From 7cbdab30f45521ce0b578fc7b0fedb7dacb479f8 Mon Sep 17 00:00:00 2001 From: Mark Haines Date: Fri, 9 Jun 2017 18:07:34 +0100 Subject: [PATCH] Add a database for storing the server keys (#137) * Add a database for storing the server keys * Tweak wording, and comment on the resolution of the timestamp * Update gomatrixserverlib --- .../cmd/dendrite-client-api-server/main.go | 29 ++-- .../dendrite-federation-api-server/main.go | 24 ++-- .../matrix-org/dendrite/common/keydb/keydb.go | 70 ++++++++++ .../dendrite/common/keydb/server_key_table.go | 125 ++++++++++++++++++ vendor/manifest | 2 +- .../matrix-org/gomatrixserverlib/keyring.go | 6 + .../matrix-org/gomatrixserverlib/signing.go | 32 +++-- 7 files changed, 243 insertions(+), 45 deletions(-) create mode 100644 src/github.com/matrix-org/dendrite/common/keydb/keydb.go create mode 100644 src/github.com/matrix-org/dendrite/common/keydb/server_key_table.go diff --git a/src/github.com/matrix-org/dendrite/cmd/dendrite-client-api-server/main.go b/src/github.com/matrix-org/dendrite/cmd/dendrite-client-api-server/main.go index fd1df9a3..aabfb065 100644 --- a/src/github.com/matrix-org/dendrite/cmd/dendrite-client-api-server/main.go +++ b/src/github.com/matrix-org/dendrite/cmd/dendrite-client-api-server/main.go @@ -25,6 +25,7 @@ import ( "github.com/matrix-org/dendrite/clientapi/producers" "github.com/matrix-org/dendrite/clientapi/routing" "github.com/matrix-org/dendrite/common" + "github.com/matrix-org/dendrite/common/keydb" "github.com/matrix-org/dendrite/roomserver/api" "github.com/matrix-org/gomatrixserverlib" @@ -41,6 +42,7 @@ var ( serverName = gomatrixserverlib.ServerName(os.Getenv("SERVER_NAME")) serverKey = os.Getenv("SERVER_KEY") accountDataSource = os.Getenv("ACCOUNT_DATABASE") + keyDataSource = os.Getenv("KEY_DATABASE") ) func main() { @@ -79,7 +81,7 @@ func main() { roomserverProducer, err := producers.NewRoomserverProducer(cfg.KafkaProducerURIs, cfg.ClientAPIOutputTopic) if err != nil { - log.Panicf("Failed to setup kafka producers(%s): %s", cfg.KafkaProducerURIs, err) + log.Panicf("Failed to setup kafka producers(%q): %s", cfg.KafkaProducerURIs, err) } federation := gomatrixserverlib.NewFederationClient(cfg.ServerName, cfg.KeyID, cfg.PrivateKey) @@ -87,11 +89,15 @@ func main() { queryAPI := api.NewRoomserverQueryAPIHTTP(cfg.RoomserverURL, nil) accountDB, err := accounts.NewDatabase(accountDataSource, serverName) if err != nil { - log.Panicf("Failed to setup account database(%s): %s", accountDataSource, err.Error()) + log.Panicf("Failed to setup account database(%q): %s", accountDataSource, err.Error()) } deviceDB, err := devices.NewDatabase(accountDataSource, serverName) if err != nil { - log.Panicf("Failed to setup device database(%s): %s", accountDataSource, err.Error()) + log.Panicf("Failed to setup device database(%q): %s", accountDataSource, err.Error()) + } + keyDB, err := keydb.NewDatabase(keyDataSource) + if err != nil { + log.Panicf("Failed to setup key database(%q): %s", keyDataSource, err.Error()) } keyRing := gomatrixserverlib.KeyRing{ @@ -99,7 +105,7 @@ func main() { // TODO: Use perspective key fetchers for production. &gomatrixserverlib.DirectKeyFetcher{federation.Client}, }, - KeyDatabase: &dummyKeyDatabase{}, + KeyDatabase: keyDB, } routing.Setup( @@ -108,18 +114,3 @@ func main() { ) log.Fatal(http.ListenAndServe(bindAddr, nil)) } - -// TODO: Implement a proper key database. -type dummyKeyDatabase struct{} - -func (d *dummyKeyDatabase) FetchKeys( - requests