crypto: When we check the signature of a device use the DeviceKeys struct
This commit is contained in:
parent
2cf6ad21d3
commit
e401c87246
2 changed files with 19 additions and 23 deletions
|
@ -539,21 +539,11 @@ impl ReadOnlyDevice {
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
pub(crate) fn as_signature_message(&self) -> Value {
|
|
||||||
json!({
|
|
||||||
"user_id": &*self.user_id,
|
|
||||||
"device_id": &*self.device_id,
|
|
||||||
"keys": &*self.keys,
|
|
||||||
"algorithms": &*self.algorithms,
|
|
||||||
"signatures": &*self.signatures,
|
|
||||||
})
|
|
||||||
}
|
|
||||||
|
|
||||||
pub(crate) fn verify_device_keys(
|
pub(crate) fn verify_device_keys(
|
||||||
&self,
|
&self,
|
||||||
device_keys: &DeviceKeys,
|
device_keys: &DeviceKeys,
|
||||||
) -> Result<(), SignatureError> {
|
) -> Result<(), SignatureError> {
|
||||||
let mut device_keys = serde_json::to_value(device_keys).unwrap();
|
let mut device_keys = serde_json::to_value(device_keys)?;
|
||||||
self.is_signed_by_device(&mut device_keys)
|
self.is_signed_by_device(&mut device_keys)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -23,7 +23,7 @@ use std::{
|
||||||
};
|
};
|
||||||
|
|
||||||
use ruma::{
|
use ruma::{
|
||||||
encryption::{CrossSigningKey, KeyUsage},
|
encryption::{CrossSigningKey, DeviceKeys, KeyUsage},
|
||||||
events::{
|
events::{
|
||||||
key::verification::VerificationMethod, room::message::KeyVerificationRequestEventContent,
|
key::verification::VerificationMethod, room::message::KeyVerificationRequestEventContent,
|
||||||
},
|
},
|
||||||
|
@ -494,6 +494,22 @@ impl SelfSigningPubkey {
|
||||||
&self.0.keys
|
&self.0.keys
|
||||||
}
|
}
|
||||||
|
|
||||||
|
pub(crate) fn verify_device_keys(&self, device_keys: DeviceKeys) -> Result<(), SignatureError> {
|
||||||
|
let (key_id, key) = self.0.keys.iter().next().ok_or(SignatureError::MissingSigningKey)?;
|
||||||
|
// TODO check that the usage is OK.
|
||||||
|
|
||||||
|
let mut device = to_value(device_keys)?;
|
||||||
|
|
||||||
|
let utility = Utility::new();
|
||||||
|
|
||||||
|
utility.verify_json(
|
||||||
|
&self.0.user_id,
|
||||||
|
&DeviceKeyId::try_from(key_id.as_str())?,
|
||||||
|
key,
|
||||||
|
&mut device,
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
/// Check if the given device is signed by this self signing key.
|
/// Check if the given device is signed by this self signing key.
|
||||||
///
|
///
|
||||||
/// # Arguments
|
/// # Arguments
|
||||||
|
@ -503,17 +519,7 @@ impl SelfSigningPubkey {
|
||||||
/// Returns an empty result if the signature check succeeded, otherwise a
|
/// Returns an empty result if the signature check succeeded, otherwise a
|
||||||
/// SignatureError indicating why the check failed.
|
/// SignatureError indicating why the check failed.
|
||||||
pub(crate) fn verify_device(&self, device: &ReadOnlyDevice) -> Result<(), SignatureError> {
|
pub(crate) fn verify_device(&self, device: &ReadOnlyDevice) -> Result<(), SignatureError> {
|
||||||
let (key_id, key) = self.0.keys.iter().next().ok_or(SignatureError::MissingSigningKey)?;
|
self.verify_device_keys(device.as_device_keys())
|
||||||
|
|
||||||
// TODO check that the usage is OK.
|
|
||||||
|
|
||||||
let utility = Utility::new();
|
|
||||||
utility.verify_json(
|
|
||||||
&self.0.user_id,
|
|
||||||
&DeviceKeyId::try_from(key_id.as_str())?,
|
|
||||||
key,
|
|
||||||
&mut device.as_signature_message(),
|
|
||||||
)
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue