Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Do not require UIA when first uploading cross-signing keys #1828

Merged
merged 4 commits into from
Jun 6, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions changelogs/client_server/newsfragments/1828.feature
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Do not require UIA when first uploading cross-signing keys, as per [MSC3967](https://github.com/matrix-org/matrix-spec-proposals/pull/3967).
15 changes: 15 additions & 0 deletions data/api/client-server/cross_signing.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -19,11 +19,26 @@ paths:
/keys/device_signing/upload:
post:
x-addedInMatrixVersion: "1.1"
x-changedInMatrixVersion:
"1.11": UIA is not always required for this endpoint.
summary: Upload cross-signing keys.
description: |-
Publishes cross-signing keys for the user.

This API endpoint uses the [User-Interactive Authentication API](/client-server-api/#user-interactive-authentication-api).

User-Interactive Authentication MUST be performed, except in these cases:
- there is no existing cross-signing master key uploaded to the homeserver, OR
- there is an existing cross-signing master key and it exactly matches the
cross-signing master key provided in the request body. If there are any additional
keys provided in the request (self-signing key, user-signing key) they MUST also
match the existing keys stored on the server. In other words, the request contains
no new keys.
Comment on lines +31 to +36
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I copied this section from the MSC, but it seems to ignore the case where a client uploads the master key and the other keys (self-signing and user-signing) separately.

My understanding according to the paragraph below is that setting the other keys if they were not set before, or re-uploading the same keys, should not require UIA, even if the master key is not part of the request (i.e. it was already uploaded before).

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The MSC (and this wording in particular) seems to imply that you have to upload the MSK on each request, otherwise you have to do UIA. I'm not sure that's what was intended, but it's probably ok, and we can't really just change it without another MSC.


This allows clients to freely upload one set of keys, but not modify/overwrite keys if
they already exist. Allowing clients to upload the same set of keys more than once
makes this endpoint idempotent in the case where the response is lost over the network,
which would otherwise cause a UIA challenge upon retry.
operationId: uploadCrossSigningKeys
security:
- accessTokenQuery: []
Expand Down