Merge pull request #5092 from matrix-org/jryans/defer-cross-signing-setup

Share and debug master cross-signing key

src/CrossSigningManager.js

@@ -129,27 +129,21 @@ const onSecretRequested = async function({
         console.log(`CrossSigningManager: Ignoring request from untrusted device ${deviceId}`);
         return;
     }
-    if (name.startsWith("m.cross_signing")) {
+    if (
+        name === "m.cross_signing.master" ||
+        name === "m.cross_signing.self_signing" ||
+        name === "m.cross_signing.user_signing"
+    ) {
         const callbacks = client.getCrossSigningCacheCallbacks();
         if (!callbacks.getCrossSigningKeyCache) return;
-        /* Explicit enumeration here is deliberate – never share the master key! */
-        if (name === "m.cross_signing.self_signing") {
-            const key = await callbacks.getCrossSigningKeyCache("self_signing");
-            if (!key) {
-                console.log(
-                    `self_signing requested by ${deviceId}, but not found in cache`,
-                );
-            }
-            return key && encodeBase64(key);
-        } else if (name === "m.cross_signing.user_signing") {
-            const key = await callbacks.getCrossSigningKeyCache("user_signing");
-            if (!key) {
-                console.log(
-                    `user_signing requested by ${deviceId}, but not found in cache`,
-                );
-            }
-            return key && encodeBase64(key);
+        const keyId = name.replace("m.cross_signing.", "");
+        const key = await callbacks.getCrossSigningKeyCache(keyId);
+        if (!key) {
+            console.log(
+                `${keyId} requested by ${deviceId}, but not found in cache`,
+            );
         }
+        return key && encodeBase64(key);
     } else if (name === "m.megolm_backup.v1") {
         const key = await client._crypto.getSessionBackupPrivateKey();
         if (!key) {

src/components/views/settings/CrossSigningPanel.js

@@ -32,6 +32,7 @@ export default class CrossSigningPanel extends React.PureComponent {
             error: null,
             crossSigningPublicKeysOnDevice: false,
             crossSigningPrivateKeysInStorage: false,
+            masterPrivateKeyCached: false,
             selfSigningPrivateKeyCached: false,
             userSigningPrivateKeyCached: false,
             sessionBackupKeyCached: false,
@@ -78,6 +79,7 @@ export default class CrossSigningPanel extends React.PureComponent {
         const secretStorage = cli._crypto._secretStorage;
         const crossSigningPublicKeysOnDevice = crossSigning.getId();
         const crossSigningPrivateKeysInStorage = await crossSigning.isStoredInSecretStorage(secretStorage);
+        const masterPrivateKeyCached = !!(pkCache && await pkCache.getCrossSigningKeyCache("master"));
         const selfSigningPrivateKeyCached = !!(pkCache && await pkCache.getCrossSigningKeyCache("self_signing"));
         const userSigningPrivateKeyCached = !!(pkCache && await pkCache.getCrossSigningKeyCache("user_signing"));
         const sessionBackupKeyFromCache = await cli._crypto.getSessionBackupPrivateKey();
@@ -91,6 +93,7 @@ export default class CrossSigningPanel extends React.PureComponent {
         this.setState({
             crossSigningPublicKeysOnDevice,
             crossSigningPrivateKeysInStorage,
+            masterPrivateKeyCached,
             selfSigningPrivateKeyCached,
             userSigningPrivateKeyCached,
             sessionBackupKeyCached,
@@ -140,6 +143,7 @@ export default class CrossSigningPanel extends React.PureComponent {
             error,
             crossSigningPublicKeysOnDevice,
             crossSigningPrivateKeysInStorage,
+            masterPrivateKeyCached,
             selfSigningPrivateKeyCached,
             userSigningPrivateKeyCached,
             sessionBackupKeyCached,
@@ -235,6 +239,10 @@ export default class CrossSigningPanel extends React.PureComponent {
                             <td>{_t("Cross-signing private keys:")}</td>
                             <td>{crossSigningPrivateKeysInStorage ? _t("in secret storage") : _t("not found")}</td>
                         </tr>
+                        <tr>
+                            <td>{_t("Master private key:")}</td>
+                            <td>{masterPrivateKeyCached ? _t("cached locally") : _t("not found locally")}</td>
+                        </tr>
                         <tr>
                             <td>{_t("Self signing private key:")}</td>
                             <td>{selfSigningPrivateKeyCached ? _t("cached locally") : _t("not found locally")}</td>

src/i18n/strings/en_EN.json

@@ -653,9 +653,10 @@
     "not found": "not found",
     "Cross-signing private keys:": "Cross-signing private keys:",
     "in secret storage": "in secret storage",
-    "Self signing private key:": "Self signing private key:",
+    "Master private key:": "Master private key:",
     "cached locally": "cached locally",
     "not found locally": "not found locally",
+    "Self signing private key:": "Self signing private key:",
     "User signing private key:": "User signing private key:",
     "Session backup key:": "Session backup key:",
     "Secret storage public key:": "Secret storage public key:",

src/rageshake/submit-rageshake.ts

@@ -122,6 +122,8 @@ export default async function sendBugReport(bugReportEndpoint: string, opts: IOp
             body.append("ssss_key_in_account", String(!!(await secretStorage.hasKey())));
 
             const pkCache = client.getCrossSigningCacheCallbacks();
+            body.append("master_pk_cached",
+                String(!!(pkCache && await pkCache.getCrossSigningKeyCache("master"))));
             body.append("self_signing_pk_cached",
                 String(!!(pkCache && await pkCache.getCrossSigningKeyCache("self_signing"))));
             body.append("user_signing_pk_cached",