diff options
| author | Nicolas Werner <nicolas.werner@hotmail.de> | 2021-08-14 02:06:48 +0200 |
|---|---|---|
| committer | Nicolas Werner <nicolas.werner@hotmail.de> | 2021-08-14 02:06:48 +0200 |
| commit | 13633c7644d1a89bc09033ed1df9e4919afb3e25 (patch) | |
| tree | e12d1807848bbbb84c066ad2f18ef85e77401a20 /src | |
| parent | Show verification status in memberlist (diff) | |
| download | nheko-13633c7644d1a89bc09033ed1df9e4919afb3e25.tar.xz | |
Ensure device signatures always get verified on device update
Diffstat (limited to 'src')
| -rw-r--r-- | src/Cache.cpp | 37 |
1 files changed, 36 insertions, 1 deletions
diff --git a/src/Cache.cpp b/src/Cache.cpp index ea034dd0..00602acf 100644 --- a/src/Cache.cpp +++ b/src/Cache.cpp @@ -3901,8 +3901,43 @@ Cache::updateUserKeys(const std::string &sync_token, const mtx::responses::Query } } - if (!keyReused && !oldDeviceKeys.count(device_id)) + if (!keyReused && !oldDeviceKeys.count(device_id)) { + // ensure the key has a valid signature from itself + std::string device_signing_key = + "ed25519:" + device_keys.device_id; + if (device_id != device_keys.device_id) { + nhlog::crypto()->warn( + "device {}:{} has a different device id " + "in the body: {}", + user, + device_id, + device_keys.device_id); + continue; + } + if (!device_keys.signatures.count(user) || + !device_keys.signatures.at(user).count( + device_signing_key)) { + nhlog::crypto()->warn( + "device {}:{} has no signature", + user, + device_id); + continue; + } + + if (!mtx::crypto::ed25519_verify_signature( + device_keys.keys.at(device_signing_key), + json(device_keys), + device_keys.signatures.at(user).at( + device_signing_key))) { + nhlog::crypto()->warn( + "device {}:{} has an invalid signature", + user, + device_id); + continue; + } + updateToWrite.device_keys[device_id] = device_keys; + } } for (const auto &[key_id, key] : device_keys.keys) { |