Cross-signing groundwork (#1953)

* Cross-signing groundwork

* Update to matrix-org/gomatrixserverlib#274

* Fix gobind builds, which stops unit tests in CI from yelling

* Some changes from review comments

* Fix build by passing in UIA

* Update to matrix-org/gomatrixserverlib@bec8d22

* Process master/self-signing keys from devices call

* nolint

* Enum-ify the key type in the database

* Process self-signing key too

* Fix sanity check in device list updater

* Fix check

* Fix sytest, hopefully

* Fix build

keyserver/internal/cross_signing.go

@@ -0,0 +1,389 @@
+// Copyright 2021 The Matrix.org Foundation C.I.C.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package internal
+
+import (
+	"context"
+	"crypto/ed25519"
+	"encoding/json"
+	"fmt"
+	"strings"
+
+	"github.com/matrix-org/dendrite/keyserver/api"
+	"github.com/matrix-org/dendrite/keyserver/types"
+	"github.com/matrix-org/gomatrixserverlib"
+	"github.com/sirupsen/logrus"
+)
+
+func sanityCheckKey(key gomatrixserverlib.CrossSigningKey, userID string, purpose gomatrixserverlib.CrossSigningKeyPurpose) error {
+	// Is there exactly one key?
+	if len(key.Keys) != 1 {
+		return fmt.Errorf("should contain exactly one key")
+	}
+
+	// Does the key ID match the key value? Iterates exactly once
+	for keyID, keyData := range key.Keys {
+		b64 := keyData.Encode()
+		tokens := strings.Split(string(keyID), ":")
+		if len(tokens) != 2 {
+			return fmt.Errorf("key ID is incorrectly formatted")
+		}
+		if tokens[1] != b64 {
+			return fmt.Errorf("key ID isn't correct")
+		}
+	}
+
+	// Does the key claim to be from the right user?
+	if userID != key.UserID {
+		return fmt.Errorf("key has a user ID mismatch")
+	}
+
+	// Does the key contain the correct purpose?
+	useful := false
+	for _, usage := range key.Usage {
+		if usage == purpose {
+			useful = true
+			break
+		}
+	}
+	if !useful {
+		return fmt.Errorf("key does not contain correct usage purpose")
+	}
+
+	return nil
+}
+
+// nolint:gocyclo
+func (a *KeyInternalAPI) PerformUploadDeviceKeys(ctx context.Context, req *api.PerformUploadDeviceKeysRequest, res *api.PerformUploadDeviceKeysResponse) {
+	var masterKey gomatrixserverlib.Base64Bytes
+	hasMasterKey := false
+
+	if len(req.MasterKey.Keys) > 0 {
+		if err := sanityCheckKey(req.MasterKey, req.UserID, gomatrixserverlib.CrossSigningKeyPurposeMaster); err != nil {
+			res.Error = &api.KeyError{
+				Err: "Master key sanity check failed: " + err.Error(),
+			}
+			return
+		}
+		hasMasterKey = true
+		for _, keyData := range req.MasterKey.Keys { // iterates once, because sanityCheckKey requires one key
+			masterKey = keyData
+		}
+	}
+
+	if len(req.SelfSigningKey.Keys) > 0 {
+		if err := sanityCheckKey(req.SelfSigningKey, req.UserID, gomatrixserverlib.CrossSigningKeyPurposeSelfSigning); err != nil {
+			res.Error = &api.KeyError{
+				Err: "Self-signing key sanity check failed: " + err.Error(),
+			}
+			return
+		}
+	}
+
+	if len(req.UserSigningKey.Keys) > 0 {
+		if err := sanityCheckKey(req.UserSigningKey, req.UserID, gomatrixserverlib.CrossSigningKeyPurposeUserSigning); err != nil {
+			res.Error = &api.KeyError{
+				Err: "User-signing key sanity check failed: " + err.Error(),
+			}
+			return
+		}
+	}
+
+	// If the user hasn't given a new master key, then let's go and get their
+	// existing keys from the database.
+	if !hasMasterKey {
