Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

don't insert into the device table for remote cross-signing keys #6956

Merged
merged 2 commits into from
Feb 20, 2020
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions changelog.d/6956.misc
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Don't record remote cross-signing keys in the `devices` table.
33 changes: 18 additions & 15 deletions synapse/storage/data_stores/main/end_to_end_keys.py
Original file line number Diff line number Diff line change
Expand Up @@ -680,11 +680,6 @@ def _set_e2e_cross_signing_key_txn(self, txn, user_id, key_type, key):
'user_signing' for a user-signing key
key (dict): the key data
"""
# the cross-signing keys need to occupy the same namespace as devices,
# since signatures are identified by device ID. So add an entry to the
# device table to make sure that we don't have a collision with device
# IDs

# the 'key' dict will look something like:
# {
# "user_id": "@alice:example.com",
Expand All @@ -701,16 +696,24 @@ def _set_e2e_cross_signing_key_txn(self, txn, user_id, key_type, key):
# The "keys" property must only have one entry, which will be the public
# key, so we just grab the first value in there
pubkey = next(iter(key["keys"].values()))
self.db.simple_insert_txn(
txn,
"devices",
values={
"user_id": user_id,
"device_id": pubkey,
"display_name": key_type + " signing key",
"hidden": True,
},
)

# The cross-signing keys need to occupy the same namespace as devices,
# since signatures are identified by device ID. So add an entry to the
# device table to make sure that we don't have a collision with device
# IDs.
# We only need to do this for local users, since remote servers should be
# responsible for checking this for their own users.
if self.hs.is_mine_id(user_id):
self.db.simple_insert_txn(
txn,
"devices",
values={
"user_id": user_id,
"device_id": pubkey,
"display_name": key_type + " signing key",
"hidden": True,
},
)

# and finally, store the key itself
with self._cross_signing_id_gen.get_next() as stream_id:
Expand Down