matrix/matrix-js-sdk
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-js-sdk.git synced 2025-07-31 15:24:23 +03:00
Code Activity

Element R: fix isCrossSigningReady not checking identity trust (#4156)

Browse Source 
* Fix inconsistency between rust and legacy

* Add tests

* Review: better comment

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>

* review: Better doc

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>

* Simplify test data and some comments

---------

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
This commit is contained in:
Valere
2024-04-17 15:36:52 +02:00
committed by GitHub
parent 4fc6ba884e
commit d22a39f5d7
2 changed files with 67 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

61
spec/integ/crypto/cross-signing.spec.ts
View File

@ -347,6 +347,67 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("cross-signing (%s)", (backend: s
expect(isCrossSigningReady).toBeTruthy(); expect(isCrossSigningReady).toBeTruthy();
}); });
it("should return false if identity is not trusted, even if the secrets are in 4S", async () => {
e2eKeyResponder.addCrossSigningData(SIGNED_CROSS_SIGNING_KEYS_DATA);
// Complete initial sync, to get the 4S account_data events stored
mockInitialApiRequests(aliceClient.getHomeserverUrl());
// For this test we need to have a well-formed 4S setup.
const mockSecretInfo = {
encrypted: {
// Don't care about the actual values here, just need to be present for validation
KeyId: {
iv: "IVIVIVIVIVIVIV",
ciphertext: "CIPHERTEXTB64",
mac: "MACMACMAC",
},
},
};
syncResponder.sendOrQueueSyncResponse({
next_batch: 1,
account_data: {
events: [
{
type: "m.secret_storage.key.KeyId",
content: {
algorithm: "m.secret_storage.v1.aes-hmac-sha2",
// iv and mac not relevant for this test
},
},
{
type: "m.secret_storage.default_key",
content: {
key: "KeyId",
},
},
{
type: "m.cross_signing.master",
content: mockSecretInfo,
},
{
type: "m.cross_signing.user_signing",
content: mockSecretInfo,
},
{
type: "m.cross_signing.self_signing",
content: mockSecretInfo,
},
],
},
});
await aliceClient.startClient();
await syncPromise(aliceClient);
// Sanity: ensure that the secrets are in 4S
const status = await aliceClient.getCrypto()!.getCrossSigningStatus();
expect(status.privateKeysInSecretStorage).toBeTruthy();
const isCrossSigningReady = await aliceClient.getCrypto()!.isCrossSigningReady();
expect(isCrossSigningReady).toBeFalsy();
});
}); });
describe("getCrossSigningKeyId", () => { describe("getCrossSigningKeyId", () => {

10
src/rust-crypto/rust-crypto.ts
View File

@ -610,15 +610,17 @@ export class RustCrypto extends TypedEventEmitter<RustCryptoEvents, RustCryptoEv
* Implementation of {@link CryptoApi#isCrossSigningReady} * Implementation of {@link CryptoApi#isCrossSigningReady}
*/ */
public async isCrossSigningReady(): Promise<boolean> { public async isCrossSigningReady(): Promise<boolean> {
const { publicKeysOnDevice, privateKeysInSecretStorage, privateKeysCachedLocally } = const { privateKeysInSecretStorage, privateKeysCachedLocally } = await this.getCrossSigningStatus();
await this.getCrossSigningStatus();
const hasKeysInCache = const hasKeysInCache =
Boolean(privateKeysCachedLocally.masterKey) && Boolean(privateKeysCachedLocally.masterKey) &&
Boolean(privateKeysCachedLocally.selfSigningKey) && Boolean(privateKeysCachedLocally.selfSigningKey) &&
Boolean(privateKeysCachedLocally.userSigningKey); Boolean(privateKeysCachedLocally.userSigningKey);
// The cross signing is ready if the public and private keys are available const identity = await this.getOwnIdentity();
return publicKeysOnDevice && (hasKeysInCache || privateKeysInSecretStorage);
// Cross-signing is ready if the public identity is trusted, and the private keys
// are either cached, or accessible via secret-storage.
return !!identity?.isVerified() && (hasKeysInCache || privateKeysInSecretStorage);
} }
/** /**