Matrix-Mirrors/anonymousland-synapse
1
0
Fork 0
mirror of https://git.anonymousland.org/anonymousland/synapse.git synced 2025-12-15 15:08:48 -05:00
Code Issues Projects Releases Packages Wiki Activity

Convert E2E key and room key handlers to async/await. (#7851)

Browse source
This commit is contained in:
Patrick Cloke 2020-07-15 08:48:58 -04:00 committed by GitHub
parent 111e70d75c
commit b11450dedc
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 522 additions and 362 deletions
Download patch file Download diff file Expand all files Collapse all files

288
tests/handlers/test_e2e_keys.py
View file

@ -46,7 +46,9 @@ class E2eKeysHandlerTestCase(unittest.TestCase):
"""If the user has no devices, we expect an empty list.
"""
local_user = "@boris:" + self.hs.hostname
res = yield self.handler.query_local_devices({local_user: None})
res = yield defer.ensureDeferred(
self.handler.query_local_devices({local_user: None})
)
self.assertDictEqual(res, {local_user: {}})
@defer.inlineCallbacks
@ -60,15 +62,19 @@ class E2eKeysHandlerTestCase(unittest.TestCase):
"alg2:k3": {"key": "key3"},
}
res = yield self.handler.upload_keys_for_user(
local_user, device_id, {"one_time_keys": keys}
res = yield defer.ensureDeferred(
self.handler.upload_keys_for_user(
local_user, device_id, {"one_time_keys": keys}
)
)
self.assertDictEqual(res, {"one_time_key_counts": {"alg1": 1, "alg2": 2}})
# we should be able to change the signature without a problem
keys["alg2:k2"]["signatures"]["k1"] = "sig2"
res = yield self.handler.upload_keys_for_user(
local_user, device_id, {"one_time_keys": keys}
res = yield defer.ensureDeferred(
self.handler.upload_keys_for_user(
local_user, device_id, {"one_time_keys": keys}
)
)
self.assertDictEqual(res, {"one_time_key_counts": {"alg1": 1, "alg2": 2}})
@ -84,44 +90,56 @@ class E2eKeysHandlerTestCase(unittest.TestCase):
"alg2:k3": {"key": "key3"},
}
res = yield self.handler.upload_keys_for_user(
local_user, device_id, {"one_time_keys": keys}
res = yield defer.ensureDeferred(
self.handler.upload_keys_for_user(
local_user, device_id, {"one_time_keys": keys}
)
)
self.assertDictEqual(res, {"one_time_key_counts": {"alg1": 1, "alg2": 2}})
try:
yield self.handler.upload_keys_for_user(
local_user, device_id, {"one_time_keys": {"alg1:k1": "key2"}}
yield defer.ensureDeferred(
self.handler.upload_keys_for_user(
local_user, device_id, {"one_time_keys": {"alg1:k1": "key2"}}
)
)
self.fail("No error when changing string key")
except errors.SynapseError:
pass
try:
yield self.handler.upload_keys_for_user(
local_user, device_id, {"one_time_keys": {"alg2:k3": "key2"}}
yield defer.ensureDeferred(
self.handler.upload_keys_for_user(
local_user, device_id, {"one_time_keys": {"alg2:k3": "key2"}}
)
)
self.fail("No error when replacing dict key with string")
except errors.SynapseError:
pass
try:
yield self.handler.upload_keys_for_user(
local_user, device_id, {"one_time_keys": {"alg1:k1": {"key": "key"}}}
yield defer.ensureDeferred(
self.handler.upload_keys_for_user(
local_user,
device_id,
{"one_time_keys": {"alg1:k1": {"key": "key"}}},
)
)
self.fail("No error when replacing string key with dict")
except errors.SynapseError:
pass
try:
yield self.handler.upload_keys_for_user(
local_user,
device_id,
{
"one_time_keys": {
"alg2:k2": {"key": "key3", "signatures": {"k1": "sig1"}}
}
},
yield defer.ensureDeferred(
