mirrors/dendrite
1
0
Fork 0
mirror of https://github.com/matrix-org/dendrite.git synced 2025-12-29 01:33:10 -06:00
Code Issues Packages Projects Releases Wiki Activity

Actually we can't guarantee we can do that so nevermind

Browse source
This commit is contained in:
Neil Alexander 2021-08-05 15:06:54 +01:00
parent dc81ec3a46
commit 8fd501e2f6
No known key found for this signature in database
GPG key ID: A02A2019A2BB0944
1 changed files with 4 additions and 65 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

69
keyserver/internal/cross_signing.go
View file

@ -188,71 +188,10 @@ func (a *KeyInternalAPI) PerformUploadDeviceKeys(ctx context.Context, req *api.P
switch purpose { switch purpose {
case gomatrixserverlib.CrossSigningKeyPurposeMaster: case gomatrixserverlib.CrossSigningKeyPurposeMaster:
// The master key should be signed by the device key that uploaded it. // The master key might have a signature attached to it from the
// Does the device key exist? // previous key, or from a device key, but there's no real need
var signaturesFound []string // to verify it. Clients will perform key checks when the master
for userID, forUser := range req.MasterKey.Signatures { // key changes.
if userID != req.UserID {
// Ignore signatures that didn't come from this user. We only
// care if the user signed their own master key.
continue
}
for keyID := range forUser {
signaturesFound = append(signaturesFound, string(keyID))
}
}
// If there is a signature from another of the user's key, let's find those keys.
if len(signaturesFound) > 0 {
localKeys, err := a.DB.DeviceKeysForUser(ctx, req.UserID, signaturesFound)
if err != nil {
res.Error = &api.KeyError{
Err: fmt.Sprintf("Failed to retrieve user device keys: %s", err.Error()),
}
return
}
// Look through the keys we were given and unmarshal them.
allDeviceKeys := map[string]map[gomatrixserverlib.KeyID]gomatrixserverlib.Base64Bytes{}
for _, localKey := range localKeys {
var deviceKeys gomatrixserverlib.DeviceKeys
if err := json.Unmarshal(localKey.KeyJSON, &deviceKeys); err != nil {
res.Error = &api.KeyError{
Err: fmt.Sprintf("Failed to unmarshal user device keys: %s", err.Error()),
}
return
}
allDeviceKeys[localKey.UserID] = deviceKeys.Keys
}
// For each signature we have, see if we can verify the signature.
for userID, forUser := range req.MasterKey.Signatures {
userKeys, ok := allDeviceKeys[userID]
if !ok {
res.Error = &api.KeyError{
Err: fmt.Sprintf("No keys were found for user %q", userID),
}
return
}
for keyID := range forUser {
key, ok := userKeys[keyID]
if !ok {
res.Error = &api.KeyError{
Err: fmt.Sprintf("No keys were found for user %q with key ID %q", userID, keyID),
}
return
}
if err := gomatrixserverlib.VerifyJSON(userID, keyID, ed25519.PublicKey(key), keyJSON); err != nil {
res.Error = &api.KeyError{
Err: fmt.Sprintf("The master key failed signature verification: %s", err.Error()),
IsInvalidSignature: true,
}
return
}
}
}
}
default: default:
// Sub-keys should be signed by the master key. // Sub-keys should be signed by the master key.