From c3966f501c5dbb495ca4ef8c044fac7049645594 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20K=C3=B6sters?= <timo@koesters.xyz>
Date: Mon, 10 Jul 2023 23:10:27 +0200
Subject: [PATCH 1/2] fix: nheko e2ee verification bug

---
 src/api/client_server/keys.rs   | 12 ------------
 src/database/key_value/users.rs |  1 -
 2 files changed, 13 deletions(-)

diff --git a/src/api/client_server/keys.rs b/src/api/client_server/keys.rs
index ba89ece0..21f71b6d 100644
--- a/src/api/client_server/keys.rs
+++ b/src/api/client_server/keys.rs
@@ -151,18 +151,6 @@ pub async fn upload_signatures_route(
             let key = serde_json::to_value(key)
                 .map_err(|_| Error::BadRequest(ErrorKind::InvalidParam, "Invalid key JSON"))?;
 
-            let is_signed_key = match key.get("usage") {
-                Some(usage) => usage
-                    .as_array()
-                    .map(|usage| !usage.contains(&json!("master")))
-                    .unwrap_or(false),
-                None => true,
-            };
-
-            if !is_signed_key {
-                continue;
-            }
-
             for signature in key
                 .get("signatures")
                 .ok_or(Error::BadRequest(
diff --git a/src/database/key_value/users.rs b/src/database/key_value/users.rs
index 1cabab0e..359a0724 100644
--- a/src/database/key_value/users.rs
+++ b/src/database/key_value/users.rs
@@ -592,7 +592,6 @@ impl service::users::Data for KeyValueDatabase {
             &serde_json::to_vec(&cross_signing_key).expect("CrossSigningKey::to_vec always works"),
         )?;
 
-        // TODO: Should we notify about this change?
         self.mark_device_key_update(target_id)?;
 
         Ok(())

From 24402312c58855679ccfe58b0d3d27ae041b4336 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20K=C3=B6sters?= <timo@koesters.xyz>
Date: Sat, 15 Jul 2023 23:43:25 +0200
Subject: [PATCH 2/2] fix: could not verify own events

---
 src/service/globals/mod.rs | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/src/service/globals/mod.rs b/src/service/globals/mod.rs
index 5326b7a9..7d618298 100644
--- a/src/service/globals/mod.rs
+++ b/src/service/globals/mod.rs
@@ -1,5 +1,6 @@
 mod data;
 pub use data::Data;
+use ruma::serde::Base64;
 use ruma::{
     OwnedDeviceId, OwnedEventId, OwnedRoomId, OwnedServerName, OwnedServerSigningKeyId, OwnedUserId,
 };
@@ -316,7 +317,19 @@ impl Service {
         &self,
         origin: &ServerName,
     ) -> Result<BTreeMap<OwnedServerSigningKeyId, VerifyKey>> {
-        self.db.signing_keys_for(origin)
+        let mut keys = self.db.signing_keys_for(origin)?;
+        if origin == self.server_name() {
+            keys.insert(
+                format!("ed25519:{}", services().globals.keypair().version())
+                    .try_into()
+                    .expect("found invalid server signing keys in DB"),
+                VerifyKey {
+                    key: Base64::new(self.keypair.public_key().to_vec()),
+                },
+            );
+        }
+
+        Ok(keys)
     }
 
     pub fn database_version(&self) -> Result<u64> {