From d39e3141fcc5f3d8c46d7dcf3b83a842dc49c53d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Damir=20Jeli=C4=87?= Date: Tue, 22 Dec 2020 14:12:57 +0100 Subject: [PATCH] crypto: Use CanonicalJsonValue for all the signature calculations. --- matrix_sdk_crypto/src/olm/account.rs | 12 +++++++----- matrix_sdk_crypto/src/olm/signing/mod.rs | 2 +- matrix_sdk_crypto/src/olm/signing/pk_signing.rs | 8 +++++--- 3 files changed, 13 insertions(+), 9 deletions(-) diff --git a/matrix_sdk_crypto/src/olm/account.rs b/matrix_sdk_crypto/src/olm/account.rs index 9b6551bd..c619ffeb 100644 --- a/matrix_sdk_crypto/src/olm/account.rs +++ b/matrix_sdk_crypto/src/olm/account.rs @@ -43,7 +43,7 @@ use matrix_sdk_common::{ instant::Instant, js_int::UInt, locks::Mutex, - Raw, + CanonicalJsonValue, Raw, }; use olm_rs::{ account::{IdentityKeys, OlmAccount, OneTimeKeys}, @@ -743,7 +743,7 @@ impl ReadOnlyAccount { .or_insert_with(BTreeMap::new) .insert( DeviceKeyId::from_parts(DeviceKeyAlgorithm::Ed25519, &self.device_id), - self.sign_json(&json_device_keys).await, + self.sign_json(json_device_keys).await, ); device_keys @@ -770,8 +770,10 @@ impl ReadOnlyAccount { /// # Panic /// /// Panics if the json value can't be serialized. - pub async fn sign_json(&self, json: &Value) -> String { - self.sign(&json.to_string()).await + pub async fn sign_json(&self, json: Value) -> String { + let canonical_json: CanonicalJsonValue = + json.try_into().expect("Can't canonicalize the json value"); + self.sign(&canonical_json.to_string()).await } pub(crate) async fn signed_one_time_keys_helper( @@ -785,7 +787,7 @@ impl ReadOnlyAccount { "key": key, }); - let signature = self.sign_json(&key_json).await; + let signature = self.sign_json(key_json).await; let mut signature_map = BTreeMap::new(); diff --git a/matrix_sdk_crypto/src/olm/signing/mod.rs b/matrix_sdk_crypto/src/olm/signing/mod.rs index 0e73f73e..1208edf1 100644 --- a/matrix_sdk_crypto/src/olm/signing/mod.rs +++ b/matrix_sdk_crypto/src/olm/signing/mod.rs @@ -214,7 +214,7 @@ impl PrivateCrossSigningIdentity { master.cross_signing_key(account.user_id().to_owned(), KeyUsage::Master); let signature = account .sign_json( - &serde_json::to_value(&public_key) + serde_json::to_value(&public_key) .expect("Can't convert own public master key to json"), ) .await; diff --git a/matrix_sdk_crypto/src/olm/signing/pk_signing.rs b/matrix_sdk_crypto/src/olm/signing/pk_signing.rs index 661c7a61..b78d11e1 100644 --- a/matrix_sdk_crypto/src/olm/signing/pk_signing.rs +++ b/matrix_sdk_crypto/src/olm/signing/pk_signing.rs @@ -23,7 +23,7 @@ use matrix_sdk_common::{ }; use serde::{Deserialize, Serialize}; use serde_json::{json, Error as JsonError, Value}; -use std::{collections::BTreeMap, sync::Arc}; +use std::{collections::BTreeMap, convert::TryInto, sync::Arc}; use thiserror::Error; use zeroize::Zeroizing; @@ -36,6 +36,7 @@ use matrix_sdk_common::{ api::r0::keys::{CrossSigningKey, KeyUsage}, identifiers::UserId, locks::Mutex, + CanonicalJsonValue, }; use crate::{ @@ -404,8 +405,9 @@ impl Signing { pub async fn sign_json(&self, mut json: Value) -> Result { let json_object = json.as_object_mut().ok_or(SignatureError::NotAnObject)?; let _ = json_object.remove("signatures"); - let canonical_json = serde_json::to_string(json_object)?; - Ok(self.sign(&canonical_json).await) + let canonical_json: CanonicalJsonValue = + json.try_into().expect("Can't canonicalize the json value"); + Ok(self.sign(&canonical_json.to_string()).await) } pub async fn sign(&self, message: &str) -> Signature {