crypto: Check that the user ids match for the cross signing keys.
parent
d908d0f817
commit
c2ad298963
|
@ -552,6 +552,18 @@ impl OlmMachine {
|
||||||
} else if user_id == self.user_id() {
|
} else if user_id == self.user_id() {
|
||||||
if let Some(s) = response.user_signing_keys.get(user_id) {
|
if let Some(s) = response.user_signing_keys.get(user_id) {
|
||||||
let user_signing = UserSigningPubkey::from(s);
|
let user_signing = UserSigningPubkey::from(s);
|
||||||
|
|
||||||
|
if master_key.user_id() != user_id
|
||||||
|
|| self_signing.user_id() != user_id
|
||||||
|
|| user_signing.user_id() != user_id
|
||||||
|
{
|
||||||
|
warn!(
|
||||||
|
"User id missmatch in one of the cross signing keys for user {}",
|
||||||
|
user_id
|
||||||
|
);
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
OwnUserIdentity::new(master_key, self_signing, user_signing)
|
OwnUserIdentity::new(master_key, self_signing, user_signing)
|
||||||
.map(UserIdentities::Own)
|
.map(UserIdentities::Own)
|
||||||
} else {
|
} else {
|
||||||
|
@ -562,8 +574,16 @@ impl OlmMachine {
|
||||||
);
|
);
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
if master_key.user_id() != user_id || self_signing.user_id() != user_id {
|
||||||
|
warn!(
|
||||||
|
"User id missmatch in one of the cross signing keys for user {}",
|
||||||
|
user_id
|
||||||
|
);
|
||||||
|
continue;
|
||||||
} else {
|
} else {
|
||||||
UserIdentity::new(master_key, self_signing).map(UserIdentities::Other)
|
UserIdentity::new(master_key, self_signing).map(UserIdentities::Other)
|
||||||
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
match identity {
|
match identity {
|
||||||
|
@ -577,7 +597,7 @@ impl OlmMachine {
|
||||||
}
|
}
|
||||||
Err(e) => {
|
Err(e) => {
|
||||||
warn!(
|
warn!(
|
||||||
"Coulnd't update or create new user identity for {}: {:?}",
|
"Couldn't update or create new user identity for {}: {:?}",
|
||||||
user_id, e
|
user_id, e
|
||||||
);
|
);
|
||||||
continue;
|
continue;
|
||||||
|
|
|
@ -44,7 +44,6 @@ pub struct UserSigningPubkey(Arc<CrossSigningKey>);
|
||||||
impl PartialEq for MasterPubkey {
|
impl PartialEq for MasterPubkey {
|
||||||
fn eq(&self, other: &MasterPubkey) -> bool {
|
fn eq(&self, other: &MasterPubkey) -> bool {
|
||||||
self.0.user_id == other.0.user_id && self.0.keys == other.0.keys
|
self.0.user_id == other.0.user_id && self.0.keys == other.0.keys
|
||||||
// TODO check the usage once `KeyUsage` gets PartialEq.
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -105,6 +104,11 @@ impl<'a> CrossSigningSubKeys<'a> {
|
||||||
}
|
}
|
||||||
|
|
||||||
impl MasterPubkey {
|
impl MasterPubkey {
|
||||||
|
/// Get the user id of the master key's owner.
|
||||||
|
pub fn user_id(&self) -> &UserId {
|
||||||
|
&self.0.user_id
|
||||||
|
}
|
||||||
|
|
||||||
/// Get the master key with the given key id.
|
/// Get the master key with the given key id.
|
||||||
///
|
///
|
||||||
/// # Arguments
|
/// # Arguments
|
||||||
|
@ -133,6 +137,8 @@ impl MasterPubkey {
|
||||||
.next()
|
.next()
|
||||||
.ok_or(SignatureError::MissingSigningKey)?;
|
.ok_or(SignatureError::MissingSigningKey)?;
|
||||||
|
|
||||||
|
let key_id = DeviceKeyId::try_from(key_id.as_str())?;
|
||||||
|
|
||||||
// FIXME `KeyUsage is missing PartialEq.
|
// FIXME `KeyUsage is missing PartialEq.
|
||||||
// if self.0.usage.contains(&KeyUsage::Master) {
|
// if self.0.usage.contains(&KeyUsage::Master) {
|
||||||
// return Err(SignatureError::MissingSigningKey);
|
// return Err(SignatureError::MissingSigningKey);
|
||||||
|
@ -145,7 +151,7 @@ impl MasterPubkey {
|
||||||
|
|
||||||
verify_json(
|
verify_json(
|
||||||
&self.0.user_id,
|
&self.0.user_id,
|
||||||
&DeviceKeyId::try_from(key_id.as_str())?,
|
&key_id,
|
||||||
key,
|
key,
|
||||||
&mut to_value(subkey.cross_signing_key()).map_err(|_| SignatureError::NotAnObject)?,
|
&mut to_value(subkey.cross_signing_key()).map_err(|_| SignatureError::NotAnObject)?,
|
||||||
)
|
)
|
||||||
|
@ -153,6 +159,11 @@ impl MasterPubkey {
|
||||||
}
|
}
|
||||||
|
|
||||||
impl UserSigningPubkey {
|
impl UserSigningPubkey {
|
||||||
|
/// Get the user id of the user signing key's owner.
|
||||||
|
pub fn user_id(&self) -> &UserId {
|
||||||
|
&self.0.user_id
|
||||||
|
}
|
||||||
|
|
||||||
/// Check if the given master key is signed by this user signing key.
|
/// Check if the given master key is signed by this user signing key.
|
||||||
///
|
///
|
||||||
/// # Arguments
|
/// # Arguments
|
||||||
|
@ -182,6 +193,11 @@ impl UserSigningPubkey {
|
||||||
}
|
}
|
||||||
|
|
||||||
impl SelfSigningPubkey {
|
impl SelfSigningPubkey {
|
||||||
|
/// Get the user id of the self signing key's owner.
|
||||||
|
pub fn user_id(&self) -> &UserId {
|
||||||
|
&self.0.user_id
|
||||||
|
}
|
||||||
|
|
||||||
/// Check if the given device is signed by this self signing key.
|
/// Check if the given device is signed by this self signing key.
|
||||||
///
|
///
|
||||||
/// # Arguments
|
/// # Arguments
|
||||||
|
|
Loading…
Reference in New Issue