Don't allow verifying before sharing account keys

Author: tulir

mautrix/crypto/cross_signing.py

@@ -25,6 +25,8 @@ class CrossSigningMachine(DeviceListMachine):
     _cross_signing_private_keys: CrossSigningPrivateKeys | None
 
     async def verify_with_recovery_key(self, recovery_key: str) -> None:
+        if not self.account.shared:
+            raise ValueError("Device keys must be shared before verifying with recovery key")
         key_id, key_data = await self.ssss.get_default_key_data()
         ssss_key = key_data.verify_recovery_key(key_id, recovery_key)
         seeds = await self._fetch_cross_signing_keys_from_ssss(ssss_key)
@@ -38,6 +40,8 @@ def _import_cross_signing_keys(self, seeds: CrossSigningSeeds) -> None:
     async def generate_recovery_key(
         self, passphrase: str | None = None, seeds: CrossSigningSeeds | None = None
     ) -> str:
+        if not self.account.shared:
+            raise ValueError("Device keys must be shared before generating recovery key")
         seeds = seeds or CrossSigningSeeds.generate()
         ssss_key = await self.ssss.generate_and_upload_key(passphrase)
         await self._upload_cross_signing_keys_to_ssss(ssss_key, seeds)

mautrix/crypto/device_lists.py

@@ -206,7 +206,7 @@ async def _store_cross_signing_keys(self, resp: QueryKeysResponse, user_id: User
                             signing_key = device.ed25519
                         except KeyError:
                             pass
-                    if len(signing_key) != 43:
+                    if not signing_key or len(signing_key) != 43:
                         self.log.debug(
                             f"Cross-signing key {user_id}/{actual_key} has a signature from "
                             f"an unknown key {key_id}"