map[gomatrixserverlib.PublicKeyRequest]gomatrixserverlib.Timestamp, -) (map[gomatrixserverlib.PublicKeyRequest]gomatrixserverlib.ServerKeys, error) { - return nil, nil -} - -func (d *dummyKeyDatabase) StoreKeys( - map[gomatrixserverlib.PublicKeyRequest]gomatrixserverlib.ServerKeys, -) error { - return nil -} diff --git a/src/github.com/matrix-org/dendrite/cmd/dendrite-federation-api-server/main.go b/src/github.com/matrix-org/dendrite/cmd/dendrite-federation-api-server/main.go index 268eecbe..1a7abd6a 100644 --- a/src/github.com/matrix-org/dendrite/cmd/dendrite-federation-api-server/main.go +++ b/src/github.com/matrix-org/dendrite/cmd/dendrite-federation-api-server/main.go @@ -23,6 +23,7 @@ import ( "github.com/matrix-org/dendrite/clientapi/producers" "github.com/matrix-org/dendrite/common" + "github.com/matrix-org/dendrite/common/keydb" "github.com/matrix-org/dendrite/federationapi/config" "github.com/matrix-org/dendrite/federationapi/routing" "github.com/matrix-org/dendrite/roomserver/api" @@ -47,6 +48,7 @@ var ( kafkaURIs = strings.Split(os.Getenv("KAFKA_URIS"), ",") roomserverURL = os.Getenv("ROOMSERVER_URL") roomserverInputTopic = os.Getenv("TOPIC_INPUT_ROOM_EVENT") + keyDataSource = os.Getenv("KEY_DATABASE") ) func main() { @@ -95,12 +97,17 @@ func main() { federation := gomatrixserverlib.NewFederationClient(cfg.ServerName, cfg.KeyID, cfg.PrivateKey) + keyDB, err := keydb.NewDatabase(keyDataSource) + if err != nil { + log.Panicf("Failed to setup key database(%q): %s", keyDataSource, err.Error()) + } + keyRing := gomatrixserverlib.KeyRing{ KeyFetchers: []gomatrixserverlib.KeyFetcher{ // TODO: Use perspective key fetchers for production. &gomatrixserverlib.DirectKeyFetcher{federation.Client}, }, - KeyDatabase: &dummyKeyDatabase{}, + KeyDatabase: keyDB, } queryAPI := api.NewRoomserverQueryAPIHTTP(roomserverURL, nil) @@ -112,18 +119,3 @@ func main() { routing.Setup(http.DefaultServeMux, cfg, queryAPI, roomserverProducer, keyRing, federation) log.Fatal(http.ListenAndServe(bindAddr, nil)) } - -// TODO: Implement a proper key database. -type dummyKeyDatabase struct{} - -func (d *dummyKeyDatabase) FetchKeys( - requests map[gomatrixserverlib.PublicKeyRequest]gomatrixserverlib.Timestamp, -) (map[gomatrixserverlib.PublicKeyRequest]gomatrixserverlib.ServerKeys, error) { - return nil, nil -} - -func (d *dummyKeyDatabase) StoreKeys( - map[gomatrixserverlib.PublicKeyRequest]gomatrixserverlib.ServerKeys, -) error { - return nil -} diff --git a/src/github.com/matrix-org/dendrite/common/keydb/keydb.go b/src/github.com/matrix-org/dendrite/common/keydb/keydb.go new file mode 100644 index 00000000..0e396a3a --- /dev/null +++ b/src/github.com/matrix-org/dendrite/common/keydb/keydb.go @@ -0,0 +1,70 @@ +// Copyright 2017 Vector Creations Ltd +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package keydb + +import ( + "database/sql" + "github.com/matrix-org/gomatrixserverlib" +) + +// A Database implements gomatrixserverlib.KeyDatabase and is used to store +// the public keys for other matrix servers. +type Database struct { + statements serverKeyStatements +} + +// NewDatabase prepares a new key database. +// It creates the necessary tables if they don't already exist. +// It prepares all the SQL statements that it will use. +// Returns an error if there was a problem talking to the database. +func NewDatabase(dataSourceName string) (*Database, error) { + db, err := sql.Open("postgres", dataSourceName) + if err != nil { + return nil, err + } + d := &Database{} + d.statements.prepare(db) + return d, nil +} + +// FetchKeys implements gomatrixserverlib.KeyDatabase +func (d *Database) FetchKeys( + requests map[gomatrixserverlib.PublicKeyRequest]gomatrixserverlib.Timestamp, +) (map[gomatrixserverlib.PublicKeyRequest]gomatrixserverlib.ServerKeys, error) { + return d.statements.bulkSelectServerKeys(requests) +} + +// StoreKeys implements gomatrixserverlib.KeyDatabase +func (d *Database) StoreKeys( + keyMap map[gomatrixserverlib.PublicKeyRequest]gomatrixserverlib.ServerKeys, +) error { + // TODO: Inserting all the keys within a single transaction may + // be more efficient since the transaction overhead can be quite + // high for a single insert statement. + var lastErr error + for request, keys := range keyMap { + if err := d.statements.upsertServerKeys(request, keys); err != nil { + // Rather than returning immediately on error we try to insert the + // remaining keys. + // Since we are inserting the keys outside of a transaction it is + // possible for some of the inserts to succeed even though some + // of the inserts have failed. + // Ensuring that we always insert all the keys we can means that + // this behaviour won't depend on the iteration order of the map. + lastErr = err + } + } + return lastErr +} diff --git a/src/github.com/matrix-org/dendrite/common/keydb/server_key_table.go b/src/github.com/matrix-org/dendrite/common/keydb/server_key_table.go new file mode 100644 index 00000000..d06b2822 --- /dev/null +++ b/src/github.com/matrix-org/dendrite/common/keydb/server_key_table.go @@ -0,0 +1,125 @@ +// Copyright 2017 Vector Creations Ltd +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package keydb + +import ( + "database/sql" + "encoding/json" + "github.com/lib/pq" + "github.com/matrix-org/gomatrixserverlib" +) + +const serverKeysSchema = ` +-- A cache of server keys downloaded from remote servers. +CREATE TABLE IF NOT EXISTS server_keys ( + -- The name of the matrix server the key is for. + server_name TEXT NOT NULL, + -- The ID of the server key. + server_key_id TEXT NOT NULL, + -- Combined server name and key ID separated by the ASCII unit separator + -- to make it easier to run bulk queries. + server_name_and_key_id TEXT NOT NULL, + -- When the keys are valid until as a millisecond timestamp. + valid_until_ts BIGINT NOT NULL, + -- The raw JSON for the server key. + server_key_json TEXT NOT NULL, + CONSTRAINT server_keys_unique UNIQUE (server_name, server_key_id) +); + +CREATE INDEX IF NOT EXISTS server_name_and_key_id ON server_keys (server_name_and_key_id); +` + +const bulkSelectServerKeysSQL = "" + + "SELECT server_name, server_key_id, server_key_json FROM server_keys" + + " WHERE server_name_and_key_id = ANY($1)" + +const upsertServerKeysSQL = "" + + "INSERT INTO server_keys (server_name, server_key_id," + + " server_name_and_key_id, valid_until_ts, server_key_json)" + + " VALUES ($1, $2, $3, $4, $5)" + + " ON CONFLICT ON CONSTRAINT server_keys_unique" + + " DO UPDATE SET valid_until_ts = $4, server_key_json = $5" + +type serverKeyStatements struct { + bulkSelectServerKeysStmt *sql.Stmt + upsertServerKeysStmt *sql.Stmt +} + +func (s *serverKeyStatements) prepare(db *sql.DB) (err error) { + _, err = db.Exec(serverKeysSchema) + if err != nil { + return + } + if s.bulkSelectServerKeysStmt, err = db.Prepare(bulkSelectServerKeysSQL); err != nil { + return + } + if s.upsertServerKeysStmt, err = db.Prepare(upsertServerKeysSQL); err != nil { + return + } + return +} + +func (s *serverKeyStatements) bulkSelectServerKeys( + requests map[gomatrixserverlib.PublicKeyRequest]gomatrixserverlib.Timestamp, +) (map[gomatrixserverlib.PublicKeyRequest]gomatrixserverlib.ServerKeys, error) { + var