also send master key on verification and stuffs

This commit is contained in:
Sorunome 2020-05-26 09:54:46 +02:00
parent 80c7125d1d
commit 2ecf4151b9
No known key found for this signature in database
GPG key ID: B19471D07FC9BE9C
2 changed files with 24 additions and 10 deletions

View file

@ -55,7 +55,9 @@ class CrossSigning {
signatures[key.userId] = <String, dynamic>{};
}
if (!signatures[key.userId].containsKey(key.identifier)) {
signatures[key.userId][key.identifier] = key.toJson();
signatures[key.userId][key.identifier] =
Map<String, dynamic>.from(key.toJson());
signatures[key.userId][key.identifier].remove('signatures');
}
if (!signatures[key.userId][key.identifier].containsKey('signatures')) {
signatures[key.userId][key.identifier]
@ -79,18 +81,19 @@ class CrossSigning {
final signature = client.signString(key.signingContent);
addSignature(
key,
client.userDeviceKeys[client.userID].deviceKeys[client.deviceID],
client
.userDeviceKeys[client.userID].deviceKeys[client.deviceID],
signature);
}
// we don't care about signing other cross-signing keys
} else if (key.identifier != client.deviceID) {
// okay, we'll sign a device key with our self signing key
selfSigningKey ??=
base64.decode(await client.ssss.getCached(SELF_SIGNING_KEY) ?? '');
selfSigningKey ??= base64
.decode(await client.ssss.getCached(SELF_SIGNING_KEY) ?? '');
if (selfSigningKey != null) {
final signature = _sign(key.signingContent, selfSigningKey);
addSignature(key, client.userDeviceKeys[client.userID].selfSigningKey,
signature);
addSignature(key,
client.userDeviceKeys[client.userID].selfSigningKey, signature);
}
}
} else if (key is CrossSigningKey && key.usage.contains('master')) {
@ -99,8 +102,8 @@ class CrossSigning {
base64.decode(await client.ssss.getCached(USER_SIGNING_KEY) ?? '');
if (userSigningKey != null) {
final signature = _sign(key.signingContent, userSigningKey);
addSignature(
key, client.userDeviceKeys[client.userID].userSigningKey, signature);
addSignature(key, client.userDeviceKeys[client.userID].userSigningKey,
signature);
}
}
}

View file

@ -362,8 +362,8 @@ class KeyVerification {
if (verifiedMasterKey && userId == client.userID) {
// it was our own master key, let's request the cross signing keys
// we do it in the background, thus no await needed here
unawaited(client.ssss.maybeRequestAll(
_verifiedDevices.whereType<DeviceKeys>().toList()));
unawaited(client.ssss
.maybeRequestAll(_verifiedDevices.whereType<DeviceKeys>().toList()));
}
await send('m.key.verification.done', {});
@ -727,6 +727,17 @@ class _KeyVerificationMethodSas extends _KeyVerificationMethod {
_calculateMac(client.fingerprintKey, baseInfo + deviceKeyId);
keyList.add(deviceKeyId);
final masterKey = client.userDeviceKeys.containsKey(client.userID)
? client.userDeviceKeys[client.userID].masterKey
: null;
if (masterKey != null && masterKey.verified) {
// we have our own master key verified, let's send it!
final masterKeyId = 'ed25519:${masterKey.publicKey}';
mac[masterKeyId] =
_calculateMac(masterKey.publicKey, baseInfo + masterKeyId);
keyList.add(masterKeyId);
}
keyList.sort();
final keys = _calculateMac(keyList.join(','), baseInfo + 'KEY_IDS');
await request.send('m.key.verification.mac', {