mirror of
https://github.com/matrix-org/matrix-rust-sdk.git
synced 2026-06-11 01:44:23 -04:00
wip-broken-adding-x509_keys
This commit is contained in:
Andy Balaam
@@ -43,7 +43,7 @@ fn huge_keys_query_response() -> get_keys::v3::Response {
|
||||
|
||||
pub fn keys_query(c: &mut Criterion) {
|
||||
let runtime = Builder::new_multi_thread().build().expect("Can't create runtime");
|
||||
let machine = runtime.block_on(OlmMachine::new(alice_id(), alice_device_id()));
|
||||
let machine = runtime.block_on(OlmMachine::new(alice_id(), alice_device_id(), None, None));
|
||||
let response = keys_query_response();
|
||||
let txn_id = TransactionId::new();
|
||||
|
||||
@@ -73,7 +73,7 @@ pub fn keys_query(c: &mut Criterion) {
|
||||
let dir = tempfile::tempdir().unwrap();
|
||||
let store = Arc::new(runtime.block_on(SqliteCryptoStore::open(dir.path(), None)).unwrap());
|
||||
let machine = runtime
|
||||
.block_on(OlmMachine::with_store(alice_id(), alice_device_id(), store, None))
|
||||
.block_on(OlmMachine::with_store(alice_id(), alice_device_id(), None, store, None, None))
|
||||
.unwrap();
|
||||
|
||||
group.bench_with_input(
|
||||
@@ -116,7 +116,12 @@ pub fn keys_claiming(c: &mut Criterion) {
|
||||
|b, response| {
|
||||
b.iter_batched(
|
||||
|| {
|
||||
let machine = runtime.block_on(OlmMachine::new(alice_id(), alice_device_id()));
|
||||
let machine = runtime.block_on(OlmMachine::new(
|
||||
alice_id(),
|
||||
alice_device_id(),
|
||||
None,
|
||||
None,
|
||||
));
|
||||
runtime
|
||||
.block_on(machine.mark_request_as_sent(&txn_id, &keys_query_response))
|
||||
.unwrap();
|
||||
@@ -148,8 +153,10 @@ pub fn keys_claiming(c: &mut Criterion) {
|
||||
.block_on(OlmMachine::with_store(
|
||||
alice_id(),
|
||||
alice_device_id(),
|
||||
None,
|
||||
store,
|
||||
None,
|
||||
None,
|
||||
))
|
||||
.unwrap();
|
||||
runtime
|
||||
@@ -186,7 +193,7 @@ pub fn room_key_sharing(c: &mut Criterion) {
|
||||
|
||||
let count = response.one_time_keys.values().fold(0, |acc, d| acc + d.len());
|
||||
|
||||
let machine = runtime.block_on(OlmMachine::new(alice_id(), alice_device_id()));
|
||||
let machine = runtime.block_on(OlmMachine::new(alice_id(), alice_device_id(), None, None));
|
||||
runtime.block_on(machine.mark_request_as_sent(&txn_id, &keys_query_response)).unwrap();
|
||||
runtime.block_on(machine.mark_request_as_sent(&txn_id, &response)).unwrap();
|
||||
|
||||
@@ -223,7 +230,7 @@ pub fn room_key_sharing(c: &mut Criterion) {
|
||||
let store = Arc::new(runtime.block_on(SqliteCryptoStore::open(dir.path(), None)).unwrap());
|
||||
|
||||
let machine = runtime
|
||||
.block_on(OlmMachine::with_store(alice_id(), alice_device_id(), store, None))
|
||||
.block_on(OlmMachine::with_store(alice_id(), alice_device_id(), None, store, None, None))
|
||||
.unwrap();
|
||||
runtime.block_on(machine.mark_request_as_sent(&txn_id, &keys_query_response)).unwrap();
|
||||
runtime.block_on(machine.mark_request_as_sent(&txn_id, &response)).unwrap();
|
||||
@@ -260,7 +267,7 @@ pub fn room_key_sharing(c: &mut Criterion) {
|
||||
pub fn devices_missing_sessions_collecting(c: &mut Criterion) {
|
||||
let runtime = Builder::new_multi_thread().build().expect("Can't create runtime");
|
||||
|
||||
let machine = runtime.block_on(OlmMachine::new(alice_id(), alice_device_id()));
|
||||
let machine = runtime.block_on(OlmMachine::new(alice_id(), alice_device_id(), None, None));
|
||||
let response = huge_keys_query_response();
|
||||
let txn_id = TransactionId::new();
|
||||
let users: Vec<OwnedUserId> = response.device_keys.keys().cloned().collect();
|
||||
@@ -288,7 +295,7 @@ pub fn devices_missing_sessions_collecting(c: &mut Criterion) {
|
||||
let store = Arc::new(runtime.block_on(SqliteCryptoStore::open(dir.path(), None)).unwrap());
|
||||
|
||||
let machine = runtime
|
||||
.block_on(OlmMachine::with_store(alice_id(), alice_device_id(), store, None))
|
||||
.block_on(OlmMachine::with_store(alice_id(), alice_device_id(), None, store, None, None))
|
||||
.unwrap();
|
||||
|
||||
runtime.block_on(machine.mark_request_as_sent(&txn_id, &response)).unwrap();
|
||||
|
||||
@@ -93,7 +93,9 @@ impl DehydratedDevices {
|
||||
inner: ManuallyDrop::new(self.runtime.block_on(self.inner.rehydrate(
|
||||
&key,
|
||||
&device_id,
|
||||
None,
|
||||
device_data,
|
||||
None,
|
||||
))?),
|
||||
}
|
||||
.into();
|
||||
|
||||
@@ -1164,8 +1164,10 @@ mod tests {
|
||||
let machine = OlmMachine::new(
|
||||
"@ganfra146:matrix.org".to_owned(),
|
||||
"DEWRCMENGS".to_owned(),
|
||||
None,
|
||||
path,
|
||||
None,
|
||||
None,
|
||||
)?;
|
||||
|
||||
assert_eq!(
|
||||
|
||||
@@ -21,7 +21,6 @@ use matrix_sdk_crypto::{
|
||||
store::types::{BackupDecryptionKey, Changes},
|
||||
types::{Signature, requests::ToDeviceRequest},
|
||||
};
|
||||
use rsa::RsaPrivateKey;
|
||||
use ruma::{
|
||||
DeviceKeyAlgorithm, EventId, OneTimeKeyAlgorithm, OwnedTransactionId, OwnedUserId, RoomId,
|
||||
UserId,
|
||||
@@ -203,13 +202,13 @@ impl OlmMachine {
|
||||
pub fn new(
|
||||
user_id: String,
|
||||
device_id: String,
|
||||
rsa_key: Option<String>,
|
||||
_rsa_key: Option<String>,
|
||||
path: String,
|
||||
mut passphrase: Option<String>,
|
||||
_x509_keys: Option<String>,
|
||||
) -> Result<Arc<Self>, CryptoStoreError> {
|
||||
let user_id = parse_user_id(&user_id)?;
|
||||
let device_id = device_id.as_str().into();
|
||||
let rsa_key = if let Some(k) = rsa_key { serde::from_str(&k)? } else { None };
|
||||
let runtime = Runtime::new().expect("Couldn't create a tokio runtime");
|
||||
|
||||
let store = runtime
|
||||
@@ -220,9 +219,10 @@ impl OlmMachine {
|
||||
let inner = runtime.block_on(InnerMachine::with_store(
|
||||
&user_id,
|
||||
device_id,
|
||||
rsa_key,
|
||||
None,
|
||||
Arc::new(store),
|
||||
None,
|
||||
None, // TODO: AJB: make X509Keys from String
|
||||
))?;
|
||||
|
||||
Ok(Arc::new(OlmMachine { inner: ManuallyDrop::new(inner), runtime }))
|
||||
|
||||
@@ -382,6 +382,8 @@ impl BaseClient {
|
||||
None,
|
||||
self.crypto_store.clone(),
|
||||
custom_account,
|
||||
// TODO: AJB: get existing x509_keys from the existing olm machine
|
||||
None,
|
||||
)
|
||||
.await
|
||||
.map_err(OlmError::from)?;
|
||||
|
||||
@@ -748,14 +748,14 @@ mod tests {
|
||||
|
||||
#[async_test]
|
||||
async fn test_memory_store_backups() -> Result<(), OlmError> {
|
||||
let machine = OlmMachine::new(alice_id(), alice_device_id(), None).await;
|
||||
let machine = OlmMachine::new(alice_id(), alice_device_id(), None, None).await;
|
||||
|
||||
backup_flow(machine).await
|
||||
}
|
||||
|
||||
#[async_test]
|
||||
async fn test_verify_auth_data() -> Result<(), OlmError> {
|
||||
let machine = OlmMachine::new(alice_id(), alice_device_id(), None).await;
|
||||
let machine = OlmMachine::new(alice_id(), alice_device_id(), None, None).await;
|
||||
let backup_machine = machine.backup_machine();
|
||||
|
||||
let auth_data = json!({
|
||||
@@ -834,7 +834,7 @@ mod tests {
|
||||
|
||||
#[async_test]
|
||||
async fn test_import_backed_up_room_keys() {
|
||||
let machine = OlmMachine::new(alice_id(), alice_device_id(), None).await;
|
||||
let machine = OlmMachine::new(alice_id(), alice_device_id(), None, None).await;
|
||||
let backup_machine = machine.backup_machine();
|
||||
|
||||
// We set up a backup key, so that we can test `backup_machine.backup()` later.
