refactor: use latest GMSL which splits fed client from matrix room logic (#3051)

Part of a series of refactors on GMSL.
2025-07-31 13:22:46 +00:00 · 2023-04-06 09:55:01 +01:00 · 2023-04-06 09:55:01 +01:00 · 0db43f13a6
commit 0db43f13a6
parent e093005bc2
86 changed files with 493 additions and 414 deletions
--- a/userapi/api/api.go
+++ b/userapi/api/api.go
@ -24,6 +24,7 @@ import (
 	"github.com/matrix-org/dendrite/syncapi/synctypes"
 	"github.com/matrix-org/dendrite/userapi/types"
 	"github.com/matrix-org/gomatrixserverlib"
+	"github.com/matrix-org/gomatrixserverlib/fclient"

 	"github.com/matrix-org/dendrite/clientapi/auth/authtypes"
 	"github.com/matrix-org/dendrite/internal/pushrules"
@ -719,9 +720,9 @@ type OutputCrossSigningKeyUpdate struct {
 }

 type CrossSigningKeyUpdate struct {
-	MasterKey      *gomatrixserverlib.CrossSigningKey `json:"master_key,omitempty"`
-	SelfSigningKey *gomatrixserverlib.CrossSigningKey `json:"self_signing_key,omitempty"`
-	UserID         string                             `json:"user_id"`
+	MasterKey      *fclient.CrossSigningKey `json:"master_key,omitempty"`
+	SelfSigningKey *fclient.CrossSigningKey `json:"self_signing_key,omitempty"`
+	UserID         string                   `json:"user_id"`
 }

 // DeviceKeysEqual returns true if the device keys updates contain the
@ -854,7 +855,7 @@ type PerformClaimKeysResponse struct {
 }

 type PerformUploadDeviceKeysRequest struct {
-	gomatrixserverlib.CrossSigningKeys
+	fclient.CrossSigningKeys
 	// The user that uploaded the key, should be populated by the clientapi.
 	UserID string
 }
@ -864,7 +865,7 @@ type PerformUploadDeviceKeysResponse struct {
 }

 type PerformUploadDeviceSignaturesRequest struct {
-	Signatures map[string]map[gomatrixserverlib.KeyID]gomatrixserverlib.CrossSigningForKeyOrDevice
+	Signatures map[string]map[gomatrixserverlib.KeyID]fclient.CrossSigningForKeyOrDevice
 	// The user that uploaded the sig, should be populated by the clientapi.
 	UserID string
 }
@ -888,9 +889,9 @@ type QueryKeysResponse struct {
 	// Map of user_id to device_id to device_key
 	DeviceKeys map[string]map[string]json.RawMessage
 	// Maps of user_id to cross signing key
-	MasterKeys      map[string]gomatrixserverlib.CrossSigningKey
-	SelfSigningKeys map[string]gomatrixserverlib.CrossSigningKey
-	UserSigningKeys map[string]gomatrixserverlib.CrossSigningKey
+	MasterKeys      map[string]fclient.CrossSigningKey
+	SelfSigningKeys map[string]fclient.CrossSigningKey
+	UserSigningKeys map[string]fclient.CrossSigningKey
 	// Set if there was a fatal error processing this query
 	Error *KeyError
 }
@ -945,11 +946,11 @@ type QuerySignaturesResponse struct {
 	// A map of target user ID -> target key/device ID -> origin user ID -> origin key/device ID -> signatures
 	Signatures map[string]map[gomatrixserverlib.KeyID]types.CrossSigningSigMap
 	// A map of target user ID -> cross-signing master key
-	MasterKeys map[string]gomatrixserverlib.CrossSigningKey
+	MasterKeys map[string]fclient.CrossSigningKey
 	// A map of target user ID -> cross-signing self-signing key
-	SelfSigningKeys map[string]gomatrixserverlib.CrossSigningKey
+	SelfSigningKeys map[string]fclient.CrossSigningKey
 	// A map of target user ID -> cross-signing user-signing key
-	UserSigningKeys map[string]gomatrixserverlib.CrossSigningKey
+	UserSigningKeys map[string]fclient.CrossSigningKey
 	// The request error, if any
 	Error *KeyError
 }
--- a/userapi/consumers/signingkeyupdate.go
+++ b/userapi/consumers/signingkeyupdate.go
@ -19,6 +19,7 @@ import (
 	"encoding/json"

 	"github.com/matrix-org/gomatrixserverlib"
+	"github.com/matrix-org/gomatrixserverlib/fclient"
 	"github.com/nats-io/nats.go"
 	"github.com/sirupsen/logrus"

@ -86,7 +87,7 @@ func (t *SigningKeyUpdateConsumer) onMessage(ctx context.Context, msgs []*nats.M
 		return true
 	}

-	keys := gomatrixserverlib.CrossSigningKeys{}
+	keys := fclient.CrossSigningKeys{}
 	if updatePayload.MasterKey != nil {
 		keys.MasterKey = *updatePayload.MasterKey
 	}
--- a/userapi/internal/cross_signing.go
+++ b/userapi/internal/cross_signing.go
@ -25,11 +25,12 @@ import (
 	"github.com/matrix-org/dendrite/userapi/api"
 	"github.com/matrix-org/dendrite/userapi/types"
 	"github.com/matrix-org/gomatrixserverlib"
+	"github.com/matrix-org/gomatrixserverlib/fclient"
 	"github.com/sirupsen/logrus"
 	"golang.org/x/crypto/curve25519"
 )

-func sanityCheckKey(key gomatrixserverlib.CrossSigningKey, userID string, purpose gomatrixserverlib.CrossSigningKeyPurpose) error {
+func sanityCheckKey(key fclient.CrossSigningKey, userID string, purpose fclient.CrossSigningKeyPurpose) error {
 	// Is there exactly one key?
 	if len(key.Keys) != 1 {
 		return fmt.Errorf("should contain exactly one key")
@ -105,12 +106,12 @@ func sanityCheckKey(key gomatrixserverlib.CrossSigningKey, userID string, purpos
 // nolint:gocyclo
 func (a *UserInternalAPI) PerformUploadDeviceKeys(ctx context.Context, req *api.PerformUploadDeviceKeysRequest, res *api.PerformUploadDeviceKeysResponse) error {
 	// Find the keys to store.
-	byPurpose := map[gomatrixserverlib.CrossSigningKeyPurpose]gomatrixserverlib.CrossSigningKey{}
+	byPurpose := map[fclient.CrossSigningKeyPurpose]fclient.CrossSigningKey{}
 	toStore := types.CrossSigningKeyMap{}
 	hasMasterKey := false

 	if len(req.MasterKey.Keys) > 0 {
-		if err := sanityCheckKey(req.MasterKey, req.UserID, gomatrixserverlib.CrossSigningKeyPurposeMaster); err != nil {
+		if err := sanityCheckKey(req.MasterKey, req.UserID, fclient.CrossSigningKeyPurposeMaster); err != nil {
 			res.Error = &api.KeyError{
 				Err:            "Master key sanity check failed: " + err.Error(),
 				IsInvalidParam: true,
@ -118,15 +119,15 @@ func (a *UserInternalAPI) PerformUploadDeviceKeys(ctx context.Context, req *api.
 			return nil
 		}

-		byPurpose[gomatrixserverlib.CrossSigningKeyPurposeMaster] = req.MasterKey
+		byPurpose[fclient.CrossSigningKeyPurposeMaster] = req.MasterKey
 		for _, key := range req.MasterKey.Keys { // iterates once, see sanityCheckKey
-			toStore[gomatrixserverlib.CrossSigningKeyPurposeMaster] = key
+			toStore[fclient.CrossSigningKeyPurposeMaster] = key
 		}
 		hasMasterKey = true
 	}

 	if len(req.SelfSigningKey.Keys) > 0 {
-		if err := sanityCheckKey(req.SelfSigningKey, req.UserID, gomatrixserverlib.CrossSigningKeyPurposeSelfSigning); err != nil {
+		if err := sanityCheckKey(req.SelfSigningKey, req.UserID, fclient.CrossSigningKeyPurposeSelfSigning); err != nil {
 			res.Error = &api.KeyError{
 				Err:            "Self-signing key sanity check failed: " + err.Error(),
 				IsInvalidParam: true,
@ -134,14 +135,14 @@ func (a *UserInternalAPI) PerformUploadDeviceKeys(ctx context.Context, req *api.
 			return nil
 		}

-		byPurpose[gomatrixserverlib.CrossSigningKeyPurposeSelfSigning] = req.SelfSigningKey
+		byPurpose[fclient.CrossSigningKeyPurposeSelfSigning] = req.SelfSigningKey
 		for _, key := range req.SelfSigningKey.Keys { // iterates once, see sanityCheckKey
-			toStore[gomatrixserverlib.CrossSigningKeyPurposeSelfSigning] = key
+			toStore[fclient.CrossSigningKeyPurposeSelfSigning] = key
 		}
 	}

 	if len(req.UserSigningKey.Keys) > 0 {
-		if err := sanityCheckKey(req.UserSigningKey, req.UserID, gomatrixserverlib.CrossSigningKeyPurposeUserSigning); err != nil {
+		if err := sanityCheckKey(req.UserSigningKey, req.UserID, fclient.CrossSigningKeyPurposeUserSigning); err != nil {
 			res.Error = &api.KeyError{
 				Err:            "User-signing key sanity check failed: " + err.Error(),
 				IsInvalidParam: true,
@ -149,9 +150,9 @@ func (a *UserInternalAPI) PerformUploadDeviceKeys(ctx context.Context, req *api.
 			return nil
 		}

