mas: revert cross_signing_keys.updatable_without_uia_before_ms field and related logic

Author: mdnight

userapi/api/api.go

@@ -689,11 +689,6 @@ type ClientKeyAPI interface {
 	QueryKeys(ctx context.Context, req *QueryKeysRequest, res *QueryKeysResponse)
 	QueryMasterKeys(ctx context.Context, req *QueryMasterKeysRequest, res *QueryMasterKeysResponse)
 	PerformUploadKeys(ctx context.Context, req *PerformUploadKeysRequest, res *PerformUploadKeysResponse) error
-	PerformAllowingMasterCrossSigningKeyReplacementWithoutUIA(
-		ctx context.Context,
-		req *PerformAllowingMasterCrossSigningKeyReplacementWithoutUIARequest,
-		res *PerformAllowingMasterCrossSigningKeyReplacementWithoutUIAResponse,
-	) error
 
 	PerformUploadDeviceSignatures(ctx context.Context, req *PerformUploadDeviceSignaturesRequest, res *PerformUploadDeviceSignaturesResponse)
 	// PerformClaimKeys claims one-time keys for use in pre-key messages
@@ -922,15 +917,6 @@ type PerformUploadDeviceKeysResponse struct {
 	Error *KeyError
 }
 
-type PerformAllowingMasterCrossSigningKeyReplacementWithoutUIARequest struct {
-	UserID   string
-	Duration time.Duration
-}
-
-type PerformAllowingMasterCrossSigningKeyReplacementWithoutUIAResponse struct {
-	Timestamp int64
-}
-
 type PerformUploadDeviceSignaturesRequest struct {
 	Signatures map[string]map[gomatrixserverlib.KeyID]fclient.CrossSigningForKeyOrDevice
 	// The user that uploaded the sig, should be populated by the clientapi.
@@ -968,7 +954,7 @@ type QueryMasterKeysRequest struct {
 }
 
 type QueryMasterKeysResponse struct {
-	Key *types.CrossSigningKey
+	Key spec.Base64Bytes
 	// Set if there was a fatal error processing this query
 	Error *KeyError
 }

userapi/internal/cross_signing.go

@@ -96,16 +96,6 @@ func sanityCheckKey(key fclient.CrossSigningKey, userID string, purpose fclient.
 	return nil
 }
 
-func (a *UserInternalAPI) PerformAllowingMasterCrossSigningKeyReplacementWithoutUIA(
-	ctx context.Context,
-	req *api.PerformAllowingMasterCrossSigningKeyReplacementWithoutUIARequest,
-	res *api.PerformAllowingMasterCrossSigningKeyReplacementWithoutUIAResponse,
-) error {
-	var err error
-	res.Timestamp, err = a.KeyDatabase.UpdateMasterCrossSigningKeyAllowReplacementWithoutUIA(ctx, req.UserID, req.Duration)
-	return err
-}
-
 // nolint:gocyclo
 func (a *UserInternalAPI) PerformUploadDeviceKeys(ctx context.Context, req *api.PerformUploadDeviceKeysRequest, res *api.PerformUploadDeviceKeysResponse) {
 	// Find the keys to store.
@@ -124,9 +114,7 @@ func (a *UserInternalAPI) PerformUploadDeviceKeys(ctx context.Context, req *api.
 
 		byPurpose[fclient.CrossSigningKeyPurposeMaster] = req.MasterKey
 		for _, key := range req.MasterKey.Keys { // iterates once, see sanityCheckKey
-			toStore[fclient.CrossSigningKeyPurposeMaster] = types.CrossSigningKey{
-				KeyData: key,
-			}
+			toStore[fclient.CrossSigningKeyPurposeMaster] = key
 		}
 		hasMasterKey = true
 	}
@@ -142,9 +130,7 @@ func (a *UserInternalAPI) PerformUploadDeviceKeys(ctx context.Context, req *api.
 
 		byPurpose[fclient.CrossSigningKeyPurposeSelfSigning] = req.SelfSigningKey
 		for _, key := range req.SelfSigningKey.Keys { // iterates once, see sanityCheckKey
-			toStore[fclient.CrossSigningKeyPurposeSelfSigning] = types.CrossSigningKey{
-				KeyData: key,
-			}
+			toStore[fclient.CrossSigningKeyPurposeSelfSigning] = key
 		}
 	}
 
@@ -159,9 +145,7 @@ func (a *UserInternalAPI) PerformUploadDeviceKeys(ctx context.Context, req *api.
 
 		byPurpose[fclient.CrossSigningKeyPurposeUserSigning] = req.UserSigningKey
 		for _, key := range req.UserSigningKey.Keys { // iterates once, see sanityCheckKey
-			toStore[fclient.CrossSigningKeyPurposeUserSigning] = types.CrossSigningKey{
-				KeyData: key,
-			}
+			toStore[fclient.CrossSigningKeyPurposeUserSigning] = key
 		}
 	}
 
