dendrite/keyserver/internal/cross_signing.go

package internal

import (
	"context"
	"crypto/ed25519"
	"encoding/json"
	"fmt"
	"strings"

	"github.com/matrix-org/dendrite/keyserver/api"
	"github.com/matrix-org/gomatrixserverlib"
	"github.com/sirupsen/logrus"
)

func sanityCheckKey(key gomatrixserverlib.CrossSigningForKey, userID string, purpose gomatrixserverlib.CrossSigningKeyPurpose) error {
	// Is there exactly one key?
	if len(key.Keys) != 1 {
		return fmt.Errorf("should contain exactly one key")
	}

	// Does the key ID match the key value? Iterates exactly once
	for keyID, keyData := range key.Keys {
		b64 := keyData.Encode()
		tokens := strings.Split(string(keyID), ":")
		if len(tokens) != 2 {
			return fmt.Errorf("key ID is incorrectly formatted")
		}
		if tokens[1] != b64 {
			return fmt.Errorf("key ID isn't correct")
		}
	}

	// Does the key claim to be from the right user?
	if userID != key.UserID {
		return fmt.Errorf("key has a user ID mismatch")
	}

	// Does the key contain the correct purpose?
	useful := false
	for _, usage := range key.Usage {
		if usage == purpose {
			useful = true
		}
	}
	if !useful {
		return fmt.Errorf("key does not contain correct usage purpose")
	}

	return nil
}

func (a *KeyInternalAPI) PerformUploadDeviceKeys(ctx context.Context, req *api.PerformUploadDeviceKeysRequest, res *api.PerformUploadDeviceKeysResponse) {
	hasMasterKey := false

	if len(req.MasterKey.Keys) > 0 {
		if err := sanityCheckKey(req.MasterKey, req.UserID, gomatrixserverlib.CrossSigningKeyPurposeMaster); err != nil {
			res.Error = &api.KeyError{
				Err: "Master key sanity check failed: " + err.Error(),
			}
			return
		}
		hasMasterKey = true
	}

	if len(req.SelfSigningKey.Keys) > 0 {
		if err := sanityCheckKey(req.SelfSigningKey, req.UserID, gomatrixserverlib.CrossSigningKeyPurposeSelfSigning); err != nil {
			res.Error = &api.KeyError{
				Err: "Self-signing key sanity check failed: " + err.Error(),
			}
			return
		}
	}

	if len(req.UserSigningKey.Keys) > 0 {
		if err := sanityCheckKey(req.UserSigningKey, req.UserID, gomatrixserverlib.CrossSigningKeyPurposeUserSigning); err != nil {
			res.Error = &api.KeyError{
				Err: "User-signing key sanity check failed: " + err.Error(),
			}
			return
		}
	}

	// If the user hasn't given a new master key, then let's go and get their
	// existing keys from the database.
	var masterKey gomatrixserverlib.Base64Bytes
	if !hasMasterKey {
		existingKeys, err := a.DB.CrossSigningKeysForUser(ctx, req.UserID)
		if err != nil {
			res.Error = &api.KeyError{
				Err: "User-signing key sanity check failed: " + err.Error(),
			}
			return
		}

		masterKey, hasMasterKey = existingKeys[gomatrixserverlib.CrossSigningKeyPurposeMaster]
		if !hasMasterKey {
			res.Error = &api.KeyError{
				Err:            "No master key was found, either in the database or in the request!",
				IsMissingParam: true,
			}
			return
		}
	} else {
		for _, keyData := range req.MasterKey.Keys { // iterates once, see sanityCheckKey
			masterKey = keyData
		}
	}
	masterKeyID := gomatrixserverlib.KeyID(fmt.Sprintf("ed25519:%s", masterKey.Encode()))

