Merge branch 'soru/encrypt-to-device' into 'main'
feat: Better determine which devices to encrypt to See merge request famedly/famedlysdk!577
This commit is contained in:
Sorunome
commit
00299f292d
|
|
@ -256,7 +256,7 @@ class KeyManager {
|
||||||
if (!deviceKeyIds.containsKey(device.userId)) {
|
if (!deviceKeyIds.containsKey(device.userId)) {
|
||||||
deviceKeyIds[device.userId] = <String, bool>{};
|
deviceKeyIds[device.userId] = <String, bool>{};
|
||||||
}
|
}
|
||||||
deviceKeyIds[device.userId][device.deviceId] = device.blocked;
|
deviceKeyIds[device.userId][device.deviceId] = !device.encryptToDevice;
|
||||||
}
|
}
|
||||||
return deviceKeyIds;
|
return deviceKeyIds;
|
||||||
}
|
}
|
||||||
|
|
@ -429,7 +429,7 @@ class KeyManager {
|
||||||
}
|
}
|
||||||
final deviceKeys = await room.getUserDeviceKeys();
|
final deviceKeys = await room.getUserDeviceKeys();
|
||||||
final deviceKeyIds = _getDeviceKeyIdMap(deviceKeys);
|
final deviceKeyIds = _getDeviceKeyIdMap(deviceKeys);
|
||||||
deviceKeys.removeWhere((k) => k.blocked);
|
deviceKeys.removeWhere((k) => !k.encryptToDevice);
|
||||||
final outboundGroupSession = olm.OutboundGroupSession();
|
final outboundGroupSession = olm.OutboundGroupSession();
|
||||||
try {
|
try {
|
||||||
outboundGroupSession.create();
|
outboundGroupSession.create();
|
||||||
|
|
@ -794,7 +794,7 @@ class KeyManager {
|
||||||
Logs().i('[KeyManager] All checks out, forwarding key...');
|
Logs().i('[KeyManager] All checks out, forwarding key...');
|
||||||
// alright, we can forward the key
|
// alright, we can forward the key
|
||||||
await roomKeyRequest.forwardKey();
|
await roomKeyRequest.forwardKey();
|
||||||
} else if (!device.blocked &&
|
} else if (device.encryptToDevice &&
|
||||||
session.allowedAtIndex
|
session.allowedAtIndex
|
||||||
.tryGet<Map<String, dynamic>>(device.userId)
|
.tryGet<Map<String, dynamic>>(device.userId)
|
||||||
?.tryGet(device.deviceId) !=
|
?.tryGet(device.deviceId) !=
|
||||||
|
|
|
||||||
|
|
@ -49,9 +49,15 @@ class DeviceKeysList {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return UserVerifiedStatus.verified;
|
return UserVerifiedStatus.verified;
|
||||||
}
|
} else {
|
||||||
|
for (final key in deviceKeys.values) {
|
||||||
|
if (!key.verified) {
|
||||||
return UserVerifiedStatus.unknown;
|
return UserVerifiedStatus.unknown;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
return UserVerifiedStatus.verified;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
Future<KeyVerification> startVerification() async {
|
Future<KeyVerification> startVerification() async {
|
||||||
if (userId != client.userID) {
|
if (userId != client.userID) {
|
||||||
|
|
@ -117,6 +123,11 @@ abstract class SignableKey extends MatrixSignableKey {
|
||||||
|
|
||||||
String get ed25519Key => keys['ed25519:$identifier'];
|
String get ed25519Key => keys['ed25519:$identifier'];
|
||||||
bool get verified => (directVerified || crossVerified) && !blocked;
|
bool get verified => (directVerified || crossVerified) && !blocked;
|
||||||
|
bool get encryptToDevice =>
|
||||||
|
!blocked &&
|
||||||
|
(client.userDeviceKeys[userId]?.masterKey?.verified ?? false
|
||||||
|
? verified
|
||||||
|
: true);
|
||||||
|
|
||||||
void setDirectVerified(bool v) {
|
void setDirectVerified(bool v) {
|
||||||
_verified = v;
|
_verified = v;
|
||||||
|
|
|
||||||
|
|
@ -95,6 +95,20 @@ void main() {
|
||||||
test('set blocked / verified', () async {
|
test('set blocked / verified', () async {
|
||||||
final key =
|
final key =
|
||||||
client.userDeviceKeys[client.userID].deviceKeys['OTHERDEVICE'];
|
client.userDeviceKeys[client.userID].deviceKeys['OTHERDEVICE'];
|
||||||
|
client.userDeviceKeys[client.userID].deviceKeys['UNSIGNEDDEVICE'] =
|
||||||
|
DeviceKeys.fromJson({
|
||||||
|
'user_id': '@test:fakeServer.notExisting',
|
||||||
|
'device_id': 'UNSIGNEDDEVICE',
|
||||||
|
'algorithms': [
|
||||||
|
AlgorithmTypes.olmV1Curve25519AesSha2,
|
||||||
|
AlgorithmTypes.megolmV1AesSha2
|
||||||
|
],
|
||||||
|
'keys': {
|
||||||
|
'curve25519:UNSIGNEDDEVICE': 'blah',
|
||||||
|
'ed25519:UNSIGNEDDEVICE': 'blah'
|
||||||
|
},
|
||||||
|
'signatures': <String, dynamic>{},
|
||||||
|
}, client);
|
||||||
final masterKey = client.userDeviceKeys[client.userID].masterKey;
|
final masterKey = client.userDeviceKeys[client.userID].masterKey;
|
||||||
masterKey.setDirectVerified(true);
|
masterKey.setDirectVerified(true);
|
||||||
// we need to populate the ssss cache to be able to test signing easily
|
// we need to populate the ssss cache to be able to test signing easily
|
||||||
|
|
@ -103,15 +117,26 @@ void main() {
|
||||||
await handle.maybeCacheAll();
|
await handle.maybeCacheAll();
|
||||||
|
|
||||||
expect(key.verified, true);
|
expect(key.verified, true);
|
||||||
|
expect(key.encryptToDevice, true);
|
||||||
await key.setBlocked(true);
|
await key.setBlocked(true);
|
||||||
expect(key.verified, false);
|
expect(key.verified, false);
|
||||||
|
expect(key.encryptToDevice, false);
|
||||||
await key.setBlocked(false);
|
await key.setBlocked(false);
|
||||||
expect(key.directVerified, false);
|
expect(key.directVerified, false);
|
||||||
expect(key.verified, true); // still verified via cross-sgining
|
expect(key.verified, true); // still verified via cross-sgining
|
||||||
|
expect(key.encryptToDevice, true);
|
||||||
|
expect(
|
||||||
|
client.userDeviceKeys[client.userID].deviceKeys['UNSIGNEDDEVICE']
|
||||||
|
.encryptToDevice,
|
||||||
|
false);
|
||||||
|
|
||||||
expect(masterKey.verified, true);
|
expect(masterKey.verified, true);
|
||||||
await masterKey.setBlocked(true);
|
await masterKey.setBlocked(true);
|
||||||
expect(masterKey.verified, false);
|
expect(masterKey.verified, false);
|
||||||
|
expect(
|
||||||
|
client.userDeviceKeys[client.userID].deviceKeys['UNSIGNEDDEVICE']
|
||||||
|
.encryptToDevice,
|
||||||
|
true);
|
||||||
await masterKey.setBlocked(false);
|
await masterKey.setBlocked(false);
|
||||||
expect(masterKey.verified, true);
|
expect(masterKey.verified, true);
|
||||||
|
|
||||||
|
|
@ -132,6 +157,7 @@ void main() {
|
||||||
.any((k) => k == '/client/r0/keys/signatures/upload'),
|
.any((k) => k == '/client/r0/keys/signatures/upload'),
|
||||||
false);
|
false);
|
||||||
expect(key.directVerified, false);
|
expect(key.directVerified, false);
|
||||||
|
client.userDeviceKeys[client.userID].deviceKeys.remove('UNSIGNEDDEVICE');
|
||||||
});
|
});
|
||||||
|
|
||||||
test('verification based on signatures', () async {
|
test('verification based on signatures', () async {
|
||||||
|
|
@ -153,6 +179,11 @@ void main() {
|
||||||
expect(user.deviceKeys['GHTYAJCE'].crossVerified, false);
|
expect(user.deviceKeys['GHTYAJCE'].crossVerified, false);
|
||||||
expect(user.deviceKeys['OTHERDEVICE'].crossVerified, false);
|
expect(user.deviceKeys['OTHERDEVICE'].crossVerified, false);
|
||||||
expect(user.verified, UserVerifiedStatus.unknown);
|
expect(user.verified, UserVerifiedStatus.unknown);
|
||||||
|
|
||||||
|
user.deviceKeys['OTHERDEVICE'].setDirectVerified(true);
|
||||||
|
expect(user.verified, UserVerifiedStatus.verified);
|
||||||
|
user.deviceKeys['OTHERDEVICE'].setDirectVerified(false);
|
||||||
|
|
||||||
user.masterKey.setDirectVerified(true);
|
user.masterKey.setDirectVerified(true);
|
||||||
user.deviceKeys['GHTYAJCE'].signatures.clear();
|
user.deviceKeys['GHTYAJCE'].signatures.clear();
|
||||||
expect(user.deviceKeys['GHTYAJCE'].verified,
|
expect(user.deviceKeys['GHTYAJCE'].verified,
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue