Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for fallback keys #3451

Merged
merged 1 commit into from
Dec 17, 2024
Merged

Support for fallback keys #3451

merged 1 commit into from
Dec 17, 2024

Conversation

neilalexander
Copy link
Contributor

Backports support for fallback keys from Harmony, which should make E2EE more reliable in the face of OTK exhaustion.

Signed-off-by: Neil Alexander [email protected]

@neilalexander neilalexander requested a review from a team as a code owner December 15, 2024 11:22
@codecov-commenter
Copy link

codecov-commenter commented Dec 15, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 50.79365% with 93 lines in your changes missing coverage. Please review.

Project coverage is 49.34%. Comparing base (23e097c) to head (b302ef0).

Files with missing lines Patch % Lines
userapi/internal/key_api.go 10.63% 40 Missing and 2 partials ⚠️
userapi/storage/postgres/fallback_keys_table.go 64.28% 15 Missing and 5 partials ⚠️
userapi/storage/sqlite3/fallback_keys_table.go 64.28% 15 Missing and 5 partials ⚠️
userapi/storage/shared/storage.go 66.66% 4 Missing and 1 partial ⚠️
userapi/storage/postgres/storage.go 40.00% 2 Missing and 1 partial ⚠️
userapi/storage/sqlite3/storage.go 40.00% 2 Missing and 1 partial ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #3451      +/-   ##
==========================================
- Coverage   49.37%   49.34%   -0.03%     
==========================================
  Files         522      524       +2     
  Lines       59488    59674     +186     
==========================================
+ Hits        29373    29448      +75     
- Misses      26651    26745      +94     
- Partials     3464     3481      +17
Flag Coverage Δ
unittests 49.34% <50.79%> (-0.03%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@neilalexander neilalexander force-pushed the fallback-keys branch 2 times, most recently from 650d72d to fcb75ac Compare December 16, 2024 19:46
S7evinK
S7evinK requested changes Dec 17, 2024
View reviewed changes
Copy link
Contributor

@S7evinK S7evinK left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks sane to me, just the dupe indexes and the strange clearing of the fallback keys in the loop which need some clarification.

userapi/storage/postgres/fallback_keys_table.go
CONSTRAINT keyserver_fallback_keys_unique UNIQUE (user_id, device_id, algorithm)
);

CREATE INDEX IF NOT EXISTS keyserver_fallback_keys_idx ON keyserver_fallback_keys (user_id, device_id);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this index is already covered by the constraint above.
(See this, where we have similar patterns for indexes.)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's not a given, depending on the index type, that an aggregate index will optimise lookups for constituent columns without all keys present. Therefore a lookup by (user_id, device_id) only is not necessarily optimised by the aggregate (user_id, device_id, algorithm). I think btree indices fall under this category.

userapi/storage/sqlite3/fallback_keys_table.go
used BOOLEAN NOT NULL
);
CREATE UNIQUE INDEX IF NOT EXISTS keyserver_fallback_keys_unique_idx ON keyserver_fallback_keys(user_id, device_id, algorithm);
CREATE INDEX IF NOT EXISTS keyserver_fallback_keys_idx ON keyserver_fallback_keys (user_id, device_id);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Similar, I think this is covered by the unique index.

userapi/internal/key_api.go Outdated
Comment on lines 801 to 799
if err := a.KeyDatabase.DeleteFallbackKeys(ctx, req.UserID, req.DeviceID); err != nil {
res.KeyError(req.UserID, req.DeviceID, &api.KeyError{
Err: fmt.Sprintf("%s device %s : failed to clear fallback keys: %s", req.UserID, req.DeviceID, err.Error()),
})
continue
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not totally sure why we need to clear existing fallback keys, but doing that in this loop seems odd.

We clear the keys, store a new one, clear the keys, store a new one, etc. Don't we end up with just one key?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed this.

@neilalexander neilalexander force-pushed the fallback-keys branch 2 times, most recently from da787e7 to f3c90b7 Compare December 17, 2024 11:14
S7evinK
S7evinK approved these changes Dec 17, 2024
View reviewed changes
Copy link
Contributor

@S7evinK S7evinK left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM now! Thanks!

@S7evinK S7evinK merged commit 78dbf21 into element-hq:main Dec 17, 2024
19 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@S7evinK S7evinK S7evinK approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@neilalexander @codecov-commenter @S7evinK