From dfef6370b637655f24540d79e11f9c8dd046c7cd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Damir=20Jeli=C4=87?= <poljar@termina.org.uk>
Date: Wed, 20 Oct 2021 20:13:38 +0200
Subject: [PATCH] feat(crypto): Add a method to verify uploaded backups

---
 crates/matrix-sdk-crypto/src/backups/mod.rs   | 42 ++++++++++++++++++-
 .../src/identities/device.rs                  |  2 +-
 2 files changed, 42 insertions(+), 2 deletions(-)

diff --git a/crates/matrix-sdk-crypto/src/backups/mod.rs b/crates/matrix-sdk-crypto/src/backups/mod.rs
index 70014ae82..4b1d2af51 100644
--- a/crates/matrix-sdk-crypto/src/backups/mod.rs
+++ b/crates/matrix-sdk-crypto/src/backups/mod.rs
@@ -20,7 +20,12 @@ use std::{
 };
 
 use matrix_sdk_common::{locks::RwLock, uuid::Uuid};
-use ruma::{api::client::r0::backup::RoomKeyBackup, RoomId};
+use ruma::{
+    api::client::r0::backup::{
+        get_backup::Response as BackupResponse, BackupAlgorithm, RoomKeyBackup,
+    },
+    DeviceKeyAlgorithm, RoomId,
+};
 use tracing::{debug, info, warn};
 
 use crate::{
@@ -84,6 +89,41 @@ impl BackupMachine {
         self.backup_key.read().await.as_ref().map(|b| b.backup_version().is_some()).unwrap_or(false)
     }
 
+    pub async fn verify_backup(&self, backup: BackupResponse) -> Result<bool, CryptoStoreError> {
+        Ok(
+            if let BackupAlgorithm::MegolmBackupV1Curve25519AesSha2 { public_key, signatures } =
+                backup.algorithm
+            {
+                if let Some(signatures) = signatures.get(self.store.user_id()) {
+                    for (device_key_id, signatures) in signatures {
+                        if device_key_id.algorithm() == DeviceKeyAlgorithm::Ed25519 {
+                            let device = self
+                                .store
+                                .get_device(self.store.user_id(), device_key_id.device_id())
+                                .await?;
+
+                            if let Some(device) = device {
+                                if device.verified()
+                                    && device
+                                        .is_signed_by_device(&mut serde_json::json!({}))
+                                        .is_ok()
+                                {
+                                    return Ok(true);
+                                }
+                            }
+                        }
+                    }
+
+                    false
+                } else {
+                    false
+                }
+            } else {
+                false
+            },
+        )
+    }
+
     /// TODO
     pub async fn enable_backup(&self, key: MegolmV1BackupKey) -> Result<(), CryptoStoreError> {
         if key.backup_version().is_some() {
diff --git a/crates/matrix-sdk-crypto/src/identities/device.rs b/crates/matrix-sdk-crypto/src/identities/device.rs
index 6c09536a1..1f69422a0 100644
--- a/crates/matrix-sdk-crypto/src/identities/device.rs
+++ b/crates/matrix-sdk-crypto/src/identities/device.rs
@@ -539,7 +539,7 @@ impl ReadOnlyDevice {
         Ok(())
     }
 
-    fn is_signed_by_device(&self, json: &mut Value) -> Result<(), SignatureError> {
+    pub(crate) fn is_signed_by_device(&self, json: &mut Value) -> Result<(), SignatureError> {
         let signing_key =
             self.get_key(DeviceKeyAlgorithm::Ed25519).ok_or(SignatureError::MissingSigningKey)?;