From 696b4a243f8015a8bb1fcd694fd51c61abdd44c7 Mon Sep 17 00:00:00 2001 From: RMidhunSuresh Date: Sun, 11 Jun 2023 20:35:39 +0530 Subject: [PATCH] Don't return if MSK is not trusted --- src/matrix/Session.js | 7 +------ src/matrix/verification/CrossSigning.ts | 11 +++++++++-- 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/src/matrix/Session.js b/src/matrix/Session.js index a3b7d06c..9db0bd7f 100644 --- a/src/matrix/Session.js +++ b/src/matrix/Session.js @@ -614,13 +614,8 @@ export class Session { e2eeAccount: this._e2eeAccount, deviceId: this.deviceId, }); + await crossSigning.load(log); this._crossSigning.set(crossSigning); - // if (await crossSigning.load(log)) { - // this._crossSigning.set(crossSigning); - // } - // else { - // crossSigning.dispose(); - // } }); } await this._keyBackup.get()?.start(log); diff --git a/src/matrix/verification/CrossSigning.ts b/src/matrix/verification/CrossSigning.ts index 47677e94..9987db31 100644 --- a/src/matrix/verification/CrossSigning.ts +++ b/src/matrix/verification/CrossSigning.ts @@ -277,10 +277,17 @@ export class CrossSigning { async signDevice(verification: IVerificationMethod, log: ILogItem): Promise { return log.wrap("CrossSigning.signDevice", async log => { if (!this._isMasterKeyTrusted) { + /** + * If we're the unverified device that is participating in + * the verification process, it is expected that we do not + * have access to the private part of MSK and thus + * cannot determine if the MSK is trusted. In this case, we + * do not need to sign anything because the other (verified) + * device will sign our device key with the SSK. + */ log.set("mskNotTrusted", true); - return; } - const shouldSign = await verification.verify(); + const shouldSign = await verification.verify() && this._isMasterKeyTrusted; log.set("shouldSign", shouldSign); if (!shouldSign) { return;