Device keys signatures aren't propagated over federation #12081

S7evinK · 2022-02-24T19:21:25Z

Description

/keys/signatures/upload doesn't seem to update the uploaded device_keys.signatures in the database or doesn't send it over federation.

Steps to reproduce

Run Sytest with the changes from Add required fields to POST /keys/upload sytest#1197

The PR adds required fields (as per Spec 1.2) to the requests to /keys/upload, a subsequent call to /keys/signatures/upload doesn't seem to update the signatures, even though they're received by Synapse just fine.

From a local Sytest run:

not ok 8 uploading signed devices gets propagated over federation
# Started: 2022-02-24 16:14:06.239
# Ended: 2022-02-24 16:14:06.605
# Got "dSO80A01XiigH3uBiDVx/EjzaoycHcjq9lfQX0uWsqxl2giMIiSPR8a4d291W1ihKJL/a+myXS367WT6NAIcBA", expected "SJsl9W/rKOXWZ/ZEr9cP3oiWK5rv0G+Sb3kQ5D+TgGEt3Jyikb7/04wzBLoDOnjdhgS8MIC4dFvP24KgFFQyAQ" at {@anon-20220224_161359-13:localhost:8839}{ed25519:EmkqvokUn8p+vQAGZitOk4PWjp7Ukp3txV2TbMPEiBQ} for  at tests/41end-to-end-keys/08-cross-signing.pl line 711.

2022-02-24 16:14:06,579 - synapse.rest.client.keys - 332 - INFO - POST-22 - uploaded signature: {'@anon-20220224_161359-13:localhost:8839': {'GZOQESIVQY': {'user_id': '@anon-20220224_161359-13:localhost:8839', 'signatures': {'@anon-20220224_161359-13:localhost:8839': {'ed25519:EmkqvokUn8p+vQAGZitOk4PWjp7Ukp3txV2TbMPEiBQ': 'SJsl9W/rKOXWZ/ZEr9cP3oiWK5rv0G+Sb3kQ5D+TgGEt3Jyikb7/04wzBLoDOnjdhgS8MIC4dFvP24KgFFQyAQ'}}, 'device_id': 'GZOQESIVQY', 'keys': {'ed25519:GZOQESIVQY': 'MKkClRdltZlOHyCzxiDrm7MsDAsohXmAyeu2cYO6how', 'curve25519:GZOQESIVQY': 'IQ/Hu4GGOaxIpMavovFYGouVJeIP2miSfysv+Db3NXg'}, 'algorithms': ['m.olm.curve25519-aes-sha256', 'm.megolm.v1.aes-sha']}}}
2022-02-24 16:14:06,584 - synapse.access.https.8839 - 448 - INFO - POST-22 - 127.0.0.1 - 8839 - {@anon-20220224_161359-13:localhost:8839} Processed request: 0.004sec/0.001sec (0.001sec, 0.000sec) (0.001sec/0.001sec/3) 15B 200 "POST /_matrix/client/unstable/keys/signatures/upload?access_token=<redacted> HTTP/1.1" "Perl + Net::Async::HTTP/0.48" [0 dbevts]

Full logs can be found at https://github.com/matrix-org/sytest/actions/runs/1893676524

Version information

Homeserver: None, discovered by Sytest

Version: Develop as of 2022-02-24 14:56:24 Commit 41cf4c2
Install method:

Platform:

The text was updated successfully, but these errors were encountered:

erikjohnston · 2022-02-28T10:29:24Z

This is because Synapse doesn't allow you to upload replace a different key with the same key ID:

synapse/synapse/handlers/e2e_keys.py

Lines 887 to 892 in e24ff8e

    
           if self_signing_key_id in stored_device.get("signatures", {}).get( 
        
               user_id, {} 
        
           ): 
        
               # we already have a signature on this device, so we 
        
               # can skip it, since it should be exactly the same 
        
               continue

We should probably return an entry in failures if the new key doesn't match the old key.

erikjohnston closed this as completed Feb 28, 2022

erikjohnston mentioned this issue Feb 28, 2022

Add required fields to POST /keys/upload matrix-org/sytest#1197

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Device keys signatures aren't propagated over federation #12081

Device keys signatures aren't propagated over federation #12081

S7evinK commented Feb 24, 2022

erikjohnston commented Feb 28, 2022

Device keys signatures aren't propagated over federation #12081

Device keys signatures aren't propagated over federation #12081

Comments

S7evinK commented Feb 24, 2022

Description

Steps to reproduce

Version information

erikjohnston commented Feb 28, 2022