Rewrite the KeyRing #10035

erikjohnston · 2021-05-21T13:30:31Z

Sorry for a bit of a mammoth PR, but this is a total rewrite of the KeyRing class to use BatchingQueue rather than a mess of deferreds. The idea here is that we write the functions out in a way to handle each server key request separately, and then rely on BatchingQueue to merge requests that happen at the same when querying the keys from the database or perspective key servers.

It's probably best to review commit by commit, and for the first to ignore the diff of the KeyRing class and instead look at the end result by itself:

synapse/synapse/crypto/keyring.py

Lines 281 to 447 in f941830

    
               async def process_request(self, verify_request: VerifyJsonRequest) -> None: 
        
                   """Processes the `VerifyJsonRequest`. Raises if the object is not signed 
        
                   by the server, the signatures don't match or we failed to fetch the 
        
                   necessary keys. 
        
                   """ 
        
                   if not verify_request.key_ids: 
        
                       raise SynapseError( 
        
                           400, 
        
                           f"Not signed by {verify_request.server_name}", 
        
                           Codes.UNAUTHORIZED, 
        
                       ) 
        
                   # Add they keys we need to verify to the queue for retrieval. We queue 
        
                   # up requests for the same server so we don't end up with many in flight 
        
                   # requests for the same keys. 
        
                   found_keys_by_server = await self._server_queue.add_to_queue( 
        
                       verify_request.to_fetch_key_request(), key=verify_request.server_name 
        
                   ) 
        
                   # Since we batch up requests the returned set of keys may contain keys 
        
                   # from other servers, so we pull out only the ones we care about.s 
        
                   found_keys = found_keys_by_server.get(verify_request.server_name, {}) 
        
                   # For each signature to check we ensure we have fetched the necessary 
        
                   # keys and the signature matches. 
        
                   for key_id in verify_request.key_ids: 
        
                       key_result = found_keys.get(key_id) 
        
                       if not key_result: 
        
                           raise SynapseError( 
        
                               401, 
        
                               f"Missing keys for {verify_request.server_name}: {key_id}", 
        
                               Codes.UNAUTHORIZED, 
        
                           ) 
        
                       if key_result.valid_until_ts < verify_request.minimum_valid_until_ts: 
        
                           raise SynapseError( 
        
                               401, 
        
                               f"Failed to find key with recent enough `valid_until_ts` for {verify_request.server_name}: {key_id}", 
        
                               Codes.UNAUTHORIZED, 
        
                           ) 
        
                       verify_key = key_result.verify_key 
        
                       try: 
        
                           json_object = verify_request.get_json_object() 
        
                           verify_signed_json( 
        
                               json_object, 
        
                               verify_request.server_name, 
        
                               verify_key, 
        
                           ) 
        
                       except SignatureVerifyException as e: 
        
                           logger.debug( 
        
                               "Error verifying signature for %s:%s:%s with key %s: %s", 
        
                               verify_request.server_name, 
        
                               verify_key.alg, 
        
                               verify_key.version, 
        
                               encode_verify_key_base64(verify_key), 
        
                               str(e), 
        
                           ) 
        
                           raise SynapseError( 
        
                               401, 
        
                               "Invalid signature for server %s with key %s:%s: %s" 
        
                               % ( 
        
                                   verify_request.server_name, 
        
                                   verify_key.alg, 
        
                                   verify_key.version, 
        
                                   str(e), 
        
                               ), 
        
                               Codes.UNAUTHORIZED, 
        
                           ) 
        
               async def _inner_fetch_key_requests( 
        
                   self, requests: List[_FetchKeyRequest] 
        
               ) -> Dict[str, Dict[str, FetchKeyResult]]: 
        
                   """Processing function for the queue of `_FetchKeyRequest`.""" 
        
                   logger.debug("Starting fetch for %s", requests) 
        
                   # First we need to deduplicate requests for the same key. We do this by 
        
                   # taking the *maximum* requested `minimum_valid_until_ts` for each pair 
        
                   # of server name/key ID. 
        
                   server_to_key_to_ts = {}  # type: Dict[str, Dict[str, int]] 
        
                   for request in requests: 
        
                       by_server = server_to_key_to_ts.setdefault(request.server_name, {}) 
        
                       for key_id in request.key_ids: 
        
                           existing_ts = by_server.get(key_id) 
        
                           if existing_ts: 
        
                               by_server[key_id] = max(request.minimum_valid_until_ts, existing_ts) 
        
                           else: 
        
                               by_server[key_id] = request.minimum_valid_until_ts 
        
                   deduped_requests = [ 
        
                       _FetchKeyRequest(server_name, minimum_valid_ts, [key_id]) 
        
                       for server_name, by_server in server_to_key_to_ts.items() 
        
                       for key_id, minimum_valid_ts in by_server.items() 
        
                   ] 
        
                   logger.debug("Deduplicated key requests to %s", deduped_requests) 
        
                   # For each key we call `_inner_verify_request` which will handle 
        
                   # fetching each key. Note these shouldn't throw if we fail to contact 
        
                   # other servers etc. 
        
                   results_per_request = await yieldable_gather_results( 
        
                       self._inner_fetch_key_request, 
        
                       deduped_requests, 
        
                   ) 
        
                   # We now convert the returned list of results into a map from server 
        
                   # name to key ID to FetchKeyResult, to return. 
        
                   to_return = {}  # type: Dict[str, Dict[str, FetchKeyResult]] 
        
                   for (request, results) in zip(deduped_requests, results_per_request): 
        
                       to_return_by_server = to_return.setdefault(request.server_name, {}) 
        
                       for key_id, key_result in results.items(): 
        
                           existing = to_return_by_server.get(key_id) 
        
                           if not existing or existing.valid_until_ts < key_result.valid_until_ts: 
        
                               to_return_by_server[key_id] = key_result 
        
                   return to_return 
        
               async def _inner_fetch_key_request( 
        
                   self, verify_request: _FetchKeyRequest 
        
               ) -> Dict[str, FetchKeyResult]: 
        
                   """Attempt to fetch the given key by calling each key fetcher one by 
        
                   one. 
        
