Reference Matrix Home Server

6 files changed, 575 insertions, 0 deletions

diff --git a/synapse/crypto/__init__.py b/synapse/crypto/__init__.py
new file mode 100644
index 0000000000..fe8a073cd3
--- /dev/null
+++ b/synapse/crypto/__init__.py
@@ -0,0 +1,14 @@
+# -*- coding: utf-8 -*-
+# Copyright 2014 matrix.org
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
diff --git a/synapse/crypto/config.py b/synapse/crypto/config.py
new file mode 100644
index 0000000000..801dfd8656
--- /dev/null
+++ b/synapse/crypto/config.py
@@ -0,0 +1,159 @@
+# -*- coding: utf-8 -*-
+# Copyright 2014 matrix.org
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import ConfigParser as configparser
+import argparse
+import socket
+import sys
+import os
+from OpenSSL import crypto
+import nacl.signing
+from syutil.base64util import encode_base64
+import subprocess
+
+
+def load_config(description, argv):
+    config_parser = argparse.ArgumentParser(add_help=False)
+    config_parser.add_argument("-c", "--config-path", metavar="CONFIG_FILE",
+                               help="Specify config file")
+    config_args, remaining_args = config_parser.parse_known_args(argv)
+    if config_args.config_path:
+        config = configparser.SafeConfigParser()
+        config.read([config_args.config_path])
+        defaults = dict(config.items("KeyServer"))
+    else:
+        defaults = {}
+    parser = argparse.ArgumentParser(
+        parents=[config_parser],
+        description=description,
+        formatter_class=argparse.RawDescriptionHelpFormatter,
+    )
+    parser.set_defaults(**defaults)
+    parser.add_argument("--server-name", default=socket.getfqdn(),
+                        help="The name of the server")
+    parser.add_argument("--signing-key-path",
+                        help="The signing key to sign responses with")
+    parser.add_argument("--tls-certificate-path",
+                        help="PEM encoded X509 certificate for TLS")
+    parser.add_argument("--tls-private-key-path",
+                        help="PEM encoded private key for TLS")
+    parser.add_argument("--tls-dh-params-path",
+                        help="PEM encoded dh parameters for ephemeral keys")
+    parser.add_argument("--bind-port", type=int,
+                        help="TCP port to listen on")
+    parser.add_argument("--bind-host", default="",
+                        help="Local interface to listen on")
+
+    args = parser.parse_args(remaining_args)
+
+    server_config = vars(args)
+    del server_config["config_path"]
+    return server_config
+
+
+def generate_config(argv):
+    parser = argparse.ArgumentParser()
+    parser.add_argument("-c", "--config-path", help="Specify config file",
+                        metavar="CONFIG_FILE", required=True)
+    parser.add_argument("--server-name", default=socket.getfqdn(),
+                        help="The name of the server")
+    parser.add_argument("--signing-key-path",
+                        help="The signing key to sign responses with")
+    parser.add_argument("--tls-certificate-path",
+                        help="PEM encoded X509 certificate for TLS")
+    parser.add_argument("--tls-private-key-path",
+                        help="PEM encoded private key for TLS")
+    parser.add_argument("--tls-dh-params-path",
+                        help="PEM encoded dh parameters for ephemeral keys")
+    parser.add_argument("--bind-port", type=int, required=True,
+                        help="TCP port to listen on")
+    parser.add_argument("--bind-host", default="",
+                        help="Local interface to listen on")
+
+    args = parser.parse_args(argv)
+
+    dir_name = os.path.dirname(args.config_path)
+    base_key_name = os.path.join(dir_name, args.server_name)
+
+    if args.signing_key_path is None:
+        args.signing_key_path = base_key_name + ".signing.key"
+
+    if args.tls_certificate_path is None:
+        args.tls_certificate_path = base_key_name + ".tls.crt"
+
+    if args.tls_private_key_path is None:
+        args.tls_private_key_path = base_key_name + ".tls.key"
+
+    if args.tls_dh_params_path is None:
+        args.tls_dh_params_path = base_key_name + ".tls.dh"
+
+    if not os.path.exists(args.signing_key_path):
+        with open(args.signing_key_path, "w") as signing_key_file:
+            key = nacl.signing.SigningKey.generate()
+            signing_key_file.write(encode_base64(key.encode()))
+
+    if not os.path.exists(args.tls_private_key_path):
+        with open(args.tls_private_key_path, "w") as private_key_file:
+            tls_private_key = crypto.PKey()
+            tls_private_key.generate_key(crypto.TYPE_RSA, 2048)
+            private_key_pem = crypto.dump_privatekey(
+                crypto.FILETYPE_PEM, tls_private_key
+            )
+            private_key_file.write(private_key_pem)
+    else:
+        with open(args.tls_private_key_path) as private_key_file:
+            private_key_pem = private_key_file.read()
+            tls_private_key = crypto.load_privatekey(
+                crypto.FILETYPE_PEM, private_key_pem
+            )
+
+    if not os.path.exists(args.tls_certificate_path):
+        with open(args.tls_certificate_path, "w") as certifcate_file:
+            cert = crypto.X509()
+            subject = cert.get_subject()
+            subject.CN = args.server_name
+
+            cert.set_serial_number(1000)
+            cert.gmtime_adj_notBefore(0)
+            cert.gmtime_adj_notAfter(10 * 365 * 24 * 60 * 60)
