From 4d63c11f260f78e93d01f025d55ae028a2897cd8 Mon Sep 17 00:00:00 2001 From: Zoe Date: Wed, 25 Mar 2020 14:06:47 +0000 Subject: [PATCH 1/2] Respond to backup key sharing requests --- src/CrossSigningManager.js | 35 +++++++++++++++++++++++++---------- 1 file changed, 25 insertions(+), 10 deletions(-) diff --git a/src/CrossSigningManager.js b/src/CrossSigningManager.js index 097464ee43..5def8d9fd5 100644 --- a/src/CrossSigningManager.js +++ b/src/CrossSigningManager.js @@ -145,18 +145,33 @@ const onSecretRequested = async function({ console.log(`CrossSigningManager: Ignoring request from untrusted device ${deviceId}`); return; } - const callbacks = client.getCrossSigningCacheCallbacks(); - if (!callbacks.getCrossSigningKeyCache) return; - if (name === "m.cross_signing.self_signing") { - const key = await callbacks.getCrossSigningKeyCache("self_signing"); - if (!key) { - console.log(`self_signing requested by ${deviceId}, but not found in cache`); + if (name.startsWith("m.cross_signing")) { + const callbacks = client.getCrossSigningCacheCallbacks(); + if (!callbacks.getCrossSigningKeyCache) return; + /* Explicit enumeration here is deliberate – never share the master key! */ + if (name === "m.cross_signing.self_signing") { + const key = await callbacks.getCrossSigningKeyCache("self_signing"); + if (!key) { + console.log( + `self_signing requested by ${deviceId}, but not found in cache` + ); + } + return key && encodeBase64(key); + } else if (name === "m.cross_signing.user_signing") { + const key = await callbacks.getCrossSigningKeyCache("user_signing"); + if (!key) { + console.log( + `user_signing requested by ${deviceId}, but not found in cache` + ); + } + return key && encodeBase64(key); } - return key && encodeBase64(key); - } else if (name === "m.cross_signing.user_signing") { - const key = await callbacks.getCrossSigningKeyCache("user_signing"); + } else if (name === "m.megolm_backup.v1") { + const key = await client._crypto.getSessionBackupPrivateKey(); if (!key) { - console.log(`user_signing requested by ${deviceId}, but not found in cache`); + console.log( + `session backup key requested by ${deviceId}, but not found in cache` + ); } return key && encodeBase64(key); } From f891f3e9fa70ffc83fb679d5364d5dfc909ad42b Mon Sep 17 00:00:00 2001 From: Zoe Date: Wed, 25 Mar 2020 16:08:26 +0000 Subject: [PATCH 2/2] lint --- src/CrossSigningManager.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/CrossSigningManager.js b/src/CrossSigningManager.js index 5def8d9fd5..29eb3cb8be 100644 --- a/src/CrossSigningManager.js +++ b/src/CrossSigningManager.js @@ -153,7 +153,7 @@ const onSecretRequested = async function({ const key = await callbacks.getCrossSigningKeyCache("self_signing"); if (!key) { console.log( - `self_signing requested by ${deviceId}, but not found in cache` + `self_signing requested by ${deviceId}, but not found in cache`, ); } return key && encodeBase64(key); @@ -161,7 +161,7 @@ const onSecretRequested = async function({ const key = await callbacks.getCrossSigningKeyCache("user_signing"); if (!key) { console.log( - `user_signing requested by ${deviceId}, but not found in cache` + `user_signing requested by ${deviceId}, but not found in cache`, ); } return key && encodeBase64(key); @@ -170,7 +170,7 @@ const onSecretRequested = async function({ const key = await client._crypto.getSessionBackupPrivateKey(); if (!key) { console.log( - `session backup key requested by ${deviceId}, but not found in cache` + `session backup key requested by ${deviceId}, but not found in cache`, ); } return key && encodeBase64(key);