                   """ 
        
                   logger.debug("Starting fetch for %s", verify_request) 
        
                   found_keys: Dict[str, FetchKeyResult] = {} 
        
                   missing_key_ids = set(verify_request.key_ids) 
        
                   for fetcher in self._key_fetchers: 
        
                       if not missing_key_ids: 
        
                           break 
        
                       logger.debug("Getting keys from %s for %s", fetcher, verify_request) 
        
                       keys = await fetcher.get_keys( 
        
                           verify_request.server_name, 
        
                           list(missing_key_ids), 
        
                           verify_request.minimum_valid_until_ts, 
        
                       ) 
        
                       for key_id, key in keys.items(): 
        
                           if not key: 
        
                               continue 
        
                           # If we already have a result for the given key ID we keep the 
        
                           # one with the highest `valid_until_ts`. 
        
                           existing_key = found_keys.get(key_id) 
        
                           if existing_key: 
        
                               if key.valid_until_ts <= existing_key.valid_until_ts: 
        
                                   continue 
        
                           # We always store the returned key even if it doesn't the 
        
                           # `minimum_valid_until_ts` requirement, as some verification 
        
                           # requests may still be able to be satisfied by it. 
        
                           # 
        
                           # We still keep looking for the key from other fetchers in that 
        
                           # case though. 
        
                           found_keys[key_id] = key 
        
                           if key.valid_until_ts < verify_request.minimum_valid_until_ts: 
        
                               continue 
        
                           missing_key_ids.discard(key_id) 
        
                   return found_keys

Fixes #3825

richvdh

well, it's certainly much clearer now.

I've got a few concerns though. The big one is about what performance of concurrent fetches of keys when one key is quick and another is slow.

I'm also a bit concerned about dropping the event id from the logs when verification fails.

synapse/crypto/keyring.py

richvdh · 2021-05-26T11:59:39Z

synapse/crypto/keyring.py

+    server_name = attr.ib(type=str)
+    minimum_valid_until_ts = attr.ib(type=int)
+    key_ids = attr.ib(type=List[str])


give these some docstrings? In particular, is key_ids disjunctive (any one key id will do) or conjunctive (we want all of them?)

(aside: do we define anywhere what the semantics should be if a JSON object is signed by multiple keys from the same server? Do they all have to be verified, or will one do? It looks like currently we require them all, but semantically that feels wrong to me.)

This does feel wrong to me, and re-reading the previous code I think we actually did only require one signature to be valid?

Could you have a quick look to see if you agree that that's the case, and then I'll fix this PR to do the same (and document it at the same time)

yes, looks like we will run the verification with the first key we find.

Pushed the change. The code works slightly differently now where we try and find all the keys before running the verifications, and also bails if either a) any of the keys we find fail verification or b) we don't find any keys.

I don't think the change matters much, as I think its pretty rare for a server to sign the same event multiple times?

synapse/crypto/keyring.py

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>

…ring

richvdh

lgtm other than the nits below

synapse/crypto/keyring.py

tests/crypto/test_keyring.py

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>

@dklimpel

Synapse 1.36.0 (2021-06-15) =========================== No significant changes. Synapse 1.36.0rc2 (2021-06-11) ============================== Bugfixes -------- - Fix a bug which caused presence updates to stop working some time after a restart, when using a presence writer worker. Broke in v1.33.0. ([\matrix-org#10149](matrix-org#10149)) - Fix a bug when using federation sender worker where it would send out more presence updates than necessary, leading to high resource usage. Broke in v1.33.0. ([\matrix-org#10163](matrix-org#10163)) - Fix a bug where Synapse could send the same presence update to a remote twice. ([\matrix-org#10165](matrix-org#10165)) Synapse 1.36.0rc1 (2021-06-08) ============================== Features -------- - Add new endpoint `/_matrix/client/r0/rooms/{roomId}/aliases` from Client-Server API r0.6.1 (previously [MSC2432](matrix-org/matrix-spec-proposals#2432)). ([\matrix-org#9224](matrix-org#9224)) - Improve performance of incoming federation transactions in large rooms. ([\matrix-org#9953](matrix-org#9953), [\matrix-org#9973](matrix-org#9973)) - Rewrite logic around verifying JSON object and fetching server keys to be more performant and use less memory. ([\matrix-org#10035](matrix-org#10035)) - Add new admin APIs for unprotecting local media from quarantine. Contributed by @dklimpel. ([\matrix-org#10040](matrix-org#10040)) - Add new admin APIs to remove media by media ID from quarantine. Contributed by @dklimpel. ([\matrix-org#10044](matrix-org#10044)) - Make reason and score parameters optional for reporting content. Implements [MSC2414](matrix-org/matrix-spec-proposals#2414). Contributed by Callum Brown. ([\matrix-org#10077](matrix-org#10077)) - Add support for routing more requests to workers. ([\matrix-org#10084](matrix-org#10084)) - Report OpenTracing spans for database activity. ([\matrix-org#10113](matrix-org#10113), [\matrix-org#10136](matrix-org#10136), [\matrix-org#10141](matrix-org#10141)) - Significantly reduce memory usage of joining large remote rooms. ([\matrix-org#10117](matrix-org#10117)) Bugfixes -------- - Fixed a bug causing replication requests to fail when receiving a lot of events via federation. ([\matrix-org#10082](matrix-org#10082)) - Fix a bug in the `force_tracing_for_users` option introduced in Synapse v1.35 which meant that the OpenTracing spans produced were missing most tags. ([\matrix-org#10092](matrix-org#10092)) - Fixed a bug that could cause Synapse to stop notifying application services. Contributed by Willem Mulder. ([\matrix-org#10107](matrix-org#10107)) - Fix bug where the server would attempt to fetch the same history in the room from a remote server multiple times in parallel. ([\matrix-org#10116](matrix-org#10116)) - Fix a bug introduced in Synapse 1.33.0 which caused replication requests to fail when receiving a lot of very large events via federation. ([\matrix-org#10118](matrix-org#10118)) - Fix bug when using workers where pagination requests failed if a remote server returned zero events from `/backfill`. Introduced in 1.35.0. ([\matrix-org#10133](matrix-org#10133)) Improved Documentation ---------------------- - Clarify security note regarding hosting Synapse on the same domain as other web applications. ([\matrix-org#9221](matrix-org#9221)) - Update CAPTCHA documentation to mention turning off the verify origin feature. Contributed by @aaronraimist. ([\matrix-org#10046](matrix-org#10046)) - Tweak wording of database recommendation in `INSTALL.md`. Contributed by @aaronraimist. ([\matrix-org#10057](matrix-org#10057)) - Add initial infrastructure for rendering Synapse documentation with mdbook. ([\matrix-org#10086](matrix-org#10086)) - Convert the remaining Admin API documentation files to markdown. ([\matrix-org#10089](matrix-org#10089)) - Make a link in docs use HTTPS. Contributed by @RhnSharma. ([\matrix-org#10130](matrix-org#10130)) - Fix broken link in Docker docs. ([\matrix-org#10132](matrix-org#10132)) Deprecations and Removals ------------------------- - Remove the experimental `spaces_enabled` flag. The spaces features are always available now. ([\matrix-org#10063](matrix-org#10063)) Internal Changes ---------------- - Tell CircleCI to build Docker images from `main` branch. ([\matrix-org#9906](matrix-org#9906)) - Simplify naming convention for release branches to only include the major and minor version numbers. ([\matrix-org#10013](matrix-org#10013)) - Add `parse_strings_from_args` for parsing an array from query parameters. ([\matrix-org#10048](matrix-org#10048), [\matrix-org#10137](matrix-org#10137)) - Remove some dead code regarding TLS certificate handling. ([\matrix-org#10054](matrix-org#10054)) - Remove redundant, unmaintained `convert_server_keys` script. ([\matrix-org#10055](matrix-org#10055)) - Improve the error message printed by synctl when synapse fails to start. ([\matrix-org#10059](matrix-org#10059)) - Fix GitHub Actions lint for newsfragments. ([\matrix-org#10069](matrix-org#10069)) - Update opentracing to inject the right context into the carrier. ([\matrix-org#10074](matrix-org#10074)) - Fix up `BatchingQueue` implementation. ([\matrix-org#10078](matrix-org#10078)) - Log method and path when dropping request due to size limit. ([\matrix-org#10091](matrix-org#10091)) - In Github Actions workflows, summarize the Sytest results in an easy-to-read format. ([\matrix-org#10094](matrix-org#10094)) - Make `/sync` do fewer state resolutions. ([\matrix-org#10102](matrix-org#10102)) - Add missing type hints to the admin API servlets. ([\matrix-org#10105](matrix-org#10105)) - Improve opentracing annotations for `Notifier`. ([\matrix-org#10111](matrix-org#10111)) - Enable Prometheus metrics for the jaeger client library. ([\matrix-org#10112](matrix-org#10112)) - Work to improve the responsiveness of `/sync` requests. ([\matrix-org#10124](matrix-org#10124)) - OpenTracing: use a consistent name for background processes. ([\matrix-org#10135](matrix-org#10135))

