mirrors/dendrite
1
0
Fork 0
mirror of https://github.com/matrix-org/dendrite.git synced 2025-12-23 14:53:10 -06:00
Code Issues Packages Projects Releases Wiki Activity

Key ID formatting validity of old_verify_keys

Browse source
This commit is contained in:
Neil Alexander 2020-09-25 10:15:49 +01:00
parent 6b7f6c1616
commit ed2753dcf9
No known key found for this signature in database
GPG key ID: A02A2019A2BB0944
2 changed files with 12 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
internal/config/config.go
View file

@ -228,7 +228,7 @@ func loadConfig(
return nil, err return nil, err
} }
if c.Global.KeyID, c.Global.PrivateKey, err = readKeyPEM(privateKeyPath, privateKeyData); err != nil { if c.Global.KeyID, c.Global.PrivateKey, err = readKeyPEM(privateKeyPath, privateKeyData, true); err != nil {
return nil, err return nil, err
} }
@ -241,9 +241,15 @@ func loadConfig(
return nil, err return nil, err
} }
if c.Global.OldVerifyKeys[i].KeyID, c.Global.OldVerifyKeys[i].PrivateKey, err = readKeyPEM(oldPrivateKeyPath, oldPrivateKeyData); err != nil { // NOTSPEC: Ordinarily we should force key ID formatting, but since there are
return nil, err // a number of private keys out there with non-compatible symbols in them due
// to lack of validation in Synapse, we won't enforce that for old verify keys.
keyID, privateKey, perr := readKeyPEM(oldPrivateKeyPath, oldPrivateKeyData, false)
if perr != nil {
return nil, perr
} }
c.Global.OldVerifyKeys[i].KeyID, c.Global.OldVerifyKeys[i].PrivateKey = keyID, privateKey
} }
for _, certPath := range c.FederationAPI.FederationCertificatePaths { for _, certPath := range c.FederationAPI.FederationCertificatePaths {
@ -458,7 +464,7 @@ func absPath(dir string, path Path) string {
return filepath.Join(dir, string(path)) return filepath.Join(dir, string(path))
} }
func readKeyPEM(path string, data []byte) (gomatrixserverlib.KeyID, ed25519.PrivateKey, error) { func readKeyPEM(path string, data []byte, enforceKeyIDFormat bool) (gomatrixserverlib.KeyID, ed25519.PrivateKey, error) {
for { for {
var keyBlock *pem.Block var keyBlock *pem.Block
keyBlock, data = pem.Decode(data) keyBlock, data = pem.Decode(data)
@ -476,7 +482,7 @@ func readKeyPEM(path string, data []byte) (gomatrixserverlib.KeyID, ed25519.Priv
if !strings.HasPrefix(keyID, "ed25519:") { if !strings.HasPrefix(keyID, "ed25519:") {
return "", nil, fmt.Errorf("key ID %q doesn't start with \"ed25519:\" in %q", keyID, path) return "", nil, fmt.Errorf("key ID %q doesn't start with \"ed25519:\" in %q", keyID, path)
} }
if !keyIDRegexp.MatchString(keyID) { if enforceKeyIDFormat && !keyIDRegexp.MatchString(keyID) {
return "", nil, fmt.Errorf("key ID %q in %q contains illegal characters (use a-z, A-Z, 0-9 and _ only)", keyID, path) return "", nil, fmt.Errorf("key ID %q in %q contains illegal characters (use a-z, A-Z, 0-9 and _ only)", keyID, path)
} }
_, privKey, err := ed25519.GenerateKey(bytes.NewReader(keyBlock.Bytes)) _, privKey, err := ed25519.GenerateKey(bytes.NewReader(keyBlock.Bytes))

2
internal/config/config_test.go
View file

@ -234,7 +234,7 @@ func (m mockReadFile) readFile(path string) ([]byte, error) {
} }
func TestReadKey(t *testing.T) { func TestReadKey(t *testing.T) {
keyID, _, err := readKeyPEM("path/to/key", []byte(testKey)) keyID, _, err := readKeyPEM("path/to/key", []byte(testKey), true)
if err != nil { if err != nil {
t.Error("failed to load private key:", err) t.Error("failed to load private key:", err)
} }