Track when the pulled event signature fails (#13815)

Because we're doing the recording in `_check_sigs_and_hash_for_pulled_events_and_fetch` (previously named `_check_sigs_and_hash_and_fetch`), this means we will track signature failures for `backfill`, `get_room_state`, `get_event_auth`, and `get_missing_events` (all pulled event scenarios). And we also record signature failures from `get_pdu`. Part of https://github.com/matrix-org/synapse/issues/13700 Part of https://github.com/matrix-org/synapse/issues/13676 and https://github.com/matrix-org/synapse/issues/13356 This PR will be especially important for https://github.com/matrix-org/synapse/pull/13816 so we can avoid the costly `_get_state_ids_after_missing_prev_event` down the line when `/messages` calls backfill.
2025-08-06 03:54:11 -04:00 · 2022-10-03 14:53:29 -05:00 · 2022-10-03 14:53:29 -05:00 · 70a4317692
commit 70a4317692
parent 92ae90aca2
5 changed files with 140 additions and 15 deletions
--- a/synapse/federation/federation_base.py
+++ b/synapse/federation/federation_base.py
@ -13,7 +13,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 import logging
-from typing import TYPE_CHECKING
+from typing import TYPE_CHECKING, Awaitable, Callable, Optional

 from synapse.api.constants import MAX_DEPTH, EventContentFields, EventTypes, Membership
 from synapse.api.errors import Codes, SynapseError
@ -58,7 +58,12 @@ class FederationBase:

    @trace
    async def _check_sigs_and_hash(
-        self, room_version: RoomVersion, pdu: EventBase
+        self,
+        room_version: RoomVersion,
+        pdu: EventBase,
+        record_failure_callback: Optional[
+            Callable[[EventBase, str], Awaitable[None]]
+        ] = None,
    ) -> EventBase:
        """Checks that event is correctly signed by the sending server.

@ -70,6 +75,11 @@ class FederationBase:
        Args:
            room_version: The room version of the PDU
            pdu: the event to be checked
+            record_failure_callback: A callback to run whenever the given event
+                fails signature or hash checks. This includes exceptions
+                that would be normally be thrown/raised but also things like
+                checking for event tampering where we just return the redacted
+                event.

        Returns:
              * the original event if the checks pass
@ -80,7 +90,12 @@ class FederationBase:
          InvalidEventSignatureError if the signature check failed. Nothing
             will be logged in this case.
        """
-        await _check_sigs_on_pdu(self.keyring, room_version, pdu)
+        try:
+            await _check_sigs_on_pdu(self.keyring, room_version, pdu)
+        except InvalidEventSignatureError as exc:
+            if record_failure_callback:
+                await record_failure_callback(pdu, str(exc))
+            raise exc

        if not check_event_content_hash(pdu):
            # let's try to distinguish between failures because the event was
@ -116,6 +131,10 @@ class FederationBase:
                        "event_id": pdu.event_id,
                    }
                )
+                if record_failure_callback:
+                    await record_failure_callback(
+                        pdu, "Event content has been tampered with"
+                    )
            return redacted_event

        spam_check = await self.spam_checker.check_event_for_spam(pdu)