	// Work out which things we need to verify the signatures for.
	toVerify := make(map[gomatrixserverlib.CrossSigningKeyPurpose]gomatrixserverlib.CrossSigningForKey, 3)
	toStore := api.CrossSigningKeyMap{}
	if len(req.MasterKey.Keys) > 0 {
		toVerify[gomatrixserverlib.CrossSigningKeyPurposeMaster] = req.MasterKey
	}
	if len(req.SelfSigningKey.Keys) > 0 {
		toVerify[gomatrixserverlib.CrossSigningKeyPurposeSelfSigning] = req.SelfSigningKey
	}
	if len(req.SelfSigningKey.Keys) > 0 {
		toVerify[gomatrixserverlib.CrossSigningKeyPurposeUserSigning] = req.UserSigningKey
	}
	for purpose, key := range toVerify {
		// Collect together the key IDs we need to verify with. This will include
		// all of the key IDs specified in the signatures. We don't do this for
		// the master key because we have no means to verify the signatures - we
		// instead just need to store them.
		if purpose != gomatrixserverlib.CrossSigningKeyPurposeMaster {
			// Marshal the specific key back into JSON so that we can verify the
			// signature of it.
			keyJSON, err := json.Marshal(key)
			if err != nil {
				res.Error = &api.KeyError{
					Err: fmt.Sprintf("The JSON of the key section is invalid: %s", err.Error()),
				}
				return
			}

			// Now check if the subkey is signed by the master key.
			if err := gomatrixserverlib.VerifyJSON(req.UserID, masterKeyID, ed25519.PublicKey(masterKey), keyJSON); err != nil {
				res.Error = &api.KeyError{
					Err:                fmt.Sprintf("The %q sub-key failed master key signature verification: %s", purpose, err.Error()),
					IsInvalidSignature: true,
				}
				return
			}
		}

		// If we've reached this point then all the signatures are valid so
		// add the key to the list of keys to store.
		for _, keyData := range key.Keys { // iterates once, see sanityCheckKey
			toStore[purpose] = keyData
		}
	}

	if err := a.DB.StoreCrossSigningKeysForUser(ctx, req.UserID, toStore, req.StreamID); err != nil {
		res.Error = &api.KeyError{
			Err: fmt.Sprintf("a.DB.StoreCrossSigningKeysForUser: %s", err),
		}
	}
}

func (a *KeyInternalAPI) PerformUploadDeviceSignatures(ctx context.Context, req *api.PerformUploadDeviceSignaturesRequest, res *api.PerformUploadDeviceSignaturesResponse) {
	/*
		for targetUserID, forTarget := range req.Signatures {
			for targetID, signable := range forTarget {
				// Work out which type of thingy it is.


				switch obj := signable.(type) {
				case *gomatrixserverlib.CrossSigningForKey: // signing a key
					// Check to see if we know about the target user ID and key ID. If we
					// don't then we'll just drop the signatures.
					keys, err := a.DB.CrossSigningKeysForUser(ctx, targetUserID)
					if err != nil {
						continue
					}
					foundMatchingKey := false
					for _, key := range keys {
						if key.Encode() == targetID {
							foundMatchingKey = true
						}
					}
					if !foundMatchingKey {
						continue
					}

					for originUserID, forOriginUserID := range obj.Signatures {
						for originKeyID, signature := range forOriginUserID {
							// TODO: check signatures

							err := a.DB.StoreCrossSigningSigsForTarget(ctx, originUserID, originKeyID, targetUserID, gomatrixserverlib.KeyID(targetID), signature)
							if err != nil {
								res.Error = &api.KeyError{
									Err: "Failed to store cross-signing keys for target: " + err.Error(),
								}
								return
							}
						}
					}

				case *gomatrixserverlib.CrossSigningForDevice: // signing a device
					// TODO: signatures for devices
					continue

				default:
					res.Error = &api.KeyError{
						Err: "Found an unexpected item type",
					}
					return
				}
			}
		}
	*/
	res.Error = &api.KeyError{
		Err: "Not supported yet",
	}
}

func (a *KeyInternalAPI) crossSigningKeys(
	ctx context.Context, req *api.QueryKeysRequest, res *api.QueryKeysResponse,
) error {
	for userID := range req.UserToDevices {
		keys, err := a.DB.CrossSigningKeysForUser(ctx, userID)
		if err != nil {
			logrus.WithError(err).Errorf("Failed to get cross-signing keys for user %q", userID)
			return fmt.Errorf("a.DB.CrossSigningKeysForUser (%q): %w", userID, err)
		}

		for keyType, keyData := range keys {
			b64 := keyData.Encode()
			keyID := gomatrixserverlib.KeyID("ed25519:" + b64)
			key := gomatrixserverlib.CrossSigningForKey{
				UserID: userID,
				Usage: []gomatrixserverlib.CrossSigningKeyPurpose{
					keyType,
				},
				Keys: map[gomatrixserverlib.KeyID]gomatrixserverlib.Base64Bytes{
					keyID: keyData,
				},
			}

			sigs, err := a.DB.CrossSigningSigsForTarget(ctx, userID, keyID)
			if err != nil {
				logrus.WithError(err).Errorf("Failed to get cross-signing signatures for user %q key %q", userID, keyID)
				return fmt.Errorf("a.DB.CrossSigningSigsForTarget (%q key %q): %w", userID, keyID, err)
			}

			appendSignature := func(originUserID string, originKeyID gomatrixserverlib.KeyID, signature gomatrixserverlib.Base64Bytes) {
				if key.Signatures == nil {
					key.Signatures = api.CrossSigningSigMap{}
				}
				if _, ok := key.Signatures[originUserID]; !ok {
					key.Signatures[originUserID] = make(map[gomatrixserverlib.KeyID]gomatrixserverlib.Base64Bytes)
				}
				key.Signatures[originUserID][originKeyID] = signature
			}

			for originUserID, forOrigin := range sigs {
				for originKeyID, signature := range forOrigin {
					switch {
					case req.UserID != "" && originUserID == req.UserID:
						// Include signatures that we created
						appendSignature(originUserID, originKeyID, signature)
					case originUserID == userID:
						// Include signatures that were created by the person whose key
						// we are processing
						appendSignature(originUserID, originKeyID, signature)
					}
				}
			}

			switch keyType {
			case gomatrixserverlib.CrossSigningKeyPurposeMaster:
				res.MasterKeys[userID] = key

			case gomatrixserverlib.CrossSigningKeyPurposeSelfSigning:
				res.SelfSigningKeys[userID] = key

			case gomatrixserverlib.CrossSigningKeyPurposeUserSigning:
				res.UserSigningKeys[userID] = key
			}
		}
	}

	return nil
}
Sanity checking of uploads 2021-07-28 16:07:57 +00:00			`package internal`

			`import (`
			`"context"`
Validate signatures 2021-07-29 11:45:29 +00:00			`"crypto/ed25519"`
			`"encoding/json"`
Sanity checking of uploads 2021-07-28 16:07:57 +00:00			`"fmt"`
			`"strings"`

			`"github.com/matrix-org/dendrite/keyserver/api"`
			`"github.com/matrix-org/gomatrixserverlib"`
			`"github.com/sirupsen/logrus"`
			`)`

Some refactoring 2021-07-29 14:47:30 +00:00			`func sanityCheckKey(key gomatrixserverlib.CrossSigningForKey, userID string, purpose gomatrixserverlib.CrossSigningKeyPurpose) error {`
Sanity checking of uploads 2021-07-28 16:07:57 +00:00			`// Is there exactly one key?`
			`if len(key.Keys) != 1 {`
			`return fmt.Errorf("should contain exactly one key")`
			`}`

			`// Does the key ID match the key value? Iterates exactly once`
			`for keyID, keyData := range key.Keys {`
			`b64 := keyData.Encode()`
			`tokens := strings.Split(string(keyID), ":")`
			`if len(tokens) != 2 {`
			`return fmt.Errorf("key ID is incorrectly formatted")`
			`}`
			`if tokens[1] != b64 {`
			`return fmt.Errorf("key ID isn't correct")`
			`}`
			`}`

			`// Does the key claim to be from the right user?`
			`if userID != key.UserID {`
			`return fmt.Errorf("key has a user ID mismatch")`
			`}`

			`// Does the key contain the correct purpose?`
			`useful := false`
			`for _, usage := range key.Usage {`
			`if usage == purpose {`
			`useful = true`
			`}`
			`}`
			`if !useful {`
			`return fmt.Errorf("key does not contain correct usage purpose")`
			`}`

			`return nil`
			`}`

			`func (a KeyInternalAPI) PerformUploadDeviceKeys(ctx context.Context, req api.PerformUploadDeviceKeysRequest, res *api.PerformUploadDeviceKeysResponse) {`
Validate signatures 2021-07-29 11:45:29 +00:00			`hasMasterKey := false`

Sanity checking of uploads 2021-07-28 16:07:57 +00:00			`if len(req.MasterKey.Keys) > 0 {`
			`if err := sanityCheckKey(req.MasterKey, req.UserID, gomatrixserverlib.CrossSigningKeyPurposeMaster); err != nil {`
			`res.Error = &api.KeyError{`
			`Err: "Master key sanity check failed: " + err.Error(),`
			`}`
			`return`
			`}`
Validate signatures 2021-07-29 11:45:29 +00:00			`hasMasterKey = true`
Sanity checking of uploads 2021-07-28 16:07:57 +00:00			`}`