nameAndKeyIDs []string + for request := range requests { + nameAndKeyIDs = append(nameAndKeyIDs, nameAndKeyID(request)) + } + rows, err := s.bulkSelectServerKeysStmt.Query(pq.StringArray(nameAndKeyIDs)) + if err != nil { + return nil, err + } + defer rows.Close() + results := map[gomatrixserverlib.PublicKeyRequest]gomatrixserverlib.ServerKeys{} + for rows.Next() { + var serverName string + var keyID string + var keyJSON []byte + if err := rows.Scan(&serverName, &keyID, &keyJSON); err != nil { + return nil, err + } + var serverKeys gomatrixserverlib.ServerKeys + if err := json.Unmarshal(keyJSON, &serverKeys); err != nil { + return nil, err + } + r := gomatrixserverlib.PublicKeyRequest{ + gomatrixserverlib.ServerName(serverName), gomatrixserverlib.KeyID(keyID), + } + results[r] = serverKeys + } + return results, nil +} + +func (s *serverKeyStatements) upsertServerKeys( + request gomatrixserverlib.PublicKeyRequest, keys gomatrixserverlib.ServerKeys, +) error { + keyJSON, err := json.Marshal(keys) + if err != nil { + return err + } + _, err = s.upsertServerKeysStmt.Exec( + string(request.ServerName), string(request.KeyID), nameAndKeyID(request), + int64(keys.ValidUntilTS), keyJSON, + ) + if err != nil { + return err + } + return nil +} + +func nameAndKeyID(request gomatrixserverlib.PublicKeyRequest) string { + return string(request.ServerName) + "\x1F" + string(request.KeyID) +} diff --git a/vendor/manifest b/vendor/manifest index edd1c12b..209abd3e 100644 --- a/vendor/manifest +++ b/vendor/manifest @@ -98,7 +98,7 @@ { "importpath": "github.com/matrix-org/gomatrixserverlib", "repository": "https://github.com/matrix-org/gomatrixserverlib", - "revision": "b1dfcb3b345cc8410f1a03fec0a1ffe6bd002dcd", + "revision": "0e1596ae7b0a034ec572cd1448aeaf7e96bff95a", "branch": "master" }, { diff --git a/vendor/src/github.com/matrix-org/gomatrixserverlib/keyring.go b/vendor/src/github.com/matrix-org/gomatrixserverlib/keyring.go index f86108ba..140bc9aa 100644 --- a/vendor/src/github.com/matrix-org/gomatrixserverlib/keyring.go +++ b/vendor/src/github.com/matrix-org/gomatrixserverlib/keyring.go @@ -32,6 +32,12 @@ type KeyFetcher interface { type KeyDatabase interface { KeyFetcher // Add a block of public keys to the database. + // Returns an error if there was a problem storing the keys. + // A database is not required to rollback storing the all keys if some of + // the keys aren't stored, and an in-progess store may be partially visible + // to a concurrent FetchKeys(). This is acceptable since the database is + // only used as a cache for the keys, so if a FetchKeys() races with a + // StoreKeys() and some of the keys are missing they will be just be refetched. StoreKeys(map[PublicKeyRequest]ServerKeys) error } diff --git a/vendor/src/github.com/matrix-org/gomatrixserverlib/signing.go b/vendor/src/github.com/matrix-org/gomatrixserverlib/signing.go index 3607211f..567e12df 100644 --- a/vendor/src/github.com/matrix-org/gomatrixserverlib/signing.go +++ b/vendor/src/github.com/matrix-org/gomatrixserverlib/signing.go @@ -30,15 +30,22 @@ type KeyID string // SignJSON signs a JSON object returning a copy signed with the given key. // https://matrix.org/docs/spec/server_server/unstable.html#signing-json func SignJSON(signingName string, keyID KeyID, privateKey ed25519.PrivateKey, message []byte) ([]byte, error) { + // Unpack the top-level key of the JSON object without unpacking the contents of the keys. + // This allows us to add and remove the