diff --git a/src/base-apis.js b/src/base-apis.js index 9186c3f25..8018881fc 100644 --- a/src/base-apis.js +++ b/src/base-apis.js @@ -1596,7 +1596,8 @@ MatrixBaseApis.prototype.uploadKeysRequest = function(content, opts, callback) { MatrixBaseApis.prototype.uploadKeySignatures = function(content) { return this._http.authedRequestWithPrefix( - undefined, "POST", '/keys/signatures/upload', undefined, content, httpApi.PREFIX_UNSTABLE, + undefined, "POST", '/keys/signatures/upload', undefined, + content, httpApi.PREFIX_UNSTABLE, ); }; diff --git a/src/client.js b/src/client.js index c3e81aa11..cb24c3894 100644 --- a/src/client.js +++ b/src/client.js @@ -958,7 +958,9 @@ MatrixClient.prototype.prepareKeyBackupVersion = async function(password) { throw new Error("End-to-end encryption disabled"); } - let decryption, encryption, signing; + let decryption; + let encryption; + let signing; try { decryption = new global.Olm.PkDecryption(); encryption = new global.Olm.PkEncryption(); @@ -988,32 +990,43 @@ MatrixClient.prototype.prepareKeyBackupVersion = async function(password) { }; if (signing) { - await this._cryptoStore.doTxn('readonly', [IndexedDBCryptoStore.STORE_ACCOUNT], (txn) => { - this._cryptoStore.getAccountKeys(txn, keys => { - returnInfo.accountKeys = keys; - }); - }); + await this._cryptoStore.doTxn( + 'readonly', [IndexedDBCryptoStore.STORE_ACCOUNT], + (txn) => { + this._cryptoStore.getAccountKeys(txn, (keys) => { + returnInfo.accountKeys = keys; + }); + }, + ); if (!returnInfo.accountKeys) { - const ssk_seed = signing.generate_seed(); - const usk_seed = signing.generate_seed(); + const sskSeed = signing.generate_seed(); + const uskSeed = signing.generate_seed(); returnInfo.accountKeys = { - self_signing_key_seed: Buffer.from(ssk_seed).toString('base64'), - user_signing_key_seed: Buffer.from(usk_seed).toString('base64'), - } + self_signing_key_seed: Buffer.from(sskSeed).toString('base64'), + user_signing_key_seed: Buffer.from(uskSeed).toString('base64'), + }; } // put the encrypted version of the seed in the auth data to upload // XXX: our encryption really should support encrypting binary data. - authData.self_signing_key_seed = encryption.encrypt(returnInfo.accountKeys.self_signing_key_seed); + authData.self_signing_key_seed = encryption.encrypt( + returnInfo.accountKeys.self_signing_key_seed, + ); // also keep the public part there - returnInfo.ssk_public = signing.init_with_seed(Buffer.from(returnInfo.accountKeys.self_signing_key_seed, 'base64')); + returnInfo.ssk_public = signing.init_with_seed( + Buffer.from(returnInfo.accountKeys.self_signing_key_seed, 'base64'), + ); signing.free(); // same for the USK - authData.user_signing_key_seed = encryption.encrypt(returnInfo.accountKeys.user_signing_key_seed); - returnInfo.usk_public = signing.init_with_seed(Buffer.from(returnInfo.accountKeys.user_signing_key_seed, 'base64')); + authData.user_signing_key_seed = encryption.encrypt( + returnInfo.accountKeys.user_signing_key_seed, + ); + returnInfo.usk_public = signing.init_with_seed( + Buffer.from(returnInfo.accountKeys.user_signing_key_seed, 'base64'), + ); signing.free(); // we don't save these keys back to the store yet: we'll do that when (if) we @@ -1033,6 +1046,8 @@ MatrixClient.prototype.prepareKeyBackupVersion = async function(password) { * from prepareKeyBackupVersion. * * @param {object} info Info object from prepareKeyBackupVersion + * @param {object} auth Auth object for UI auth + * @param {string} replacesSsk If the SSK is being replaced, the ID of the old key * @returns {Promise} Object with 'version' param