crypto: Connect the private identity to the verification machine.

master
Damir Jelić 2020-10-22 18:04:29 +02:00
parent 7de002b128
commit 5fd004bae5
6 changed files with 60 additions and 24 deletions

View File

@ -378,6 +378,7 @@ pub(crate) mod test {
use matrix_sdk_common::{ use matrix_sdk_common::{
api::r0::keys::get_keys::Response as KeyQueryResponse, api::r0::keys::get_keys::Response as KeyQueryResponse,
identifiers::{room_id, user_id, DeviceIdBox, RoomId, UserId}, identifiers::{room_id, user_id, DeviceIdBox, RoomId, UserId},
locks::Mutex,
}; };
use matrix_sdk_test::async_test; use matrix_sdk_test::async_test;
@ -387,7 +388,7 @@ pub(crate) mod test {
use crate::{ use crate::{
identities::IdentityManager, identities::IdentityManager,
machine::test::response_from_file, machine::test::response_from_file,
olm::{Account, ReadOnlyAccount}, olm::{Account, PrivateCrossSigningIdentity, ReadOnlyAccount},
session_manager::GroupSessionManager, session_manager::GroupSessionManager,
store::{CryptoStore, MemoryStore, Store}, store::{CryptoStore, MemoryStore, Store},
verification::VerificationMachine, verification::VerificationMachine,
@ -410,10 +411,11 @@ pub(crate) mod test {
} }
fn manager() -> IdentityManager { fn manager() -> IdentityManager {
let identity = Arc::new(Mutex::new(PrivateCrossSigningIdentity::empty(user_id())));
let user_id = Arc::new(user_id()); let user_id = Arc::new(user_id());
let account = ReadOnlyAccount::new(&user_id, &device_id()); let account = ReadOnlyAccount::new(&user_id, &device_id());
let store: Arc<Box<dyn CryptoStore>> = Arc::new(Box::new(MemoryStore::new())); let store: Arc<Box<dyn CryptoStore>> = Arc::new(Box::new(MemoryStore::new()));
let verification = VerificationMachine::new(account.clone(), store); let verification = VerificationMachine::new(account.clone(), identity, store);
let store = Store::new( let store = Store::new(
user_id.clone(), user_id.clone(),
Arc::new(Box::new(MemoryStore::new())), Arc::new(Box::new(MemoryStore::new())),

View File

@ -684,13 +684,13 @@ pub(crate) mod test {
manager::test::{other_key_query, own_key_query}, manager::test::{other_key_query, own_key_query},
Device, ReadOnlyDevice, Device, ReadOnlyDevice,
}, },
olm::ReadOnlyAccount, olm::{PrivateCrossSigningIdentity, ReadOnlyAccount},
store::MemoryStore, store::MemoryStore,
verification::VerificationMachine, verification::VerificationMachine,
}; };
use matrix_sdk_common::{ use matrix_sdk_common::{
api::r0::keys::get_keys::Response as KeyQueryResponse, identifiers::user_id, api::r0::keys::get_keys::Response as KeyQueryResponse, identifiers::user_id, locks::Mutex,
}; };
use super::{OwnUserIdentity, UserIdentities, UserIdentity}; use super::{OwnUserIdentity, UserIdentities, UserIdentity};
@ -752,8 +752,12 @@ pub(crate) mod test {
assert!(identity.is_device_signed(&first).is_err()); assert!(identity.is_device_signed(&first).is_err());
assert!(identity.is_device_signed(&second).is_ok()); assert!(identity.is_device_signed(&second).is_ok());
let private_identity = Arc::new(Mutex::new(PrivateCrossSigningIdentity::empty(
second.user_id().clone(),
)));
let verification_machine = VerificationMachine::new( let verification_machine = VerificationMachine::new(
ReadOnlyAccount::new(second.user_id(), second.device_id()), ReadOnlyAccount::new(second.user_id(), second.device_id()),
private_identity,
Arc::new(Box::new(MemoryStore::new())), Arc::new(Box::new(MemoryStore::new())),
); );

