hoernschen/dendrite
1
0
Fork 0
mirror of https://github.com/hoernschen/dendrite.git synced 2025-04-21 11:13:40 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

A fix

Browse source
This commit is contained in:
Neil Alexander 2021-07-29 12:54:03 +01:00
parent 5654b08819
commit 5de569be2c
No known key found for this signature in database
GPG key ID: A02A2019A2BB0944
1 changed files with 21 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

48
keyserver/internal/cross_signing.go
View file

@ -120,45 +120,39 @@ func (a *KeyInternalAPI) PerformUploadDeviceKeys(ctx context.Context, req *api.P
} }
for purpose, key := range toVerify { for purpose, key := range toVerify {
// Collect together the key IDs we need to verify with. This will include // Collect together the key IDs we need to verify with. This will include
// all of the key IDs specified in the signatures. If the key purpose is // all of the key IDs specified in the signatures. We don't do this for
// NOT the master key then we also need to include the master key ID here // the master key because we have no means to verify the signatures - we
// as we won't accept a self-signing key or a user-signing key without it. // instead just need to store them.
checkKeyIDs := make([]gomatrixserverlib.KeyID, 0, len(key.Signatures)+1)
if purpose != gomatrixserverlib.CrossSigningKeyPurposeMaster { if purpose != gomatrixserverlib.CrossSigningKeyPurposeMaster {
checkKeyIDs := make([]gomatrixserverlib.KeyID, 0, len(key.Signatures)+1)
for keyID := range key.Signatures[req.UserID] { for keyID := range key.Signatures[req.UserID] {
checkKeyIDs = append(checkKeyIDs, keyID) checkKeyIDs = append(checkKeyIDs, keyID)
} }
if _, ok := key.Signatures[req.UserID][masterKeyID]; !ok { if _, ok := key.Signatures[req.UserID][masterKeyID]; !ok {
checkKeyIDs = append(checkKeyIDs, masterKeyID) checkKeyIDs = append(checkKeyIDs, masterKeyID)
} }
}
// If there are no key IDs to check then there's no point marshalling // Marshal the specific key back into JSON so that we can verify the
// the JSON. // signature of it.
if len(checkKeyIDs) == 0 && purpose == gomatrixserverlib.CrossSigningKeyPurposeMaster { keyJSON, err := json.Marshal(key)
continue if err != nil {
}
// Marshal the specific key back into JSON so that we can verify the
// signature of it.
keyJSON, err := json.Marshal(key)
if err != nil {
res.Error = &api.KeyError{
Err: fmt.Sprintf("The JSON of the key section is invalid: %s", err.Error()),
IsMissingParam: true,
}
return
}
// Now verify the signatures.
for _, keyID := range checkKeyIDs {
if err := gomatrixserverlib.VerifyJSON(req.UserID, keyID, ed25519.PublicKey(masterKey), keyJSON); err != nil {
res.Error = &api.KeyError{ res.Error = &api.KeyError{
Err: fmt.Sprintf("The signature verification failed using user %q key ID %q: %s", req.UserID, keyID, err.Error()), Err: fmt.Sprintf("The JSON of the key section is invalid: %s", err.Error()),
IsInvalidSignature: true, IsMissingParam: true,
} }
return return
} }
// Now verify the signatures.
for _, keyID := range checkKeyIDs {
if err := gomatrixserverlib.VerifyJSON(req.UserID, keyID, ed25519.PublicKey(masterKey), keyJSON); err != nil {
res.Error = &api.KeyError{
Err: fmt.Sprintf("The signature verification failed using user %q key ID %q: %s", req.UserID, keyID, err.Error()),
IsInvalidSignature: true,
}
return
}
}
} }
// If we've reached this point then all the signatures are valid so // If we've reached this point then all the signatures are valid so