@@ -214,7 +198,7 @@ func (a *UserInternalAPI) PerformUploadDeviceKeys(ctx context.Context, req *api.
 			changed = true
 			break
 		}
-		if !bytes.Equal(old.KeyData, new.KeyData) {
+		if !bytes.Equal(old, new) {
 			// One of the existing keys for a purpose we already knew about has
 			// changed.
 			changed = true
@@ -226,7 +210,7 @@ func (a *UserInternalAPI) PerformUploadDeviceKeys(ctx context.Context, req *api.
 	}
 
 	// Store the keys.
-	if err := a.KeyDatabase.StoreCrossSigningKeysForUser(ctx, req.UserID, toStore, nil); err != nil {
+	if err := a.KeyDatabase.StoreCrossSigningKeysForUser(ctx, req.UserID, toStore); err != nil {
 		res.Error = &api.KeyError{
 			Err: fmt.Sprintf("a.DB.StoreCrossSigningKeysForUser: %s", err),
 		}

userapi/internal/key_api.go

@@ -243,7 +243,7 @@ func (a *UserInternalAPI) QueryMasterKeys(ctx context.Context, req *api.QueryMas
 		return
 	}
 	if key, ok := crossSigningKeyMap[fclient.CrossSigningKeyPurposeMaster]; ok {
-		res.Key = &key
+		res.Key = key
 	}
 }
 

userapi/storage/interface.go

@@ -10,7 +10,6 @@ import (
 	"context"
 	"encoding/json"
 	"errors"
-	"time"
 
 	"github.com/matrix-org/gomatrixserverlib"
 	"github.com/matrix-org/gomatrixserverlib/fclient"
@@ -231,9 +230,8 @@ type KeyDatabase interface {
 	CrossSigningKeysDataForUserAndKeyType(ctx context.Context, userID string, keyType fclient.CrossSigningKeyPurpose) (types.CrossSigningKeyMap, error)
 	CrossSigningSigsForTarget(ctx context.Context, originUserID, targetUserID string, targetKeyID gomatrixserverlib.KeyID) (types.CrossSigningSigMap, error)
 
-	StoreCrossSigningKeysForUser(ctx context.Context, userID string, keyMap types.CrossSigningKeyMap, updatableWithoutUIABeforeMs *int64) error
+	StoreCrossSigningKeysForUser(ctx context.Context, userID string, keyMap types.CrossSigningKeyMap) error
 	StoreCrossSigningSigsForTarget(ctx context.Context, originUserID string, originKeyID gomatrixserverlib.KeyID, targetUserID string, targetKeyID gomatrixserverlib.KeyID, signature spec.Base64Bytes) error
-	UpdateMasterCrossSigningKeyAllowReplacementWithoutUIA(ctx context.Context, userID string, duration time.Duration) (int64, error)
 
 	DeleteStaleDeviceLists(
 		ctx context.Context,

userapi/storage/postgres/cross_signing_keys_table.go

@@ -10,9 +10,6 @@ import (
 	"context"
 	"database/sql"
 	"fmt"
-	"time"
-
-	"github.com/element-hq/dendrite/userapi/storage/postgres/deltas"
 
 	"github.com/element-hq/dendrite/internal"
 	"github.com/element-hq/dendrite/internal/sqlutil"
@@ -32,29 +29,23 @@ CREATE TABLE IF NOT EXISTS keyserver_cross_signing_keys (
 `
 
 const selectCrossSigningKeysForUserSQL = "" +
-	"SELECT key_type, key_data, updatable_without_uia_before_ms FROM keyserver_cross_signing_keys" +
+	"SELECT key_type, key_data FROM keyserver_cross_signing_keys" +
 	" WHERE user_id = $1"
 
 const selectCrossSigningKeysForUserAndKeyTypeSQL = "" +
-	"SELECT key_type, key_data, updatable_without_uia_before_ms FROM keyserver_cross_signing_keys" +
+	"SELECT key_type, key_data FROM keyserver_cross_signing_keys" +
 	" WHERE user_id = $1 AND key_type = $2"
 
 const upsertCrossSigningKeysForUserSQL = "" +
-	"INSERT INTO keyserver_cross_signing_keys (user_id, key_type, key_data, updatable_without_uia_before_ms)" +
+	"INSERT INTO keyserver_cross_signing_keys (user_id, key_type, key_data)" +
 	" VALUES($1, $2, $3, $4)" +
 	" ON CONFLICT (user_id, key_type) DO UPDATE SET key_data = $3"
 
-const updateMasterCrossSigningKeyAllowReplacementWithoutUiaSQL = "" +
-	"UPDATE keyserver_cross_signing_keys" +
-	" SET updatable_without_uia_before_ms = $1" +
-	" WHERE user_id = $2 AND key_type = $3"
-
 type crossSigningKeysStatements struct {
-	db                                                        *sql.DB
-	selectCrossSigningKeysForUserStmt                         *sql.Stmt
-	selectCrossSigningKeysForUserAndKeyTypeStmt               *sql.Stmt
-	upsertCrossSigningKeysForUserStmt                         *sql.Stmt
-	updateMasterCrossSigningKeyAllowReplacementWithoutUiaStmt *sql.Stmt
+	db                                          *sql.DB
+	selectCrossSigningKeysForUserStmt           *sql.Stmt
+	selectCrossSigningKeysForUserAndKeyTypeStmt *sql.Stmt
+	upsertCrossSigningKeysForUserStmt           *sql.Stmt
 }
 
 func NewPostgresCrossSigningKeysTable(db *sql.DB) (tables.CrossSigningKeys, error) {
@@ -66,12 +57,6 @@ func NewPostgresCrossSigningKeysTable(db *sql.DB) (tables.CrossSigningKeys, erro
 		return nil, err
 	}
 	m := sqlutil.NewMigrator(db)
-	m.AddMigrations(
-		sqlutil.Migration{
-			Version: "userapi: add x-signing updatable_without_uia_before_ms",
-			Up:      deltas.UpAddXSigningUpdatableWithoutUIABeforeMs,
-		},
-	)
 	err = m.Up(context.Background())
 	if err != nil {
 		return nil, err
@@ -80,7 +65,6 @@ func NewPostgresCrossSigningKeysTable(db *sql.DB) (tables.CrossSigningKeys, erro
 		{&s.selectCrossSigningKeysForUserStmt, selectCrossSigningKeysForUserSQL},
 		{&s.selectCrossSigningKeysForUserAndKeyTypeStmt, selectCrossSigningKeysForUserAndKeyTypeSQL},
 		{&s.upsertCrossSigningKeysForUserStmt, upsertCrossSigningKeysForUserSQL},
-		{&s.updateMasterCrossSigningKeyAllowReplacementWithoutUiaStmt, updateMasterCrossSigningKeyAllowReplacementWithoutUiaSQL},
 	}.Prepare(db)
 }
 
@@ -96,18 +80,14 @@ func (s *crossSigningKeysStatements) SelectCrossSigningKeysForUser(
 	for rows.Next() {
 		var keyTypeInt int16
 		var keyData spec.Base64Bytes
-		var updatableWithoutUIABeforeMs *int64
-		if err = rows.Scan(&keyTypeInt, &keyData, &updatableWithoutUIABeforeMs); err != nil {
+		if err = rows.Scan(&keyTypeInt, &keyData); err != nil {
 			return nil, err
 		}
 		keyType, ok := types.KeyTypeIntToPurpose[keyTypeInt]
 		if !ok {
 			return nil, fmt.Errorf("unknown key purpose int %d", keyTypeInt)
 		}
-		r[keyType] = types.CrossSigningKey{
-			UpdatableWithoutUIABeforeMs: updatableWithoutUIABeforeMs,
-			KeyData:                     keyData,
-		}
+		r[keyType] = keyData
 	}
 	err = rows.Err()
 	return
@@ -129,45 +109,28 @@ func (s *crossSigningKeysStatements) SelectCrossSigningKeysForUserAndKeyType(
 	for rows.Next() {
 		var keyTypeInt int16
 		var keyData spec.Base64Bytes
-		var updatableWithoutUIABeforeMs *int64
-		if err = rows.Scan(&keyTypeInt, &keyData, &updatableWithoutUIABeforeMs); err != nil {
+		if err = rows.Scan(&keyTypeInt, &keyData); err != nil {
 			return nil, err
 		}
 		keyType, ok := types.KeyTypeIntToPurpose[keyTypeInt]
 		if !ok {
 			return nil, fmt.Errorf("unknown key purpose int %d", keyTypeInt)
 		}
-		r[keyType] = types.CrossSigningKey{
-			UpdatableWithoutUIABeforeMs: updatableWithoutUIABeforeMs,
-			KeyData:                     keyData,
-		}
+		r[keyType] = keyData
 	}
 	err = rows.Err()
 	return
 }
 
