mirrors/dendrite
1
0
Fork 0
mirror of https://github.com/matrix-org/dendrite.git synced 2025-12-29 01:33:10 -06:00
Code Issues Packages Projects Releases Wiki Activity

Match by key IDs

Browse source
This commit is contained in:
Neil Alexander 2021-08-06 14:34:30 +01:00
parent 98d5aac9c9
commit c180fea5db
No known key found for this signature in database
GPG key ID: A02A2019A2BB0944
1 changed files with 27 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
keyserver/internal/cross_signing.go
View file

@ -418,48 +418,49 @@ func (a *KeyInternalAPI) processOtherSignatures(
// * A user signing someone else's master keys using their user-signing keys
for targetUserID, forTargetUserID := range signatures {
for targetKeyID, signature := range forTargetUserID {
for _, signature := range forTargetUserID {
switch sig := signature.CrossSigningBody.(type) {
case *gomatrixserverlib.CrossSigningKey:
// Find the target master key.
// Find the local copy of the master key. We'll use this to be
// sure that the supplied stanza matches the key that we think it
// should be.
masterKey, ok := queryRes.MasterKeys[targetUserID]
if !ok {
return fmt.Errorf("failed to find master key for user %q", targetUserID)
}
// For each key ID, write the signatures. Maybe there'll be more
// than one algorithm in the future so it's best not to focus on
// everything being ed25519:.
var targetKeyID gomatrixserverlib.KeyID
for keyID, suppliedKeyData := range sig.Keys {
targetKeyID = keyID
// The master key will be supplied in the request, but we should
// make sure that it matches what we think the master key should
// actually be.
for keyID, suppliedKeyData := range sig.Keys {
localKeyData, lok := masterKey.Keys[keyID]
if !lok {
return fmt.Errorf("uploaded master key for user %q doesn't match local copy", targetUserID)
} else {
if !bytes.Equal(suppliedKeyData, localKeyData) {
} else if !bytes.Equal(suppliedKeyData, localKeyData) {
return fmt.Errorf("uploaded master key for user %q doesn't match local copy", targetUserID)
}
}
}
// We only care about the signatures from the uploading user, so
// we will ignore anything that didn't originate from them.
sigs, ok := sig.Signatures[userID]
userSigs, ok := sig.Signatures[userID]
if !ok {
return fmt.Errorf("there are no signatures from uploading user %q", userID)
}
// If the key ID is naked then we should add a scheme to it.
if !strings.HasPrefix(string(targetKeyID), "ed25519:") {
targetKeyID = "ed25519:" + targetKeyID
}
for originKeyID, originSig := range sigs {
for originKeyID, originSig := range userSigs {
if err := a.DB.StoreCrossSigningSigsForTarget(
ctx, userID, originKeyID, targetUserID, targetKeyID, originSig,
); err != nil {
return fmt.Errorf("a.DB.StoreCrossSigningKeysForTarget: %w", err)
}
}
}
default:
// Users shouldn't be signing anything other people's devices,