|
||||
@@ -883,7 +883,7 @@ mod tests {
|
||||
|
||||
#[async_test]
|
||||
async fn test_sign_backup_info() {
|
||||
let machine = OlmMachine::new(alice_id(), alice_device_id(), None).await;
|
||||
let machine = OlmMachine::new(alice_id(), alice_device_id(), None, None).await;
|
||||
let backup_machine = machine.backup_machine();
|
||||
|
||||
let decryption_key = BackupDecryptionKey::new();
|
||||
@@ -917,8 +917,9 @@ mod tests {
|
||||
|
||||
// Create the machine using `with_store` and without a call to enable_backup_v1,
|
||||
// like regenerate_olm would do
|
||||
let alice =
|
||||
OlmMachine::with_store(alice_id(), alice_device_id(), None, store, None).await.unwrap();
|
||||
let alice = OlmMachine::with_store(alice_id(), alice_device_id(), None, store, None, None)
|
||||
.await
|
||||
.unwrap();
|
||||
|
||||
let binding = alice.backup_machine().backup_key.read().await;
|
||||
let machine_backup_key = binding.as_ref().unwrap();
|
||||
|
||||
@@ -63,6 +63,7 @@ use crate::{
|
||||
types::{Changes, DehydratedDeviceKey, RoomKeyInfo},
|
||||
},
|
||||
verification::VerificationMachine,
|
||||
x509::X509Keys,
|
||||
};
|
||||
|
||||
/// Error type for device dehydration issues.
|
||||
@@ -116,8 +117,13 @@ impl DehydratedDevices {
|
||||
store.clone(),
|
||||
);
|
||||
|
||||
let store =
|
||||
Store::new(account.static_data().clone(), user_identity, store, verification_machine);
|
||||
let store = Store::new(
|
||||
account.static_data().clone(),
|
||||
user_identity,
|
||||
store,
|
||||
verification_machine,
|
||||
None,
|
||||
);
|
||||
store
|
||||
.save_pending_changes(crate::store::types::PendingChanges { account: Some(account) })
|
||||
.await?;
|
||||
@@ -149,10 +155,11 @@ impl DehydratedDevices {
|
||||
device_id: &DeviceId,
|
||||
rsa_key: Option<RsaPrivateKey>,
|
||||
device_data: Raw<DehydratedDeviceData>,
|
||||
x509_keys: Option<X509Keys>,
|
||||
) -> Result<RehydratedDevice, DehydrationError> {
|
||||
let rehydrated = self
|
||||
.inner
|
||||
.rehydrate(pickle_key.inner.as_ref(), device_id, rsa_key, device_data)
|
||||
.rehydrate(pickle_key.inner.as_ref(), device_id, rsa_key, device_data, x509_keys)
|
||||
.await?;
|
||||
|
||||
Ok(RehydratedDevice { rehydrated, original: self.inner.to_owned() })
|
||||
@@ -573,7 +580,7 @@ mod tests {
|
||||
// Rehydrate the device.
|
||||
let rehydrated = bob
|
||||
.dehydrated_devices()
|
||||
.rehydrate(&pickle_key(), &request.device_id, None, request.device_data)
|
||||
.rehydrate(&pickle_key(), &request.device_id, None, request.device_data, None)
|
||||
.await
|
||||
.expect("We should be able to rehydrate the device");
|
||||
|
||||
@@ -633,7 +640,7 @@ mod tests {
|
||||
|
||||
// Rehydrate the device.
|
||||
dehydrated_manager
|
||||
.rehydrate(&stored_key, &request.device_id, None, request.device_data)
|
||||
.rehydrate(&stored_key, &request.device_id, None, request.device_data, None)
|
||||
.await
|
||||
.expect("We should be able to rehydrate the device");
|
||||
|
||||
@@ -688,7 +695,7 @@ mod tests {
|
||||
// Rehydrate the device.
|
||||
let rehydrated = bob
|
||||
.dehydrated_devices()
|
||||
.rehydrate(&pickle_key(), &device_id, None, request.device_data)
|
||||
.rehydrate(&pickle_key(), &device_id, None, request.device_data, None)
|
||||
.await
|
||||
.expect("We should be able to rehydrate the device");
|
||||
|
||||
|
||||
@@ -1309,7 +1309,7 @@ mod tests {
|
||||
let identity = Arc::new(Mutex::new(PrivateCrossSigningIdentity::empty(alice_id())));
|
||||
let verification =
|
||||
VerificationMachine::new(static_data.clone(), identity.clone(), store.clone());
|
||||
let store = Store::new(static_data, identity, store, verification);
|
||||
let store = Store::new(static_data, identity, store, verification, None);
|
||||
|
||||
let session_cache = GroupSessionCache::new(store.clone());
|
||||
let identity_manager = IdentityManager::new(store.clone());
|
||||
@@ -1352,7 +1352,7 @@ mod tests {
|
||||
let verification =
|
||||
VerificationMachine::new(account.static_data.clone(), identity.clone(), store.clone());
|
||||
|
||||
let store = Store::new(account.static_data().clone(), identity, store, verification);
|
||||
let store = Store::new(account.static_data().clone(), identity, store, verification, None);
|
||||
store.save_device_data(&[device, another_device]).await.unwrap();
|
||||
store.save_pending_changes(PendingChanges { account: Some(account) }).await.unwrap();
|
||||
let session_cache = GroupSessionCache::new(store.clone());
|
||||
|
||||
@@ -1258,7 +1258,7 @@ pub(crate) mod testing {
|
||||
let store = Arc::new(CryptoStoreWrapper::new(&user_id, device_id, MemoryStore::new()));
|
||||
let verification =
|
||||
VerificationMachine::new(static_account.clone(), identity.clone(), store.clone());
|
||||
let store = Store::new(static_account, identity, store, verification);
|
||||
let store = Store::new(static_account, identity, store, verification, None);
|
||||
store.save_pending_changes(PendingChanges { account: Some(account) }).await.unwrap();
|
||||
IdentityManager::new(store)
|
||||
}
|
||||
@@ -2195,7 +2195,7 @@ pub(crate) mod tests {
|
||||
async fn common_verified_identity_changes_machine_setup() -> OlmMachine {
|
||||
use test_json::keys_query_sets::VerificationViolationTestData as DataSet;
|
||||
|
||||
let machine = OlmMachine::new(DataSet::own_id(), device_id!("LOCAL"), None).await;
|
||||
let machine = OlmMachine::new(DataSet::own_id(), device_id!("LOCAL"), None, None).await;
|
||||
|
||||
let keys_query = DataSet::own_keys_query_response_1();
|
||||
let txn_id = TransactionId::new();
|
||||
@@ -2314,7 +2314,7 @@ pub(crate) mod tests {
|
||||
use test_json::keys_query_sets::VerificationViolationTestData as DataSet;
|
||||
|
||||
// Start on a non-verified session
|
||||
let machine = OlmMachine::new(DataSet::own_id(), device_id!("LOCAL"), None).await;
|
||||
let machine = OlmMachine::new(DataSet::own_id(), device_id!("LOCAL"), None, None).await;
|
||||
|
||||
let keys_query = DataSet::own_keys_query_response_1();
|
||||
let txn_id = TransactionId::new();
|
||||
|
||||
@@ -1180,6 +1180,7 @@ mod tests {
|
||||
MemoryStore::new(),
|
||||
)),
|
||||
verification_machine,
|
||||
None,
|
||||
),
|
||||
))
|
||||
}
|
||||
|
||||
@@ -44,7 +44,6 @@ use crate::{
|
||||
requests::OutgoingVerificationRequest,
|
||||
},
|
||||
verification::VerificationMachine,
|
||||
x509,
|
||||
};
|
||||
|
||||
/// Enum over the different user identity types we can have.
