From 08d76f2ff4581e78a1f79813b372f04721233b08 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Damir=20Jeli=C4=87?= <poljar@termina.org.uk>
Date: Fri, 14 Aug 2020 14:08:53 +0200
Subject: [PATCH] crypto: Pass the device key id to the verify signature
 method.

---
 matrix_sdk_crypto/src/device.rs  |  7 ++++++-
 matrix_sdk_crypto/src/error.rs   |  3 +++
 matrix_sdk_crypto/src/lib.rs     |  8 +++++---
 matrix_sdk_crypto/src/machine.rs | 14 ++++++++------
 4 files changed, 22 insertions(+), 10 deletions(-)

diff --git a/matrix_sdk_crypto/src/device.rs b/matrix_sdk_crypto/src/device.rs
index aecdd27a0..5cc53102c 100644
--- a/matrix_sdk_crypto/src/device.rs
+++ b/matrix_sdk_crypto/src/device.rs
@@ -179,7 +179,12 @@ impl Device {
             .get_key(DeviceKeyAlgorithm::Ed25519)
             .ok_or(SignatureError::MissingSigningKey)?;
 
-        verify_json(&self.user_id, &self.device_id.as_str(), signing_key, json)
+        verify_json(
+            &self.user_id,
+            &DeviceKeyId::from_parts(DeviceKeyAlgorithm::Ed25519, self.device_id()),
+            signing_key,
+            json,
+        )
     }
 
     pub(crate) fn verify_device_keys(
diff --git a/matrix_sdk_crypto/src/error.rs b/matrix_sdk_crypto/src/error.rs
index 0ac18fd22..ae60ac857 100644
--- a/matrix_sdk_crypto/src/error.rs
+++ b/matrix_sdk_crypto/src/error.rs
@@ -117,6 +117,9 @@ pub enum EventError {
 
 #[derive(Error, Debug)]
 pub enum SignatureError {
+    #[error("the signature used a unsupported algorithm")]
+    UnsupportedAlgorithm,
+
     #[error("the signing key is missing from the object that signed the message")]
     MissingSigningKey,
 
diff --git a/matrix_sdk_crypto/src/lib.rs b/matrix_sdk_crypto/src/lib.rs
index 829a66bb7..7f2fcf679 100644
--- a/matrix_sdk_crypto/src/lib.rs
+++ b/matrix_sdk_crypto/src/lib.rs
@@ -72,10 +72,14 @@ use serde_json::Value;
 /// * `json` - The JSON object that should be verified.
 pub(crate) fn verify_json(
     user_id: &UserId,
-    key_id: &str,
+    key_id: &DeviceKeyId,
     signing_key: &str,
     json: &mut Value,
 ) -> Result<(), SignatureError> {
+    if key_id.algorithm() != DeviceKeyAlgorithm::Ed25519 {
+        return Err(SignatureError::UnsupportedAlgorithm);
+    }
+
     let json_object = json.as_object_mut().ok_or(SignatureError::NotAnObject)?;
     let unsigned = json_object.remove("unsigned");
     let signatures = json_object.remove("signatures");
@@ -86,8 +90,6 @@ pub(crate) fn verify_json(
         json_object.insert("unsigned".to_string(), u);
     }
 
-    let key_id = DeviceKeyId::from_parts(DeviceKeyAlgorithm::Ed25519, key_id.into());
-
     let signatures = signatures.ok_or(SignatureError::NoSignatureFound)?;
     let signature_object = signatures
         .as_object()
diff --git a/matrix_sdk_crypto/src/machine.rs b/matrix_sdk_crypto/src/machine.rs
index 8208d02ff..96695d588 100644
--- a/matrix_sdk_crypto/src/machine.rs
+++ b/matrix_sdk_crypto/src/machine.rs
@@ -1407,7 +1407,9 @@ mod test {
             AnySyncMessageEvent, AnySyncRoomEvent, AnyToDeviceEvent, EventType, SyncMessageEvent,
             ToDeviceEvent, Unsigned,
         },
-        identifiers::{event_id, room_id, user_id, DeviceId, DeviceKeyAlgorithm, UserId},
+        identifiers::{
+            event_id, room_id, user_id, DeviceId, DeviceKeyAlgorithm, DeviceKeyId, UserId,
+        },
         Raw,
     };
     use matrix_sdk_test::test_json;
@@ -1626,7 +1628,7 @@ mod test {
 
         let ret = verify_json(
             &machine.user_id,
-            machine.device_id.as_str(),
+            &DeviceKeyId::from_parts(DeviceKeyAlgorithm::Ed25519, machine.device_id()),
             ed25519_key,
             &mut json!(&mut device_keys),
         );
@@ -1657,7 +1659,7 @@ mod test {
 
         let ret = verify_json(
             &machine.user_id,
-            machine.device_id.as_str(),
+            &DeviceKeyId::from_parts(DeviceKeyAlgorithm::Ed25519, machine.device_id()),
             "fake_key",
             &mut json!(&mut device_keys),
         );
@@ -1677,7 +1679,7 @@ mod test {
 
         let ret = verify_json(
             &machine.user_id,
-            machine.device_id.as_str(),
+            &DeviceKeyId::from_parts(DeviceKeyAlgorithm::Ed25519, machine.device_id()),
             ed25519_key,
             &mut json!(&mut one_time_key),
         );
@@ -1699,7 +1701,7 @@ mod test {
 
         let ret = verify_json(
             &machine.user_id,
-            machine.device_id.as_str(),
+            &DeviceKeyId::from_parts(DeviceKeyAlgorithm::Ed25519, machine.device_id()),
             ed25519_key,
             &mut json!(&mut request.one_time_keys.as_mut().unwrap().values_mut().next()),
         );
@@ -1707,7 +1709,7 @@ mod test {
 
         let ret = verify_json(
             &machine.user_id,
-            machine.device_id.as_str(),
+            &DeviceKeyId::from_parts(DeviceKeyAlgorithm::Ed25519, machine.device_id()),
             ed25519_key,
             &mut json!(&mut request.device_keys.unwrap()),
         );