mirrors/dendrite
1
0
Fork 0
mirror of https://github.com/matrix-org/dendrite.git synced 2025-12-29 01:33:10 -06:00
Code Issues Packages Projects Releases Wiki Activity

Match by key IDs

Browse source
This commit is contained in:
Neil Alexander 2021-08-06 14:34:30 +01:00
parent 98d5aac9c9
commit c180fea5db
No known key found for this signature in database
GPG key ID: A02A2019A2BB0944
1 changed files with 27 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
keyserver/internal/cross_signing.go
View file

@ -418,48 +418,49 @@ func (a *KeyInternalAPI) processOtherSignatures(
// * A user signing someone else's master keys using their user-signing keys // * A user signing someone else's master keys using their user-signing keys
for targetUserID, forTargetUserID := range signatures { for targetUserID, forTargetUserID := range signatures {
for targetKeyID, signature := range forTargetUserID { for _, signature := range forTargetUserID {
switch sig := signature.CrossSigningBody.(type) { switch sig := signature.CrossSigningBody.(type) {
case *gomatrixserverlib.CrossSigningKey: case *gomatrixserverlib.CrossSigningKey:
// Find the target master key. // Find the local copy of the master key. We'll use this to be
// sure that the supplied stanza matches the key that we think it
// should be.
masterKey, ok := queryRes.MasterKeys[targetUserID] masterKey, ok := queryRes.MasterKeys[targetUserID]
if !ok { if !ok {
return fmt.Errorf("failed to find master key for user %q", targetUserID) return fmt.Errorf("failed to find master key for user %q", targetUserID)
} }
// For each key ID, write the signatures. Maybe there'll be more
// than one algorithm in the future so it's best not to focus on
// everything being ed25519:.
var targetKeyID gomatrixserverlib.KeyID
for keyID, suppliedKeyData := range sig.Keys {
targetKeyID = keyID
// The master key will be supplied in the request, but we should // The master key will be supplied in the request, but we should
// make sure that it matches what we think the master key should // make sure that it matches what we think the master key should
// actually be. // actually be.
for keyID, suppliedKeyData := range sig.Keys {
localKeyData, lok := masterKey.Keys[keyID] localKeyData, lok := masterKey.Keys[keyID]
if !lok { if !lok {
return fmt.Errorf("uploaded master key for user %q doesn't match local copy", targetUserID) return fmt.Errorf("uploaded master key for user %q doesn't match local copy", targetUserID)
} else { } else if !bytes.Equal(suppliedKeyData, localKeyData) {
if !bytes.Equal(suppliedKeyData, localKeyData) {
return fmt.Errorf("uploaded master key for user %q doesn't match local copy", targetUserID) return fmt.Errorf("uploaded master key for user %q doesn't match local copy", targetUserID)
} }
}
}
// We only care about the signatures from the uploading user, so // We only care about the signatures from the uploading user, so
// we will ignore anything that didn't originate from them. // we will ignore anything that didn't originate from them.
sigs, ok := sig.Signatures[userID] userSigs, ok := sig.Signatures[userID]
if !ok { if !ok {
return fmt.Errorf("there are no signatures from uploading user %q", userID) return fmt.Errorf("there are no signatures from uploading user %q", userID)
} }
// If the key ID is naked then we should add a scheme to it. for originKeyID, originSig := range userSigs {
if !strings.HasPrefix(string(targetKeyID), "ed25519:") {
targetKeyID = "ed25519:" + targetKeyID
}
for originKeyID, originSig := range sigs {
if err := a.DB.StoreCrossSigningSigsForTarget( if err := a.DB.StoreCrossSigningSigsForTarget(
ctx, userID, originKeyID, targetUserID, targetKeyID, originSig, ctx, userID, originKeyID, targetUserID, targetKeyID, originSig,
); err != nil { ); err != nil {
return fmt.Errorf("a.DB.StoreCrossSigningKeysForTarget: %w", err) return fmt.Errorf("a.DB.StoreCrossSigningKeysForTarget: %w", err)
} }
} }
}
default: default:
// Users shouldn't be signing anything other people's devices, // Users shouldn't be signing anything other people's devices,