			`if len(req.SelfSigningKey.Keys) > 0 {`
			`if err := sanityCheckKey(req.SelfSigningKey, req.UserID, gomatrixserverlib.CrossSigningKeyPurposeSelfSigning); err != nil {`
			`res.Error = &api.KeyError{`
			`Err: "Self-signing key sanity check failed: " + err.Error(),`
			`}`
			`return`
			`}`
			`}`

			`if len(req.UserSigningKey.Keys) > 0 {`
			`if err := sanityCheckKey(req.UserSigningKey, req.UserID, gomatrixserverlib.CrossSigningKeyPurposeUserSigning); err != nil {`
			`res.Error = &api.KeyError{`
			`Err: "User-signing key sanity check failed: " + err.Error(),`
			`}`
			`return`
			`}`
			`}`

Validate signatures 2021-07-29 11:45:29 +00:00			`// If the user hasn't given a new master key, then let's go and get their`
			`// existing keys from the database.`
			`var masterKey gomatrixserverlib.Base64Bytes`
			`if !hasMasterKey {`
			`existingKeys, err := a.DB.CrossSigningKeysForUser(ctx, req.UserID)`
			`if err != nil {`
			`res.Error = &api.KeyError{`
			`Err: "User-signing key sanity check failed: " + err.Error(),`
			`}`
			`return`
			`}`
Storing device keys part 1 2021-07-29 08:48:09 +00:00
Validate signatures 2021-07-29 11:45:29 +00:00			`masterKey, hasMasterKey = existingKeys[gomatrixserverlib.CrossSigningKeyPurposeMaster]`
			`if !hasMasterKey {`
			`res.Error = &api.KeyError{`
Fix error values 2021-07-29 12:13:10 +00:00			`Err: "No master key was found, either in the database or in the request!",`
			`IsMissingParam: true,`
Validate signatures 2021-07-29 11:45:29 +00:00			`}`
			`return`
			`}`
			`} else {`
			`for _, keyData := range req.MasterKey.Keys { // iterates once, see sanityCheckKey`
			`masterKey = keyData`
			`}`
			`}`
			`masterKeyID := gomatrixserverlib.KeyID(fmt.Sprintf("ed25519:%s", masterKey.Encode()))`

			`// Work out which things we need to verify the signatures for.`
Some refactoring 2021-07-29 14:47:30 +00:00			`toVerify := make(map[gomatrixserverlib.CrossSigningKeyPurpose]gomatrixserverlib.CrossSigningForKey, 3)`
Validate signatures 2021-07-29 11:45:29 +00:00			`toStore := api.CrossSigningKeyMap{}`
			`if len(req.MasterKey.Keys) > 0 {`
			`toVerify[gomatrixserverlib.CrossSigningKeyPurposeMaster] = req.MasterKey`
			`}`
			`if len(req.SelfSigningKey.Keys) > 0 {`
			`toVerify[gomatrixserverlib.CrossSigningKeyPurposeSelfSigning] = req.SelfSigningKey`
Storing device keys part 1 2021-07-29 08:48:09 +00:00			`}`
Validate signatures 2021-07-29 11:45:29 +00:00			`if len(req.SelfSigningKey.Keys) > 0 {`
			`toVerify[gomatrixserverlib.CrossSigningKeyPurposeUserSigning] = req.UserSigningKey`
Storing device keys part 1 2021-07-29 08:48:09 +00:00			`}`
Validate signatures 2021-07-29 11:45:29 +00:00			`for purpose, key := range toVerify {`
			`// Collect together the key IDs we need to verify with. This will include`
A fix 2021-07-29 11:54:03 +00:00			`// all of the key IDs specified in the signatures. We don't do this for`
			`// the master key because we have no means to verify the signatures - we`
			`// instead just need to store them.`
Validate signatures 2021-07-29 11:45:29 +00:00			`if purpose != gomatrixserverlib.CrossSigningKeyPurposeMaster {`
A fix 2021-07-29 11:54:03 +00:00			`// Marshal the specific key back into JSON so that we can verify the`
			`// signature of it.`
			`keyJSON, err := json.Marshal(key)`
			`if err != nil {`
Validate signatures 2021-07-29 11:45:29 +00:00			`res.Error = &api.KeyError{`
Fix error values 2021-07-29 12:13:10 +00:00			`Err: fmt.Sprintf("The JSON of the key section is invalid: %s", err.Error()),`
Validate signatures 2021-07-29 11:45:29 +00:00			`}`
			`return`
			`}`
A fix 2021-07-29 11:54:03 +00:00
Only the master key signature matters 2021-07-29 12:10:10 +00:00			`// Now check if the subkey is signed by the master key.`
			`if err := gomatrixserverlib.VerifyJSON(req.UserID, masterKeyID, ed25519.PublicKey(masterKey), keyJSON); err != nil {`
			`res.Error = &api.KeyError{`
			`Err: fmt.Sprintf("The %q sub-key failed master key signature verification: %s", purpose, err.Error()),`
			`IsInvalidSignature: true,`
A fix 2021-07-29 11:54:03 +00:00			`}`
Only the master key signature matters 2021-07-29 12:10:10 +00:00			`return`
A fix 2021-07-29 11:54:03 +00:00			`}`
Validate signatures 2021-07-29 11:45:29 +00:00			`}`

