Add encrypted http pusher (MSC3013)

[Sorunome]

Pull Request Checklist

Server-side implementation of MSC3013 Encrypted Push matrix-org/matrix-spec-proposals#3013

• Pull request is based on the develop branch
• Pull request includes a changelog file. The entry should:
  • Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from EventStore to EventWorkerStore.".
  • Use markdown where necessary, mostly for code blocks.
  • End with either a period (.) or an exclamation mark (!).
  • Start with a capital letter.
• Pull request includes a sign off
• Code style is correct
  (run the linters)

Signed-Off-By: Sorunome [email protected]

[DMRobertson]

A few thoughts.

I'm not a cryptography expert, but AFAICS this implements the process described in the MSC. I don't suppose you've had a chance to test it in action?

[DMRobertson]

Where possible, please try to avoid a force push. It makes it harder to see what's changed between review rounds!

I think the case of a missing public_key needs handling, and the mypy config change to get rid of the type-ignore in the code would be nice to have (but not crucial).

Otherwise LGTM. Would appreciate another pair of eyes from @matrix-org/synapse-core though---sticking it into the review queue.

[Sorunome]

I don't suppose you've had a chance to test it in action?

oh, totally missed this, yes this is tested in action

[reivilibre]

Looks sensible, will wait for the discussed changes about which library to use for the Curve25519 exchange.

Thanks!

[callahad]

matrix-org/olm#53 may be relevant to the discussion about curve25519; we may have boxed ourselves into a corner. This is being looked at now.

[Sorunome]

this is completely irrelevant to us. zhat issue is about how libolm stores and restores its ed25519 keys, and we never use libolm so it doesn't matter. we just take a public key and using it encrypt stuffs. 13. 12. 2021 16:21:25 Dan Callahan ***@***.***>:

…

matrix-org/olm#53[matrix-org/olm#53] may be relevant to the discussion about curve25519; we may have boxed ourselves into a corner. This is being looked at now. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub[#11512 (comment)], or unsubscribe[https://github.com/notifications/unsubscribe-auth/AASSEVAGXGHH3CV3AJU2ZWTUQYFOZANCNFSM5JOR23SA]. Triage notifications on the go with GitHub Mobile for iOS[https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675] or Android[https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub]. [data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEgAAABICAYAAABV7bNHAAAAAXNSR0IArs4c6QAAAARzQklUCAgICHwIZIgAAAArSURBVHic7cEBDQAAAMKg909tDjegAAAAAAAAAAAAAAAAAAAAAAAAAAA+DFFIAAEctgHwAAAAAElFTkSuQmCC###24x24:true###][Sledovací obrázek][https://github.com/notifications/beacon/AASSEVHQNGXQWRFORAPWPYDUQYFOZA5CNFSM5JOR23SKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOHMU2RBY.gif]

[DMRobertson]

Glad to see the dependency stuff was sorted out.

I don't think we want to merge it as-is unless:

• the MSC is accepted, or
• these changes were guarded by an experimental config flag

because this change presently enables an unstandardised feature for all Synapse deployments.

changes made

[Sorunome]

Because of stuff that came up around encrypted push and iOS needing some slight adjustments soru marked this PR as WIP again, the main part of the PR will still the same, though. Will un-mark as WIP (should soru ping someone, then?) once those are resolved.

EDIT: Oh, github doesn't allow re-marking a PR as WIP

[richvdh]

EDIT: Oh, github doesn't allow re-marking a PR as WIP

yes it does! have done so.

(should soru ping someone, then?)

no need, it should automatically come up on our review queue.

[Sorunome]

This PR is ready for review again. There are merge conflicts in this PR by now, should soru merge in master or rebase onto master?

[reivilibre]

This PR is ready for review again. There are merge conflicts in this PR by now, should soru merge in master or rebase onto master?

:) After there's already been discussion/review, prefer merge rather than rebase so that the conversations stay in place in the history of the PR.

[DMRobertson]

And note: please merge in develop, rather than master.

[DMRobertson]

Could use

Suggested change

	devices = cleartext_notif["devices"]
	del cleartext_notif["devices"]
	devices = cleartext_notif.pop("devices")

As in https://docs.python.org/3/library/stdtypes.html?highlight=dict%20pop#dict.pop

[DMRobertson]

Can we have a more descriptive name than d here? encrypted_notification or payload_with_encryption?

[DMRobertson]

I'm not sure this logic belongs in a function called _encrypt_notification_dict---this isn't doing any encryption. I take the point that this is needed to make iOS E2EE work, but doesn't this setting make sense even if we don't want to use encryption?

Put differently: why is this tied to the use of curve25519-aes-sha2 specifically?

[Sorunome]

See the MSC https://github.com/Sorunome/matrix-doc/blob/soru/encrypted-push/proposals/3013-encrypted-push.md#ios

Why curve25519-aes-sha2 specifically? Because only plain and curve25519-aes-sha2 exist in this PR, and it is not in plain

[Sorunome]

so maybe call the method _process_notification_dict_for_sending instead?

[DMRobertson]

This look suspiciously like a test which re-implements the function under test. What's going on here?

[Sorunome]

we are testing if the encrypted push frame we created is decryptable. Soru was pondering between this and just testing if the mac/cipher/ephemeral we created are strings, however this seemed to at least have a bit more integrity. Due to the nature of the push frame being encrypted, we can't test its contents without decrypting them again

[Sorunome]

We aren't 100% re-implementing it, this is a decrypt implementation while in synapse is an encrypt implementation. But yeah, soru couldn't figure out a better way to test this, sadly :/

[DMRobertson]

Suggested change

	is none.
	is none.
	is 'none'.

To avoid confusion with the Python object None.

[DMRobertson]

Type annotations here, please.

That said, I'm not so keen on a method called _test_... which might not actually enforce any assertions, i.e. if perform_checks is falsey. What is the intention here? My first thought was that it was an optimisation to not run repeated checks that don't test anything new. But I think you're specifically opting out of the the checks which interrogate the unread count---because they need to be handled differently under the proposed scheme.

I think it would make more sense to create a new helper function

• which does setup only, making no assertions
• only does the minimum required to generate a counts-only and normal push notification (the present test helper seems to make many normal notifications?)

[reivilibre]

Hi, are you still interested in working on this?

[Sorunome]

In general yes, but sorus health does not allow working lately :/ 5. 8. 2022 11:44:55 reivilibre ***@***.***>:

…

Hi, are you still interested in working on this? — Reply to this email directly, view it on GitHub[#11512 (comment)], or unsubscribe[https://github.com/notifications/unsubscribe-auth/AASSEVBUG6R3AVVQLZLVWJDVXTPBLANCNFSM5JOR23SA]. You are receiving this because you authored the thread.[Sledovací obrázek][https://github.com/notifications/beacon/AASSEVFUGVRTRE5KRTVLNMLVXTPBLA5CNFSM5JOR23SKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOI7TAWII.gif]