Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

uploaded self_signing signature is silently discarded instead of replacing the existing one #17376

Open
foresto opened this issue Jun 30, 2024 · 0 comments
Open

uploaded self_signing signature is silently discarded instead of replacing the existing one #17376

foresto opened this issue Jun 30, 2024 · 0 comments
Labels
O-Uncommon S-Major T-Defect

Comments

@foresto
Copy link

foresto commented Jun 30, 2024
edited
Loading

Description

If a device already has a self_signing signature, a new one uploaded via keys/signatures/upload is silently ignored. No error is reported and nothing appears in the response failures field.

This leaves no way to correct a bad signature, such as one left over from a device that previously had the same device id. AFAICT, it prevents affected devices from being verified at all.

This is currently happening to all new devices that reuse a device id* from a previously verified (and later deleted) device, due to bug #17375.

*Note that device id reuse is explicitly allowed by the spec:

"A client is also free to generate its own device_id or, provided the user remains the same, reuse a device: in either case the client should pass the device_id in the request body."

Steps to reproduce

  • Log in and verify a new device.
  • Use another client to forcibly log that device out. (Having the device log itself out might yield the same results; I haven't checked.)
  • Log in another new device, passing the old device's device_id to the login endpoint.
  • Inspect its signatures as reported by the keys/query endpoint.
  • Note the presence of a self-signing signature, despite this device not having been verified. This signature belonged to the deleted device that previously used the same device id. It's invalid, of course, since the new device keys are not the same as the old ones. This stale signature shouldn't be there (see Synapse bug self_signing signatures are not deleted when their device is deleted #17375) but it gives us a convenient way to demonstrate this bug.
  • Upload a new signature for this device, generated with the self-signing key via the keys/signatures/upload endpoint.
  • Note that no errors or failures are reported by the endpoint.
  • Inspect the device's signatures again, as reported by the keys/query endpoint.

Note that the newly uploaded signature is not there; it was silently discarded. The old, invalid one remains in place.

Homeserver

matrix.org

Synapse Version

1.110.0rc1 (b=matrix-org-hotfixes,ddc46e90a8)

Installation Method

I don't know

Database

I don't know; It's the matrix.org server.

Workers

I don't know

Platform

I don't know; It's the matrix.org server.

Configuration

No response

Relevant log output

I don't have access to logs; It's the matrix.org server.

Anything else that would be useful to know?

No response
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
O-Uncommon S-Major T-Defect
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@foresto @devonh