self.handler.upload_keys_for_user(
local_user,
device_id,
{
"one_time_keys": {
"alg2:k2": {"key": "key3", "signatures": {"k1": "sig1"}}
}
},
)
)
self.fail("No error when replacing dict key")
except errors.SynapseError:
@ -133,13 +151,17 @@ class E2eKeysHandlerTestCase(unittest.TestCase):
device_id = "xyz"
keys = {"alg1:k1": "key1"}
res = yield self.handler.upload_keys_for_user(
local_user, device_id, {"one_time_keys": keys}
res = yield defer.ensureDeferred(
self.handler.upload_keys_for_user(
local_user, device_id, {"one_time_keys": keys}
)
)
self.assertDictEqual(res, {"one_time_key_counts": {"alg1": 1}})
res2 = yield self.handler.claim_one_time_keys(
{"one_time_keys": {local_user: {device_id: "alg1"}}}, timeout=None
res2 = yield defer.ensureDeferred(
self.handler.claim_one_time_keys(
{"one_time_keys": {local_user: {device_id: "alg1"}}}, timeout=None
)
)
self.assertEqual(
res2,
@ -163,7 +185,9 @@ class E2eKeysHandlerTestCase(unittest.TestCase):
},
}
}
yield self.handler.upload_signing_keys_for_user(local_user, keys1)
yield defer.ensureDeferred(
self.handler.upload_signing_keys_for_user(local_user, keys1)
)
keys2 = {
"master_key": {
@ -175,10 +199,12 @@ class E2eKeysHandlerTestCase(unittest.TestCase):
},
}
}
yield self.handler.upload_signing_keys_for_user(local_user, keys2)
yield defer.ensureDeferred(
self.handler.upload_signing_keys_for_user(local_user, keys2)
)
devices = yield self.handler.query_devices(
{"device_keys": {local_user: []}}, 0, local_user
devices = yield defer.ensureDeferred(
self.handler.query_devices({"device_keys": {local_user: []}}, 0, local_user)
)
self.assertDictEqual(devices["master_keys"], {local_user: keys2["master_key"]})
@ -215,7 +241,9 @@ class E2eKeysHandlerTestCase(unittest.TestCase):
"nqOvzeuGWT/sRx3h7+MHoInYj3Uk2LD/unI9kDYcHwk",
"2lonYOM6xYKdEsO+6KrC766xBcHnYnim1x/4LFGF8B0",
)
yield self.handler.upload_signing_keys_for_user(local_user, keys1)
yield defer.ensureDeferred(
self.handler.upload_signing_keys_for_user(local_user, keys1)
)
# upload two device keys, which will be signed later by the self-signing key
device_key_1 = {
@ -245,18 +273,24 @@ class E2eKeysHandlerTestCase(unittest.TestCase):
"signatures": {local_user: {"ed25519:def": "base64+signature"}},
}
yield self.handler.upload_keys_for_user(
local_user, "abc", {"device_keys": device_key_1}
yield defer.ensureDeferred(
self.handler.upload_keys_for_user(
local_user, "abc", {"device_keys": device_key_1}
)
)
yield self.handler.upload_keys_for_user(
local_user, "def", {"device_keys": device_key_2}
yield defer.ensureDeferred(
self.handler.upload_keys_for_user(
local_user, "def", {"device_keys": device_key_2}
)
)
# sign the first device key and upload it
del device_key_1["signatures"]
sign.sign_json(device_key_1, local_user, signing_key)
yield self.handler.upload_signatures_for_device_keys(
local_user, {local_user: {"abc": device_key_1}}
yield defer.ensureDeferred(
self.handler.upload_signatures_for_device_keys(
local_user, {local_user: {"abc": device_key_1}}
)
)
# sign the second device key and upload both device keys. The server
@ -264,14 +298,16 @@ class E2eKeysHandlerTestCase(unittest.TestCase):
# signature for it
del device_key_2["signatures"]
sign.sign_json(device_key_2, local_user, signing_key)
yield self.handler.upload_signatures_for_device_keys(
local_user, {local_user: {"abc": device_key_1, "def": device_key_2}}