|
||||
@@ -929,8 +928,8 @@ impl OtherUserIdentityData {
|
||||
self.user_id() == device.user_id() && self.self_signing_key.verify_device(device).is_ok()
|
||||
}
|
||||
|
||||
pub(crate) fn verify_certificate_chain(&self, certificate_authorities: Vec<String>) -> bool {
|
||||
let Some(this_user_sigs) = self.master_key.signatures().get(&self.user_id) else {
|
||||
pub(crate) fn verify_certificate_chain(&self, _certificate_authorities: Vec<String>) -> bool {
|
||||
let Some(_this_user_sigs) = self.master_key.signatures().get(&self.user_id) else {
|
||||
return false;
|
||||
};
|
||||
|
||||
@@ -1778,7 +1777,7 @@ pub(crate) mod tests {
|
||||
use test_json::keys_query_sets::IdentityChangeDataSet as DataSet;
|
||||
|
||||
let my_user_id = user_id!("@me:localhost");
|
||||
let machine = OlmMachine::new(my_user_id, device_id!("ABCDEFGH"), None).await;
|
||||
let machine = OlmMachine::new(my_user_id, device_id!("ABCDEFGH"), None, None).await;
|
||||
machine.bootstrap_cross_signing(false).await.unwrap();
|
||||
|
||||
let my_id = machine.get_identity(my_user_id, None).await.unwrap().unwrap().own().unwrap();
|
||||
@@ -1826,7 +1825,7 @@ pub(crate) mod tests {
|
||||
use test_json::keys_query_sets::IdentityChangeDataSet as DataSet;
|
||||
|
||||
let my_user_id = user_id!("@me:localhost");
|
||||
let machine = OlmMachine::new(my_user_id, device_id!("ABCDEFGH"), None).await;
|
||||
let machine = OlmMachine::new(my_user_id, device_id!("ABCDEFGH"), None, None).await;
|
||||
machine.bootstrap_cross_signing(false).await.unwrap();
|
||||
|
||||
let keys_query = DataSet::key_query_with_identity_a();
|
||||
@@ -1864,7 +1863,7 @@ pub(crate) mod tests {
|
||||
async fn test_resolve_identity_verification_violation_with_withdraw() {
|
||||
use test_json::keys_query_sets::VerificationViolationTestData as DataSet;
|
||||
|
||||
let machine = OlmMachine::new(DataSet::own_id(), device_id!("LOCAL"), None).await;
|
||||
let machine = OlmMachine::new(DataSet::own_id(), device_id!("LOCAL"), None, None).await;
|
||||
|
||||
let keys_query = DataSet::own_keys_query_response_1();
|
||||
let txn_id = TransactionId::new();
|
||||
@@ -1904,7 +1903,7 @@ pub(crate) mod tests {
|
||||
async fn test_reset_own_keys_creates_verification_violation() {
|
||||
use test_json::keys_query_sets::VerificationViolationTestData as DataSet;
|
||||
|
||||
let machine = OlmMachine::new(DataSet::own_id(), device_id!("LOCAL"), None).await;
|
||||
let machine = OlmMachine::new(DataSet::own_id(), device_id!("LOCAL"), None, None).await;
|
||||
|
||||
let keys_query = DataSet::own_keys_query_response_1();
|
||||
let txn_id = TransactionId::new();
|
||||
@@ -1945,7 +1944,7 @@ pub(crate) mod tests {
|
||||
async fn test_own_keys_update_creates_own_identity_verification_violation() {
|
||||
use test_json::keys_query_sets::VerificationViolationTestData as DataSet;
|
||||
|
||||
let machine = OlmMachine::new(DataSet::own_id(), device_id!("LOCAL"), None).await;
|
||||
let machine = OlmMachine::new(DataSet::own_id(), device_id!("LOCAL"), None, None).await;
|
||||
|
||||
// Start with our own identity verified
|
||||
let own_keys = DataSet::own_keys_query_response_1();
|
||||
|
||||
@@ -33,7 +33,7 @@ pub mod store;
|
||||
pub mod types;
|
||||
mod utilities;
|
||||
mod verification;
|
||||
mod x509;
|
||||
pub mod x509;
|
||||
|
||||
#[cfg(any(test, feature = "testing"))]
|
||||
/// Testing facilities and helpers for crypto tests
|
||||
|
||||
@@ -117,6 +117,7 @@ use crate::{
|
||||
},
|
||||
utilities::timestamp_to_iso8601,
|
||||
verification::{Verification, VerificationMachine, VerificationRequest},
|
||||
x509::X509Keys,
|
||||
};
|
||||
|
||||
#[derive(Debug, Serialize)]
|
||||
@@ -195,8 +196,9 @@ impl OlmMachine {
|
||||
user_id: &UserId,
|
||||
device_id: &DeviceId,
|
||||
rsa_key: Option<RsaPrivateKey>,
|
||||
x509_keys: Option<X509Keys>,
|
||||
) -> Self {
|
||||
OlmMachine::with_store(user_id, device_id, rsa_key, MemoryStore::new(), None)
|
||||
OlmMachine::with_store(user_id, device_id, rsa_key, MemoryStore::new(), None, x509_keys)
|
||||
.await
|
||||
.expect("Reading and writing to the memory store always succeeds")
|
||||
}
|
||||
@@ -207,6 +209,7 @@ impl OlmMachine {
|
||||
device_id: &DeviceId,
|
||||
rsa_key: Option<RsaPrivateKey>,
|
||||
device_data: Raw<DehydratedDeviceData>,
|
||||
x509_keys: Option<X509Keys>,
|
||||
) -> Result<OlmMachine, DehydrationError> {
|
||||
let account = Account::rehydrate(pickle_key, self.user_id(), device_id, device_data)?;
|
||||
let static_account = account.static_data().clone();
|
||||
@@ -222,8 +225,12 @@ impl OlmMachine {
|
||||
})
|
||||
.await?;
|
||||
|
||||
let (verification_machine, store, identity_manager) =
|
||||
Self::new_helper_prelude(store, static_account, self.store().private_identity());
|
||||
let (verification_machine, store, identity_manager) = Self::new_helper_prelude(
|
||||
store,
|
||||
static_account,
|
||||
self.store().private_identity(),
|
||||
x509_keys,
|
||||
);
|
||||
|
||||
Ok(Self::new_helper(
|
||||
device_id,
|
||||
@@ -240,10 +247,18 @@ impl OlmMachine {
|
||||
store_wrapper: Arc<CryptoStoreWrapper>,
|
||||
account: StaticAccountData,
|
||||
user_identity: Arc<Mutex<PrivateCrossSigningIdentity>>,
|
||||
x509_keys: Option<X509Keys>,
|
||||
) -> (VerificationMachine, Store, IdentityManager) {
|
||||
let verification_machine =
|
||||
VerificationMachine::new(account.clone(), user_identity.clone(), store_wrapper.clone());
|
||||
let store = Store::new(account, user_identity, store_wrapper, verification_machine.clone());
|
||||
|
||||
let store = Store::new(
|
||||
account,
|
||||
user_identity,
|
||||
store_wrapper,
|
||||
verification_machine.clone(),
|
||||
x509_keys,
|
||||
);
|
||||
|
||||
let identity_manager = IdentityManager::new(store.clone());
|
||||
|
||||
@@ -322,6 +337,7 @@ impl OlmMachine {
|
||||
rsa_key: Option<RsaPrivateKey>,
|
||||
store: impl IntoCryptoStore,
|
||||
custom_account: Option<vodozemac::olm::Account>,
|
||||
x509_keys: Option<X509Keys>,
|
||||
) -> StoreResult<Self> {
|
||||
let store = store.into_crypto_store();
|
||||
|
||||
@@ -414,7 +430,7 @@ impl OlmMachine {
|
||||
let store = Arc::new(CryptoStoreWrapper::new(user_id, device_id, store));
|
||||
|
||||
let (verification_machine, store, identity_manager) =
|
||||
Self::new_helper_prelude(store, static_account, identity.clone());
|
||||
Self::new_helper_prelude(store, static_account, identity.clone(), x509_keys);
|
||||
|
||||
// FIXME: We might want in the future a more generic high-level data migration
|
||||
// mechanism (at the store wrapper layer).
