matrix/matrix-js-sdk
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-js-sdk.git synced 2025-11-23 17:02:25 +03:00
Code Activity

Explicitly free some Rust-side objects (#3911)

Browse Source 
* Explicitly `free` stuff returned by `OlmMachine.getIdentity()`

* Explicitly `free` stuff returned by `OlmMachine.getDevice()`

* one more
This commit is contained in:
Richard van der Hoff
2023-11-28 13:14:53 +00:00
committed by GitHub
parent 8ef2ca681c
commit a7496627fc
3 changed files with 120 additions and 69 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
spec/unit/rust-crypto/rust-crypto.spec.ts
View File

@@ -645,6 +645,7 @@ describe("RustCrypto", () => {
it("should call getDevice", async () => { it("should call getDevice", async () => {
olmMachine.getDevice.mockResolvedValue({ olmMachine.getDevice.mockResolvedValue({
free: jest.fn(),
isCrossSigningTrusted: jest.fn().mockReturnValue(false), isCrossSigningTrusted: jest.fn().mockReturnValue(false),
isLocallyTrusted: jest.fn().mockReturnValue(false), isLocallyTrusted: jest.fn().mockReturnValue(false),
isCrossSignedByOwner: jest.fn().mockReturnValue(false), isCrossSignedByOwner: jest.fn().mockReturnValue(false),
@@ -871,7 +872,7 @@ describe("RustCrypto", () => {
}); });
it("returns a verified UserVerificationStatus when the UserIdentity is verified", async () => { it("returns a verified UserVerificationStatus when the UserIdentity is verified", async () => {
olmMachine.getIdentity.mockResolvedValue({ isVerified: jest.fn().mockReturnValue(true) }); olmMachine.getIdentity.mockResolvedValue({ free: jest.fn(), isVerified: jest.fn().mockReturnValue(true) });
const userVerificationStatus = await rustCrypto.getUserVerificationStatus(testData.TEST_USER_ID); const userVerificationStatus = await rustCrypto.getUserVerificationStatus(testData.TEST_USER_ID);
expect(userVerificationStatus.isVerified()).toBeTruthy(); expect(userVerificationStatus.isVerified()).toBeTruthy();

5
src/rust-crypto/CrossSigningIdentity.ts
View File

@@ -91,10 +91,13 @@ export class CrossSigningIdentity {
this.olmMachine.userId, this.olmMachine.userId,
this.olmMachine.deviceId, this.olmMachine.deviceId,
); );
try {
// Sign the device with our cross-signing key and upload the signature // Sign the device with our cross-signing key and upload the signature
const request: RustSdkCryptoJs.SignatureUploadRequest = await device.verify(); const request: RustSdkCryptoJs.SignatureUploadRequest = await device.verify();
await this.outgoingRequestProcessor.makeOutgoingRequest(request); await this.outgoingRequestProcessor.makeOutgoingRequest(request);
} finally {
device.free();
}
} else { } else {
logger.log( logger.log(
"bootStrapCrossSigning: Cross-signing private keys not found locally or in secret storage, creating new keys", "bootStrapCrossSigning: Cross-signing private keys not found locally or in secret storage, creating new keys",

