mirrors/dendrite
1
0
Fork 0
mirror of https://github.com/element-hq/dendrite.git synced 2025-09-13 21:02:25 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

mas: added support of msc3861 to /keys/device_signing/upload endpoint

Browse source 
this change is based mostly on changes made in synapse https://github.com/element-hq/synapse/blob/develop/synapse/rest/client/keys.py#L392
This commit is contained in:
Roman Isaev 2025-01-05 02:42:20 +00:00
parent 9b064b1572
commit cc7deb22ad
No known key found for this signature in database
GPG key ID: 7BE2B6A6C89AEC7F
1 changed files with 38 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

39
clientapi/routing/key_crosssigning.go
View file

@ -8,6 +8,7 @@ package routing
import ( import (
"net/http" "net/http"
"slices"
"strings" "strings"
"time" "time"
@ -16,6 +17,7 @@ import (
"github.com/element-hq/dendrite/clientapi/httputil" "github.com/element-hq/dendrite/clientapi/httputil"
"github.com/element-hq/dendrite/setup/config" "github.com/element-hq/dendrite/setup/config"
"github.com/element-hq/dendrite/userapi/api" "github.com/element-hq/dendrite/userapi/api"
"github.com/matrix-org/gomatrixserverlib/fclient"
"github.com/matrix-org/gomatrixserverlib/spec" "github.com/matrix-org/gomatrixserverlib/spec"
"github.com/matrix-org/util" "github.com/matrix-org/util"
) )
@ -58,6 +60,41 @@ func UploadCrossSigningDeviceKeys(
} }
} }
{
var keysResp api.QueryKeysResponse
keyserverAPI.QueryKeys(req.Context(), &api.QueryKeysRequest{UserID: device.UserID, UserToDevices: map[string][]string{device.UserID: []string{}}}, &keysResp)
if err := keysResp.Error; err != nil {
return convertKeyError(err)
}
hasDifferentKeys := func(userID string, uploadReqCSKey *fclient.CrossSigningKey, dbCSKeys map[string]fclient.CrossSigningKey) bool {
dbCSKey, ok := dbCSKeys[userID]
if !ok {
return true
}
dbKeysExist := len(dbCSKey.Keys) > 0
for keyID, key := range uploadReqCSKey.Keys {
// If dbKeysExist is false and we enter the loop, it means we have received at least one key that is not in the DB, and we want to persist it.
if !dbKeysExist {
return true
}
dbKey, ok := dbCSKey.Keys[keyID]
if !ok || !slices.Equal(dbKey, key) {
return true
}
}
return false
}
if !hasDifferentKeys(device.UserID, &uploadReq.MasterKey, keysResp.MasterKeys) &&
!hasDifferentKeys(device.UserID, &uploadReq.SelfSigningKey, keysResp.SelfSigningKeys) &&
!hasDifferentKeys(device.UserID, &uploadReq.UserSigningKey, keysResp.UserSigningKeys) {
return util.JSONResponse{
Code: http.StatusOK,
JSON: map[int]interface{}{},
}
}
}
if isCrossSigningSetup { if isCrossSigningSetup {
// With MSC3861, UIA is not possible. Instead, the auth service has to explicitly mark the master key as replaceable. // With MSC3861, UIA is not possible. Instead, the auth service has to explicitly mark the master key as replaceable.
if cfg.MSCs.MSC3861Enabled() { if cfg.MSCs.MSC3861Enabled() {
@ -83,7 +120,7 @@ func UploadCrossSigningDeviceKeys(
}, },
}, },
strings.Join([]string{ strings.Join([]string{
"To reset your end-to-end encryption cross-signing, identity, you first need to approve it at", "To reset your end-to-end encryption cross-signing identity, you first need to approve it at",
url, url,
"and then try again.", "and then try again.",
}, " "), }, " "),