crypto: When we check the signature of a device use the DeviceKeys struct

This commit is contained in:
Damir Jelić 2021-08-04 10:55:41 +02:00
parent 2cf6ad21d3
commit e401c87246
2 changed files with 19 additions and 23 deletions

View file

@ -539,21 +539,11 @@ impl ReadOnlyDevice {
) )
} }
pub(crate) fn as_signature_message(&self) -> Value {
json!({
"user_id": &*self.user_id,
"device_id": &*self.device_id,
"keys": &*self.keys,
"algorithms": &*self.algorithms,
"signatures": &*self.signatures,
})
}
pub(crate) fn verify_device_keys( pub(crate) fn verify_device_keys(
&self, &self,
device_keys: &DeviceKeys, device_keys: &DeviceKeys,
) -> Result<(), SignatureError> { ) -> Result<(), SignatureError> {
let mut device_keys = serde_json::to_value(device_keys).unwrap(); let mut device_keys = serde_json::to_value(device_keys)?;
self.is_signed_by_device(&mut device_keys) self.is_signed_by_device(&mut device_keys)
} }

View file

@ -23,7 +23,7 @@ use std::{
}; };
use ruma::{ use ruma::{
encryption::{CrossSigningKey, KeyUsage}, encryption::{CrossSigningKey, DeviceKeys, KeyUsage},
events::{ events::{
key::verification::VerificationMethod, room::message::KeyVerificationRequestEventContent, key::verification::VerificationMethod, room::message::KeyVerificationRequestEventContent,
}, },
@ -494,6 +494,22 @@ impl SelfSigningPubkey {
&self.0.keys &self.0.keys
} }
pub(crate) fn verify_device_keys(&self, device_keys: DeviceKeys) -> Result<(), SignatureError> {
let (key_id, key) = self.0.keys.iter().next().ok_or(SignatureError::MissingSigningKey)?;
// TODO check that the usage is OK.
let mut device = to_value(device_keys)?;
let utility = Utility::new();
utility.verify_json(
&self.0.user_id,
&DeviceKeyId::try_from(key_id.as_str())?,
key,
&mut device,
)
}
/// Check if the given device is signed by this self signing key. /// Check if the given device is signed by this self signing key.
/// ///
/// # Arguments /// # Arguments
@ -503,17 +519,7 @@ impl SelfSigningPubkey {
/// Returns an empty result if the signature check succeeded, otherwise a /// Returns an empty result if the signature check succeeded, otherwise a
/// SignatureError indicating why the check failed. /// SignatureError indicating why the check failed.
pub(crate) fn verify_device(&self, device: &ReadOnlyDevice) -> Result<(), SignatureError> { pub(crate) fn verify_device(&self, device: &ReadOnlyDevice) -> Result<(), SignatureError> {
let (key_id, key) = self.0.keys.iter().next().ok_or(SignatureError::MissingSigningKey)?; self.verify_device_keys(device.as_device_keys())
// TODO check that the usage is OK.
let utility = Utility::new();
utility.verify_json(
&self.0.user_id,
&DeviceKeyId::try_from(key_id.as_str())?,
key,
&mut device.as_signature_message(),
)
} }
} }