Sign one-time keys, and verify their signatures

We have decided that signing one-time keys is the lesser of two evils; accordingly, use a new key algorithm type (`signed_curve25519`), sign the one-time keys that we upload to the server, and verify the signatures on those we download. This will mean that develop won't be able to talk to master, but hey, we're in beta.
2025-11-28 05:03:59 +03:00 · 2016-10-21 12:17:34 +01:00
parent db925d7fde
commit a4f192bc88
3 changed files with 109 additions and 42 deletions
--- a/lib/base-apis.js
+++ b/lib/base-apis.js
@@ -976,24 +976,28 @@ MatrixBaseApis.prototype.downloadKeysForUsers = function(userIds, callback) {
 *
 * @param {string[][]} devices  a list of [userId, deviceId] pairs
 *
- * @param {module:client.callback=} callback
+ * @param {string} [key_algorithm = signed_curve25519]  desired key type
 *
 * @return {module:client.Promise} Resolves: result object. Rejects: with
 *     an error response ({@link module:http-api.MatrixError}).
 */
-MatrixBaseApis.prototype.claimOneTimeKeys = function(devices, callback) {
+MatrixBaseApis.prototype.claimOneTimeKeys = function(devices, key_algorithm) {
    var queries = {};

+    if (key_algorithm === undefined) {
+        key_algorithm = "signed_curve25519";
+    }
+
    for (var i = 0; i < devices.length; ++i) {
        var userId = devices[i][0];
        var deviceId = devices[i][1];
        var query = queries[userId] || {};
        queries[userId] = query;
-        query[deviceId] = "curve25519";
+        query[deviceId] = key_algorithm;
    }
    var content = {one_time_keys: queries};
    return this._http.authedRequestWithPrefix(
-        callback, "POST", "/keys/claim", undefined, content,
+        undefined, "POST", "/keys/claim", undefined, content,
        httpApi.PREFIX_UNSTABLE
    );
 };