From 56cfa8f4f9d214dad02899ef6db11795a2da98b2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Damir=20Jeli=C4=87?= Date: Mon, 6 Feb 2023 16:00:24 +0100 Subject: [PATCH] fix(crypto): Always mark your own device as verified --- .../matrix-sdk-crypto-js/tests/device.test.js | 36 +++++++++++++++++-- crates/matrix-sdk-crypto/src/machine.rs | 17 +++++++-- 2 files changed, 49 insertions(+), 4 deletions(-) diff --git a/bindings/matrix-sdk-crypto-js/tests/device.test.js b/bindings/matrix-sdk-crypto-js/tests/device.test.js index 14ecc2051..ea6d3d6e9 100644 --- a/bindings/matrix-sdk-crypto-js/tests/device.test.js +++ b/bindings/matrix-sdk-crypto-js/tests/device.test.js @@ -69,7 +69,39 @@ describe(OlmMachine.name, () => { test('can read a user device', async () => { const m = await machine(); - const dev = await m.getDevice(user, device); + + const hypothetical_response = JSON.stringify({ + "device_keys": { + "@alice:example.org": { + "JLAFKJWSCS": { + "algorithms": [ + "m.olm.v1.curve25519-aes-sha2", + "m.megolm.v1.aes-sha2" + ], + "device_id": "JLAFKJWSCS", + "keys": { + "curve25519:JLAFKJWSCS": "wjLpTLRqbqBzLs63aYaEv2Boi6cFEbbM/sSRQ2oAKk4", + "ed25519:JLAFKJWSCS": "nE6W2fCblxDcOFmeEtCHNl8/l8bXcu7GKyAswA4r3mM" + }, + "signatures": { + "@alice:example.org": { + "ed25519:JLAFKJWSCS": "m53Wkbh2HXkc3vFApZvCrfXcX3AI51GsDHustMhKwlv3TuOJMj4wistcOTM8q2+e/Ro7rWFUb9ZfnNbwptSUBA" + } + }, + "unsigned": { + "device_display_name": "Alice's mobile phone" + }, + "user_id": "@alice:example.org" + } + } + }, + "failures": {} + }); + // Insert another device into the store + await m.markRequestAsSent("ID", RequestType.KeysQuery, hypothetical_response); + + const secondDeviceId = new DeviceId("JLAFKJWSCS"); + const dev = await m.getDevice(user, secondDeviceId); expect(dev).toBeInstanceOf(Device); expect(dev.isVerified()).toStrictEqual(false); @@ -82,7 +114,7 @@ describe(OlmMachine.name, () => { expect(dev.isLocallyTrusted()).toStrictEqual(true); expect(dev.userId.toString()).toStrictEqual(user.toString()); - expect(dev.deviceId.toString()).toStrictEqual(device.toString()); + expect(dev.deviceId.toString()).toStrictEqual(secondDeviceId.toString()); expect(dev.deviceName).toBeUndefined(); const deviceKey = dev.getKey(DeviceKeyAlgorithmName.Ed25519); diff --git a/crates/matrix-sdk-crypto/src/machine.rs b/crates/matrix-sdk-crypto/src/machine.rs index 215fd793b..be1ea7bd5 100644 --- a/crates/matrix-sdk-crypto/src/machine.rs +++ b/crates/matrix-sdk-crypto/src/machine.rs @@ -82,8 +82,8 @@ use crate::{ Signatures, }, verification::{Verification, VerificationMachine, VerificationRequest}, - CrossSigningKeyExport, CryptoStoreError, ReadOnlyDevice, RoomKeyImportResult, SignatureError, - ToDeviceRequest, + CrossSigningKeyExport, CryptoStoreError, LocalTrust, ReadOnlyDevice, RoomKeyImportResult, + SignatureError, ToDeviceRequest, }; /// State machine implementation of the Olm/Megolm encryption protocol used for @@ -256,6 +256,11 @@ impl OlmMachine { let account = ReadOnlyAccount::new(user_id, device_id); let device = ReadOnlyDevice::from_account(&account).await; + // We just created this device from our own Olm `Account`. Since we are the + // owners of the private keys of this device we can safely mark + // the device as verified. + device.set_trust_state(LocalTrust::Verified); + Span::current() .record("ed25519_key", display(account.identity_keys().ed25519)) .record("curve25519_key", display(account.identity_keys().curve25519)); @@ -1773,6 +1778,14 @@ pub(crate) mod tests { async fn create_olm_machine() { let machine = OlmMachine::new(user_id(), alice_device_id()).await; assert!(!machine.account().shared()); + + let own_device = machine + .get_device(machine.user_id(), machine.device_id(), None) + .await + .unwrap() + .expect("We should always have our own device in the store"); + + assert!(own_device.is_locally_trusted(), "Our own device should always be locally trusted"); } #[async_test]