PrivateCoffee/element-web
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 3

Cleanup tasks in SecurityManager/SetupEncryptionStore (#12764)

Browse source 
* Remove call to no-op `checkOwnCrossSigningTrust`

this is a no-op on rust crypto

* inline `SecurityManager.isCachingAllowed`

Since https://github.com/matrix-org/matrix-react-sdk/pull/4789, this has just
been an obscure way to write a test of a local variable.

* Remove unused `CreateSecretStorageOpts.getKeyBackupPassphrase` parameter

This is unused on rust crypto (cf https://github.com/matrix-org/matrix-js-sdk/pull/4313)
This commit is contained in:
Richard van der Hoff 2024-07-13 11:27:59 +01:00 committed by GitHub
parent db95f26ffa
commit 348000100a
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 6 additions and 53 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

35
src/SecurityManager.ts
View file

@ -25,7 +25,6 @@ import { MatrixClientPeg } from "./MatrixClientPeg";
import { _t } from "./languageHandler"; import { _t } from "./languageHandler";
import { isSecureBackupRequired } from "./utils/WellKnownUtils"; import { isSecureBackupRequired } from "./utils/WellKnownUtils";
import AccessSecretStorageDialog, { KeyParams } from "./components/views/dialogs/security/AccessSecretStorageDialog"; import AccessSecretStorageDialog, { KeyParams } from "./components/views/dialogs/security/AccessSecretStorageDialog";
import RestoreKeyBackupDialog from "./components/views/dialogs/security/RestoreKeyBackupDialog";
import SettingsStore from "./settings/SettingsStore"; import SettingsStore from "./settings/SettingsStore";
import { ModuleRunner } from "./modules/ModuleRunner"; import { ModuleRunner } from "./modules/ModuleRunner";
import QuestionDialog from "./components/views/dialogs/QuestionDialog"; import QuestionDialog from "./components/views/dialogs/QuestionDialog";
@ -45,10 +44,6 @@ let dehydrationCache: {
keyInfo?: SecretStorage.SecretStorageKeyDescription; keyInfo?: SecretStorage.SecretStorageKeyDescription;
} = {}; } = {};
function isCachingAllowed(): boolean {
return secretStorageBeingAccessed;
}
/** /**
* This can be used by other components to check if secret storage access is in * This can be used by other components to check if secret storage access is in
* progress, so that we can e.g. avoid intermittently showing toasts during * progress, so that we can e.g. avoid intermittently showing toasts during
@ -118,7 +113,7 @@ async function getSecretStorageKey({
} }
// Check the in-memory cache // Check the in-memory cache
if (isCachingAllowed() && secretStorageKeys[keyId]) { if (secretStorageBeingAccessed && secretStorageKeys[keyId]) {
return [keyId, secretStorageKeys[keyId]]; return [keyId, secretStorageKeys[keyId]];
} }
@ -226,7 +221,7 @@ function cacheSecretStorageKey(
keyInfo: SecretStorage.SecretStorageKeyDescription, keyInfo: SecretStorage.SecretStorageKeyDescription,
key: Uint8Array, key: Uint8Array,
): void { ): void {
if (isCachingAllowed()) { if (secretStorageBeingAccessed) {
secretStorageKeys[keyId] = key; secretStorageKeys[keyId] = key;
secretStorageKeyInfo[keyId] = keyInfo; secretStorageKeyInfo[keyId] = keyInfo;
} }
@ -278,26 +273,6 @@ export const crossSigningCallbacks: ICryptoCallbacks = {
getDehydrationKey, getDehydrationKey,
}; };
export async function promptForBackupPassphrase(): Promise<Uint8Array> {
let key!: Uint8Array;
const { finished } = Modal.createDialog(
RestoreKeyBackupDialog,
{
showSummary: false,
keyCallback: (k: Uint8Array) => (key = k),
},
undefined,
/* priority = */ false,
/* static = */ true,
);
const success = await finished;
if (!success) throw new Error("Key backup prompt cancelled");
return key;
}
/** /**
* Carry out an operation that may require multiple accesses to secret storage, caching the key. * Carry out an operation that may require multiple accesses to secret storage, caching the key.
* *
@ -313,12 +288,10 @@ export async function withSecretStorageKeyCache<T>(func: () => Promise<T>): Prom
} finally { } finally {
// Clear secret storage key cache now that work is complete // Clear secret storage key cache now that work is complete
secretStorageBeingAccessed = false; secretStorageBeingAccessed = false;
if (!isCachingAllowed()) {
secretStorageKeys = {}; secretStorageKeys = {};
secretStorageKeyInfo = {}; secretStorageKeyInfo = {};
} }
} }
}
/** /**
* This helper should be used whenever you need to access secret storage. It * This helper should be used whenever you need to access secret storage. It
@ -395,9 +368,7 @@ async function doAccessSecretStorage(func: () => Promise<void>, forceReset: bool
} }
}, },
}); });
await crypto.bootstrapSecretStorage({ await crypto.bootstrapSecretStorage({});
getKeyBackupPassphrase: promptForBackupPassphrase,
});
const keyId = Object.keys(secretStorageKeys)[0]; const keyId = Object.keys(secretStorageKeys)[0];
if (keyId && SettingsStore.getValue("feature_dehydration")) { if (keyId && SettingsStore.getValue("feature_dehydration")) {

17
src/async-components/views/dialogs/security/CreateSecretStorageDialog.tsx
View file

@ -26,7 +26,6 @@ import { BackupTrustInfo, GeneratedSecretStorageKey, KeyBackupInfo } from "matri
import { MatrixClientPeg } from "../../../../MatrixClientPeg"; import { MatrixClientPeg } from "../../../../MatrixClientPeg";
import { _t, _td } from "../../../../languageHandler"; import { _t, _td } from "../../../../languageHandler";
import Modal from "../../../../Modal"; import Modal from "../../../../Modal";
import { promptForBackupPassphrase } from "../../../../SecurityManager";
import { copyNode } from "../../../../utils/strings"; import { copyNode } from "../../../../utils/strings";
import { SSOAuthEntry } from "../../../../components/views/auth/InteractiveAuthEntryComponents"; import { SSOAuthEntry } from "../../../../components/views/auth/InteractiveAuthEntryComponents";
import PassphraseField from "../../../../components/views/auth/PassphraseField"; import PassphraseField from "../../../../components/views/auth/PassphraseField";
@ -123,7 +122,6 @@ export default class CreateSecretStorageDialog extends React.PureComponent<IProp
forceReset: false, forceReset: false,
}; };
private recoveryKey?: GeneratedSecretStorageKey; private recoveryKey?: GeneratedSecretStorageKey;
private backupKey?: Uint8Array;
private recoveryKeyNode = createRef<HTMLElement>(); private recoveryKeyNode = createRef<HTMLElement>();
private passphraseField = createRef<Field>(); private passphraseField = createRef<Field>();
@ -384,15 +382,6 @@ export default class CreateSecretStorageDialog extends React.PureComponent<IProp
createSecretStorageKey: async () => this.recoveryKey!, createSecretStorageKey: async () => this.recoveryKey!,
keyBackupInfo: this.state.backupInfo!, keyBackupInfo: this.state.backupInfo!,
setupNewKeyBackup: !this.state.backupInfo, setupNewKeyBackup: !this.state.backupInfo,
getKeyBackupPassphrase: async (): Promise<Uint8Array> => {
// We may already have the backup key if we earlier went
// through the restore backup path, so pass it along
// rather than prompting again.
if (this.backupKey) {
return this.backupKey;
}
return promptForBackupPassphrase();
},
}); });
} }
await initialiseDehydration(true); await initialiseDehydration(true);
@ -424,11 +413,7 @@ export default class CreateSecretStorageDialog extends React.PureComponent<IProp
}; };
private restoreBackup = async (): Promise<void> => { private restoreBackup = async (): Promise<void> => {
// It's possible we'll need the backup key later on for bootstrapping, const keyCallback = (k: Uint8Array): void => {};
// so let's stash it here, rather than prompting for it twice.
const keyCallback = (k: Uint8Array): void => {
this.backupKey = k;
};
const { finished } = Modal.createDialog( const { finished } = Modal.createDialog(
RestoreKeyBackupDialog, RestoreKeyBackupDialog,

2
src/stores/SetupEncryptionStore.ts
View file

@ -152,8 +152,6 @@ export class SetupEncryptionStore extends EventEmitter {
// in the background. // in the background.
await new Promise((resolve: (value?: unknown) => void, reject: (reason?: any) => void) => { await new Promise((resolve: (value?: unknown) => void, reject: (reason?: any) => void) => {
accessSecretStorage(async (): Promise<void> => { accessSecretStorage(async (): Promise<void> => {
await cli.checkOwnCrossSigningTrust();
// The remaining tasks (device dehydration and restoring // The remaining tasks (device dehydration and restoring
// key backup) may take some time due to processing many // key backup) may take some time due to processing many
// to-device messages in the case of device dehydration, or // to-device messages in the case of device dehydration, or

1
test/test-utils/test-utils.ts
View file

@ -116,7 +116,6 @@ export function createTestClient(): MatrixClient {
bootstrapCrossSigning: jest.fn(), bootstrapCrossSigning: jest.fn(),
hasSecretStorageKey: jest.fn(), hasSecretStorageKey: jest.fn(),
getKeyBackupVersion: jest.fn(), getKeyBackupVersion: jest.fn(),
checkOwnCrossSigningTrust: jest.fn(),
secretStorage: { secretStorage: {
get: jest.fn(), get: jest.fn(),