Gossip MSK
This commit is contained in:
Benoit Marty
Valere
parent
48a30a7b82
commit
e3dc6e307f
@ -74,6 +74,7 @@ interface CrossSigningService {
|
|||||||
otherDeviceId: String,
|
otherDeviceId: String,
|
||||||
locallyTrusted: Boolean?): DeviceTrustResult
|
locallyTrusted: Boolean?): DeviceTrustResult
|
||||||
|
|
||||||
|
fun onSecretMSKGossip(mskPrivateKey: String)
|
||||||
fun onSecretSSKGossip(sskPrivateKey: String)
|
fun onSecretSSKGossip(sskPrivateKey: String)
|
||||||
fun onSecretUSKGossip(uskPrivateKey: String)
|
fun onSecretUSKGossip(uskPrivateKey: String)
|
||||||
}
|
}
|
||||||
|
|||||||
@ -34,6 +34,7 @@ import im.vector.matrix.android.api.listeners.ProgressListener
|
|||||||
import im.vector.matrix.android.api.session.crypto.CryptoService
|
import im.vector.matrix.android.api.session.crypto.CryptoService
|
||||||
import im.vector.matrix.android.api.session.crypto.MXCryptoError
|
import im.vector.matrix.android.api.session.crypto.MXCryptoError
|
||||||
import im.vector.matrix.android.api.session.crypto.crosssigning.KEYBACKUP_SECRET_SSSS_NAME
|
import im.vector.matrix.android.api.session.crypto.crosssigning.KEYBACKUP_SECRET_SSSS_NAME
|
||||||
|
import im.vector.matrix.android.api.session.crypto.crosssigning.MASTER_KEY_SSSS_NAME
|
||||||
import im.vector.matrix.android.api.session.crypto.crosssigning.SELF_SIGNING_KEY_SSSS_NAME
|
import im.vector.matrix.android.api.session.crypto.crosssigning.SELF_SIGNING_KEY_SSSS_NAME
|
||||||
import im.vector.matrix.android.api.session.crypto.crosssigning.USER_SIGNING_KEY_SSSS_NAME
|
import im.vector.matrix.android.api.session.crypto.crosssigning.USER_SIGNING_KEY_SSSS_NAME
|
||||||
import im.vector.matrix.android.api.session.crypto.keyshare.GossipingRequestListener
|
import im.vector.matrix.android.api.session.crypto.keyshare.GossipingRequestListener
|
||||||
@ -835,6 +836,10 @@ internal class DefaultCryptoService @Inject constructor(
|
|||||||
*/
|
*/
|
||||||
private fun handleSDKLevelGossip(secretName: String?, secretValue: String): Boolean {
|
private fun handleSDKLevelGossip(secretName: String?, secretValue: String): Boolean {
|
||||||
return when (secretName) {
|
return when (secretName) {
|
||||||
|
MASTER_KEY_SSSS_NAME -> {
|
||||||
|
crossSigningService.onSecretMSKGossip(secretValue)
|
||||||
|
true
|
||||||
|
}
|
||||||
SELF_SIGNING_KEY_SSSS_NAME -> {
|
SELF_SIGNING_KEY_SSSS_NAME -> {
|
||||||
crossSigningService.onSecretSSKGossip(secretValue)
|
crossSigningService.onSecretSSKGossip(secretValue)
|
||||||
true
|
true
|
||||||
|
|||||||
@ -19,6 +19,7 @@ package im.vector.matrix.android.internal.crypto
|
|||||||
import im.vector.matrix.android.api.auth.data.Credentials
|
import im.vector.matrix.android.api.auth.data.Credentials
|
||||||
import im.vector.matrix.android.api.crypto.MXCryptoConfig
|
import im.vector.matrix.android.api.crypto.MXCryptoConfig
|
||||||
import im.vector.matrix.android.api.session.crypto.crosssigning.KEYBACKUP_SECRET_SSSS_NAME
|
import im.vector.matrix.android.api.session.crypto.crosssigning.KEYBACKUP_SECRET_SSSS_NAME
|
||||||
|
import im.vector.matrix.android.api.session.crypto.crosssigning.MASTER_KEY_SSSS_NAME
|
||||||
import im.vector.matrix.android.api.session.crypto.crosssigning.SELF_SIGNING_KEY_SSSS_NAME
|
import im.vector.matrix.android.api.session.crypto.crosssigning.SELF_SIGNING_KEY_SSSS_NAME
|
||||||
import im.vector.matrix.android.api.session.crypto.crosssigning.USER_SIGNING_KEY_SSSS_NAME
|
import im.vector.matrix.android.api.session.crypto.crosssigning.USER_SIGNING_KEY_SSSS_NAME
|
||||||
import im.vector.matrix.android.api.session.crypto.keyshare.GossipingRequestListener
|
import im.vector.matrix.android.api.session.crypto.keyshare.GossipingRequestListener
|
||||||
@ -310,8 +311,8 @@ internal class IncomingGossipingRequestManager @Inject constructor(
|
|||||||
|
|
||||||
val isDeviceLocallyVerified = cryptoStore.getUserDevice(userId, deviceId)?.trustLevel?.isLocallyVerified()
|
val isDeviceLocallyVerified = cryptoStore.getUserDevice(userId, deviceId)?.trustLevel?.isLocallyVerified()
|
||||||
|
|
||||||
// Should SDK always Silently reject any request for the master key?
|
|
||||||
when (secretName) {
|
when (secretName) {
|
||||||
|
MASTER_KEY_SSSS_NAME -> cryptoStore.getCrossSigningPrivateKeys()?.master
|
||||||
SELF_SIGNING_KEY_SSSS_NAME -> cryptoStore.getCrossSigningPrivateKeys()?.selfSigned
|
SELF_SIGNING_KEY_SSSS_NAME -> cryptoStore.getCrossSigningPrivateKeys()?.selfSigned
|
||||||
USER_SIGNING_KEY_SSSS_NAME -> cryptoStore.getCrossSigningPrivateKeys()?.user
|
USER_SIGNING_KEY_SSSS_NAME -> cryptoStore.getCrossSigningPrivateKeys()?.user
|
||||||
KEYBACKUP_SECRET_SSSS_NAME -> cryptoStore.getKeyBackupRecoveryKeyInfo()?.recoveryKey
|
KEYBACKUP_SECRET_SSSS_NAME -> cryptoStore.getKeyBackupRecoveryKeyInfo()?.recoveryKey
|
||||||
|
|||||||
@ -168,6 +168,33 @@ internal class DefaultCrossSigningService @Inject constructor(
|
|||||||
}.executeBy(taskExecutor)
|
}.executeBy(taskExecutor)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
override fun onSecretMSKGossip(mskPrivateKey: String) {
|
||||||
|
Timber.i("## CrossSigning - onSecretSSKGossip")
|
||||||
|
val mxCrossSigningInfo = getMyCrossSigningKeys() ?: return Unit.also {
|
||||||
|
Timber.e("## CrossSigning - onSecretMSKGossip() received secret but public key is not known")
|
||||||
|
}
|
||||||
|
|
||||||
|
mskPrivateKey.fromBase64()
|
||||||
|
.let { privateKeySeed ->
|
||||||
|
val pkSigning = OlmPkSigning()
|
||||||
|
try {
|
||||||
|
if (pkSigning.initWithSeed(privateKeySeed) == mxCrossSigningInfo.masterKey()?.unpaddedBase64PublicKey) {
|
||||||
|
masterPkSigning?.releaseSigning()
|
||||||
|
masterPkSigning = pkSigning
|
||||||
|
Timber.i("## CrossSigning - Loading MSK success")
|
||||||
|
cryptoStore.storeMSKPrivateKey(mskPrivateKey)
|
||||||
|
return
|
||||||
|
} else {
|
||||||
|
Timber.e("## CrossSigning - onSecretMSKGossip() private key do not match public key")
|
||||||
|
pkSigning.releaseSigning()
|
||||||
|
}
|
||||||
|
} catch (failure: Throwable) {
|
||||||
|
Timber.e("## CrossSigning - onSecretMSKGossip() ${failure.localizedMessage}")
|
||||||
|
pkSigning.releaseSigning()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
override fun onSecretSSKGossip(sskPrivateKey: String) {
|
override fun onSecretSSKGossip(sskPrivateKey: String) {
|
||||||
Timber.i("## CrossSigning - onSecretSSKGossip")
|
Timber.i("## CrossSigning - onSecretSSKGossip")
|
||||||
val mxCrossSigningInfo = getMyCrossSigningKeys() ?: return Unit.also {
|
val mxCrossSigningInfo = getMyCrossSigningKeys() ?: return Unit.also {
|
||||||
|
|||||||
@ -397,6 +397,7 @@ internal interface IMXCryptoStore {
|
|||||||
fun markMyMasterKeyAsLocallyTrusted(trusted: Boolean)
|
fun markMyMasterKeyAsLocallyTrusted(trusted: Boolean)
|
||||||
|
|
||||||
fun storePrivateKeysInfo(msk: String?, usk: String?, ssk: String?)
|
fun storePrivateKeysInfo(msk: String?, usk: String?, ssk: String?)
|
||||||
|
fun storeMSKPrivateKey(msk: String?)
|
||||||
fun storeSSKPrivateKey(ssk: String?)
|
fun storeSSKPrivateKey(ssk: String?)
|
||||||
fun storeUSKPrivateKey(usk: String?)
