Upload cross-signing signatures after verification

2024-11-22 11:00:48 +03:00 · 2020-12-17 02:34:32 +01:00 · 2020-12-17 02:34:32 +01:00 · 9413f5b8e5
commit 9413f5b8e5
parent 7b46aa2a6e
1 changed files with 57 additions and 2 deletions
--- a/src/DeviceVerificationFlow.cpp
+++ b/src/DeviceVerificationFlow.cpp
@ -275,11 +275,66 @@ DeviceVerificationFlow::DeviceVerificationFlow(QObject *,
                                                  req.signatures[utils::localUser().toStdString()]
                                                                [master_key.keys.at(mac.first)] =
                                                    master_key;
+                                          } else if (mac.first ==
+                                                     "ed25519:" + this->deviceId.toStdString()) {
+                                                  // Sign their device key with self signing key
+
+                                                  auto device_id = this->deviceId.toStdString();
+
+                                                  if (their_keys.device_keys.count(device_id)) {
+                                                          json j =
+                                                            their_keys.device_keys.at(device_id);
+                                                          j.erase("signatures");
+                                                          j.erase("unsigned");
+
+                                                          auto secret = cache::secret(
+                                                            mtx::secret_storage::secrets::
+                                                              cross_signing_self_signing);
+                                                          if (!secret)
+                                                                  continue;
+                                                          auto ssk =
+                                                            mtx::crypto::PkSigning::from_seed(
+                                                              *secret);
+
+                                                          mtx::crypto::DeviceKeys dev = j;
+                                                          dev.signatures
+                                                            [utils::localUser().toStdString()]
+                                                            ["ed25519:" + ssk.public_key()] =
+                                                            ssk.sign(j.dump());
+
+                                                          req.signatures[utils::localUser()
+                                                                           .toStdString()]
+                                                                        [device_id] = dev;
+                                                  }
                                          }
                                  }
-                                  // TODO(Nico): Sign their device key with self signing key
                          } else {
-                                  // TODO(Nico): Sign their master key with user signing key
+                                  // Sign their master key with user signing key
+                                  for (const auto &mac : msg.mac) {
+                                          if (their_keys.master_keys.keys.count(mac.first)) {
+                                                  json j = their_keys.master_keys;
+                                                  j.erase("signatures");
+                                                  j.erase("unsigned");
+
+                                                  auto secret =
+                                                    cache::secret(mtx::secret_storage::secrets::
+                                                                    cross_signing_user_signing);
+                                                  if (!secret)
+                                                          continue;
+                                                  auto usk =
+                                                    mtx::crypto::PkSigning::from_seed(*secret);
+
+                                                  mtx::crypto::CrossSigningKeys master_key = j;
+                                                  master_key
+                                                    .signatures[utils::localUser().toStdString()]
+                                                               ["ed25519:" + usk.public_key()] =
+                                                    usk.sign(j.dump());
+
+                                                  req.signatures[toClient.to_string()]
+                                                                [master_key.keys.at(mac.first)] =
+                                                    master_key;
+                                          }
+                                  }
                          }

                          if (!req.signatures.empty()) {