||||||
|
second.user_id().clone(),
|
||||||
|
)));
|
||||||
let verification_machine = VerificationMachine::new(
|
let verification_machine = VerificationMachine::new(
|
||||||
ReadOnlyAccount::new(second.user_id(), second.device_id()),
|
ReadOnlyAccount::new(second.user_id(), second.device_id()),
|
||||||
|
private_identity,
|
||||||
Arc::new(Box::new(MemoryStore::new())),
|
Arc::new(Box::new(MemoryStore::new())),
|
||||||
);
|
);
|
||||||
|
|
||||||
|
|
|
@ -674,13 +674,14 @@ mod test {
|
||||||
AnyToDeviceEvent, ToDeviceEvent,
|
AnyToDeviceEvent, ToDeviceEvent,
|
||||||
},
|
},
|
||||||
identifiers::{room_id, user_id, DeviceIdBox, RoomId, UserId},
|
identifiers::{room_id, user_id, DeviceIdBox, RoomId, UserId},
|
||||||
|
locks::Mutex,
|
||||||
};
|
};
|
||||||
use matrix_sdk_test::async_test;
|
use matrix_sdk_test::async_test;
|
||||||
use std::{convert::TryInto, sync::Arc};
|
use std::{convert::TryInto, sync::Arc};
|
||||||
|
|
||||||
use crate::{
|
use crate::{
|
||||||
identities::{LocalTrust, ReadOnlyDevice},
|
identities::{LocalTrust, ReadOnlyDevice},
|
||||||
olm::{Account, ReadOnlyAccount},
|
olm::{Account, PrivateCrossSigningIdentity, ReadOnlyAccount},
|
||||||
store::{CryptoStore, MemoryStore, Store},
|
store::{CryptoStore, MemoryStore, Store},
|
||||||
verification::VerificationMachine,
|
verification::VerificationMachine,
|
||||||
};
|
};
|
||||||
|
@ -719,7 +720,8 @@ mod test {
|
||||||
let user_id = Arc::new(bob_id());
|
let user_id = Arc::new(bob_id());
|
||||||
let account = ReadOnlyAccount::new(&user_id, &alice_device_id());
|
let account = ReadOnlyAccount::new(&user_id, &alice_device_id());
|
||||||
let store: Arc<Box<dyn CryptoStore>> = Arc::new(Box::new(MemoryStore::new()));
|
let store: Arc<Box<dyn CryptoStore>> = Arc::new(Box::new(MemoryStore::new()));
|
||||||
let verification = VerificationMachine::new(account, store.clone());
|
let identity = Arc::new(Mutex::new(PrivateCrossSigningIdentity::empty(bob_id())));
|
||||||
|
let verification = VerificationMachine::new(account, identity, store.clone());
|
||||||
let store = Store::new(user_id.clone(), store, verification);
|
let store = Store::new(user_id.clone(), store, verification);
|
||||||
|
|
||||||
KeyRequestMachine::new(
|
KeyRequestMachine::new(
|
||||||
|
@ -736,7 +738,8 @@ mod test {
|
||||||
let account = ReadOnlyAccount::new(&user_id, &alice_device_id());
|
let account = ReadOnlyAccount::new(&user_id, &alice_device_id());
|
||||||
let device = ReadOnlyDevice::from_account(&account).await;
|
let device = ReadOnlyDevice::from_account(&account).await;
|
||||||
let store: Arc<Box<dyn CryptoStore>> = Arc::new(Box::new(MemoryStore::new()));
|
let store: Arc<Box<dyn CryptoStore>> = Arc::new(Box::new(MemoryStore::new()));
|
||||||
let verification = VerificationMachine::new(account, store.clone());
|
let identity = Arc::new(Mutex::new(PrivateCrossSigningIdentity::empty(alice_id())));
|
||||||
|
let verification = VerificationMachine::new(account, identity, store.clone());
|
||||||
let store = Store::new(user_id.clone(), store, verification);
|
let store = Store::new(user_id.clone(), store, verification);
|
||||||
store.save_devices(&[device]).await.unwrap();
|
store.save_devices(&[device]).await.unwrap();
|
||||||
|
|
||||||
|
|
|
@ -140,9 +140,11 @@ impl OlmMachine {
|
||||||
user_identity: PrivateCrossSigningIdentity,
|
user_identity: PrivateCrossSigningIdentity,
|
||||||
) -> Self {
|
) -> Self {
|
||||||
let user_id = Arc::new(user_id.clone());
|
let user_id = Arc::new(user_id.clone());
|
||||||
|
let user_identity = Arc::new(Mutex::new(user_identity));
|
||||||
|
|
||||||