@Sorunome

Synapse 1.37.0 (2021-06-29) =========================== This release deprecates the current spam checker interface. See the [upgrade notes](https://matrix-org.github.io/synapse/develop/upgrade#deprecation-of-the-current-spam-checker-interface) for more information on how to update to the new generic module interface. This release also removes support for fetching and renewing TLS certificates using the ACME v1 protocol, which has been fully decommissioned by Let's Encrypt on June 1st 2021. Admins previously using this feature should use a [reverse proxy](https://matrix-org.github.io/synapse/develop/reverse_proxy.html) to handle TLS termination, or use an external ACME client (such as [certbot](https://certbot.eff.org/)) to retrieve a certificate and key and provide them to Synapse using the `tls_certificate_path` and `tls_private_key_path` configuration settings. Synapse 1.37.0rc1 (2021-06-24) ============================== Features -------- - Implement "room knocking" as per [MSC2403](matrix-org/matrix-spec-proposals#2403). Contributed by @Sorunome and anoa. ([\#6739](matrix-org/synapse#6739), [\#9359](matrix-org/synapse#9359), [\#10167](matrix-org/synapse#10167), [\#10212](matrix-org/synapse#10212), [\#10227](matrix-org/synapse#10227)) - Add experimental support for backfilling history into rooms ([MSC2716](matrix-org/matrix-spec-proposals#2716)). ([\#9247](matrix-org/synapse#9247)) - Implement a generic interface for third-party plugin modules. ([\#10062](matrix-org/synapse#10062), [\#10206](matrix-org/synapse#10206)) - Implement config option `sso.update_profile_information` to sync SSO users' profile information with the identity provider each time they login. Currently only displayname is supported. ([\#10108](matrix-org/synapse#10108)) - Ensure that errors during startup are written to the logs and the console. ([\#10191](matrix-org/synapse#10191)) Bugfixes -------- - Fix a bug introduced in Synapse v1.25.0 that prevented the `ip_range_whitelist` configuration option from working for federation and identity servers. Contributed by @mikure. ([\#10115](matrix-org/synapse#10115)) - Remove a broken import line in Synapse's `admin_cmd` worker. Broke in Synapse v1.33.0. ([\#10154](matrix-org/synapse#10154)) - Fix a bug introduced in Synapse v1.21.0 which could cause `/sync` to return immediately with an empty response. ([\#10157](matrix-org/synapse#10157), [\#10158](matrix-org/synapse#10158)) - Fix a minor bug in the response to `/_matrix/client/r0/user/{user}/openid/request_token` causing `expires_in` to be a float instead of an integer. Contributed by @lukaslihotzki. ([\#10175](matrix-org/synapse#10175)) - Always require users to re-authenticate for dangerous operations: deactivating an account, modifying an account password, and adding 3PIDs. ([\#10184](matrix-org/synapse#10184)) - Fix a bug introduced in Synpase v1.7.2 where remote server count metrics collection would be incorrectly delayed on startup. Found by @heftig. ([\#10195](matrix-org/synapse#10195)) - Fix a bug introduced in Synapse v1.35.1 where an `allow` key of a `m.room.join_rules` event could be applied for incorrect room versions and configurations. ([\#10208](matrix-org/synapse#10208)) - Fix performance regression in responding to user key requests over federation. Introduced in Synapse v1.34.0rc1. ([\#10221](matrix-org/synapse#10221)) Improved Documentation ---------------------- - Add a new guide to decoding request logs. ([\#8436](matrix-org/synapse#8436)) - Mention in the sample homeserver config that you may need to configure max upload size in your reverse proxy. Contributed by @aaronraimist. ([\#10122](matrix-org/synapse#10122)) - Fix broken links in documentation. ([\#10180](matrix-org/synapse#10180)) - Deploy a snapshot of the documentation website upon each new Synapse release. ([\#10198](matrix-org/synapse#10198)) Deprecations and Removals ------------------------- - The current spam checker interface is deprecated in favour of a new generic modules system. See the [upgrade notes](https://matrix-org.github.io/synapse/develop/upgrade#deprecation-of-the-current-spam-checker-interface) for more information on how to update to the new system. ([\#10062](matrix-org/synapse#10062), [\#10210](matrix-org/synapse#10210), [\#10238](matrix-org/synapse#10238)) - Stop supporting the unstable spaces prefixes from MSC1772. ([\#10161](matrix-org/synapse#10161)) - Remove Synapse's support for automatically fetching and renewing certificates using the ACME v1 protocol. This protocol has been fully turned off by Let's Encrypt for existing installations on June 1st 2021. Admins previously using this feature should use a [reverse proxy](https://matrix-org.github.io/synapse/develop/reverse_proxy.html) to handle TLS termination, or use an external ACME client (such as [certbot](https://certbot.eff.org/)) to retrieve a certificate and key and provide them to Synapse using the `tls_certificate_path` and `tls_private_key_path` configuration settings. ([\#10194](matrix-org/synapse#10194)) Internal Changes ---------------- - Update the database schema versioning to support gradual migration away from legacy tables. ([\#9933](matrix-org/synapse#9933)) - Add type hints to the federation servlets. ([\#10080](matrix-org/synapse#10080)) - Improve OpenTracing for event persistence. ([\#10134](matrix-org/synapse#10134), [\#10193](matrix-org/synapse#10193)) - Clean up the interface for injecting OpenTracing over HTTP. ([\#10143](matrix-org/synapse#10143)) - Limit the number of in-flight `/keys/query` requests from a single device. ([\#10144](matrix-org/synapse#10144)) - Refactor EventPersistenceQueue. ([\#10145](matrix-org/synapse#10145)) - Document `SYNAPSE_TEST_LOG_LEVEL` to see the logger output when running tests. ([\#10148](matrix-org/synapse#10148)) - Update the Complement build tags in GitHub Actions to test currently experimental features. ([\#10155](matrix-org/synapse#10155)) - Add a `synapse_federation_soft_failed_events_total` metric to track how often events are soft failed. ([\#10156](matrix-org/synapse#10156)) - Fetch the corresponding complement branch when performing CI. ([\#10160](matrix-org/synapse#10160)) - Add some developer documentation about boolean columns in database schemas. ([\#10164](matrix-org/synapse#10164)) - Add extra logging fields to better debug where events are being soft failed. ([\#10168](matrix-org/synapse#10168)) - Add