crypto: Create a trusted public cross signing identity when we create a private one.
This commit is contained in:
parent
44cc1cef71
commit
b67cd4ddd2
4 changed files with 87 additions and 9 deletions
|
@ -1844,8 +1844,6 @@ impl Client {
|
|||
|
||||
let (request, signature_request) = olm.bootstrap_cross_signing(false).await?;
|
||||
|
||||
println!("HELLOOO MAKING REQUEST {:#?}", request);
|
||||
|
||||
let request = UploadSigningKeysRequest {
|
||||
auth: auth_data,
|
||||
master_key: request.master_key,
|
||||
|
|
|
@ -723,6 +723,7 @@ pub(crate) mod test {
|
|||
use matrix_sdk_common::{
|
||||
api::r0::keys::get_keys::Response as KeyQueryResponse, identifiers::user_id, locks::Mutex,
|
||||
};
|
||||
use matrix_sdk_test::async_test;
|
||||
|
||||
use super::{OwnUserIdentity, UserIdentities, UserIdentity};
|
||||
|
||||
|
@ -818,4 +819,39 @@ pub(crate) mod test {
|
|||
assert!(second.trust_state());
|
||||
assert!(!first.trust_state());
|
||||
}
|
||||
|
||||
#[async_test]
|
||||
async fn own_device_with_private_identity() {
|
||||
let response = own_key_query();
|
||||
let (_, device) = device(&response);
|
||||
|
||||
let account = ReadOnlyAccount::new(device.user_id(), device.device_id());
|
||||
let (identity, _, _) = PrivateCrossSigningIdentity::new_with_account(&account).await;
|
||||
|
||||
let id = Arc::new(Mutex::new(identity.clone()));
|
||||
|
||||
let verification_machine = VerificationMachine::new(
|
||||
ReadOnlyAccount::new(device.user_id(), device.device_id()),
|
||||
id.clone(),
|
||||
Arc::new(Box::new(MemoryStore::new())),
|
||||
);
|
||||
|
||||
let public_identity = identity.as_public_identity().await.unwrap();
|
||||
|
||||
let mut device = Device {
|
||||
inner: device,
|
||||
verification_machine: verification_machine.clone(),
|
||||
private_identity: id.clone(),
|
||||
own_identity: Some(public_identity.clone()),
|
||||
device_owner_identity: Some(public_identity.clone().into()),
|
||||
};
|
||||
|
||||
assert!(!device.trust_state());
|
||||
|
||||
let mut device_keys = device.as_device_keys();
|
||||
|
||||
identity.sign_device_keys(&mut device_keys).await.unwrap();
|
||||
device.inner.signatures = Arc::new(device_keys.signatures);
|
||||
assert!(device.trust_state());
|
||||
}
|
||||
}
|
||||
|
|
|
@ -392,6 +392,19 @@ impl OlmMachine {
|
|||
|
||||
*identity = id;
|
||||
|
||||
let public = identity.as_public_identity().await.expect(
|
||||
"Couldn't create a public version of the identity from a new private identity",
|
||||
);
|
||||
|
||||
let changes = Changes {
|
||||
identities: IdentityChanges {
|
||||
new: vec![public.into()],
|
||||
..Default::default()
|
||||
},
|
||||
..Default::default()
|
||||
};
|
||||
|
||||
self.store.save_changes(changes).await?;
|
||||
self.store.save_identity(identity.clone()).await?;
|
||||
Ok((request, signature_request))
|
||||
} else {
|
||||
|
|
|
@ -32,8 +32,8 @@ use matrix_sdk_common::{
|
|||
};
|
||||
|
||||
use crate::{
|
||||
error::SignatureError, requests::UploadSigningKeysRequest, ReadOnlyAccount, ReadOnlyDevice,
|
||||
UserIdentity,
|
||||
error::SignatureError, requests::UploadSigningKeysRequest, OwnUserIdentity, ReadOnlyAccount,
|
||||
ReadOnlyDevice, UserIdentity,
|
||||
};
|
||||
|
||||
use pk_signing::{MasterSigning, PickledSignings, SelfSigning, Signing, SigningError, UserSigning};
|
||||
|
@ -103,6 +103,37 @@ impl PrivateCrossSigningIdentity {
|
|||
}
|
||||
}
|
||||
|
||||
pub(crate) async fn as_public_identity(&self) -> Result<OwnUserIdentity, SignatureError> {
|
||||
let master = self
|
||||
.master_key
|
||||
.lock()
|
||||
.await
|
||||
.as_ref()
|
||||
.ok_or(SignatureError::MissingSigningKey)?
|
||||
.public_key
|
||||
.clone();
|
||||
let self_signing = self
|
||||
.self_signing_key
|
||||
.lock()
|
||||
.await
|
||||
.as_ref()
|
||||
.ok_or(SignatureError::MissingSigningKey)?
|
||||
.public_key
|
||||
.clone();
|
||||
let user_signing = self
|
||||
.user_signing_key
|
||||
.lock()
|
||||
.await
|
||||
.as_ref()
|
||||
.ok_or(SignatureError::MissingSigningKey)?
|
||||
.public_key
|
||||
.clone();
|
||||
let identity = OwnUserIdentity::new(master, self_signing, user_signing)?;
|
||||
identity.mark_as_verified();
|
||||
|
||||
Ok(identity)
|
||||
}
|
||||
|
||||
/// Sign the given public user identity with this private identity.
|
||||
#[allow(dead_code)]
|
||||
pub(crate) async fn sign_user(
|
||||
|
@ -128,7 +159,7 @@ impl PrivateCrossSigningIdentity {
|
|||
) -> Result<SignatureUploadRequest, SignatureError> {
|
||||
let mut device_keys = device.as_device_keys();
|
||||
device_keys.signatures.clear();
|
||||
self.sign_device_keys(device_keys).await
|
||||
self.sign_device_keys(&mut device_keys).await
|
||||
}
|
||||
|
||||
/// Sign an Olm account with this private identity.
|
||||
|
@ -136,13 +167,13 @@ impl PrivateCrossSigningIdentity {
|
|||
&self,
|
||||
account: &ReadOnlyAccount,
|
||||
) -> Result<SignatureUploadRequest, SignatureError> {
|
||||
let device_keys = account.unsigned_device_keys();
|
||||
self.sign_device_keys(device_keys).await
|
||||
let mut device_keys = account.unsigned_device_keys();
|
||||
self.sign_device_keys(&mut device_keys).await
|
||||
}
|
||||
|
||||
async fn sign_device_keys(
|
||||
pub(crate) async fn sign_device_keys(
|
||||
&self,
|
||||
mut device_keys: DeviceKeys,
|
||||
mut device_keys: &mut DeviceKeys,
|
||||
) -> Result<SignatureUploadRequest, SignatureError> {
|
||||
self.self_signing_key
|
||||
.lock()
|
||||
|
|
Loading…
Reference in a new issue