crypto: Create a trusted public cross signing identity when we create a private one.
This commit is contained in:
parent
44cc1cef71
commit
b67cd4ddd2
4 changed files with 87 additions and 9 deletions
|
@ -1844,8 +1844,6 @@ impl Client {
|
||||||
|
|
||||||
let (request, signature_request) = olm.bootstrap_cross_signing(false).await?;
|
let (request, signature_request) = olm.bootstrap_cross_signing(false).await?;
|
||||||
|
|
||||||
println!("HELLOOO MAKING REQUEST {:#?}", request);
|
|
||||||
|
|
||||||
let request = UploadSigningKeysRequest {
|
let request = UploadSigningKeysRequest {
|
||||||
auth: auth_data,
|
auth: auth_data,
|
||||||
master_key: request.master_key,
|
master_key: request.master_key,
|
||||||
|
|
|
@ -723,6 +723,7 @@ pub(crate) mod test {
|
||||||
use matrix_sdk_common::{
|
use matrix_sdk_common::{
|
||||||
api::r0::keys::get_keys::Response as KeyQueryResponse, identifiers::user_id, locks::Mutex,
|
api::r0::keys::get_keys::Response as KeyQueryResponse, identifiers::user_id, locks::Mutex,
|
||||||
};
|
};
|
||||||
|
use matrix_sdk_test::async_test;
|
||||||
|
|
||||||
use super::{OwnUserIdentity, UserIdentities, UserIdentity};
|
use super::{OwnUserIdentity, UserIdentities, UserIdentity};
|
||||||
|
|
||||||
|
@ -818,4 +819,39 @@ pub(crate) mod test {
|
||||||
assert!(second.trust_state());
|
assert!(second.trust_state());
|
||||||
assert!(!first.trust_state());
|
assert!(!first.trust_state());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#[async_test]
|
||||||
|
async fn own_device_with_private_identity() {
|
||||||
|
let response = own_key_query();
|
||||||
|
let (_, device) = device(&response);
|
||||||
|
|
||||||
|
let account = ReadOnlyAccount::new(device.user_id(), device.device_id());
|
||||||
|
let (identity, _, _) = PrivateCrossSigningIdentity::new_with_account(&account).await;
|
||||||
|
|
||||||
|
let id = Arc::new(Mutex::new(identity.clone()));
|
||||||
|
|
||||||
|
let verification_machine = VerificationMachine::new(
|
||||||
|
ReadOnlyAccount::new(device.user_id(), device.device_id()),
|
||||||
|
id.clone(),
|
||||||
|
Arc::new(Box::new(MemoryStore::new())),
|
||||||
|
);
|
||||||
|
|
||||||
|
let public_identity = identity.as_public_identity().await.unwrap();
|
||||||
|
|
||||||
|
let mut device = Device {
|
||||||
|
inner: device,
|
||||||
|
verification_machine: verification_machine.clone(),
|
||||||
|
private_identity: id.clone(),
|
||||||
|
own_identity: Some(public_identity.clone()),
|
||||||
|
device_owner_identity: Some(public_identity.clone().into()),
|
||||||
|
};
|
||||||
|
|
||||||
|
assert!(!device.trust_state());
|
||||||
|
|
||||||
|
let mut device_keys = device.as_device_keys();
|
||||||
|
|
||||||
|
identity.sign_device_keys(&mut device_keys).await.unwrap();
|
||||||
|
device.inner.signatures = Arc::new(device_keys.signatures);
|
||||||
|
assert!(device.trust_state());
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -392,6 +392,19 @@ impl OlmMachine {
|
||||||
|
|
||||||
*identity = id;
|
*identity = id;
|
||||||
|
|
||||||
|
let public = identity.as_public_identity().await.expect(
|
||||||
|
"Couldn't create a public version of the identity from a new private identity",
|
||||||
|
);
|
||||||
|
|
||||||
|
let changes = Changes {
|
||||||
|
identities: IdentityChanges {
|
||||||
|
new: vec![public.into()],
|
||||||
|
..Default::default()
|
||||||
|
},
|
||||||
|
..Default::default()
|
||||||
|
};
|
||||||
|
|
||||||
|
self.store.save_changes(changes).await?;
|
||||||
self.store.save_identity(identity.clone()).await?;
|
self.store.save_identity(identity.clone()).await?;
|
||||||
Ok((request, signature_request))
|
Ok((request, signature_request))
|
||||||
} else {
|
} else {
|
||||||
|
|
|
@ -32,8 +32,8 @@ use matrix_sdk_common::{
|
||||||
};
|
};
|
||||||
|
|
||||||
use crate::{
|
use crate::{
|
||||||
error::SignatureError, requests::UploadSigningKeysRequest, ReadOnlyAccount, ReadOnlyDevice,
|
error::SignatureError, requests::UploadSigningKeysRequest, OwnUserIdentity, ReadOnlyAccount,
|
||||||
UserIdentity,
|
ReadOnlyDevice, UserIdentity,
|
||||||
};
|
};
|
||||||
|
|
||||||
use pk_signing::{MasterSigning, PickledSignings, SelfSigning, Signing, SigningError, UserSigning};
|
use pk_signing::{MasterSigning, PickledSignings, SelfSigning, Signing, SigningError, UserSigning};
|
||||||
|
@ -103,6 +103,37 @@ impl PrivateCrossSigningIdentity {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
pub(crate) async fn as_public_identity(&self) -> Result<OwnUserIdentity, SignatureError> {
|
||||||
|
let master = self
|
||||||
|
.master_key
|
||||||
|
.lock()
|
||||||
|
.await
|
||||||
|
.as_ref()
|
||||||
|
.ok_or(SignatureError::MissingSigningKey)?
