crypto: Create a trusted public cross signing identity when we create a private one.

2020-10-30 13:21:14 +01:00 · 2020-10-30 13:21:14 +01:00 · b67cd4ddd2
parent 44cc1cef71
commit b67cd4ddd2
4 changed files with 87 additions and 9 deletions
--- a/matrix_sdk/src/client.rs
+++ b/matrix_sdk/src/client.rs
@ -1844,8 +1844,6 @@ impl Client {

        let (request, signature_request) = olm.bootstrap_cross_signing(false).await?;

-        println!("HELLOOO MAKING REQUEST {:#?}", request);
-
        let request = UploadSigningKeysRequest {
            auth: auth_data,
            master_key: request.master_key,
--- a/matrix_sdk_crypto/src/identities/user.rs
+++ b/matrix_sdk_crypto/src/identities/user.rs
@ -723,6 +723,7 @@ pub(crate) mod test {
    use matrix_sdk_common::{
        api::r0::keys::get_keys::Response as KeyQueryResponse, identifiers::user_id, locks::Mutex,
    };
+    use matrix_sdk_test::async_test;

    use super::{OwnUserIdentity, UserIdentities, UserIdentity};

@ -818,4 +819,39 @@ pub(crate) mod test {
        assert!(second.trust_state());
        assert!(!first.trust_state());
    }
+
+    #[async_test]
+    async fn own_device_with_private_identity() {
+        let response = own_key_query();
+        let (_, device) = device(&response);
+
+        let account = ReadOnlyAccount::new(device.user_id(), device.device_id());
+        let (identity, _, _) = PrivateCrossSigningIdentity::new_with_account(&account).await;
+
+        let id = Arc::new(Mutex::new(identity.clone()));
+
+        let verification_machine = VerificationMachine::new(
+            ReadOnlyAccount::new(device.user_id(), device.device_id()),
+            id.clone(),
+            Arc::new(Box::new(MemoryStore::new())),
+        );
+
+        let public_identity = identity.as_public_identity().await.unwrap();
+
+        let mut device = Device {
+            inner: device,
+            verification_machine: verification_machine.clone(),
+            private_identity: id.clone(),
+            own_identity: Some(public_identity.clone()),
+            device_owner_identity: Some(public_identity.clone().into()),
+        };
+
+        assert!(!device.trust_state());
+
+        let mut device_keys = device.as_device_keys();
+
+        identity.sign_device_keys(&mut device_keys).await.unwrap();
+        device.inner.signatures = Arc::new(device_keys.signatures);
+        assert!(device.trust_state());
+    }
 }
--- a/matrix_sdk_crypto/src/machine.rs
+++ b/matrix_sdk_crypto/src/machine.rs
@ -392,6 +392,19 @@ impl OlmMachine {

            *identity = id;

+            let public = identity.as_public_identity().await.expect(
+                "Couldn't create a public version of the identity from a new private identity",
+            );
+
+            let changes = Changes {
+                identities: IdentityChanges {
+                    new: vec![public.into()],
+                    ..Default::default()
+                },
+                ..Default::default()
+            };
+
+            self.store.save_changes(changes).await?;
            self.store.save_identity(identity.clone()).await?;
            Ok((request, signature_request))
        } else {
--- a/matrix_sdk_crypto/src/olm/signing/mod.rs
+++ b/matrix_sdk_crypto/src/olm/signing/mod.rs
@ -32,8 +32,8 @@ use matrix_sdk_common::{
 };

 use crate::{
-    error::SignatureError, requests::UploadSigningKeysRequest, ReadOnlyAccount, ReadOnlyDevice,
-    UserIdentity,
+    error::SignatureError, requests::UploadSigningKeysRequest, OwnUserIdentity, ReadOnlyAccount,
+    ReadOnlyDevice, UserIdentity,
 };

 use pk_signing::{MasterSigning, PickledSignings, SelfSigning, Signing, SigningError, UserSigning};
@ -103,6 +103,37 @@ impl PrivateCrossSigningIdentity {
        }
    }

+    pub(crate) async fn as_public_identity(&self) -> Result<OwnUserIdentity, SignatureError> {
+        let master = self
+            .master_key
+            .lock()
+            .await
+            .as_ref()
+            .ok_or(SignatureError::MissingSigningKey)?
+            .public_key
+            .clone();
+        let self_signing = self
+            .self_signing_key
+            .lock()
+            .await
+            .as_ref()
+            .ok_or(SignatureError::MissingSigningKey)?
+            .public_key
+            .clone();
+        let user_signing = self
+            .user_signing_key
+            .lock()
+            .await
+            .as_ref()
+            .ok_or(SignatureError::MissingSigningKey)?
+            .public_key
+            .clone();
+        let identity = OwnUserIdentity::new(master, self_signing, user_signing)?;
+        identity.mark_as_verified();
+
+        Ok(identity)
+    }
+
    /// Sign the given public user identity with this private identity.
    #[allow(dead_code)]
    pub(crate) async fn sign_user(
@ -128,7 +159,7 @@ impl PrivateCrossSigningIdentity {
    ) -> Result<SignatureUploadRequest, SignatureError> {
        let mut device_keys = device.as_device_keys();
        device_keys.signatures.clear();
-        self.sign_device_keys(device_keys).await
+        self.sign_device_keys(&mut device_keys).await
    }

    /// Sign an Olm account with this private identity.
@ -136,13 +167,13 @@ impl PrivateCrossSigningIdentity {
        &self,
        account: &ReadOnlyAccount,
    ) -> Result<SignatureUploadRequest, SignatureError> {
-        let device_keys = account.unsigned_device_keys();
-        self.sign_device_keys(device_keys).await
+        let mut device_keys = account.unsigned_device_keys();
+        self.sign_device_keys(&mut device_keys).await
    }

-    async fn sign_device_keys(
+    pub(crate) async fn sign_device_keys(
        &self,
-        mut device_keys: DeviceKeys,
+        mut device_keys: &mut DeviceKeys,
    ) -> Result<SignatureUploadRequest, SignatureError> {
        self.self_signing_key
            .lock()