			`// If we've reached this point then all the signatures are valid so`
			`// add the key to the list of keys to store.`
			`for _, keyData := range key.Keys { // iterates once, see sanityCheckKey`
			`toStore[purpose] = keyData`
			`}`
Storing device keys part 1 2021-07-29 08:48:09 +00:00			`}`

Validate signatures 2021-07-29 11:45:29 +00:00			`if err := a.DB.StoreCrossSigningKeysForUser(ctx, req.UserID, toStore, req.StreamID); err != nil {`
Storing device keys part 1 2021-07-29 08:48:09 +00:00			`res.Error = &api.KeyError{`
			`Err: fmt.Sprintf("a.DB.StoreCrossSigningKeysForUser: %s", err),`
			`}`
Sanity checking of uploads 2021-07-28 16:07:57 +00:00			`}`
			`}`

			`func (a KeyInternalAPI) PerformUploadDeviceSignatures(ctx context.Context, req api.PerformUploadDeviceSignaturesRequest, res *api.PerformUploadDeviceSignaturesResponse) {`
Some refactoring 2021-07-29 14:47:30 +00:00			`/*`
			`for targetUserID, forTarget := range req.Signatures {`
			`for targetID, signable := range forTarget {`
			`// Work out which type of thingy it is.`

Initial signature upload support maybe 2021-07-29 14:29:16 +00:00
Some refactoring 2021-07-29 14:47:30 +00:00			`switch obj := signable.(type) {`
			`case *gomatrixserverlib.CrossSigningForKey: // signing a key`
			`// Check to see if we know about the target user ID and key ID. If we`
			`// don't then we'll just drop the signatures.`
			`keys, err := a.DB.CrossSigningKeysForUser(ctx, targetUserID)`
Initial signature upload support maybe 2021-07-29 14:29:16 +00:00			`if err != nil {`
Some refactoring 2021-07-29 14:47:30 +00:00			`continue`
			`}`
			`foundMatchingKey := false`
			`for _, key := range keys {`
			`if key.Encode() == targetID {`
			`foundMatchingKey = true`
Initial signature upload support maybe 2021-07-29 14:29:16 +00:00			`}`
			`}`
Some refactoring 2021-07-29 14:47:30 +00:00			`if !foundMatchingKey {`
			`continue`
			`}`

			`for originUserID, forOriginUserID := range obj.Signatures {`
			`for originKeyID, signature := range forOriginUserID {`
			`// TODO: check signatures`
Initial signature upload support maybe 2021-07-29 14:29:16 +00:00
Some refactoring 2021-07-29 14:47:30 +00:00			`err := a.DB.StoreCrossSigningSigsForTarget(ctx, originUserID, originKeyID, targetUserID, gomatrixserverlib.KeyID(targetID), signature)`
			`if err != nil {`
Initial signature upload support maybe 2021-07-29 14:29:16 +00:00			`res.Error = &api.KeyError{`
Some refactoring 2021-07-29 14:47:30 +00:00			`Err: "Failed to store cross-signing keys for target: " + err.Error(),`
Initial signature upload support maybe 2021-07-29 14:29:16 +00:00			`}`
			`return`
			`}`
			`}`
			`}`