|
fun storeUSKPrivateKey(usk: String?)
|
||||||
|
|
||||||
|
|||||||
@ -395,6 +395,14 @@ internal class RealmCryptoStore @Inject constructor(
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
override fun storeMSKPrivateKey(msk: String?) {
|
||||||
|
doRealmTransaction(realmConfiguration) { realm ->
|
||||||
|
realm.where<CryptoMetadataEntity>().findFirst()?.apply {
|
||||||
|
xSignMasterPrivateKey = msk
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
override fun storeSSKPrivateKey(ssk: String?) {
|
override fun storeSSKPrivateKey(ssk: String?) {
|
||||||
doRealmTransaction(realmConfiguration) { realm ->
|
doRealmTransaction(realmConfiguration) { realm ->
|
||||||
realm.where<CryptoMetadataEntity>().findFirst()?.apply {
|
realm.where<CryptoMetadataEntity>().findFirst()?.apply {
|
||||||
|
|||||||
@ -23,6 +23,7 @@ import im.vector.matrix.android.api.MatrixCallback
|
|||||||
import im.vector.matrix.android.api.session.crypto.CryptoService
|
import im.vector.matrix.android.api.session.crypto.CryptoService
|
||||||
import im.vector.matrix.android.api.session.crypto.crosssigning.CrossSigningService
|
import im.vector.matrix.android.api.session.crypto.crosssigning.CrossSigningService
|
||||||
import im.vector.matrix.android.api.session.crypto.crosssigning.KEYBACKUP_SECRET_SSSS_NAME
|
import im.vector.matrix.android.api.session.crypto.crosssigning.KEYBACKUP_SECRET_SSSS_NAME
|
||||||
|
import im.vector.matrix.android.api.session.crypto.crosssigning.MASTER_KEY_SSSS_NAME
|
||||||
import im.vector.matrix.android.api.session.crypto.crosssigning.SELF_SIGNING_KEY_SSSS_NAME
|
import im.vector.matrix.android.api.session.crypto.crosssigning.SELF_SIGNING_KEY_SSSS_NAME
|
||||||
import im.vector.matrix.android.api.session.crypto.crosssigning.USER_SIGNING_KEY_SSSS_NAME
|
import im.vector.matrix.android.api.session.crypto.crosssigning.USER_SIGNING_KEY_SSSS_NAME
|
||||||
import im.vector.matrix.android.api.session.crypto.verification.CancelCode
|
import im.vector.matrix.android.api.session.crypto.verification.CancelCode
|
||||||
@ -809,6 +810,8 @@ internal class DefaultVerificationService @Inject constructor(
|
|||||||
?.let { vt ->
|
?.let { vt ->
|
||||||
val otherDeviceId = vt.otherDeviceId
|
val otherDeviceId = vt.otherDeviceId
|
||||||
if (!crossSigningService.canCrossSign()) {
|
if (!crossSigningService.canCrossSign()) {
|
||||||
|
outgoingGossipingRequestManager.sendSecretShareRequest(MASTER_KEY_SSSS_NAME, mapOf(userId to listOf(otherDeviceId
|
||||||
|
?: "*")))
|
||||||
outgoingGossipingRequestManager.sendSecretShareRequest(SELF_SIGNING_KEY_SSSS_NAME, mapOf(userId to listOf(otherDeviceId
|
outgoingGossipingRequestManager.sendSecretShareRequest(SELF_SIGNING_KEY_SSSS_NAME, mapOf(userId to listOf(otherDeviceId
|
||||||
?: "*")))
|
?: "*")))
|
||||||
outgoingGossipingRequestManager.sendSecretShareRequest(USER_SIGNING_KEY_SSSS_NAME, mapOf(userId to listOf(otherDeviceId
|
outgoingGossipingRequestManager.sendSecretShareRequest(USER_SIGNING_KEY_SSSS_NAME, mapOf(userId to listOf(otherDeviceId
|
||||||
@ -821,7 +824,7 @@ internal class DefaultVerificationService @Inject constructor(
|
|||||||
}
|
}
|
||||||
|
|
||||||
private fun handleDoneReceived(senderId: String, doneReq: ValidVerificationDone) {
|
private fun handleDoneReceived(senderId: String, doneReq: ValidVerificationDone) {
|
||||||
Timber.v("## SAS Done receieved $doneReq")
|
Timber.v("## SAS Done received $doneReq")
|
||||||
val existing = getExistingTransaction(senderId, doneReq.transactionId)
|
val existing = getExistingTransaction(senderId, doneReq.transactionId)
|
||||||
if (existing == null) {
|
if (existing == null) {
|
||||||
Timber.e("## SAS Received invalid Done request")
|
Timber.e("## SAS Received invalid Done request")
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user