From a5c500cccd007306b2bf5b7f6531e31217f722e7 Mon Sep 17 00:00:00 2001 From: Valere Date: Fri, 19 Nov 2021 15:27:47 +0100 Subject: [PATCH] Cleaning + fix copyright --- .../sdk/internal/crypto/OlmMachineProvider.kt | 2 +- .../sdk/internal/crypto/RequestSender.kt | 2 +- .../DefaultCrossSigningService.kt | 807 ------------------ .../crypto/crosssigning/UpdateTrustWorker.kt | 389 --------- .../crypto/keysbackup/RustKeyBackupService.kt | 2 +- .../crypto/verification/UpdateDispatcher.kt | 2 +- 6 files changed, 4 insertions(+), 1200 deletions(-) delete mode 100644 matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/crosssigning/DefaultCrossSigningService.kt delete mode 100644 matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/crosssigning/UpdateTrustWorker.kt diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OlmMachineProvider.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OlmMachineProvider.kt index f2de3b3724..441fe5acd0 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OlmMachineProvider.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/OlmMachineProvider.kt @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021 New Vector Ltd + * Copyright 2021 The Matrix.org Foundation C.I.C. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/RequestSender.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/RequestSender.kt index a0e3ea835c..6ce0fea71e 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/RequestSender.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/RequestSender.kt @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021 New Vector Ltd + * Copyright 2021 The Matrix.org Foundation C.I.C. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/crosssigning/DefaultCrossSigningService.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/crosssigning/DefaultCrossSigningService.kt deleted file mode 100644 index 64b423cca7..0000000000 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/crosssigning/DefaultCrossSigningService.kt +++ /dev/null @@ -1,807 +0,0 @@ -// /* -// * Copyright 2020 The Matrix.org Foundation C.I.C. -// * -// * Licensed under the Apache License, Version 2.0 (the "License"); -// * you may not use this file except in compliance with the License. -// * You may obtain a copy of the License at -// * -// * http://www.apache.org/licenses/LICENSE-2.0 -// * -// * Unless required by applicable law or agreed to in writing, software -// * distributed under the License is distributed on an "AS IS" BASIS, -// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// * See the License for the specific language governing permissions and -// * limitations under the License. -// */ -// -// package org.matrix.android.sdk.internal.crypto.crosssigning -// -// import androidx.lifecycle.LiveData -// import androidx.work.BackoffPolicy -// import androidx.work.ExistingWorkPolicy -// import kotlinx.coroutines.CoroutineScope -// import kotlinx.coroutines.launch -// import org.matrix.android.sdk.api.MatrixCallback -// import org.matrix.android.sdk.api.auth.UserInteractiveAuthInterceptor -// import org.matrix.android.sdk.api.extensions.orFalse -// import org.matrix.android.sdk.api.session.crypto.crosssigning.CrossSigningService -// import org.matrix.android.sdk.api.session.crypto.crosssigning.MXCrossSigningInfo -// import org.matrix.android.sdk.api.util.Optional -// import org.matrix.android.sdk.internal.crypto.DeviceListManager -// import org.matrix.android.sdk.internal.crypto.model.CryptoDeviceInfo -// import org.matrix.android.sdk.internal.crypto.model.rest.UploadSignatureQueryBuilder -// import org.matrix.android.sdk.internal.crypto.store.IMXCryptoStore -// import org.matrix.android.sdk.internal.crypto.store.PrivateKeysInfo -// import org.matrix.android.sdk.internal.crypto.tasks.InitializeCrossSigningTask -// import org.matrix.android.sdk.internal.crypto.tasks.UploadSignaturesTask -// import org.matrix.android.sdk.internal.di.SessionId -// import org.matrix.android.sdk.internal.di.UserId -// import org.matrix.android.sdk.internal.di.WorkManagerProvider -// import org.matrix.android.sdk.internal.session.SessionScope -// import org.matrix.android.sdk.internal.task.TaskExecutor -// import org.matrix.android.sdk.internal.task.TaskThread -// import org.matrix.android.sdk.internal.task.configureWith -// import org.matrix.android.sdk.internal.util.JsonCanonicalizer -// import org.matrix.android.sdk.internal.util.MatrixCoroutineDispatchers -// import org.matrix.android.sdk.internal.util.logLimit -// import org.matrix.android.sdk.internal.worker.WorkerParamsFactory -// import org.matrix.olm.OlmPkSigning -// import org.matrix.olm.OlmUtility -// import timber.log.Timber -// import java.util.concurrent.TimeUnit -// import javax.inject.Inject -// -// @SessionScope -// internal class DefaultCrossSigningService @Inject constructor( -// @UserId private val userId: String, -// @SessionId private val sessionId: String, -// private val cryptoStore: IMXCryptoStore, -// private val deviceListManager: DeviceListManager, -// private val initializeCrossSigningTask: InitializeCrossSigningTask, -// private val uploadSignaturesTask: UploadSignaturesTask, -// private val taskExecutor: TaskExecutor, -// private val coroutineDispatchers: MatrixCoroutineDispatchers, -// private val cryptoCoroutineScope: CoroutineScope, -// private val workManagerProvider: WorkManagerProvider, -// private val updateTrustWorkerDataRepository: UpdateTrustWorkerDataRepository -// ) : CrossSigningService, -// DeviceListManager.UserDevicesUpdateListener { -// -// private var olmUtility: OlmUtility? = null -// -// private var masterPkSigning: OlmPkSigning? = null -// private var userPkSigning: OlmPkSigning? = null -// private var selfSigningPkSigning: OlmPkSigning? = null -// -// init { -// try { -// olmUtility = OlmUtility() -// -// // Try to get stored keys if they exist -// cryptoStore.getMyCrossSigningInfo()?.let { mxCrossSigningInfo -> -// Timber.i("## CrossSigning - Found Existing self signed keys") -// Timber.i("## CrossSigning - Checking if private keys are known") -// -// cryptoStore.getCrossSigningPrivateKeys()?.let { privateKeysInfo -> -// privateKeysInfo.master -// ?.fromBase64() -// ?.let { privateKeySeed -> -// val pkSigning = OlmPkSigning() -// if (pkSigning.initWithSeed(privateKeySeed) == mxCrossSigningInfo.masterKey()?.unpaddedBase64PublicKey) { -// masterPkSigning = pkSigning -// Timber.i("## CrossSigning - Loading master key success") -// } else { -// Timber.w("## CrossSigning - Public master key does not match the private key") -// pkSigning.releaseSigning() -// // TODO untrust? -// } -// } -// privateKeysInfo.user -// ?.fromBase64() -// ?.let { privateKeySeed -> -// val pkSigning = OlmPkSigning() -// if (pkSigning.initWithSeed(privateKeySeed) == mxCrossSigningInfo.userKey()?.unpaddedBase64PublicKey) { -// userPkSigning = pkSigning -// Timber.i("## CrossSigning - Loading User Signing key success") -// } else { -// Timber.w("## CrossSigning - Public User key does not match the private key") -// pkSigning.releaseSigning() -// // TODO untrust? -// } -// } -// privateKeysInfo.selfSigned -// ?.fromBase64() -// ?.let { privateKeySeed -> -// val pkSigning = OlmPkSigning() -// if (pkSigning.initWithSeed(privateKeySeed) == mxCrossSigningInfo.selfSigningKey()?.unpaddedBase64PublicKey) { -// selfSigningPkSigning = pkSigning -// Timber.i("## CrossSigning - Loading Self Signing key success") -// } else { -// Timber.w("## CrossSigning - Public Self Signing key does not match the private key") -// pkSigning.releaseSigning() -// // TODO untrust? -// } -// } -// } -// -// // Recover local trust in case private key are there? -// setUserKeysAsTrusted(userId, checkUserTrust(userId).isVerified()) -// } -// } catch (e: Throwable) { -// // Mmm this kind of a big issue -// Timber.e(e, "Failed to initialize Cross Signing") -// } -// -// deviceListManager.addListener(this) -// } -// -// fun release() { -// olmUtility?.releaseUtility() -// listOf(masterPkSigning, userPkSigning, selfSigningPkSigning).forEach { it?.releaseSigning() } -// deviceListManager.removeListener(this) -// } -// -// protected fun finalize() { -// release() -// } -// -// /** -// * - Make 3 key pairs (MSK, USK, SSK) -// * - Save the private keys with proper security -// * - Sign the keys and upload them -// * - Sign the current device with SSK and sign MSK with device key (migration) and upload signatures -// */ -// override fun initializeCrossSigning(uiaInterceptor: UserInteractiveAuthInterceptor?, callback: MatrixCallback) { -// Timber.d("## CrossSigning initializeCrossSigning") -// -// val params = InitializeCrossSigningTask.Params( -// interactiveAuthInterceptor = uiaInterceptor -// ) -// initializeCrossSigningTask.configureWith(params) { -// this.callbackThread = TaskThread.CRYPTO -// this.callback = object : MatrixCallback { -// override fun onFailure(failure: Throwable) { -// Timber.e(failure, "Error in initializeCrossSigning()") -// callback.onFailure(failure) -// } -// -// override fun onSuccess(data: InitializeCrossSigningTask.Result) { -// val crossSigningInfo = MXCrossSigningInfo(userId, listOf(data.masterKeyInfo, data.userKeyInfo, data.selfSignedKeyInfo)) -// cryptoStore.setMyCrossSigningInfo(crossSigningInfo) -// setUserKeysAsTrusted(userId, true) -// cryptoStore.storePrivateKeysInfo(data.masterKeyPK, data.userKeyPK, data.selfSigningKeyPK) -// masterPkSigning = OlmPkSigning().apply { initWithSeed(data.masterKeyPK.fromBase64()) } -// userPkSigning = OlmPkSigning().apply { initWithSeed(data.userKeyPK.fromBase64()) } -// selfSigningPkSigning = OlmPkSigning().apply { initWithSeed(data.selfSigningKeyPK.fromBase64()) } -// -// callback.onSuccess(Unit) -// } -// } -// }.executeBy(taskExecutor) -// } -// -// override fun onSecretMSKGossip(mskPrivateKey: String) { -// Timber.i("## CrossSigning - onSecretSSKGossip") -// val mxCrossSigningInfo = getMyCrossSigningKeys() ?: return Unit.also { -// Timber.e("## CrossSigning - onSecretMSKGossip() received secret but public key is not known") -// } -// -// mskPrivateKey.fromBase64() -// .let { privateKeySeed -> -// val pkSigning = OlmPkSigning() -// try { -// if (pkSigning.initWithSeed(privateKeySeed) == mxCrossSigningInfo.masterKey()?.unpaddedBase64PublicKey) { -// masterPkSigning?.releaseSigning() -// masterPkSigning = pkSigning -// Timber.i("## CrossSigning - Loading MSK success") -// cryptoStore.storeMSKPrivateKey(mskPrivateKey) -// return -// } else { -// Timber.e("## CrossSigning - onSecretMSKGossip() private key do not match public key") -// pkSigning.releaseSigning() -// } -// } catch (failure: Throwable) { -// Timber.e("## CrossSigning - onSecretMSKGossip() ${failure.localizedMessage}") -// pkSigning.releaseSigning() -// } -// } -// } -// -// override fun onSecretSSKGossip(sskPrivateKey: String) { -// Timber.i("## CrossSigning - onSecretSSKGossip") -// val mxCrossSigningInfo = getMyCrossSigningKeys() ?: return Unit.also { -// Timber.e("## CrossSigning - onSecretSSKGossip() received secret but public key is not known") -// } -// -// sskPrivateKey.fromBase64() -// .let { privateKeySeed -> -// val pkSigning = OlmPkSigning() -// try { -// if (pkSigning.initWithSeed(privateKeySeed) == mxCrossSigningInfo.selfSigningKey()?.unpaddedBase64PublicKey) { -// selfSigningPkSigning?.releaseSigning() -// selfSigningPkSigning = pkSigning -// Timber.i("## CrossSigning - Loading SSK success") -// cryptoStore.storeSSKPrivateKey(sskPrivateKey) -// return -// } else { -// Timber.e("## CrossSigning - onSecretSSKGossip() private key do not match public key") -// pkSigning.releaseSigning() -// } -// } catch (failure: Throwable) { -// Timber.e("## CrossSigning - onSecretSSKGossip() ${failure.localizedMessage}") -// pkSigning.releaseSigning() -// } -// } -// } -// -// override fun onSecretUSKGossip(uskPrivateKey: String) { -// Timber.i("## CrossSigning - onSecretUSKGossip") -// val mxCrossSigningInfo = getMyCrossSigningKeys() ?: return Unit.also { -// Timber.e("## CrossSigning - onSecretUSKGossip() received secret but public key is not knwow ") -// } -// -// uskPrivateKey.fromBase64() -// .let { privateKeySeed -> -// val pkSigning = OlmPkSigning() -// try { -// if (pkSigning.initWithSeed(privateKeySeed) == mxCrossSigningInfo.userKey()?.unpaddedBase64PublicKey) { -// userPkSigning?.releaseSigning() -// userPkSigning = pkSigning -// Timber.i("## CrossSigning - Loading USK success") -// cryptoStore.storeUSKPrivateKey(uskPrivateKey) -// return -// } else { -// Timber.e("## CrossSigning - onSecretUSKGossip() private key do not match public key") -// pkSigning.releaseSigning() -// } -// } catch (failure: Throwable) { -// pkSigning.releaseSigning() -// } -// } -// } -// -// override fun