mirror of
https://github.com/matrix-org/dendrite.git
synced 2025-12-28 17:23:09 -06:00
Actually we can't guarantee we can do that so nevermind
This commit is contained in:
Neil Alexander
parent
dc81ec3a46
commit
8fd501e2f6
|
|
@ -188,71 +188,10 @@ func (a *KeyInternalAPI) PerformUploadDeviceKeys(ctx context.Context, req *api.P
|
|||
|
||||
switch purpose {
|
||||
case gomatrixserverlib.CrossSigningKeyPurposeMaster:
|
||||
// The master key should be signed by the device key that uploaded it.
|
||||
// Does the device key exist?
|
||||
var signaturesFound []string
|
||||
for userID, forUser := range req.MasterKey.Signatures {
|
||||
if userID != req.UserID {
|
||||
// Ignore signatures that didn't come from this user. We only
|
||||
// care if the user signed their own master key.
|
||||
continue
|
||||
}
|
||||
for keyID := range forUser {
|
||||
signaturesFound = append(signaturesFound, string(keyID))
|
||||
}
|
||||
}
|
||||
|
||||
// If there is a signature from another of the user's key, let's find those keys.
|
||||
if len(signaturesFound) > 0 {
|
||||
localKeys, err := a.DB.DeviceKeysForUser(ctx, req.UserID, signaturesFound)
|
||||
if err != nil {
|
||||
res.Error = &api.KeyError{
|
||||
Err: fmt.Sprintf("Failed to retrieve user device keys: %s", err.Error()),
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
// Look through the keys we were given and unmarshal them.
|
||||
allDeviceKeys := map[string]map[gomatrixserverlib.KeyID]gomatrixserverlib.Base64Bytes{}
|
||||
for _, localKey := range localKeys {
|
||||
var deviceKeys gomatrixserverlib.DeviceKeys
|
||||
if err := json.Unmarshal(localKey.KeyJSON, &deviceKeys); err != nil {
|
||||
res.Error = &api.KeyError{
|
||||
Err: fmt.Sprintf("Failed to unmarshal user device keys: %s", err.Error()),
|
||||
}
|
||||
return
|
||||
}
|
||||
allDeviceKeys[localKey.UserID] = deviceKeys.Keys
|
||||
}
|
||||
|
||||
// For each signature we have, see if we can verify the signature.
|
||||
for userID, forUser := range req.MasterKey.Signatures {
|
||||
userKeys, ok := allDeviceKeys[userID]
|
||||
if !ok {
|
||||
res.Error = &api.KeyError{
|
||||
Err: fmt.Sprintf("No keys were found for user %q", userID),
|
||||
}
|
||||
return
|
||||
}
|
||||
for keyID := range forUser {
|
||||
key, ok := userKeys[keyID]
|
||||
if !ok {
|
||||
res.Error = &api.KeyError{
|
||||
Err: fmt.Sprintf("No keys were found for user %q with key ID %q", userID, keyID),
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
if err := gomatrixserverlib.VerifyJSON(userID, keyID, ed25519.PublicKey(key), keyJSON); err != nil {
|
||||
res.Error = &api.KeyError{
|
||||
Err: fmt.Sprintf("The master key failed signature verification: %s", err.Error()),
|
||||
IsInvalidSignature: true,
|
||||
}
|
||||
return
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
// The master key might have a signature attached to it from the
|
||||
// previous key, or from a device key, but there's no real need
|
||||
// to verify it. Clients will perform key checks when the master
|
||||
// key changes.
|
||||
|
||||
default:
|
||||
// Sub-keys should be signed by the master key.
|
||||
|
|
|
|||
Loading…
Reference in a new issue