View File

@ -674,13 +674,14 @@ mod test {
AnyToDeviceEvent, ToDeviceEvent, AnyToDeviceEvent, ToDeviceEvent,
}, },
identifiers::{room_id, user_id, DeviceIdBox, RoomId, UserId}, identifiers::{room_id, user_id, DeviceIdBox, RoomId, UserId},
locks::Mutex,
}; };
use matrix_sdk_test::async_test; use matrix_sdk_test::async_test;
use std::{convert::TryInto, sync::Arc}; use std::{convert::TryInto, sync::Arc};
use crate::{ use crate::{
identities::{LocalTrust, ReadOnlyDevice}, identities::{LocalTrust, ReadOnlyDevice},
olm::{Account, ReadOnlyAccount}, olm::{Account, PrivateCrossSigningIdentity, ReadOnlyAccount},
store::{CryptoStore, MemoryStore, Store}, store::{CryptoStore, MemoryStore, Store},
verification::VerificationMachine, verification::VerificationMachine,
}; };
@ -719,7 +720,8 @@ mod test {
let user_id = Arc::new(bob_id()); let user_id = Arc::new(bob_id());
let account = ReadOnlyAccount::new(&user_id, &alice_device_id()); let account = ReadOnlyAccount::new(&user_id, &alice_device_id());
let store: Arc<Box<dyn CryptoStore>> = Arc::new(Box::new(MemoryStore::new())); let store: Arc<Box<dyn CryptoStore>> = Arc::new(Box::new(MemoryStore::new()));
let verification = VerificationMachine::new(account, store.clone()); let identity = Arc::new(Mutex::new(PrivateCrossSigningIdentity::empty(bob_id())));
let verification = VerificationMachine::new(account, identity, store.clone());
let store = Store::new(user_id.clone(), store, verification); let store = Store::new(user_id.clone(), store, verification);
KeyRequestMachine::new( KeyRequestMachine::new(
@ -736,7 +738,8 @@ mod test {
let account = ReadOnlyAccount::new(&user_id, &alice_device_id()); let account = ReadOnlyAccount::new(&user_id, &alice_device_id());
let device = ReadOnlyDevice::from_account(&account).await; let device = ReadOnlyDevice::from_account(&account).await;
let store: Arc<Box<dyn CryptoStore>> = Arc::new(Box::new(MemoryStore::new())); let store: Arc<Box<dyn CryptoStore>> = Arc::new(Box::new(MemoryStore::new()));
let verification = VerificationMachine::new(account, store.clone()); let identity = Arc::new(Mutex::new(PrivateCrossSigningIdentity::empty(alice_id())));
let verification = VerificationMachine::new(account, identity, store.clone());
let store = Store::new(user_id.clone(), store, verification); let store = Store::new(user_id.clone(), store, verification);
store.save_devices(&[device]).await.unwrap(); store.save_devices(&[device]).await.unwrap();

View File

@ -140,9 +140,11 @@ impl OlmMachine {
user_identity: PrivateCrossSigningIdentity, user_identity: PrivateCrossSigningIdentity,
) -> Self { ) -> Self {
let user_id = Arc::new(user_id.clone()); let user_id = Arc::new(user_id.clone());
let user_identity = Arc::new(Mutex::new(user_identity));
let store = Arc::new(store); let store = Arc::new(store);
let verification_machine = VerificationMachine::new(account.clone(), store.clone()); let verification_machine =
VerificationMachine::new(account.clone(), user_identity.clone(), store.clone());
let store = Store::new(user_id.clone(), store, verification_machine.clone()); let store = Store::new(user_id.clone(), store, verification_machine.clone());
let device_id: Arc<DeviceIdBox> = Arc::new(device_id); let device_id: Arc<DeviceIdBox> = Arc::new(device_id);
let outbound_group_sessions = Arc::new(DashMap::new()); let outbound_group_sessions = Arc::new(DashMap::new());
@ -185,7 +187,7 @@ impl OlmMachine {
verification_machine, verification_machine,
key_request_machine, key_request_machine,
identity_manager, identity_manager,
user_identity: Arc::new(Mutex::new(user_identity)), user_identity,
} }
} }
@ -224,8 +226,16 @@ impl OlmMachine {
} }
}; };
// TODO load the identity like we load an account. let identity = match store.load_identity().await? {
let identity = PrivateCrossSigningIdentity::empty(user_id.clone()); Some(i) => {
debug!("Restored the cross signing identity");
i
}
None => {
debug!("Creating an empty cross signing identity stub");
PrivateCrossSigningIdentity::empty(user_id.clone())
}
};
Ok(OlmMachine::new_helper( Ok(OlmMachine::new_helper(
&user_id, device_id, store, account, identity, &user_id, device_id, store, account, identity,
@ -344,8 +354,9 @@ impl OlmMachine {
/// Mark the cross signing identity as shared. /// Mark the cross signing identity as shared.
async fn receive_cross_signing_upload_response(&self) -> StoreResult<()> { async fn receive_cross_signing_upload_response(&self) -> StoreResult<()> {
self.user_identity.lock().await.mark_as_shared(); self.user_identity.lock().await.mark_as_shared();
// TOOD save the identity. self.store
Ok(()) .save_identity((&*self.user_identity.lock().await).clone())
.await
} }
/// Create a new cross signing identity and get the upload request to push /// Create a new cross signing identity and get the upload request to push
@ -356,11 +367,12 @@ impl OlmMachine {
/// devices. /// devices.
/// ///
/// Uploading these keys will require user interactive auth. /// Uploading these keys will require user interactive auth.
pub async fn bootstrap_cross_signing(&self) -> UploadSigningKeysRequest { pub async fn bootstrap_cross_signing(&self) -> StoreResult<UploadSigningKeysRequest> {
let mut lock = self.user_identity.lock().await; // TODO should we save the request until we get a response?
*lock = PrivateCrossSigningIdentity::new(self.user_id().to_owned()).await; let mut identity = self.user_identity.lock().await;
// TODO save the identity. *identity = PrivateCrossSigningIdentity::new(self.user_id().to_owned()).await;
lock.as_upload_request().await self.store.save_identity(identity.clone()).await?;
Ok(identity.as_upload_request().await)
} }
/// Should device or one-time keys be uploaded to the server. /// Should device or one-time keys be uploaded to the server.

View File

@ -311,6 +311,7 @@ impl SessionManager {
#[cfg(test)] #[cfg(test)]
mod test { mod test {
use dashmap::DashMap; use dashmap::DashMap;
use matrix_sdk_common::locks::Mutex;
use std::{collections::BTreeMap, sync::Arc}; use std::{collections::BTreeMap, sync::Arc};
use matrix_sdk_common::{ use matrix_sdk_common::{
@ -324,7 +325,7 @@ mod test {
use crate::{ use crate::{
identities::ReadOnlyDevice, identities::ReadOnlyDevice,
key_request::KeyRequestMachine, key_request::KeyRequestMachine,
olm::{Account, ReadOnlyAccount}, olm::{Account, PrivateCrossSigningIdentity, ReadOnlyAccount},
store::{CryptoStore, MemoryStore, Store}, store::{CryptoStore, MemoryStore, Store},
verification::VerificationMachine, verification::VerificationMachine,
}; };
@ -350,8 +351,10 @@ mod test {
let account = ReadOnlyAccount::new(&user_id, &device_id); let account = ReadOnlyAccount::new(&user_id, &device_id);
let store: Arc<Box<dyn CryptoStore>> = Arc::new(Box::new(MemoryStore::new())); let store: Arc<Box<dyn CryptoStore>> = Arc::new(Box::new(MemoryStore::new()));
store.save_account(account.clone()).await.unwrap(); store.save_account(account.clone()).await.unwrap();
let identity = Arc::new(Mutex::new(PrivateCrossSigningIdentity::empty(
let verification = VerificationMachine::new(account.clone(), store.clone()); user_id.clone(),
)));
let verification = VerificationMachine::new(account.clone(), identity, store.clone());
let user_id = Arc::new(user_id); let user_id = Arc::new(user_id);
let device_id = Arc::new(device_id); let device_id = Arc::new(device_id);

View File

@ -16,6 +16,7 @@ use std::sync::Arc;
use dashmap::DashMap; use dashmap::DashMap;
use matrix_sdk_common::locks::Mutex;
use tracing::{trace, warn}; use tracing::{trace, warn};
use matrix_sdk_common::{ use matrix_sdk_common::{
@ -26,6 +27,7 @@ use matrix_sdk_common::{
use super::sas::{content_to_request, Sas}; use super::sas::{content_to_request, Sas};
use crate::{ use crate::{
olm::PrivateCrossSigningIdentity,
requests::{OutgoingRequest, ToDeviceRequest}, requests::{OutgoingRequest, ToDeviceRequest},
store::{CryptoStore, CryptoStoreError}, store::{CryptoStore, CryptoStoreError},
ReadOnlyAccount, ReadOnlyDevice, ReadOnlyAccount, ReadOnlyDevice,
@ -34,15 +36,21 @@ use crate::{
#[derive(Clone, Debug)] #[derive(Clone, Debug)]
pub struct VerificationMachine { pub struct VerificationMachine {
account: ReadOnlyAccount, account: ReadOnlyAccount,
user_identity: Arc<Mutex<PrivateCrossSigningIdentity>>,
pub(crate) store: Arc<Box<dyn CryptoStore>>, pub(crate) store: Arc<Box<dyn CryptoStore>>,
verifications: Arc<DashMap<String, Sas>>, verifications: Arc<DashMap<String, Sas>>,
outgoing_to_device_messages: Arc<DashMap<Uuid, OutgoingRequest>>, outgoing_to_device_messages: Arc<DashMap<Uuid, OutgoingRequest>>,
} }
impl VerificationMachine { impl VerificationMachine {
pub(crate) fn new(account: ReadOnlyAccount, store: Arc<Box<dyn CryptoStore>>) -> Self { pub(crate) fn new(
account: ReadOnlyAccount,
identity: Arc<Mutex<PrivateCrossSigningIdentity>>,
store: Arc<Box<dyn CryptoStore>>,
) -> Self {
Self { Self {
account, account,
user_identity: identity,
store, store,
verifications: Arc::new(DashMap::new()), verifications: Arc::new(DashMap::new()),
outgoing_to_device_messages: Arc::new(DashMap::new()), outgoing_to_device_messages: Arc::new(DashMap::new()),
@ -224,10 +232,12 @@ mod test {
use matrix_sdk_common::{ use matrix_sdk_common::{
events::AnyToDeviceEventContent, events::AnyToDeviceEventContent,
identifiers::{DeviceId, UserId}, identifiers::{DeviceId, UserId},
locks::Mutex,
}; };
use super::{Sas, VerificationMachine}; use super::{Sas, VerificationMachine};
use crate::{ use crate::{
olm::PrivateCrossSigningIdentity,
requests::OutgoingRequests, requests::OutgoingRequests,
store::{CryptoStore, MemoryStore}, store::{CryptoStore, MemoryStore},
verification::test::{get_content_from_request, wrap_any_to_device_content}, verification::test::{get_content_from_request, wrap_any_to_device_content},
@ -263,7 +273,8 @@ mod test {
bob_store.save_devices(vec![alice_device.clone()]).await; bob_store.save_devices(vec![alice_device.clone()]).await;
let bob_store: Arc<Box<dyn CryptoStore>> = Arc::new(Box::new(bob_store)); let bob_store: Arc<Box<dyn CryptoStore>> = Arc::new(Box::new(bob_store));
let machine = VerificationMachine::new(alice, Arc::new(Box::new(store))); let identity = Arc::new(Mutex::new(PrivateCrossSigningIdentity::empty(alice_id())));
let machine = VerificationMachine::new(alice, identity, Arc::new(Box::new(store)));
let (bob_sas, start_content) = Sas::start(bob, alice_device, bob_store, None); let (bob_sas, start_content) = Sas::start(bob, alice_device, bob_store, None);
machine machine
.receive_event(&mut wrap_any_to_device_content( .receive_event(&mut wrap_any_to_device_content(
@ -279,8 +290,9 @@ mod test {
#[test] #[test]
fn create() { fn create() {
let alice = ReadOnlyAccount::new(&alice_id(), &alice_device_id()); let alice = ReadOnlyAccount::new(&alice_id(), &alice_device_id());
let identity = Arc::new(Mutex::new(PrivateCrossSigningIdentity::empty(alice_id())));
let store = MemoryStore::new(); let store = MemoryStore::new();
let _ = VerificationMachine::new(alice, Arc::new(Box::new(store))); let _ = VerificationMachine::new(alice, identity, Arc::new(Box::new(store)));
} }
#[tokio::test] #[tokio::test]