Don't return if MSK is not trusted

2024-12-22 19:14:52 +01:00 · 2023-06-11 20:35:39 +05:30 · 2023-06-11 20:35:39 +05:30 · 696b4a243f
commit 696b4a243f
parent fbc31e6fbe
2 changed files with 10 additions and 8 deletions
--- a/src/matrix/Session.js
+++ b/src/matrix/Session.js
@ -614,13 +614,8 @@ export class Session {
                    e2eeAccount: this._e2eeAccount,
                    deviceId: this.deviceId,
                });
+                await crossSigning.load(log);
                this._crossSigning.set(crossSigning);
-                // if (await crossSigning.load(log)) {
-                //     this._crossSigning.set(crossSigning);
-                // }
-                // else {
-                //     crossSigning.dispose();
-                // }
            });
        }
        await this._keyBackup.get()?.start(log);
--- a/src/matrix/verification/CrossSigning.ts
+++ b/src/matrix/verification/CrossSigning.ts
@ -277,10 +277,17 @@ export class CrossSigning {
    async signDevice(verification: IVerificationMethod, log: ILogItem): Promise<DeviceKey | undefined> {
        return log.wrap("CrossSigning.signDevice", async log => {
            if (!this._isMasterKeyTrusted) {
+                /**
+                 * If we're the unverified device that is participating in
+                 * the verification process, it is expected that we do not
+                 * have access to the private part of MSK and thus
+                 * cannot determine if the MSK is trusted. In this case, we
+                 * do not need to sign anything because the other (verified)
+                 * device will sign our device key with the SSK.
+                 */
                log.set("mskNotTrusted", true);
-                return;
            }
-            const shouldSign = await verification.verify();
+            const shouldSign = await verification.verify() && this._isMasterKeyTrusted;
            log.set("shouldSign", shouldSign);
            if (!shouldSign) {
                return;