make changes from PR review

This commit is contained in:
Hubert Chathi 2019-08-01 21:51:19 -04:00
parent 336c546d6a
commit fac1cdc562
4 changed files with 75 additions and 49 deletions

View File

@ -510,9 +510,18 @@ class E2eKeysHandler(object):
if not master_key:
raise SynapseError(400, "No master key available", Codes.MISSING_PARAM)
master_key_id, master_verify_key = get_verify_key_from_cross_signing_key(
master_key
)
try:
master_key_id, master_verify_key = get_verify_key_from_cross_signing_key(
master_key
)
except ValueError:
if "master_key" in keys:
# the invalid key came from the request
raise SynapseError(400, "Invalid master key", Codes.INVALID_PARAM)
else:
# the invalid key came from the database
logger.error("Invalid master key found for user %s", user_id)
raise SynapseError(500, "Invalid master key")
# for the other cross-signing keys, make sure that they have valid
# signatures from the master key
@ -539,9 +548,12 @@ class E2eKeysHandler(object):
yield self.store.set_e2e_cross_signing_key(
user_id, "self_signing", self_signing_key
)
deviceids.append(
get_verify_key_from_cross_signing_key(self_signing_key)[1].version
)
try:
deviceids.append(
get_verify_key_from_cross_signing_key(self_signing_key)[1].version
)
except ValueError:
raise SynapseError(400, "Invalid self-signing key", Codes.INVALID_PARAM)
if "user_signing_key" in keys:
yield self.store.set_e2e_cross_signing_key(
user_id, "user_signing", user_signing_key

View File

@ -13,47 +13,6 @@
* limitations under the License.
*/
-- cross-signing keys
CREATE TABLE IF NOT EXISTS e2e_cross_signing_keys (
user_id TEXT NOT NULL,
-- the type of cross-signing key (master, user_signing, or self_signing)
keytype TEXT NOT NULL,
-- the full key information, as a json-encoded dict
keydata TEXT NOT NULL,
-- time that the key was added
added_ts BIGINT NOT NULL
);
CREATE UNIQUE INDEX e2e_cross_signing_keys_idx ON e2e_cross_signing_keys(user_id, keytype, added_ts);
-- cross-signing signatures
CREATE TABLE IF NOT EXISTS e2e_cross_signing_signatures (
-- user who did the signing
user_id TEXT NOT NULL,
-- key used to sign
key_id TEXT NOT NULL,
-- user who was signed
target_user_id TEXT NOT NULL,
-- device/key that was signed
target_device_id TEXT NOT NULL,
-- the actual signature
signature TEXT NOT NULL
);
CREATE UNIQUE INDEX e2e_cross_signing_signatures_idx ON e2e_cross_signing_signatures(user_id, target_user_id, target_device_id);
-- stream of user signature updates
CREATE TABLE IF NOT EXISTS user_signature_stream (
-- uses the same stream ID as device list stream
stream_id BIGINT NOT NULL,
-- user who did the signing
from_user_id TEXT NOT NULL,
-- list of users who were signed, as a JSON array
user_ids TEXT NOT NULL
);
CREATE UNIQUE INDEX user_signature_stream_idx ON user_signature_stream(stream_id);
-- device list needs to know which ones are "real" devices, and which ones are
-- just used to avoid collisions
ALTER TABLE devices ADD COLUMN hidden BOOLEAN DEFAULT FALSE;

View File

@ -0,0 +1,55 @@
/* Copyright 2019 New Vector Ltd
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-- cross-signing keys
CREATE TABLE IF NOT EXISTS e2e_cross_signing_keys (
user_id TEXT NOT NULL,
-- the type of cross-signing key (master, user_signing, or self_signing)
keytype TEXT NOT NULL,
-- the full key information, as a json-encoded dict
keydata TEXT NOT NULL,
-- time that the key was added
added_ts BIGINT NOT NULL
);
CREATE UNIQUE INDEX e2e_cross_signing_keys_idx ON e2e_cross_signing_keys(user_id, keytype, added_ts);
-- cross-signing signatures
CREATE TABLE IF NOT EXISTS e2e_cross_signing_signatures (
-- user who did the signing
user_id TEXT NOT NULL,
-- key used to sign
key_id TEXT NOT NULL,
-- user who was signed
target_user_id TEXT NOT NULL,
-- device/key that was signed
target_device_id TEXT NOT NULL,
-- the actual signature
signature TEXT NOT NULL
);
CREATE UNIQUE INDEX e2e_cross_signing_signatures_idx ON e2e_cross_signing_signatures(user_id, target_user_id, target_device_id);
-- stream of user signature updates
CREATE TABLE IF NOT EXISTS user_signature_stream (
-- uses the same stream ID as device list stream
stream_id BIGINT NOT NULL,
-- user who did the signing
from_user_id TEXT NOT NULL,
-- list of users who were signed, as a JSON array
user_ids TEXT NOT NULL
);
CREATE UNIQUE INDEX user_signature_stream_idx ON user_signature_stream(stream_id);

View File

@ -492,10 +492,10 @@ def get_verify_key_from_cross_signing_key(key_info):
"""
# make sure that exactly one key is provided
if "keys" not in key_info:
raise SynapseError(400, "Invalid key")
raise ValueError("Invalid key")
keys = key_info["keys"]
if len(keys) != 1:
raise SynapseError(400, "Invalid key")
raise ValueError("Invalid key")
# and return that one key
for key_id, key_data in keys.items():
return (key_id, decode_verify_key_bytes(key_id, decode_base64(key_data)))