 func (s *crossSigningKeysStatements) UpsertCrossSigningKeysForUser(
-	ctx context.Context, txn *sql.Tx, userID string, keyType fclient.CrossSigningKeyPurpose, keyData spec.Base64Bytes, updatableWithoutUIABeforeMs *int64,
+	ctx context.Context, txn *sql.Tx, userID string, keyType fclient.CrossSigningKeyPurpose, keyData spec.Base64Bytes,
 ) error {
 	keyTypeInt, ok := types.KeyTypePurposeToInt[keyType]
 	if !ok {
 		return fmt.Errorf("unknown key purpose %q", keyType)
 	}
-	if _, err := sqlutil.TxStmt(txn, s.upsertCrossSigningKeysForUserStmt).ExecContext(ctx, userID, keyTypeInt, keyData, updatableWithoutUIABeforeMs); err != nil {
+	if _, err := sqlutil.TxStmt(txn, s.upsertCrossSigningKeysForUserStmt).ExecContext(ctx, userID, keyTypeInt, keyData); err != nil {
 		return fmt.Errorf("s.upsertCrossSigningKeysForUserStmt: %w", err)
 	}
 	return nil
 }
-
-func (s *crossSigningKeysStatements) UpdateMasterCrossSigningKeyAllowReplacementWithoutUIA(ctx context.Context, txn *sql.Tx, userID string, duration time.Duration) (int64, error) {
-	keyTypeInt := types.KeyTypePurposeToInt[fclient.CrossSigningKeyPurposeMaster]
-	ts := time.Now().Add(duration).UnixMilli()
-	result, err := sqlutil.TxStmt(txn, s.updateMasterCrossSigningKeyAllowReplacementWithoutUiaStmt).ExecContext(ctx, ts, userID, keyTypeInt)
-	if err != nil {
-		return -1, err
-	}
-	if n, _ := result.RowsAffected(); n == 0 {
-		return -1, sql.ErrNoRows
-	}
-	return ts, nil
-}

userapi/storage/postgres/deltas/2025011001110000_add_xsigning_updatable_without_uia_before_ms.go

@@ -1136,12 +1136,12 @@ func (d *KeyDatabase) CrossSigningKeysForUser(ctx context.Context, userID string
 	}
 	results := map[fclient.CrossSigningKeyPurpose]fclient.CrossSigningKey{}
 	for purpose, key := range keyMap {
-		keyID := gomatrixserverlib.KeyID("ed25519:" + key.KeyData.Encode())
+		keyID := gomatrixserverlib.KeyID("ed25519:" + key.Encode())
 		result := fclient.CrossSigningKey{
 			UserID: userID,
 			Usage:  []fclient.CrossSigningKeyPurpose{purpose},
 			Keys: map[gomatrixserverlib.KeyID]spec.Base64Bytes{
-				keyID: key.KeyData,
+				keyID: key,
 			},
 		}
 		sigMap, err := d.CrossSigningSigsTable.SelectCrossSigningSigsForTarget(ctx, nil, userID, userID, keyID)
@@ -1183,29 +1183,17 @@ func (d *KeyDatabase) CrossSigningSigsForTarget(ctx context.Context, originUserI
 }
 
 // StoreCrossSigningKeysForUser stores the latest known cross-signing keys for a user.
-func (d *KeyDatabase) StoreCrossSigningKeysForUser(ctx context.Context, userID string, keyMap types.CrossSigningKeyMap, updatableWithoutUIABeforeMs *int64) error {
+func (d *KeyDatabase) StoreCrossSigningKeysForUser(ctx context.Context, userID string, keyMap types.CrossSigningKeyMap) error {
 	return d.Writer.Do(d.DB, nil, func(txn *sql.Tx) error {
 		for keyType, key := range keyMap {
-			if err := d.CrossSigningKeysTable.UpsertCrossSigningKeysForUser(ctx, txn, userID, keyType, key.KeyData, key.UpdatableWithoutUIABeforeMs); err != nil {
+			if err := d.CrossSigningKeysTable.UpsertCrossSigningKeysForUser(ctx, txn, userID, keyType, key); err != nil {
 				return fmt.Errorf("d.CrossSigningKeysTable.InsertCrossSigningKeysForUser: %w", err)
 			}
 		}
 		return nil
 	})
 }
 
-// UpdateMasterCrossSigningKeyAllowReplacementWithoutUIA updates the 'updatable_without_uia_before_ms' attribute of the master cross-signing key.
-// Normally this attribute depending on its value marks the master key as replaceable without UIA.
-func (d *KeyDatabase) UpdateMasterCrossSigningKeyAllowReplacementWithoutUIA(ctx context.Context, userID string, duration time.Duration) (int64, error) {
-	var ts int64
-	err := d.Writer.Do(d.DB, nil, func(txn *sql.Tx) error {
-		var err error
-		ts, err = d.CrossSigningKeysTable.UpdateMasterCrossSigningKeyAllowReplacementWithoutUIA(ctx, txn, userID, duration)
-		return err
-	})
-	return ts, err
-}
-
 // StoreCrossSigningSigsForTarget stores a signature for a target user ID and key/device.
 func (d *KeyDatabase) StoreCrossSigningSigsForTarget(
 	ctx context.Context,