d3v1l/matrixion
1
0
Fork 0
mirror of https://github.com/Nheko-Reborn/nheko.git synced 2024-11-23 03:18:49 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

Ensure device signatures always get verified on device update

Browse source
This commit is contained in:
Nicolas Werner 2021-08-14 02:06:48 +02:00
parent 9bad584931
commit 13633c7644
No known key found for this signature in database
GPG key ID: C8D75E610773F2D9
1 changed files with 36 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

37
src/Cache.cpp
View file

@ -3901,9 +3901,44 @@ Cache::updateUserKeys(const std::string &sync_token, const mtx::responses::Query
} }
} }
if (!keyReused && !oldDeviceKeys.count(device_id)) if (!keyReused && !oldDeviceKeys.count(device_id)) {
// ensure the key has a valid signature from itself
std::string device_signing_key =
"ed25519:" + device_keys.device_id;
if (device_id != device_keys.device_id) {
nhlog::crypto()->warn(
"device {}:{} has a different device id "
"in the body: {}",
user,
device_id,
device_keys.device_id);
continue;
}
if (!device_keys.signatures.count(user) ||
!device_keys.signatures.at(user).count(
device_signing_key)) {
nhlog::crypto()->warn(
"device {}:{} has no signature",
user,
device_id);
continue;
}
if (!mtx::crypto::ed25519_verify_signature(
device_keys.keys.at(device_signing_key),
json(device_keys),
device_keys.signatures.at(user).at(
device_signing_key))) {
nhlog::crypto()->warn(
"device {}:{} has an invalid signature",
user,
device_id);
continue;
}
updateToWrite.device_keys[device_id] = device_keys; updateToWrite.device_keys[device_id] = device_keys;
} }
}
for (const auto &[key_id, key] : device_keys.keys) { for (const auto &[key_id, key] : device_keys.keys) {
(void)key_id; (void)key_id;