Some refactoring 2021-07-29 14:47:30 +00:00			`case *gomatrixserverlib.CrossSigningForDevice: // signing a device`
			`// TODO: signatures for devices`
			`continue`
Initial signature upload support maybe 2021-07-29 14:29:16 +00:00
Some refactoring 2021-07-29 14:47:30 +00:00			`default:`
			`res.Error = &api.KeyError{`
			`Err: "Found an unexpected item type",`
			`}`
			`return`
Initial signature upload support maybe 2021-07-29 14:29:16 +00:00			`}`
			`}`
			`}`
Some refactoring 2021-07-29 14:47:30 +00:00			`*/`
Sanity checking of uploads 2021-07-28 16:07:57 +00:00			`res.Error = &api.KeyError{`
			`Err: "Not supported yet",`
			`}`
			`}`

			`func (a *KeyInternalAPI) crossSigningKeys(`
			`ctx context.Context, req api.QueryKeysRequest, res api.QueryKeysResponse,`
			`) error {`
			`for userID := range req.UserToDevices {`
			`keys, err := a.DB.CrossSigningKeysForUser(ctx, userID)`
			`if err != nil {`
			`logrus.WithError(err).Errorf("Failed to get cross-signing keys for user %q", userID)`
			`return fmt.Errorf("a.DB.CrossSigningKeysForUser (%q): %w", userID, err)`
			`}`

			`for keyType, keyData := range keys {`
			`b64 := keyData.Encode()`
Include signatures in key query 2021-07-29 13:35:42 +00:00			`keyID := gomatrixserverlib.KeyID("ed25519:" + b64)`
Some refactoring 2021-07-29 14:47:30 +00:00			`key := gomatrixserverlib.CrossSigningForKey{`
Sanity checking of uploads 2021-07-28 16:07:57 +00:00			`UserID: userID,`
			`Usage: []gomatrixserverlib.CrossSigningKeyPurpose{`
			`keyType,`
			`},`
			`Keys: map[gomatrixserverlib.KeyID]gomatrixserverlib.Base64Bytes{`
Include signatures in key query 2021-07-29 13:35:42 +00:00			`keyID: keyData,`
Sanity checking of uploads 2021-07-28 16:07:57 +00:00			`},`
			`}`

Include signatures in key query 2021-07-29 13:35:42 +00:00			`sigs, err := a.DB.CrossSigningSigsForTarget(ctx, userID, keyID)`
			`if err != nil {`
			`logrus.WithError(err).Errorf("Failed to get cross-signing signatures for user %q key %q", userID, keyID)`
			`return fmt.Errorf("a.DB.CrossSigningSigsForTarget (%q key %q): %w", userID, keyID, err)`
			`}`

			`appendSignature := func(originUserID string, originKeyID gomatrixserverlib.KeyID, signature gomatrixserverlib.Base64Bytes) {`
Allocate the map 2021-07-29 13:39:12 +00:00			`if key.Signatures == nil {`
			`key.Signatures = api.CrossSigningSigMap{}`
			`}`
Include signatures in key query 2021-07-29 13:35:42 +00:00			`if _, ok := key.Signatures[originUserID]; !ok {`
			`key.Signatures[originUserID] = make(map[gomatrixserverlib.KeyID]gomatrixserverlib.Base64Bytes)`
			`}`
			`key.Signatures[originUserID][originKeyID] = signature`
			`}`

			`for originUserID, forOrigin := range sigs {`
			`for originKeyID, signature := range forOrigin {`
			`switch {`
			`case req.UserID != "" && originUserID == req.UserID:`
Add insert functions for cross-signing signatures 2021-07-29 13:47:09 +00:00			`// Include signatures that we created`
Include signatures in key query 2021-07-29 13:35:42 +00:00			`appendSignature(originUserID, originKeyID, signature)`
			`case originUserID == userID:`
Add insert functions for cross-signing signatures 2021-07-29 13:47:09 +00:00			`// Include signatures that were created by the person whose key`
			`// we are processing`
Include signatures in key query 2021-07-29 13:35:42 +00:00			`appendSignature(originUserID, originKeyID, signature)`
			`}`
			`}`
			`}`
Sanity checking of uploads 2021-07-28 16:07:57 +00:00
			`switch keyType {`
			`case gomatrixserverlib.CrossSigningKeyPurposeMaster:`
			`res.MasterKeys[userID] = key`

			`case gomatrixserverlib.CrossSigningKeyPurposeSelfSigning:`
			`res.SelfSigningKeys[userID] = key`

			`case gomatrixserverlib.CrossSigningKeyPurposeUserSigning:`
			`res.UserSigningKeys[userID] = key`
			`}`
			`}`
			`}`

			`return nil`
			`}`