crypto: Don't expose the btree map of the master key dirrectly.

This implements PartialEq for the master key so we can check if they
have changed when doing SAS.
master
Damir Jelić 2020-08-20 15:06:49 +02:00
parent a57f63d614
commit 89b56b5af8
3 changed files with 22 additions and 14 deletions

View File

@ -13,7 +13,6 @@
// limitations under the License.
use std::{
collections::BTreeMap,
convert::TryFrom,
sync::{
atomic::{AtomicBool, Ordering},
@ -42,6 +41,13 @@ pub struct SelfSigningPubkey(Arc<CrossSigningKey>);
#[derive(Debug, Clone)]
pub struct UserSigningPubkey(Arc<CrossSigningKey>);
impl PartialEq for MasterPubkey {
fn eq(&self, other: &MasterPubkey) -> bool {
self.0.user_id == other.0.user_id && self.0.keys == other.0.keys
// TODO check the usage once `KeyUsage` gets PartialEq.
}
}
impl From<&CrossSigningKey> for MasterPubkey {
fn from(key: &CrossSigningKey) -> Self {
Self(Arc::new(key.clone()))
@ -218,7 +224,8 @@ impl UserIdentities {
}
}
pub fn master_key(&self) -> &BTreeMap<String, String> {
/// Get the master key of the identity.
pub fn master_key(&self) -> &MasterPubkey {
match self {
UserIdentities::Own(i) => i.master_key(),
UserIdentities::Other(i) => i.master_key(),
@ -233,13 +240,6 @@ impl UserIdentities {
_ => None,
}
}
pub fn other(&self) -> Option<&UserIdentity> {
match self {
UserIdentities::Other(i) => Some(i),
_ => None,
}
}
}
impl PartialEq for UserIdentities {
@ -289,8 +289,9 @@ impl UserIdentity {
&self.user_id
}
pub fn master_key(&self) -> &BTreeMap<String, String> {
&self.master_key.0.keys
/// Get the public master key of the identity.
pub fn master_key(&self) -> &MasterPubkey {
&self.master_key
}
/// Update the identity with a new master key and self signing key.
@ -377,8 +378,9 @@ impl OwnUserIdentity {
&self.user_id
}
pub fn master_key(&self) -> &BTreeMap<String, String> {
&self.master_key.0.keys
/// Get the public master key of the identity.
pub fn master_key(&self) -> &MasterPubkey {
&self.master_key
}
/// Check if the given identity has been signed by this identity.

View File

@ -204,7 +204,7 @@ pub fn receive_mac_event(
return Err(CancelCode::KeyMismatch);
}
} else if let Some(identity) = &ids.other_identity {
if let Some(key) = identity.master_key().get(key_id.as_str()) {
if let Some(key) = identity.master_key().get_key(&key_id) {
// TODO we should check that the master key signs the device,
// this way we know the master key also trusts the device
if key_mac

View File

@ -246,6 +246,12 @@ impl Sas {
Ok(false)
}
} else {
warn!(
"The master keys of {} have changed while an interactive \
verification was going on, not marking the identity as verified.",
identity.user_id(),
);
Ok(false)
}
} else {