allow backup algorithm to determine whether restored keys should be trusted

2025-11-28 05:03:59 +03:00 · 2021-06-09 13:02:47 -04:00
parent c04d79d9a0
commit cf21d64aa8
2 changed files with 8 additions and 1 deletions
--- a/src/client.ts
+++ b/src/client.ts
@@ -2490,6 +2490,8 @@ export class MatrixClient extends EventEmitter {

        const algorithm = await BackupManager.makeAlgorithm(backupInfo, async () => { return privKey; });

+        const untrusted = algorithm.untrusted;
+
        try {
            // If the pubkey computed from the private data we've been given
            // doesn't match the one in the auth_data, the user has entered
@@ -2557,7 +2559,7 @@ export class MatrixClient extends EventEmitter {

        await this.importRoomKeys(keys, {
            progressCallback,
-            untrusted: true,
+            untrusted,
            source: "backup",
        });

--- a/src/crypto/backup.ts
+++ b/src/crypto/backup.ts
@@ -71,6 +71,7 @@ interface BackupAlgorithmClass {
 }

 interface BackupAlgorithm {
+    untrusted: boolean;
    encryptSession(data: Record<string, any>): Promise<any>;
    decryptSessions(ciphertexts: Record<string, any>): Promise<Record<string, any>[]>;
    authData: AuthData;
@@ -589,6 +590,8 @@ export class Curve25519 implements BackupAlgorithm {
        }
    }

+    public get untrusted() { return true; }
+
    public async encryptSession(data: Record<string, any>): Promise<any> {
        const plainText: Record<string, any> = Object.assign({}, data);
        delete plainText.session_id;
@@ -716,6 +719,8 @@ export class Aes256 implements BackupAlgorithm {
        return [outKey, authData];
    }

+    public get untrusted() { return false; }
+
    async encryptSession(data: Record<string, any>): Promise<any> {
        const plainText: Record<string, any> = Object.assign({}, data);
        delete plainText.session_id;