From 9413f5b8e5f7aecc92fe009829838f8443a612de Mon Sep 17 00:00:00 2001
From: Nicolas Werner <nicolas.werner@hotmail.de>
Date: Thu, 17 Dec 2020 02:34:32 +0100
Subject: [PATCH] Upload cross-signing signatures after verification

---
 src/DeviceVerificationFlow.cpp | 59 ++++++++++++++++++++++++++++++++--
 1 file changed, 57 insertions(+), 2 deletions(-)

diff --git a/src/DeviceVerificationFlow.cpp b/src/DeviceVerificationFlow.cpp
index 509fce8c..1ffb8b3e 100644
--- a/src/DeviceVerificationFlow.cpp
+++ b/src/DeviceVerificationFlow.cpp
@@ -275,11 +275,66 @@ DeviceVerificationFlow::DeviceVerificationFlow(QObject *,
                                                   req.signatures[utils::localUser().toStdString()]
                                                                 [master_key.keys.at(mac.first)] =
                                                     master_key;
+                                          } else if (mac.first ==
+                                                     "ed25519:" + this->deviceId.toStdString()) {
+                                                  // Sign their device key with self signing key
+
+                                                  auto device_id = this->deviceId.toStdString();
+
+                                                  if (their_keys.device_keys.count(device_id)) {
+                                                          json j =
+                                                            their_keys.device_keys.at(device_id);
+                                                          j.erase("signatures");
+                                                          j.erase("unsigned");
+
+                                                          auto secret = cache::secret(
+                                                            mtx::secret_storage::secrets::
+                                                              cross_signing_self_signing);
+                                                          if (!secret)
+                                                                  continue;
+                                                          auto ssk =
+                                                            mtx::crypto::PkSigning::from_seed(
+                                                              *secret);
+
+                                                          mtx::crypto::DeviceKeys dev = j;
+                                                          dev.signatures
+                                                            [utils::localUser().toStdString()]
+                                                            ["ed25519:" + ssk.public_key()] =
+                                                            ssk.sign(j.dump());
+
+                                                          req.signatures[utils::localUser()
+                                                                           .toStdString()]
+                                                                        [device_id] = dev;
+                                                  }
                                           }
                                   }
-                                  // TODO(Nico): Sign their device key with self signing key
                           } else {
-                                  // TODO(Nico): Sign their master key with user signing key
+                                  // Sign their master key with user signing key
+                                  for (const auto &mac : msg.mac) {
+                                          if (their_keys.master_keys.keys.count(mac.first)) {
+                                                  json j = their_keys.master_keys;
+                                                  j.erase("signatures");
+                                                  j.erase("unsigned");
+
+                                                  auto secret =
+                                                    cache::secret(mtx::secret_storage::secrets::
+                                                                    cross_signing_user_signing);
+                                                  if (!secret)
+                                                          continue;
+                                                  auto usk =
+                                                    mtx::crypto::PkSigning::from_seed(*secret);
+
+                                                  mtx::crypto::CrossSigningKeys master_key = j;
+                                                  master_key
+                                                    .signatures[utils::localUser().toStdString()]
+                                                               ["ed25519:" + usk.public_key()] =
+                                                    usk.sign(j.dump());
+
+                                                  req.signatures[toClient.to_string()]
+                                                                [master_key.keys.at(mac.first)] =
+                                                    master_key;
+                                          }
+                                  }
                           }
 
                           if (!req.signatures.empty()) {