From 945c16a7fbe63ecb142a34d2a6bf2682ec67c86f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Damir=20Jeli=C4=87?= <poljar@termina.org.uk>
Date: Mon, 6 Feb 2023 11:40:55 +0100
Subject: [PATCH] feat(crypto): Throw an error if our user/device pair isn't
 what we have in the store

---
 crates/matrix-sdk-crypto/src/machine.rs   | 20 ++++++++++++++------
 crates/matrix-sdk-crypto/src/store/mod.rs | 13 +++++++++++++
 2 files changed, 27 insertions(+), 6 deletions(-)

diff --git a/crates/matrix-sdk-crypto/src/machine.rs b/crates/matrix-sdk-crypto/src/machine.rs
index 37a652662..6035128ce 100644
--- a/crates/matrix-sdk-crypto/src/machine.rs
+++ b/crates/matrix-sdk-crypto/src/machine.rs
@@ -78,7 +78,8 @@ use crate::{
         Signatures,
     },
     verification::{Verification, VerificationMachine, VerificationRequest},
-    CrossSigningKeyExport, ReadOnlyDevice, RoomKeyImportResult, SignatureError, ToDeviceRequest,
+    CrossSigningKeyExport, CryptoStoreError, ReadOnlyDevice, RoomKeyImportResult, SignatureError,
+    ToDeviceRequest,
 };
 
 /// State machine implementation of the Olm/Megolm encryption protocol used for
@@ -233,11 +234,18 @@ impl OlmMachine {
     ) -> StoreResult<Self> {
         let account = match store.load_account().await? {
             Some(a) => {
-                debug!(
-                    ed25519_key = a.identity_keys().ed25519.to_base64().as_str(),
-                    "Restored an Olm account"
-                );
-                a
+                if user_id != a.user_id() || device_id != a.device_id() {
+                    return Err(CryptoStoreError::MismatchedAccount {
+                        expected: (a.user_id().to_owned(), a.device_id().to_owned()),
+                        got: (user_id.to_owned(), device_id.to_owned()),
+                    });
+                } else {
+                    debug!(
+                        ed25519_key = a.identity_keys().ed25519.to_base64().as_str(),
+                        "Restored an Olm account"
+                    );
+                    a
+                }
             }
             None => {
                 let account = ReadOnlyAccount::new(user_id, device_id);
diff --git a/crates/matrix-sdk-crypto/src/store/mod.rs b/crates/matrix-sdk-crypto/src/store/mod.rs
index 7a6aae2ab..9967f8709 100644
--- a/crates/matrix-sdk-crypto/src/store/mod.rs
+++ b/crates/matrix-sdk-crypto/src/store/mod.rs
@@ -725,6 +725,19 @@ pub enum CryptoStoreError {
     #[error("can't save/load sessions or group sessions in the store before an account is stored")]
     AccountUnset,
 
+    /// The store doesn't support multiple accounts and data from another device
+    /// was discovered.
+    #[error(
+        "the account in the store doesn't match the account in the constructor: \
+        expected {}:{}, got {}:{}", .expected.0, .expected.1, .got.0, .got.1
+    )]
+    MismatchedAccount {
+        /// The expected user/device id pair.
+        expected: (OwnedUserId, OwnedDeviceId),
+        /// The user/device id pair that was loaded from the store.
+        got: (OwnedUserId, OwnedDeviceId),
+    },
+
     /// An IO error occurred.
     #[error(transparent)]
     Io(#[from] IoError),