Rework SignedOneTimeKey as a QJsonObject wrapper

Since this object has to be verified against a signature it also carries there's a rather specific procedure described in The Spec for that. That procedure basically assumes handling the signed one-time key object as a JSON object, not as a C++ object. And originally Quotient E2EE code was exactly like that (obtaining the right QJsonObject from the job result and handling it as specced) but then one enthusiastic developer (me) decided it's better to use a proper C++ structure - breaking the verification logic along the way. After a couple attempts to fix it, here we are again: SignedOneTimeKey is a proper QJsonObject, and even provides a method returning its JSON in the form prepared for verification (according to the spec).
author: Alexey Rusakov <Kitsune-Ral@users.sf.net> 2022-06-24 15:10:33 +0200
committer: Alexey Rusakov <Kitsune-Ral@users.sf.net> 2022-06-24 15:10:33 +0200
commit: 6ae41d68dcdb91e5ec4a3ea48a151daaa0765765 (patch)
tree: f715eba9e690e8faa7de729b82ee82d9e0b30962 /lib/connection.cpp
parent: 9f7a65b04c246de4c27b205ece778ede1ad7df7e (diff)
download: libquotient-6ae41d68dcdb91e5ec4a3ea48a151daaa0765765.tar.gz
libquotient-6ae41d68dcdb91e5ec4a3ea48a151daaa0765765.zip
1 files changed, 3 insertions, 7 deletions
diff --git a/lib/connection.cpp b/lib/connection.cpp
index 13a35684..690b3f6a 100644
--- a/lib/connection.cpp
+++ b/lib/connection.cpp
@@ -2303,14 +2303,10 @@ bool Connection::Private::createOlmSession(const QString& targetUserId,
     // Verify contents of signedOneTimeKey - for that, drop `signatures` and
     // `unsigned` and then verify the object against the respective signature
     const auto signature =
-        signedOneTimeKey
-            ->signatures[targetUserId]["ed25519:"_ls % targetDeviceId]
-            .toLatin1();
-    const auto payloadObject =
-        toJson(SignedOneTimeKey { signedOneTimeKey->key, {} });
+        signedOneTimeKey->signature(targetUserId, targetDeviceId);
     if (!verifier.ed25519Verify(
             edKeyForUserDevice(targetUserId, targetDeviceId).toLatin1(),
-            QJsonDocument(payloadObject).toJson(QJsonDocument::Compact),
+            signedOneTimeKey->toJsonForVerification(),
             signature)) {
         qWarning(E2EE) << "Failed to verify one-time-key signature for" << targetUserId
                        << targetDeviceId << ". Skipping this device.";
@@ -2320,7 +2316,7 @@ bool Connection::Private::createOlmSession(const QString& targetUserId,
         curveKeyForUserDevice(targetUserId, targetDeviceId);
     auto session =
         QOlmSession::createOutboundSession(olmAccount.get(), recipientCurveKey,
-                                           signedOneTimeKey->key);
+                                           signedOneTimeKey->key());
     if (!session) {
         qCWarning(E2EE) << "Failed to create olm session for "
                         << recipientCurveKey << session.error();
author	Alexey Rusakov <Kitsune-Ral@users.sf.net>	2022-06-24 15:10:33 +0200
committer	Alexey Rusakov <Kitsune-Ral@users.sf.net>	2022-06-24 15:10:33 +0200
commit	6ae41d68dcdb91e5ec4a3ea48a151daaa0765765 (patch)
tree	f715eba9e690e8faa7de729b82ee82d9e0b30962 /lib/connection.cpp
parent	9f7a65b04c246de4c27b205ece778ede1ad7df7e (diff)
download	libquotient-6ae41d68dcdb91e5ec4a3ea48a151daaa0765765.tar.gz libquotient-6ae41d68dcdb91e5ec4a3ea48a151daaa0765765.zip