Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add test for device key signatures over federation #795

Merged
merged 2 commits into from
Feb 5, 2020
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
106 changes: 106 additions & 0 deletions tests/41end-to-end-keys/08-cross-signing.pl
Original file line number Diff line number Diff line change
Expand Up @@ -580,6 +580,112 @@
});
};

test "uploading signed devices gets propagated over federation",
requires => [ local_user_fixture(), remote_user_fixture() ],

do => sub {
my ( $user1, $user2 ) = @_;

my $user1_id = $user1->user_id;
my $user1_device = $user1->device_id;
my $user2_id = $user2->user_id;
my $user2_device = $user2->device_id;

my $room_id;

my ( $master_pubkey, $master_secret_key ) = $crypto_sign->keypair( decode_base64( "2lonYOM6xYKdEsO+6KrC766xBcHnYnim1x/4LFGF8B0" ) );
my ( $self_signing_pubkey, $self_signing_secret_key ) = $crypto_sign->keypair( decode_base64( "HvQBbU+hc2Zr+JP1sE0XwBe1pfZZEYtJNPJLZJtS+F8" ) );
my $self_signing_key = {
# private key: HvQBbU+hc2Zr+JP1sE0XwBe1pfZZEYtJNPJLZJtS+F8
"user_id" => $user2_id,
"usage" => ["self_signing"],
"keys" => {
"ed25519:EmkqvokUn8p+vQAGZitOk4PWjp7Ukp3txV2TbMPEiBQ"
=> "EmkqvokUn8p+vQAGZitOk4PWjp7Ukp3txV2TbMPEiBQ",
},
};
sign_json(
$self_signing_key,
secret_key => $master_secret_key,
origin => $user2_id,
key_id => "ed25519:nqOvzeuGWT/sRx3h7+MHoInYj3Uk2LD/unI9kDYcHwk",
);

my $device = {
"user_id" => $user2_id,
"device_id" => $user2_device,
"algorithms" => ["m.olm.curve25519-aes-sha256", "m.megolm.v1.aes-sha"],
"keys" => {
"curve25519:$user2_device" => "curve25519+key",
"ed25519:$user2_device" => "ed25519+key",
}
};
my $cross_signature;

matrix_put_e2e_keys( $user2, device_keys => $device)->then( sub {
matrix_set_cross_signing_key( $user2, {
"auth" => {
"type" => "m.login.password",
"user" => $user2_id,
"password" => $user2->password,
},
"master_key" => {
# private key: 2lonYOM6xYKdEsO+6KrC766xBcHnYnim1x/4LFGF8B0
"user_id" => $user2_id,
"usage" => ["master"],
"keys" => {
"ed25519:nqOvzeuGWT/sRx3h7+MHoInYj3Uk2LD/unI9kDYcHwk"
=> "nqOvzeuGWT/sRx3h7+MHoInYj3Uk2LD/unI9kDYcHwk",
},
},
"self_signing_key" => $self_signing_key,
});
})->then( sub {
matrix_create_room( $user1 );
})->then( sub {
( $room_id ) = @_;
matrix_sync( $user1 );
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need to sync here?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't know. Probably not. I think I just cargo-culted it from somewhere else. I'll try without and if it still works, I'll drop it.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems to be necessary, for some strange reason. If I leave it off, then synapse will return a 500 at some later sync. 😨 The backtrace is:

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/venv/lib/python3.5/site-packages/synapse/http/server.py", line 78, in wrapped_request_handler
    await h(self, request)
  File "/venv/lib/python3.5/site-packages/synapse/http/server.py", line 331, in _async_render
    callback_return = await callback_return
  File "/venv/lib/python3.5/site-packages/synapse/rest/client/v2_alpha/sync.py", line 178, in on_GET
    full_state=full_state,
  File "/venv/lib/python3.5/site-packages/synapse/handlers/sync.py", line 286, in wait_for_sync_for_user
    full_state,
  File "/venv/lib/python3.5/site-packages/twisted/internet/defer.py", line 1418, in _inlineCallbacks
    result = g.send(result)
  File "/venv/lib/python3.5/site-packages/synapse/handlers/sync.py", line 323, in _wait_for_sync_for_user
    from_token=since_token,
  File "/venv/lib/python3.5/site-packages/synapse/notifier.py", line 352, in wait_for_events
    listener = user_stream.new_listener(prev_token)
  File "/venv/lib/python3.5/site-packages/synapse/notifier.py", line 137, in new_listener
    if self.last_notified_token.is_after(token):
  File "/venv/lib/python3.5/site-packages/synapse/types.py", line 376, in is_after
    (other.room_stream_id < self.room_stream_id)
  File "/venv/lib/python3.5/site-packages/synapse/types.py", line 371, in room_stream_id
    return int(self.room_key[1:].split("-")[-1])
ValueError: invalid literal for int() with base 10: ''

which looks like fun.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, looks like sync_until_user_in_device_list uses matrix_sync_again, which sets an empty since token

})->then( sub {
matrix_invite_user_to_room( $user1, $user2, $room_id )
})->then( sub {
sync_until_user_in_device_list( $user1, $user2 );
})->then( sub {
matrix_join_room( $user2, $room_id );
})->then( sub {
sync_until_user_in_device_list( $user1, $user2 );
})->then( sub {
sign_json(
$device, secret_key => $self_signing_secret_key,
origin => $user2_id, key_id => "ed25519:EmkqvokUn8p+vQAGZitOk4PWjp7Ukp3txV2TbMPEiBQ"
);
log_if_fail "sent signature", $device;
$cross_signature = $device->{signatures}->{$user2_id}->{"ed25519:EmkqvokUn8p+vQAGZitOk4PWjp7Ukp3txV2TbMPEiBQ"};
matrix_upload_signatures( $user2, {
$user2_id => {
$user2_device => $device
}
} );
})->then( sub {
sync_until_user_in_device_list( $user1, $user2 );
})->then( sub {
matrix_get_e2e_keys( $user1, $user2_id );
})->then( sub {
my ( $content ) = @_;

log_if_fail "key query content", $content;

assert_json_keys( $content->{device_keys}->{$user2_id}->{$user2_device}, "signatures" );

assert_deeply_eq( $content->{device_keys}->{$user2_id}->{$user2_device}->{signatures}, {
$user2_id => {
"ed25519:EmkqvokUn8p+vQAGZitOk4PWjp7Ukp3txV2TbMPEiBQ" => $cross_signature
},
} );

Future->done(1);
});
};

=head2 matrix_set_cross_signing_key

matrix_set_cross_signing_key( $user, $keys )
Expand Down