fix(crypto): Check if the device we get from the server matches our own

Author: poljar

crates/matrix-sdk-crypto/src/identities/manager.rs

@@ -35,6 +35,7 @@ use crate::{
     olm::PrivateCrossSigningIdentity,
     requests::KeysQueryRequest,
     store::{Changes, DeviceChanges, IdentityChanges, Result as StoreResult, Store},
+    LocalTrust,
 };
 
 enum DeviceChange {
@@ -153,14 +154,37 @@ impl IdentityManager {
         } else {
             match ReadOnlyDevice::try_from(&device_keys) {
                 Ok(d) => {
-                    trace!(
-                        user_id = d.user_id().as_str(),
-                        device_id = d.device_id().as_str(),
-                        keys =? d.keys(),
-                        "Adding a new device to the device store",
-                    );
+                    // If this is our own device, check that the server isn't
+                    // lying about our keys, also mark the device as locally
+                    // trusted.
+                    if d.user_id() == store.user_id() && d.device_id() == store.device_id() {
+                        let local_device_keys = store.account().unsigned_device_keys();
+
+                        if d.keys() == &local_device_keys.keys {
+                            d.set_trust_state(LocalTrust::Verified);
+
+                            trace!(
+                                user_id = d.user_id().as_str(),
+                                device_id = d.device_id().as_str(),
+                                keys =? d.keys(),
+                                "Adding our own device to the device store, \
+                                marking it as locally verified",
+                            );
+
+                            Ok(DeviceChange::New(d))
+                        } else {
+                            Ok(DeviceChange::None)
+                        }
+                    } else {
+                        trace!(
+                            user_id = d.user_id().as_str(),
+                            device_id = d.device_id().as_str(),
+                            keys =? d.keys(),
+                            "Adding a new device to the device store",
+                        );
 
-                    Ok(DeviceChange::New(d))
+                        Ok(DeviceChange::New(d))
+                    }
                 }
                 Err(e) => {
                     warn!(

crates/matrix-sdk-crypto/src/store/mod.rs

@@ -247,6 +247,10 @@ impl Store {
         self.verification_machine.own_device_id()
     }
 
+    pub fn account(&self) -> &ReadOnlyAccount {
+        &self.verification_machine.store.account
+    }
+
     #[cfg(test)]
     pub async fn reset_cross_signing_identity(&self) {
         self.identity.lock().await.reset().await;

crates/matrix-sdk-crypto/src/store/sled.rs

@@ -50,7 +50,7 @@ use crate::{
 /// This needs to be 32 bytes long since AES-GCM requires it, otherwise we will
 /// panic once we try to pickle a Signing object.
 const DEFAULT_PICKLE: &str = "DEFAULT_PICKLE_PASSPHRASE_123456";
-const DATABASE_VERSION: u8 = 2;
+const DATABASE_VERSION: u8 = 3;
 
 trait EncodeKey {
     const SEPARATOR: u8 = 0xff;
@@ -322,6 +322,20 @@ impl SledStore {
             })?;
         }
 
+        if version <= 2 {
+            // We're treating our own device now differently, we're checking if
+            // the keys match to what we have locally, remove the unchecked
+            // device and mark our own user as dirty.
+            if let Some(pickle) = self.account.get("account".encode())? {
+                let pickle = serde_json::from_slice(&pickle)?;
+                let account = ReadOnlyAccount::from_pickle(pickle, self.get_pickle_mode())?;
+
+                self.devices
+                    .remove((account.user_id().as_str(), account.device_id.as_str()).encode())?;
+                self.tracked_users.insert(account.user_id().as_str(), &[true as u8])?;
+            }
+        }
+
         self.inner.insert("store_version", DATABASE_VERSION.to_be_bytes().as_ref())?;
         self.inner.flush()?;