You've already forked matrix-js-sdk
mirror of
https://github.com/matrix-org/matrix-js-sdk.git
synced 2025-11-26 17:03:12 +03:00
implement qr code reciprocate for self-verif with untrusted MSK
This commit is contained in:
Bruno Windels
@@ -67,15 +67,24 @@ export class ReciprocateQRCode extends Base {
|
|||||||
|
|
||||||
// 3. determine key to sign
|
// 3. determine key to sign
|
||||||
const keys = {};
|
const keys = {};
|
||||||
if (qrCodeData.mode === MODE_VERIFY_OTHER_USER) {
|
|
||||||
|
switch (qrCodeData.mode) {
|
||||||
|
case MODE_VERIFY_OTHER_USER: {
|
||||||
// add master key to keys to be signed, only if we're not doing self-verification
|
// add master key to keys to be signed, only if we're not doing self-verification
|
||||||
const masterKey = qrCodeData.otherUserMasterKey;
|
const masterKey = qrCodeData.otherUserMasterKey;
|
||||||
keys[`ed25519:${masterKey}`] = masterKey;
|
keys[`ed25519:${masterKey}`] = masterKey;
|
||||||
} else if (qrCodeData.mode === MODE_VERIFY_SELF_TRUSTED) {
|
break;
|
||||||
|
}
|
||||||
|
case MODE_VERIFY_SELF_TRUSTED: {
|
||||||
const deviceId = this.request.targetDevice.deviceId;
|
const deviceId = this.request.targetDevice.deviceId;
|
||||||
keys[`ed25519:${deviceId}`] = qrCodeData.otherDeviceKey;
|
keys[`ed25519:${deviceId}`] = qrCodeData.otherDeviceKey;
|
||||||
} else {
|
break;
|
||||||
// TODO: not sure if MODE_VERIFY_SELF_UNTRUSTED makes sense to sign anything here?
|
}
|
||||||
|
case MODE_VERIFY_SELF_UNTRUSTED: {
|
||||||
|
const masterKey = qrCodeData.myMasterKey;
|
||||||
|
keys[`ed25519:${masterKey}`] = masterKey;
|
||||||
|
break;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// 4. sign the key
|
// 4. sign the key
|
||||||
@@ -108,11 +117,15 @@ const MODE_VERIFY_SELF_TRUSTED = 0x01; // We trust the master key
|
|||||||
const MODE_VERIFY_SELF_UNTRUSTED = 0x02; // We do not trust the master key
|
const MODE_VERIFY_SELF_UNTRUSTED = 0x02; // We do not trust the master key
|
||||||
|
|
||||||
export class QRCodeData {
|
export class QRCodeData {
|
||||||
constructor(mode, sharedSecret, otherUserMasterKey, otherDeviceKey, buffer) {
|
constructor(
|
||||||
|
mode, sharedSecret, otherUserMasterKey,
|
||||||
|
otherDeviceKey, myMasterKey, buffer,
|
||||||
|
) {
|
||||||
this._sharedSecret = sharedSecret;
|
this._sharedSecret = sharedSecret;
|
||||||
this._mode = mode;
|
this._mode = mode;
|
||||||
this._otherUserMasterKey = otherUserMasterKey;
|
this._otherUserMasterKey = otherUserMasterKey;
|
||||||
this._otherDeviceKey = otherDeviceKey;
|
this._otherDeviceKey = otherDeviceKey;
|
||||||
|
this._myMasterKey = myMasterKey;
|
||||||
this._buffer = buffer;
|
this._buffer = buffer;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -121,22 +134,28 @@ export class QRCodeData {
|
|||||||
const mode = QRCodeData._determineMode(request, client);
|
const mode = QRCodeData._determineMode(request, client);
|
||||||
let otherUserMasterKey = null;
|
let otherUserMasterKey = null;
|
||||||
let otherDeviceKey = null;
|
let otherDeviceKey = null;
|
||||||
|
let myMasterKey = null;
|
||||||
if (mode === MODE_VERIFY_OTHER_USER) {
|
if (mode === MODE_VERIFY_OTHER_USER) {
|
||||||
const otherUserCrossSigningInfo =
|
const otherUserCrossSigningInfo =
|
||||||
client.getStoredCrossSigningForUser(request.otherUserId);
|
client.getStoredCrossSigningForUser(request.otherUserId);
|
||||||
otherUserMasterKey = otherUserCrossSigningInfo.getId("master");
|
otherUserMasterKey = otherUserCrossSigningInfo.getId("master");
|
||||||
} else if (mode === MODE_VERIFY_SELF_TRUSTED) {
|
} else if (mode === MODE_VERIFY_SELF_TRUSTED) {
|
||||||
otherDeviceKey = await QRCodeData._getOtherDeviceKey(request, client);
|
otherDeviceKey = await QRCodeData._getOtherDeviceKey(request, client);
|
||||||
|
} else if (mode === MODE_VERIFY_SELF_UNTRUSTED) {
|
||||||
|
const myUserId = client.getUserId();
|
||||||
|
const myCrossSigningInfo = client.getStoredCrossSigningForUser(myUserId);
|
||||||
|
