matrix/matrix-js-sdk
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-js-sdk.git synced 2025-11-26 17:03:12 +03:00
Code Activity

Add separate check for secret storage keys

Browse Source 
Decryption vs. signing keys are calculated differently and so require separate
check functions.
This commit is contained in:
J. Ryan Stinnett
2019-12-06 17:51:20 +00:00
parent 1df12d1677
commit 2a2a40af7a
2 changed files with 43 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
src/client.js
View File

@@ -1027,13 +1027,12 @@ function wrapCryptoFuncs(MatrixClient, names) {
*/ */
/** /**
* Checks that a given private key matches a given public key. * Checks that a given cross-signing private key matches a given public key.
* This can be used by the getCrossSigningKey or getSecretStorageKey callbacks * This can be used by the getCrossSigningKey callback to verify that the
* to verify that the private key it is about to supply is the one that was * private key it is about to supply is the one that was requested.
* requested.
* The cross-signing API is currently UNSTABLE and may change without notice. * The cross-signing API is currently UNSTABLE and may change without notice.
* *
* @function module:client~MatrixClient#checkPrivateKey * @function module:client~MatrixClient#checkCrossSigningPrivateKey
* @param {Uint8Array} privateKey The private key * @param {Uint8Array} privateKey The private key
* @param {string} expectedPublicKey The public key * @param {string} expectedPublicKey The public key
* @returns {boolean} true if the key matches, otherwise false * @returns {boolean} true if the key matches, otherwise false
@@ -1046,7 +1045,7 @@ wrapCryptoFuncs(MatrixClient, [
"checkUserTrust", "checkUserTrust",
"checkDeviceTrust", "checkDeviceTrust",
"checkOwnCrossSigningTrust", "checkOwnCrossSigningTrust",
"checkPrivateKey", "checkCrossSigningPrivateKey",
]); ]);
/** /**
@@ -1176,6 +1175,18 @@ MatrixClient.prototype.checkEventSenderTrust = async function(event) {
* @param {string} keyId The new default key ID * @param {string} keyId The new default key ID
*/ */
/**
* Checks that a given secret storage private key matches a given public key.
* This can be used by the getSecretStorageKey callback to verify that the
* private key it is about to supply is the one that was requested.
* The Secure Secret Storage API is currently UNSTABLE and may change without notice.
*
* @function module:client~MatrixClient#checkSecretStoragePrivateKey
* @param {Uint8Array} privateKey The private key
* @param {string} expectedPublicKey The public key
* @returns {boolean} true if the key matches, otherwise false
*/
wrapCryptoFuncs(MatrixClient, [ wrapCryptoFuncs(MatrixClient, [
"createRecoveryKeyFromPassphrase", "createRecoveryKeyFromPassphrase",
"bootstrapSecretStorage", "bootstrapSecretStorage",
@@ -1187,6 +1198,7 @@ wrapCryptoFuncs(MatrixClient, [
"requestSecret", "requestSecret",
"getDefaultSecretStorageKeyId", "getDefaultSecretStorageKeyId",
"setDefaultSecretStorageKeyId", "setDefaultSecretStorageKeyId",
"checkSecretStoragePrivateKey",
]); ]);
/** /**

30
src/crypto/index.js
View File

@@ -467,16 +467,36 @@ Crypto.prototype.setDefaultSecretStorageKeyId = function(k) {
}; };
/** /**
* Checks that a given private key matches a given public key. * Checks that a given secret storage private key matches a given public key.
* This can be used by the getCrossSigningKey or getSecretStorageKey callbacks * This can be used by the getSecretStorageKey callback to verify that the
* to verify that the private key it is about to supply is the one that was * private key it is about to supply is the one that was requested.
* requested.
* *
* @param {Uint8Array} privateKey The private key * @param {Uint8Array} privateKey The private key
* @param {string} expectedPublicKey The public key * @param {string} expectedPublicKey The public key
* @returns {boolean} true if the key matches, otherwise false * @returns {boolean} true if the key matches, otherwise false
*/ */
Crypto.prototype.checkPrivateKey = function(privateKey, expectedPublicKey) { Crypto.prototype.checkSecretStoragePrivateKey = function(privateKey, expectedPublicKey) {
let decryption = null;
try {
decryption = new global.Olm.PkDecryption();
const gotPubkey = decryption.init_with_private_key(privateKey);
// make sure it agrees with the given pubkey
return gotPubkey === expectedPublicKey;
} finally {
if (decryption) decryption.free();
}
};
/**
* Checks that a given cross-signing private key matches a given public key.
* This can be used by the getCrossSigningKey callback to verify that the
* private key it is about to supply is the one that was requested.
*
* @param {Uint8Array} privateKey The private key
* @param {string} expectedPublicKey The public key
* @returns {boolean} true if the key matches, otherwise false
*/
Crypto.prototype.checkCrossSigningPrivateKey = function(privateKey, expectedPublicKey) {
let signing = null; let signing = null;
try { try {
signing = new global.Olm.PkSigning(); signing = new global.Olm.PkSigning();