From 9413f5b8e5f7aecc92fe009829838f8443a612de Mon Sep 17 00:00:00 2001
From: Nicolas Werner <nicolas.werner@hotmail.de>
Date: Thu, 17 Dec 2020 02:34:32 +0100
Subject: [PATCH] Upload cross-signing signatures after verification
---
src/DeviceVerificationFlow.cpp | 59 ++++++++++++++++++++++++++++++++--
1 file changed, 57 insertions(+), 2 deletions(-)
diff --git a/src/DeviceVerificationFlow.cpp b/src/DeviceVerificationFlow.cpp
index 509fce8cb..1ffb8b3e2 100644
--- a/src/DeviceVerificationFlow.cpp
+++ b/src/DeviceVerificationFlow.cpp
@@ -275,11 +275,66 @@ DeviceVerificationFlow::DeviceVerificationFlow(QObject *,
req.signatures[utils::localUser().toStdString()]
[master_key.keys.at(mac.first)] =
master_key;
+ } else if (mac.first ==
+ "ed25519:" + this->deviceId.toStdString()) {
+ // Sign their device key with self signing key
+
+ auto device_id = this->deviceId.toStdString();
+
+ if (their_keys.device_keys.count(device_id)) {
+ json j =
+ their_keys.device_keys.at(device_id);
+ j.erase("signatures");
+ j.erase("unsigned");
+
+ auto secret = cache::secret(
+ mtx::secret_storage::secrets::
+ cross_signing_self_signing);
+ if (!secret)
+ continue;
+ auto ssk =
+ mtx::crypto::PkSigning::from_seed(
+ *secret);
+
+ mtx::crypto::DeviceKeys dev = j;
+ dev.signatures
+ [utils::localUser().toStdString()]
+ ["ed25519:" + ssk.public_key()] =
+ ssk.sign(j.dump());
+
+ req.signatures[utils::localUser()
+ .toStdString()]
+ [device_id] = dev;
+ }
}
}
- // TODO(Nico): Sign their device key with self signing key
} else {
- // TODO(Nico): Sign their master key with user signing key
+ // Sign their master key with user signing key
+ for (const auto &mac : msg.mac) {
+ if (their_keys.master_keys.keys.count(mac.first)) {
+ json j = their_keys.master_keys;
+ j.erase("signatures");
+ j.erase("unsigned");
+
+ auto secret =
+ cache::secret(mtx::secret_storage::secrets::
+ cross_signing_user_signing);
+ if (!secret)
+ continue;
+ auto usk =
+ mtx::crypto::PkSigning::from_seed(*secret);
+
+ mtx::crypto::CrossSigningKeys master_key = j;
+ master_key
+ .signatures[utils::localUser().toStdString()]
+ ["ed25519:" + usk.public_key()] =
+ usk.sign(j.dump());
+
+ req.signatures[toClient.to_string()]
+ [master_key.keys.at(mac.first)] =
+ master_key;
+ }
+ }
}
if (!req.signatures.empty()) {
--
GitLab