Skip to content

Relax validation of signature upload for master keys, and allow updates#19915

Open
uhoreg wants to merge 5 commits into
element-hq:developfrom
uhoreg:update_master_key_signatures
Open

Relax validation of signature upload for master keys, and allow updates#19915
uhoreg wants to merge 5 commits into
element-hq:developfrom
uhoreg:update_master_key_signatures

Conversation

@uhoreg

@uhoreg uhoreg commented Jul 6, 2026

Copy link
Copy Markdown
Member

Don't validate signature with unknown algorithms for master signing keys, and allow updates to signatures, for example to support algorithms that embed an expiry date in signatures.

Pull Request Checklist

  • Pull request is based on the develop branch
  • Pull request includes a changelog file. The entry should:
    • Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from EventStore to EventWorkerStore.".
    • Use markdown where necessary, mostly for code blocks.
    • End with either a period (.) or an exclamation mark (!).
    • Start with a capital letter.
    • Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry.
  • Code style is correct (run the linters)

def test_update_signature_master_key(self) -> None:
"""should be able to update a signature on the Master signing key with an unknown algorithm"""
local_user = "@boris:" + self.hs.hostname
master_key: dict[str, Any] = {

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This type annotation seems overly broad to me, so suggestions welcome. Without it, mypy complains when I try to assign to master_key["signatures"][local_user]["unknown:abcdefg"] below. (On the other hand, this is just a test, so I'm not overly concerned about getting the types just right.)

index_name="e2e_cross_signing_signatures3_idx",
table="e2e_cross_signing_signatures",
columns=("user_id", "target_user_id", "target_device_id", "key_id"),
unique=True,

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure what's the proper way to handle the case where we end up with duplicate values on those columns. I think that we shouldn't have any, but we should probably try to be safe.

@uhoreg

uhoreg commented Jul 7, 2026

Copy link
Copy Markdown
Member Author

Complement tests seem to be unrelated to my changes.

@uhoreg uhoreg marked this pull request as ready for review July 7, 2026 02:16
@uhoreg uhoreg requested a review from a team as a code owner July 7, 2026 02:16
@uhoreg

uhoreg commented Jul 7, 2026

Copy link
Copy Markdown
Member Author

I'm not sure if I should also relax some of the validation for signatures on other keys as well (e.g. device keys) while I'm in the area, or if I should keep the change limited to what I need right away. It will probably need to be done eventually, when we switch to different signature algorithms.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant