crypto: refactor to remove need for Utility struct

This also removes all dependence on libolm for the functions that were provided by the Utility struct. The crypto/signatures package should be used for all signature verification operations, and for the occasional situation where a base64-encoded SHA-256 hash is required, the olm.SHA256B64 function should be used. Signed-off-by: Sumner Evans <sumner@beeper.com>
mautrix · Jan 16, 2024 · dba1c44 · dba1c44
1 parent bb9c917
commit dba1c44
Show file tree

Hide file tree

Showing 13 changed files with 122 additions and 291 deletions.
diff --git a/crypto/cross_sign_store.go b/crypto/cross_sign_store.go
@@ -11,7 +11,7 @@ import (
 	"context"
 
 	"maunium.net/go/mautrix"
-	"maunium.net/go/mautrix/crypto/olm"
+	"maunium.net/go/mautrix/crypto/signatures"
 	"maunium.net/go/mautrix/id"
 )
 
@@ -80,7 +80,7 @@ func (mach *OlmMachine) storeCrossSigningKeys(ctx context.Context, crossSigningK
 					}
 
 					log.Debug().Msg("Verifying cross-signing key signature")
-					if verified, err := olm.VerifySignatureJSON(userKeys, signUserID, signKeyName, signingKey); err != nil {
+					if verified, err := signatures.VerifySignatureJSON(userKeys, signUserID, signKeyName, signingKey); err != nil {
 						log.Warn().Err(err).Msg("Error verifying cross-signing key signature")
 					} else {
 						if verified {

diff --git a/crypto/devicelist.go b/crypto/devicelist.go
@@ -14,7 +14,7 @@ import (
 	"github.com/rs/zerolog"
 
 	"maunium.net/go/mautrix"
-	"maunium.net/go/mautrix/crypto/olm"
+	"maunium.net/go/mautrix/crypto/signatures"
 	"maunium.net/go/mautrix/id"
 )
 
@@ -52,7 +52,7 @@ func (mach *OlmMachine) storeDeviceSelfSignatures(ctx context.Context, userID id
 					} else if _, ok := selfSigs[id.NewKeyID(id.KeyAlgorithmEd25519, pubKey.String())]; !ok {
 						continue
 					}
-					if verified, err := olm.VerifySignatureJSON(deviceKeys, signerUserID, pubKey.String(), pubKey); verified {
+					if verified, err := signatures.VerifySignatureJSON(deviceKeys, signerUserID, pubKey.String(), pubKey); verified {
 						if signKey, ok := deviceKeys.Keys[id.DeviceKeyID(signerKey)]; ok {
 							signature := deviceKeys.Signatures[signerUserID][id.NewKeyID(id.KeyAlgorithmEd25519, pubKey.String())]
 							log.Trace().Err(err).
@@ -245,7 +245,7 @@ func (mach *OlmMachine) validateDevice(userID id.UserID, deviceID id.DeviceID, d
 		return existing, fmt.Errorf("%w (expected %s, got %s)", MismatchingSigningKey, existing.SigningKey, signingKey)
 	}
 
-	ok, err := olm.VerifySignatureJSON(deviceKeys, userID, deviceID.String(), signingKey)
+	ok, err := signatures.VerifySignatureJSON(deviceKeys, userID, deviceID.String(), signingKey)
 	if err != nil {
 		return existing, fmt.Errorf("failed to verify signature: %w", err)
 	} else if !ok {

diff --git a/crypto/encryptolm.go b/crypto/encryptolm.go
@@ -12,7 +12,7 @@ import (
 	"fmt"
 
 	"maunium.net/go/mautrix"
-	"maunium.net/go/mautrix/crypto/olm"
+	"maunium.net/go/mautrix/crypto/signatures"
 	"maunium.net/go/mautrix/event"
 	"maunium.net/go/mautrix/id"
 )
@@ -109,7 +109,7 @@ func (mach *OlmMachine) createOutboundSessions(ctx context.Context, input map[id
 				continue
 			}
 			identity := input[userID][deviceID]
-			if ok, err := olm.VerifySignatureJSON(oneTimeKey.RawData, userID, deviceID.String(), identity.SigningKey); err != nil {
+			if ok, err := signatures.VerifySignatureJSON(oneTimeKey.RawData, userID, deviceID.String(), identity.SigningKey); err != nil {
 				log.Error().Err(err).Msg("Failed to verify signature of one-time key")
 			} else if !ok {
 				log.Warn().Msg("One-time key has invalid signature from device")

diff --git a/crypto/goolm/account/account.go b/crypto/goolm/account/account.go
@@ -110,12 +110,13 @@ func (a Account) IdentityKeys() (id.Ed25519, id.Curve25519) {
 	return ed25519, curve25519
 }
 
-// Sign returns the signature of a message using the Ed25519 key for this Account.
+// Sign returns the base64-encoded signature of a message using the Ed25519 key
+// for this Account.
 func (a Account) Sign(message []byte) ([]byte, error) {
 	if len(message) == 0 {
 		return nil, fmt.Errorf("sign: %w", goolm.ErrEmptyInput)
 	}
-	return goolm.Base64Encode(a.IdKeys.Ed25519.Sign(message)), nil
+	return []byte(base64.RawStdEncoding.EncodeToString(a.IdKeys.Ed25519.Sign(message))), nil
 }
 
 // OneTimeKeys returns the public parts of the unpublished one time keys of the Account.

diff --git a/crypto/goolm/account/account_test.go b/crypto/goolm/account/account_test.go
@@ -2,14 +2,18 @@ package account_test
 
 import (
 	"bytes"
+	"encoding/base64"
 	"errors"
 	"testing"
 
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
 	"maunium.net/go/mautrix/id"
 
 	"maunium.net/go/mautrix/crypto/goolm"
 	"maunium.net/go/mautrix/crypto/goolm/account"
-	"maunium.net/go/mautrix/crypto/goolm/utilities"
+	"maunium.net/go/mautrix/crypto/signatures"
 )
 
 func TestAccount(t *testing.T) {
@@ -599,19 +603,14 @@ func TestOldV3AccountPickle(t *testing.T) {
 
 func TestAccountSign(t *testing.T) {
 	accountA, err := account.NewAccount(nil)
-	if err != nil {
-		t.Fatal(err)
-	}
+	require.NoError(t, err)
 	plainText := []byte("Hello, World")
-	signature, err := accountA.Sign(plainText)
-	if err != nil {
-		t.Fatal(err)
-	}
-	verified, err := utilities.VerifySignature(plainText, accountA.IdKeys.Ed25519.B64Encoded(), signature)
-	if err != nil {
-		t.Fatal(err)
-	}
-	if !verified {
-		t.Fatal("signature did not verify")
-	}
+	signatureB64, err := accountA.Sign(plainText)
+	require.NoError(t, err)
+	signature, err := base64.RawStdEncoding.DecodeString(string(signatureB64))
+	require.NoError(t, err)
+
+	verified, err := signatures.VerifySignature(plainText, accountA.IdKeys.Ed25519.B64Encoded(), signature)
+	assert.NoError(t, err)
+	assert.True(t, verified)
 }
diff --git a/crypto/goolm/utilities/main.go b/crypto/goolm/utilities/main.go
diff --git a/crypto/keybackup.go b/crypto/keybackup.go
@@ -9,6 +9,7 @@ import (
 
 	"maunium.net/go/mautrix/crypto/backup"
 	"maunium.net/go/mautrix/crypto/olm"
+	"maunium.net/go/mautrix/crypto/signatures"
 	"maunium.net/go/mautrix/id"
 )
 
@@ -36,12 +37,17 @@ func (mach *OlmMachine) DownloadAndStoreLatestKeyBackup(ctx context.Context, meg
 		return nil
 	}
 
-	keys, err := mach.Client.GetKeyBackup(ctx, versionInfo.Version)
+	ok, err := signatures.VerifySignatureJSON(versionInfo.AuthData, mach.Client.UserID, keyName, key)
 	if err != nil {
 		return err
+	} else if !ok {
+		return fmt.Errorf("failed to verify key backup signature")
 	}
 
-	// TODO do whatever key verification is needed here
+	keys, err := mach.Client.GetKeyBackup(ctx, versionInfo.Version)
+	if err != nil {
+		return err
+	}
 
 	for roomID, backup := range keys.Rooms {
 		for sessionID, keyBackupData := range backup.Sessions {

diff --git a/crypto/olm/sha256b64.go b/crypto/olm/sha256b64.go
@@ -0,0 +1,15 @@
+package olm
+
+import (
+	"crypto/sha256"
+	"encoding/base64"
+)
+
+// SHA256B64 calculates the SHA-256 hash of the input and encodes it as base64.
+func SHA256B64(input []byte) string {
+	if len(input) == 0 {
+		panic(EmptyInput)
+	}
+	hash := sha256.Sum256([]byte(input))
+	return base64.RawStdEncoding.EncodeToString(hash[:])
+}
diff --git a/crypto/olm/utility.go b/crypto/olm/utility.go