+		existingKeys, err := a.DB.CrossSigningKeysForUser(ctx, req.UserID)
+		if err != nil {
+			res.Error = &api.KeyError{
+				Err: "Retrieving cross-signing keys from database failed: " + err.Error(),
+			}
+			return
+		}
+
+		masterKey, hasMasterKey = existingKeys[gomatrixserverlib.CrossSigningKeyPurposeMaster]
+	}
+
+	// If the user isn't a local user and we haven't successfully found a key
+	// through any local means then ask over federation.
+	if !hasMasterKey {
+		_, host, err := gomatrixserverlib.SplitID('@', req.UserID)
+		if err != nil {
+			res.Error = &api.KeyError{
+				Err: "Retrieving cross-signing keys from federation failed: " + err.Error(),
+			}
+			return
+		}
+		keys, err := a.FedClient.QueryKeys(ctx, host, map[string][]string{
+			req.UserID: {},
+		})
+		if err != nil {
+			res.Error = &api.KeyError{
+				Err: "Retrieving cross-signing keys from federation failed: " + err.Error(),
+			}
+			return
+		}
+		switch k := keys.MasterKeys[req.UserID].CrossSigningBody.(type) {
+		case *gomatrixserverlib.CrossSigningKey:
+			if err := sanityCheckKey(*k, req.UserID, gomatrixserverlib.CrossSigningKeyPurposeMaster); err != nil {
+				res.Error = &api.KeyError{
+					Err: "Master key sanity check failed: " + err.Error(),
+				}
+				return
+			}
+		default:
+			res.Error = &api.KeyError{
+				Err: "Unexpected type for master key retrieved from federation",
+			}
+			return
+		}
+	}
+
+	// If we still don't have a master key at this point then there's nothing else
+	// we can do - we've checked both the request and the database.
+	if !hasMasterKey {
+		res.Error = &api.KeyError{
+			Err:            "No master key was found, either in the database or in the request!",
+			IsMissingParam: true,
+		}
+		return
+	}
+
+	// The key ID is basically the key itself.
+	masterKeyID := gomatrixserverlib.KeyID(fmt.Sprintf("ed25519:%s", masterKey.Encode()))
+
+	// Work out which things we need to verify the signatures for.
+	toVerify := make(map[gomatrixserverlib.CrossSigningKeyPurpose]gomatrixserverlib.CrossSigningKey, 3)
+	toStore := types.CrossSigningKeyMap{}
+	if len(req.MasterKey.Keys) > 0 {
+		toVerify[gomatrixserverlib.CrossSigningKeyPurposeMaster] = req.MasterKey
+	}
+	if len(req.SelfSigningKey.Keys) > 0 {
+		toVerify[gomatrixserverlib.CrossSigningKeyPurposeSelfSigning] = req.SelfSigningKey
+	}
+	if len(req.UserSigningKey.Keys) > 0 {
+		toVerify[gomatrixserverlib.CrossSigningKeyPurposeUserSigning] = req.UserSigningKey
+	}
+	for purpose, key := range toVerify {
+		// Collect together the key IDs we need to verify with. This will include
+		// all of the key IDs specified in the signatures. We don't do this for
+		// the master key because we have no means to verify the signatures - we
+		// instead just need to store them.
+		if purpose != gomatrixserverlib.CrossSigningKeyPurposeMaster {
+			// Marshal the specific key back into JSON so that we can verify the
+			// signature of it.
+			keyJSON, err := json.Marshal(key)
+			if err != nil {
+				res.Error = &api.KeyError{
+					Err: fmt.Sprintf("The JSON of the key section is invalid: %s", err.Error()),
+				}
+				return
+			}
+
+			// Now check if the subkey is signed by the master key.
+			if err := gomatrixserverlib.VerifyJSON(req.UserID, masterKeyID, ed25519.PublicKey(masterKey), keyJSON); err != nil {
+				res.Error = &api.KeyError{
