Skip to content

Commit

Permalink
don't insert into the device table for remote cross-signing keys (mat…
Browse files Browse the repository at this point in the history
  • Loading branch information
uhoreg authored and phil-flex committed Mar 27, 2020
1 parent e568d52 commit 6fe281a
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 15 deletions.
1 change: 1 addition & 0 deletions changelog.d/6956.misc
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Don't record remote cross-signing keys in the `devices` table.
33 changes: 18 additions & 15 deletions synapse/storage/data_stores/main/end_to_end_keys.py
Original file line number Diff line number Diff line change
Expand Up @@ -680,11 +680,6 @@ def _set_e2e_cross_signing_key_txn(self, txn, user_id, key_type, key):
'user_signing' for a user-signing key
key (dict): the key data
"""
# the cross-signing keys need to occupy the same namespace as devices,
# since signatures are identified by device ID. So add an entry to the
# device table to make sure that we don't have a collision with device
# IDs

# the 'key' dict will look something like:
# {
# "user_id": "@alice:example.com",
Expand All @@ -701,16 +696,24 @@ def _set_e2e_cross_signing_key_txn(self, txn, user_id, key_type, key):
# The "keys" property must only have one entry, which will be the public
# key, so we just grab the first value in there
pubkey = next(iter(key["keys"].values()))
self.db.simple_insert_txn(
txn,
"devices",
values={
"user_id": user_id,
"device_id": pubkey,
"display_name": key_type + " signing key",
"hidden": True,
},
)

# The cross-signing keys need to occupy the same namespace as devices,
# since signatures are identified by device ID. So add an entry to the
# device table to make sure that we don't have a collision with device
# IDs.
# We only need to do this for local users, since remote servers should be
# responsible for checking this for their own users.
if self.hs.is_mine_id(user_id):
self.db.simple_insert_txn(
txn,
"devices",
values={
"user_id": user_id,
"device_id": pubkey,
"display_name": key_type + " signing key",
"hidden": True,
},
)

# and finally, store the key itself
with self._cross_signing_id_gen.get_next() as stream_id:
Expand Down

0 comments on commit 6fe281a

Please sign in to comment.