checkTrustFromPrivateKeys(masterKeyPrivateKey: String?, -// uskKeyPrivateKey: String?, -// sskPrivateKey: String? -// ): UserTrustResult { -// val mxCrossSigningInfo = getMyCrossSigningKeys() ?: return UserTrustResult.CrossSigningNotConfigured(userId) -// -// var masterKeyIsTrusted = false -// var userKeyIsTrusted = false -// var selfSignedKeyIsTrusted = false -// -// masterKeyPrivateKey?.fromBase64() -// ?.let { privateKeySeed -> -// val pkSigning = OlmPkSigning() -// try { -// if (pkSigning.initWithSeed(privateKeySeed) == mxCrossSigningInfo.masterKey()?.unpaddedBase64PublicKey) { -// masterPkSigning?.releaseSigning() -// masterPkSigning = pkSigning -// masterKeyIsTrusted = true -// Timber.i("## CrossSigning - Loading master key success") -// } else { -// pkSigning.releaseSigning() -// } -// } catch (failure: Throwable) { -// pkSigning.releaseSigning() -// } -// } -// -// uskKeyPrivateKey?.fromBase64() -// ?.let { privateKeySeed -> -// val pkSigning = OlmPkSigning() -// try { -// if (pkSigning.initWithSeed(privateKeySeed) == mxCrossSigningInfo.userKey()?.unpaddedBase64PublicKey) { -// userPkSigning?.releaseSigning() -// userPkSigning = pkSigning -// userKeyIsTrusted = true -// Timber.i("## CrossSigning - Loading master key success") -// } else { -// pkSigning.releaseSigning() -// } -// } catch (failure: Throwable) { -// pkSigning.releaseSigning() -// } -// } -// -// sskPrivateKey?.fromBase64() -// ?.let { privateKeySeed -> -// val pkSigning = OlmPkSigning() -// try { -// if (pkSigning.initWithSeed(privateKeySeed) == mxCrossSigningInfo.selfSigningKey()?.unpaddedBase64PublicKey) { -// selfSigningPkSigning?.releaseSigning() -// selfSigningPkSigning = pkSigning -// selfSignedKeyIsTrusted = true -// Timber.i("## CrossSigning - Loading master key success") -// } else { -// pkSigning.releaseSigning() -// } -// } catch (failure: Throwable) { -// pkSigning.releaseSigning() -// } -// } -// -// if (!masterKeyIsTrusted || !userKeyIsTrusted || !selfSignedKeyIsTrusted) { -// return UserTrustResult.KeysNotTrusted(mxCrossSigningInfo) -// } else { -// cryptoStore.markMyMasterKeyAsLocallyTrusted(true) -// val checkSelfTrust = checkSelfTrust() -// if (checkSelfTrust.isVerified()) { -// cryptoStore.storePrivateKeysInfo(masterKeyPrivateKey, uskKeyPrivateKey, sskPrivateKey) -// setUserKeysAsTrusted(userId, true) -// } -// return checkSelfTrust -// } -// } -// -// /** -// * -// * ┏━━━━━━━━┓ ┏━━━━━━━━┓ -// * ┃ ALICE ┃ ┃ BOB ┃ -// * ┗━━━━━━━━┛ ┗━━━━━━━━┛ -// * MSK ┌────────────▶ MSK -// * │ -// * │ │ -// * │ SSK │ -// * │ │ -// * │ │ -// * └──▶ USK ────────────┘ -// */ -// override fun isUserTrusted(otherUserId: String): Boolean { -// return cryptoStore.getCrossSigningInfo(userId)?.isTrusted() == true -// } -// -// override fun isCrossSigningVerified(): Boolean { -// return checkSelfTrust().isVerified() -// } -// -// /** -// * Will not force a download of the key, but will verify signatures trust chain -// */ -// override fun checkUserTrust(otherUserId: String): UserTrustResult { -// Timber.v("## CrossSigning checkUserTrust for $otherUserId") -// if (otherUserId == userId) { -// return checkSelfTrust() -// } -// // I trust a user if I trust his master key -// // I can trust the master key if it is signed by my user key -// // TODO what if the master key is signed by a device key that i have verified -// -// // First let's get my user key -// val myCrossSigningInfo = cryptoStore.getCrossSigningInfo(userId) -// -// checkOtherMSKTrusted(myCrossSigningInfo, cryptoStore.getCrossSigningInfo(otherUserId)) -// -// return UserTrustResult.Success -// } -// -// fun checkOtherMSKTrusted(myCrossSigningInfo: MXCrossSigningInfo?, otherInfo: MXCrossSigningInfo?): UserTrustResult { -// val myUserKey = myCrossSigningInfo?.userKey() -// ?: return UserTrustResult.CrossSigningNotConfigured(userId) -// -// if (!myCrossSigningInfo.isTrusted()) { -// return UserTrustResult.KeysNotTrusted(myCrossSigningInfo) -// } -// -// // Let's get the other user master key -// val otherMasterKey = otherInfo?.masterKey() -// ?: return UserTrustResult.UnknownCrossSignatureInfo(otherInfo?.userId ?: "") -// -// val masterKeySignaturesMadeByMyUserKey = otherMasterKey.signatures -// ?.get(userId) // Signatures made by me -// ?.get("ed25519:${myUserKey.unpaddedBase64PublicKey}") -// -// if (masterKeySignaturesMadeByMyUserKey.isNullOrBlank()) { -// Timber.d("## CrossSigning checkUserTrust false for ${otherInfo.userId}, not signed by my UserSigningKey") -// return UserTrustResult.KeyNotSigned(otherMasterKey) -// } -// -// // Check that Alice USK signature of Bob MSK is valid -// try { -// olmUtility!!.verifyEd25519Signature(masterKeySignaturesMadeByMyUserKey, myUserKey.unpaddedBase64PublicKey, otherMasterKey.canonicalSignable()) -// } catch (failure: Throwable) { -// return UserTrustResult.InvalidSignature(myUserKey, masterKeySignaturesMadeByMyUserKey) -// } -// -// return UserTrustResult.Success -// } -// -// private fun checkSelfTrust(): UserTrustResult { -// // Special case when it's me, -// // I have to check that MSK -> USK -> SSK -// // and that MSK is trusted (i know the private key, or is signed by a trusted device) -// val myCrossSigningInfo = cryptoStore.getCrossSigningInfo(userId) -// -// return checkSelfTrust(myCrossSigningInfo, cryptoStore.getUserDeviceList(userId)) -// } -// -// fun checkSelfTrust(myCrossSigningInfo: MXCrossSigningInfo?, myDevices: List?): UserTrustResult { -// // Special case when it's me, -// // I have to check that MSK -> USK -> SSK -// // and that MSK is trusted (i know the private key, or is signed by a trusted device) -// // val myCrossSigningInfo = cryptoStore.getCrossSigningInfo(userId) -// -// val myMasterKey = myCrossSigningInfo?.masterKey() -// ?: return UserTrustResult.CrossSigningNotConfigured(userId) -// -// // Is the master key trusted -// // 1) check if I know the private key -// val masterPrivateKey = cryptoStore.getCrossSigningPrivateKeys() -// ?.master -// ?.fromBase64() -// -// var isMaterKeyTrusted = false -// if (myMasterKey.trustLevel?.locallyVerified == true) { -// isMaterKeyTrusted = true -// } else if (masterPrivateKey != null) { -// // Check if private match public -// var olmPkSigning: OlmPkSigning? = null -// try { -// olmPkSigning = OlmPkSigning() -// val expectedPK = olmPkSigning.initWithSeed(masterPrivateKey) -// isMaterKeyTrusted = myMasterKey.unpaddedBase64PublicKey == expectedPK -// } catch (failure: Throwable) { -// Timber.e(failure) -// } -// olmPkSigning?.releaseSigning() -// } else { -// // Maybe it's signed by a locally trusted device? -// myMasterKey.signatures?.get(userId)?.forEach { (key, value) -> -// val potentialDeviceId = key.removePrefix("ed25519:") -// val potentialDevice = myDevices?.firstOrNull { it.deviceId == potentialDeviceId } // cryptoStore.getUserDevice(userId, potentialDeviceId) -// if (potentialDevice != null && potentialDevice.isVerified) { -// // Check signature validity? -// try { -// olmUtility?.verifyEd25519Signature(value, potentialDevice.fingerprint(), myMasterKey.canonicalSignable()) -// isMaterKeyTrusted = true -// return@forEach -// } catch (failure: Throwable) { -// // log -// Timber.w(failure, "Signature not valid?") -// } -// } -// } -// } -// -// if (!isMaterKeyTrusted) { -// return UserTrustResult.KeysNotTrusted(myCrossSigningInfo) -// } -// -// val myUserKey = myCrossSigningInfo.userKey() -// ?: return UserTrustResult.CrossSigningNotConfigured(userId) -// -// val userKeySignaturesMadeByMyMasterKey = myUserKey.signatures -// ?.get(userId) // Signatures made by me -// ?.get("ed25519:${myMasterKey.unpaddedBase64PublicKey}") -// -// if (userKeySignaturesMadeByMyMasterKey.isNullOrBlank()) { -// Timber.d("## CrossSigning checkUserTrust false for $userId, USK not signed by MSK") -// return UserTrustResult.KeyNotSigned(myUserKey) -// } -// -// // Check that Alice USK signature of Alice MSK is valid -// try { -// olmUtility!!.verifyEd25519Signature(userKeySignaturesMadeByMyMasterKey, myMasterKey.unpaddedBase64PublicKey, myUserKey.canonicalSignable()) -// } catch (failure: Throwable) { -// return UserTrustResult.InvalidSignature(myUserKey, userKeySignaturesMadeByMyMasterKey) -// } -// -// val mySSKey = myCrossSigningInfo.selfSigningKey() -// ?: return UserTrustResult.CrossSigningNotConfigured(userId) -// -// val ssKeySignaturesMadeByMyMasterKey = mySSKey.signatures -// ?.get(userId) // Signatures made by me -// ?.get("ed25519:${myMasterKey.unpaddedBase64PublicKey}") -// -// if (ssKeySignaturesMadeByMyMasterKey.isNullOrBlank()) { -// Timber.d("## CrossSigning checkUserTrust false for $userId, SSK not signed by MSK") -// return UserTrustResult.KeyNotSigned(mySSKey) -// } -// -// // Check that Alice USK signature of Alice MSK is valid -// try { -// olmUtility!!.verifyEd25519Signature(ssKeySignaturesMadeByMyMasterKey, myMasterKey.unpaddedBase64PublicKey, mySSKey.canonicalSignable()) -// } catch (failure: Throwable) { -// return UserTrustResult.InvalidSignature(mySSKey, ssKeySignaturesMadeByMyMasterKey) -// } -// -// return UserTrustResult.Success -// } -// -// override fun getUserCrossSigningKeys(otherUserId: String): MXCrossSigningInfo? { -// return cryptoStore.getCrossSigningInfo(otherUserId) -// } -// -// override fun getLiveCrossSigningKeys(userId: String): LiveData> { -// return cryptoStore.getLiveCrossSigningInfo(userId) -// } -// -// override fun getMyCrossSigningKeys(): MXCrossSigningInfo? { -// return cryptoStore.getMyCrossSigningInfo() -// } -// -// override fun getCrossSigningPrivateKeys(): PrivateKeysInfo? { -// return cryptoStore.getCrossSigningPrivateKeys() -// } -// -// override fun getLiveCrossSigningPrivateKeys(): LiveData> { -// return cryptoStore.getLiveCrossSigningPrivateKeys() -// } -// -// override fun canCrossSign(): Boolean { -// return checkSelfTrust().isVerified() && cryptoStore.getCrossSigningPrivateKeys()?.selfSigned != null -// && cryptoStore.getCrossSigningPrivateKeys()?.user != null -// } -// -// override fun allPrivateKeysKnown(): Boolean { -// return checkSelfTrust().isVerified() -// && cryptoStore.getCrossSigningPrivateKeys()?.allKnown().orFalse() -// } -// -// override fun trustUser(otherUserId: String, callback: MatrixCallback) { -// cryptoCoroutineScope.launch(coroutineDispatchers.crypto) { -// Timber.d("## CrossSigning - Mark user $userId as trusted ") -// // We should have this user keys -// val otherMasterKeys = getUserCrossSigningKeys(otherUserId)?.masterKey() -// if (otherMasterKeys == null) { -// callback.onFailure(Throwable("## CrossSigning - Other master signing key is not known")) -// return@launch -// } -// val myKeys = getUserCrossSigningKeys(userId) -// if (myKeys == null) { -// callback.onFailure(Throwable("## CrossSigning - CrossSigning is not setup for this account")) -// return@launch -// } -// val userPubKey = myKeys.userKey()?.unpaddedBase64PublicKey -// if (userPubKey == null || userPkSigning == null) { -// callback.onFailure(Throwable("## CrossSigning - Cannot sign from this account, privateKeyUnknown $userPubKey")) -// return@launch -// } -// -// // Sign the other MasterKey with our UserSigning key -// val newSignature = JsonCanonicalizer.getCanonicalJson(Map::class.java, -// otherMasterKeys.signalableJSONDictionary()).let { userPkSigning?.sign(it) } -// -// if (newSignature == null) { -// // race?? -// callback.onFailure(Throwable("## CrossSigning - Failed to sign")) -// return@launch -// } -// -// cryptoStore.setUserKeysAsTrusted(otherUserId, true) -// // TODO update local copy with new signature directly here? kind of local echo of trust? -// -// Timber.d("## CrossSigning - Upload signature of $userId MSK signed by USK") -// val uploadQuery = UploadSignatureQueryBuilder() -// .withSigningKeyInfo(otherMasterKeys.copyForSignature(userId, userPubKey, newSignature)) -// .build() -// uploadSignaturesTask.configureWith(UploadSignaturesTask.Params(uploadQuery)) { -// this.executionThread = TaskThread.CRYPTO -// this.callback = callback -// }.executeBy(taskExecutor) -// } -// } -// -// override fun markMyMasterKeyAsTrusted() { -// cryptoCoroutineScope.launch(coroutineDispatchers.crypto) { -// cryptoStore.markMyMasterKeyAsLocallyTrusted(true) -// checkSelfTrust() -// // re-verify all trusts -// onUsersDeviceUpdate(listOf(userId)) -// } -// } -// -// override fun trustDevice(deviceId: String, callback: MatrixCallback) { -// cryptoCoroutineScope.launch(coroutineDispatchers.crypto) { -// // This device should be yours -// val device = cryptoStore.getUserDevice(userId, deviceId) -// if (device == null) { -// callback.onFailure(IllegalArgumentException("This device [$deviceId] is not known, or not yours")) -// return@launch -// } -// -// val myKeys = getUserCrossSigningKeys(userId) -// if (myKeys == null) { -// callback.onFailure(Throwable("CrossSigning is not setup for this account")) -// return@launch -// } -// -// val ssPubKey = myKeys.selfSigningKey()?.unpaddedBase64PublicKey -// if (ssPubKey == null || selfSigningPkSigning == null) { -// callback.onFailure(Throwable("Cannot sign from this account, public and/or privateKey Unknown $ssPubKey")) -// return@launch -// } -// -// // Sign with self signing -// val newSignature = selfSigningPkSigning?.sign(device.canonicalSignable()) -// -// if (newSignature == null) { -// // race?? -// callback.onFailure(Throwable("Failed to sign")) -// return@launch -// } -// val toUpload = device.copy( -// signatures = mapOf( -// userId -// to -// mapOf( -// "ed25519:$ssPubKey" to newSignature -// ) -// ) -// ) -// -// val uploadQuery = UploadSignatureQueryBuilder() -// .withDeviceInfo(toUpload) -// .build() -// uploadSignaturesTask.configureWith(UploadSignaturesTask.Params(uploadQuery)) { -// this.executionThread = TaskThread.CRYPTO -// this.callback = callback -// }.executeBy(taskExecutor) -// } -// } -// -// override fun checkDeviceTrust(otherUserId: String, otherDeviceId: String, locallyTrusted: Boolean?): DeviceTrustResult { -// val otherDevice = cryptoStore.getUserDevice(otherUserId, otherDeviceId) -// ?: return DeviceTrustResult.UnknownDevice(otherDeviceId) -// -// val myKeys = getUserCrossSigningKeys(userId) -// ?: return legacyFallbackTrust(locallyTrusted, DeviceTrustResult.CrossSigningNotConfigured(userId)) -// -// if (!myKeys.isTrusted()) return legacyFallbackTrust(locallyTrusted, DeviceTrustResult.KeysNotTrusted(myKeys)) -// -// val otherKeys = getUserCrossSigningKeys(otherUserId) -// ?: return legacyFallbackTrust(locallyTrusted, DeviceTrustResult.CrossSigningNotConfigured(otherUserId)) -// -// // TODO should we force verification ? -// if (!otherKeys.isTrusted()) return legacyFallbackTrust(locallyTrusted, DeviceTrustResult.KeysNotTrusted(otherKeys)) -// -// // Check if the trust chain is valid -// /* -// * ┏━━━━━━━━┓ ┏━━━━━━━━┓ -// * ┃ ALICE ┃ ┃ BOB ┃ -// * ┗━━━━━━━━┛ ┗━━━━━━━━┛ -// * MSK ┌────────────▶MSK -// * │ -// * │ │ │ -// * │ SSK │ └──▶ SSK ──────────────────┐ -// * │ │ │ -// * │ │ USK │ -// * └──▶ USK ────────────┘ (not visible by │ -// * Alice) │ -// * ▼ -// * ┌──────────────┐ -// * │ BOB's Device │ -// * └──────────────┘ -// */ -// -// val otherSSKSignature = otherDevice.signatures?.get(otherUserId)?.get("ed25519:${otherKeys.selfSigningKey()?.unpaddedBase64PublicKey}") -// ?: return legacyFallbackTrust( -// locallyTrusted, -// DeviceTrustResult.MissingDeviceSignature(otherDeviceId, otherKeys.selfSigningKey() -// ?.unpaddedBase64PublicKey -// ?: "" -// ) -// ) -// -// // Check bob's device is signed by bob's SSK -// try { -// olmUtility!!.verifyEd25519Signature(otherSSKSignature, otherKeys.selfSigningKey()?.unpaddedBase64PublicKey, otherDevice.canonicalSignable()) -// } catch (e: Throwable) { -// return legacyFallbackTrust(locallyTrusted, DeviceTrustResult.InvalidDeviceSignature(otherDeviceId, otherSSKSignature, e)) -// } -// -// return DeviceTrustResult.Success(DeviceTrustLevel(crossSigningVerified = true, locallyVerified = locallyTrusted)) -// } -// -// fun checkDeviceTrust(myKeys: MXCrossSigningInfo?, otherKeys: MXCrossSigningInfo?, otherDevice: CryptoDeviceInfo): DeviceTrustResult { -// val locallyTrusted = otherDevice.trustLevel?.isLocallyVerified() -// myKeys ?: return legacyFallbackTrust(locallyTrusted, DeviceTrustResult.CrossSigningNotConfigured(userId)) -// -// if (!myKeys.isTrusted()) return legacyFallbackTrust(locallyTrusted, DeviceTrustResult.KeysNotTrusted(myKeys)) -// -// otherKeys ?: return legacyFallbackTrust(locallyTrusted, DeviceTrustResult.CrossSigningNotConfigured(otherDevice.userId)) -// -// // TODO should we force verification ? -// if (!otherKeys.isTrusted()) return legacyFallbackTrust(locallyTrusted, DeviceTrustResult.KeysNotTrusted(otherKeys)) -// -// // Check if the trust chain is valid -// /* -// * ┏━━━━━━━━┓ ┏━━━━━━━━┓ -// * ┃ ALICE ┃ ┃ BOB ┃ -// * ┗━━━━━━━━┛ ┗━━━━━━━━┛ -// * MSK ┌────────────▶MSK -// * │ -// * │ │ │ -// * │ SSK │ └──▶ SSK ──────────────────┐ -// * │ │ │ -// * │ │ USK │ -// * └──▶ USK ────────────┘ (not visible by │ -// * Alice) │ -// * ▼ -// * ┌──────────────┐ -// * │ BOB's Device │ -// * └──────────────┘ -// */ -// -// val otherSSKSignature = otherDevice.signatures?.get(otherKeys.userId)?.get("ed25519:${otherKeys.selfSigningKey()?.unpaddedBase64PublicKey}") -// ?: return legacyFallbackTrust( -// locallyTrusted, -// DeviceTrustResult.MissingDeviceSignature(otherDevice.deviceId, otherKeys.selfSigningKey() -// ?.unpaddedBase64PublicKey -// ?: "" -// ) -// ) -// -// // Check bob's device is signed by bob's SSK -// try { -// olmUtility!!.verifyEd25519Signature(otherSSKSignature, otherKeys.selfSigningKey()?.unpaddedBase64PublicKey, otherDevice.canonicalSignable()) -// } catch (e: Throwable) { -// return legacyFallbackTrust(locallyTrusted, DeviceTrustResult.InvalidDeviceSignature(otherDevice.deviceId, otherSSKSignature, e)) -// } -// -// return DeviceTrustResult.Success(DeviceTrustLevel(crossSigningVerified = true, locallyVerified = locallyTrusted)) -// } -// -// private fun legacyFallbackTrust(locallyTrusted: Boolean?, crossSignTrustFail: DeviceTrustResult): DeviceTrustResult { -// return if (locallyTrusted == true) { -// DeviceTrustResult.Success(DeviceTrustLevel(crossSigningVerified = false, locallyVerified = true)) -// } else { -// crossSignTrustFail -// } -// } -// -// override fun onUsersDeviceUpdate(userIds: List) { -// Timber.d("## CrossSigning - onUsersDeviceUpdate for users: ${userIds.logLimit()}") -// val workerParams = UpdateTrustWorker.Params( -// sessionId = sessionId, -// filename = updateTrustWorkerDataRepository.createParam(userIds) -// ) -// val workerData = WorkerParamsFactory.toData(workerParams) -// -// val workRequest = workManagerProvider.matrixOneTimeWorkRequestBuilder() -// .setInputData(workerData) -// .setBackoffCriteria(BackoffPolicy.LINEAR, WorkManagerProvider.BACKOFF_DELAY_MILLIS, TimeUnit.MILLISECONDS) -// .build() -// -// workManagerProvider.workManager -// .beginUniqueWork("TRUST_UPDATE_QUEUE", ExistingWorkPolicy.APPEND_OR_REPLACE, workRequest) -// .enqueue() -// } -// -// private fun setUserKeysAsTrusted(otherUserId: String, trusted: Boolean) { -// val currentTrust = cryptoStore.getCrossSigningInfo(otherUserId)?.isTrusted() -// cryptoStore.setUserKeysAsTrusted(otherUserId, trusted) -// // If it's me, recheck trust of all users and devices? -// val users = ArrayList() -// if (otherUserId == userId && currentTrust != trusted) { -// // reRequestAllPendingRoomKeyRequest() -// cryptoStore.updateUsersTrust { -// users.add(it) -// checkUserTrust(it).isVerified() -// } -// -// users.forEach { -// cryptoStore.getUserDeviceList(it)?.forEach { device -> -// val updatedTrust = checkDeviceTrust(it, device.deviceId, device.trustLevel?.isLocallyVerified() ?: false) -// Timber.v("## CrossSigning - update trust for device ${device.deviceId} of user $otherUserId , verified=$updatedTrust") -// cryptoStore.setDeviceTrust(it, device.deviceId, updatedTrust.isCrossSignedVerified(), updatedTrust.isLocallyVerified()) -// } -// } -// } -// } -// -// // private fun reRequestAllPendingRoomKeyRequest() { -// // cryptoCoroutineScope.launch(coroutineDispatchers.crypto) { -// // Timber.d("## CrossSigning - reRequest pending outgoing room key requests") -// // cryptoStore.getOutgoingRoomKeyRequests().forEach { -// // it.requestBody?.let { requestBody -> -// // if (cryptoStore.getInboundGroupSession(requestBody.sessionId ?: "", requestBody.senderKey ?: "") == null) { -// // outgoingRoomKeyRequestManager.resendRoomKeyRequest(requestBody) -// // } else { -// // outgoingRoomKeyRequestManager.cancelRoomKeyRequest(requestBody) -// // } -// // } -// // } -// // } -// // } -// } diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/crosssigning/UpdateTrustWorker.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/crosssigning/UpdateTrustWorker.kt deleted file mode 100644 index 3121e99572..0000000000 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/crosssigning/UpdateTrustWorker.kt +++ /dev/null @@ -1,389 +0,0 @@ -// /* -// * Copyright 2020 The Matrix.org Foundation C.I.C. -// * -// * Licensed under the Apache License, Version 2.0 (the "License"); -// * you may not use this file except in compliance with the License. -// * You may obtain a copy of the License at -// * -// * http://www.apache.org/licenses/LICENSE-2.0 -// * -// * Unless required by applicable law or agreed to in writing, software -// * distributed under the License is distributed on an "AS IS" BASIS, -// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// * See the License for the specific language governing permissions and -// * limitations under the License. -// */ -// -// package org.matrix.android.sdk.internal.crypto.crosssigning -// -// import android.content.Context -// import androidx.work.WorkerParameters -// import com.squareup.moshi.JsonClass -// import io.realm.Realm -// import io.realm.RealmConfiguration -// import io.realm.kotlin.where -// import kotlinx.coroutines.runBlocking -// import org.matrix.android.sdk.api.crypto.RoomEncryptionTrustLevel -// import org.matrix.android.sdk.api.extensions.orFalse -// import org.matrix.android.sdk.api.session.crypto.crosssigning.MXCrossSigningInfo -// import org.matrix.android.sdk.internal.crypto.OlmMachineProvider -// import org.matrix.android.sdk.internal.crypto.store.IMXCryptoStore -// import org.matrix.android.sdk.internal.crypto.store.db.mapper.CrossSigningKeysMapper -// import org.matrix.android.sdk.internal.crypto.store.db.model.CrossSigningInfoEntity -// import org.matrix.android.sdk.internal.crypto.store.db.model.CrossSigningInfoEntityFields -// import org.matrix.android.sdk.internal.crypto.store.db.model.CryptoMapper -// import org.matrix.android.sdk.internal.crypto.store.db.model.TrustLevelEntity -// import org.matrix.android.sdk.internal.crypto.store.db.model.UserEntity -// import org.matrix.android.sdk.internal.crypto.store.db.model.UserEntityFields -// import org.matrix.android.sdk.internal.database.awaitTransaction -// import org.matrix.android.sdk.internal.database.model.RoomMemberSummaryEntity -// import org.matrix.android.sdk.internal.database.model.RoomMemberSummaryEntityFields -// import org.matrix.android.sdk.internal.database.model.RoomSummaryEntity -// import org.matrix.android.sdk.internal.database.model.RoomSummaryEntityFields -// import org.matrix.android.sdk.internal.database.query.where -// import org.matrix.android.sdk.internal.di.CryptoDatabase -// import org.matrix.android.sdk.internal.di.SessionDatabase -// import org.matrix.android.sdk.internal.di.UserId -// import org.matrix.android.sdk.internal.session.SessionComponent -// import org.matrix.android.sdk.internal.session.room.membership.RoomMemberHelper -// import org.matrix.android.sdk.internal.util.logLimit -// import org.matrix.android.sdk.internal.worker.SessionSafeCoroutineWorker -// import org.matrix.android.sdk.internal.worker.SessionWorkerParams -// import timber.log.Timber -// import javax.inject.Inject -// -// @Deprecated("Now using olm machine") -// internal class UpdateTrustWorker(context: Context, -// params: WorkerParameters) -// : SessionSafeCoroutineWorker(context, params, Params::class.java) { -// -// @JsonClass(generateAdapter = true) -// internal data class Params( -// override val sessionId: String, -// override val lastFailureMessage: String? = null, -// // Kept for compatibility, but not used anymore (can be used for pending Worker) -// val updatedUserIds: List? = null, -// // Passing a long list of userId can break the Work Manager due to data size limitation. -// // so now we use a temporary file to store the data -// val filename: String? = null -// ) : SessionWorkerParams -// -// // @Inject lateinit var crossSigningService: RustCrossSigningService -// @Inject lateinit var olmMachineProvider: OlmMachineProvider//: RustCrossSigningService -// -// // It breaks the crypto store contract, but we need to batch things :/ -// @CryptoDatabase -// @Inject lateinit var cryptoRealmConfiguration: RealmConfiguration -// -// @SessionDatabase -// @Inject lateinit var sessionRealmConfiguration: RealmConfiguration -// -// @UserId -// @Inject lateinit var myUserId: String -// @Inject lateinit var crossSigningKeysMapper: CrossSigningKeysMapper -// @Inject lateinit var updateTrustWorkerDataRepository: UpdateTrustWorkerDataRepository -// -// // @Inject lateinit var roomSummaryUpdater: RoomSummaryUpdater -// @Inject lateinit var cryptoStore: IMXCryptoStore -// -// override fun injectWith(injector: SessionComponent) { -// injector.inject(this) -// } -// -// override