inex/famedlysdk
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

feat: Auto-verify own master key, if there is a valid signature chain within the same account

Browse source
This commit is contained in:
Sorunome 2020-09-10 12:56:50 +02:00
parent 64b8e01444
commit bbc1b63695
No known key found for this signature in database
GPG key ID: B19471D07FC9BE9C
2 changed files with 35 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
lib/encryption/encryption.dart
View file

@ -316,6 +316,20 @@ class Encryption {
return await olmManager.encryptToDeviceMessage(deviceKeys, type, payload); return await olmManager.encryptToDeviceMessage(deviceKeys, type, payload);
} }
Future<void> autovalidateMasterOwnKey() async {
// check if we can set our own master key as verified, if it isn't yet
if (client.database != null &&
client.userDeviceKeys.containsKey(client.userID)) {
final masterKey = client.userDeviceKeys[client.userID].masterKey;
if (masterKey != null &&
!masterKey.directVerified &&
masterKey
.hasValidSignatureChain(onlyValidateUserIds: {client.userID})) {
await masterKey.setVerified(true);
}
}
}
// this method is responsible for all background tasks, such as uploading online key backups // this method is responsible for all background tasks, such as uploading online key backups
bool _backgroundTasksRunning = true; bool _backgroundTasksRunning = true;
void _backgroundTasks() { void _backgroundTasks() {
@ -325,6 +339,8 @@ class Encryption {
keyManager.backgroundTasks(); keyManager.backgroundTasks();
autovalidateMasterOwnKey();
if (_backgroundTasksRunning) { if (_backgroundTasksRunning) {
Timer(Duration(seconds: 10), _backgroundTasks); Timer(Duration(seconds: 10), _backgroundTasks);
} }

23
lib/src/utils/device_keys_list.dart
View file

@ -157,14 +157,20 @@ abstract class SignableKey extends MatrixSignableKey {
return valid; return valid;
} }
bool hasValidSignatureChain({bool verifiedOnly = true, Set<String> visited}) { bool hasValidSignatureChain(
{bool verifiedOnly = true,
Set<String> visited,
Set<String> onlyValidateUserIds}) {
if (!client.encryptionEnabled) { if (!client.encryptionEnabled) {
return false; return false;
} }
visited ??= <String>{}; visited ??= <String>{};
onlyValidateUserIds ??= <String>{};
final setKey = '${userId};${identifier}'; final setKey = '${userId};${identifier}';
if (visited.contains(setKey)) { if (visited.contains(setKey) ||
return false; // prevent recursion (onlyValidateUserIds.isNotEmpty &&
!onlyValidateUserIds.contains(userId))) {
return false; // prevent recursion & validate hasValidSignatureChain
} }
visited.add(setKey); visited.add(setKey);
for (final signatureEntries in signatures.entries) { for (final signatureEntries in signatures.entries) {
@ -189,6 +195,13 @@ abstract class SignableKey extends MatrixSignableKey {
} else { } else {
continue; continue;
} }
if (onlyValidateUserIds.isNotEmpty &&
!onlyValidateUserIds.contains(key.userId)) {
// we don't want to verify keys from this user
continue;
}
if (key.blocked) { if (key.blocked) {
continue; // we can't be bothered about this keys signatures continue; // we can't be bothered about this keys signatures
} }
@ -228,7 +241,9 @@ abstract class SignableKey extends MatrixSignableKey {
} }
// or else we just recurse into that key and chack if it works out // or else we just recurse into that key and chack if it works out
final haveChain = key.hasValidSignatureChain( final haveChain = key.hasValidSignatureChain(
verifiedOnly: verifiedOnly, visited: visited); verifiedOnly: verifiedOnly,
visited: visited,
onlyValidateUserIds: onlyValidateUserIds);
if (haveChain) { if (haveChain) {
return true; return true;
} }