let store = Arc::new(store);
|
let store = Arc::new(store);
|
||||||
let verification_machine = VerificationMachine::new(account.clone(), store.clone());
|
let verification_machine =
|
||||||
|
VerificationMachine::new(account.clone(), user_identity.clone(), store.clone());
|
||||||
let store = Store::new(user_id.clone(), store, verification_machine.clone());
|
let store = Store::new(user_id.clone(), store, verification_machine.clone());
|
||||||
let device_id: Arc<DeviceIdBox> = Arc::new(device_id);
|
let device_id: Arc<DeviceIdBox> = Arc::new(device_id);
|
||||||
let outbound_group_sessions = Arc::new(DashMap::new());
|
let outbound_group_sessions = Arc::new(DashMap::new());
|
||||||
|
@ -185,7 +187,7 @@ impl OlmMachine {
|
||||||
verification_machine,
|
verification_machine,
|
||||||
key_request_machine,
|
key_request_machine,
|
||||||
identity_manager,
|
identity_manager,
|
||||||
user_identity: Arc::new(Mutex::new(user_identity)),
|
user_identity,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -224,8 +226,16 @@ impl OlmMachine {
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
// TODO load the identity like we load an account.
|
let identity = match store.load_identity().await? {
|
||||||
let identity = PrivateCrossSigningIdentity::empty(user_id.clone());
|
Some(i) => {
|
||||||
|
debug!("Restored the cross signing identity");
|
||||||
|
i
|
||||||
|
}
|
||||||
|
None => {
|
||||||
|
debug!("Creating an empty cross signing identity stub");
|
||||||
|
PrivateCrossSigningIdentity::empty(user_id.clone())
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
Ok(OlmMachine::new_helper(
|
Ok(OlmMachine::new_helper(
|
||||||
&user_id, device_id, store, account, identity,
|
&user_id, device_id, store, account, identity,
|
||||||
|
@ -344,8 +354,9 @@ impl OlmMachine {
|
||||||
/// Mark the cross signing identity as shared.
|
/// Mark the cross signing identity as shared.
|
||||||
async fn receive_cross_signing_upload_response(&self) -> StoreResult<()> {
|
async fn receive_cross_signing_upload_response(&self) -> StoreResult<()> {
|
||||||
self.user_identity.lock().await.mark_as_shared();
|
self.user_identity.lock().await.mark_as_shared();
|
||||||
// TOOD save the identity.
|
self.store
|
||||||
Ok(())
|
.save_identity((&*self.user_identity.lock().await).clone())
|
||||||
|
.await
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Create a new cross signing identity and get the upload request to push
|
/// Create a new cross signing identity and get the upload request to push
|
||||||
|
@ -356,11 +367,12 @@ impl OlmMachine {
|
||||||
/// devices.
|
/// devices.
|
||||||
///
|
///
|
||||||
/// Uploading these keys will require user interactive auth.
|
/// Uploading these keys will require user interactive auth.
|
||||||
pub async fn bootstrap_cross_signing(&self) -> UploadSigningKeysRequest {
|
pub async fn bootstrap_cross_signing(&self) -> StoreResult<UploadSigningKeysRequest> {
|
||||||
let mut lock = self.user_identity.lock().await;
|
// TODO should we save the request until we get a response?
|
||||||
*lock = PrivateCrossSigningIdentity::new(self.user_id().to_owned()).await;
|
let mut identity = self.user_identity.lock().await;
|
||||||
// TODO save the identity.
|
*identity = PrivateCrossSigningIdentity::new(self.user_id().to_owned()).await;
|
||||||
lock.as_upload_request().await
|
self.store.save_identity(identity.clone()).await?;
|
||||||
|
Ok(identity.as_upload_request().await)
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Should device or one-time keys be uploaded to the server.
|
/// Should device or one-time keys be uploaded to the server.
