Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support for fallback keys #3451

Merged
merged 1 commit into from
Dec 17, 2024
Merged

Conversation

neilalexander
Copy link
Contributor

Backports support for fallback keys from Harmony, which should make E2EE more reliable in the face of OTK exhaustion.

Signed-off-by: Neil Alexander git@neilalexander.dev

@neilalexander neilalexander requested a review from a team as a code owner December 15, 2024 11:22
@codecov-commenter
Copy link

codecov-commenter commented Dec 15, 2024

Codecov Report

Attention: Patch coverage is 50.79365% with 93 lines in your changes missing coverage. Please review.

Project coverage is 49.34%. Comparing base (23e097c) to head (b302ef0).

Files with missing lines Patch % Lines
userapi/internal/key_api.go 10.63% 40 Missing and 2 partials ⚠️
userapi/storage/postgres/fallback_keys_table.go 64.28% 15 Missing and 5 partials ⚠️
userapi/storage/sqlite3/fallback_keys_table.go 64.28% 15 Missing and 5 partials ⚠️
userapi/storage/shared/storage.go 66.66% 4 Missing and 1 partial ⚠️
userapi/storage/postgres/storage.go 40.00% 2 Missing and 1 partial ⚠️
userapi/storage/sqlite3/storage.go 40.00% 2 Missing and 1 partial ⚠️
Additional details and impacted files
@@            Coverage Diff             @@
##             main    #3451      +/-   ##
==========================================
- Coverage   49.37%   49.34%   -0.03%     
==========================================
  Files         522      524       +2     
  Lines       59488    59674     +186     
==========================================
+ Hits        29373    29448      +75     
- Misses      26651    26745      +94     
- Partials     3464     3481      +17     
Flag Coverage Δ
unittests 49.34% <50.79%> (-0.03%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@neilalexander neilalexander force-pushed the fallback-keys branch 2 times, most recently from 650d72d to fcb75ac Compare December 16, 2024 19:46
Copy link
Contributor

@S7evinK S7evinK left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks sane to me, just the dupe indexes and the strange clearing of the fallback keys in the loop which need some clarification.

CONSTRAINT keyserver_fallback_keys_unique UNIQUE (user_id, device_id, algorithm)
);

CREATE INDEX IF NOT EXISTS keyserver_fallback_keys_idx ON keyserver_fallback_keys (user_id, device_id);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this index is already covered by the constraint above.
(See this, where we have similar patterns for indexes.)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's not a given, depending on the index type, that an aggregate index will optimise lookups for constituent columns without all keys present. Therefore a lookup by (user_id, device_id) only is not necessarily optimised by the aggregate (user_id, device_id, algorithm). I think btree indices fall under this category.

used BOOLEAN NOT NULL
);
CREATE UNIQUE INDEX IF NOT EXISTS keyserver_fallback_keys_unique_idx ON keyserver_fallback_keys(user_id, device_id, algorithm);
CREATE INDEX IF NOT EXISTS keyserver_fallback_keys_idx ON keyserver_fallback_keys (user_id, device_id);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Similar, I think this is covered by the unique index.

Comment on lines 801 to 799
if err := a.KeyDatabase.DeleteFallbackKeys(ctx, req.UserID, req.DeviceID); err != nil {
res.KeyError(req.UserID, req.DeviceID, &api.KeyError{
Err: fmt.Sprintf("%s device %s : failed to clear fallback keys: %s", req.UserID, req.DeviceID, err.Error()),
})
continue
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not totally sure why we need to clear existing fallback keys, but doing that in this loop seems odd.

We clear the keys, store a new one, clear the keys, store a new one, etc. Don't we end up with just one key?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed this.

@neilalexander neilalexander force-pushed the fallback-keys branch 2 times, most recently from da787e7 to f3c90b7 Compare December 17, 2024 11:14
Copy link
Contributor

@S7evinK S7evinK left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM now! Thanks!

@S7evinK S7evinK merged commit 78dbf21 into element-hq:main Dec 17, 2024
19 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants