Merge branch 'krille/check-if-verified-by-any-master-key' into 'main'

feat: Check if a key is verified by any master key See merge request famedly/company/frontend/famedlysdk!1173
2022-11-24 13:11:07 +00:00 · 2022-11-24 13:11:07 +00:00 · 67e1b9b253
parent df0981cadc 7da56ee212
commit 67e1b9b253
2 changed files with 36 additions and 15 deletions
--- a/lib/encryption/utils/key_verification.dart
+++ b/lib/encryption/utils/key_verification.dart
@ -160,10 +160,13 @@ class KeyVerification {
  }

  Future<void> sendStart() async {
-    await send(EventTypes.KeyVerificationRequest, {
+    await send(
+      EventTypes.KeyVerificationRequest,
+      {
        'methods': knownVerificationMethods,
        if (room == null) 'timestamp': DateTime.now().millisecondsSinceEpoch,
-    });
+      },
+    );
    startedVerification = true;
    setState(KeyVerificationState.waitingAccept);
    lastActivity = DateTime.now();
@ -604,7 +607,10 @@ class KeyVerification {
    }
  }

-  Future<void> send(String type, Map<String, dynamic> payload) async {
+  Future<void> send(
+    String type,
+    Map<String, dynamic> payload,
+  ) async {
    makePayload(payload);
    Logs().i('[Key Verification] Sending type $type: $payload');
    if (room != null) {
@ -628,7 +634,17 @@ class KeyVerification {
          EventTypes.KeyVerificationRequest,
          EventTypes.KeyVerificationCancel,
        }.contains(type)) {
-          await client.sendToDevicesOfUserIds({userId}, type, payload);
+          final deviceKeys = client.userDeviceKeys[userId]?.deviceKeys.values
+              .where((deviceKey) => deviceKey.hasValidSignatureChain(
+                  verifiedByTheirMasterKey: true));
+
+          if (deviceKeys != null) {
+            await client.sendToDeviceEncrypted(
+              deviceKeys.toList(),
+              type,
+              payload,
+            );
+          }
        } else {
          Logs().e(
              '[Key Verification] Tried to broadcast and un-broadcastable type: $type');
--- a/lib/src/utils/device_keys_list.dart
+++ b/lib/src/utils/device_keys_list.dart
@ -93,7 +93,7 @@ class DeviceKeysList {
      // verification request that'll happen automatically once we know the transaction id
      return request;
    } else {
-      // broadcast self-verification
+      // start verification with verified devices
      final request = KeyVerification(
          encryption: encryption, userId: userId, deviceId: '*');
      await request.start();
@ -216,10 +216,14 @@ abstract class SignableKey extends MatrixSignableKey {
    return valid;
  }

-  bool hasValidSignatureChain(
-      {bool verifiedOnly = true,
+  bool hasValidSignatureChain({
+    bool verifiedOnly = true,
    Set<String>? visited,
-      Set<String>? onlyValidateUserIds}) {
+    Set<String>? onlyValidateUserIds,
+
+    /// Only check if this key is verified by their Master key.
+    bool verifiedByTheirMasterKey = false,
+  }) {
    if (!client.encryptionEnabled) {
      return false;
    }
@ -300,15 +304,16 @@ abstract class SignableKey extends MatrixSignableKey {
        if ((verifiedOnly && key.directVerified) ||
            (key is CrossSigningKey &&
                key.usage.contains('master') &&
-                key.directVerified &&
-                key.userId == client.userID)) {
+                (verifiedByTheirMasterKey ||
+                    (key.directVerified && key.userId == client.userID)))) {
          return true; // we verified this key and it is valid...all checks out!
        }
-        // or else we just recurse into that key and chack if it works out
+        // or else we just recurse into that key and check if it works out
        final haveChain = key.hasValidSignatureChain(
            verifiedOnly: verifiedOnly,
            visited: visited_,
-            onlyValidateUserIds: onlyValidateUserIds);
+            onlyValidateUserIds: onlyValidateUserIds,
+            verifiedByTheirMasterKey: verifiedByTheirMasterKey);
        if (haveChain) {
          return true;
        }