feat: Auto-verify own master key, if there is a valid signature chain within the same account

2020-09-10 12:56:50 +02:00 · 2020-09-10 12:56:50 +02:00 · bbc1b63695
parent 64b8e01444
commit bbc1b63695
2 changed files with 35 additions and 4 deletions
--- a/lib/encryption/encryption.dart
+++ b/lib/encryption/encryption.dart
@ -316,6 +316,20 @@ class Encryption {
    return await olmManager.encryptToDeviceMessage(deviceKeys, type, payload);
  }

+  Future<void> autovalidateMasterOwnKey() async {
+    // check if we can set our own master key as verified, if it isn't yet
+    if (client.database != null &&
+        client.userDeviceKeys.containsKey(client.userID)) {
+      final masterKey = client.userDeviceKeys[client.userID].masterKey;
+      if (masterKey != null &&
+          !masterKey.directVerified &&
+          masterKey
+              .hasValidSignatureChain(onlyValidateUserIds: {client.userID})) {
+        await masterKey.setVerified(true);
+      }
+    }
+  }
+
  // this method is responsible for all background tasks, such as uploading online key backups
  bool _backgroundTasksRunning = true;
  void _backgroundTasks() {
@ -325,6 +339,8 @@ class Encryption {

    keyManager.backgroundTasks();

+    autovalidateMasterOwnKey();
+
    if (_backgroundTasksRunning) {
      Timer(Duration(seconds: 10), _backgroundTasks);
    }
--- a/lib/src/utils/device_keys_list.dart
+++ b/lib/src/utils/device_keys_list.dart
@ -157,14 +157,20 @@ abstract class SignableKey extends MatrixSignableKey {
    return valid;
  }

-  bool hasValidSignatureChain({bool verifiedOnly = true, Set<String> visited}) {
+  bool hasValidSignatureChain(
+      {bool verifiedOnly = true,
+      Set<String> visited,
+      Set<String> onlyValidateUserIds}) {
    if (!client.encryptionEnabled) {
      return false;
    }
    visited ??= <String>{};
+    onlyValidateUserIds ??= <String>{};
    final setKey = '${userId};${identifier}';
-    if (visited.contains(setKey)) {
-      return false; // prevent recursion
+    if (visited.contains(setKey) ||
+        (onlyValidateUserIds.isNotEmpty &&
+            !onlyValidateUserIds.contains(userId))) {
+      return false; // prevent recursion & validate hasValidSignatureChain
    }
    visited.add(setKey);
    for (final signatureEntries in signatures.entries) {
@ -189,6 +195,13 @@ abstract class SignableKey extends MatrixSignableKey {
        } else {
          continue;
        }
+
+        if (onlyValidateUserIds.isNotEmpty &&
+            !onlyValidateUserIds.contains(key.userId)) {
+          // we don't want to verify keys from this user
+          continue;
+        }
+
        if (key.blocked) {
          continue; // we can't be bothered about this keys signatures
        }
@ -228,7 +241,9 @@ abstract class SignableKey extends MatrixSignableKey {
        }
        // or else we just recurse into that key and chack if it works out
        final haveChain = key.hasValidSignatureChain(
-            verifiedOnly: verifiedOnly, visited: visited);
+            verifiedOnly: verifiedOnly,
+            visited: visited,
+            onlyValidateUserIds: onlyValidateUserIds);
        if (haveChain) {
          return true;
        }