Cross-signing validation for self-sigs, expose signatures over /user/keys/query and /user/devices/{userId} (#1962)

* Enable unstable feature again * Try to verify when a device signs a key * Try to verify when a key signs a device * It's the self-signing key, not the master key * Fix error * Try to verify master key uploads * Actually we can't guarantee we can do that so nevermind * Add signatures into /devices/list request * Fix nil pointer * Reprioritise map creation * Don't skip devices that don't have signatures * Add some debug logging * Fix logic error in QuerySignatures * Fix bugs * Expose master and self-signing keys on /devices/list hopefully * maps are tedious * Expose signatures via /keys/query * Upload signatures when uploading keys * Fixes * Disable the feature again
2025-08-01 22:02:46 +00:00 · 2021-08-06 10:13:35 +01:00 · 2021-08-06 10:13:35 +01:00 · e95b1fd238
commit e95b1fd238
parent 8e5a0139b5
9 changed files with 341 additions and 37 deletions
--- a/keyserver/storage/interface.go
+++ b/keyserver/storage/interface.go
@ -78,7 +78,8 @@ type Database interface {
 	// MarkDeviceListStale sets the stale bit for this user to isStale.
 	MarkDeviceListStale(ctx context.Context, userID string, isStale bool) error

-	CrossSigningKeysForUser(ctx context.Context, userID string) (types.CrossSigningKeyMap, error)
+	CrossSigningKeysForUser(ctx context.Context, userID string) (map[gomatrixserverlib.CrossSigningKeyPurpose]gomatrixserverlib.CrossSigningKey, error)
+	CrossSigningKeysDataForUser(ctx context.Context, userID string) (types.CrossSigningKeyMap, error)
 	CrossSigningSigsForTarget(ctx context.Context, targetUserID string, targetKeyID gomatrixserverlib.KeyID) (types.CrossSigningSigMap, error)

 	StoreCrossSigningKeysForUser(ctx context.Context, userID string, keyMap types.CrossSigningKeyMap) error