From 47c5c4645e411c76ee1e3ecc66b4d2492f463ceb Mon Sep 17 00:00:00 2001
From: Hubert Chathi <hubertc@matrix.org>
Date: Thu, 10 Feb 2022 08:34:21 -0500
Subject: [PATCH] Check the backup info against the stored private key when
 determining trust. (#2167)

---
 src/crypto/backup.ts | 21 +++++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)

diff --git a/src/crypto/backup.ts b/src/crypto/backup.ts
index a057de32d..3577fade7 100644
--- a/src/crypto/backup.ts
+++ b/src/crypto/backup.ts
@@ -313,11 +313,24 @@ export class BackupManager {
             return ret;
         }
 
-        const trustedPubkey = this.baseApis.crypto.sessionStore.getLocalTrustedBackupPubKey();
+        const privKey = await this.baseApis.crypto.getSessionBackupPrivateKey();
+        if (privKey) {
+            let algorithm;
+            try {
+                algorithm = await BackupManager.makeAlgorithm(backupInfo, async () => privKey);
 
-        if ("public_key" in backupInfo.auth_data && backupInfo.auth_data.public_key === trustedPubkey) {
-            logger.info("Backup public key " + trustedPubkey + " is trusted locally");
-            ret.trusted_locally = true;
+                if (await algorithm.keyMatches(privKey)) {
+                    logger.info("Backup is trusted locally");
+                    ret.trusted_locally = true;
+                }
+            } catch {
+                // do nothing -- if we have an error, then we don't mark it as
+                // locally trusted
+            } finally {
+                if (algorithm) {
+                    algorithm.free();
+                }
+            }
         }
 
         const mySigs = backupInfo.auth_data.signatures[this.baseApis.getUserId()] || {};