Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

don't insert into the device table for remote cross-signing keys #6956

Merged
merged 2 commits into from
Feb 20, 2020
Merged

don't insert into the device table for remote cross-signing keys #6956

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
e4f3288
don't insert into the device table for remote cross-signing keys
uhoreg Feb 19, 2020
ce20fc9
add changelog
uhoreg Feb 19, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions changelog.d/6956.misc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Don't record remote cross-signing keys in the `devices` table.
33 changes: 18 additions & 15 deletions synapse/storage/data_stores/main/end_to_end_keys.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -680,11 +680,6 @@ def _set_e2e_cross_signing_key_txn(self, txn, user_id, key_type, key):
'user_signing' for a user-signing key
key (dict): the key data
"""
# the cross-signing keys need to occupy the same namespace as devices,
# since signatures are identified by device ID. So add an entry to the
# device table to make sure that we don't have a collision with device
# IDs

# the 'key' dict will look something like:
# {
# "user_id": "@alice:example.com",
Expand All @@ -701,16 +696,24 @@ def _set_e2e_cross_signing_key_txn(self, txn, user_id, key_type, key):
# The "keys" property must only have one entry, which will be the public
# key, so we just grab the first value in there
pubkey = next(iter(key["keys"].values()))
self.db.simple_insert_txn(
txn,
"devices",
values={
"user_id": user_id,
"device_id": pubkey,
"display_name": key_type + " signing key",
"hidden": True,
},
)

# The cross-signing keys need to occupy the same namespace as devices,
# since signatures are identified by device ID. So add an entry to the
# device table to make sure that we don't have a collision with device
# IDs.
# We only need to do this for local users, since remote servers should be
# responsible for checking this for their own users.
if self.hs.is_mine_id(user_id):
self.db.simple_insert_txn(
txn,
"devices",
values={
"user_id": user_id,
"device_id": pubkey,
"display_name": key_type + " signing key",
"hidden": True,
},
)

# and finally, store the key itself
with self._cross_signing_id_gen.get_next() as stream_id:
Expand Down