|
||||
|
||||
@@ -80,7 +80,7 @@ pub async fn get_prepared_machine_test_helper(
|
||||
user_id: &UserId,
|
||||
use_fallback_key: bool,
|
||||
) -> (OlmMachine, OneTimeKeys) {
|
||||
let machine = OlmMachine::new(user_id, bob_device_id(), None).await;
|
||||
let machine = OlmMachine::new(user_id, bob_device_id(), None, None).await;
|
||||
|
||||
let request = machine
|
||||
.store()
|
||||
@@ -123,7 +123,7 @@ pub async fn get_machine_pair_using_store(
|
||||
) -> (OlmMachine, OlmMachine, OneTimeKeys) {
|
||||
let (bob, otk) = get_prepared_machine_test_helper(bob, use_fallback_key).await;
|
||||
|
||||
let alice = OlmMachine::with_store(alice, alice_device_id, None, alice_store, None)
|
||||
let alice = OlmMachine::with_store(alice, alice_device_id, None, alice_store, None, None)
|
||||
.await
|
||||
.expect("Failed to create OlmMachine from supplied store");
|
||||
|
||||
@@ -139,7 +139,7 @@ pub async fn get_machine_pair(
|
||||
let (bob, otk) = get_prepared_machine_test_helper(bob, use_fallback_key).await;
|
||||
|
||||
let alice_device = alice_device_id();
|
||||
let alice = OlmMachine::new(alice, alice_device, None).await;
|
||||
let alice = OlmMachine::new(alice, alice_device, None, None).await;
|
||||
|
||||
store_each_others_device_data(&alice, &bob).await;
|
||||
(alice, bob, otk)
|
||||
|
||||
@@ -142,7 +142,7 @@ pub fn to_device_requests_to_content(
|
||||
#[async_test]
|
||||
async fn test_create_olm_machine() {
|
||||
let test_start_ts = MilliSecondsSinceUnixEpoch::now();
|
||||
let machine = OlmMachine::new(user_id(), alice_device_id(), None).await;
|
||||
let machine = OlmMachine::new(user_id(), alice_device_id(), None, None).await;
|
||||
|
||||
let device_creation_time = machine.device_creation_time();
|
||||
assert!(device_creation_time <= MilliSecondsSinceUnixEpoch::now());
|
||||
@@ -163,7 +163,7 @@ async fn test_create_olm_machine() {
|
||||
|
||||
#[async_test]
|
||||
async fn test_generate_one_time_keys() {
|
||||
let machine = OlmMachine::new(user_id(), alice_device_id(), None).await;
|
||||
let machine = OlmMachine::new(user_id(), alice_device_id(), None, None).await;
|
||||
|
||||
machine
|
||||
.store()
|
||||
@@ -207,7 +207,7 @@ async fn test_generate_one_time_keys() {
|
||||
|
||||
#[async_test]
|
||||
async fn test_device_key_signing() {
|
||||
let machine = OlmMachine::new(user_id(), alice_device_id(), None).await;
|
||||
let machine = OlmMachine::new(user_id(), alice_device_id(), None, None).await;
|
||||
|
||||
let (device_keys, identity_keys) = {
|
||||
let cache = machine.store().cache().await.unwrap();
|
||||
@@ -229,7 +229,7 @@ async fn test_device_key_signing() {
|
||||
|
||||
#[async_test]
|
||||
async fn test_session_invalidation() {
|
||||
let machine = OlmMachine::new(user_id(), alice_device_id(), None).await;
|
||||
let machine = OlmMachine::new(user_id(), alice_device_id(), None, None).await;
|
||||
let room_id = room_id!("!test:example.org");
|
||||
|
||||
machine.create_outbound_group_session_with_defaults_test_helper(room_id).await.unwrap();
|
||||
@@ -290,7 +290,7 @@ fn test_one_time_key_signing() {
|
||||
|
||||
#[async_test]
|
||||
async fn test_keys_for_upload() {
|
||||
let machine = OlmMachine::new(user_id(), alice_device_id(), None).await;
|
||||
let machine = OlmMachine::new(user_id(), alice_device_id(), None, None).await;
|
||||
|
||||
let decryption_settings =
|
||||
DecryptionSettings { sender_device_trust_requirement: TrustRequirement::Untrusted };
|
||||
@@ -1260,7 +1260,7 @@ async fn test_query_ratcheted_key() {
|
||||
// Need a second bob session to check gossiping
|
||||
let bob_id = user_id();
|
||||
let bob_other_device = device_id!("OTHERBOB");
|
||||
let bob_other_machine = OlmMachine::new(bob_id, bob_other_device, None).await;
|
||||
let bob_other_machine = OlmMachine::new(bob_id, bob_other_device, None, None).await;
|
||||
let bob_other_device = DeviceData::from_machine_test_helper(&bob_other_machine).await.unwrap();
|
||||
bob.store().save_device_data(&[bob_other_device]).await.unwrap();
|
||||
bob.get_device(bob_id, device_id!("OTHERBOB"), None)
|
||||
@@ -1477,7 +1477,7 @@ async fn test_room_key_with_fake_identity_keys() {
|
||||
async fn test_importing_private_cross_signing_keys_verifies_the_public_identity() {
|
||||
async fn create_additional_machine(machine: &OlmMachine) -> OlmMachine {
|
||||
let second_machine =
|
||||
OlmMachine::new(machine.user_id(), "ADDITIONAL_MACHINE".into(), None).await;
|
||||
OlmMachine::new(machine.user_id(), "ADDITIONAL_MACHINE".into(), None, None).await;
|
||||
|
||||
let identity = machine
|
||||
.get_identity(machine.user_id(), None)
|
||||
@@ -1568,7 +1568,7 @@ async fn test_wait_on_key_query_doesnt_block_store() {
|
||||
// This test will end immediately if it works, and times out after a few seconds
|
||||
// if it failed.
|
||||
|
||||
let machine = OlmMachine::new(bob_id(), bob_device_id(), None).await;
|
||||
let machine = OlmMachine::new(bob_id(), bob_device_id(), None, None).await;
|
||||
|
||||
// Mark Alice as a tracked user, so it gets into the groups of users for which
|
||||
// we need to query keys.