+					Err:                fmt.Sprintf("The %q sub-key failed master key signature verification: %s", purpose, err.Error()),
+					IsInvalidSignature: true,
+				}
+				return
+			}
+		}
+
+		// If we've reached this point then all the signatures are valid so
+		// add the key to the list of keys to store.
+		for _, keyData := range key.Keys { // iterates once, see sanityCheckKey
+			toStore[purpose] = keyData
+		}
+	}
+
+	if err := a.DB.StoreCrossSigningKeysForUser(ctx, req.UserID, toStore); err != nil {
+		res.Error = &api.KeyError{
+			Err: fmt.Sprintf("a.DB.StoreCrossSigningKeysForUser: %s", err),
+		}
+	}
+}
+
+func (a *KeyInternalAPI) PerformUploadDeviceSignatures(ctx context.Context, req *api.PerformUploadDeviceSignaturesRequest, res *api.PerformUploadDeviceSignaturesResponse) {
+	selfSignatures := map[string]map[gomatrixserverlib.KeyID]gomatrixserverlib.CrossSigningForKeyOrDevice{}
+	otherSignatures := map[string]map[gomatrixserverlib.KeyID]gomatrixserverlib.CrossSigningForKeyOrDevice{}
+
+	for userID, forUserID := range req.Signatures {
+		for keyID, keyOrDevice := range forUserID {
+			switch key := keyOrDevice.CrossSigningBody.(type) {
+			case *gomatrixserverlib.CrossSigningKey:
+				if key.UserID == req.UserID {
+					if _, ok := selfSignatures[userID]; !ok {
+						selfSignatures[userID] = map[gomatrixserverlib.KeyID]gomatrixserverlib.CrossSigningForKeyOrDevice{}
+					}
+					selfSignatures[userID][keyID] = keyOrDevice
+				} else {
+					if _, ok := otherSignatures[userID]; !ok {
+						otherSignatures[userID] = map[gomatrixserverlib.KeyID]gomatrixserverlib.CrossSigningForKeyOrDevice{}
+					}
+					otherSignatures[userID][keyID] = keyOrDevice
+				}
+
+			case *gomatrixserverlib.DeviceKeys:
+				if key.UserID == req.UserID {
+					if _, ok := selfSignatures[userID]; !ok {
+						selfSignatures[userID] = map[gomatrixserverlib.KeyID]gomatrixserverlib.CrossSigningForKeyOrDevice{}
+					}
+					selfSignatures[userID][keyID] = keyOrDevice
+				} else {
+					if _, ok := otherSignatures[userID]; !ok {
+						otherSignatures[userID] = map[gomatrixserverlib.KeyID]gomatrixserverlib.CrossSigningForKeyOrDevice{}
+					}
+					otherSignatures[userID][keyID] = keyOrDevice
+				}
+
+			default:
+				continue
+			}
+		}
+	}
+
+	if err := a.processSelfSignatures(ctx, req.UserID, selfSignatures); err != nil {
+		res.Error = &api.KeyError{
+			Err: fmt.Sprintf("a.processSelfSignatures: %s", err),
+		}
+		return
+	}
+
+	if err := a.processOtherSignatures(ctx, req.UserID, otherSignatures); err != nil {
+		res.Error = &api.KeyError{
+			Err: fmt.Sprintf("a.processOtherSignatures: %s", err),
+		}
+		return
+	}
+}
+
+func (a *KeyInternalAPI) processSelfSignatures(
+	ctx context.Context, _ string,
+	signatures map[string]map[gomatrixserverlib.KeyID]gomatrixserverlib.CrossSigningForKeyOrDevice,
+) error {
+	// Here we will process:
+	// * The user signing their own devices using their self-signing key
+	// * The user signing their master key using one of their devices
+
+	for targetUserID, forTargetUserID := range signatures {
+		for targetKeyID, signature := range forTargetUserID {
+			switch sig := signature.CrossSigningBody.(type) {
+			case *gomatrixserverlib.CrossSigningKey:
+				for originUserID, forOriginUserID := range sig.Signatures {
+					for originKeyID, originSig := range forOriginUserID {