debug logging for when we enter and exit `Measure` blocks. ([\#10183](matrix-org/synapse#10183)) - Improve comments in structured logging code. ([\#10188](matrix-org/synapse#10188)) - Update [MSC3083](matrix-org/matrix-spec-proposals#3083) support with modifications from the MSC. ([\#10189](matrix-org/synapse#10189)) - Remove redundant DNS lookup limiter. ([\#10190](matrix-org/synapse#10190)) - Upgrade `black` linting tool to 21.6b0. ([\#10197](matrix-org/synapse#10197)) - Expose OpenTracing trace id in response headers. ([\#10199](matrix-org/synapse#10199)) Synapse 1.36.0 (2021-06-15) =========================== No significant changes. Synapse 1.36.0rc2 (2021-06-11) ============================== Bugfixes -------- - Fix a bug which caused presence updates to stop working some time after a restart, when using a presence writer worker. Broke in v1.33.0. ([\#10149](matrix-org/synapse#10149)) - Fix a bug when using federation sender worker where it would send out more presence updates than necessary, leading to high resource usage. Broke in v1.33.0. ([\#10163](matrix-org/synapse#10163)) - Fix a bug where Synapse could send the same presence update to a remote twice. ([\#10165](matrix-org/synapse#10165)) Synapse 1.36.0rc1 (2021-06-08) ============================== Features -------- - Add new endpoint `/_matrix/client/r0/rooms/{roomId}/aliases` from Client-Server API r0.6.1 (previously [MSC2432](matrix-org/matrix-spec-proposals#2432)). ([\#9224](matrix-org/synapse#9224)) - Improve performance of incoming federation transactions in large rooms. ([\#9953](matrix-org/synapse#9953), [\#9973](matrix-org/synapse#9973)) - Rewrite logic around verifying JSON object and fetching server keys to be more performant and use less memory. ([\#10035](matrix-org/synapse#10035)) - Add new admin APIs for unprotecting local media from quarantine. Contributed by @dklimpel. ([\#10040](matrix-org/synapse#10040)) - Add new admin APIs to remove media by media ID from quarantine. Contributed by @dklimpel. ([\#10044](matrix-org/synapse#10044)) - Make reason and score parameters optional for reporting content. Implements [MSC2414](matrix-org/matrix-spec-proposals#2414). Contributed by Callum Brown. ([\#10077](matrix-org/synapse#10077)) - Add support for routing more requests to workers. ([\#10084](matrix-org/synapse#10084)) - Report OpenTracing spans for database activity. ([\#10113](matrix-org/synapse#10113), [\#10136](matrix-org/synapse#10136), [\#10141](matrix-org/synapse#10141)) - Significantly reduce memory usage of joining large remote rooms. ([\#10117](matrix-org/synapse#10117)) Bugfixes -------- - Fixed a bug causing replication requests to fail when receiving a lot of events via federation. ([\#10082](matrix-org/synapse#10082)) - Fix a bug in the `force_tracing_for_users` option introduced in Synapse v1.35 which meant that the OpenTracing spans produced were missing most tags. ([\#10092](matrix-org/synapse#10092)) - Fixed a bug that could cause Synapse to stop notifying application services. Contributed by Willem Mulder. ([\#10107](matrix-org/synapse#10107)) - Fix bug where the server would attempt to fetch the same history in the room from a remote server multiple times in parallel. ([\#10116](matrix-org/synapse#10116)) - Fix a bug introduced in Synapse 1.33.0 which caused replication requests to fail when receiving a lot of very large events via federation. ([\#10118](matrix-org/synapse#10118)) - Fix bug when using workers where pagination requests failed if a remote server returned zero events from `/backfill`. Introduced in 1.35.0. ([\#10133](matrix-org/synapse#10133)) Improved Documentation ---------------------- - Clarify security note regarding hosting Synapse on the same domain as other web applications. ([\#9221](matrix-org/synapse#9221)) - Update CAPTCHA documentation to mention turning off the verify origin feature. Contributed by @aaronraimist. ([\#10046](matrix-org/synapse#10046)) - Tweak wording of database recommendation in `INSTALL.md`. Contributed by @aaronraimist. ([\#10057](matrix-org/synapse#10057)) - Add initial infrastructure for rendering Synapse documentation with mdbook. ([\#10086](matrix-org/synapse#10086)) - Convert the remaining Admin API documentation files to markdown. ([\#10089](matrix-org/synapse#10089)) - Make a link in docs use HTTPS. Contributed by @RhnSharma. ([\#10130](matrix-org/synapse#10130)) - Fix broken link in Docker docs. ([\#10132](matrix-org/synapse#10132)) Deprecations and Removals ------------------------- - Remove the experimental `spaces_enabled` flag. The spaces features are always available now. ([\#10063](matrix-org/synapse#10063)) Internal Changes ---------------- - Tell CircleCI to build Docker images from `main` branch. ([\#9906](matrix-org/synapse#9906)) - Simplify naming convention for release branches to only include the major and minor version numbers. ([\#10013](matrix-org/synapse#10013)) - Add `parse_strings_from_args` for parsing an array from query parameters. ([\#10048](matrix-org/synapse#10048), [\#10137](matrix-org/synapse#10137)) - Remove some dead code regarding TLS certificate handling. ([\#10054](matrix-org/synapse#10054)) - Remove redundant, unmaintained `convert_server_keys` script. ([\#10055](matrix-org/synapse#10055)) - Improve the error message printed by synctl when synapse fails to start. ([\#10059](matrix-org/synapse#10059)) - Fix GitHub Actions lint for newsfragments. ([\#10069](matrix-org/synapse#10069)) - Update opentracing to inject the right context into the carrier. ([\#10074](matrix-org/synapse#10074)) - Fix up `BatchingQueue` implementation. ([\#10078](matrix-org/synapse#10078)) - Log method and path when dropping request due to size limit. ([\#10091](matrix-org/synapse#10091)) - In Github Actions workflows, summarize the Sytest results in an easy-to-read format. ([\#10094](matrix-org/synapse#10094)) - Make `/sync` do fewer state resolutions. ([\#10102](matrix-org/synapse#10102)) - Add missing type hints to the admin API servlets. ([\#10105](matrix-org/synapse#10105)) - Improve opentracing annotations for `Notifier`. ([\#10111](matrix-org/synapse#10111)) - Enable Prometheus metrics for the jaeger client library. ([\#10112](matrix-org/synapse#10112)) - Work to improve the responsiveness of `/sync` requests. ([\#10124](matrix-org/synapse#10124)) - OpenTracing: use a consistent name for background processes. ([\#10135](matrix-org/synapse#10135))

