From 4d63c11f260f78e93d01f025d55ae028a2897cd8 Mon Sep 17 00:00:00 2001
From: Zoe <foldleft@users.noreply.github.com>
Date: Wed, 25 Mar 2020 14:06:47 +0000
Subject: [PATCH] Respond to backup key sharing requests

---
 src/CrossSigningManager.js | 35 +++++++++++++++++++++++++----------
 1 file changed, 25 insertions(+), 10 deletions(-)

diff --git a/src/CrossSigningManager.js b/src/CrossSigningManager.js
index 097464ee43..5def8d9fd5 100644
--- a/src/CrossSigningManager.js
+++ b/src/CrossSigningManager.js
@@ -145,18 +145,33 @@ const onSecretRequested = async function({
         console.log(`CrossSigningManager: Ignoring request from untrusted device ${deviceId}`);
         return;
     }
-    const callbacks = client.getCrossSigningCacheCallbacks();
-    if (!callbacks.getCrossSigningKeyCache) return;
-    if (name === "m.cross_signing.self_signing") {
-        const key = await callbacks.getCrossSigningKeyCache("self_signing");
-        if (!key) {
-            console.log(`self_signing requested by ${deviceId}, but not found in cache`);
+    if (name.startsWith("m.cross_signing")) {
+        const callbacks = client.getCrossSigningCacheCallbacks();
+        if (!callbacks.getCrossSigningKeyCache) return;
+        /* Explicit enumeration here is deliberate – never share the master key! */
+        if (name === "m.cross_signing.self_signing") {
+            const key = await callbacks.getCrossSigningKeyCache("self_signing");
+            if (!key) {
+                console.log(
+                    `self_signing requested by ${deviceId}, but not found in cache`
+                );
+            }
+            return key && encodeBase64(key);
+        } else if (name === "m.cross_signing.user_signing") {
+            const key = await callbacks.getCrossSigningKeyCache("user_signing");
+            if (!key) {
+                console.log(
+                    `user_signing requested by ${deviceId}, but not found in cache`
+                );
+            }
+            return key && encodeBase64(key);
         }
-        return key && encodeBase64(key);
-    } else if (name === "m.cross_signing.user_signing") {
-        const key = await callbacks.getCrossSigningKeyCache("user_signing");
+    } else if (name === "m.megolm_backup.v1") {
+        const key = await client._crypto.getSessionBackupPrivateKey();
         if (!key) {
-            console.log(`user_signing requested by ${deviceId}, but not found in cache`);
+            console.log(
+                `session backup key requested by ${deviceId}, but not found in cache`
+            );
         }
         return key && encodeBase64(key);
     }