Merge pull request #3822 from matrix-org/dbkr/key_backup_resign

Don't allow upgrade from untrusted key backup.
2020-01-14 12:18:00 +00:00 · 2020-01-14 12:18:00 +00:00 · f87541a6a9
commit f87541a6a9
parent 9cedfeb007 24552f567e
2 changed files with 53 additions and 11 deletions
--- a/src/async-components/views/dialogs/secretstorage/CreateSecretStorageDialog.js
+++ b/src/async-components/views/dialogs/secretstorage/CreateSecretStorageDialog.js
@ -24,14 +24,15 @@ import { _t } from '../../../../languageHandler';
 import Modal from '../../../../Modal';

 const PHASE_LOADING = 0;
-const PHASE_MIGRATE = 1;
-const PHASE_PASSPHRASE = 2;
-const PHASE_PASSPHRASE_CONFIRM = 3;
-const PHASE_SHOWKEY = 4;
-const PHASE_KEEPITSAFE = 5;
-const PHASE_STORING = 6;
-const PHASE_DONE = 7;
-const PHASE_OPTOUT_CONFIRM = 8;
+const PHASE_RESTORE_KEY_BACKUP = 1;
+const PHASE_MIGRATE = 2;
+const PHASE_PASSPHRASE = 3;
+const PHASE_PASSPHRASE_CONFIRM = 4;
+const PHASE_SHOWKEY = 5;
+const PHASE_KEEPITSAFE = 6;
+const PHASE_STORING = 7;
+const PHASE_DONE = 8;
+const PHASE_OPTOUT_CONFIRM = 9;

 const PASSWORD_MIN_SCORE = 4; // So secure, many characters, much complex, wow, etc, etc.
 const PASSPHRASE_FEEDBACK_DELAY = 500; // How long after keystroke to offer passphrase feedback, ms.
@ -67,6 +68,8 @@ export default class CreateSecretStorageDialog extends React.PureComponent {
            downloaded: false,
            zxcvbnResult: null,
            setPassPhrase: false,
+            backupInfo: null,
+            backupSigStatus: null,
        };

        this._fetchBackupInfo();
@ -80,10 +83,16 @@ export default class CreateSecretStorageDialog extends React.PureComponent {

    async _fetchBackupInfo() {
        const backupInfo = await MatrixClientPeg.get().getKeyBackupVersion();
+        const backupSigStatus = await MatrixClientPeg.get().isKeyBackupTrusted(backupInfo);
+
+        const phase = backupInfo ?
+            (backupSigStatus.usable ? PHASE_MIGRATE : PHASE_RESTORE_KEY_BACKUP) :
+            PHASE_PASSPHRASE;

        this.setState({
-            phase: backupInfo ? PHASE_MIGRATE: PHASE_PASSPHRASE,
+            phase,
            backupInfo,
+            backupSigStatus,
        });
    }

@ -161,6 +170,14 @@ export default class CreateSecretStorageDialog extends React.PureComponent {
        this.props.onFinished(true);
    }

+    _onRestoreKeyBackupClick = () => {
+        const RestoreKeyBackupDialog = sdk.getComponent('dialogs.keybackup.RestoreKeyBackupDialog');
+        Modal.createTrackedDialog(
+            'Restore Backup', '', RestoreKeyBackupDialog, null, null,
+            /* priority = */ false, /* static = */ true,
+        );
+    }
+
    _onOptOutClick = () => {
        this.setState({phase: PHASE_OPTOUT_CONFIRM});
    }
@ -268,6 +285,23 @@ export default class CreateSecretStorageDialog extends React.PureComponent {
        return this.state.zxcvbnResult && this.state.zxcvbnResult.score >= PASSWORD_MIN_SCORE;
    }

+    _renderPhaseRestoreKeyBackup() {
+        const DialogButtons = sdk.getComponent('views.elements.DialogButtons');
+        return <div>
+            <p>{_t(
+                "Key Backup is enabled on your account but has not been set " +
+                "up from this session. To set up secret storage, " +
+                "restore your key backup.",
+            )}</p>
+            <DialogButtons primaryButton={_t('Restore')}
+                onPrimaryButtonClick={this._onRestoreKeyBackupClick}
+                onCancel={this._onCancel}
+                hasCancel={true}
+            >
+            </DialogButtons>
+        </div>;
+    }
+
    _renderPhaseMigrate() {
        // TODO: This is a temporary screen so people who have the labs flag turned on and
        // click the button are aware they're making a change to their account.
@ -277,7 +311,7 @@ export default class CreateSecretStorageDialog extends React.PureComponent {
        const DialogButtons = sdk.getComponent('views.elements.DialogButtons');
        return <div>
            <p>{_t(
-                "Secret Storage will be set up using your existing key backup details." +
+                "Secret Storage will be set up using your existing key backup details. " +
                "Your secret storage passphrase and recovery key will be the same as " +
                " they were for your key backup",
            )}</p>
@ -527,6 +561,8 @@ export default class CreateSecretStorageDialog extends React.PureComponent {

    _titleForPhase(phase) {
        switch (phase) {
+            case PHASE_RESTORE_KEY_BACKUP:
+                return _t('Restore your Key Backup');
            case PHASE_MIGRATE:
                return _t('Migrate from Key Backup');
            case PHASE_PASSPHRASE:
@ -569,6 +605,9 @@ export default class CreateSecretStorageDialog extends React.PureComponent {
                case PHASE_LOADING:
                    content = this._renderBusyPhase();
                    break;
+                case PHASE_RESTORE_KEY_BACKUP:
+                    content = this._renderPhaseRestoreKeyBackup();
+                    break;
                case PHASE_MIGRATE:
                    content = this._renderPhaseMigrate();
                    break;