matrix-org · bradtgmurray · Jun 7, 2022 · Jun 7, 2022 · Jul 25, 2022 · Jul 25, 2022
diff --git a/MatrixSDK/Crypto/KeyBackup/MXKeyBackup.m b/MatrixSDK/Crypto/KeyBackup/MXKeyBackup.m
@@ -1139,18 +1139,18 @@ - (MXKeyBackupVersionTrust *)trustForKeyBackupVersionFromCryptoQueue:(MXKeyBacku
     for (NSString *keyId in mySigs)
     {
         // XXX: is this how we're supposed to get the device id?
-        NSString *deviceId;
+        NSString *deviceIdOrCrossSigningKey;
         NSArray<NSString *> *components = [keyId componentsSeparatedByString:@":"];
         if (components.count == 2)
         {
-            deviceId = components[1];
+            deviceIdOrCrossSigningKey = components[1];
         }
 
-        if (deviceId)
+        if (deviceIdOrCrossSigningKey)
         {
             BOOL valid = NO;
 
-            MXDeviceInfo *device = [self->crypto.deviceList storedDevice:myUserId deviceId:deviceId];
+            MXDeviceInfo *device = [self->crypto.deviceList storedDevice:myUserId deviceId:deviceIdOrCrossSigningKey];
             if (device)
             {
                 NSError *error;
@@ -1162,27 +1162,33 @@ - (MXKeyBackupVersionTrust *)trustForKeyBackupVersionFromCryptoQueue:(MXKeyBacku
                 }
 
                 MXKeyBackupVersionTrustSignature *signature = [MXKeyBackupVersionTrustSignature new];
-                signature.deviceId = deviceId;
+                signature.deviceId = device.deviceId;
                 signature.device = device;
                 signature.valid = valid;
                 [signatures addObject:signature];
             }
-            else // Try interpreting it as the MSK public key
+            else if ([deviceIdOrCrossSigningKey isEqualToString:crypto.crossSigning.myUserCrossSigningKeys.masterKeys.keys])
             {
                 NSError *error;
-                BOOL valid = [crypto.crossSigning.crossSigningTools pkVerifyObject:authData.JSONDictionary userId:myUserId publicKey:deviceId error:&error];
+                BOOL valid = [crypto.crossSigning.crossSigningTools pkVerifyObject:authData.JSONDictionary userId:myUserId publicKey:deviceIdOrCrossSigningKey error:&error];
 
                 if (!valid)
                 {
-                    MXLogDebug(@"[MXKeyBackup] trustForKeyBackupVersion: Signature with unknown key %@", deviceId);
+                    MXLogDebug(@"[MXKeyBackup] trustForKeyBackupVersion: Signature with cross-signing master key is invalid");
                 }
                 else
                 {
-                    MXKeyBackupVersionTrustSignature *signature = [MXKeyBackupVersionTrustSignature new];
-                    signature.keys = deviceId;
-                    signature.valid = valid;
-                    [signatures addObject:signature];
+                    keyBackupVersionTrust.usable = YES;
                 }
+
+                MXKeyBackupVersionTrustSignature *signature = [MXKeyBackupVersionTrustSignature new];
+                signature.keys = deviceIdOrCrossSigningKey;
+                signature.valid = valid;
+                [signatures addObject:signature];
+            }
+            else
+            {
+                MXLogDebug(@"[MXKeyBackup] trustForKeyBackupVersion: Signature with unknown key %@", deviceIdOrCrossSigningKey);
             }
         }
     }

diff --git a/changelog.d/pr-1492.bugfix b/changelog.d/pr-1492.bugfix
@@ -0,0 +1 @@
+Accept key backups as usable if they're signed with the master cross-signing key. Contributed by Brad @ Beeper