+						if err := a.DB.StoreCrossSigningSigsForTarget(
+							ctx, originUserID, originKeyID, targetUserID, targetKeyID, originSig,
+						); err != nil {
+							return fmt.Errorf("a.DB.StoreCrossSigningKeysForTarget: %w", err)
+						}
+					}
+				}
+
+			case *gomatrixserverlib.DeviceKeys:
+				for originUserID, forOriginUserID := range sig.Signatures {
+					for originKeyID, originSig := range forOriginUserID {
+						if err := a.DB.StoreCrossSigningSigsForTarget(
+							ctx, originUserID, originKeyID, targetUserID, targetKeyID, originSig,
+						); err != nil {
+							return fmt.Errorf("a.DB.StoreCrossSigningKeysForTarget: %w", err)
+						}
+					}
+				}
+
+			default:
+				return fmt.Errorf("unexpected type assertion")
+			}
+		}
+	}
+
+	return nil
+}
+
+func (a *KeyInternalAPI) processOtherSignatures(
+	ctx context.Context, userID string,
+	signatures map[string]map[gomatrixserverlib.KeyID]gomatrixserverlib.CrossSigningForKeyOrDevice,
+) error {
+	// Here we will process:
+	// * A user signing someone else's master keys using their user-signing keys
+
+	return nil
+}
+
+func (a *KeyInternalAPI) crossSigningKeysFromDatabase(
+	ctx context.Context, req *api.QueryKeysRequest, res *api.QueryKeysResponse,
+) {
+	for userID := range req.UserToDevices {
+		keys, err := a.DB.CrossSigningKeysForUser(ctx, userID)
+		if err != nil {
+			logrus.WithError(err).Errorf("Failed to get cross-signing keys for user %q", userID)
+			continue
+		}
+
+		for keyType, keyData := range keys {
+			b64 := keyData.Encode()
+			keyID := gomatrixserverlib.KeyID("ed25519:" + b64)
+			key := gomatrixserverlib.CrossSigningKey{
+				UserID: userID,
+				Usage: []gomatrixserverlib.CrossSigningKeyPurpose{
+					keyType,
+				},
+				Keys: map[gomatrixserverlib.KeyID]gomatrixserverlib.Base64Bytes{
+					keyID: keyData,
+				},
+			}
+
+			sigs, err := a.DB.CrossSigningSigsForTarget(ctx, userID, keyID)
+			if err != nil {
+				logrus.WithError(err).Errorf("Failed to get cross-signing signatures for user %q key %q", userID, keyID)
+				continue
+			}
+
+			appendSignature := func(originUserID string, originKeyID gomatrixserverlib.KeyID, signature gomatrixserverlib.Base64Bytes) {
+				if key.Signatures == nil {
+					key.Signatures = types.CrossSigningSigMap{}
+				}
+				if _, ok := key.Signatures[originUserID]; !ok {
+					key.Signatures[originUserID] = make(map[gomatrixserverlib.KeyID]gomatrixserverlib.Base64Bytes)
+				}
+				key.Signatures[originUserID][originKeyID] = signature
+			}
+
+			for originUserID, forOrigin := range sigs {
+				for originKeyID, signature := range forOrigin {
+					switch {
+					case req.UserID != "" && originUserID == req.UserID:
+						// Include signatures that we created
+						appendSignature(originUserID, originKeyID, signature)
+					case originUserID == userID:
+						// Include signatures that were created by the person whose key
+						// we are processing
+						appendSignature(originUserID, originKeyID, signature)
+					}
+				}
+			}
+
+			switch keyType {
+			case gomatrixserverlib.CrossSigningKeyPurposeMaster:
+				res.MasterKeys[userID] = key
+
+			case gomatrixserverlib.CrossSigningKeyPurposeSelfSigning:
+				res.SelfSigningKeys[userID] = key
+
+			case gomatrixserverlib.CrossSigningKeyPurposeUserSigning:
+				res.UserSigningKeys[userID] = key
+			}
+		}
+	}
+}

keyserver/internal/device_list_update.go

@@ -82,6 +82,7 @@ type DeviceListUpdater struct {
 	mu            *sync.Mutex // protects UserIDToMutex
 
 	db          DeviceListUpdaterDatabase
+	api         DeviceListUpdaterAPI
 	producer    KeyChangeProducer
 	fedClient   fedsenderapi.FederationClient
 	workerChans []chan gomatrixserverlib.ServerName
@@ -114,6 +115,10 @@ type DeviceListUpdaterDatabase interface {
 	DeviceKeysJSON(ctx context.Context, keys []api.DeviceMessage) error
 }
 
+type DeviceListUpdaterAPI interface {
+	PerformUploadDeviceKeys(ctx context.Context, req *api.PerformUploadDeviceKeysRequest, res *api.PerformUploadDeviceKeysResponse)
+}
+
 // KeyChangeProducer is the interface for producers.KeyChange useful for testing.
 type KeyChangeProducer interface {
 	ProduceKeyChanges(keys []api.DeviceMessage) error
@@ -121,13 +126,14 @@ type KeyChangeProducer interface {
 
 // NewDeviceListUpdater creates a new updater which fetches fresh device lists when they go stale.
 func NewDeviceListUpdater(
-	db DeviceListUpdaterDatabase, producer KeyChangeProducer, fedClient fedsenderapi.FederationClient,
-	numWorkers int,
+	db DeviceListUpdaterDatabase, api DeviceListUpdaterAPI, producer KeyChangeProducer,
+	fedClient fedsenderapi.FederationClient, numWorkers int,
 ) *DeviceListUpdater {
 	return &DeviceListUpdater{
 		userIDToMutex:  make(map[string]*sync.Mutex),
 		mu:             &sync.Mutex{},
 		db:             db,
+		api:            api,
 		producer:       producer,
 		fedClient:      fedClient,
 		workerChans:    make([]chan gomatrixserverlib.ServerName, numWorkers),
@@ -367,6 +373,23 @@ func (u *DeviceListUpdater) processServer(serverName gomatrixserverlib.ServerNam
 			}
 			continue
 		}
+		if res.MasterKey != nil || res.SelfSigningKey != nil {
+			uploadReq := &api.PerformUploadDeviceKeysRequest{
+				UserID: userID,
+			}
+			uploadRes := &api.PerformUploadDeviceKeysResponse{}
+			if res.MasterKey != nil {
+				if err = sanityCheckKey(*res.MasterKey, userID, gomatrixserverlib.CrossSigningKeyPurposeMaster); err == nil {
+					uploadReq.MasterKey = *res.MasterKey
+				}
+			}
+			if res.SelfSigningKey != nil {
+				if err = sanityCheckKey(*res.SelfSigningKey, userID, gomatrixserverlib.CrossSigningKeyPurposeSelfSigning); err == nil {
+					uploadReq.SelfSigningKey = *res.SelfSigningKey
+				}
+			}
+			u.api.PerformUploadDeviceKeys(ctx, uploadReq, uploadRes)
+		}
 		err = u.updateDeviceList(&res)
 		if err != nil {
 			logger.WithError(err).WithField("user_id", userID).Error("fetched device list but failed to store/emit it")

keyserver/internal/device_list_update_test.go

@@ -95,6 +95,13 @@ func (d *mockDeviceListUpdaterDatabase) DeviceKeysJSON(ctx context.Context, keys
 	return nil
 }
 
+type mockDeviceListUpdaterAPI struct {
+}
+
+func (d *mockDeviceListUpdaterAPI) PerformUploadDeviceKeys(ctx context.Context, req *api.PerformUploadDeviceKeysRequest, res *api.PerformUploadDeviceKeysResponse) {
+
+}
+
 type roundTripper struct {
 	fn func(*http.Request) (*http.Response, error)
 }
@@ -122,8 +129,9 @@ func TestUpdateHavePrevID(t *testing.T) {
 			return true
 		},
 	}
+	ap := &mockDeviceListUpdaterAPI{}
 	producer := &mockKeyChangeProducer{}
-	updater := NewDeviceListUpdater(db, producer, nil, 1)
+	updater := NewDeviceListUpdater(db, ap, producer, nil, 1)
 	event := gomatrixserverlib.DeviceListUpdateEvent{
 		DeviceDisplayName: "Foo Bar",
 		Deleted:           false,
@@ -166,6 +174,7 @@ func TestUpdateNoPrevID(t *testing.T) {
 			return false
 		},
 	}
+	ap := &mockDeviceListUpdaterAPI{}
 	producer := &mockKeyChangeProducer{}
 	remoteUserID := "@alice:example.somewhere"
 	var wg sync.WaitGroup
@@ -193,7 +202,7 @@ func TestUpdateNoPrevID(t *testing.T) {
 			`)),
 		}, nil
 	})
-	updater := NewDeviceListUpdater(db, producer, fedClient, 2)
+	updater := NewDeviceListUpdater(db, ap, producer, fedClient, 2)
 	if err := updater.Start(); err != nil {
 		t.Fatalf("failed to start updater: %s", err)
 	}

keyserver/internal/internal.go

@@ -221,9 +221,17 @@ func (a *KeyInternalAPI) QueryDeviceMessages(ctx context.Context, req *api.Query
 
 func (a *KeyInternalAPI) QueryKeys(ctx context.Context, req *api.QueryKeysRequest, res *api.QueryKeysResponse) {
 	res.DeviceKeys = make(map[string]map[string]json.RawMessage)
+	res.MasterKeys = make(map[string]gomatrixserverlib.CrossSigningKey)
+	res.SelfSigningKeys = make(map[string]gomatrixserverlib.CrossSigningKey)
+	res.UserSigningKeys = make(map[string]gomatrixserverlib.CrossSigningKey)
 	res.Failures = make(map[string]interface{})
+
+	// get cross-signing keys from the database
+	a.crossSigningKeysFromDatabase(ctx, req, res)
+
 	// make a map from domain to device keys
 	domainToDeviceKeys := make(map[string]map[string][]string)
+	domainToCrossSigningKeys := make(map[string]map[string]struct{})
 	for userID, deviceIDs := range req.UserToDevices {
 		_, serverName, err := gomatrixserverlib.SplitID('@', userID)
 		if err != nil {
@@ -274,16 +282,30 @@ func (a *KeyInternalAPI) QueryKeys(ctx context.Context, req *api.QueryKeysReques
 			domainToDeviceKeys[domain] = make(map[string][]string)
 			domainToDeviceKeys[domain][userID] = append(domainToDeviceKeys[domain][userID], deviceIDs...)
 		}
+		// work out if our cross-signing request for this user was
+		// satisfied, if not add them to the list of things to fetch
+		if _, ok := res.MasterKeys[userID]; !ok {
+			if _, ok := domainToCrossSigningKeys[domain]; !ok {
+				domainToCrossSigningKeys[domain] = make(map[string]struct{})
+			}
+			domainToCrossSigningKeys[domain][userID] = struct{}{}
+		}
+		if _, ok := res.SelfSigningKeys[userID]; !ok {
+			if _, ok := domainToCrossSigningKeys[domain]; !ok {
+				domainToCrossSigningKeys[domain] = make(map[string]struct{})
+			}
+			domainToCrossSigningKeys[domain][userID] = struct{}{}
+		}
 	}
 
 	// attempt to satisfy key queries from the local database first as we should get device updates pushed to us
 	domainToDeviceKeys = a.remoteKeysFromDatabase(ctx, res, domainToDeviceKeys)
-	if len(domainToDeviceKeys) == 0 {
+	if len(domainToDeviceKeys) == 0 && len(domainToCrossSigningKeys) == 0 {
 		return // nothing to query
 	}
 
 	// perform key queries for remote devices
-	a.queryRemoteKeys(ctx, req.Timeout, res, domainToDeviceKeys)
+	a.queryRemoteKeys(ctx, req.Timeout, res, domainToDeviceKeys, domainToCrossSigningKeys)
 }
 
 func (a *KeyInternalAPI) remoteKeysFromDatabase(
@@ -313,18 +335,30 @@ func (a *KeyInternalAPI) remoteKeysFromDatabase(
 }
 
 func (a *KeyInternalAPI) queryRemoteKeys(
-	ctx context.Context, timeout time.Duration, res *api.QueryKeysResponse, domainToDeviceKeys map[string]map[string][]string,
+	ctx context.Context, timeout time.Duration, res *api.QueryKeysResponse,
+	domainToDeviceKeys map[string]map[string][]string, domainToCrossSigningKeys map[string]map[string]struct{},
 ) {
 	resultCh := make(chan *gomatrixserverlib.RespQueryKeys, len(domainToDeviceKeys))
 	// allows us to wait until all federation servers have been poked
 	var wg sync.WaitGroup
-	wg.Add(len(domainToDeviceKeys))
 	// mutex for writing directly to res (e.g failures)
 	var respMu sync.Mutex
 
