crypto: Add some comments about the order of signature checks.

master
Damir Jelić 2020-08-19 15:35:34 +02:00
parent 56309ae12c
commit eb16737d3b
1 changed files with 9 additions and 0 deletions

View File

@ -89,17 +89,26 @@ impl Device {
// only the identity is trusted, if the identity and the device are // only the identity is trusted, if the identity and the device are
// trusted. // trusted.
if self.inner.trust_state() == LocalTrust::Verified { if self.inner.trust_state() == LocalTrust::Verified {
// If the device is localy marked as verified just return so, no
// need to check signatures.
true true
} else { } else {
self.own_identity.as_ref().map_or(false, |own_identity| { self.own_identity.as_ref().map_or(false, |own_identity| {
// Our own identity needs to be marked as verified.
own_identity.is_verified() own_identity.is_verified()
&& self && self
.device_owner_identity .device_owner_identity
.as_ref() .as_ref()
.map(|device_identity| match device_identity { .map(|device_identity| match device_identity {
// If it's one of our own devices, just check that
// we signed the device.
UserIdentities::Own(_) => own_identity UserIdentities::Own(_) => own_identity
.is_device_signed(&self.inner) .is_device_signed(&self.inner)
.map_or(false, |_| true), .map_or(false, |_| true),
// If it's a device from someone else, first check
// that our user has signed the other user and then
// checkif the other user has signed this device.
UserIdentities::Other(device_identity) => { UserIdentities::Other(device_identity) => {
own_identity own_identity
.is_identity_signed(&device_identity) .is_identity_signed(&device_identity)