mirrors/dendrite
1
0
Fork 0
mirror of https://github.com/matrix-org/dendrite.git synced 2025-12-29 01:33:10 -06:00
Code Issues Packages Projects Releases Wiki Activity

Match by key IDs

Browse source
This commit is contained in:
Neil Alexander 2021-08-06 14:34:30 +01:00
parent 98d5aac9c9
commit c180fea5db
No known key found for this signature in database
GPG key ID: A02A2019A2BB0944
1 changed files with 27 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

53
keyserver/internal/cross_signing.go
View file

@ -418,46 +418,47 @@ func (a *KeyInternalAPI) processOtherSignatures(
// * A user signing someone else's master keys using their user-signing keys // * A user signing someone else's master keys using their user-signing keys
for targetUserID, forTargetUserID := range signatures { for targetUserID, forTargetUserID := range signatures {
for targetKeyID, signature := range forTargetUserID { for _, signature := range forTargetUserID {
switch sig := signature.CrossSigningBody.(type) { switch sig := signature.CrossSigningBody.(type) {
case *gomatrixserverlib.CrossSigningKey: case *gomatrixserverlib.CrossSigningKey:
// Find the target master key. // Find the local copy of the master key. We'll use this to be
// sure that the supplied stanza matches the key that we think it
// should be.
masterKey, ok := queryRes.MasterKeys[targetUserID] masterKey, ok := queryRes.MasterKeys[targetUserID]
if !ok { if !ok {
return fmt.Errorf("failed to find master key for user %q", targetUserID) return fmt.Errorf("failed to find master key for user %q", targetUserID)
} }
// The master key will be supplied in the request, but we should // For each key ID, write the signatures. Maybe there'll be more
// make sure that it matches what we think the master key should // than one algorithm in the future so it's best not to focus on
// actually be. // everything being ed25519:.
var targetKeyID gomatrixserverlib.KeyID
for keyID, suppliedKeyData := range sig.Keys { for keyID, suppliedKeyData := range sig.Keys {
targetKeyID = keyID
// The master key will be supplied in the request, but we should
// make sure that it matches what we think the master key should
// actually be.
localKeyData, lok := masterKey.Keys[keyID] localKeyData, lok := masterKey.Keys[keyID]
if !lok { if !lok {
return fmt.Errorf("uploaded master key for user %q doesn't match local copy", targetUserID) return fmt.Errorf("uploaded master key for user %q doesn't match local copy", targetUserID)
} else { } else if !bytes.Equal(suppliedKeyData, localKeyData) {
if !bytes.Equal(suppliedKeyData, localKeyData) { return fmt.Errorf("uploaded master key for user %q doesn't match local copy", targetUserID)
return fmt.Errorf("uploaded master key for user %q doesn't match local copy", targetUserID)
}
} }
}
// We only care about the signatures from the uploading user, so // We only care about the signatures from the uploading user, so
// we will ignore anything that didn't originate from them. // we will ignore anything that didn't originate from them.
sigs, ok := sig.Signatures[userID] userSigs, ok := sig.Signatures[userID]
if !ok { if !ok {
return fmt.Errorf("there are no signatures from uploading user %q", userID) return fmt.Errorf("there are no signatures from uploading user %q", userID)
} }
// If the key ID is naked then we should add a scheme to it. for originKeyID, originSig := range userSigs {
if !strings.HasPrefix(string(targetKeyID), "ed25519:") { if err := a.DB.StoreCrossSigningSigsForTarget(
targetKeyID = "ed25519:" + targetKeyID ctx, userID, originKeyID, targetUserID, targetKeyID, originSig,
} ); err != nil {
return fmt.Errorf("a.DB.StoreCrossSigningKeysForTarget: %w", err)
for originKeyID, originSig := range sigs { }
if err := a.DB.StoreCrossSigningSigsForTarget(
ctx, userID, originKeyID, targetUserID, targetKeyID, originSig,
); err != nil {
return fmt.Errorf("a.DB.StoreCrossSigningKeysForTarget: %w", err)
} }
} }