63
src/rust-crypto/rust-crypto.ts
View File

@@ -425,6 +425,7 @@ export class RustCrypto extends TypedEventEmitter<RustCryptoEvents, RustCryptoEv
await this.outgoingRequestProcessor.makeOutgoingRequest(request); await this.outgoingRequestProcessor.makeOutgoingRequest(request);
} }
const userIdentity = await this.olmMachine.getIdentity(rustTrackedUser); const userIdentity = await this.olmMachine.getIdentity(rustTrackedUser);
userIdentity?.free();
return userIdentity !== undefined; return userIdentity !== undefined;
} else if (downloadUncached) { } else if (downloadUncached) {
// Download the cross signing keys and check if the master key is available // Download the cross signing keys and check if the master key is available
@@ -562,7 +563,13 @@ export class RustCrypto extends TypedEventEmitter<RustCryptoEvents, RustCryptoEv
if (!device) { if (!device) {
throw new Error(`Unknown device ${userId}|${deviceId}`); throw new Error(`Unknown device ${userId}|${deviceId}`);
} }
await device.setLocalTrust(verified ? RustSdkCryptoJs.LocalTrust.Verified : RustSdkCryptoJs.LocalTrust.Unset); try {
await device.setLocalTrust(
verified ? RustSdkCryptoJs.LocalTrust.Verified : RustSdkCryptoJs.LocalTrust.Unset,
);
} finally {
device.free();
}
} }
/** /**
@@ -578,13 +585,16 @@ export class RustCrypto extends TypedEventEmitter<RustCryptoEvents, RustCryptoEv
); );
if (!device) return null; if (!device) return null;
try {
return new DeviceVerificationStatus({ return new DeviceVerificationStatus({
signedByOwner: device.isCrossSignedByOwner(), signedByOwner: device.isCrossSignedByOwner(),
crossSigningVerified: device.isCrossSigningTrusted(), crossSigningVerified: device.isCrossSigningTrusted(),
localVerified: device.isLocallyTrusted(), localVerified: device.isLocallyTrusted(),
trustCrossSignedDevices: this._trustCrossSignedDevices, trustCrossSignedDevices: this._trustCrossSignedDevices,
}); });
} finally {
device.free();
}
} }
/** /**
@@ -596,7 +606,9 @@ export class RustCrypto extends TypedEventEmitter<RustCryptoEvents, RustCryptoEv
if (userIdentity === undefined) { if (userIdentity === undefined) {
return new UserVerificationStatus(false, false, false); return new UserVerificationStatus(false, false, false);
} }
return new UserVerificationStatus(userIdentity.isVerified(), false, false); const verified = userIdentity.isVerified();
userIdentity.free();
return new UserVerificationStatus(verified, false, false);
} }
/** /**
@@ -621,13 +633,19 @@ export class RustCrypto extends TypedEventEmitter<RustCryptoEvents, RustCryptoEv
const userIdentity: RustSdkCryptoJs.OwnUserIdentity | undefined = await this.olmMachine.getIdentity( const userIdentity: RustSdkCryptoJs.OwnUserIdentity | undefined = await this.olmMachine.getIdentity(
new RustSdkCryptoJs.UserId(this.userId), new RustSdkCryptoJs.UserId(this.userId),
); );
if (!userIdentity) {
// The public keys are not available on this device
return null;
}
try {
const crossSigningStatus: RustSdkCryptoJs.CrossSigningStatus = await this.olmMachine.crossSigningStatus(); const crossSigningStatus: RustSdkCryptoJs.CrossSigningStatus = await this.olmMachine.crossSigningStatus();
const privateKeysOnDevice = const privateKeysOnDevice =
crossSigningStatus.hasMaster && crossSigningStatus.hasUserSigning && crossSigningStatus.hasSelfSigning; crossSigningStatus.hasMaster && crossSigningStatus.hasUserSigning && crossSigningStatus.hasSelfSigning;
if (!userIdentity || !privateKeysOnDevice) { if (!privateKeysOnDevice) {
// The public or private keys are not available on this device // The private keys are not available on this device
return null; return null;
} }
@@ -657,6 +675,9 @@ export class RustCrypto extends TypedEventEmitter<RustCryptoEvents, RustCryptoEv
// We assume only a single key, and we want the bare form without type // We assume only a single key, and we want the bare form without type
// prefix, so we select the values. // prefix, so we select the values.
return Object.values(parsedKey.keys)[0]; return Object.values(parsedKey.keys)[0];
} finally {
userIdentity.free();
}
} }
/** /**