@dklimpel

Synapse 1.36.0 (2021-06-15) =========================== No significant changes. Synapse 1.36.0rc2 (2021-06-11) ============================== Bugfixes -------- - Fix a bug which caused presence updates to stop working some time after a restart, when using a presence writer worker. Broke in v1.33.0. ([\#10149](matrix-org/synapse#10149)) - Fix a bug when using federation sender worker where it would send out more presence updates than necessary, leading to high resource usage. Broke in v1.33.0. ([\#10163](matrix-org/synapse#10163)) - Fix a bug where Synapse could send the same presence update to a remote twice. ([\#10165](matrix-org/synapse#10165)) Synapse 1.36.0rc1 (2021-06-08) ============================== Features -------- - Add new endpoint `/_matrix/client/r0/rooms/{roomId}/aliases` from Client-Server API r0.6.1 (previously [MSC2432](matrix-org/matrix-spec-proposals#2432)). ([\#9224](matrix-org/synapse#9224)) - Improve performance of incoming federation transactions in large rooms. ([\#9953](matrix-org/synapse#9953), [\#9973](matrix-org/synapse#9973)) - Rewrite logic around verifying JSON object and fetching server keys to be more performant and use less memory. ([\#10035](matrix-org/synapse#10035)) - Add new admin APIs for unprotecting local media from quarantine. Contributed by @dklimpel. ([\#10040](matrix-org/synapse#10040)) - Add new admin APIs to remove media by media ID from quarantine. Contributed by @dklimpel. ([\#10044](matrix-org/synapse#10044)) - Make reason and score parameters optional for reporting content. Implements [MSC2414](matrix-org/matrix-spec-proposals#2414). Contributed by Callum Brown. ([\#10077](matrix-org/synapse#10077)) - Add support for routing more requests to workers. ([\#10084](matrix-org/synapse#10084)) - Report OpenTracing spans for database activity. ([\#10113](matrix-org/synapse#10113), [\#10136](matrix-org/synapse#10136), [\#10141](matrix-org/synapse#10141)) - Significantly reduce memory usage of joining large remote rooms. ([\#10117](matrix-org/synapse#10117)) Bugfixes -------- - Fixed a bug causing replication requests to fail when receiving a lot of events via federation. ([\#10082](matrix-org/synapse#10082)) - Fix a bug in the `force_tracing_for_users` option introduced in Synapse v1.35 which meant that the OpenTracing spans produced were missing most tags. ([\#10092](matrix-org/synapse#10092)) - Fixed a bug that could cause Synapse to stop notifying application services. Contributed by Willem Mulder. ([\#10107](matrix-org/synapse#10107)) - Fix bug where the server would attempt to fetch the same history in the room from a remote server multiple times in parallel. ([\#10116](matrix-org/synapse#10116)) - Fix a bug introduced in Synapse 1.33.0 which caused replication requests to fail when receiving a lot of very large events via federation. ([\#10118](matrix-org/synapse#10118)) - Fix bug when using workers where pagination requests failed if a remote server returned zero events from `/backfill`. Introduced in 1.35.0. ([\#10133](matrix-org/synapse#10133)) Improved Documentation ---------------------- - Clarify security note regarding hosting Synapse on the same domain as other web applications. ([\#9221](matrix-org/synapse#9221)) - Update CAPTCHA documentation to mention turning off the verify origin feature. Contributed by @aaronraimist. ([\#10046](matrix-org/synapse#10046)) - Tweak wording of database recommendation in `INSTALL.md`. Contributed by @aaronraimist. ([\#10057](matrix-org/synapse#10057)) - Add initial infrastructure for rendering Synapse documentation with mdbook. ([\#10086](matrix-org/synapse#10086)) - Convert the remaining Admin API documentation files to markdown. ([\#10089](matrix-org/synapse#10089)) - Make a link in docs use HTTPS. Contributed by @RhnSharma. ([\#10130](matrix-org/synapse#10130)) - Fix broken link in Docker docs. ([\#10132](matrix-org/synapse#10132)) Deprecations and Removals ------------------------- - Remove the experimental `spaces_enabled` flag. The spaces features are always available now. ([\#10063](matrix-org/synapse#10063)) Internal Changes ---------------- - Tell CircleCI to build Docker images from `main` branch. ([\#9906](matrix-org/synapse#9906)) - Simplify naming convention for release branches to only include the major and minor version numbers. ([\#10013](matrix-org/synapse#10013)) - Add `parse_strings_from_args` for parsing an array from query parameters. ([\#10048](matrix-org/synapse#10048), [\#10137](matrix-org/synapse#10137)) - Remove some dead code regarding TLS certificate handling. ([\#10054](matrix-org/synapse#10054)) - Remove redundant, unmaintained `convert_server_keys` script. ([\#10055](matrix-org/synapse#10055)) - Improve the error message printed by synctl when synapse fails to start. ([\#10059](matrix-org/synapse#10059)) - Fix GitHub Actions lint for newsfragments. ([\#10069](matrix-org/synapse#10069)) - Update opentracing to inject the right context into the carrier. ([\#10074](matrix-org/synapse#10074)) - Fix up `BatchingQueue` implementation. ([\#10078](matrix-org/synapse#10078)) - Log method and path when dropping request due to size limit. ([\#10091](matrix-org/synapse#10091)) - In Github Actions workflows, summarize the Sytest results in an easy-to-read format. ([\#10094](matrix-org/synapse#10094)) - Make `/sync` do fewer state resolutions. ([\#10102](matrix-org/synapse#10102)) - Add missing type hints to the admin API servlets. ([\#10105](matrix-org/synapse#10105)) - Improve opentracing annotations for `Notifier`. ([\#10111](matrix-org/synapse#10111)) - Enable Prometheus metrics for the jaeger client library. ([\#10112](matrix-org/synapse#10112)) - Work to improve the responsiveness of `/sync` requests. ([\#10124](matrix-org/synapse#10124)) - OpenTracing: use a consistent name for background processes. ([\#10135](matrix-org/synapse#10135))

