Verify signatures and find trusted devices

This commit is contained in:
CH Chethan Reddy 2020-08-25 15:41:27 +05:30
parent 1d299951b6
commit 19cfd08a55

View File

@ -93,8 +93,8 @@ UserProfile::fetchDeviceList(const QString &userID)
req.device_keys[userID.toStdString()] = {}; req.device_keys[userID.toStdString()] = {};
ChatPage::instance()->query_keys( ChatPage::instance()->query_keys(
req, req,
[user_id = userID.toStdString(), local_user_id = localUser.toStdString(), this]( [user_id = userID.toStdString(), this](const mtx::responses::QueryKeys &res,
const mtx::responses::QueryKeys &res, mtx::http::RequestErr err) { mtx::http::RequestErr err) {
if (err) { if (err) {
nhlog::net()->warn("failed to query device keys: {},{}", nhlog::net()->warn("failed to query device keys: {},{}",
err->matrix_error.errcode, err->matrix_error.errcode,
@ -108,46 +108,16 @@ UserProfile::fetchDeviceList(const QString &userID)
return; return;
} }
auto devices = res.device_keys.at(user_id);
std::vector<DeviceInfo> deviceInfo;
auto device_verified = cache::getVerifiedCache(user_id);
for (const auto &d : devices) {
auto device = d.second;
// TODO: Verify signatures and ignore those that don't pass.
verification::Status verified = verification::Status::UNVERIFIED;
isUserVerified = device_verified->is_user_verified;
if (device_verified.has_value()) {
if (std::find(device_verified->cross_verified.begin(),
device_verified->cross_verified.end(),
d.first) != device_verified->cross_verified.end())
verified = verification::Status::VERIFIED;
if (std::find(device_verified->device_verified.begin(),
device_verified->device_verified.end(),
d.first) != device_verified->device_verified.end())
verified = verification::Status::VERIFIED;
if (std::find(device_verified->device_blocked.begin(),
device_verified->device_blocked.end(),
d.first) != device_verified->device_blocked.end())
verified = verification::Status::BLOCKED;
}
deviceInfo.push_back(
{QString::fromStdString(d.first),
QString::fromStdString(device.unsigned_info.device_display_name),
verified});
}
// Finding if the User is Verified or not based on the Signatures // Finding if the User is Verified or not based on the Signatures
mtx::requests::QueryKeys req; mtx::requests::QueryKeys req;
req.device_keys[local_user_id] = {}; req.device_keys[utils::localUser().toStdString()] = {};
ChatPage::instance()->query_keys( ChatPage::instance()->query_keys(
req, req,
[&local_user_id, &user_id, other_res = res, this]( [user_id, other_res = res, this](const mtx::responses::QueryKeys &res,
const mtx::responses::QueryKeys &res, mtx::http::RequestErr err) { mtx::http::RequestErr err) {
using namespace mtx; using namespace mtx;
std::string local_user_id = utils::localUser().toStdString();
if (err) { if (err) {
nhlog::net()->warn("failed to query device keys: {},{}", nhlog::net()->warn("failed to query device keys: {},{}",
@ -156,52 +126,135 @@ UserProfile::fetchDeviceList(const QString &userID)
return; return;
} }
if (res.device_keys.empty() ||
(res.device_keys.find(local_user_id) == res.device_keys.end())) {
nhlog::net()->warn("no devices retrieved {}", user_id);
return;
}
std::vector<DeviceInfo> deviceInfo;
auto devices = other_res.device_keys.at(user_id);
auto device_verified = cache::getVerifiedCache(user_id);
if (device_verified.has_value()) {
isUserVerified = device_verified.value().is_user_verified;
}
std::optional<crypto::CrossSigningKeys> lmk, lsk, luk, mk, sk, uk; std::optional<crypto::CrossSigningKeys> lmk, lsk, luk, mk, sk, uk;
if (res.master_keys.find(local_user_id) != res.master_keys.end()) if (!res.master_keys.empty())
lmk = res.master_keys.at(local_user_id); lmk = res.master_keys.at(local_user_id);
if (res.user_signing_keys.find(local_user_id) != if (!res.user_signing_keys.empty())
res.user_signing_keys.end())
luk = res.user_signing_keys.at(local_user_id); luk = res.user_signing_keys.at(local_user_id);
if (res.self_signing_keys.find(local_user_id) != if (!res.self_signing_keys.empty())
res.self_signing_keys.end())
lsk = res.self_signing_keys.at(local_user_id); lsk = res.self_signing_keys.at(local_user_id);
if (other_res.master_keys.find(user_id) != other_res.master_keys.end()) if (!other_res.master_keys.empty())
mk = other_res.master_keys.at(user_id); mk = other_res.master_keys.at(user_id);
if (other_res.user_signing_keys.find(user_id) != if (!other_res.user_signing_keys.empty())
other_res.user_signing_keys.end())
uk = other_res.user_signing_keys.at(user_id); uk = other_res.user_signing_keys.at(user_id);
if (other_res.self_signing_keys.find(user_id) != if (!other_res.self_signing_keys.empty())
other_res.self_signing_keys.end())
sk = other_res.self_signing_keys.at(user_id); sk = other_res.self_signing_keys.at(user_id);
// First checking if the user is verified // First checking if the user is verified
if (lmk.has_value() && luk.has_value()) { if (luk.has_value() && mk.has_value()) {
bool is_user_verified = false; // iterating through the public key of local user_signing keys
for (auto sign_key : lmk.value().keys) { for (auto sign_key : luk.value().keys) {
if (!luk.value().signatures.empty()) { // checking if the signatures are empty as "at" could
for (auto signature : // cause exceptions
luk.value().signatures.at(local_user_id)) { if (!mk.value().signatures.empty()) {
is_user_verified = auto signs =
is_user_verified || mk.value().signatures.at(local_user_id);
try {
isUserVerified =
isUserVerified ||
(olm::client()->ed25519_verify_sig( (olm::client()->ed25519_verify_sig(
sign_key.second, sign_key.second,
json(luk.value()), json(mk.value()),
signature.second)); signs.at(sign_key.first)));
} catch (std::out_of_range) {
isUserVerified =
isUserVerified || false;
} }
} }
} }
std::cout << (isUserVerified ? "Yes" : "No") << std::endl;
} }
for (const auto &d : devices) {
auto device = d.second;
verification::Status verified =
verification::Status::UNVERIFIED;
if (device_verified.has_value()) {
if (std::find(device_verified->cross_verified.begin(),
device_verified->cross_verified.end(),
d.first) !=
device_verified->cross_verified.end())
verified = verification::Status::VERIFIED;
if (std::find(device_verified->device_verified.begin(),
device_verified->device_verified.end(),
d.first) !=
device_verified->device_verified.end())
verified = verification::Status::VERIFIED;
if (std::find(device_verified->device_blocked.begin(),
device_verified->device_blocked.end(),
d.first) !=
device_verified->device_blocked.end())
verified = verification::Status::BLOCKED;
} else if (isUserVerified) {
device_verified = DeviceVerifiedCache{};
}
// won't check for already verified devices
if (verified != verification::Status::VERIFIED &&
isUserVerified) {
if ((sk.has_value()) && (!device.signatures.empty())) {
for (auto sign_key : sk.value().keys) {
auto signs =
device.signatures.at(user_id);
try {
if (olm::client()
->ed25519_verify_sig(
sign_key.second,
json(device),
signs.at(
sign_key.first))) {
verified =
verification::Status::
VERIFIED;
device_verified.value()
.cross_verified
.push_back(d.first);
}
} catch (std::out_of_range) {
}
}
}
}
if (device_verified.has_value()) {
device_verified.value().is_user_verified =
isUserVerified;
cache::setVerifiedCache(user_id,
device_verified.value());
}
deviceInfo.push_back(
{QString::fromStdString(d.first),
QString::fromStdString(
device.unsigned_info.device_display_name),
verified});
}
std::cout << (isUserVerified ? "Yes" : "No") << std::endl;
std::sort(deviceInfo.begin(),
deviceInfo.end(),
[](const DeviceInfo &a, const DeviceInfo &b) {
return a.device_id > b.device_id;
});
this->deviceList_.queueReset(std::move(deviceInfo));
}); });
std::sort(deviceInfo.begin(),
deviceInfo.end(),
[](const DeviceInfo &a, const DeviceInfo &b) {
return a.device_id > b.device_id;
});
this->deviceList_.queueReset(std::move(deviceInfo));
}); });
} }