suspend fun doSafeWork(params: Params): Result { -// val userList = params.filename -// ?.let { updateTrustWorkerDataRepository.getParam(it) } -// ?.userIds -// ?: params.updatedUserIds.orEmpty() -// -// // List should not be empty, but let's avoid go further in case of empty list -// if (userList.isNotEmpty()) { -// // Unfortunately we don't have much info on what did exactly changed (is it the cross signing keys of that user, -// // or a new device?) So we check all again :/ -// Timber.d("## CrossSigning - Updating trust for users: ${userList.logLimit()}") -// updateTrust(userList) -// } -// -// cleanup(params) -// return Result.success() -// } -// -// private suspend fun updateTrust(userListParam: List) { -// var userList = userListParam -// var myCrossSigningInfo: MXCrossSigningInfo? = null -// -// // First we check that the users MSK are trusted by mine -// // After that we check the trust chain for each devices of each users -// awaitTransaction(cryptoRealmConfiguration) { cryptoRealm -> -// // By mapping here to model, this object is not live -// // I should update it if needed -// myCrossSigningInfo = getCrossSigningInfo(cryptoRealm, myUserId) -// -// var myTrustResult: UserTrustResult? = null -// -// if (userList.contains(myUserId)) { -// Timber.d("## CrossSigning - Clear all trust as a change on my user was detected") -// // i am in the list.. but i don't know exactly the delta of change :/ -// // If it's my cross signing keys we should refresh all trust -// // do it anyway ? -// userList = cryptoRealm.where(CrossSigningInfoEntity::class.java) -// .findAll() -// .mapNotNull { it.userId } -// -// // check right now my keys and mark it as trusted as other trust depends on it -// // val myDevices = olmMachineProvider.olmMachine.getUserDevices(myUserId) -// // cryptoRealm.where() -// // .equalTo(UserEntityFields.USER_ID, myUserId) -// // .findFirst() -// // ?.devices -// // ?.map { CryptoMapper.mapToModel(it) } -// -// -// val identity = olmMachineProvider.olmMachine.getIdentity(olmMachineProvider.olmMachine.userId()) -// myTrustResult = if (identity?.verified() == true) { -// UserTrustResult.Success -// } else { -// if (identity?.toMxCrossSigningInfo() == null) { -// UserTrustResult.CrossSigningNotConfigured(olmMachineProvider.olmMachine.userId()) -// } else { -// UserTrustResult.KeysNotTrusted(identity.toMxCrossSigningInfo()) -// } -// } -// -// // crossSigningService.checkSelfTrust(myCrossSigningInfo, myDevices) -// updateCrossSigningKeysTrust(cryptoRealm, myUserId, myTrustResult.isVerified()) -// // update model reference -// myCrossSigningInfo = getCrossSigningInfo(cryptoRealm, myUserId) -// } -// -// val otherInfos = userList.associateWith { userId -> -// getCrossSigningInfo(cryptoRealm, userId) -// } -// -// val trusts = otherInfos.mapValues { entry -> -// when (entry.key) { -// myUserId -> myTrustResult -// else -> { -// val userId = entry.value?.userId ?: "" -// val identity = olmMachineProvider.olmMachine.getIdentity(userId) -// if (identity?.verified() == true) { -// UserTrustResult.Success -// } else { -// if (identity?.toMxCrossSigningInfo() == null) { -// UserTrustResult.CrossSigningNotConfigured(userId) -// } else { -// UserTrustResult.KeysNotTrusted(identity.toMxCrossSigningInfo()) -// } -// } -// } -// } -// } -// -// // TODO! if it's me and my keys has changed... I have to reset trust for everyone! -// // i have all the new trusts, update DB -// // trusts.forEach { -// // val verified = it.value?.isVerified() == true -// // updateCrossSigningKeysTrust(cryptoRealm, it.key, verified) -// // } -// -// // Ok so now we have to check device trust for all these users.. -// Timber.v("## CrossSigning - Updating devices cross trust users: ${trusts.keys.logLimit()}") -// trusts.keys.forEach { userId -> -// val devicesEntities = olmMachineProvider.olmMachine.getUserDevices(userId) -// // cryptoRealm.where() -// // .equalTo(UserEntityFields.USER_ID, userId) -// // .findFirst() -// // ?.devices -// -// val trustMap = devicesEntities.associateWith { device -> -// // val cryptoDevice = device.toCryptoDeviceInfo() -// // get up to date from DB has could have been updated -// // val otherInfo = getCrossSigningInfo(cryptoRealm, userId) -// // val deviceId = device.i deviceId ?: "" -// // val device = olmMachineProvider.olmMachine.getDevice(userId, deviceId) -// // if (device != null) { -// // TODO i don't quite understand the semantics here and there are no docs for -// // DeviceTrustResult, what do the different result types mean exactly, -// // do you return success only if the Device is cross signing verified? -// // what about the local trust if it isn't? why is the local trust passed as an argument here? -// DeviceTrustResult.Success(runBlocking { device.trustLevel() }) -// // } else { -// // DeviceTrustResult.UnknownDevice(deviceId) -// // } -// // crossSigningService.checkDeviceTrust(myCrossSigningInfo, otherInfo, CryptoMapper.mapToModel(device)) -// } -// -// // Update trust if needed -// // devicesEntities?.forEach { device -> -// // val crossSignedVerified = trustMap?.get(device)?.isCrossSignedVerified() -// // Timber.d("## CrossSigning - Trust for ${device.userId}|${device.deviceId} : cross verified: ${trustMap?.get(device)}") -// // if (device.trustLevelEntity?.crossSignedVerified != crossSignedVerified) { -// // Timber.d("## CrossSigning - Trust change detected for ${device.userId}|${device.deviceId} : cross verified: $crossSignedVerified") -// // // need to save -// // val trustEntity = device.trustLevelEntity -// // if (trustEntity == null) { -// // device.trustLevelEntity = cryptoRealm.createObject(TrustLevelEntity::class.java).also { -// // it.locallyVerified = false -// // it.crossSignedVerified = crossSignedVerified -// // } -// // } else { -// // trustEntity.crossSignedVerified = crossSignedVerified -// // } -// // } -// // } -// } -// } -// -// // So Cross Signing keys trust is updated, device trust is updated -// // We can now update room shields? in the session DB? -// updateTrustStep2(userList, myCrossSigningInfo) -// } -// -// private suspend fun updateTrustStep2(userList: List, myCrossSigningInfo: MXCrossSigningInfo?) { -// Timber.d("## CrossSigning - Updating shields for impacted rooms...") -// awaitTransaction(sessionRealmConfiguration) { sessionRealm -> -// Realm.getInstance(cryptoRealmConfiguration).use { cryptoRealm -> -// sessionRealm.where(RoomMemberSummaryEntity::class.java) -// .