top-level keys from the JSON object. + // It also ensures that the JSON is actually a valid JSON object. var object map[string]*json.RawMessage var signatures map[string]map[KeyID]Base64String if err := json.Unmarshal(message, &object); err != nil { return nil, err } + // We don't sign the contents of the unsigned key so we remove it. rawUnsigned, hasUnsigned := object["unsigned"] delete(object, "unsigned") + // Parse the existing signatures if they exist. + // Signing a JSON object adds our signature to the existing + // signature rather than replacing it. if rawSignatures := object["signatures"]; rawSignatures != nil { if err := json.Unmarshal(*rawSignatures, &signatures); err != nil { return nil, err @@ -48,32 +55,35 @@ func SignJSON(signingName string, keyID KeyID, privateKey ed25519.PrivateKey, me signatures = map[string]map[KeyID]Base64String{} } + // Encode the JSON object without the "signatures" key or + // the "unsigned" key in the canonical format. unsorted, err := json.Marshal(object) if err != nil { return nil, err } - canonical, err := CanonicalJSON(unsorted) if err != nil { return nil, err } + // Sign the canonical JSON with the ed25519 key. signature := Base64String(ed25519.Sign(privateKey, canonical)) + // Add the signature to the "signature" key. signaturesForEntity := signatures[signingName] if signaturesForEntity != nil { signaturesForEntity[keyID] = signature } else { signatures[signingName] = map[KeyID]Base64String{keyID: signature} } - var rawSignatures json.RawMessage rawSignatures, err = json.Marshal(signatures) if err != nil { return nil, err } - object["signatures"] = &rawSignatures + + // Add the unsigned key back if it was present. if hasUnsigned { object["unsigned"] = rawUnsigned } @@ -98,41 +108,45 @@ func ListKeyIDs(signingName string, message []byte) ([]KeyID, error) { // VerifyJSON checks that the entity has signed the message using a particular key. func VerifyJSON(signingName string, keyID KeyID, publicKey ed25519.PublicKey, message []byte) error { + // Unpack the top-level key of the JSON object without unpacking the contents of the keys. + // This allows us to add and remove the top-level keys from the JSON object. + // It also ensures that the JSON is actually a valid JSON object. var object map[string]*json.RawMessage var signatures map[string]map[KeyID]Base64String if err := json.Unmarshal(message, &object); err != nil { return err } - delete(object, "unsigned") + // Check that there is a signature from the entity that we are expecting a signature from. if object["signatures"] == nil { return fmt.Errorf("No signatures") } - if err := json.Unmarshal(*object["signatures"], &signatures); err != nil { return err } - delete(object, "signatures") - signature, ok := signatures[signingName][keyID] if !ok { return fmt.Errorf("No signature from %q with ID %q", signingName, keyID) } - if len(signature) != ed25519.SignatureSize { return fmt.Errorf("Bad signature length from %q with ID %q", signingName, keyID) } + // The "unsigned" key and "signatures" keys aren't covered by the signature so remove them. + delete(object, "unsigned") + delete(object, "signatures") + + // Encode the JSON without the "unsigned" and "signatures" keys in the canonical format. unsorted, err := json.Marshal(object) if err != nil { return err } - canonical, err := CanonicalJSON(unsorted) if err != nil { return err } + // Verify the ed25519 signature. if !ed25519.Verify(publicKey, canonical, signature) { return fmt.Errorf("Bad signature from %q with ID %q", signingName, keyID) }