@dklimpel

Synapse 1.36.0 (2021-06-15) =========================== No significant changes. Synapse 1.36.0rc2 (2021-06-11) ============================== Bugfixes -------- - Fix a bug which caused presence updates to stop working some time after a restart, when using a presence writer worker. Broke in v1.33.0. ([\matrix-org#10149](matrix-org#10149)) - Fix a bug when using federation sender worker where it would send out more presence updates than necessary, leading to high resource usage. Broke in v1.33.0. ([\matrix-org#10163](matrix-org#10163)) - Fix a bug where Synapse could send the same presence update to a remote twice. ([\matrix-org#10165](matrix-org#10165)) Synapse 1.36.0rc1 (2021-06-08) ============================== Features -------- - Add new endpoint `/_matrix/client/r0/rooms/{roomId}/aliases` from Client-Server API r0.6.1 (previously [MSC2432](matrix-org/matrix-spec-proposals#2432)). ([\matrix-org#9224](matrix-org#9224)) - Improve performance of incoming federation transactions in large rooms. ([\matrix-org#9953](matrix-org#9953), [\matrix-org#9973](matrix-org#9973)) - Rewrite logic around verifying JSON object and fetching server keys to be more performant and use less memory. ([\matrix-org#10035](matrix-org#10035)) - Add new admin APIs for unprotecting local media from quarantine. Contributed by @dklimpel. ([\matrix-org#10040](matrix-org#10040)) - Add new admin APIs to remove media by media ID from quarantine. Contributed by @dklimpel. ([\matrix-org#10044](matrix-org#10044)) - Make reason and score parameters optional for reporting content. Implements [MSC2414](matrix-org/matrix-spec-proposals#2414). Contributed by Callum Brown. ([\matrix-org#10077](matrix-org#10077)) - Add support for routing more requests to workers. ([\matrix-org#10084](matrix-org#10084)) - Report OpenTracing spans for database activity. ([\matrix-org#10113](matrix-org#10113), [\matrix-org#10136](matrix-org#10136), [\matrix-org#10141](matrix-org#10141)) - Significantly reduce memory usage of joining large remote rooms. ([\matrix-org#10117](matrix-org#10117)) Bugfixes -------- - Fixed a bug causing replication requests to fail when receiving a lot of events via federation. ([\matrix-org#10082](matrix-org#10082)) - Fix a bug in the `force_tracing_for_users` option introduced in Synapse v1.35 which meant that the OpenTracing spans produced were missing most tags. ([\matrix-org#10092](matrix-org#10092)) - Fixed a bug that could cause Synapse to stop notifying application services. Contributed by Willem Mulder. ([\matrix-org#10107](matrix-org#10107)) - Fix bug where the server would attempt to fetch the same history in the room from a remote server multiple times in parallel. ([\matrix-org#10116](matrix-org#10116)) - Fix a bug introduced in Synapse 1.33.0 which caused replication requests to fail when receiving a lot of very large events via federation. ([\matrix-org#10118](matrix-org#10118)) - Fix bug when using workers where pagination requests failed if a remote server returned zero events from `/backfill`. Introduced in 1.35.0. ([\matrix-org#10133](matrix-org#10133)) Improved Documentation ---------------------- - Clarify security note regarding hosting Synapse on the same domain as other web applications. ([\matrix-org#9221](matrix-org#9221)) - Update CAPTCHA documentation to mention turning off the verify origin feature. Contributed by @aaronraimist. ([\matrix-org#10046](matrix-org#10046)) - Tweak wording of database recommendation in `INSTALL.md`. Contributed by @aaronraimist. ([\matrix-org#10057](matrix-org#10057)) - Add initial infrastructure for rendering Synapse documentation with mdbook. ([\matrix-org#10086](matrix-org#10086)) - Convert the remaining Admin API documentation files to markdown. ([\matrix-org#10089](matrix-org#10089)) - Make a link in docs use HTTPS. Contributed by @RhnSharma. ([\matrix-org#10130](matrix-org#10130)) - Fix broken link in Docker docs. ([\matrix-org#10132](matrix-org#10132)) Deprecations and Removals ------------------------- - Remove the experimental `spaces_enabled` flag. The spaces features are always available now. ([\matrix-org#10063](matrix-org#10063)) Internal Changes ---------------- - Tell CircleCI to build Docker images from `main` branch. ([\matrix-org#9906](matrix-org#9906)) - Simplify naming convention for release branches to only include the major and minor version numbers. ([\matrix-org#10013](matrix-org#10013)) - Add `parse_strings_from_args` for parsing an array from query