dendrite/keyserver
Neil Alexander e95b1fd238
Cross-signing validation for self-sigs, expose signatures over /user/keys/query and /user/devices/{userId} (#1962)
* Enable unstable feature again

* Try to verify when a device signs a key

* Try to verify when a key signs a device

* It's the self-signing key, not the master key

* Fix error

* Try to verify master key uploads

* Actually we can't guarantee we can do that so nevermind

* Add signatures into /devices/list request

* Fix nil pointer

* Reprioritise map creation

* Don't skip devices that don't have signatures

* Add some debug logging

* Fix logic error in QuerySignatures

* Fix bugs

* Expose master and self-signing keys on /devices/list hopefully

* maps are tedious

* Expose signatures via /keys/query

* Upload signatures when uploading keys

* Fixes

* Disable the feature again
2021-08-06 10:13:35 +01:00
..
api Cross-signing validation for self-sigs, expose signatures over /user/keys/query and /user/devices/{userId} (#1962) 2021-08-06 10:13:35 +01:00
consumers Cross-signing groundwork (#1953) 2021-08-04 17:56:29 +01:00
internal Cross-signing validation for self-sigs, expose signatures over /user/keys/query and /user/devices/{userId} (#1962) 2021-08-06 10:13:35 +01:00
inthttp Cross-signing validation for self-sigs, expose signatures over /user/keys/query and /user/devices/{userId} (#1962) 2021-08-06 10:13:35 +01:00
producers Summarise key change logs (#1278) 2020-08-18 11:14:37 +01:00
storage Cross-signing validation for self-sigs, expose signatures over /user/keys/query and /user/devices/{userId} (#1962) 2021-08-06 10:13:35 +01:00
types Cross-signing storage code (#1959) 2021-08-04 17:31:18 +01:00
keyserver.go Cross-signing groundwork (#1953) 2021-08-04 17:56:29 +01:00
README.md Add boilerplate for key server APIs (#1196) 2020-07-13 16:02:35 +01:00

Key Server

This is an internal component which manages E2E keys from clients. It handles all the Key Management APIs with the exception of /keys/changes which is handled by Sync API. This component is designed to shard by user ID.

Keys are uploaded and stored in this component, and key changes are emitted to a Kafka topic for downstream components such as Sync API.

Internal APIs

  • PerformUploadKeys stores identity keys and one-time public keys for given user(s).
  • PerformClaimKeys acquires one-time public keys for given user(s). This may involve outbound federation calls.
  • QueryKeys returns identity keys for given user(s). This may involve outbound federation calls. This component may then cache federated identity keys to avoid repeatedly hitting remote servers.
  • A topic which emits identity keys every time there is a change (addition or deletion).

### Endpoint mappings

  • Client API maps /keys/upload to PerformUploadKeys.
  • Client API maps /keys/query to QueryKeys.
  • Client API maps /keys/claim to PerformClaimKeys.
  • Federation API maps /user/keys/query to QueryKeys.
  • Federation API maps /user/keys/claim to PerformClaimKeys.
  • Sync API maps /keys/changes to consuming from the Kafka topic.