crypto: Check that the user ids match for the cross signing keys.

master
Damir Jelić 2020-08-20 15:40:49 +02:00
parent d908d0f817
commit c2ad298963
2 changed files with 40 additions and 4 deletions

View File

@ -552,6 +552,18 @@ impl OlmMachine {
} else if user_id == self.user_id() { } else if user_id == self.user_id() {
if let Some(s) = response.user_signing_keys.get(user_id) { if let Some(s) = response.user_signing_keys.get(user_id) {
let user_signing = UserSigningPubkey::from(s); let user_signing = UserSigningPubkey::from(s);
if master_key.user_id() != user_id
|| self_signing.user_id() != user_id
|| user_signing.user_id() != user_id
{
warn!(
"User id missmatch in one of the cross signing keys for user {}",
user_id
);
continue;
}
OwnUserIdentity::new(master_key, self_signing, user_signing) OwnUserIdentity::new(master_key, self_signing, user_signing)
.map(UserIdentities::Own) .map(UserIdentities::Own)
} else { } else {
@ -562,8 +574,16 @@ impl OlmMachine {
); );
continue; continue;
} }
} else {
if master_key.user_id() != user_id || self_signing.user_id() != user_id {
warn!(
"User id missmatch in one of the cross signing keys for user {}",
user_id
);
continue;
} else { } else {
UserIdentity::new(master_key, self_signing).map(UserIdentities::Other) UserIdentity::new(master_key, self_signing).map(UserIdentities::Other)
}
}; };
match identity { match identity {
@ -577,7 +597,7 @@ impl OlmMachine {
} }
Err(e) => { Err(e) => {
warn!( warn!(
"Coulnd't update or create new user identity for {}: {:?}", "Couldn't update or create new user identity for {}: {:?}",
user_id, e user_id, e
); );
continue; continue;

View File

@ -44,7 +44,6 @@ pub struct UserSigningPubkey(Arc<CrossSigningKey>);
impl PartialEq for MasterPubkey { impl PartialEq for MasterPubkey {
fn eq(&self, other: &MasterPubkey) -> bool { fn eq(&self, other: &MasterPubkey) -> bool {
self.0.user_id == other.0.user_id && self.0.keys == other.0.keys self.0.user_id == other.0.user_id && self.0.keys == other.0.keys
// TODO check the usage once `KeyUsage` gets PartialEq.
} }
} }
@ -105,6 +104,11 @@ impl<'a> CrossSigningSubKeys<'a> {
} }
impl MasterPubkey { impl MasterPubkey {
/// Get the user id of the master key's owner.
pub fn user_id(&self) -> &UserId {
&self.0.user_id
}
/// Get the master key with the given key id. /// Get the master key with the given key id.
/// ///
/// # Arguments /// # Arguments
@ -133,6 +137,8 @@ impl MasterPubkey {
.next() .next()
.ok_or(SignatureError::MissingSigningKey)?; .ok_or(SignatureError::MissingSigningKey)?;
let key_id = DeviceKeyId::try_from(key_id.as_str())?;
// FIXME `KeyUsage is missing PartialEq. // FIXME `KeyUsage is missing PartialEq.
// if self.0.usage.contains(&KeyUsage::Master) { // if self.0.usage.contains(&KeyUsage::Master) {
// return Err(SignatureError::MissingSigningKey); // return Err(SignatureError::MissingSigningKey);
@ -145,7 +151,7 @@ impl MasterPubkey {
verify_json( verify_json(
&self.0.user_id, &self.0.user_id,
&DeviceKeyId::try_from(key_id.as_str())?, &key_id,
key, key,
&mut to_value(subkey.cross_signing_key()).map_err(|_| SignatureError::NotAnObject)?, &mut to_value(subkey.cross_signing_key()).map_err(|_| SignatureError::NotAnObject)?,
) )
@ -153,6 +159,11 @@ impl MasterPubkey {
} }
impl UserSigningPubkey { impl UserSigningPubkey {
/// Get the user id of the user signing key's owner.
pub fn user_id(&self) -> &UserId {
&self.0.user_id
}
/// Check if the given master key is signed by this user signing key. /// Check if the given master key is signed by this user signing key.
/// ///
/// # Arguments /// # Arguments
@ -182,6 +193,11 @@ impl UserSigningPubkey {
} }
impl SelfSigningPubkey { impl SelfSigningPubkey {
/// Get the user id of the self signing key's owner.
pub fn user_id(&self) -> &UserId {
&self.0.user_id
}
/// Check if the given device is signed by this self signing key. /// Check if the given device is signed by this self signing key.
/// ///
/// # Arguments /// # Arguments