parameters. ([\matrix-org#10048](matrix-org#10048), [\matrix-org#10137](matrix-org#10137)) - Remove some dead code regarding TLS certificate handling. ([\matrix-org#10054](matrix-org#10054)) - Remove redundant, unmaintained `convert_server_keys` script. ([\matrix-org#10055](matrix-org#10055)) - Improve the error message printed by synctl when synapse fails to start. ([\matrix-org#10059](matrix-org#10059)) - Fix GitHub Actions lint for newsfragments. ([\matrix-org#10069](matrix-org#10069)) - Update opentracing to inject the right context into the carrier. ([\matrix-org#10074](matrix-org#10074)) - Fix up `BatchingQueue` implementation. ([\matrix-org#10078](matrix-org#10078)) - Log method and path when dropping request due to size limit. ([\matrix-org#10091](matrix-org#10091)) - In Github Actions workflows, summarize the Sytest results in an easy-to-read format. ([\matrix-org#10094](matrix-org#10094)) - Make `/sync` do fewer state resolutions. ([\matrix-org#10102](matrix-org#10102)) - Add missing type hints to the admin API servlets. ([\matrix-org#10105](matrix-org#10105)) - Improve opentracing annotations for `Notifier`. ([\matrix-org#10111](matrix-org#10111)) - Enable Prometheus metrics for the jaeger client library. ([\matrix-org#10112](matrix-org#10112)) - Work to improve the responsiveness of `/sync` requests. ([\matrix-org#10124](matrix-org#10124)) - OpenTracing: use a consistent name for background processes. ([\matrix-org#10135](matrix-org#10135))

erikjohnston added 2 commits May 21, 2021 14:24

Rewrite KeyRing

f941830

Fix remote resource

83d5280

erikjohnston force-pushed the erikj/refactor_keyring branch from 540a594 to 89d68f1 Compare May 21, 2021 13:33

erikjohnston added 2 commits May 21, 2021 14:36

Remove request name

66a532f

Newsfile

e193611

erikjohnston force-pushed the erikj/refactor_keyring branch from 89d68f1 to e193611 Compare May 21, 2021 13:37

erikjohnston requested a review from a team May 21, 2021 13:41

Fix tests

dc19b1a

richvdh mentioned this pull request May 26, 2021

Problems with BatchingQueue #10068

Closed

richvdh self-assigned this May 26, 2021

richvdh suggested changes May 26, 2021

View reviewed changes

erikjohnston and others added 7 commits May 26, 2021 15:12

Make verify_json_for_server async

b455415

Remove superfluous ensureDeferred

eec11d6

Move get_json_object() out from try/except

5db369d

Apply suggestions from code review

1165010

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>

fmt

fbdabd4

Add docstring

3dc8841

Only require one signature to be verified per server

dbde355

erikjohnston requested a review from richvdh May 28, 2021 13:51

erikjohnston added 3 commits June 1, 2021 08:32

Merge remote-tracking branch 'origin/develop' into erikj/refactor_key…

60905f1

…ring

Fix tests now that we use BatchingQueue

a596fc0

Fix tests when using old prometheus lib

4091155

richvdh approved these changes Jun 2, 2021

View reviewed changes

synapse/crypto/keyring.py Outdated Show resolved Hide resolved

synapse/crypto/keyring.py Outdated Show resolved Hide resolved

synapse/crypto/keyring.py Show resolved Hide resolved

tests/crypto/test_keyring.py Outdated Show resolved Hide resolved

erikjohnston and others added 2 commits June 2, 2021 16:07

Apply suggestions from code review

9ab4cbf

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>

Review suggestions

6fcd8fd

erikjohnston merged commit fc3d2dc into develop Jun 2, 2021

erikjohnston deleted the erikj/refactor_keyring branch June 2, 2021 15:38

richvdh mentioned this pull request Jul 9, 2021

Why do we query for signature keys even if the local HS has the key in its DB? #6242

Closed

richvdh mentioned this pull request Nov 26, 2021

Fix perspectives requests for multiple keys for the same server #11440

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Rewrite the KeyRing #10035

Rewrite the KeyRing #10035

erikjohnston commented May 21, 2021 •

edited

Loading

richvdh left a comment

richvdh May 26, 2021

richvdh May 26, 2021

erikjohnston May 26, 2021

erikjohnston May 26, 2021

richvdh May 27, 2021

erikjohnston May 28, 2021

richvdh left a comment

	async def process_request(self, verify_request: VerifyJsonRequest) -> None:
	"""Processes the `VerifyJsonRequest`. Raises if the object is not signed
	by the server, the signatures don't match or we failed to fetch the
	necessary keys.
	"""

	if not verify_request.key_ids:
	raise SynapseError(
	400,
	f"Not signed by {verify_request.server_name}",
	Codes.UNAUTHORIZED,
	)