|
||||||
|
.public_key
|
||||||
|
.clone();
|
||||||
|
let self_signing = self
|
||||||
|
.self_signing_key
|
||||||
|
.lock()
|
||||||
|
.await
|
||||||
|
.as_ref()
|
||||||
|
.ok_or(SignatureError::MissingSigningKey)?
|
||||||
|
.public_key
|
||||||
|
.clone();
|
||||||
|
let user_signing = self
|
||||||
|
.user_signing_key
|
||||||
|
.lock()
|
||||||
|
.await
|
||||||
|
.as_ref()
|
||||||
|
.ok_or(SignatureError::MissingSigningKey)?
|
||||||
|
.public_key
|
||||||
|
.clone();
|
||||||
|
let identity = OwnUserIdentity::new(master, self_signing, user_signing)?;
|
||||||
|
identity.mark_as_verified();
|
||||||
|
|
||||||
|
Ok(identity)
|
||||||
|
}
|
||||||
|
|
||||||
/// Sign the given public user identity with this private identity.
|
/// Sign the given public user identity with this private identity.
|
||||||
#[allow(dead_code)]
|
#[allow(dead_code)]
|
||||||
pub(crate) async fn sign_user(
|
pub(crate) async fn sign_user(
|
||||||
|
@ -128,7 +159,7 @@ impl PrivateCrossSigningIdentity {
|
||||||
) -> Result<SignatureUploadRequest, SignatureError> {
|
) -> Result<SignatureUploadRequest, SignatureError> {
|
||||||
let mut device_keys = device.as_device_keys();
|
let mut device_keys = device.as_device_keys();
|
||||||
device_keys.signatures.clear();
|
device_keys.signatures.clear();
|
||||||
self.sign_device_keys(device_keys).await
|
self.sign_device_keys(&mut device_keys).await
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Sign an Olm account with this private identity.
|
/// Sign an Olm account with this private identity.
|
||||||
|
@ -136,13 +167,13 @@ impl PrivateCrossSigningIdentity {
|
||||||
&self,
|
&self,
|
||||||
account: &ReadOnlyAccount,
|
account: &ReadOnlyAccount,
|
||||||
) -> Result<SignatureUploadRequest, SignatureError> {
|
) -> Result<SignatureUploadRequest, SignatureError> {
|
||||||
let device_keys = account.unsigned_device_keys();
|
let mut device_keys = account.unsigned_device_keys();
|
||||||
self.sign_device_keys(device_keys).await
|
self.sign_device_keys(&mut device_keys).await
|
||||||
}
|
}
|
||||||
|
|
||||||
async fn sign_device_keys(
|
pub(crate) async fn sign_device_keys(
|
||||||
&self,
|
&self,
|
||||||
mut device_keys: DeviceKeys,
|
mut device_keys: &mut DeviceKeys,
|
||||||
) -> Result<SignatureUploadRequest, SignatureError> {
|
) -> Result<SignatureUploadRequest, SignatureError> {
|
||||||
self.self_signing_key
|
self.self_signing_key
|
||||||
.lock()
|
.lock()
|
||||||
|
|
Loading…
Reference in a new issue