indicating the version created */ MatrixClient.prototype.createKeyBackupVersion = async function(info, auth, replacesSsk) { @@ -1054,7 +1069,11 @@ MatrixClient.prototype.createKeyBackupVersion = async function(info, auth, repla }; // sign the USK with the SSK - pkSign(uskInfo, Buffer.from(info.accountKeys.self_signing_key_seed, 'base64'), this.credentials.userId); + pkSign( + uskInfo, + Buffer.from(info.accountKeys.self_signing_key_seed, 'base64'), + this.credentials.userId, + ); // Now sig the backup auth data. Do it as this device first because crypto._signObject // is dumb and bluntly replaces the whole signatures block... @@ -1062,7 +1081,11 @@ MatrixClient.prototype.createKeyBackupVersion = async function(info, auth, repla await this._crypto._signObject(data.auth_data); // now also sign the auth data with the SSK - pkSign(data.auth_data, Buffer.from(info.accountKeys.self_signing_key_seed, 'base64'), this.credentials.userId); + pkSign( + data.auth_data, + Buffer.from(info.accountKeys.self_signing_key_seed, 'base64'), + this.credentials.userId, + ); const keys = { self_signing_key: { @@ -1077,10 +1100,13 @@ MatrixClient.prototype.createKeyBackupVersion = async function(info, auth, repla auth, }; - return this._cryptoStore.doTxn('readwrite', [IndexedDBCryptoStore.STORE_ACCOUNT], (txn) => { - // store the newly generated account keys - this._cryptoStore.storeAccountKeys(txn, info.accountKeys); - }).then(() => { + return this._cryptoStore.doTxn( + 'readwrite', [IndexedDBCryptoStore.STORE_ACCOUNT], + (txn) => { + // store the newly generated account keys + this._cryptoStore.storeAccountKeys(txn, info.accountKeys); + }, + ).then(() => { // re-check the SSK in the device store if necessary return this._crypto.checkOwnSskTrust(); }).then(() => { @@ -1220,11 +1246,14 @@ MatrixClient.prototype._restoreKeyBackup = async function( // decrypt the account keys from the backup info if there are any // fetch the old ones first so we don't lose info if only one of them is in the backup let accountKeys; - await this._cryptoStore.doTxn('readonly', [IndexedDBCryptoStore.STORE_ACCOUNT], (txn) => { - this._cryptoStore.getAccountKeys(txn, keys => { - accountKeys = keys || {}; - }); - }); + await this._cryptoStore.doTxn( + 'readonly', [IndexedDBCryptoStore.STORE_ACCOUNT], + (txn) => { + this._cryptoStore.getAccountKeys(txn, (keys) => { + accountKeys = keys || {}; + }); + }, + ); if (backupInfo.auth_data.self_signing_key_seed) { accountKeys.self_signing_key_seed = decryption.decrypt( @@ -1241,9 +1270,12 @@ MatrixClient.prototype._restoreKeyBackup = async function( ); } - await this._cryptoStore.doTxn('readwrite', [IndexedDBCryptoStore.STORE_ACCOUNT], (txn) => { - this._cryptoStore.storeAccountKeys(txn, accountKeys); - }); + await this._cryptoStore.doTxn( + 'readwrite', [IndexedDBCryptoStore.STORE_ACCOUNT], + (txn) => { + this._cryptoStore.storeAccountKeys(txn, accountKeys); + }, + ); await this._crypto.checkOwnSskTrust(); } catch(e) { @@ -1254,7 +1286,9 @@ MatrixClient.prototype._restoreKeyBackup = async function( // start by signing this device from the SSK now we have it return this._crypto.uploadDeviceKeySignatures().then(() => { // Now fetch the encrypted keys - const path = this._makeKeyBackupPath(targetRoomId, targetSessionId, backupInfo.version); + const path = this._makeKeyBackupPath( + targetRoomId, targetSessionId, backupInfo.version, + ); return this._http.authedRequest( undefined, "GET", path.path, path.queryData, ); diff --git a/src/crypto/DeviceList.js b/src/crypto/DeviceList.js index 6ff51789c..16b59bd1c 100644 --- a/src/crypto/DeviceList.js +++ b/src/crypto/DeviceList.js @@ -788,7 +788,9 @@ class DeviceListUpdateSerialiser { let prom = Promise.resolve(); for (const userId of downloadUsers) { prom = prom.delay(5).then(() => { - return this._processQueryResponseForUser(userId, dk[userId], ssks[userId]); + return this._processQueryResponseForUser( + userId, dk[userId], ssks[userId], + ); }); } @@ -812,9 +814,9 @@ class DeviceListUpdateSerialiser { return deferred.promise; } - async _processQueryResponseForUser(userId, dk_response, ssk_response) { - logger.log('got device keys for ' + userId + ':', dk_response); - logger.log('got self-signing keys for ' + userId + ':', ssk_response); + async _processQueryResponseForUser(userId, dkResponse, sskResponse) { + logger.log('got device keys for ' + userId + ':', dkResponse); + logger.log('got self-signing keys for ' + userId + ':', sskResponse); { // map from deviceid -> deviceinfo for this user @@ -828,7 +830,7 @@ class DeviceListUpdateSerialiser { } await _updateStoredDeviceKeysForUser( - this._olmDevice, userId, userStore, dk_response || {}, + this._olmDevice, userId, userStore, dkResponse || {}, ); // put the updates into the object that will be returned as our results @@ -845,7 +847,7 @@ class DeviceListUpdateSerialiser { const ssk = this._deviceList.getRawStoredSskForUser(userId) || {}; const updated = await _updateStoredSelfSigningKeyForUser( - this._olmDevice, userId, ssk, ssk_response || {}, + this._olmDevice, userId, ssk, sskResponse || {}, ); this._deviceList.setRawStoredSskForUser(userId, ssk); diff --git a/src/crypto/PkSigning.js b/src/crypto/PkSigning.js index 4de1c2f3e..483b13437 100644 --- a/src/crypto/PkSigning.js +++ b/src/crypto/PkSigning.js @@ -18,6 +18,9 @@ const anotherjson = require('another-json'); /** * Higher level wrapper around olm.PkSigning that signs JSON objects + * @param obj {Object} Object to sign + * @param seed {Uint8Array} The private key seed (32 bytes) + * @param userId {string} The user ID who owns the signing key */ export function pkSign(obj, seed, userId) { const signing = new global.Olm.PkSigning(); diff --git a/src/crypto/index.js b/src/crypto/index.js index 5162a892c..e60374846 100644 --- a/src/crypto/index.js +++ b/src/crypto/index.js @@ -268,7 +268,7 @@ Crypto.prototype._onDeviceListUserSskUpdated = async function(userId) { if (userId === this._userId) { this.checkOwnSskTrust(); } -} +}; /* * Check the copy of our SSK that we have in the device list and see if it @@ -303,7 +303,7 @@ Crypto.prototype.checkOwnSskTrust = async function() { let localPubkey; try { signing = new global.Olm.PkSigning(); - localPubkey = signing.init_with_seed(Buffer.from(accountKeys.self_signing_key_seed, 'base64')) + localPubkey = signing.init_with_seed(Buffer.from(accountKeys.self_signing_key_seed, 'base64')); } finally { if (signing) signing.free(); signing = null; @@ -467,7 +467,7 @@ Crypto.prototype.isKeyBackupTrusted = async function(backupInfo) { s.valid && ( (s.device && s.device.isVerified()) || (s.self_signing_key && s.self_signing_key.isVerified()) ) - ) + ); }); return ret; }; @@ -622,7 +622,7 @@ Crypto.prototype.uploadDeviceKeySignatures = async function() { }; await crypto._baseApis.uploadKeySignatures(content); - return true + return true; }; /** @@ -829,7 +829,7 @@ Crypto.prototype.setSskVerification = async function(userId, verified) { throw new Error("No self-signing key found for user " + userId); } ssk.verified = verified; - this._deviceList.storeSskForUser(userId, ssk) + this._deviceList.storeSskForUser(userId, ssk); this._deviceList.saveIfDirty(); };