	# Add they keys we need to verify to the queue for retrieval. We queue
	# up requests for the same server so we don't end up with many in flight
	# requests for the same keys.
	found_keys_by_server = await self._server_queue.add_to_queue(
	verify_request.to_fetch_key_request(), key=verify_request.server_name
	)

	# Since we batch up requests the returned set of keys may contain keys
	# from other servers, so we pull out only the ones we care about.s
	found_keys = found_keys_by_server.get(verify_request.server_name, {})

	# For each signature to check we ensure we have fetched the necessary
	# keys and the signature matches.
	for key_id in verify_request.key_ids:
	key_result = found_keys.get(key_id)
	if not key_result:
	raise SynapseError(
	401,
	f"Missing keys for {verify_request.server_name}: {key_id}",
	Codes.UNAUTHORIZED,
	)

	if key_result.valid_until_ts < verify_request.minimum_valid_until_ts:
	raise SynapseError(
	401,
	f"Failed to find key with recent enough `valid_until_ts` for {verify_request.server_name}: {key_id}",
	Codes.UNAUTHORIZED,
	)

	verify_key = key_result.verify_key
	try:
	json_object = verify_request.get_json_object()
	verify_signed_json(
	json_object,
	verify_request.server_name,
	verify_key,
	)
	except SignatureVerifyException as e:
	logger.debug(
	"Error verifying signature for %s:%s:%s with key %s: %s",
	verify_request.server_name,
	verify_key.alg,
	verify_key.version,
	encode_verify_key_base64(verify_key),
	str(e),
	)
	raise SynapseError(
	401,
	"Invalid signature for server %s with key %s:%s: %s"
	% (
	verify_request.server_name,
	verify_key.alg,
	verify_key.version,
	str(e),
	),
	Codes.UNAUTHORIZED,
	)

	async def _inner_fetch_key_requests(
	self, requests: List[_FetchKeyRequest]
	) -> Dict[str, Dict[str, FetchKeyResult]]:
	"""Processing function for the queue of `_FetchKeyRequest`."""

	logger.debug("Starting fetch for %s", requests)

	# First we need to deduplicate requests for the same key. We do this by
	# taking the maximum requested `minimum_valid_until_ts` for each pair
	# of server name/key ID.
	server_to_key_to_ts = {} # type: Dict[str, Dict[str, int]]
	for request in requests:
	by_server = server_to_key_to_ts.setdefault(request.server_name, {})
	for key_id in request.key_ids:
	existing_ts = by_server.get(key_id)

	if existing_ts:
	by_server[key_id] = max(request.minimum_valid_until_ts, existing_ts)
	else:
	by_server[key_id] = request.minimum_valid_until_ts

	deduped_requests = [
	_FetchKeyRequest(server_name, minimum_valid_ts, [key_id])
	for server_name, by_server in server_to_key_to_ts.items()
	for key_id, minimum_valid_ts in by_server.items()
	]

	logger.debug("Deduplicated key requests to %s", deduped_requests)

	# For each key we call `_inner_verify_request` which will handle
	# fetching each key. Note these shouldn't throw if we fail to contact
	# other servers etc.
	results_per_request = await yieldable_gather_results(
	self._inner_fetch_key_request,
	deduped_requests,
	)

	# We now convert the returned list of results into a map from server
	# name to key ID to FetchKeyResult, to return.
	to_return = {} # type: Dict[str, Dict[str, FetchKeyResult]]
	for (request, results) in zip(deduped_requests, results_per_request):
	to_return_by_server = to_return.setdefault(request.server_name, {})
	for key_id, key_result in results.items():
	existing = to_return_by_server.get(key_id)
	if not existing or existing.valid_until_ts < key_result.valid_until_ts:
	to_return_by_server[key_id] = key_result

	return to_return

	async def _inner_fetch_key_request(
	self, verify_request: _FetchKeyRequest
	) -> Dict[str, FetchKeyResult]:
	"""Attempt to fetch the given key by calling each key fetcher one by
	one.
	"""
	logger.debug("Starting fetch for %s", verify_request)

	found_keys: Dict[str, FetchKeyResult] = {}
	missing_key_ids = set(verify_request.key_ids)

	for fetcher in self._key_fetchers:
	if not missing_key_ids:
	break

	logger.debug("Getting keys from %s for %s", fetcher, verify_request)
	keys = await fetcher.get_keys(
	verify_request.server_name,
	list(missing_key_ids),
	verify_request.minimum_valid_until_ts,
	)

	for key_id, key in keys.items():
	if not key:
	continue

	# If we already have a result for the given key ID we keep the
	# one with the highest `valid_until_ts`.
	existing_key = found_keys.get(key_id)
	if existing_key:
	if key.valid_until_ts <= existing_key.valid_until_ts:
	continue

	# We always store the returned key even if it doesn't the
	# `minimum_valid_until_ts` requirement, as some verification
	# requests may still be able to be satisfied by it.
	#
	# We still keep looking for the key from other fetchers in that
	# case though.
	found_keys[key_id] = key

	if key.valid_until_ts < verify_request.minimum_valid_until_ts:
	continue

	missing_key_ids.discard(key_id)

	return found_keys

Rewrite the KeyRing #10035

Rewrite the KeyRing #10035

Conversation

erikjohnston commented May 21, 2021 • edited Loading

richvdh left a comment

Choose a reason for hiding this comment

richvdh May 26, 2021

Choose a reason for hiding this comment

richvdh May 26, 2021

Choose a reason for hiding this comment

erikjohnston May 26, 2021

Choose a reason for hiding this comment

erikjohnston May 26, 2021

Choose a reason for hiding this comment

richvdh May 27, 2021

Choose a reason for hiding this comment

erikjohnston May 28, 2021

Choose a reason for hiding this comment

richvdh left a comment

Choose a reason for hiding this comment

erikjohnston commented May 21, 2021 •

edited

Loading