feat(crypto): Add a method to verify uploaded backups

2026-05-06 23:15:08 -04:00 · 2021-10-20 20:13:38 +02:00
parent b5babdb6c4
commit dfef6370b6
2 changed files with 42 additions and 2 deletions
--- a/crates/matrix-sdk-crypto/src/backups/mod.rs
+++ b/crates/matrix-sdk-crypto/src/backups/mod.rs
@@ -20,7 +20,12 @@ use std::{
 };

 use matrix_sdk_common::{locks::RwLock, uuid::Uuid};
-use ruma::{api::client::r0::backup::RoomKeyBackup, RoomId};
+use ruma::{
+    api::client::r0::backup::{
+        get_backup::Response as BackupResponse, BackupAlgorithm, RoomKeyBackup,
+    },
+    DeviceKeyAlgorithm, RoomId,
+};
 use tracing::{debug, info, warn};

 use crate::{
@@ -84,6 +89,41 @@ impl BackupMachine {
        self.backup_key.read().await.as_ref().map(|b| b.backup_version().is_some()).unwrap_or(false)
    }

+    pub async fn verify_backup(&self, backup: BackupResponse) -> Result<bool, CryptoStoreError> {
+        Ok(
+            if let BackupAlgorithm::MegolmBackupV1Curve25519AesSha2 { public_key, signatures } =
+                backup.algorithm
+            {
+                if let Some(signatures) = signatures.get(self.store.user_id()) {
+                    for (device_key_id, signatures) in signatures {
+                        if device_key_id.algorithm() == DeviceKeyAlgorithm::Ed25519 {
+                            let device = self
+                                .store
+                                .get_device(self.store.user_id(), device_key_id.device_id())
+                                .await?;
+
+                            if let Some(device) = device {
+                                if device.verified()
+                                    && device
+                                        .is_signed_by_device(&mut serde_json::json!({}))
+                                        .is_ok()
+                                {
+                                    return Ok(true);
+                                }
+                            }
+                        }
+                    }
+
+                    false
+                } else {
+                    false
+                }
+            } else {
+                false
+            },
+        )
+    }
+
    /// TODO
    pub async fn enable_backup(&self, key: MegolmV1BackupKey) -> Result<(), CryptoStoreError> {
        if key.backup_version().is_some() {
--- a/crates/matrix-sdk-crypto/src/identities/device.rs
+++ b/crates/matrix-sdk-crypto/src/identities/device.rs
@@ -539,7 +539,7 @@ impl ReadOnlyDevice {
        Ok(())
    }

-    fn is_signed_by_device(&self, json: &mut Value) -> Result<(), SignatureError> {
+    pub(crate) fn is_signed_by_device(&self, json: &mut Value) -> Result<(), SignatureError> {
        let signing_key =
            self.get_key(DeviceKeyAlgorithm::Ed25519).ok_or(SignatureError::MissingSigningKey)?;