diff options
author | Neil Alexander <neilalexander@users.noreply.github.com> | 2022-03-01 11:00:54 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-03-01 11:00:54 +0000 |
commit | 58bf91a585ec78f6ca6ff0c9ad0c10c5db9715a7 (patch) | |
tree | f17bbc06eab56de7fa9268168451dc22c040ea96 /keyserver | |
parent | a23fda662607e9160230335503e912f626abf616 (diff) |
Check for changes in `PerformUploadDeviceKeys` (#2233)
* Don't generate key change notifs if nothing changed on cross-signing upload
* Check both directions of changes
Diffstat (limited to 'keyserver')
-rw-r--r-- | keyserver/internal/cross_signing.go | 51 |
1 files changed, 39 insertions, 12 deletions
diff --git a/keyserver/internal/cross_signing.go b/keyserver/internal/cross_signing.go index bfb2037f..5124f37e 100644 --- a/keyserver/internal/cross_signing.go +++ b/keyserver/internal/cross_signing.go @@ -166,26 +166,53 @@ func (a *KeyInternalAPI) PerformUploadDeviceKeys(ctx context.Context, req *api.P } // We can't have a self-signing or user-signing key without a master - // key, so make sure we have one of those. + // key, so make sure we have one of those. We will also only actually do + // something if any of the specified keys in the request are different + // to what we've got in the database, to avoid generating key change + // notifications unnecessarily. + existingKeys, err := a.DB.CrossSigningKeysDataForUser(ctx, req.UserID) + if err != nil { + res.Error = &api.KeyError{ + Err: "Retrieving cross-signing keys from database failed: " + err.Error(), + } + return + } + + // If we still can't find a master key for the user then stop the upload. + // This satisfies the "Fails to upload self-signing key without master key" test. if !hasMasterKey { - existingKeys, err := a.DB.CrossSigningKeysDataForUser(ctx, req.UserID) - if err != nil { + if _, hasMasterKey = existingKeys[gomatrixserverlib.CrossSigningKeyPurposeMaster]; !hasMasterKey { res.Error = &api.KeyError{ - Err: "Retrieving cross-signing keys from database failed: " + err.Error(), + Err: "No master key was found", + IsMissingParam: true, } return } - - _, hasMasterKey = existingKeys[gomatrixserverlib.CrossSigningKeyPurposeMaster] } - // If we still can't find a master key for the user then stop the upload. - // This satisfies the "Fails to upload self-signing key without master key" test. - if !hasMasterKey { - res.Error = &api.KeyError{ - Err: "No master key was found", - IsMissingParam: true, + // Check if anything actually changed compared to what we have in the database. + changed := false + for _, purpose := range []gomatrixserverlib.CrossSigningKeyPurpose{ + gomatrixserverlib.CrossSigningKeyPurposeMaster, + gomatrixserverlib.CrossSigningKeyPurposeSelfSigning, + gomatrixserverlib.CrossSigningKeyPurposeUserSigning, + } { + old, gotOld := existingKeys[purpose] + new, gotNew := toStore[purpose] + if gotOld != gotNew { + // A new key purpose has been specified that we didn't know before, + // or one has been removed. + changed = true + break + } + if !bytes.Equal(old, new) { + // One of the existing keys for a purpose we already knew about has + // changed. + changed = true + break } + } + if !changed { return } |