`in`(RoomMemberSummaryEntityFields.USER_ID, userList.toTypedArray()) -// .distinct(RoomMemberSummaryEntityFields.ROOM_ID) -// .findAll() -// .map { it.roomId } -// .also { Timber.d("## CrossSigning - ... impacted rooms ${it.logLimit()}") } -// .forEach { roomId -> -// RoomSummaryEntity.where(sessionRealm, roomId) -// .equalTo(RoomSummaryEntityFields.IS_ENCRYPTED, true) -// .findFirst() -// ?.let { roomSummary -> -// Timber.d("## CrossSigning - Check shield state for room $roomId") -// val allActiveRoomMembers = RoomMemberHelper(sessionRealm, roomId).getActiveRoomMemberIds() -// try { -// val updatedTrust = computeRoomShield( -// myCrossSigningInfo, -// cryptoRealm, -// allActiveRoomMembers, -// roomSummary -// ) -// if (roomSummary.roomEncryptionTrustLevel != updatedTrust) { -// Timber.d("## CrossSigning - Shield change detected for $roomId -> $updatedTrust") -// roomSummary.roomEncryptionTrustLevel = updatedTrust -// } -// } catch (failure: Throwable) { -// Timber.e(failure) -// } -// } -// } -// } -// } -// } -// -// private suspend fun getCrossSigningInfo(cryptoRealm: Realm, userId: String): MXCrossSigningInfo? { -// return olmMachineProvider.olmMachine.getIdentity(userId)?.toMxCrossSigningInfo() -// // cryptoRealm.where(CrossSigningInfoEntity::class.java) -// // .equalTo(CrossSigningInfoEntityFields.USER_ID, userId) -// // .findFirst() -// // ?.let { mapCrossSigningInfoEntity(it) } -// } -// -// private fun cleanup(params: Params) { -// params.filename -// ?.let { updateTrustWorkerDataRepository.delete(it) } -// } -// -// private fun updateCrossSigningKeysTrust(cryptoRealm: Realm, userId: String, verified: Boolean) { -// cryptoRealm.where(CrossSigningInfoEntity::class.java) -// .equalTo(CrossSigningInfoEntityFields.USER_ID, userId) -// .findFirst() -// ?.crossSigningKeys -// ?.forEach { info -> -// // optimization to avoid trigger updates when there is no change.. -// if (info.trustLevelEntity?.isVerified() != verified) { -// Timber.d("## CrossSigning - Trust change for $userId : $verified") -// val level = info.trustLevelEntity -// if (level == null) { -// info.trustLevelEntity = cryptoRealm.createObject(TrustLevelEntity::class.java).also { -// it.locallyVerified = verified -// it.crossSignedVerified = verified -// } -// } else { -// level.locallyVerified = verified -// level.crossSignedVerified = verified -// } -// } -// } -// } -// -// private suspend fun computeRoomShield(myCrossSigningInfo: MXCrossSigningInfo?, -// cryptoRealm: Realm, -// activeMemberUserIds: List, -// roomSummaryEntity: RoomSummaryEntity): RoomEncryptionTrustLevel { -// Timber.d("## CrossSigning - computeRoomShield ${roomSummaryEntity.roomId} -> ${activeMemberUserIds.logLimit()}") -// // The set of “all users” depends on the type of room: -// // For regular / topic rooms which have more than 2 members (including yourself) are considered when decorating a room -// // For 1:1 and group DM rooms, all other users (i.e. excluding yourself) are considered when decorating a room -// val listToCheck = if (roomSummaryEntity.isDirect || activeMemberUserIds.size <= 2) { -// activeMemberUserIds.filter { it != myUserId } -// } else { -// activeMemberUserIds -// } -// -// val allTrustedUserIds = listToCheck -// .filter { userId -> -// getCrossSigningInfo(cryptoRealm, userId)?.isTrusted() == true -// } -// Timber.d("## CrossSigning - allTrustedIds ${allTrustedUserIds}") -// -// return if (allTrustedUserIds.isEmpty()) { -// RoomEncryptionTrustLevel.Default -// } else { -// // If one of the verified user as an untrusted device -> warning -// // If all devices of all verified users are trusted -> green -// // else -> black -// allTrustedUserIds -// .mapNotNull { userId -> -// // cryptoRealm.where() -// // .equalTo(UserEntityFields.USER_ID, userId) -// // .findFirst() -// // ?.devices -// // ?.map { CryptoMapper.mapToModel(it) } -// olmMachineProvider.olmMachine.getUserDevices(userId) -// } -// .flatten() -// .let { allDevices -> -// Timber.v("## CrossSigning - computeRoomShield ${roomSummaryEntity.roomId} devices ${allDevices.map { "${it.toCryptoDeviceInfo().deviceId} trust ${it.toCryptoDeviceInfo().trustLevel}" }.logLimit()}") -// -// if (myCrossSigningInfo != null) { -// allDevices.any { !it.toCryptoDeviceInfo().trustLevel?.crossSigningVerified.orFalse() } -// } else { -// // Legacy method -// allDevices.any { !it.toCryptoDeviceInfo().isVerified } -// } -// } -// .let { hasWarning -> -// if (hasWarning) { -// RoomEncryptionTrustLevel.Warning -// } else { -// if (listToCheck.size == allTrustedUserIds.size) { -// // all users are trusted and all devices are verified -// RoomEncryptionTrustLevel.Trusted -// } else { -// RoomEncryptionTrustLevel.Default -// } -// } -// } -// } -// } -// -// private fun mapCrossSigningInfoEntity(xsignInfo: CrossSigningInfoEntity): MXCrossSigningInfo { -// val userId = xsignInfo.userId ?: "" -// return MXCrossSigningInfo( -// userId = userId, -// crossSigningKeys = xsignInfo.crossSigningKeys.mapNotNull { -// crossSigningKeysMapper.map(userId, it) -// } -// ) -// } -// -// override fun buildErrorParams(params: Params, message: String): Params { -// return params.copy(lastFailureMessage = params.lastFailureMessage ?: message) -// } -// } diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/keysbackup/RustKeyBackupService.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/keysbackup/RustKeyBackupService.kt index 35b7711027..4134c0e8aa 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/keysbackup/RustKeyBackupService.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/keysbackup/RustKeyBackupService.kt @@ -1,5 +1,5 @@ /* - * Copyright 2020 The Matrix.org Foundation C.I.C. + * Copyright 2021 The Matrix.org Foundation C.I.C. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/UpdateDispatcher.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/UpdateDispatcher.kt index 0b2e1673ec..ada206caea 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/UpdateDispatcher.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/UpdateDispatcher.kt @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021 New Vector Ltd + * Copyright 2021 The Matrix.org Foundation C.I.C. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License.