|
||||
@@ -1642,8 +1642,9 @@ async fn test_fix_incorrect_usage_of_backup_key_causing_decryption_errors() {
|
||||
|
||||
// Create the machine using `with_store` and without a call to enable_backup_v1,
|
||||
// like regenerate_olm would do
|
||||
let alice =
|
||||
OlmMachine::with_store(user_id(), alice_device_id(), None, store, None).await.unwrap();
|
||||
let alice = OlmMachine::with_store(user_id(), alice_device_id(), None, store, None, None)
|
||||
.await
|
||||
.unwrap();
|
||||
|
||||
let exported_key = ExportedRoomKey::from_backed_up_room_key(
|
||||
owned_room_id!("!room:id"),
|
||||
@@ -1679,9 +1680,10 @@ async fn test_olm_machine_with_custom_account() {
|
||||
let account = vodozemac::olm::Account::new();
|
||||
let curve_key = account.identity_keys().curve25519;
|
||||
|
||||
let alice = OlmMachine::with_store(user_id(), alice_device_id(), None, store, Some(account))
|
||||
.await
|
||||
.unwrap();
|
||||
let alice =
|
||||
OlmMachine::with_store(user_id(), alice_device_id(), None, store, Some(account), None)
|
||||
.await
|
||||
.unwrap();
|
||||
|
||||
assert_eq!(
|
||||
alice.identity_keys().curve25519,
|
||||
@@ -2023,9 +2025,10 @@ async fn test_mark_all_tracked_users_as_dirty() {
|
||||
.await
|
||||
.unwrap();
|
||||
|
||||
let alice = OlmMachine::with_store(user_id(), alice_device_id(), None, store, Some(account))
|
||||
.await
|
||||
.unwrap();
|
||||
let alice =
|
||||
OlmMachine::with_store(user_id(), alice_device_id(), None, store, Some(account), None)
|
||||
.await
|
||||
.unwrap();
|
||||
|
||||
// All users are marked as not dirty.
|
||||
alice.store().load_tracked_users().await.unwrap().iter().for_each(|tracked_user| {
|
||||
@@ -2054,9 +2057,10 @@ async fn test_verified_latch_migration() {
|
||||
let to_track_not_dirty = vec![(bob_id, false), (carol_id, false)];
|
||||
store.save_tracked_users(&to_track_not_dirty).await.unwrap();
|
||||
|
||||
let alice = OlmMachine::with_store(user_id(), alice_device_id(), None, store, Some(account))
|
||||
.await
|
||||
.unwrap();
|
||||
let alice =
|
||||
OlmMachine::with_store(user_id(), alice_device_id(), None, store, Some(account), None)
|
||||
.await
|
||||
.unwrap();
|
||||
|
||||
let alice_store = alice.store();
|
||||
|
||||
|
||||
@@ -155,7 +155,8 @@ async fn test_getting_most_recent_session() {
|
||||
#[async_test]
|
||||
async fn test_get_most_recent_session_of_device_with_no_curve_key() {
|
||||
let alice_machine =
|
||||
OlmMachine::new(user_id!("@alice:example.org"), device_id!("ALICE_DEVICE"), None).await;
|
||||
OlmMachine::new(user_id!("@alice:example.org"), device_id!("ALICE_DEVICE"), None, None)
|
||||
.await;
|
||||
let bob_user_id = user_id!("@bob:example.com");
|
||||
let bob_device_id = device_id!("BOB_DEVICE");
|
||||
|
||||
|
||||
@@ -11,14 +11,14 @@ use crate::{
|
||||
|
||||
#[async_test]
|
||||
async fn test_room_settings_returns_none_for_unknown_room() {
|
||||
let machine = OlmMachine::new(tests::user_id(), tests::alice_device_id(), None).await;
|
||||
let machine = OlmMachine::new(tests::user_id(), tests::alice_device_id(), None, None).await;
|
||||
let settings = machine.room_settings(room_id!("!test2:localhost")).await.unwrap();
|
||||
assert!(settings.is_none());
|
||||
}
|
||||
|
||||
#[async_test]
|
||||
async fn test_stores_and_returns_room_settings() {
|
||||
let machine = OlmMachine::new(tests::user_id(), tests::alice_device_id(), None).await;
|
||||
let machine = OlmMachine::new(tests::user_id(), tests::alice_device_id(), None, None).await;
|
||||
let room_id = room_id!("!test:localhost");
|
||||
|
||||
let settings = RoomSettings {
|
||||
@@ -36,7 +36,7 @@ async fn test_stores_and_returns_room_settings() {
|
||||
|
||||
#[async_test]
|
||||
async fn test_set_room_settings_rejects_invalid_algorithms() {
|
||||
let machine = OlmMachine::new(tests::user_id(), tests::alice_device_id(), None).await;
|
||||
let machine = OlmMachine::new(tests::user_id(), tests::alice_device_id(), None, None).await;
|
||||
let room_id = room_id!("!test:localhost");
|
||||
|
||||
let err = machine
|
||||
@@ -54,7 +54,7 @@ async fn test_set_room_settings_rejects_invalid_algorithms() {
|
||||
|
||||
#[async_test]
|
||||
async fn test_set_room_settings_rejects_changes() {
|
||||
let machine = OlmMachine::new(tests::user_id(), tests::alice_device_id(), None).await;
|
||||
let machine = OlmMachine::new(tests::user_id(), tests::alice_device_id(), None, None).await;
|
||||
let room_id = room_id!("!test:localhost");
|
||||
|
||||
// Initial settings
|
||||
@@ -80,7 +80,7 @@ async fn test_set_room_settings_rejects_changes() {
|
||||
|
||||
#[async_test]
|
||||
async fn test_set_room_settings_accepts_noop_changes() {
|
||||
let machine = OlmMachine::new(tests::user_id(), tests::alice_device_id(), None).await;
|
||||
let machine = OlmMachine::new(tests::user_id(), tests::alice_device_id(), None, None).await;
|
||||
let room_id = room_id!("!test:localhost");
|
||||
|
||||
// Initial settings
|
||||
|
||||
@@ -164,7 +164,7 @@ async fn test_receive_custom_encrypted_to_device_with_no_sender_device_keys_fail
|
||||
{
|
||||
let (bob, otk) = get_prepared_machine_test_helper(bob_id(), false).await;
|
||||
|
||||
let alice = OlmMachine::new(tests::alice_id(), tests::alice_device_id()).await;
|
||||
let alice = OlmMachine::new(tests::alice_id(), tests::alice_device_id(), None, None).await;
|
||||
|
||||
let bob_device = DeviceData::from_machine_test_helper(&bob).await.unwrap();
|
||||
alice.store().save_device_data(&[bob_device]).await.unwrap();
|
||||
@@ -215,7 +215,7 @@ async fn test_excluding_insecure_means_custom_to_device_events_from_unverified_d
|
||||
let (bob, otk) = get_prepared_machine_test_helper(bob_id(), false).await;
|
||||
|
||||
// Alice is the sender
|
||||
let alice = OlmMachine::new(tests::alice_id(), tests::alice_device_id()).await;
|
||||
let alice = OlmMachine::new(tests::alice_id(), tests::alice_device_id(), None, None).await;
|
||||
|
||||
let bob_device = DeviceData::from_machine_test_helper(&bob).await.unwrap();
|
||||
alice.store().save_device_data(&[bob_device]).await.unwrap();
|
||||
@@ -268,7 +268,7 @@ async fn test_excluding_insecure_does_not_prevent_key_events_being_processed() {
|
||||
let (bob, otk) = get_prepared_machine_test_helper(bob_id(), false).await;
|
||||
|
||||
// Alice is the sender
|
||||
let alice = OlmMachine::new(tests::alice_id(), tests::alice_device_id()).await;
|
||||
let alice = OlmMachine::new(tests::alice_id(), tests::alice_device_id(), None, None).await;
|
||||
|
||||
let bob_device = DeviceData::from_machine_test_helper(&bob).await.unwrap();
|
||||
alice.store().save_device_data(&[bob_device]).await.unwrap();
|
||||
@@ -755,7 +755,7 @@ async fn test_share_strategy_prevents_encryption() {
|
||||
use crate::CrossSigningKeyExport;
|
||||
|
||||
// Create the local user (`@me`), and import the public identity keys
|
||||
let machine = OlmMachine::new(DataSet::me_id(), DataSet::me_device_id()).await;
|
||||
let machine = OlmMachine::new(DataSet::me_id(), DataSet::me_device_id(), None, None).await;
|
||||
let keys_query = DataSet::me_keys_query_response();
|
||||
machine.mark_request_as_sent(&TransactionId::new(), &keys_query).await.unwrap();
|
||||
|
||||
|
||||
@@ -25,27 +25,21 @@ use js_option::JsOption;
|
||||
use matrix_sdk_common::deserialized_responses::{
|
||||
AlgorithmInfo, DeviceLinkProblem, EncryptionInfo, VerificationLevel, VerificationState,
|
||||
};
|
||||
use rsa::{RsaPrivateKey, rand_core::OsRng, signature::RandomizedSigner};
|
||||
use rsa::RsaPrivateKey;
|
||||
use ruma::{
|
||||
CanonicalJsonValue, DeviceId, DeviceKeyAlgorithm, DeviceKeyId, MilliSecondsSinceUnixEpoch,
|
||||
OneTimeKeyAlgorithm, OneTimeKeyId, OwnedDeviceId, OwnedDeviceKeyId, OwnedOneTimeKeyId,
|
||||
OwnedUserId, RoomId, SecondsSinceUnixEpoch, UInt, UserId,
|
||||
api::client::{
|
||||
dehydrated_device::{DehydratedDeviceData, DehydratedDeviceV2},
|
||||
keys::{
|
||||
upload_keys,
|
||||
upload_signatures::v3::{Request as SignatureUploadRequest, SignedKeys},
|
||||
},
|
||||
keys::{upload_keys, upload_signatures::v3::Request as SignatureUploadRequest},
|
||||
},
|
||||
canonical_json::to_canonical_value,
|
||||
events::{AnyToDeviceEvent, room::history_visibility::HistoryVisibility},
|
||||
serde::Raw,
|
||||
};
|
||||
use serde::{Deserialize, Serialize, de::Error};
|
||||
use serde_json::{
|
||||
json,
|
||||
value::{RawValue as RawJsonValue, to_raw_value},
|
||||
};
|
||||
use serde_json::value::{RawValue as RawJsonValue, to_raw_value};
|
||||
use sha2::{Digest, Sha256};
|
||||
use tokio::sync::Mutex;
|
||||
use tracing::{Span, debug, field::debug, info, instrument, trace, warn};
|
||||
@@ -68,13 +62,13 @@ use crate::{
|
||||
dehydrated_devices::DehydrationError,
|
||||
error::{EventError, OlmResult, SessionCreationError},
|
||||
identities::DeviceData,
|
||||
olm::{SenderData, utility::to_signable_json},
|
||||
olm::SenderData,
|
||||
store::{
|
||||
Store,
|
||||
types::{Changes, DeviceChanges},
|
||||
},
|
||||
types::{
|
||||
CrossSigningKey, DeviceKeys, EventEncryptionAlgorithm, MasterPubkey, OneTimeKey, SignedKey,
|
||||
CrossSigningKey, DeviceKeys, EventEncryptionAlgorithm, OneTimeKey, SignedKey,
|
||||
events::{
|
||||
olm_v1::AnyDecryptedOlmEvent,
|
||||
room::encrypted::{
|
||||
@@ -863,25 +857,6 @@ impl Account {
|
||||
signature,
|
||||
);
|
||||
|
||||
//let key_name = device_id!("todo_key_id");
|
||||
|
||||
//let key_algorithm: DeviceKeyAlgorithm = serde_json::from_str("rsa").expect(
|
||||
// "Hard-coded string unexpectedly failed to deserialize as a
|
||||
// DeviceKeyAlgorithm.",
|
||||
//);
|
||||
|
||||
//let device_key_id = DeviceKeyId::from_parts(key_algorithm, key_name);
|
||||
|
||||
// TODO: AJB: more properly support an RSA algorithm type?
|
||||
|
||||
let device_key_id =
|
||||
serde_json::from_value(json!("rsa:todo_key_id")).expect("Failed to deserialize x");
|
||||
|
||||
let rsa_signature = self.sign_json_rsa(canonical_json.clone())?;
|
||||
if let Some(rsa_signature) = rsa_signature {
|
||||
cross_signing_key.signatures.add_signature_rsa(signer, device_key_id, rsa_signature);
|
||||
}
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
@@ -896,27 +871,6 @@ impl Account {
|
||||
self.inner.sign_json(json)
|
||||
}
|
||||
|
||||
/// Sign the supplied JSON string with our RSA key.
|
||||
///
|
||||
/// # Arguments
|
||||
///
|
||||
/// * `json` - The canonical JSON value to sign string.
|
||||
pub fn sign_json_rsa(
|
||||
&self,
|
||||
json: CanonicalJsonValue,
|
||||
) -> Result<Option<rsa::pss::Signature>, SignatureError> {
|
||||
let json = to_signable_json(json)?;
|
||||
|
||||
Ok(match &self.rsa_key {
|
||||
Some(rsa_key) => {
|
||||
let mut rng = OsRng::default();
|
||||
let signing_key = rsa::pss::SigningKey::<Sha256>::new(rsa_key.clone());
|
||||
Some(signing_key.sign_with_rng(&mut rng, json.as_bytes()))
|
||||
}
|
||||
None => None,
|
||||
})
|
||||
}
|
||||
|
||||
/// Sign and prepare one-time keys to be uploaded.
|
||||
///
|
||||
/// If no one-time keys need to be uploaded, returns an empty `BTreeMap`.
|
||||
|
||||
@@ -949,7 +949,7 @@ mod tests {
|
||||
|
||||
#[async_test]
|
||||
async fn test_pickle_snapshot() {
|
||||
let account = Account::new(alice_id());
|
||||
let account = Account::new(alice_id(), None);
|
||||
let room_id = room_id!("!test:localhost");
|
||||
let (_, session) = account.create_group_session_pair_with_defaults(room_id).await;
|
||||
|
||||
@@ -1161,7 +1161,7 @@ mod tests {
|
||||
#[async_test]
|
||||
#[allow(deprecated)]
|
||||
async fn test_session_comparison() {
|
||||
let alice = Account::with_device_id(alice_id(), alice_device_id());
|
||||
let alice = Account::with_device_id(alice_id(), alice_device_id(), None);
|
||||
let room_id = room_id!("!test:localhost");
|
||||
|
||||
let (_, inbound) = alice.create_group_session_pair_with_defaults(room_id).await;
|
||||
@@ -1189,7 +1189,7 @@ mod tests {
|
||||
#[async_test]
|
||||
#[allow(deprecated)]
|
||||
async fn test_session_comparison_sender_data() {
|
||||
let alice = Account::with_device_id(alice_id(), alice_device_id());
|
||||
let alice = Account::with_device_id(alice_id(), alice_device_id(), None);
|
||||
let room_id = room_id!("!test:localhost");
|
||||
|
||||
let (_, mut inbound) = alice.create_group_session_pair_with_defaults(room_id).await;
|
||||
@@ -1434,7 +1434,7 @@ mod tests {
|
||||
|
||||
#[async_test]
|
||||
async fn test_shared_history_in_pickle() {
|
||||
let alice = Account::with_device_id(alice_id(), alice_device_id());
|
||||
let alice = Account::with_device_id(alice_id(), alice_device_id(), None);
|
||||
let room_id = room_id!("!test:localhost");
|
||||
|
||||
let (_, mut inbound) = alice.create_group_session_pair_with_defaults(room_id).await;
|
||||
@@ -1458,7 +1458,7 @@ mod tests {
|
||||
|
||||
#[async_test]
|
||||
async fn test_shared_history_in_export() {
|
||||
let alice = Account::with_device_id(alice_id(), alice_device_id());