+            cert.set_issuer(cert.get_subject())
+            cert.set_pubkey(tls_private_key)
+
+            cert.sign(tls_private_key, 'sha256')
+
+            cert_pem = crypto.dump_certificate(crypto.FILETYPE_PEM, cert)
+
+            certifcate_file.write(cert_pem)
+
+    if not os.path.exists(args.tls_dh_params_path):
+        subprocess.check_call([
+            "openssl", "dhparam",
+            "-outform", "PEM",
+            "-out", args.tls_dh_params_path,
+            "2048"
+        ])
+
+    config = configparser.SafeConfigParser()
+    config.add_section("KeyServer")
+    for key, value in vars(args).items():
+        if key != "config_path":
+            config.set("KeyServer", key, str(value))
+
+    with open(args.config_path, "w") as config_file:
+        config.write(config_file)
+
+
+if __name__ == "__main__":
+    generate_config(sys.argv[1:])
diff --git a/synapse/crypto/keyclient.py b/synapse/crypto/keyclient.py
new file mode 100644
index 0000000000..b53d1c572b
--- /dev/null
+++ b/synapse/crypto/keyclient.py
@@ -0,0 +1,118 @@
+# -*- coding: utf-8 -*-
+# Copyright 2014 matrix.org
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from twisted.web.http import HTTPClient
+from twisted.internet import defer, reactor
+from twisted.internet.protocol import ClientFactory
+from twisted.names.srvconnect import SRVConnector
+import json
+import logging
+
+
+logger = logging.getLogger(__name__)
+
+
+@defer.inlineCallbacks
+def fetch_server_key(server_name, ssl_context_factory):
+    """Fetch the keys for a remote server."""
+
+    factory = SynapseKeyClientFactory()
+
+    SRVConnector(
+        reactor, "matrix", server_name, factory,
+        protocol="tcp", connectFuncName="connectSSL", defaultPort=443,
+        connectFuncKwArgs=dict(contextFactory=ssl_context_factory)).connect()
+
+    server_key, server_certificate = yield factory.remote_key
+
+    defer.returnValue((server_key, server_certificate))
+
+
+class SynapseKeyClientError(Exception):
+    """The key wasn't retireved from the remote server."""
+    pass
+
+
+class SynapseKeyClientProtocol(HTTPClient):
+    """Low level HTTPS client which retrieves an application/json response from
+    the server and extracts the X.509 certificate for the remote peer from the
+    SSL connection."""
+
+    def connectionMade(self):
+        logger.debug("Connected to %s", self.transport.getHost())
+        self.sendCommand(b"GET", b"/key")
+        self.endHeaders()
+        self.timer = reactor.callLater(
+            self.factory.timeout_seconds,
+            self.on_timeout
+        )
+
+    def handleStatus(self, version, status, message):
+        if status != b"200":
+            logger.info("Non-200 response from %s: %s %s",
+                        self.transport.getHost(), status, message)
+            self.transport.abortConnection()
+
+    def handleResponse(self, response_body_bytes):
+        try:
+            json_response = json.loads(response_body_bytes)
+        except ValueError:
+            logger.info("Invalid JSON response from %s",
+                        self.transport.getHost())
+            self.transport.abortConnection()
+            return
+
+        certificate = self.transport.getPeerCertificate()
+        self.factory.on_remote_key((json_response, certificate))
+        self.transport.abortConnection()
+        self.timer.cancel()
+
+    def on_timeout(self):
+        logger.debug("Timeout waiting for response from %s",
+                     self.transport.getHost())
+        self.transport.abortConnection()
+
+
+class SynapseKeyClientFactory(ClientFactory):
+    protocol = SynapseKeyClientProtocol
+    max_retries = 5
+    timeout_seconds = 30
+
+    def __init__(self):
+        self.succeeded = False
+        self.retries = 0
+        self.remote_key = defer.Deferred()
+
+    def on_remote_key(self, key):
+        self.succeeded = True
+        self.remote_key.callback(key)
+
+    def retry_connection(self, connector):
+        self.retries += 1
+        if self.retries < self.max_retries:
+            connector.connector = None
+            connector.connect()
+        else:
+            self.remote_key.errback(
+                SynapseKeyClientError("Max retries exceeded"))
+
+    def clientConnectionFailed(self, connector, reason):
+        logger.info("Connection failed %s", reason)
+        self.retry_connection(connector)
+
+    def clientConnectionLost(self, connector, reason):
+        logger.info("Connection lost %s", reason)
+        if not self.succeeded:
+            self.retry_connection(connector)
diff --git a/synapse/crypto/keyserver.py b/synapse/crypto/keyserver.py
new file mode 100644
index 0000000000..48bd380781
--- /dev/null
+++ b/synapse/crypto/keyserver.py
@@ -0,0 +1,110 @@
+# -*- coding: utf-8 -*-
+# Copyright 2014 matrix.org
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from twisted.internet import reactor, ssl
+from twisted.web import server
+from twisted.web.resource import Resource
+from twisted.python.log import PythonLoggingObserver
+
+from synapse.crypto.resource.key import LocalKey
+from synapse.crypto.config import load_config
+
+from syutil.base64util import decode_base64
+
+from OpenSSL import crypto, SSL
+
+import logging
+import nacl.signing
+import sys
+
+
+class KeyServerSSLContextFactory(ssl.ContextFactory):
+    """Factory for PyOpenSSL SSL contexts that are used to handle incoming
+    connections and to make connections to remote servers."""