yield defer.ensureDeferred(
self.handler.upload_signatures_for_device_keys(
local_user, {local_user: {"abc": device_key_1, "def": device_key_2}}
)
)
device_key_1["signatures"][local_user]["ed25519:abc"] = "base64+signature"
device_key_2["signatures"][local_user]["ed25519:def"] = "base64+signature"
devices = yield self.handler.query_devices(
{"device_keys": {local_user: []}}, 0, local_user
devices = yield defer.ensureDeferred(
self.handler.query_devices({"device_keys": {local_user: []}}, 0, local_user)
)
del devices["device_keys"][local_user]["abc"]["unsigned"]
del devices["device_keys"][local_user]["def"]["unsigned"]
@ -292,7 +328,9 @@ class E2eKeysHandlerTestCase(unittest.TestCase):
},
}
}
yield self.handler.upload_signing_keys_for_user(local_user, keys1)
yield defer.ensureDeferred(
self.handler.upload_signing_keys_for_user(local_user, keys1)
)
res = None
try:
@ -305,7 +343,9 @@ class E2eKeysHandlerTestCase(unittest.TestCase):
res = e.code
self.assertEqual(res, 400)
res = yield self.handler.query_local_devices({local_user: None})
res = yield defer.ensureDeferred(
self.handler.query_local_devices({local_user: None})
)
self.assertDictEqual(res, {local_user: {}})
@defer.inlineCallbacks
@ -331,8 +371,10 @@ class E2eKeysHandlerTestCase(unittest.TestCase):
"ed25519", "xyz", "OMkooTr76ega06xNvXIGPbgvvxAOzmQncN8VObS7aBA"
)
yield self.handler.upload_keys_for_user(
local_user, device_id, {"device_keys": device_key}
yield defer.ensureDeferred(
self.handler.upload_keys_for_user(
local_user, device_id, {"device_keys": device_key}
)
)
# private key: 2lonYOM6xYKdEsO+6KrC766xBcHnYnim1x/4LFGF8B0
@ -372,7 +414,9 @@ class E2eKeysHandlerTestCase(unittest.TestCase):
"user_signing_key": usersigning_key,
"self_signing_key": selfsigning_key,
}
yield self.handler.upload_signing_keys_for_user(local_user, cross_signing_keys)
yield defer.ensureDeferred(
self.handler.upload_signing_keys_for_user(local_user, cross_signing_keys)
)
# set up another user with a master key. This user will be signed by
# the first user
@ -384,76 +428,90 @@ class E2eKeysHandlerTestCase(unittest.TestCase):
"usage": ["master"],
"keys": {"ed25519:" + other_master_pubkey: other_master_pubkey},
}
yield self.handler.upload_signing_keys_for_user(
other_user, {"master_key": other_master_key}
yield defer.ensureDeferred(
self.handler.upload_signing_keys_for_user(
other_user, {"master_key": other_master_key}
)
)
# test various signature failures (see below)
ret = yield self.handler.upload_signatures_for_device_keys(
local_user,
{
local_user: {
# fails because the signature is invalid
# should fail with INVALID_SIGNATURE
device_id: {
"user_id": local_user,
"device_id": device_id,
"algorithms": [
"m.olm.curve25519-aes-sha2",
RoomEncryptionAlgorithms.MEGOLM_V1_AES_SHA2,
],
"keys": {
"curve25519:xyz": "curve25519+key",
# private key: OMkooTr76ega06xNvXIGPbgvvxAOzmQncN8VObS7aBA
"ed25519:xyz": device_pubkey,
ret = yield defer.ensureDeferred(
self.handler.upload_signatures_for_device_keys(
local_user,
{
local_user: {
# fails because the signature is invalid
# should fail with INVALID_SIGNATURE
device_id: {
"user_id": local_user,
"device_id": device_id,
"algorithms": [
"m.olm.curve25519-aes-sha2",
RoomEncryptionAlgorithms.MEGOLM_V1_AES_SHA2,
],
"keys": {
"curve25519:xyz": "curve25519+key",
# private key: OMkooTr76ega06xNvXIGPbgvvxAOzmQncN8VObS7aBA
"ed25519:xyz": device_pubkey,
},
"signatures": {
local_user: {
"ed25519:" + selfsigning_pubkey: "something"
}
},
},
"signatures": {
local_user: {"ed25519:" + selfsigning_pubkey: "something"}
# fails because device is unknown
# should fail with NOT_FOUND
"unknown": {
"user_id": local_user,
"device_id": "unknown",
"signatures": {
local_user: {
"ed25519:" + selfsigning_pubkey: "something"
}
},
},
# fails because the signature is invalid
# should fail with INVALID_SIGNATURE
master_pubkey: {
"user_id": local_user,
"usage": ["master"],
"keys": {"ed25519:" + master_pubkey: master_pubkey},
"signatures": {
local_user: {"ed25519:" + device_pubkey: "something"}
},
},
},
# fails because device is unknown
# should fail with NOT_FOUND
"unknown": {
"user_id": local_user,
"device_id": "unknown",
"signatures": {
local_user: {"ed25519:" + selfsigning_pubkey: "something"}
other_user: {
# fails because the device is not the user's master-signing key
# should fail with NOT_FOUND
"unknown": {
"user_id": other_user,
"device_id": "unknown",
"signatures": {
local_user: {
"ed25519:" + usersigning_pubkey: "something"
}
},
},
},
# fails because the signature is invalid
# should fail with INVALID_SIGNATURE
master_pubkey: {
"user_id": local_user,
"usage": ["master"],
"keys": {"ed25519:" + master_pubkey: master_pubkey},
"signatures": {
local_user: {"ed25519:" + device_pubkey: "something"}
other_master_pubkey: {
# fails because the key doesn't match what the server has
# should fail with UNKNOWN
"user_id": other_user,
"usage": ["master"],
"keys": {
"ed25519:" + other_master_pubkey: other_master_pubkey
},
"something": "random",
"signatures": {
local_user: {
"ed25519:" + usersigning_pubkey: "something"
}
},
},
},
},
other_user: {
# fails because the device is not the user's master-signing key
# should fail with NOT_FOUND
"unknown": {
"user_id": other_user,
"device_id": "unknown",
"signatures": {
local_user: {"ed25519:" + usersigning_pubkey: "something"}
},
},
other_master_pubkey: {
# fails because the key doesn't match what the server has
# should fail with UNKNOWN
"user_id": other_user,
"usage": ["master"],
"keys": {"ed25519:" + other_master_pubkey: other_master_pubkey},
"something": "random",
"signatures": {
local_user: {"ed25519:" + usersigning_pubkey: "something"}
},
},
},
},
)
)
user_failures = ret["failures"][local_user]
@ -478,19 +536,23 @@ class E2eKeysHandlerTestCase(unittest.TestCase):
sign.sign_json(device_key, local_user, selfsigning_signing_key)
sign.sign_json(master_key, local_user, device_signing_key)
sign.sign_json(other_master_key, local_user, usersigning_signing_key)
ret = yield self.handler.upload_signatures_for_device_keys(
local_user,
{
local_user: {device_id: device_key, master_pubkey: master_key},
other_user: {other_master_pubkey: other_master_key},
},
ret = yield defer.ensureDeferred(
self.handler.upload_signatures_for_device_keys(
local_user,
{
local_user: {device_id: device_key, master_pubkey: master_key},
other_user: {other_master_pubkey: other_master_key},
},
)
)
self.assertEqual(ret["failures"], {})
# fetch the signed keys/devices and make sure that the signatures are there
ret = yield self.handler.query_devices(
{"device_keys": {local_user: [], other_user: []}}, 0, local_user
ret = yield defer.ensureDeferred(
self.handler.query_devices(
{"device_keys": {local_user: [], other_user: []}}, 0, local_user
)
)
self.assertEqual(