-		byPurpose[gomatrixserverlib.CrossSigningKeyPurposeUserSigning] = req.UserSigningKey
+		byPurpose[fclient.CrossSigningKeyPurposeUserSigning] = req.UserSigningKey
 		for _, key := range req.UserSigningKey.Keys { // iterates once, see sanityCheckKey
-			toStore[gomatrixserverlib.CrossSigningKeyPurposeUserSigning] = key
+			toStore[fclient.CrossSigningKeyPurposeUserSigning] = key
 		}
 	}

@ -180,7 +181,7 @@ func (a *UserInternalAPI) PerformUploadDeviceKeys(ctx context.Context, req *api.
 	// If we still can't find a master key for the user then stop the upload.
 	// This satisfies the "Fails to upload self-signing key without master key" test.
 	if !hasMasterKey {
-		if _, hasMasterKey = existingKeys[gomatrixserverlib.CrossSigningKeyPurposeMaster]; !hasMasterKey {
+		if _, hasMasterKey = existingKeys[fclient.CrossSigningKeyPurposeMaster]; !hasMasterKey {
 			res.Error = &api.KeyError{
 				Err:            "No master key was found",
 				IsMissingParam: true,
@ -191,10 +192,10 @@ func (a *UserInternalAPI) PerformUploadDeviceKeys(ctx context.Context, req *api.

 	// Check if anything actually changed compared to what we have in the database.
 	changed := false
-	for _, purpose := range []gomatrixserverlib.CrossSigningKeyPurpose{
-		gomatrixserverlib.CrossSigningKeyPurposeMaster,
-		gomatrixserverlib.CrossSigningKeyPurposeSelfSigning,
-		gomatrixserverlib.CrossSigningKeyPurposeUserSigning,
+	for _, purpose := range []fclient.CrossSigningKeyPurpose{
+		fclient.CrossSigningKeyPurposeMaster,
+		fclient.CrossSigningKeyPurposeSelfSigning,
+		fclient.CrossSigningKeyPurposeUserSigning,
 	} {
 		old, gotOld := existingKeys[purpose]
 		new, gotNew := toStore[purpose]
@ -248,10 +249,10 @@ func (a *UserInternalAPI) PerformUploadDeviceKeys(ctx context.Context, req *api.
 	update := api.CrossSigningKeyUpdate{
 		UserID: req.UserID,
 	}
-	if mk, ok := byPurpose[gomatrixserverlib.CrossSigningKeyPurposeMaster]; ok {
+	if mk, ok := byPurpose[fclient.CrossSigningKeyPurposeMaster]; ok {
 		update.MasterKey = &mk
 	}
-	if ssk, ok := byPurpose[gomatrixserverlib.CrossSigningKeyPurposeSelfSigning]; ok {
+	if ssk, ok := byPurpose[fclient.CrossSigningKeyPurposeSelfSigning]; ok {
 		update.SelfSigningKey = &ssk
 	}
 	if update.MasterKey == nil && update.SelfSigningKey == nil {
@ -279,36 +280,36 @@ func (a *UserInternalAPI) PerformUploadDeviceSignatures(ctx context.Context, req
 	}
 	_ = a.QueryKeys(ctx, queryReq, queryRes)

-	selfSignatures := map[string]map[gomatrixserverlib.KeyID]gomatrixserverlib.CrossSigningForKeyOrDevice{}
-	otherSignatures := map[string]map[gomatrixserverlib.KeyID]gomatrixserverlib.CrossSigningForKeyOrDevice{}
+	selfSignatures := map[string]map[gomatrixserverlib.KeyID]fclient.CrossSigningForKeyOrDevice{}
+	otherSignatures := map[string]map[gomatrixserverlib.KeyID]fclient.CrossSigningForKeyOrDevice{}

 	// Sort signatures into two groups: one where people have signed their own
 	// keys and one where people have signed someone elses
 	for userID, forUserID := range req.Signatures {
 		for keyID, keyOrDevice := range forUserID {
 			switch key := keyOrDevice.CrossSigningBody.(type) {
-			case *gomatrixserverlib.CrossSigningKey:
+			case *fclient.CrossSigningKey:
 				if key.UserID == req.UserID {
 					if _, ok := selfSignatures[userID]; !ok {
-						selfSignatures[userID] = map[gomatrixserverlib.KeyID]gomatrixserverlib.CrossSigningForKeyOrDevice{}
+						selfSignatures[userID] = map[gomatrixserverlib.KeyID]fclient.CrossSigningForKeyOrDevice{}
 					}
 					selfSignatures[userID][keyID] = keyOrDevice
 				} else {
 					if _, ok := otherSignatures[userID]; !ok {
-						otherSignatures[userID] = map[gomatrixserverlib.KeyID]gomatrixserverlib.CrossSigningForKeyOrDevice{}
+						otherSignatures[userID] = map[gomatrixserverlib.KeyID]fclient.CrossSigningForKeyOrDevice{}
 					}
 					otherSignatures[userID][keyID] = keyOrDevice
 				}

