Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

add device signatures to device key query results #6844

Merged
merged 2 commits into from
Feb 4, 2020

Conversation

uhoreg
Copy link
Member

@uhoreg uhoreg commented Feb 4, 2020

fixes #6830

@uhoreg uhoreg force-pushed the uhoreg/cross_signing_fix_device_fed branch from b98200c to 245ee14 Compare February 4, 2020 05:21
@uhoreg uhoreg requested a review from a team February 4, 2020 05:42
@turt2live
Copy link
Member

I've tested this on my personal HS with @jryans (on matrix.org) as a victim. It appears to not work automatically, but when I rename a device it makes that device go green for him. To make myself completely green I had to rename all devices.

Is it possible to spawn a rate limited background update for those with cross signing to update device lists?

@erikjohnston
Copy link
Member

@uhoreg could you walk through what the problem was and how this solves it? It'd be good to be able to write a sytest for this (which I'm happy to help with/do)

@uhoreg
Copy link
Member Author

uhoreg commented Feb 4, 2020

It appears to not work automatically, but when I rename a device it makes that device go green for him. To make myself completely green I had to rename all devices.

Yes, this PR unfortunately doesn't fix the issue for devices that have already been signed. It only fixes things for new or newly-signed devices (or renamed). I haven't really thought much about how to fix old devices.

@uhoreg could you walk through what the problem was and how this solves it? It'd be good to be able to write a sytest for this (which I'm happy to help with/do)

The issue is that cross-signing signatures were stored in a different table, and were supposed to be added when the device keys were fetched. But this part was forgotten in two places (which were called when you asked for keys over federation, and when you sent notifications to federated servers).

An alternate way to fix this would be to move the de-JSON-ing and signature adding into the _get_e2e_device_keys_txn function, so that we don't need to have that replicated in three different places.

Sytest is at matrix-org/sytest#795 Sorry I forgot to mention that earlier.

@erikjohnston
Copy link
Member

This should have been merged to the release branch. I'm going to cherry pick it there now.

erikjohnston pushed a commit that referenced this pull request Feb 5, 2020
…ice_fed

add device signatures to device key query results
erikjohnston added a commit that referenced this pull request Feb 6, 2020
Synapse 1.10.0rc2 (2020-02-06)
==============================

Bugfixes
--------

- Fix an issue with cross-signing where device signatures were not sent to remote servers. ([\#6844](#6844))
- Fix to the unknown remote device detection which was introduced in 1.10.rc1. ([\#6848](#6848))

Internal Changes
----------------

- Detect unexpected sender keys on remote encrypted events and resync device lists. ([\#6850](#6850))
babolivier added a commit that referenced this pull request Feb 12, 2020
Synapse 1.10.0 (2020-02-12)
===========================

**WARNING to client developers**: As of this release Synapse validates `client_secret` parameters in the Client-Server API as per the spec. See [\#6766](#6766) for details.

Updates to the Docker image
---------------------------

- Update the docker images to Alpine Linux 3.11. ([\#6897](#6897))

Synapse 1.10.0rc5 (2020-02-11)
==============================

Bugfixes
--------

- Fix the filtering introduced in 1.10.0rc3 to also apply to the state blocks returned by `/sync`. ([\#6884](#6884))

Synapse 1.10.0rc4 (2020-02-11)
==============================

This release candidate was built incorrectly and is superceded by 1.10.0rc5.

Synapse 1.10.0rc3 (2020-02-10)
==============================

Features
--------

- Filter out `m.room.aliases` from the CS API to mitigate abuse while a better solution is specced. ([\#6878](#6878))

Internal Changes
----------------

- Fix continuous integration failures with old versions of `pip`, which were introduced by a release of the `zipp` library. ([\#6880](#6880))

Synapse 1.10.0rc2 (2020-02-06)
==============================

Bugfixes
--------

- Fix an issue with cross-signing where device signatures were not sent to remote servers. ([\#6844](#6844))
- Fix to the unknown remote device detection which was introduced in 1.10.rc1. ([\#6848](#6848))

Internal Changes
----------------

- Detect unexpected sender keys on remote encrypted events and resync device lists. ([\#6850](#6850))

Synapse 1.10.0rc1 (2020-01-31)
==============================

Features
--------

- Add experimental support for updated authorization rules for aliases events, from [MSC2260](matrix-org/matrix-spec-proposals#2260). ([\#6787](#6787), [\#6790](#6790), [\#6794](#6794))

Bugfixes
--------

- Warn if postgres database has a non-C locale, as that can cause issues when upgrading locales (e.g. due to upgrading OS). ([\#6734](#6734))
- Minor fixes to `PUT /_synapse/admin/v2/users` admin api. ([\#6761](#6761))
- Validate `client_secret` parameter using the regex provided by the Client-Server API, temporarily allowing `:` characters for older clients. The `:` character will be removed in a future release. ([\#6767](#6767))
- Fix persisting redaction events that have been redacted (or otherwise don't have a redacts key). ([\#6771](#6771))
- Fix outbound federation request metrics. ([\#6795](#6795))
- Fix bug where querying a remote user's device keys that weren't cached resulted in only returning a single device. ([\#6796](#6796))
- Fix race in federation sender worker that delayed sending of device updates. ([\#6799](#6799), [\#6800](#6800))
- Fix bug where Synapse didn't invalidate cache of remote users' devices when Synapse left a room. ([\#6801](#6801))
- Fix waking up other workers when remote server is detected to have come back online. ([\#6811](#6811))

Improved Documentation
----------------------

- Clarify documentation related to `user_dir` and `federation_reader` workers. ([\#6775](#6775))

Internal Changes
----------------

- Record room versions in the `rooms` table. ([\#6729](#6729), [\#6788](#6788), [\#6810](#6810))
- Propagate cache invalidates from workers to other workers. ([\#6748](#6748))
- Remove some unnecessary admin handler abstraction methods. ([\#6751](#6751))
- Add some debugging for media storage providers. ([\#6757](#6757))
- Detect unknown remote devices and mark cache as stale. ([\#6776](#6776), [\#6819](#6819))
- Attempt to resync remote users' devices when detected as stale. ([\#6786](#6786))
- Delete current state from the database when server leaves a room. ([\#6792](#6792))
- When a client asks for a remote user's device keys check if the local cache for that user has been marked as potentially stale. ([\#6797](#6797))
- Add background update to clean out left rooms from current state. ([\#6802](#6802), [\#6816](#6816))
- Refactoring work in preparation for changing the event redaction algorithm. ([\#6803](#6803), [\#6805](#6805), [\#6806](#6806), [\#6807](#6807), [\#6820](#6820))
@dhopfm
Copy link

dhopfm commented Feb 12, 2020

A heads-up to those coming here looking for ways to rename devices to fix cross-signing: I found this the fastest through the web app in the User Settings modal under "Security & Privacy": all device names can be double-clicked and edited. Just make sure to hit Enter after each change in order to apply it; simply leaving the field didn't have any effect.

babolivier pushed a commit that referenced this pull request Sep 1, 2021
…ice_fed

* commit '74bf3fdbb':
  add changelog
  add device signatures to device key query results
babolivier pushed a commit that referenced this pull request Sep 1, 2021
…ice_fed

* commit '60d067242':
  Merge pull request #6844 from matrix-org/uhoreg/cross_signing_fix_device_fed
@DMRobertson DMRobertson deleted the uhoreg/cross_signing_fix_device_fed branch June 28, 2022 11:19
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants