mirror of
https://github.com/matrix-org/dendrite
synced 2024-11-15 22:31:07 +01:00
e95b1fd238
* Enable unstable feature again * Try to verify when a device signs a key * Try to verify when a key signs a device * It's the self-signing key, not the master key * Fix error * Try to verify master key uploads * Actually we can't guarantee we can do that so nevermind * Add signatures into /devices/list request * Fix nil pointer * Reprioritise map creation * Don't skip devices that don't have signatures * Add some debug logging * Fix logic error in QuerySignatures * Fix bugs * Expose master and self-signing keys on /devices/list hopefully * maps are tedious * Expose signatures via /keys/query * Upload signatures when uploading keys * Fixes * Disable the feature again
235 lines
8.9 KiB
Go
235 lines
8.9 KiB
Go
// Copyright 2020 The Matrix.org Foundation C.I.C.
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
package shared
|
|
|
|
import (
|
|
"context"
|
|
"database/sql"
|
|
"encoding/json"
|
|
"fmt"
|
|
|
|
"github.com/matrix-org/dendrite/internal/sqlutil"
|
|
"github.com/matrix-org/dendrite/keyserver/api"
|
|
"github.com/matrix-org/dendrite/keyserver/storage/tables"
|
|
"github.com/matrix-org/dendrite/keyserver/types"
|
|
"github.com/matrix-org/gomatrixserverlib"
|
|
)
|
|
|
|
type Database struct {
|
|
DB *sql.DB
|
|
Writer sqlutil.Writer
|
|
OneTimeKeysTable tables.OneTimeKeys
|
|
DeviceKeysTable tables.DeviceKeys
|
|
KeyChangesTable tables.KeyChanges
|
|
StaleDeviceListsTable tables.StaleDeviceLists
|
|
CrossSigningKeysTable tables.CrossSigningKeys
|
|
CrossSigningSigsTable tables.CrossSigningSigs
|
|
sqlutil.PartitionOffsetStatements
|
|
}
|
|
|
|
func (d *Database) ExistingOneTimeKeys(ctx context.Context, userID, deviceID string, keyIDsWithAlgorithms []string) (map[string]json.RawMessage, error) {
|
|
return d.OneTimeKeysTable.SelectOneTimeKeys(ctx, userID, deviceID, keyIDsWithAlgorithms)
|
|
}
|
|
|
|
func (d *Database) StoreOneTimeKeys(ctx context.Context, keys api.OneTimeKeys) (counts *api.OneTimeKeysCount, err error) {
|
|
_ = d.Writer.Do(d.DB, nil, func(txn *sql.Tx) error {
|
|
counts, err = d.OneTimeKeysTable.InsertOneTimeKeys(ctx, txn, keys)
|
|
return err
|
|
})
|
|
return
|
|
}
|
|
|
|
func (d *Database) OneTimeKeysCount(ctx context.Context, userID, deviceID string) (*api.OneTimeKeysCount, error) {
|
|
return d.OneTimeKeysTable.CountOneTimeKeys(ctx, userID, deviceID)
|
|
}
|
|
|
|
func (d *Database) DeviceKeysJSON(ctx context.Context, keys []api.DeviceMessage) error {
|
|
return d.DeviceKeysTable.SelectDeviceKeysJSON(ctx, keys)
|
|
}
|
|
|
|
func (d *Database) PrevIDsExists(ctx context.Context, userID string, prevIDs []int) (bool, error) {
|
|
sids := make([]int64, len(prevIDs))
|
|
for i := range prevIDs {
|
|
sids[i] = int64(prevIDs[i])
|
|
}
|
|
count, err := d.DeviceKeysTable.CountStreamIDsForUser(ctx, userID, sids)
|
|
if err != nil {
|
|
return false, err
|
|
}
|
|
return count == len(prevIDs), nil
|
|
}
|
|
|
|
func (d *Database) StoreRemoteDeviceKeys(ctx context.Context, keys []api.DeviceMessage, clearUserIDs []string) error {
|
|
return d.Writer.Do(d.DB, nil, func(txn *sql.Tx) error {
|
|
for _, userID := range clearUserIDs {
|
|
err := d.DeviceKeysTable.DeleteAllDeviceKeys(ctx, txn, userID)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
}
|
|
return d.DeviceKeysTable.InsertDeviceKeys(ctx, txn, keys)
|
|
})
|
|
}
|
|
|
|
func (d *Database) StoreLocalDeviceKeys(ctx context.Context, keys []api.DeviceMessage) error {
|
|
// work out the latest stream IDs for each user
|
|
userIDToStreamID := make(map[string]int)
|
|
for _, k := range keys {
|
|
userIDToStreamID[k.UserID] = 0
|
|
}
|
|
return d.Writer.Do(d.DB, nil, func(txn *sql.Tx) error {
|
|
for userID := range userIDToStreamID {
|
|
streamID, err := d.DeviceKeysTable.SelectMaxStreamIDForUser(ctx, txn, userID)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
userIDToStreamID[userID] = int(streamID)
|
|
}
|
|
// set the stream IDs for each key
|
|
for i := range keys {
|
|
k := keys[i]
|
|
userIDToStreamID[k.UserID]++ // start stream from 1
|
|
k.StreamID = userIDToStreamID[k.UserID]
|
|
keys[i] = k
|
|
}
|
|
return d.DeviceKeysTable.InsertDeviceKeys(ctx, txn, keys)
|
|
})
|
|
}
|
|
|
|
func (d *Database) DeviceKeysForUser(ctx context.Context, userID string, deviceIDs []string) ([]api.DeviceMessage, error) {
|
|
return d.DeviceKeysTable.SelectBatchDeviceKeys(ctx, userID, deviceIDs)
|
|
}
|
|
|
|
func (d *Database) ClaimKeys(ctx context.Context, userToDeviceToAlgorithm map[string]map[string]string) ([]api.OneTimeKeys, error) {
|
|
var result []api.OneTimeKeys
|
|
err := d.Writer.Do(d.DB, nil, func(txn *sql.Tx) error {
|
|
for userID, deviceToAlgo := range userToDeviceToAlgorithm {
|
|
for deviceID, algo := range deviceToAlgo {
|
|
keyJSON, err := d.OneTimeKeysTable.SelectAndDeleteOneTimeKey(ctx, txn, userID, deviceID, algo)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if keyJSON != nil {
|
|
result = append(result, api.OneTimeKeys{
|
|
UserID: userID,
|
|
DeviceID: deviceID,
|
|
KeyJSON: keyJSON,
|
|
})
|
|
}
|
|
}
|
|
}
|
|
return nil
|
|
})
|
|
return result, err
|
|
}
|
|
|
|
func (d *Database) StoreKeyChange(ctx context.Context, partition int32, offset int64, userID string) error {
|
|
return d.Writer.Do(nil, nil, func(_ *sql.Tx) error {
|
|
return d.KeyChangesTable.InsertKeyChange(ctx, partition, offset, userID)
|
|
})
|
|
}
|
|
|
|
func (d *Database) KeyChanges(ctx context.Context, partition int32, fromOffset, toOffset int64) (userIDs []string, latestOffset int64, err error) {
|
|
return d.KeyChangesTable.SelectKeyChanges(ctx, partition, fromOffset, toOffset)
|
|
}
|
|
|
|
// StaleDeviceLists returns a list of user IDs ending with the domains provided who have stale device lists.
|
|
// If no domains are given, all user IDs with stale device lists are returned.
|
|
func (d *Database) StaleDeviceLists(ctx context.Context, domains []gomatrixserverlib.ServerName) ([]string, error) {
|
|
return d.StaleDeviceListsTable.SelectUserIDsWithStaleDeviceLists(ctx, domains)
|
|
}
|
|
|
|
// MarkDeviceListStale sets the stale bit for this user to isStale.
|
|
func (d *Database) MarkDeviceListStale(ctx context.Context, userID string, isStale bool) error {
|
|
return d.Writer.Do(nil, nil, func(_ *sql.Tx) error {
|
|
return d.StaleDeviceListsTable.InsertStaleDeviceList(ctx, userID, isStale)
|
|
})
|
|
}
|
|
|
|
// CrossSigningKeysForUser returns the latest known cross-signing keys for a user, if any.
|
|
func (d *Database) CrossSigningKeysForUser(ctx context.Context, userID string) (map[gomatrixserverlib.CrossSigningKeyPurpose]gomatrixserverlib.CrossSigningKey, error) {
|
|
keyMap, err := d.CrossSigningKeysTable.SelectCrossSigningKeysForUser(ctx, nil, userID)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("d.CrossSigningKeysTable.SelectCrossSigningKeysForUser: %w", err)
|
|
}
|
|
results := map[gomatrixserverlib.CrossSigningKeyPurpose]gomatrixserverlib.CrossSigningKey{}
|
|
for purpose, key := range keyMap {
|
|
keyID := gomatrixserverlib.KeyID("ed25519:" + key.Encode())
|
|
result := gomatrixserverlib.CrossSigningKey{
|
|
UserID: userID,
|
|
Usage: []gomatrixserverlib.CrossSigningKeyPurpose{purpose},
|
|
Keys: map[gomatrixserverlib.KeyID]gomatrixserverlib.Base64Bytes{
|
|
keyID: key,
|
|
},
|
|
}
|
|
sigMap, err := d.CrossSigningSigsTable.SelectCrossSigningSigsForTarget(ctx, nil, userID, keyID)
|
|
if err != nil {
|
|
continue
|
|
}
|
|
for sigUserID, forSigUserID := range sigMap {
|
|
if userID != sigUserID {
|
|
continue
|
|
}
|
|
if result.Signatures == nil {
|
|
result.Signatures = map[string]map[gomatrixserverlib.KeyID]gomatrixserverlib.Base64Bytes{}
|
|
}
|
|
if _, ok := result.Signatures[sigUserID]; !ok {
|
|
result.Signatures[sigUserID] = map[gomatrixserverlib.KeyID]gomatrixserverlib.Base64Bytes{}
|
|
}
|
|
for sigKeyID, sigBytes := range forSigUserID {
|
|
result.Signatures[sigUserID][sigKeyID] = sigBytes
|
|
}
|
|
}
|
|
results[purpose] = result
|
|
}
|
|
return results, nil
|
|
}
|
|
|
|
// CrossSigningKeysForUser returns the latest known cross-signing keys for a user, if any.
|
|
func (d *Database) CrossSigningKeysDataForUser(ctx context.Context, userID string) (types.CrossSigningKeyMap, error) {
|
|
return d.CrossSigningKeysTable.SelectCrossSigningKeysForUser(ctx, nil, userID)
|
|
}
|
|
|
|
// CrossSigningSigsForTarget returns the signatures for a given user's key ID, if any.
|
|
func (d *Database) CrossSigningSigsForTarget(ctx context.Context, targetUserID string, targetKeyID gomatrixserverlib.KeyID) (types.CrossSigningSigMap, error) {
|
|
return d.CrossSigningSigsTable.SelectCrossSigningSigsForTarget(ctx, nil, targetUserID, targetKeyID)
|
|
}
|
|
|
|
// StoreCrossSigningKeysForUser stores the latest known cross-signing keys for a user.
|
|
func (d *Database) StoreCrossSigningKeysForUser(ctx context.Context, userID string, keyMap types.CrossSigningKeyMap) error {
|
|
return d.Writer.Do(d.DB, nil, func(txn *sql.Tx) error {
|
|
for keyType, keyData := range keyMap {
|
|
if err := d.CrossSigningKeysTable.UpsertCrossSigningKeysForUser(ctx, txn, userID, keyType, keyData); err != nil {
|
|
return fmt.Errorf("d.CrossSigningKeysTable.InsertCrossSigningKeysForUser: %w", err)
|
|
}
|
|
}
|
|
return nil
|
|
})
|
|
}
|
|
|
|
// StoreCrossSigningSigsForTarget stores a signature for a target user ID and key/dvice.
|
|
func (d *Database) StoreCrossSigningSigsForTarget(
|
|
ctx context.Context,
|
|
originUserID string, originKeyID gomatrixserverlib.KeyID,
|
|
targetUserID string, targetKeyID gomatrixserverlib.KeyID,
|
|
signature gomatrixserverlib.Base64Bytes,
|
|
) error {
|
|
return d.Writer.Do(d.DB, nil, func(txn *sql.Tx) error {
|
|
if err := d.CrossSigningSigsTable.UpsertCrossSigningSigsForTarget(ctx, nil, originUserID, originKeyID, targetUserID, targetKeyID, signature); err != nil {
|
|
return fmt.Errorf("d.CrossSigningSigsTable.InsertCrossSigningSigsForTarget: %w", err)
|
|
}
|
|
return nil
|
|
})
|
|
}
|