Skip to content

Commit

Permalink
Sign key backup with cross-signing key on upgrade
Browse files Browse the repository at this point in the history
Add a signature from the cross-signing master key to the key
backup when upgrading the key backup into cross-signing.

For element-hq/element-web#11747
  • Loading branch information
dbkr committed Jan 9, 2020
1 parent efadf37 commit 0448a7e
Showing 1 changed file with 20 additions and 0 deletions.
20 changes: 20 additions & 0 deletions src/crypto/index.js
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ import ReEmitter from '../ReEmitter';

import logger from '../logger';
const utils = require("../utils");
const httpApi = require("../http-api");
const OlmDevice = require("./OlmDevice");
const olmlib = require("./olmlib");
const algorithms = require("./algorithms");
Expand Down Expand Up @@ -418,6 +419,25 @@ Crypto.prototype.bootstrapSecretStorage = async function({
// Add an entry for the backup key in SSSS as a 'passthrough' key
// (ie. the secret is the key itself).
this._secretStorage.storePassthrough('m.megolm_backup.v1', newKeyId);

// if this key backup is trusted, sign it with the cross signing key
// so the key backup can be trusted via cross-signing.
const backupSigStatus = await this.checkKeyBackup(keyBackupInfo);
if (backupSigStatus.trustInfo.usable) {
console.log("Adding cross signing signature to key backup");
await this._crossSigningInfo.signObject(
keyBackupInfo.auth_data, "master",
);
await this._baseApis._http.authedRequest(
undefined, "PUT", "/room_keys/version/" + keyBackupInfo.version,
undefined, keyBackupInfo,
{prefix: httpApi.PREFIX_UNSTABLE},
);
} else {
console.log(
"Key backup is NOT TRUSTED: NOT adding cross signing signature",
);
}
} else {
logger.log("Secret storage default key not found, creating new key");
const keyOptions = await createSecretStorageKey();
Expand Down

0 comments on commit 0448a7e

Please sign in to comment.