|
||||||
|
|
|
@ -311,6 +311,7 @@ impl SessionManager {
|
||||||
#[cfg(test)]
|
#[cfg(test)]
|
||||||
mod test {
|
mod test {
|
||||||
use dashmap::DashMap;
|
use dashmap::DashMap;
|
||||||
|
use matrix_sdk_common::locks::Mutex;
|
||||||
use std::{collections::BTreeMap, sync::Arc};
|
use std::{collections::BTreeMap, sync::Arc};
|
||||||
|
|
||||||
use matrix_sdk_common::{
|
use matrix_sdk_common::{
|
||||||
|
@ -324,7 +325,7 @@ mod test {
|
||||||
use crate::{
|
use crate::{
|
||||||
identities::ReadOnlyDevice,
|
identities::ReadOnlyDevice,
|
||||||
key_request::KeyRequestMachine,
|
key_request::KeyRequestMachine,
|
||||||
olm::{Account, ReadOnlyAccount},
|
olm::{Account, PrivateCrossSigningIdentity, ReadOnlyAccount},
|
||||||
store::{CryptoStore, MemoryStore, Store},
|
store::{CryptoStore, MemoryStore, Store},
|
||||||
verification::VerificationMachine,
|
verification::VerificationMachine,
|
||||||
};
|
};
|
||||||
|
@ -350,8 +351,10 @@ mod test {
|
||||||
let account = ReadOnlyAccount::new(&user_id, &device_id);
|
let account = ReadOnlyAccount::new(&user_id, &device_id);
|
||||||
let store: Arc<Box<dyn CryptoStore>> = Arc::new(Box::new(MemoryStore::new()));
|
let store: Arc<Box<dyn CryptoStore>> = Arc::new(Box::new(MemoryStore::new()));
|
||||||
store.save_account(account.clone()).await.unwrap();
|
store.save_account(account.clone()).await.unwrap();
|
||||||
|
let identity = Arc::new(Mutex::new(PrivateCrossSigningIdentity::empty(
|
||||||
let verification = VerificationMachine::new(account.clone(), store.clone());
|
user_id.clone(),
|
||||||
|
)));
|
||||||
|
let verification = VerificationMachine::new(account.clone(), identity, store.clone());
|
||||||
|
|
||||||
let user_id = Arc::new(user_id);
|
let user_id = Arc::new(user_id);
|
||||||
let device_id = Arc::new(device_id);
|
let device_id = Arc::new(device_id);
|
||||||
|
|
|
@ -16,6 +16,7 @@ use std::sync::Arc;
|
||||||
|
|
||||||
use dashmap::DashMap;
|
use dashmap::DashMap;
|
||||||
|
|
||||||
|
use matrix_sdk_common::locks::Mutex;
|
||||||
use tracing::{trace, warn};
|
use tracing::{trace, warn};
|
||||||
|
|
||||||
use matrix_sdk_common::{
|
use matrix_sdk_common::{
|
||||||
|
@ -26,6 +27,7 @@ use matrix_sdk_common::{
|
||||||
|
|
||||||
use super::sas::{content_to_request, Sas};
|
use super::sas::{content_to_request, Sas};
|
||||||
use crate::{
|
use crate::{
|
||||||
|
olm::PrivateCrossSigningIdentity,
|
||||||
requests::{OutgoingRequest, ToDeviceRequest},
|
requests::{OutgoingRequest, ToDeviceRequest},
|
||||||
store::{CryptoStore, CryptoStoreError},
|
store::{CryptoStore, CryptoStoreError},
|
||||||
ReadOnlyAccount, ReadOnlyDevice,
|
ReadOnlyAccount, ReadOnlyDevice,
|
||||||
|
@ -34,15 +36,21 @@ use crate::{
|
||||||
#[derive(Clone, Debug)]
|
#[derive(Clone, Debug)]
|
||||||
pub struct VerificationMachine {
|
pub struct VerificationMachine {
|
||||||
account: ReadOnlyAccount,
|
account: ReadOnlyAccount,
|
||||||
|
user_identity: Arc<Mutex<PrivateCrossSigningIdentity>>,
|
||||||
pub(crate) store: Arc<Box<dyn CryptoStore>>,
|
pub(crate) store: Arc<Box<dyn CryptoStore>>,
|
||||||
verifications: Arc<DashMap<String, Sas>>,
|
verifications: Arc<DashMap<String, Sas>>,
|
||||||
outgoing_to_device_messages: Arc<DashMap<Uuid, OutgoingRequest>>,
|
outgoing_to_device_messages: Arc<DashMap<Uuid, OutgoingRequest>>,
|
||||||
}
|
}
|
||||||
|
|
||||||
impl VerificationMachine {
|
impl VerificationMachine {
|
||||||
pub(crate) fn new(account: ReadOnlyAccount, store: Arc<Box<dyn CryptoStore>>) -> Self {
|
pub(crate) fn new(
|
||||||
|
account: ReadOnlyAccount,
|
||||||
|
identity: Arc<Mutex<PrivateCrossSigningIdentity>>,
|
||||||
|
store: Arc<Box<dyn CryptoStore>>,
|
||||||
|
) -> Self {
|
||||||
Self {
|
Self {
|
||||||
account,
|
account,
|
||||||
|
user_identity: identity,
|
||||||
store,
|
store,
|
||||||
verifications: Arc::new(DashMap::new()),
|
verifications: Arc::new(DashMap::new()),
|
||||||
outgoing_to_device_messages: Arc::new(DashMap::new()),
|
outgoing_to_device_messages: Arc::new(DashMap::new()),
|
||||||
|
@ -224,10 +232,12 @@ mod test {
|
||||||
use matrix_sdk_common::{
|
use matrix_sdk_common::{
|
||||||
events::AnyToDeviceEventContent,
|
events::AnyToDeviceEventContent,
|
||||||
identifiers::{DeviceId, UserId},
|
identifiers::{DeviceId, UserId},
|
||||||
|
locks::Mutex,
|
||||||
};
|
};
|
||||||
|
|
||||||
use super::{Sas, VerificationMachine};
|
use super::{Sas, VerificationMachine};
|
||||||
use crate::{
|
use crate::{
|
||||||
|
olm::PrivateCrossSigningIdentity,
|
||||||
requests::OutgoingRequests,
|
requests::OutgoingRequests,
|
||||||
store::{CryptoStore, MemoryStore},
|
store::{CryptoStore, MemoryStore},
|
||||||
verification::test::{get_content_from_request, wrap_any_to_device_content},
|
verification::test::{get_content_from_request, wrap_any_to_device_content},
|
||||||
|
@ -263,7 +273,8 @@ mod test {
|
||||||
bob_store.save_devices(vec![alice_device.clone()]).await;
|
bob_store.save_devices(vec![alice_device.clone()]).await;
|
||||||
|
|
||||||
let bob_store: Arc<Box<dyn CryptoStore>> = Arc::new(Box::new(bob_store));
|
let bob_store: Arc<Box<dyn CryptoStore>> = Arc::new(Box::new(bob_store));
|
||||||
let machine = VerificationMachine::new(alice, Arc::new(Box::new(store)));
|
let identity = Arc::new(Mutex::new(PrivateCrossSigningIdentity::empty(alice_id())));
|
||||||
|
let machine = VerificationMachine::new(alice, identity, Arc::new(Box::new(store)));
|
||||||
let (bob_sas, start_content) = Sas::start(bob, alice_device, bob_store, None);
|
let (bob_sas, start_content) = Sas::start(bob, alice_device, bob_store, None);
|
||||||
machine
|
machine
|
||||||
.receive_event(&mut wrap_any_to_device_content(
|
.receive_event(&mut wrap_any_to_device_content(
|
||||||
|
@ -279,8 +290,9 @@ mod test {
|
||||||
#[test]
|
#[test]
|
||||||
fn create() {
|
fn create() {
|
||||||
let alice = ReadOnlyAccount::new(&alice_id(), &alice_device_id());
|
let alice = ReadOnlyAccount::new(&alice_id(), &alice_device_id());
|
||||||
|
let identity = Arc::new(Mutex::new(PrivateCrossSigningIdentity::empty(alice_id())));
|
||||||
let store = MemoryStore::new();
|
let store = MemoryStore::new();
|
||||||
let _ = VerificationMachine::new(alice, Arc::new(Box::new(store)));
|
let _ = VerificationMachine::new(alice, identity, Arc::new(Box::new(store)));
|
||||||
}
|
}
|
||||||
|
|
||||||
#[tokio::test]
|
#[tokio::test]
|
||||||
|
|
Loading…
Reference in New Issue