Don't return if MSK is not trusted

This commit is contained in:
RMidhunSuresh 2023-06-11 20:35:39 +05:30
parent fbc31e6fbe
commit 696b4a243f
2 changed files with 10 additions and 8 deletions

View File

@ -614,13 +614,8 @@ export class Session {
e2eeAccount: this._e2eeAccount, e2eeAccount: this._e2eeAccount,
deviceId: this.deviceId, deviceId: this.deviceId,
}); });
await crossSigning.load(log);
this._crossSigning.set(crossSigning); this._crossSigning.set(crossSigning);
// if (await crossSigning.load(log)) {
// this._crossSigning.set(crossSigning);
// }
// else {
// crossSigning.dispose();
// }
}); });
} }
await this._keyBackup.get()?.start(log); await this._keyBackup.get()?.start(log);

View File

@ -277,10 +277,17 @@ export class CrossSigning {
async signDevice(verification: IVerificationMethod, log: ILogItem): Promise<DeviceKey | undefined> { async signDevice(verification: IVerificationMethod, log: ILogItem): Promise<DeviceKey | undefined> {
return log.wrap("CrossSigning.signDevice", async log => { return log.wrap("CrossSigning.signDevice", async log => {
if (!this._isMasterKeyTrusted) { if (!this._isMasterKeyTrusted) {
/**
* If we're the unverified device that is participating in
* the verification process, it is expected that we do not
* have access to the private part of MSK and thus
* cannot determine if the MSK is trusted. In this case, we
* do not need to sign anything because the other (verified)
* device will sign our device key with the SSK.
*/
log.set("mskNotTrusted", true); log.set("mskNotTrusted", true);
return;
} }
const shouldSign = await verification.verify(); const shouldSign = await verification.verify() && this._isMasterKeyTrusted;
log.set("shouldSign", shouldSign); log.set("shouldSign", shouldSign);
if (!shouldSign) { if (!shouldSign) {
return; return;