crypto: Don't expose the btree map of the master key dirrectly.
This implements PartialEq for the master key so we can check if they have changed when doing SAS.master
parent
a57f63d614
commit
89b56b5af8
|
@ -13,7 +13,6 @@
|
||||||
// limitations under the License.
|
// limitations under the License.
|
||||||
|
|
||||||
use std::{
|
use std::{
|
||||||
collections::BTreeMap,
|
|
||||||
convert::TryFrom,
|
convert::TryFrom,
|
||||||
sync::{
|
sync::{
|
||||||
atomic::{AtomicBool, Ordering},
|
atomic::{AtomicBool, Ordering},
|
||||||
|
@ -42,6 +41,13 @@ pub struct SelfSigningPubkey(Arc<CrossSigningKey>);
|
||||||
#[derive(Debug, Clone)]
|
#[derive(Debug, Clone)]
|
||||||
pub struct UserSigningPubkey(Arc<CrossSigningKey>);
|
pub struct UserSigningPubkey(Arc<CrossSigningKey>);
|
||||||
|
|
||||||
|
impl PartialEq for MasterPubkey {
|
||||||
|
fn eq(&self, other: &MasterPubkey) -> bool {
|
||||||
|
self.0.user_id == other.0.user_id && self.0.keys == other.0.keys
|
||||||
|
// TODO check the usage once `KeyUsage` gets PartialEq.
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
impl From<&CrossSigningKey> for MasterPubkey {
|
impl From<&CrossSigningKey> for MasterPubkey {
|
||||||
fn from(key: &CrossSigningKey) -> Self {
|
fn from(key: &CrossSigningKey) -> Self {
|
||||||
Self(Arc::new(key.clone()))
|
Self(Arc::new(key.clone()))
|
||||||
|
@ -218,7 +224,8 @@ impl UserIdentities {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn master_key(&self) -> &BTreeMap<String, String> {
|
/// Get the master key of the identity.
|
||||||
|
pub fn master_key(&self) -> &MasterPubkey {
|
||||||
match self {
|
match self {
|
||||||
UserIdentities::Own(i) => i.master_key(),
|
UserIdentities::Own(i) => i.master_key(),
|
||||||
UserIdentities::Other(i) => i.master_key(),
|
UserIdentities::Other(i) => i.master_key(),
|
||||||
|
@ -233,13 +240,6 @@ impl UserIdentities {
|
||||||
_ => None,
|
_ => None,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn other(&self) -> Option<&UserIdentity> {
|
|
||||||
match self {
|
|
||||||
UserIdentities::Other(i) => Some(i),
|
|
||||||
_ => None,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
impl PartialEq for UserIdentities {
|
impl PartialEq for UserIdentities {
|
||||||
|
@ -289,8 +289,9 @@ impl UserIdentity {
|
||||||
&self.user_id
|
&self.user_id
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn master_key(&self) -> &BTreeMap<String, String> {
|
/// Get the public master key of the identity.
|
||||||
&self.master_key.0.keys
|
pub fn master_key(&self) -> &MasterPubkey {
|
||||||
|
&self.master_key
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Update the identity with a new master key and self signing key.
|
/// Update the identity with a new master key and self signing key.
|
||||||
|
@ -377,8 +378,9 @@ impl OwnUserIdentity {
|
||||||
&self.user_id
|
&self.user_id
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn master_key(&self) -> &BTreeMap<String, String> {
|
/// Get the public master key of the identity.
|
||||||
&self.master_key.0.keys
|
pub fn master_key(&self) -> &MasterPubkey {
|
||||||
|
&self.master_key
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Check if the given identity has been signed by this identity.
|
/// Check if the given identity has been signed by this identity.
|
||||||
|
|
|
@ -204,7 +204,7 @@ pub fn receive_mac_event(
|
||||||
return Err(CancelCode::KeyMismatch);
|
return Err(CancelCode::KeyMismatch);
|
||||||
}
|
}
|
||||||
} else if let Some(identity) = &ids.other_identity {
|
} else if let Some(identity) = &ids.other_identity {
|
||||||
if let Some(key) = identity.master_key().get(key_id.as_str()) {
|
if let Some(key) = identity.master_key().get_key(&key_id) {
|
||||||
// TODO we should check that the master key signs the device,
|
// TODO we should check that the master key signs the device,
|
||||||
// this way we know the master key also trusts the device
|
// this way we know the master key also trusts the device
|
||||||
if key_mac
|
if key_mac
|
||||||
|
|
|
@ -246,6 +246,12 @@ impl Sas {
|
||||||
Ok(false)
|
Ok(false)
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
|
warn!(
|
||||||
|
"The master keys of {} have changed while an interactive \
|
||||||
|
verification was going on, not marking the identity as verified.",
|
||||||
|
identity.user_id(),
|
||||||
|
);
|
||||||
|
|
||||||
Ok(false)
|
Ok(false)
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
|
|
Loading…
Reference in New Issue