From 6b1ef484f29ccd21f4c60ee14a4837c334b32a67 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Damir=20Jeli=C4=87?= Date: Wed, 8 May 2024 13:58:25 +0200 Subject: [PATCH] chore(crypto): Refactor the cross-signing key wrappers Since the master/self-signing/user-signing public key types are used for public user identities as well as for the private key type we have, and we'd like to sign the public key types it makes sense that the types itself aren't using an Arc. Let's instead put the Arc inside the user identity structs. This will allow us later on to more easily sign the public key types. --- .../matrix-sdk-crypto/src/identities/user.rs | 43 +++++++++++-------- crates/matrix-sdk-crypto/src/olm/account.rs | 2 +- .../matrix-sdk-crypto/src/olm/signing/mod.rs | 4 +- .../src/types/cross_signing/master.rs | 10 ++++- .../src/types/cross_signing/self_signing.rs | 10 ++++- .../src/types/cross_signing/user_signing.rs | 11 ++++- 6 files changed, 53 insertions(+), 27 deletions(-) diff --git a/crates/matrix-sdk-crypto/src/identities/user.rs b/crates/matrix-sdk-crypto/src/identities/user.rs index 4c4f61a7d..d416194a6 100644 --- a/crates/matrix-sdk-crypto/src/identities/user.rs +++ b/crates/matrix-sdk-crypto/src/identities/user.rs @@ -148,7 +148,7 @@ impl OwnUserIdentity { let cache = self.store.cache().await?; let account = cache.account().await?; - account.sign_master_key(self.master_key.clone()) + account.sign_master_key(&self.master_key) } /// Send a verification request to our other devices. @@ -369,8 +369,8 @@ impl ReadOnlyUserIdentities { #[derive(Debug, Clone, Deserialize, Serialize)] pub struct ReadOnlyUserIdentity { user_id: OwnedUserId, - pub(crate) master_key: MasterPubkey, - self_signing_key: SelfSigningPubkey, + pub(crate) master_key: Arc, + self_signing_key: Arc, } impl PartialEq for ReadOnlyUserIdentity { @@ -411,14 +411,19 @@ impl ReadOnlyUserIdentity { ) -> Result { master_key.verify_subkey(&self_signing_key)?; - Ok(Self { user_id: master_key.user_id().into(), master_key, self_signing_key }) + Ok(Self { + user_id: master_key.user_id().into(), + master_key: master_key.into(), + self_signing_key: self_signing_key.into(), + }) } #[cfg(test)] pub(crate) async fn from_private(identity: &crate::olm::PrivateCrossSigningIdentity) -> Self { - let master_key = identity.master_key.lock().await.as_ref().unwrap().public_key.clone(); + let master_key = + identity.master_key.lock().await.as_ref().unwrap().public_key.clone().into(); let self_signing_key = - identity.self_signing_key.lock().await.as_ref().unwrap().public_key.clone(); + identity.self_signing_key.lock().await.as_ref().unwrap().public_key.clone().into(); Self { user_id: identity.user_id().into(), master_key, self_signing_key } } @@ -494,9 +499,9 @@ impl ReadOnlyUserIdentity { #[derive(Debug, Clone, Serialize, Deserialize)] pub struct ReadOnlyOwnUserIdentity { user_id: OwnedUserId, - master_key: MasterPubkey, - self_signing_key: SelfSigningPubkey, - user_signing_key: UserSigningPubkey, + master_key: Arc, + self_signing_key: Arc, + user_signing_key: Arc, #[serde( serialize_with = "atomic_bool_serializer", deserialize_with = "atomic_bool_deserializer" @@ -551,9 +556,9 @@ impl ReadOnlyOwnUserIdentity { Ok(Self { user_id: master_key.user_id().into(), - master_key, - self_signing_key, - user_signing_key, + master_key: master_key.into(), + self_signing_key: self_signing_key.into(), + user_signing_key: user_signing_key.into(), verified: Arc::new(AtomicBool::new(false)), }) } @@ -568,9 +573,9 @@ impl ReadOnlyOwnUserIdentity { Self { user_id: identity.user_id().into(), - master_key, - self_signing_key, - user_signing_key, + master_key: master_key.into(), + self_signing_key: self_signing_key.into(), + user_signing_key: user_signing_key.into(), verified: Arc::new(AtomicBool::new(false)), } } @@ -672,14 +677,14 @@ impl ReadOnlyOwnUserIdentity { let old = self.clone(); - self.self_signing_key = self_signing_key; - self.user_signing_key = user_signing_key; + self.self_signing_key = self_signing_key.into(); + self.user_signing_key = user_signing_key.into(); - if self.master_key != master_key { + if self.master_key.as_ref() != &master_key { self.verified.store(false, Ordering::SeqCst); } - self.master_key = master_key; + self.master_key = master_key.into(); Ok(old != *self) } diff --git a/crates/matrix-sdk-crypto/src/olm/account.rs b/crates/matrix-sdk-crypto/src/olm/account.rs index b117a0760..c25b3ab92 100644 --- a/crates/matrix-sdk-crypto/src/olm/account.rs +++ b/crates/matrix-sdk-crypto/src/olm/account.rs @@ -785,7 +785,7 @@ impl Account { /// Sign the given Master Key pub fn sign_master_key( &self, - master_key: MasterPubkey, + master_key: &MasterPubkey, ) -> Result { let public_key = master_key.get_first_key().ok_or(SignatureError::MissingSigningKey)?.to_base64().into(); diff --git a/crates/matrix-sdk-crypto/src/olm/signing/mod.rs b/crates/matrix-sdk-crypto/src/olm/signing/mod.rs index a6af17634..8348ac2b7 100644 --- a/crates/matrix-sdk-crypto/src/olm/signing/mod.rs +++ b/crates/matrix-sdk-crypto/src/olm/signing/mod.rs @@ -662,6 +662,8 @@ impl PrivateCrossSigningIdentity { #[cfg(test)] mod tests { + use std::sync::Arc; + use matrix_sdk_test::async_test; use ruma::{device_id, user_id, CanonicalJsonValue, DeviceKeyAlgorithm, DeviceKeyId, UserId}; use serde_json::json; @@ -810,7 +812,7 @@ mod tests { "We're only uploading our own signature" ); - bob_public.master_key = master.try_into().unwrap(); + bob_public.master_key = Arc::new(master.try_into().unwrap()); user_signing.public_key.verify_master_key(bob_public.master_key()).unwrap(); } diff --git a/crates/matrix-sdk-crypto/src/types/cross_signing/master.rs b/crates/matrix-sdk-crypto/src/types/cross_signing/master.rs index c6ff1aa49..171606571 100644 --- a/crates/matrix-sdk-crypto/src/types/cross_signing/master.rs +++ b/crates/matrix-sdk-crypto/src/types/cross_signing/master.rs @@ -12,7 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. -use std::{collections::btree_map::Iter, sync::Arc}; +use std::collections::btree_map::Iter; use ruma::{encryption::KeyUsage, DeviceKeyId, OwnedDeviceKeyId, UserId}; use serde::{Deserialize, Serialize}; @@ -31,7 +31,7 @@ use crate::{ /// user signing keys of an user will be signed by their master key. #[derive(Debug, Clone, Serialize, Deserialize)] #[serde(try_from = "CrossSigningKey")] -pub struct MasterPubkey(pub(super) Arc); +pub struct MasterPubkey(pub(super) CrossSigningKey); impl MasterPubkey { /// Get the user id of the master key's owner. @@ -133,6 +133,12 @@ impl AsRef for MasterPubkey { } } +impl AsMut for MasterPubkey { + fn as_mut(&mut self) -> &mut CrossSigningKey { + &mut self.0 + } +} + impl TryFrom for MasterPubkey { type Error = serde_json::Error; diff --git a/crates/matrix-sdk-crypto/src/types/cross_signing/self_signing.rs b/crates/matrix-sdk-crypto/src/types/cross_signing/self_signing.rs index ec9cb1ff5..57ffafbda 100644 --- a/crates/matrix-sdk-crypto/src/types/cross_signing/self_signing.rs +++ b/crates/matrix-sdk-crypto/src/types/cross_signing/self_signing.rs @@ -1,4 +1,4 @@ -use std::{collections::btree_map::Iter, sync::Arc}; +use std::collections::btree_map::Iter; use ruma::{encryption::KeyUsage, OwnedDeviceKeyId, UserId}; use serde::{Deserialize, Serialize}; @@ -15,7 +15,7 @@ use crate::{ /// Self signing keys are used to sign the user's own devices. #[derive(Debug, Clone, Serialize, Deserialize)] #[serde(try_from = "CrossSigningKey")] -pub struct SelfSigningPubkey(pub(super) Arc); +pub struct SelfSigningPubkey(pub(super) CrossSigningKey); impl SelfSigningPubkey { /// Get the user id of the self signing key's owner. @@ -85,3 +85,9 @@ impl AsRef for SelfSigningPubkey { &self.0 } } + +impl AsMut for SelfSigningPubkey { + fn as_mut(&mut self) -> &mut CrossSigningKey { + &mut self.0 + } +} diff --git a/crates/matrix-sdk-crypto/src/types/cross_signing/user_signing.rs b/crates/matrix-sdk-crypto/src/types/cross_signing/user_signing.rs index a97ead111..0595e42cc 100644 --- a/crates/matrix-sdk-crypto/src/types/cross_signing/user_signing.rs +++ b/crates/matrix-sdk-crypto/src/types/cross_signing/user_signing.rs @@ -1,4 +1,4 @@ -use std::{collections::btree_map::Iter, sync::Arc}; +use std::collections::btree_map::Iter; use ruma::{encryption::KeyUsage, OwnedDeviceKeyId, UserId}; use serde::{Deserialize, Serialize}; @@ -11,7 +11,7 @@ use crate::{olm::VerifyJson, types::SigningKeys, SignatureError}; /// User signing keys are used to sign the master keys of other users. #[derive(Debug, Clone, Serialize, Deserialize)] #[serde(try_from = "CrossSigningKey")] -pub struct UserSigningPubkey(pub(super) Arc); +pub struct UserSigningPubkey(pub(super) CrossSigningKey); impl UserSigningPubkey { /// Get the user id of the user signing key's owner. @@ -73,8 +73,15 @@ impl TryFrom for UserSigningPubkey { } } } + impl AsRef for UserSigningPubkey { fn as_ref(&self) -> &CrossSigningKey { &self.0 } } + +impl AsMut for UserSigningPubkey { + fn as_mut(&mut self) -> &mut CrossSigningKey { + &mut self.0 + } +}