crypto: Create a trusted public cross signing identity when we create a private one.

This commit is contained in:
Damir Jelić 2020-10-30 13:21:14 +01:00
parent 44cc1cef71
commit b67cd4ddd2
4 changed files with 87 additions and 9 deletions

View file

@ -1844,8 +1844,6 @@ impl Client {
let (request, signature_request) = olm.bootstrap_cross_signing(false).await?; let (request, signature_request) = olm.bootstrap_cross_signing(false).await?;
println!("HELLOOO MAKING REQUEST {:#?}", request);
let request = UploadSigningKeysRequest { let request = UploadSigningKeysRequest {
auth: auth_data, auth: auth_data,
master_key: request.master_key, master_key: request.master_key,

View file

@ -723,6 +723,7 @@ pub(crate) mod test {
use matrix_sdk_common::{ use matrix_sdk_common::{
api::r0::keys::get_keys::Response as KeyQueryResponse, identifiers::user_id, locks::Mutex, api::r0::keys::get_keys::Response as KeyQueryResponse, identifiers::user_id, locks::Mutex,
}; };
use matrix_sdk_test::async_test;
use super::{OwnUserIdentity, UserIdentities, UserIdentity}; use super::{OwnUserIdentity, UserIdentities, UserIdentity};
@ -818,4 +819,39 @@ pub(crate) mod test {
assert!(second.trust_state()); assert!(second.trust_state());
assert!(!first.trust_state()); assert!(!first.trust_state());
} }
#[async_test]
async fn own_device_with_private_identity() {
let response = own_key_query();
let (_, device) = device(&response);
let account = ReadOnlyAccount::new(device.user_id(), device.device_id());
let (identity, _, _) = PrivateCrossSigningIdentity::new_with_account(&account).await;
let id = Arc::new(Mutex::new(identity.clone()));
let verification_machine = VerificationMachine::new(
ReadOnlyAccount::new(device.user_id(), device.device_id()),
id.clone(),
Arc::new(Box::new(MemoryStore::new())),
);
let public_identity = identity.as_public_identity().await.unwrap();
let mut device = Device {
inner: device,
verification_machine: verification_machine.clone(),
private_identity: id.clone(),
own_identity: Some(public_identity.clone()),
device_owner_identity: Some(public_identity.clone().into()),
};
assert!(!device.trust_state());
let mut device_keys = device.as_device_keys();
identity.sign_device_keys(&mut device_keys).await.unwrap();
device.inner.signatures = Arc::new(device_keys.signatures);
assert!(device.trust_state());
}
} }

View file

@ -392,6 +392,19 @@ impl OlmMachine {
*identity = id; *identity = id;
let public = identity.as_public_identity().await.expect(
"Couldn't create a public version of the identity from a new private identity",
);
let changes = Changes {
identities: IdentityChanges {
new: vec![public.into()],
..Default::default()
},
..Default::default()
};
self.store.save_changes(changes).await?;
self.store.save_identity(identity.clone()).await?; self.store.save_identity(identity.clone()).await?;
Ok((request, signature_request)) Ok((request, signature_request))
} else { } else {

View file

@ -32,8 +32,8 @@ use matrix_sdk_common::{
}; };
use crate::{ use crate::{
error::SignatureError, requests::UploadSigningKeysRequest, ReadOnlyAccount, ReadOnlyDevice, error::SignatureError, requests::UploadSigningKeysRequest, OwnUserIdentity, ReadOnlyAccount,
UserIdentity, ReadOnlyDevice, UserIdentity,
}; };
use pk_signing::{MasterSigning, PickledSignings, SelfSigning, Signing, SigningError, UserSigning}; use pk_signing::{MasterSigning, PickledSignings, SelfSigning, Signing, SigningError, UserSigning};
@ -103,6 +103,37 @@ impl PrivateCrossSigningIdentity {
} }
} }
pub(crate) async fn as_public_identity(&self) -> Result<OwnUserIdentity, SignatureError> {
let master = self
.master_key
.lock()
.await
.as_ref()
.ok_or(SignatureError::MissingSigningKey)?
.public_key
.clone();
let self_signing = self
.self_signing_key
.lock()
.await
.as_ref()
.ok_or(SignatureError::MissingSigningKey)?
.public_key
.clone();
let user_signing = self
.user_signing_key
.lock()
.await
.as_ref()
.ok_or(SignatureError::MissingSigningKey)?
.public_key
.clone();
let identity = OwnUserIdentity::new(master, self_signing, user_signing)?;
identity.mark_as_verified();
Ok(identity)
}
/// Sign the given public user identity with this private identity. /// Sign the given public user identity with this private identity.
#[allow(dead_code)] #[allow(dead_code)]
pub(crate) async fn sign_user( pub(crate) async fn sign_user(
@ -128,7 +159,7 @@ impl PrivateCrossSigningIdentity {
) -> Result<SignatureUploadRequest, SignatureError> { ) -> Result<SignatureUploadRequest, SignatureError> {
let mut device_keys = device.as_device_keys(); let mut device_keys = device.as_device_keys();
device_keys.signatures.clear(); device_keys.signatures.clear();
self.sign_device_keys(device_keys).await self.sign_device_keys(&mut device_keys).await
} }
/// Sign an Olm account with this private identity. /// Sign an Olm account with this private identity.
@ -136,13 +167,13 @@ impl PrivateCrossSigningIdentity {
&self, &self,
account: &ReadOnlyAccount, account: &ReadOnlyAccount,
) -> Result<SignatureUploadRequest, SignatureError> { ) -> Result<SignatureUploadRequest, SignatureError> {
let device_keys = account.unsigned_device_keys(); let mut device_keys = account.unsigned_device_keys();
self.sign_device_keys(device_keys).await self.sign_device_keys(&mut device_keys).await
} }
async fn sign_device_keys( pub(crate) async fn sign_device_keys(
&self, &self,
mut device_keys: DeviceKeys, mut device_keys: &mut DeviceKeys,
) -> Result<SignatureUploadRequest, SignatureError> { ) -> Result<SignatureUploadRequest, SignatureError> {
self.self_signing_key self.self_signing_key
.lock() .lock()