Minor improvements to logging in device verification (#4390)

A grab-bag of small logging improvements in the Rust crypto wrapper.
matrix-org · Sep 5, 2024 · e4db600 · e4db600
1 parent 52f3540
commit e4db600
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 13 deletions.
diff --git a/src/rust-crypto/CrossSigningIdentity.ts b/src/rust-crypto/CrossSigningIdentity.ts
@@ -140,11 +140,11 @@ export class CrossSigningIdentity {
             // Update 4S before uploading cross-signing keys, to stay consistent with legacy that asks
             // 4S passphrase before asking for account password.
             // Ultimately should be made atomic and resistant to forgotten password/passphrase.
-            logger.log("resetCrossSigning: exporting to secret storage");
-
+            logger.log("resetCrossSigning: exporting private keys to secret storage");
             await this.exportCrossSigningKeysToStorage();
         }
-        logger.log("resetCrossSigning: publishing keys to server");
+
+        logger.log("resetCrossSigning: publishing public keys to server");
         for (const req of [
             outgoingRequests.uploadKeysRequest,
             outgoingRequests.uploadSigningKeysRequest,

diff --git a/src/rust-crypto/PerSessionKeyBackupDownloader.ts b/src/rust-crypto/PerSessionKeyBackupDownloader.ts
@@ -466,8 +466,6 @@ export class PerSessionKeyBackupDownloader {
             return null;
         }
 
-        const authData = currentServerVersion.auth_data as Curve25519AuthData;
-
         const backupKeys = await this.getBackupDecryptionKey();
         if (!backupKeys?.decryptionKey) {
             this.logger.debug(`Not checking key backup for session (no decryption key)`);
@@ -483,8 +481,9 @@ export class PerSessionKeyBackupDownloader {
             return null;
         }
 
+        const authData = currentServerVersion.auth_data as Curve25519AuthData;
         if (authData.public_key != backupKeys.decryptionKey.megolmV1PublicKey.publicKeyBase64) {
-            this.logger.debug(`getBackupDecryptor key mismatch error`);
+            this.logger.debug(`Key backup on server does not match our decryption key`);
             this.hasConfigurationProblem = true;
             return null;
         }

diff --git a/src/rust-crypto/rust-crypto.ts b/src/rust-crypto/rust-crypto.ts
@@ -317,20 +317,19 @@ export class RustCrypto extends TypedEventEmitter<RustCryptoEvents, RustCryptoEv
      * Implementation of {@link CryptoBackend#getBackupDecryptor}.
      */
     public async getBackupDecryptor(backupInfo: KeyBackupInfo, privKey: ArrayLike<number>): Promise<BackupDecryptor> {
-        if (backupInfo.algorithm != "m.megolm_backup.v1.curve25519-aes-sha2") {
-            throw new Error(`getBackupDecryptor Unsupported algorithm ${backupInfo.algorithm}`);
+        if (!(privKey instanceof Uint8Array)) {
+            throw new Error(`getBackupDecryptor: expects Uint8Array`);
         }
 
-        const authData = <Curve25519AuthData>backupInfo.auth_data;
-
-        if (!(privKey instanceof Uint8Array)) {
-            throw new Error(`getBackupDecryptor expects Uint8Array`);
+        if (backupInfo.algorithm != "m.megolm_backup.v1.curve25519-aes-sha2") {
+            throw new Error(`getBackupDecryptor: Unsupported algorithm ${backupInfo.algorithm}`);
         }
 
         const backupDecryptionKey = RustSdkCryptoJs.BackupDecryptionKey.fromBase64(encodeBase64(privKey));
 
+        const authData = <Curve25519AuthData>backupInfo.auth_data;
         if (authData.public_key != backupDecryptionKey.megolmV1PublicKey.publicKeyBase64) {
-            throw new Error(`getBackupDecryptor key mismatch error`);
+            throw new Error(`getBackupDecryptor: key backup on server does not match the decryption key`);
         }
 
         return this.backupManager.createBackupDecryptor(backupDecryptionKey);