|
||||
let alice = Account::with_device_id(alice_id(), alice_device_id(), None);
|
||||
let room_id = room_id!("!test:localhost");
|
||||
|
||||
let (_, mut inbound) = alice.create_group_session_pair_with_defaults(room_id).await;
|
||||
|
||||
@@ -753,7 +753,7 @@ mod tests {
|
||||
#[async_test]
|
||||
async fn test_from_device_for_unsigned_device() {
|
||||
let bob_account =
|
||||
Account::with_device_id(user_id!("@bob:example.com"), device_id!("BOB_DEVICE"));
|
||||
Account::with_device_id(user_id!("@bob:example.com"), device_id!("BOB_DEVICE"), None);
|
||||
let bob_device = create_unsigned_device(bob_account.device_keys());
|
||||
|
||||
let sender_data = SenderData::from_device(&bob_device);
|
||||
@@ -771,7 +771,7 @@ mod tests {
|
||||
async fn test_from_device_for_unverified_user() {
|
||||
let bob_identity = PrivateCrossSigningIdentity::new(owned_user_id!("@bob:example.com"));
|
||||
let bob_account =
|
||||
Account::with_device_id(user_id!("@bob:example.com"), device_id!("BOB_DEVICE"));
|
||||
Account::with_device_id(user_id!("@bob:example.com"), device_id!("BOB_DEVICE"), None);
|
||||
let bob_device = create_signed_device_of_unverified_user(
|
||||
bob_account.device_keys().clone(),
|
||||
&bob_identity,
|
||||
@@ -794,13 +794,16 @@ mod tests {
|
||||
|
||||
#[async_test]
|
||||
async fn test_from_device_for_verified_user() {
|
||||
let alice_account =
|
||||
Account::with_device_id(user_id!("@alice:example.com"), device_id!("ALICE_DEVICE"));
|
||||
let alice_account = Account::with_device_id(
|
||||
user_id!("@alice:example.com"),
|
||||
device_id!("ALICE_DEVICE"),
|
||||
None,
|
||||
);
|
||||
let alice_identity = PrivateCrossSigningIdentity::for_account(&alice_account);
|
||||
|
||||
let bob_identity = PrivateCrossSigningIdentity::new(owned_user_id!("@bob:example.com"));
|
||||
let bob_account =
|
||||
Account::with_device_id(user_id!("@bob:example.com"), device_id!("BOB_DEVICE"));
|
||||
Account::with_device_id(user_id!("@bob:example.com"), device_id!("BOB_DEVICE"), None);
|
||||
let bob_device = create_signed_device_of_verified_user(
|
||||
bob_account.device_keys().clone(),
|
||||
&bob_identity,
|
||||
@@ -826,7 +829,7 @@ mod tests {
|
||||
async fn test_from_device_for_verification_violation_user() {
|
||||
let bob_identity = PrivateCrossSigningIdentity::new(owned_user_id!("@bob:example.com"));
|
||||
let bob_account =
|
||||
Account::with_device_id(user_id!("@bob:example.com"), device_id!("BOB_DEVICE"));
|
||||
Account::with_device_id(user_id!("@bob:example.com"), device_id!("BOB_DEVICE"), None);
|
||||
let bob_device =
|
||||
create_signed_device_of_unverified_user(bob_account.device_keys(), &bob_identity).await;
|
||||
bob_device
|
||||
|
||||
@@ -866,6 +866,7 @@ mod tests {
|
||||
Arc::clone(&me.private_identity),
|
||||
store_wrapper,
|
||||
verification_machine,
|
||||
None,
|
||||
)
|
||||
}
|
||||
|
||||
@@ -911,7 +912,7 @@ mod tests {
|
||||
is_verified: bool,
|
||||
signer: Option<&TestUser>,
|
||||
) -> Self {
|
||||
let account = Account::with_device_id(user_id, device_id);
|
||||
let account = Account::with_device_id(user_id, device_id, None);
|
||||
let user_id = user_id.to_owned();
|
||||
let private_identity =
|
||||
Arc::new(Mutex::new(PrivateCrossSigningIdentity::for_account(&account)));
|
||||
|
||||
@@ -1202,7 +1202,7 @@ mod tests {
|
||||
let keys_query = keys_query_response();
|
||||
let txn_id = TransactionId::new();
|
||||
|
||||
let machine = OlmMachine::new(user_id, device_id).await;
|
||||
let machine = OlmMachine::new(user_id, device_id, None, None).await;
|
||||
|
||||
// complete a /keys/query and /keys/claim for @example:localhost
|
||||
machine.mark_request_as_sent(&txn_id, &keys_query).await.unwrap();
|
||||
@@ -1601,7 +1601,7 @@ mod tests {
|
||||
let keys_query = keys_query_response();
|
||||
let txn_id = TransactionId::new();
|
||||
|
||||
let machine = OlmMachine::new(alice_id(), alice_device_id()).await;
|
||||
let machine = OlmMachine::new(alice_id(), alice_device_id(), None, None).await;
|
||||
|
||||
machine.mark_request_as_sent(&txn_id, &keys_query).await.unwrap();
|
||||
machine.mark_request_as_sent(&txn_id, &bob_keys_query_response()).await.unwrap();
|
||||
@@ -1655,7 +1655,7 @@ mod tests {
|
||||
|
||||
#[async_test]
|
||||
async fn test_resend_session_after_unwedging() {
|
||||
let machine = OlmMachine::new(alice_id(), alice_device_id()).await;
|
||||
let machine = OlmMachine::new(alice_id(), alice_device_id(), None, None).await;
|
||||
assert_let!(Ok(Some((txn_id, device_keys_request))) = machine.upload_device_keys().await);
|
||||
let device_keys_response = upload_keys::v3::Response::new(BTreeMap::from([(
|
||||
OneTimeKeyAlgorithm::SignedCurve25519,
|
||||
@@ -1666,7 +1666,7 @@ mod tests {
|
||||
let room_id = room_id!("!test:localhost");
|
||||
|
||||
let bob_id = user_id!("@bob:localhost");
|
||||
let bob_account = Account::new(bob_id);
|
||||
let bob_account = Account::new(bob_id, None);
|
||||
let keys_query_data = json!({
|
||||
"device_keys": {
|
||||
"@bob:localhost": {
|
||||
|
||||
@@ -1097,7 +1097,7 @@ mod tests {
|
||||
use KeyDistributionTestData as DataSet;
|
||||
|
||||
// Create the local user (`@me`), and import the public identity keys
|
||||
let machine = OlmMachine::new(DataSet::me_id(), DataSet::me_device_id()).await;
|
||||
let machine = OlmMachine::new(DataSet::me_id(), DataSet::me_device_id(), None, None).await;
|
||||
let keys_query = DataSet::me_keys_query_response();
|
||||
machine.mark_request_as_sent(&TransactionId::new(), &keys_query).await.unwrap();
|
||||
|
||||
@@ -1872,7 +1872,7 @@ mod tests {
|
||||
async fn test_should_not_error_on_unsigned_of_unverified() {
|
||||
use VerificationViolationTestData as DataSet;
|
||||
|
||||
let machine = OlmMachine::new(DataSet::own_id(), device_id!("LOCAL")).await;
|
||||
let machine = OlmMachine::new(DataSet::own_id(), device_id!("LOCAL"), None, None).await;
|
||||
|
||||
// Tell the OlmMachine about our own public keys.
|
||||
let own_keys = DataSet::own_keys_query_response_1();
|
||||
@@ -3186,7 +3186,7 @@ mod tests {
|
||||
async fn unsigned_of_verified_setup() -> OlmMachine {
|
||||
use test_json::keys_query_sets::VerificationViolationTestData as DataSet;
|
||||
|
||||
let machine = OlmMachine::new(DataSet::own_id(), device_id!("LOCAL")).await;
|
||||
let machine = OlmMachine::new(DataSet::own_id(), device_id!("LOCAL"), None, None).await;
|
||||
|
||||
// Tell the OlmMachine about our own public keys.
|
||||
let own_keys = DataSet::own_keys_query_response_1();
|
||||
|
||||
@@ -621,7 +621,7 @@ mod tests {
|
||||
}
|
||||
|
||||
fn bob_account() -> Account {
|
||||
Account::with_device_id(user_id!("@bob:localhost"), device_id!("BOBDEVICE"))
|
||||
Account::with_device_id(user_id!("@bob:localhost"), device_id!("BOBDEVICE"), None, None)
|
||||
}
|
||||
|
||||
fn keys_claim_with_failure() -> KeyClaimResponse {
|
||||
@@ -651,7 +651,7 @@ mod tests {
|
||||
let user_id = user_id();
|
||||
let device_id = device_id();
|
||||
|
||||
let account = Account::with_device_id(user_id, device_id);
|
||||
let account = Account::with_device_id(user_id, device_id, None);
|
||||
let store = Arc::new(CryptoStoreWrapper::new(user_id, device_id, MemoryStore::new()));
|
||||
let identity = Arc::new(Mutex::new(PrivateCrossSigningIdentity::empty(user_id)));
|
||||
let verification = VerificationMachine::new(
|
||||
@@ -660,7 +660,7 @@ mod tests {
|
||||
store.clone(),
|
||||
);
|
||||
|
||||
let store = Store::new(account.static_data().clone(), identity, store, verification);
|
||||
let store = Store::new(account.static_data().clone(), identity, store, verification, None);
|
||||
let device = DeviceData::from_account(&account);
|
||||
store.save_pending_changes(PendingChanges { account: Some(account) }).await.unwrap();
|
||||
store
|
||||
@@ -969,7 +969,7 @@ mod tests {
|
||||
let response = ruma_response_from_json(&response_json);
|
||||
|
||||
let alice = user_id!("@alice:example.org");
|
||||
let mut alice_account = Account::with_device_id(alice, "DEVICEID".into());
|
||||
let mut alice_account = Account::with_device_id(alice, "DEVICEID".into(), None);
|
||||
let alice_device = DeviceData::from_account(&alice_account);
|
||||
|
||||
let (manager, _identity_manager) = session_manager_test_helper().await;
|
||||
|
||||
@@ -111,12 +111,12 @@ macro_rules! cryptostore_integration_tests {
|
||||
}
|
||||
|
||||
fn get_account() -> Account {
|
||||
Account::with_device_id(alice_id(), alice_device_id())
|
||||
Account::with_device_id(alice_id(), alice_device_id(), None)
|
||||
}
|
||||
|
||||
pub(crate) async fn get_account_and_session() -> (Account, Session) {
|
||||
let alice = Account::with_device_id(alice_id(), alice_device_id());
|
||||
let mut bob = Account::with_device_id(bob_id(), bob_device_id());
|
||||
let alice = Account::with_device_id(alice_id(), alice_device_id(), None);
|
||||
let mut bob = Account::with_device_id(bob_id(), bob_device_id(), None);
|
||||
|
||||
bob.generate_one_time_keys(1);
|
||||
let one_time_key = *bob.one_time_keys().values().next().unwrap();
|
||||
@@ -794,11 +794,13 @@ macro_rules! cryptostore_integration_tests {
|
||||
let alice_device_1 = DeviceData::from_account(&Account::with_device_id(
|
||||
"@alice:localhost".try_into().unwrap(),
|
||||
"FIRSTDEVICE".into(),
|
||||
None,
|
||||
));
|
||||
|
||||
let alice_device_2 = DeviceData::from_account(&Account::with_device_id(
|
||||
"@alice:localhost".try_into().unwrap(),
|
||||
"SECONDDEVICE".into(),
|
||||
None,
|
||||
));
|
||||
|
||||
let json = json!({
|
||||
@@ -902,7 +904,7 @@ macro_rules! cryptostore_integration_tests {
|
||||
|
||||
let store = get_store(dir, None, true).await;
|
||||
|
||||
let account = Account::with_device_id(&user_id, device_id);
|
||||
let account = Account::with_device_id(&user_id, device_id, None);
|
||||
|
||||
store.save_pending_changes(PendingChanges { account: Some(account), })
|
||||
.await
|
||||
|
||||
@@ -82,6 +82,7 @@ use crate::{
|
||||
SecretsBundle,
|
||||
},
|
||||
verification::VerificationMachine,
|
||||
x509::X509Keys,
|
||||
};
|
||||
#[cfg(doc)]
|
||||
use crate::{backups::BackupMachine, identities::OwnUserIdentity};
|
||||
@@ -546,6 +547,7 @@ impl Store {
|
||||
identity: Arc<Mutex<PrivateCrossSigningIdentity>>,
|
||||
store: Arc<CryptoStoreWrapper>,
|
||||
verification_machine: VerificationMachine,
|
||||
x509_keys: Option<X509Keys>,
|
||||
) -> Self {
|
||||
Self {
|
||||
inner: Arc::new(StoreInner {
|
||||
@@ -558,6 +560,7 @@ impl Store {
|
||||
tracked_users: Default::default(),
|
||||
loaded_tracked_users: Default::default(),
|
||||
account: Default::default(),
|
||||
x509_keys,
|
||||
})),
|
||||
}),
|
||||
}
|
||||
@@ -1929,8 +1932,8 @@ mod tests {
|
||||
|
||||
#[async_test]
|
||||
async fn test_merge_received_group_session() {
|
||||
let alice_account = Account::with_device_id(user_id!("@a:s.co"), device_id!("ABC"));
|
||||
let bob = OlmMachine::new(user_id!("@b:s.co"), device_id!("DEF")).await;
|
||||
let alice_account = Account::with_device_id(user_id!("@a:s.co"), device_id!("ABC"), None);
|
||||
let bob = OlmMachine::new(user_id!("@b:s.co"), device_id!("DEF"), None, None).await;
|
||||
|
||||
let room_id = room_id!("!test:localhost");
|
||||
|
||||
@@ -2226,8 +2229,8 @@ mod tests {
|
||||
async fn test_build_room_key_bundle() {
|
||||
// Given: Alice has sent a number of room keys to Bob, including some in the
|
||||
// wrong room, and some that are not marked as shared...
|
||||
let alice = OlmMachine::new(user_id!("@a:s.co"), device_id!("ALICE")).await;
|
||||
let bob = OlmMachine::new(user_id!("@b:s.co"), device_id!("BOB")).await;
|
||||
let alice = OlmMachine::new(user_id!("@a:s.co"), device_id!("ALICE"), None, None).await;
|
||||
let bob = OlmMachine::new(user_id!("@b:s.co"), device_id!("BOB"), None, None).await;
|
||||
|
||||
let room1_id = room_id!("!room1:localhost");
|
||||
let room2_id = room_id!("!room2:localhost");
|
||||
@@ -2313,9 +2316,9 @@ mod tests {
|
||||
|
||||
#[async_test]
|
||||
async fn test_receive_room_key_bundle() {
|
||||
let alice = OlmMachine::new(user_id!("@a:s.co"), device_id!("ALICE")).await;
|
||||
let alice = OlmMachine::new(user_id!("@a:s.co"), device_id!("ALICE"), None, None).await;
|
||||
let alice_key = alice.identity_keys().curve25519;
|
||||
let bob = OlmMachine::new(user_id!("@b:s.co"), device_id!("BOB")).await;
|
||||
let bob = OlmMachine::new(user_id!("@b:s.co"), device_id!("BOB"), None, None).await;
|
||||
|
||||
let room_id = room_id!("!room1:localhost");
|
||||
|
||||
|
||||
@@ -1,3 +1,20 @@
|
||||
// Copyright 2026 The Matrix.org Foundation C.I.C.
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
//! Types and traits for verification of users and devices using X.509 keys and
|
||||
//! certificates.
|
||||
|
||||
mod x509_keys;
|
||||
|
||||
pub use x509_keys::X509Keys;
|
||||
|
||||
@@ -1,3 +1,17 @@
|
||||
// Copyright 2026 The Matrix.org Foundation C.I.C.
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
use std::sync::Arc;
|
||||
|
||||
use ruma::{DeviceKeyAlgorithm, DeviceKeyId, UserId, canonical_json::to_canonical_value};
|
||||
@@ -46,3 +60,9 @@ impl X509Keys {
|
||||
Ok(signer.sign(json.as_bytes()).expect("unable to sign"))
|
||||
}
|
||||
}
|
||||
|
||||
impl std::fmt::Debug for X509Keys {
|
||||
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
|
||||
f.debug_tuple("X509Keys").field(&"<redacted>".to_owned()).finish()
|
||||
}
|
||||
}
|
||||
|
||||
@@ -179,9 +179,10 @@ pub async fn export_secrets_bundle_from_store(
|
||||
store.load_account().await.map_err(|e| BundleExportError::StoreError(e.into()))?;
|
||||
|
||||
if let Some(account) = account {
|
||||
let machine = OlmMachine::with_store(&account.user_id, &account.device_id, store, None)
|
||||
.await
|
||||
.map_err(BundleExportError::StoreError)?;
|
||||
let machine =
|
||||
OlmMachine::with_store(&account.user_id, &account.device_id, None, store, None, None)
|
||||
.await
|
||||
.map_err(BundleExportError::StoreError)?;
|
||||
|
||||
let bundle = machine.store().export_secrets_bundle().await?;
|
||||
|
||||
|
||||
Reference in New Issue
Block a user