crypto: Don't allow user identities to verify devices of other users.

master
Damir Jelić 2020-08-20 15:17:19 +02:00
parent 9edc876160
commit d908d0f817
1 changed files with 8 additions and 0 deletions

View File

@ -332,6 +332,10 @@ impl UserIdentity {
/// Returns an empty result if the signature check succeeded, otherwise a /// Returns an empty result if the signature check succeeded, otherwise a
/// SignatureError indicating why the check failed. /// SignatureError indicating why the check failed.
pub fn is_device_signed(&self, device: &ReadOnlyDevice) -> Result<(), SignatureError> { pub fn is_device_signed(&self, device: &ReadOnlyDevice) -> Result<(), SignatureError> {
if self.user_id() != device.user_id() {
return Err(SignatureError::UserIdMissmatch);
}
self.self_signing_key.verify_device(device) self.self_signing_key.verify_device(device)
} }
} }
@ -413,6 +417,10 @@ impl OwnUserIdentity {
/// Returns an empty result if the signature check succeeded, otherwise a /// Returns an empty result if the signature check succeeded, otherwise a
/// SignatureError indicating why the check failed. /// SignatureError indicating why the check failed.
pub fn is_device_signed(&self, device: &ReadOnlyDevice) -> Result<(), SignatureError> { pub fn is_device_signed(&self, device: &ReadOnlyDevice) -> Result<(), SignatureError> {
if self.user_id() != device.user_id() {
return Err(SignatureError::UserIdMissmatch);
}
self.self_signing_key.verify_device(device) self.self_signing_key.verify_device(device)
} }