crypto: Check that the master key and subkeys have the same user id.

matrix_sdk_crypto/src/error.rs

@@ -126,6 +126,9 @@ pub enum SignatureError {
     #[error("the signing key is missing from the object that signed the message")]
     MissingSigningKey,
 
+    #[error("the user id of the signing differs from the subkey user id")]
+    UserIdMissmatch,
+
     #[error("the provided JSON value isn't an object")]
     NotAnObject,
 

matrix_sdk_crypto/src/user_identity.rs

@@ -137,9 +137,12 @@ impl MasterPubkey {
         // if self.0.usage.contains(&KeyUsage::Master) {
         //     return Err(SignatureError::MissingSigningKey);
         // }
-
         let subkey: CrossSigningSubKeys = subkey.into();
 
+        if &self.0.user_id != subkey.user_id() {
+            return Err(SignatureError::UserIdMissmatch);
+        }
+
         verify_json(
             &self.0.user_id,
             &DeviceKeyId::try_from(key_id.as_str())?,