crypto: Use CanonicalJsonValue for all the signature calculations.

master
Damir Jelić 2020-12-22 14:12:57 +01:00
parent d4327d4cfc
commit d39e3141fc
3 changed files with 13 additions and 9 deletions

View File

@ -43,7 +43,7 @@ use matrix_sdk_common::{
instant::Instant, instant::Instant,
js_int::UInt, js_int::UInt,
locks::Mutex, locks::Mutex,
Raw, CanonicalJsonValue, Raw,
}; };
use olm_rs::{ use olm_rs::{
account::{IdentityKeys, OlmAccount, OneTimeKeys}, account::{IdentityKeys, OlmAccount, OneTimeKeys},
@ -743,7 +743,7 @@ impl ReadOnlyAccount {
.or_insert_with(BTreeMap::new) .or_insert_with(BTreeMap::new)
.insert( .insert(
DeviceKeyId::from_parts(DeviceKeyAlgorithm::Ed25519, &self.device_id), DeviceKeyId::from_parts(DeviceKeyAlgorithm::Ed25519, &self.device_id),
self.sign_json(&json_device_keys).await, self.sign_json(json_device_keys).await,
); );
device_keys device_keys
@ -770,8 +770,10 @@ impl ReadOnlyAccount {
/// # Panic /// # Panic
/// ///
/// Panics if the json value can't be serialized. /// Panics if the json value can't be serialized.
pub async fn sign_json(&self, json: &Value) -> String { pub async fn sign_json(&self, json: Value) -> String {
self.sign(&json.to_string()).await let canonical_json: CanonicalJsonValue =
json.try_into().expect("Can't canonicalize the json value");
self.sign(&canonical_json.to_string()).await
} }
pub(crate) async fn signed_one_time_keys_helper( pub(crate) async fn signed_one_time_keys_helper(
@ -785,7 +787,7 @@ impl ReadOnlyAccount {
"key": key, "key": key,
}); });
let signature = self.sign_json(&key_json).await; let signature = self.sign_json(key_json).await;
let mut signature_map = BTreeMap::new(); let mut signature_map = BTreeMap::new();

View File

@ -214,7 +214,7 @@ impl PrivateCrossSigningIdentity {
master.cross_signing_key(account.user_id().to_owned(), KeyUsage::Master); master.cross_signing_key(account.user_id().to_owned(), KeyUsage::Master);
let signature = account let signature = account
.sign_json( .sign_json(
&serde_json::to_value(&public_key) serde_json::to_value(&public_key)
.expect("Can't convert own public master key to json"), .expect("Can't convert own public master key to json"),
) )
.await; .await;

View File

@ -23,7 +23,7 @@ use matrix_sdk_common::{
}; };
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
use serde_json::{json, Error as JsonError, Value}; use serde_json::{json, Error as JsonError, Value};
use std::{collections::BTreeMap, sync::Arc}; use std::{collections::BTreeMap, convert::TryInto, sync::Arc};
use thiserror::Error; use thiserror::Error;
use zeroize::Zeroizing; use zeroize::Zeroizing;
@ -36,6 +36,7 @@ use matrix_sdk_common::{
api::r0::keys::{CrossSigningKey, KeyUsage}, api::r0::keys::{CrossSigningKey, KeyUsage},
identifiers::UserId, identifiers::UserId,
locks::Mutex, locks::Mutex,
CanonicalJsonValue,
}; };
use crate::{ use crate::{
@ -404,8 +405,9 @@ impl Signing {
pub async fn sign_json(&self, mut json: Value) -> Result<Signature, SignatureError> { pub async fn sign_json(&self, mut json: Value) -> Result<Signature, SignatureError> {
let json_object = json.as_object_mut().ok_or(SignatureError::NotAnObject)?; let json_object = json.as_object_mut().ok_or(SignatureError::NotAnObject)?;
let _ = json_object.remove("signatures"); let _ = json_object.remove("signatures");
let canonical_json = serde_json::to_string(json_object)?; let canonical_json: CanonicalJsonValue =
Ok(self.sign(&canonical_json).await) json.try_into().expect("Can't canonicalize the json value");
Ok(self.sign(&canonical_json.to_string()).await)
} }
pub async fn sign(&self, message: &str) -> Signature { pub async fn sign(&self, message: &str) -> Signature {