+
+    def __init__(self, key_server):
+        self._context = SSL.Context(SSL.SSLv23_METHOD)
+        self.configure_context(self._context, key_server)
+
+    @staticmethod
+    def configure_context(context, key_server):
+        context.set_options(SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3)
+        context.use_certificate(key_server.tls_certificate)
+        context.use_privatekey(key_server.tls_private_key)
+        context.load_tmp_dh(key_server.tls_dh_params_path)
+        context.set_cipher_list("!ADH:HIGH+kEDH:!AECDH:HIGH+kEECDH")
+
+    def getContext(self):
+        return self._context
+
+
+class KeyServer(object):
+    """An HTTPS server serving LocalKey and RemoteKey resources."""
+
+    def __init__(self, server_name, tls_certificate_path, tls_private_key_path,
+                 tls_dh_params_path, signing_key_path, bind_host, bind_port):
+        self.server_name = server_name
+        self.tls_certificate = self.read_tls_certificate(tls_certificate_path)
+        self.tls_private_key = self.read_tls_private_key(tls_private_key_path)
+        self.tls_dh_params_path = tls_dh_params_path
+        self.signing_key = self.read_signing_key(signing_key_path)
+        self.bind_host = bind_host
+        self.bind_port = int(bind_port)
+        self.ssl_context_factory = KeyServerSSLContextFactory(self)
+
+    @staticmethod
+    def read_tls_certificate(cert_path):
+        with open(cert_path) as cert_file:
+            cert_pem = cert_file.read()
+            return crypto.load_certificate(crypto.FILETYPE_PEM, cert_pem)
+
+    @staticmethod
+    def read_tls_private_key(private_key_path):
+        with open(private_key_path) as private_key_file:
+            private_key_pem = private_key_file.read()
+            return crypto.load_privatekey(crypto.FILETYPE_PEM, private_key_pem)
+
+    @staticmethod
+    def read_signing_key(signing_key_path):
+        with open(signing_key_path) as signing_key_file:
+            signing_key_b64 = signing_key_file.read()
+            signing_key_bytes = decode_base64(signing_key_b64)
+            return nacl.signing.SigningKey(signing_key_bytes)
+
+    def run(self):
+        root = Resource()
+        root.putChild("key", LocalKey(self))
+        site = server.Site(root)
+        reactor.listenSSL(
+            self.bind_port,
+            site,
+            self.ssl_context_factory,
+            interface=self.bind_host
+        )
+
+        logging.basicConfig(level=logging.DEBUG)
+        observer = PythonLoggingObserver()
+        observer.start()
+
+        reactor.run()
+
+
+def main():
+    key_server = KeyServer(**load_config(__doc__, sys.argv[1:]))
+    key_server.run()
+
+
+if __name__ == "__main__":
+    main()
diff --git a/synapse/crypto/resource/__init__.py b/synapse/crypto/resource/__init__.py
new file mode 100644
index 0000000000..fe8a073cd3
--- /dev/null
+++ b/synapse/crypto/resource/__init__.py
@@ -0,0 +1,14 @@
+# -*- coding: utf-8 -*-
+# Copyright 2014 matrix.org
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
diff --git a/synapse/crypto/resource/key.py b/synapse/crypto/resource/key.py
new file mode 100644
index 0000000000..6ce6e0b034
--- /dev/null
+++ b/synapse/crypto/resource/key.py
@@ -0,0 +1,160 @@
+# -*- coding: utf-8 -*-
+# Copyright 2014 matrix.org
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from twisted.web.resource import Resource
+from twisted.web.server import NOT_DONE_YET
+from twisted.internet import defer
+from synapse.http.server import respond_with_json_bytes
+from synapse.crypto.keyclient import fetch_server_key
+from syutil.crypto.jsonsign import sign_json, verify_signed_json
+from syutil.base64util import encode_base64, decode_base64
+from syutil.jsonutil import encode_canonical_json
+from OpenSSL import crypto
+from nacl.signing import VerifyKey
+import logging
+
+
+logger = logging.getLogger(__name__)
+
+
+class LocalKey(Resource):
+    """HTTP resource containing encoding the TLS X.509 certificate and NACL
+    signature verification keys for this server::
+
+        GET /key HTTP/1.1
+
+        HTTP/1.1 200 OK
+        Content-Type: application/json
+        {
+            "server_name": "this.server.example.com"
+            "signature_verify_key": # base64 encoded NACL verification key.
+            "tls_certificate": # base64 ASN.1 DER encoded X.509 tls cert.
+            "signatures": {
+                "this.server.example.com": # NACL signature for this server.
+            }
+        }
+    """
+
+    def __init__(self, key_server):
+        self.key_server = key_server
+        self.response_body = encode_canonical_json(
+            self.response_json_object(key_server)
+        )
+        Resource.__init__(self)
+
+    @staticmethod
+    def response_json_object(key_server):
+        verify_key_bytes = key_server.signing_key.verify_key.encode()
+        x509_certificate_bytes = crypto.dump_certificate(
+            crypto.FILETYPE_ASN1,
+            key_server.tls_certificate
+        )
+        json_object = {
+            u"server_name": key_server.server_name,
+            u"signature_verify_key": encode_base64(verify_key_bytes),
+            u"tls_certificate": encode_base64(x509_certificate_bytes)
+        }
+        signed_json = sign_json(
+            json_object,
+            key_server.server_name,
+            key_server.signing_key
+        )
+        return signed_json
+
+    def getChild(self, name, request):
+        logger.info("getChild %s %s", name, request)
+        if name == '':
+            return self
+        else:
+            return RemoteKey(name, self.key_server)
+
+    def render_GET(self, request):
+        return respond_with_json_bytes(request, 200, self.response_body)
+
+
+class RemoteKey(Resource):
+    """HTTP resource for retreiving the TLS certificate and NACL signature
+    verification keys for a another server. Checks that the reported X.509 TLS
+    certificate matches the one used in the HTTPS connection. Checks that the
+    NACL signature for the remote server is valid. Returns JSON signed by both
+    the remote server and by this server.
+
+    GET /key/remote.server.example.com HTTP/1.1
+
+    HTTP/1.1 200 OK
+    Content-Type: application/json
+    {
+        "server_name": "remote.server.example.com"
+        "signature_verify_key": # base64 encoded NACL verification key.
+        "tls_certificate": # base64 ASN.1 DER encoded X.509 tls cert.
+        "signatures": {
+            "remote.server.example.com": # NACL signature for remote server.
+            "this.server.example.com": # NACL signature for this server.
+        }
+    }
+    """
+
+    isLeaf = True
+
+    def __init__(self, server_name, key_server):
+        self.server_name = server_name
+        self.key_server = key_server
+        Resource.__init__(self)
+
+    def render_GET(self, request):
+        self._async_render_GET(request)
+        return NOT_DONE_YET
+
+    @defer.inlineCallbacks
+    def _async_render_GET(self, request):
+        try:
+            server_keys, certificate = yield fetch_server_key(
+                self.server_name,
+                self.key_server.ssl_context_factory
+            )
+
+            resp_server_name = server_keys[u"server_name"]
+            verify_key_b64 = server_keys[u"signature_verify_key"]
+            tls_certificate_b64 = server_keys[u"tls_certificate"]
+            verify_key = VerifyKey(decode_base64(verify_key_b64))
+
+            if resp_server_name != self.server_name:
+                raise ValueError("Wrong server name '%s' != '%s'" %
+                                 (resp_server_name, self.server_name))
+
+            x509_certificate_bytes = crypto.dump_certificate(
+                crypto.FILETYPE_ASN1,
+                certificate
+            )
+
+            if encode_base64(x509_certificate_bytes) != tls_certificate_b64:
+                raise ValueError("TLS certificate doesn't match")
+
+            verify_signed_json(server_keys, self.server_name, verify_key)
+
+            signed_json = sign_json(
+                server_keys,
+                self.key_server.server_name,
+                self.key_server.signing_key
+            )
+
+            json_bytes = encode_canonical_json(signed_json)
+            respond_with_json_bytes(request, 200, json_bytes)
+
+        except Exception as e:
+            json_bytes = encode_canonical_json({
+                u"error": {u"code": 502, u"message": e.message}
+            })
+            respond_with_json_bytes(request, 502, json_bytes)