-			case *gomatrixserverlib.DeviceKeys:
+			case *fclient.DeviceKeys:
 				if key.UserID == req.UserID {
 					if _, ok := selfSignatures[userID]; !ok {
-						selfSignatures[userID] = map[gomatrixserverlib.KeyID]gomatrixserverlib.CrossSigningForKeyOrDevice{}
+						selfSignatures[userID] = map[gomatrixserverlib.KeyID]fclient.CrossSigningForKeyOrDevice{}
 					}
 					selfSignatures[userID][keyID] = keyOrDevice
 				} else {
 					if _, ok := otherSignatures[userID]; !ok {
-						otherSignatures[userID] = map[gomatrixserverlib.KeyID]gomatrixserverlib.CrossSigningForKeyOrDevice{}
+						otherSignatures[userID] = map[gomatrixserverlib.KeyID]fclient.CrossSigningForKeyOrDevice{}
 					}
 					otherSignatures[userID][keyID] = keyOrDevice
 				}
@ -354,7 +355,7 @@ func (a *UserInternalAPI) PerformUploadDeviceSignatures(ctx context.Context, req

 func (a *UserInternalAPI) processSelfSignatures(
 	ctx context.Context,
-	signatures map[string]map[gomatrixserverlib.KeyID]gomatrixserverlib.CrossSigningForKeyOrDevice,
+	signatures map[string]map[gomatrixserverlib.KeyID]fclient.CrossSigningForKeyOrDevice,
 ) error {
 	// Here we will process:
 	// * The user signing their own devices using their self-signing key
@ -363,7 +364,7 @@ func (a *UserInternalAPI) processSelfSignatures(
 	for targetUserID, forTargetUserID := range signatures {
 		for targetKeyID, signature := range forTargetUserID {
 			switch sig := signature.CrossSigningBody.(type) {
-			case *gomatrixserverlib.CrossSigningKey:
+			case *fclient.CrossSigningKey:
 				for keyID := range sig.Keys {
 					split := strings.SplitN(string(keyID), ":", 2)
 					if len(split) > 1 && gomatrixserverlib.KeyID(split[1]) == targetKeyID {
@ -381,7 +382,7 @@ func (a *UserInternalAPI) processSelfSignatures(
 					}
 				}

-			case *gomatrixserverlib.DeviceKeys:
+			case *fclient.DeviceKeys:
 				for originUserID, forOriginUserID := range sig.Signatures {
 					for originKeyID, originSig := range forOriginUserID {
 						if err := a.KeyDatabase.StoreCrossSigningSigsForTarget(
@ -403,7 +404,7 @@ func (a *UserInternalAPI) processSelfSignatures(

 func (a *UserInternalAPI) processOtherSignatures(
 	ctx context.Context, userID string, queryRes *api.QueryKeysResponse,
-	signatures map[string]map[gomatrixserverlib.KeyID]gomatrixserverlib.CrossSigningForKeyOrDevice,
+	signatures map[string]map[gomatrixserverlib.KeyID]fclient.CrossSigningForKeyOrDevice,
 ) error {
 	// Here we will process:
 	// * A user signing someone else's master keys using their user-signing keys
@ -411,7 +412,7 @@ func (a *UserInternalAPI) processOtherSignatures(
 	for targetUserID, forTargetUserID := range signatures {
 		for _, signature := range forTargetUserID {
 			switch sig := signature.CrossSigningBody.(type) {
-			case *gomatrixserverlib.CrossSigningKey:
+			case *fclient.CrossSigningKey:
 				// Find the local copy of the master key. We'll use this to be
 				// sure that the supplied stanza matches the key that we think it
 				// should be.
@ -509,13 +510,13 @@ func (a *UserInternalAPI) crossSigningKeysFromDatabase(
 			}

 			switch keyType {
-			case gomatrixserverlib.CrossSigningKeyPurposeMaster:
+			case fclient.CrossSigningKeyPurposeMaster:
 				res.MasterKeys[targetUserID] = key

-			case gomatrixserverlib.CrossSigningKeyPurposeSelfSigning:
+			case fclient.CrossSigningKeyPurposeSelfSigning:
 				res.SelfSigningKeys[targetUserID] = key

-			case gomatrixserverlib.CrossSigningKeyPurposeUserSigning:
+			case fclient.CrossSigningKeyPurposeUserSigning:
 				res.UserSigningKeys[targetUserID] = key
 			}
 		}
@ -534,21 +535,21 @@ func (a *UserInternalAPI) QuerySignatures(ctx context.Context, req *api.QuerySig

 		for targetPurpose, targetKey := range keyMap {
 			switch targetPurpose {
-			case gomatrixserverlib.CrossSigningKeyPurposeMaster:
+			case fclient.CrossSigningKeyPurposeMaster:
 				if res.MasterKeys == nil {
-					res.MasterKeys = map[string]gomatrixserverlib.CrossSigningKey{}
+					res.MasterKeys = map[string]fclient.CrossSigningKey{}
 				}
 				res.MasterKeys[targetUserID] = targetKey

-			case gomatrixserverlib.CrossSigningKeyPurposeSelfSigning:
+			case fclient.CrossSigningKeyPurposeSelfSigning:
 				if res.SelfSigningKeys == nil {
-					res.SelfSigningKeys = map[string]gomatrixserverlib.CrossSigningKey{}
+					res.SelfSigningKeys = map[string]fclient.CrossSigningKey{}
 				}
 				res.SelfSigningKeys[targetUserID] = targetKey

-			case gomatrixserverlib.CrossSigningKeyPurposeUserSigning:
+			case fclient.CrossSigningKeyPurposeUserSigning:
 				if res.UserSigningKeys == nil {
-					res.UserSigningKeys = map[string]gomatrixserverlib.CrossSigningKey{}
+					res.UserSigningKeys = map[string]fclient.CrossSigningKey{}
 				}
 				res.UserSigningKeys[targetUserID] = targetKey
 			}
--- a/userapi/internal/device_list_update.go
+++ b/userapi/internal/device_list_update.go
@ -25,6 +25,7 @@ import (
 	"time"

 	rsapi "github.com/matrix-org/dendrite/roomserver/api"
+	"github.com/matrix-org/gomatrixserverlib/fclient"

 	"github.com/matrix-org/gomatrix"
 	"github.com/matrix-org/gomatrixserverlib"
@ -508,12 +509,12 @@ func (u *DeviceListUpdater) processServerUser(ctx context.Context, serverName go
 		}
 		uploadRes := &api.PerformUploadDeviceKeysResponse{}
 		if res.MasterKey != nil {
-			if err = sanityCheckKey(*res.MasterKey, userID, gomatrixserverlib.CrossSigningKeyPurposeMaster); err == nil {
+			if err = sanityCheckKey(*res.MasterKey, userID, fclient.CrossSigningKeyPurposeMaster); err == nil {
 				uploadReq.MasterKey = *res.MasterKey
 			}
 		}
 		if res.SelfSigningKey != nil {
-			if err = sanityCheckKey(*res.SelfSigningKey, userID, gomatrixserverlib.CrossSigningKeyPurposeSelfSigning); err == nil {
+			if err = sanityCheckKey(*res.SelfSigningKey, userID, fclient.CrossSigningKeyPurposeSelfSigning); err == nil {
 				uploadReq.SelfSigningKey = *res.SelfSigningKey
 			}
 		}
@ -527,7 +528,7 @@ func (u *DeviceListUpdater) processServerUser(ctx context.Context, serverName go
 	return defaultWaitTime, nil
 }

-func (u *DeviceListUpdater) updateDeviceList(res *gomatrixserverlib.RespUserDevices) error {
+func (u *DeviceListUpdater) updateDeviceList(res *fclient.RespUserDevices) error {
 	ctx := context.Background() // we've got the keys, don't time out when persisting them to the database.
 	keys := make([]api.DeviceMessage, len(res.Devices))
 	existingKeys := make([]api.DeviceMessage, len(res.Devices))
--- a/userapi/internal/device_list_update_test.go
+++ b/userapi/internal/device_list_update_test.go
@ -29,6 +29,7 @@ import (

 	"github.com/matrix-org/dendrite/internal/sqlutil"
 	"github.com/matrix-org/gomatrixserverlib"
+	"github.com/matrix-org/gomatrixserverlib/fclient"

 	roomserver "github.com/matrix-org/dendrite/roomserver/api"
 	"github.com/matrix-org/dendrite/setup/config"
@ -135,10 +136,10 @@ func (t *roundTripper) RoundTrip(req *http.Request) (*http.Response, error) {
 	return t.fn(req)
 }

-func newFedClient(tripper func(*http.Request) (*http.Response, error)) *gomatrixserverlib.FederationClient {
+func newFedClient(tripper func(*http.Request) (*http.Response, error)) *fclient.FederationClient {
 	_, pkey, _ := ed25519.GenerateKey(nil)
-	fedClient := gomatrixserverlib.NewFederationClient(
-		[]*gomatrixserverlib.SigningIdentity{
+	fedClient := fclient.NewFederationClient(
+		[]*fclient.SigningIdentity{
 			{
 				ServerName: gomatrixserverlib.ServerName("example.test"),
 				KeyID:      gomatrixserverlib.KeyID("ed25519:test"),
@ -146,8 +147,8 @@ func newFedClient(tripper func(*http.Request) (*http.Response, error)) *gomatrix
 			},
 		},
 	)
-	fedClient.Client = *gomatrixserverlib.NewClient(
-		gomatrixserverlib.WithTransport(&roundTripper{tripper}),
+	fedClient.Client = *fclient.NewClient(
+		fclient.WithTransport(&roundTripper{tripper}),
 	)
 	return fedClient
 }
--- a/userapi/internal/key_api.go
+++ b/userapi/internal/key_api.go
@ -24,6 +24,7 @@ import (
 	"time"

 	"github.com/matrix-org/gomatrixserverlib"
+	"github.com/matrix-org/gomatrixserverlib/fclient"
 	"github.com/matrix-org/util"
 	"github.com/sirupsen/logrus"
 	"github.com/tidwall/gjson"
@ -229,9 +230,9 @@ func (a *UserInternalAPI) PerformMarkAsStaleIfNeeded(ctx context.Context, req *a
 func (a *UserInternalAPI) QueryKeys(ctx context.Context, req *api.QueryKeysRequest, res *api.QueryKeysResponse) error {
 	var respMu sync.Mutex
 	res.DeviceKeys = make(map[string]map[string]json.RawMessage)
-	res.MasterKeys = make(map[string]gomatrixserverlib.CrossSigningKey)
-	res.SelfSigningKeys = make(map[string]gomatrixserverlib.CrossSigningKey)
-	res.UserSigningKeys = make(map[string]gomatrixserverlib.CrossSigningKey)
+	res.MasterKeys = make(map[string]fclient.CrossSigningKey)
+	res.SelfSigningKeys = make(map[string]fclient.CrossSigningKey)
+	res.UserSigningKeys = make(map[string]fclient.CrossSigningKey)
 	res.Failures = make(map[string]interface{})

 	// make a map from domain to device keys
@ -362,7 +363,7 @@ func (a *UserInternalAPI) QueryKeys(ctx context.Context, req *api.QueryKeysReque
 			if len(sigMap) == 0 {
 				continue
 			}
-			var deviceKey gomatrixserverlib.DeviceKeys
+			var deviceKey fclient.DeviceKeys
 			if err = json.Unmarshal(key, &deviceKey); err != nil {
 				continue
 			}
@ -415,7 +416,7 @@ func (a *UserInternalAPI) queryRemoteKeys(
 	ctx context.Context, timeout time.Duration, res *api.QueryKeysResponse,
 	domainToDeviceKeys map[string]map[string][]string, domainToCrossSigningKeys map[string]map[string]struct{},
 ) {
-	resultCh := make(chan *gomatrixserverlib.RespQueryKeys, len(domainToDeviceKeys))
+	resultCh := make(chan *fclient.RespQueryKeys, len(domainToDeviceKeys))
 	// allows us to wait until all federation servers have been poked
 	var wg sync.WaitGroup
 	// mutex for writing directly to res (e.g failures)
@ -450,7 +451,7 @@ func (a *UserInternalAPI) queryRemoteKeys(
 		close(resultCh)
 	}()

-	processResult := func(result *gomatrixserverlib.RespQueryKeys) {
+	processResult := func(result *fclient.RespQueryKeys) {
 		respMu.Lock()
 		defer respMu.Unlock()
 		for userID, nest := range result.DeviceKeys {
@ -483,7 +484,7 @@ func (a *UserInternalAPI) queryRemoteKeys(

 func (a *UserInternalAPI) queryRemoteKeysOnServer(
 	ctx context.Context, serverName string, devKeys map[string][]string, crossSigningKeys map[string]struct{},
-	wg *sync.WaitGroup, respMu *sync.Mutex, timeout time.Duration, resultCh chan<- *gomatrixserverlib.RespQueryKeys,
+	wg *sync.WaitGroup, respMu *sync.Mutex, timeout time.Duration, resultCh chan<- *fclient.RespQueryKeys,
 	res *api.QueryKeysResponse,
 ) {
 	defer wg.Done()
--- a/userapi/storage/interface.go
+++ b/userapi/storage/interface.go
@ -20,6 +20,7 @@ import (
 	"errors"

 	"github.com/matrix-org/gomatrixserverlib"
+	"github.com/matrix-org/gomatrixserverlib/fclient"

 	"github.com/matrix-org/dendrite/clientapi/auth/authtypes"
 	"github.com/matrix-org/dendrite/internal/pushrules"
@ -203,7 +204,7 @@ type KeyDatabase interface {
 	// MarkDeviceListStale sets the stale bit for this user to isStale.
 	MarkDeviceListStale(ctx context.Context, userID string, isStale bool) error

-	CrossSigningKeysForUser(ctx context.Context, userID string) (map[gomatrixserverlib.CrossSigningKeyPurpose]gomatrixserverlib.CrossSigningKey, error)
+	CrossSigningKeysForUser(ctx context.Context, userID string) (map[fclient.CrossSigningKeyPurpose]fclient.CrossSigningKey, error)
 	CrossSigningKeysDataForUser(ctx context.Context, userID string) (types.CrossSigningKeyMap, error)
 	CrossSigningSigsForTarget(ctx context.Context, originUserID, targetUserID string, targetKeyID gomatrixserverlib.KeyID) (types.CrossSigningSigMap, error)

--- a/userapi/storage/postgres/cross_signing_keys_table.go
+++ b/userapi/storage/postgres/cross_signing_keys_table.go
@ -24,6 +24,7 @@ import (
 	"github.com/matrix-org/dendrite/userapi/storage/tables"
 	"github.com/matrix-org/dendrite/userapi/types"
 	"github.com/matrix-org/gomatrixserverlib"
+	"github.com/matrix-org/gomatrixserverlib/fclient"
 )

 var crossSigningKeysSchema = `
@ -89,7 +90,7 @@ func (s *crossSigningKeysStatements) SelectCrossSigningKeysForUser(
 }

 func (s *crossSigningKeysStatements) UpsertCrossSigningKeysForUser(
-	ctx context.Context, txn *sql.Tx, userID string, keyType gomatrixserverlib.CrossSigningKeyPurpose, keyData gomatrixserverlib.Base64Bytes,
+	ctx context.Context, txn *sql.Tx, userID string, keyType fclient.CrossSigningKeyPurpose, keyData gomatrixserverlib.Base64Bytes,
 ) error {
 	keyTypeInt, ok := types.KeyTypePurposeToInt[keyType]
 	if !ok {
--- a/userapi/storage/shared/storage.go
+++ b/userapi/storage/shared/storage.go
@ -27,6 +27,7 @@ import (
 	"time"

 	"github.com/matrix-org/gomatrixserverlib"
+	"github.com/matrix-org/gomatrixserverlib/fclient"
 	"golang.org/x/crypto/bcrypt"

 	"github.com/matrix-org/dendrite/clientapi/auth/authtypes"
@ -1026,17 +1027,17 @@ func (d *KeyDatabase) DeleteDeviceKeys(ctx context.Context, userID string, devic
 }

 // CrossSigningKeysForUser returns the latest known cross-signing keys for a user, if any.
-func (d *KeyDatabase) CrossSigningKeysForUser(ctx context.Context, userID string) (map[gomatrixserverlib.CrossSigningKeyPurpose]gomatrixserverlib.CrossSigningKey, error) {
+func (d *KeyDatabase) CrossSigningKeysForUser(ctx context.Context, userID string) (map[fclient.CrossSigningKeyPurpose]fclient.CrossSigningKey, error) {
 	keyMap, err := d.CrossSigningKeysTable.SelectCrossSigningKeysForUser(ctx, nil, userID)
 	if err != nil {
 		return nil, fmt.Errorf("d.CrossSigningKeysTable.SelectCrossSigningKeysForUser: %w", err)
 	}
-	results := map[gomatrixserverlib.CrossSigningKeyPurpose]gomatrixserverlib.CrossSigningKey{}
+	results := map[fclient.CrossSigningKeyPurpose]fclient.CrossSigningKey{}
 	for purpose, key := range keyMap {
 		keyID := gomatrixserverlib.KeyID("ed25519:" + key.Encode())
-		result := gomatrixserverlib.CrossSigningKey{
+		result := fclient.CrossSigningKey{
 			UserID: userID,
-			Usage:  []gomatrixserverlib.CrossSigningKeyPurpose{purpose},
+			Usage:  []fclient.CrossSigningKeyPurpose{purpose},
 			Keys: map[gomatrixserverlib.KeyID]gomatrixserverlib.Base64Bytes{
 				keyID: key,
 			},
--- a/userapi/storage/sqlite3/cross_signing_keys_table.go
+++ b/userapi/storage/sqlite3/cross_signing_keys_table.go
@ -24,6 +24,7 @@ import (
 	"github.com/matrix-org/dendrite/userapi/storage/tables"
 	"github.com/matrix-org/dendrite/userapi/types"
 	"github.com/matrix-org/gomatrixserverlib"
+	"github.com/matrix-org/gomatrixserverlib/fclient"
 )

 var crossSigningKeysSchema = `
@ -88,7 +89,7 @@ func (s *crossSigningKeysStatements) SelectCrossSigningKeysForUser(
 }

 func (s *crossSigningKeysStatements) UpsertCrossSigningKeysForUser(
-	ctx context.Context, txn *sql.Tx, userID string, keyType gomatrixserverlib.CrossSigningKeyPurpose, keyData gomatrixserverlib.Base64Bytes,
+	ctx context.Context, txn *sql.Tx, userID string, keyType fclient.CrossSigningKeyPurpose, keyData gomatrixserverlib.Base64Bytes,
 ) error {
 	keyTypeInt, ok := types.KeyTypePurposeToInt[keyType]
 	if !ok {
--- a/userapi/storage/tables/interface.go
+++ b/userapi/storage/tables/interface.go
@ -22,6 +22,7 @@ import (

 	"github.com/matrix-org/dendrite/userapi/api"
 	"github.com/matrix-org/gomatrixserverlib"
+	"github.com/matrix-org/gomatrixserverlib/fclient"

 	"github.com/matrix-org/dendrite/clientapi/auth/authtypes"
 	"github.com/matrix-org/dendrite/userapi/types"
@ -181,7 +182,7 @@ type StaleDeviceLists interface {

 type CrossSigningKeys interface {
 	SelectCrossSigningKeysForUser(ctx context.Context, txn *sql.Tx, userID string) (r types.CrossSigningKeyMap, err error)
-	UpsertCrossSigningKeysForUser(ctx context.Context, txn *sql.Tx, userID string, keyType gomatrixserverlib.CrossSigningKeyPurpose, keyData gomatrixserverlib.Base64Bytes) error
+	UpsertCrossSigningKeysForUser(ctx context.Context, txn *sql.Tx, userID string, keyType fclient.CrossSigningKeyPurpose, keyData gomatrixserverlib.Base64Bytes) error
 }

 type CrossSigningSigs interface {
--- a/userapi/types/storage.go
+++ b/userapi/types/storage.go
@ -18,6 +18,7 @@ import (
 	"math"

 	"github.com/matrix-org/gomatrixserverlib"
+	"github.com/matrix-org/gomatrixserverlib/fclient"
 )

 const (
@ -29,22 +30,22 @@ const (

 // KeyTypePurposeToInt maps a purpose to an integer, which is used in the
 // database to reduce the amount of space taken up by this column.
-var KeyTypePurposeToInt = map[gomatrixserverlib.CrossSigningKeyPurpose]int16{
-	gomatrixserverlib.CrossSigningKeyPurposeMaster:      1,
-	gomatrixserverlib.CrossSigningKeyPurposeSelfSigning: 2,
-	gomatrixserverlib.CrossSigningKeyPurposeUserSigning: 3,
+var KeyTypePurposeToInt = map[fclient.CrossSigningKeyPurpose]int16{
+	fclient.CrossSigningKeyPurposeMaster:      1,
+	fclient.CrossSigningKeyPurposeSelfSigning: 2,
+	fclient.CrossSigningKeyPurposeUserSigning: 3,
 }

 // KeyTypeIntToPurpose maps an integer to a purpose, which is used in the
 // database to reduce the amount of space taken up by this column.
-var KeyTypeIntToPurpose = map[int16]gomatrixserverlib.CrossSigningKeyPurpose{
-	1: gomatrixserverlib.CrossSigningKeyPurposeMaster,
-	2: gomatrixserverlib.CrossSigningKeyPurposeSelfSigning,
-	3: gomatrixserverlib.CrossSigningKeyPurposeUserSigning,
+var KeyTypeIntToPurpose = map[int16]fclient.CrossSigningKeyPurpose{
+	1: fclient.CrossSigningKeyPurposeMaster,
+	2: fclient.CrossSigningKeyPurposeSelfSigning,
+	3: fclient.CrossSigningKeyPurposeUserSigning,
 }

 // Map of purpose -> public key
-type CrossSigningKeyMap map[gomatrixserverlib.CrossSigningKeyPurpose]gomatrixserverlib.Base64Bytes
+type CrossSigningKeyMap map[fclient.CrossSigningKeyPurpose]gomatrixserverlib.Base64Bytes

 // Map of user ID -> key ID -> signature
 type CrossSigningSigMap map[string]map[gomatrixserverlib.KeyID]gomatrixserverlib.Base64Bytes
--- a/userapi/userapi_test.go
+++ b/userapi/userapi_test.go
@ -27,6 +27,7 @@ import (
 	"github.com/matrix-org/dendrite/internal/sqlutil"
 	"github.com/matrix-org/dendrite/userapi/producers"
 	"github.com/matrix-org/gomatrixserverlib"
+	"github.com/matrix-org/gomatrixserverlib/fclient"
 	"github.com/matrix-org/util"
 	"github.com/nats-io/nats.go"
 	"golang.org/x/crypto/bcrypt"
@ -87,7 +88,7 @@ func MustMakeInternalAPI(t *testing.T, opts apiTestOpts, dbType test.DBType, pub
 		t.Fatalf("failed to create key DB: %s", err)
 	}

-	cfg.Global.SigningIdentity = gomatrixserverlib.SigningIdentity{
+	cfg.Global.SigningIdentity = fclient.SigningIdentity{
 		ServerName: sName,
 	}