crypto: Don't expose the btree map of the master key dirrectly.

This implements PartialEq for the master key so we can check if they
have changed when doing SAS.

matrix_sdk_crypto/src/user_identity.rs

@@ -13,7 +13,6 @@
 // limitations under the License.
 
 use std::{
-    collections::BTreeMap,
     convert::TryFrom,
     sync::{
         atomic::{AtomicBool, Ordering},
@@ -42,6 +41,13 @@ pub struct SelfSigningPubkey(Arc<CrossSigningKey>);
 #[derive(Debug, Clone)]
 pub struct UserSigningPubkey(Arc<CrossSigningKey>);
 
+impl PartialEq for MasterPubkey {
+    fn eq(&self, other: &MasterPubkey) -> bool {
+        self.0.user_id == other.0.user_id && self.0.keys == other.0.keys
+        // TODO check the usage once `KeyUsage` gets PartialEq.
+    }
+}
+
 impl From<&CrossSigningKey> for MasterPubkey {
     fn from(key: &CrossSigningKey) -> Self {
         Self(Arc::new(key.clone()))
@@ -218,7 +224,8 @@ impl UserIdentities {
         }
     }
 
-    pub fn master_key(&self) -> &BTreeMap<String, String> {
+    /// Get the master key of the identity.
+    pub fn master_key(&self) -> &MasterPubkey {
         match self {
             UserIdentities::Own(i) => i.master_key(),
             UserIdentities::Other(i) => i.master_key(),
@@ -233,13 +240,6 @@ impl UserIdentities {
             _ => None,
         }
     }
-
-    pub fn other(&self) -> Option<&UserIdentity> {
-        match self {
-            UserIdentities::Other(i) => Some(i),
-            _ => None,
-        }
-    }
 }
 
 impl PartialEq for UserIdentities {
@@ -289,8 +289,9 @@ impl UserIdentity {
         &self.user_id
     }
 
-    pub fn master_key(&self) -> &BTreeMap<String, String> {
-        &self.master_key.0.keys
+    /// Get the public master key of the identity.
+    pub fn master_key(&self) -> &MasterPubkey {
+        &self.master_key
     }
 
     /// Update the identity with a new master key and self signing key.
@@ -377,8 +378,9 @@ impl OwnUserIdentity {
         &self.user_id
     }
 
-    pub fn master_key(&self) -> &BTreeMap<String, String> {
-        &self.master_key.0.keys
+    /// Get the public master key of the identity.
+    pub fn master_key(&self) -> &MasterPubkey {
+        &self.master_key
     }
 
     /// Check if the given identity has been signed by this identity.

matrix_sdk_crypto/src/verification/sas/helpers.rs

@@ -204,7 +204,7 @@ pub fn receive_mac_event(
                 return Err(CancelCode::KeyMismatch);
             }
         } else if let Some(identity) = &ids.other_identity {
-            if let Some(key) = identity.master_key().get(key_id.as_str()) {
+            if let Some(key) = identity.master_key().get_key(&key_id) {
                 // TODO we should check that the master key signs the device,
                 // this way we know the master key also trusts the device
                 if key_mac

matrix_sdk_crypto/src/verification/sas/mod.rs

@@ -246,6 +246,12 @@ impl Sas {
                     Ok(false)
                 }
             } else {
+                warn!(
+                    "The master keys of {} have changed while an interactive \
+                      verification was going on, not marking the identity as verified.",
+                    identity.user_id(),
+                );
+
                 Ok(false)
             }
         } else {