mirrors/vector-im-hydrogen-web
1
0
Fork 0
mirror of https://github.com/vector-im/hydrogen-web.git synced 2025-02-02 07:31:38 +01:00
Code Issues Projects Releases Wiki Activity

make sure the key property doesn't leak out of the storage layer

Browse Source 
as it ends up in the value we're signing and uploading,
corrupting the signature
This commit is contained in:
Bruno Windels 2023-03-02 17:13:15 +01:00
parent a9412aa57c
commit 4dce93e5ef
1 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/matrix/storage/idb/stores/CrossSigningKeyStore.ts
View File

@ -18,7 +18,8 @@ import {MAX_UNICODE, MIN_UNICODE} from "./common";
import {Store} from "../Store";
import type {CrossSigningKey} from "../../../verification/CrossSigning";
type CrossSigningKeyEntry = CrossSigningKey & {
type CrossSigningKeyEntry = {
crossSigningKey: CrossSigningKey
key: string; // key in storage, not a crypto key
}
@ -38,14 +39,15 @@ export class CrossSigningKeyStore {
this._store = store;
}
get(userId: string, deviceId: string): Promise<CrossSigningKey | undefined> {
return this._store.get(encodeKey(userId, deviceId));
async get(userId: string, deviceId: string): Promise<CrossSigningKey | undefined> {
return (await this._store.get(encodeKey(userId, deviceId)))?.crossSigningKey;
}
set(crossSigningKey: CrossSigningKey): void {
const deviceIdentityEntry = crossSigningKey as CrossSigningKeyEntry;
deviceIdentityEntry.key = encodeKey(crossSigningKey["user_id"], crossSigningKey.usage[0]);
this._store.put(deviceIdentityEntry);
this._store.put({
key:encodeKey(crossSigningKey["user_id"], crossSigningKey.usage[0]),
crossSigningKey
});
}
remove(userId: string, usage: string): void {