+	domains := map[string]struct{}{}
+	for domain := range domainToDeviceKeys {
+		domains[domain] = struct{}{}
+	}
+	for domain := range domainToCrossSigningKeys {
+		domains[domain] = struct{}{}
+	}
+	wg.Add(len(domains))
+
 	// fan out
-	for domain, deviceKeys := range domainToDeviceKeys {
-		go a.queryRemoteKeysOnServer(ctx, domain, deviceKeys, &wg, &respMu, timeout, resultCh, res)
+	for domain := range domains {
+		go a.queryRemoteKeysOnServer(
+			ctx, domain, domainToDeviceKeys[domain], domainToCrossSigningKeys[domain],
+			&wg, &respMu, timeout, resultCh, res,
+		)
 	}
 
 	// Close the result channel when the goroutines have quit so the for .. range exits
@@ -344,12 +378,29 @@ func (a *KeyInternalAPI) queryRemoteKeys(
 				res.DeviceKeys[userID][deviceID] = keyJSON
 			}
 		}
+
+		for userID, body := range result.MasterKeys {
+			switch b := body.CrossSigningBody.(type) {
+			case *gomatrixserverlib.CrossSigningKey:
+				res.MasterKeys[userID] = *b
+			}
+		}
+
+		for userID, body := range result.SelfSigningKeys {
+			switch b := body.CrossSigningBody.(type) {
+			case *gomatrixserverlib.CrossSigningKey:
+				res.SelfSigningKeys[userID] = *b
+			}
+		}
+
+		// TODO: do we want to persist these somewhere now
+		// that we have fetched them?
 	}
 }
 
 func (a *KeyInternalAPI) queryRemoteKeysOnServer(
-	ctx context.Context, serverName string, devKeys map[string][]string, wg *sync.WaitGroup,
-	respMu *sync.Mutex, timeout time.Duration, resultCh chan<- *gomatrixserverlib.RespQueryKeys,
+	ctx context.Context, serverName string, devKeys map[string][]string, crossSigningKeys map[string]struct{},
+	wg *sync.WaitGroup, respMu *sync.Mutex, timeout time.Duration, resultCh chan<- *gomatrixserverlib.RespQueryKeys,
 	res *api.QueryKeysResponse,
 ) {
 	defer wg.Done()
@@ -358,14 +409,24 @@ func (a *KeyInternalAPI) queryRemoteKeysOnServer(
 	// for users who we do not have any knowledge about, try to start doing device list updates for them
 	// by hitting /users/devices - otherwise fallback to /keys/query which has nicer bulk properties but
 	// lack a stream ID.
-	var userIDsForAllDevices []string
+	userIDsForAllDevices := map[string]struct{}{}
 	for userID, deviceIDs := range devKeys {
 		if len(deviceIDs) == 0 {
-			userIDsForAllDevices = append(userIDsForAllDevices, userID)
+			userIDsForAllDevices[userID] = struct{}{}
 			delete(devKeys, userID)
 		}
 	}
-	for _, userID := range userIDsForAllDevices {
+	// for cross-signing keys, it's probably easier just to hit /keys/query if we aren't already doing
+	// a device list update, so we'll populate those back into the /keys/query list if not
+	for userID := range crossSigningKeys {
+		if devKeys == nil {
+			devKeys = map[string][]string{}
+		}
+		if _, ok := userIDsForAllDevices[userID]; !ok {
+			devKeys[userID] = []string{}
+		}
+	}
+	for userID := range userIDsForAllDevices {
 		err := a.Updater.ManualUpdate(context.Background(), gomatrixserverlib.ServerName(serverName), userID)
 		if err != nil {
 			logrus.WithFields(logrus.Fields{