Clean up backup trust checks

There were several inaccurate comments and redundant code paths around backup
trust checks.

src/client.js

@@ -1492,13 +1492,13 @@ MatrixClient.prototype.createKeyBackupVersion = async function(info) {
         auth_data: info.auth_data,
     };
 
-    // Now sign the backup auth data. Do it as this device first because crypto._signObject
+    // Sign the backup auth data with the device key for backwards compat with
-    // is dumb and bluntly replaces the whole signatures block...
+    // older devices with cross-signing. This can probably go away very soon in
-    // this can probably go away very soon in favour of just signing with the SSK.
+    // favour of just signing with the cross-singing master key.
     await this._crypto._signObject(data.auth_data);
 
     if (this._crypto._crossSigningInfo.getId()) {
-        // now also sign the auth data with the master key
+        // now also sign the auth data with the cross-signing master key
         await this._crypto._crossSigningInfo.signObject(data.auth_data, "master");
     }
 

src/crypto/index.js

@@ -999,12 +999,13 @@ Crypto.prototype.isKeyBackupTrusted = async function(backupInfo) {
             logger.log("Ignoring unknown signature type: " + keyIdParts[0]);
             continue;
         }
-        // Could be an SSK but just say this is the device ID for backwards compat
+        // Could be a cross-signing master key, but just say this is the device
-        const sigInfo = { deviceId: keyIdParts[1] }; // XXX: is this how we're supposed to get the device ID?
+        // ID for backwards compat
+        const sigInfo = { deviceId: keyIdParts[1] };
 
         // first check to see if it's from our cross-signing key
         const crossSigningId = this._crossSigningInfo.getId();
-        if (crossSigningId === keyId) {
+        if (crossSigningId === sigInfo.deviceId) {
             sigInfo.cross_signing_key = crossSigningId;
             try {
                 await olmlib.verifySignature(
@@ -1027,7 +1028,7 @@ Crypto.prototype.isKeyBackupTrusted = async function(backupInfo) {
 
         // Now look for a sig from a device
         // At some point this can probably go away and we'll just support
-        // it being signed by the SSK
+        // it being signed by the cross-signing master key
         const device = this._deviceList.getStoredDevice(
             this._userId, sigInfo.deviceId,
         );
@@ -1036,9 +1037,7 @@ Crypto.prototype.isKeyBackupTrusted = async function(backupInfo) {
             try {
                 await olmlib.verifySignature(
                     this._olmDevice,
-                    // verifySignature modifies the object so we need to copy
+                    backupInfo.auth_data,
-                    // if we verify more than one sig
-                    Object.assign({}, backupInfo.auth_data),
                     this._userId,
                     device.deviceId,
                     device.getFingerprint(),

src/crypto/olmlib.js

@@ -303,8 +303,7 @@ async function _verifyKeyAndStartSession(olmDevice, oneTimeKey, userId, deviceIn
  *
  * @param {module:crypto/OlmDevice} olmDevice olm wrapper to use for verify op
  *
- * @param {Object} obj object to check signature on. Note that this will be
+ * @param {Object} obj object to check signature on.
- * stripped of its 'signatures' and 'unsigned' properties.
  *
  * @param {string} signingUserId  ID of the user whose signature should be checked
  *