myMasterKey = myCrossSigningInfo.getId("master");
|
||||||
}
|
}
|
||||||
const qrData = QRCodeData._generateQrData(
|
const qrData = QRCodeData._generateQrData(
|
||||||
request, client, mode,
|
request, client, mode,
|
||||||
sharedSecret,
|
sharedSecret,
|
||||||
otherUserMasterKey,
|
otherUserMasterKey,
|
||||||
otherDeviceKey,
|
otherDeviceKey,
|
||||||
|
myMasterKey,
|
||||||
);
|
);
|
||||||
const buffer = QRCodeData._generateBuffer(qrData);
|
const buffer = QRCodeData._generateBuffer(qrData);
|
||||||
return new QRCodeData(mode, sharedSecret,
|
return new QRCodeData(mode, sharedSecret,
|
||||||
otherUserMasterKey, otherDeviceKey, buffer);
|
otherUserMasterKey, otherDeviceKey, myMasterKey, buffer);
|
||||||
}
|
}
|
||||||
|
|
||||||
get buffer() {
|
get buffer() {
|
||||||
@@ -147,14 +166,30 @@ export class QRCodeData {
|
|||||||
return this._mode;
|
return this._mode;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* only set when mode is MODE_VERIFY_SELF_TRUSTED
|
||||||
|
* @return {string} device key of other party at time of generating QR code
|
||||||
|
*/
|
||||||
get otherDeviceKey() {
|
get otherDeviceKey() {
|
||||||
return this._otherDeviceKey;
|
return this._otherDeviceKey;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* only set when mode is MODE_VERIFY_OTHER_USER
|
||||||
|
* @return {string} master key of other party at time of generating QR code
|
||||||
|
*/
|
||||||
get otherUserMasterKey() {
|
get otherUserMasterKey() {
|
||||||
return this._otherUserMasterKey;
|
return this._otherUserMasterKey;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* only set when mode is MODE_VERIFY_SELF_UNTRUSTED
|
||||||
|
* @return {string} own master key at time of generating QR code
|
||||||
|
*/
|
||||||
|
get myMasterKey() {
|
||||||
|
return this._myMasterKey;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The unpadded base64 encoded shared secret.
|
* The unpadded base64 encoded shared secret.
|
||||||
*/
|
*/
|
||||||
@@ -198,7 +233,8 @@ export class QRCodeData {
|
|||||||
}
|
}
|
||||||
|
|
||||||
static _generateQrData(request, client, mode,
|
static _generateQrData(request, client, mode,
|
||||||
encodedSharedSecret, otherUserMasterKey, otherDeviceKey,
|
encodedSharedSecret, otherUserMasterKey,
|
||||||
|
otherDeviceKey, myMasterKey,
|
||||||
) {
|
) {
|
||||||
const myUserId = client.getUserId();
|
const myUserId = client.getUserId();
|
||||||
const transactionId = request.channel.transactionId;
|
const transactionId = request.channel.transactionId;
|
||||||
@@ -213,16 +249,15 @@ export class QRCodeData {
|
|||||||
};
|
};
|
||||||
|
|
||||||
const myCrossSigningInfo = client.getStoredCrossSigningForUser(myUserId);
|
const myCrossSigningInfo = client.getStoredCrossSigningForUser(myUserId);
|
||||||
const myMasterKey = myCrossSigningInfo.getId("master");
|
|
||||||
|
|
||||||
if (mode === MODE_VERIFY_OTHER_USER) {
|
if (mode === MODE_VERIFY_OTHER_USER) {
|
||||||
// First key is our master cross signing key
|
// First key is our master cross signing key
|
||||||
qrData.firstKeyB64 = myMasterKey;
|
qrData.firstKeyB64 = myCrossSigningInfo.getId("master");
|
||||||
// Second key is the other user's master cross signing key
|
// Second key is the other user's master cross signing key
|
||||||
qrData.secondKeyB64 = otherUserMasterKey;
|
qrData.secondKeyB64 = otherUserMasterKey;
|
||||||
} else if (mode === MODE_VERIFY_SELF_TRUSTED) {
|
} else if (mode === MODE_VERIFY_SELF_TRUSTED) {
|
||||||
// First key is our master cross signing key
|
// First key is our master cross signing key
|
||||||
qrData.firstKeyB64 = myMasterKey;
|
qrData.firstKeyB64 = myCrossSigningInfo.getId("master");
|
||||||
qrData.secondKeyB64 = otherDeviceKey;
|
qrData.secondKeyB64 = otherDeviceKey;
|
||||||
} else if (mode === MODE_VERIFY_SELF_UNTRUSTED) {
|
} else if (mode === MODE_VERIFY_SELF_UNTRUSTED) {
|
||||||
// First key is our device's key
|
// First key is our device's key
|
||||||
|
|||||||
Reference in New Issue
Block a user