From 9413f5b8e5f7aecc92fe009829838f8443a612de Mon Sep 17 00:00:00 2001 From: Nicolas Werner Date: Thu, 17 Dec 2020 02:34:32 +0100 Subject: [PATCH] Upload cross-signing signatures after verification --- src/DeviceVerificationFlow.cpp | 59 ++++++++++++++++++++++++++++++++-- 1 file changed, 57 insertions(+), 2 deletions(-) diff --git a/src/DeviceVerificationFlow.cpp b/src/DeviceVerificationFlow.cpp index 509fce8c..1ffb8b3e 100644 --- a/src/DeviceVerificationFlow.cpp +++ b/src/DeviceVerificationFlow.cpp @@ -275,11 +275,66 @@ DeviceVerificationFlow::DeviceVerificationFlow(QObject *, req.signatures[utils::localUser().toStdString()] [master_key.keys.at(mac.first)] = master_key; + } else if (mac.first == + "ed25519:" + this->deviceId.toStdString()) { + // Sign their device key with self signing key + + auto device_id = this->deviceId.toStdString(); + + if (their_keys.device_keys.count(device_id)) { + json j = + their_keys.device_keys.at(device_id); + j.erase("signatures"); + j.erase("unsigned"); + + auto secret = cache::secret( + mtx::secret_storage::secrets:: + cross_signing_self_signing); + if (!secret) + continue; + auto ssk = + mtx::crypto::PkSigning::from_seed( + *secret); + + mtx::crypto::DeviceKeys dev = j; + dev.signatures + [utils::localUser().toStdString()] + ["ed25519:" + ssk.public_key()] = + ssk.sign(j.dump()); + + req.signatures[utils::localUser() + .toStdString()] + [device_id] = dev; + } } } - // TODO(Nico): Sign their device key with self signing key } else { - // TODO(Nico): Sign their master key with user signing key + // Sign their master key with user signing key + for (const auto &mac : msg.mac) { + if (their_keys.master_keys.keys.count(mac.first)) { + json j = their_keys.master_keys; + j.erase("signatures"); + j.erase("unsigned"); + + auto secret = + cache::secret(mtx::secret_storage::secrets:: + cross_signing_user_signing); + if (!secret) + continue; + auto usk = + mtx::crypto::PkSigning::from_seed(*secret); + + mtx::crypto::CrossSigningKeys master_key = j; + master_key + .signatures[utils::localUser().toStdString()] + ["ed25519:" + usk.public_key()] = + usk.sign(j.dump()); + + req.signatures[toClient.to_string()] + [master_key.keys.at(mac.first)] = + master_key; + } + } } if (!req.signatures.empty()) {