@@ -800,6 +821,8 @@ export class RustCrypto extends TypedEventEmitter<RustCryptoEvents, RustCryptoEv
Boolean(userIdentity?.masterKey) && Boolean(userIdentity?.masterKey) &&
Boolean(userIdentity?.selfSigningKey) && Boolean(userIdentity?.selfSigningKey) &&
Boolean(userIdentity?.userSigningKey); Boolean(userIdentity?.userSigningKey);
userIdentity?.free();
const privateKeysInSecretStorage = await secretStorageContainsCrossSigningKeys(this.secretStorage); const privateKeysInSecretStorage = await secretStorageContainsCrossSigningKeys(this.secretStorage);
const crossSigningStatus: RustSdkCryptoJs.CrossSigningStatus | null = const crossSigningStatus: RustSdkCryptoJs.CrossSigningStatus | null =
await this.getOlmMachineOrThrow().crossSigningStatus(); await this.getOlmMachineOrThrow().crossSigningStatus();
@@ -917,6 +940,7 @@ export class RustCrypto extends TypedEventEmitter<RustCryptoEvents, RustCryptoEv
if (!userIdentity) throw new Error(`unknown userId ${userId}`); if (!userIdentity) throw new Error(`unknown userId ${userId}`);
try {
// Transform the verification methods into rust objects // Transform the verification methods into rust objects
const methods = this._supportedVerificationMethods.map((method) => const methods = this._supportedVerificationMethods.map((method) =>
verificationMethodIdentifierToMethod(method), verificationMethodIdentifierToMethod(method),
@@ -933,7 +957,14 @@ export class RustCrypto extends TypedEventEmitter<RustCryptoEvents, RustCryptoEv
new RustSdkCryptoJs.EventId(eventId), new RustSdkCryptoJs.EventId(eventId),
methods, methods,
); );
return new RustVerificationRequest(request, this.outgoingRequestProcessor, this._supportedVerificationMethods); return new RustVerificationRequest(
request,
this.outgoingRequestProcessor,
this._supportedVerificationMethods,
);
} finally {
userIdentity.free();
}
} }
/** /**
@@ -995,12 +1026,20 @@ export class RustCrypto extends TypedEventEmitter<RustCryptoEvents, RustCryptoEv
throw new Error("cannot request verification for this device when there is no existing cross-signing key"); throw new Error("cannot request verification for this device when there is no existing cross-signing key");
} }
try {
const [request, outgoingRequest]: [RustSdkCryptoJs.VerificationRequest, RustSdkCryptoJs.ToDeviceRequest] = const [request, outgoingRequest]: [RustSdkCryptoJs.VerificationRequest, RustSdkCryptoJs.ToDeviceRequest] =
await userIdentity.requestVerification( await userIdentity.requestVerification(
this._supportedVerificationMethods.map(verificationMethodIdentifierToMethod), this._supportedVerificationMethods.map(verificationMethodIdentifierToMethod),
); );
await this.outgoingRequestProcessor.makeOutgoingRequest(outgoingRequest); await this.outgoingRequestProcessor.makeOutgoingRequest(outgoingRequest);
return new RustVerificationRequest(request, this.outgoingRequestProcessor, this._supportedVerificationMethods); return new RustVerificationRequest(
request,
this.outgoingRequestProcessor,
this._supportedVerificationMethods,
);
} finally {
userIdentity.free();
}
} }
/** /**
@@ -1025,12 +1064,20 @@ export class RustCrypto extends TypedEventEmitter<RustCryptoEvents, RustCryptoEv
throw new Error("Not a known device"); throw new Error("Not a known device");
} }
try {
const [request, outgoingRequest]: [RustSdkCryptoJs.VerificationRequest, RustSdkCryptoJs.ToDeviceRequest] = const [request, outgoingRequest]: [RustSdkCryptoJs.VerificationRequest, RustSdkCryptoJs.ToDeviceRequest] =
await device.requestVerification( await device.requestVerification(
this._supportedVerificationMethods.map(verificationMethodIdentifierToMethod), this._supportedVerificationMethods.map(verificationMethodIdentifierToMethod),
); );
await this.outgoingRequestProcessor.makeOutgoingRequest(outgoingRequest); await this.outgoingRequestProcessor.makeOutgoingRequest(outgoingRequest);
return new RustVerificationRequest(request, this.outgoingRequestProcessor, this._supportedVerificationMethods); return new RustVerificationRequest(
request,
this.outgoingRequestProcessor,
this._supportedVerificationMethods,
);
} finally {
device.free();
}
} }
/** /**