Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Cross-signing again [1/3] #4970

Closed
wants to merge 12 commits into from
Closed

Cross-signing again [1/3] #4970

wants to merge 12 commits into from

Conversation

uhoreg
Copy link
Member

@uhoreg uhoreg commented Mar 29, 2019

Together with #5726 and #5727, implements the synapse side of matrix-org/matrix-spec-proposals#1756 (as of the current version)
fixes #4110

This PR implements uploading cross-signing keys. #5726 implements uploading signatures. #5727 implements the federation bits.

@uhoreg uhoreg force-pushed the uhoreg/e2e_cross-signing2 branch from 7313284 to df95f2d Compare March 29, 2019 18:45
@codecov
Copy link

codecov bot commented Apr 1, 2019

Codecov Report

Merging #4970 into develop will decrease coverage by 0.35%.
The diff coverage is 40.47%.

@@             Coverage Diff             @@
##           develop    #4970      +/-   ##
===========================================
- Coverage    60.57%   60.21%   -0.36%     
===========================================
  Files          331      328       -3     
  Lines        34213    34480     +267     
  Branches      5655     5721      +66     
===========================================
+ Hits         20723    20762      +39     
- Misses       12012    12201     +189     
- Partials      1478     1517      +39

@codecov
Copy link

codecov bot commented Apr 1, 2019

Codecov Report

Merging #4970 into develop will decrease coverage by 0.73%.
The diff coverage is 48.63%.

@@             Coverage Diff             @@
##           develop    #4970      +/-   ##
===========================================
- Coverage    63.48%   62.74%   -0.74%     
===========================================
  Files          331      341      +10     
  Lines        36302    35760     -542     
  Branches      5990     5870     -120     
===========================================
- Hits         23046    22439     -607     
- Misses       11617    11720     +103     
+ Partials      1639     1601      -38

synapse/handlers/device.py Outdated Show resolved Hide resolved
@richvdh richvdh requested review from richvdh and removed request for richvdh April 25, 2019 14:29
@richvdh
Copy link
Member

richvdh commented Apr 25, 2019

(discussed in #synapse-dev)

@uhoreg uhoreg force-pushed the uhoreg/e2e_cross-signing2 branch from 5727e5d to fc6dab7 Compare May 22, 2019 20:50
@uhoreg uhoreg requested a review from a team May 23, 2019 01:58
@uhoreg uhoreg changed the title [WIP] Cross-signing again Cross-signing again May 23, 2019
@uhoreg uhoreg marked this pull request as ready for review May 23, 2019 02:20
Copy link
Member

@richvdh richvdh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry for sitting on this for so long.

Fundamentally the problem is that it's big and unwieldy and so a bit hard to follow and therefore hard to get started on.

I've done some review on the first commit, but I'm aware that it's only a small part of this PR. Would you be able to split this into separate PRs, so that we can land them incrementally and thus make better progress on it?

synapse/api/errors.py Show resolved Hide resolved
synapse/storage/devices.py Show resolved Hide resolved
*/

-- device signing keys for cross-signing
CREATE TABLE e2e_device_signing_keys (
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

delta files need to be idempotent if possible. the easiest option for this is generally to add IF NOT EXISTS to CREATE TABLE/INDEX commands.

It's a bit harder for the ADD COLUMN and normally we don't bother (it's mitigated by making it the last thing in the delta file so that it's unlikely that the change will happen but the schema update not get recorded).


-- device list needs to know which ones are "real" devices, and which ones are
-- just used to avoid collisions
ALTER TABLE devices ADD COLUMN hidden BOOLEAN DEFAULT FALSE;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is going to require a rewrite of the table, which is non-trivial on matrix.org. Can we just make the column nullable?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have some queries that look for hidden = false (e.g. 8567ff6#diff-21f2f9be6a999959ddb0f9e3769006ccR53 ). Is there a way to make them still work if the column is nullable?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You probably need custom sql rather than _simple_select_one. NULL is falsey in both sqlite and postgres so you can do select * from devices where not hidden.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

... no you can't. You need where hidden is not true. https://stackoverflow.com/a/46474204/637864

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

... except that doesn't work in sqlite. I hate computers.

select * from devices where not coalesce(hidden, ?); and pass False as a parameter.

It might be easier to ignore hidden in the sql and do the filtering in the python instead.

synapse/storage/end_to_end_keys.py Show resolved Hide resolved
# since signatures are identified by device ID. So add an entry to the
# device table to make sure that we don't have a collision with device
# IDs
for v in key["keys"].values():
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think I would spell this as pubkey = next(iter(key["keys"].values())), but ymmv.

More helpfully: could you add a comment documenting the shape of key to show why this is the right thing to do?

synapse/storage/end_to_end_keys.py Show resolved Hide resolved
@@ -281,3 +285,145 @@ def delete_e2e_keys_by_device_txn(txn):
return self.runInteraction(
"delete_e2e_keys_by_device", delete_e2e_keys_by_device_txn
)

def _set_e2e_device_signing_key_txn(self, txn, user_id, key_type, key):
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should this be called _set_e2e_cross_signing_key_txn ?

synapse/storage/end_to_end_keys.py Show resolved Hide resolved
@richvdh richvdh requested review from richvdh and removed request for richvdh July 12, 2019 11:32
@uhoreg uhoreg force-pushed the uhoreg/e2e_cross-signing2 branch from 4b29bcc to 0a8d70e Compare July 19, 2019 21:50
@uhoreg uhoreg changed the title Cross-signing again Cross-signing again [1/3] Jul 19, 2019
@uhoreg
Copy link
Member Author

uhoreg commented Jul 22, 2019

I think I've addressed all the concerns.

Note that the sytest is set up to run against this PR rather than the last PR, so it fails. I can fix this by either splitting the sytest PR into three, or changing the sytest PR to run against the last PR (which I think I need to do by creating a new sytest PR.)

@uhoreg uhoreg requested a review from a team July 22, 2019 21:07
Copy link
Member

@richvdh richvdh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is broadly sane, modulo the nitpicking below.

It's still a bit of a monster, though, and breaking it up even more would be helpful to check we're not missing anything. As a starting point, could you factor out the addition of the hidden column, and the updates to the existing code to support it?

@@ -0,0 +1 @@
Add support for cross-signing.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Add support for cross-signing.
Add support for cross-signing devices for end-to-end encryption.

or something

synapse/handlers/e2e_keys.py Show resolved Hide resolved
synapse/handlers/e2e_keys.py Show resolved Hide resolved
if key:
master_keys[user_id] = key
except Exception:
pass
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please don't swallow all exceptions with no logging or anything: this will lead to very hard-to-debug problems.

synapse/handlers/e2e_keys.py Show resolved Hide resolved
synapse/handlers/e2e_keys.py Show resolved Hide resolved
synapse/handlers/e2e_keys.py Show resolved Hide resolved
synapse/storage/devices.py Show resolved Hide resolved
}
"""

PATTERNS = client_patterns("/keys/device_signing/upload$")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is this meant to be on r0 or unstable? please can it only be on one of them, anyway?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess it goes on unstable until the MSC goes through?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah, I think so.

@richvdh
Copy link
Member

richvdh commented Jul 30, 2019

so I guess this is superceded by #5759 and #5769.

@richvdh richvdh closed this Jul 30, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants