summary refs log tree commit diff
path: root/synapse/crypto (follow)
Commit message (Expand)AuthorAgeFilesLines
* Only sign when we respond to remote key requestsErik Johnston2019-08-211-10/+1
* Add config option for keys to use to sign keysErik Johnston2019-08-211-5/+7
* Share SSL options for well-known requestsErik Johnston2019-07-311-0/+8
* Replace returnValue with return (#5736)Amber Brown2019-07-231-7/+7
* Add a delay to key lookup lock release to fix stack overflowRichard van der Hoff2019-07-191-2/+8
* Refactor Keyring._start_key_lookupsRichard van der Hoff2019-07-191-51/+35
* Move logging utilities out of the side drawer of util/ and into logging/ (#5606)Amber Brown2019-07-041-7/+8
* Update the TLS cipher string and provide configurability for TLS on outgoing ...Amber Brown2019-06-281-6/+33
* Run Black. (#5482)Amber Brown2019-06-202-33/+17
* Merge pull request #5417 from matrix-org/rav/shared_ssl_contextErik Johnston2019-06-101-74/+106
|\
| * rename gutwrenched attrRichard van der Hoff2019-06-101-5/+9
| * Fix federation connections to literal IP addressesRichard van der Hoff2019-06-101-5/+8
| * clean up impl, and import idna directlyRichard van der Hoff2019-06-101-15/+11
| * Share an SSL context object between SSL connectionsRichard van der Hoff2019-06-091-60/+89
* | Improve startup checks for insecure notary configs (#5392)Richard van der Hoff2019-06-101-7/+0
|/
* Stop hardcoding trust of old matrix.org key (#5374)Richard van der Hoff2019-06-061-35/+37
* Associate a request_name with each verify request, for loggingRichard van der Hoff2019-06-051-44/+68
* Clean up debug logging (#5347)Richard van der Hoff2019-06-052-5/+5
* Rename VerifyKeyRequest.deferred field (#5343)Richard van der Hoff2019-06-051-12/+12
* Don't do long retries when calling the key notary server. (#5334)Richard van der Hoff2019-06-041-1/+0
* Notary server: make requests to origins in parallelRichard van der Hoff2019-06-041-1/+9
* Don't bomb out on direct key fetches as soon as one failsRichard van der Hoff2019-06-041-22/+36
* Reduce timeout for outbound /key/v2/server requests.Richard van der Hoff2019-06-031-0/+13
* Enforce validity period on server_keys for fed requests. (#5321)Richard van der Hoff2019-06-031-56/+111
* Merge pull request #5307 from matrix-org/rav/server_keys/07-fix-notary-cache-...Richard van der Hoff2019-06-031-12/+2
|\
| * Stop overwriting server keys with other keysRichard van der Hoff2019-05-311-12/+2
* | Merge remote-tracking branch 'origin/develop' into rav/server_keys/05-rewrite...Richard van der Hoff2019-05-311-41/+28
|\|
| * Remove some pointless exception handlingRichard van der Hoff2019-05-301-25/+8
| * use attr.s for VerifyKeyRequestRichard van der Hoff2019-05-301-17/+21
* | Rewrite get_server_verify_keys, again.Richard van der Hoff2019-05-301-48/+53
|/
* Merge pull request #5251 from matrix-org/rav/server_keys/01-check_sigRichard van der Hoff2019-05-281-41/+92
|\
| * Improve error handling/logging for perspectives-key fetching.Richard van der Hoff2019-05-241-28/+77
| * Require sig from origin server on perspectives responsesRichard van der Hoff2019-05-231-13/+15
* | Simplification to Keyring.wait_for_previous_lookups. (#5250)Richard van der Hoff2019-05-241-7/+4
|/
* Factor out KeyFetchers from KeyRingRichard van der Hoff2019-05-231-140/+175
* Store key validity time in the storage layerRichard van der Hoff2019-05-231-14/+33
* Simplify process_v2_response (#5236)Richard van der Hoff2019-05-231-21/+29
* Remove unused VerifyKey.expired and .time_added fields (#5235)Richard van der Hoff2019-05-231-3/+0
* Rewrite store_server_verify_key to store several keys at once (#5234)Richard van der Hoff2019-05-231-45/+14
* Run black on synapse.crypto.keyring (#5232)Richard van der Hoff2019-05-221-149/+137
* remove extraneous exception loggingRichard van der Hoff2019-04-251-16/+32
* Clarify logging when PDU signature checking failsRichard van der Hoff2019-04-251-3/+1
* Config option for verifying federation certificates (MSC 1711) (#4967)Andrew Morgan2019-04-251-6/+27
* Remove periods from copyright headers (#5046)Andrew Morgan2019-04-111-1/+1
* Rewrite Datastore.get_server_verify_keysRichard van der Hoff2019-04-091-21/+17
* Remove redundant merged_keys dictRichard van der Hoff2019-04-081-8/+5
* Fix from_server buglet in get_keys_from_perspectivesRichard van der Hoff2019-04-081-1/+1
* Hoist server_name check out of process_v2_responseRichard van der Hoff2019-04-041-13/+7
* Clean up Keyring.process_v2_responseRichard van der Hoff2019-04-041-23/+46
* Correctly log expected errors when fetching server keysErik Johnston2019-03-111-2/+2
* raise_from already raisesErik Johnston2019-02-251-4/+4
* Handle errors when fetching remote server keysErik Johnston2019-02-231-21/+51
* fix to use makeContext so that we don't need to rebuild the certificateoption...Amber Brown2019-02-191-8/+6
* Correctly handle RequestSendFailed exceptionsErik Johnston2019-02-141-2/+2
* Don't create server contexts when TLS is disabledRichard van der Hoff2019-02-111-3/+1
* Make add_hashes_and_signatures operate on dictsErik Johnston2019-01-291-10/+6
* Refactor event signing to work on dictsErik Johnston2019-01-281-30/+69
* Don't send IP addresses as SNI (#4452)Richard van der Hoff2019-01-241-3/+12
* Make key fetches use regular federation client (#4426)Richard van der Hoff2019-01-222-172/+7
* Require ECDH key exchange & remove dh_params (#4429)Amber Brown2019-01-221-2/+4
* Remove fetching keys via the deprecated v1 kex method (#4120)Amber Brown2018-10-312-106/+12
* Fix a number of flake8 errorsRichard van der Hoff2018-10-241-1/+1
* Merge pull request #3826 from matrix-org/rav/logging_for_keyringAmber Brown2018-09-121-6/+18
|\
| * add some logging for the keyring queueRichard van der Hoff2018-09-061-6/+18
* | Port crypto/ to Python 3 (#3822)Amber Brown2018-09-123-6/+13
|/
* Don't log exceptions when failing to fetch server keysErik Johnston2018-08-211-2/+6
* more generic conversion of str/bytes to unicodeJeroen2018-08-091-1/+1
* include private functions from twistedJeroen2018-08-091-2/+35
* updated docstring for ServerContextFactoryJeroen2018-08-081-1/+1
* fix isortJeroen2018-07-291-2/+3
* fix accidental removal of hsJeroen2018-07-271-1/+1
* Merge remote-tracking branch 'upstream/develop' into send_sni_for_federation_...Jeroen2018-07-143-32/+36
|\
| * run isortAmber Brown2018-07-094-35/+39
* | Merge branch 'develop' into send_sni_for_federation_requestsJeroen2018-07-091-1/+1
|\|
| * Attempt to be more performant on PyPy (#3462)Amber Brown2018-06-281-1/+1
* | take idna implementation from twistedJeroen2018-06-261-2/+2
* | allow self-signed certificatesJeroen2018-06-261-23/+35
* | formatting changes for pep8Jeroen2018-06-251-2/+2
* | send SNI for federation requestsJeroen2018-06-243-5/+37
|/
* Try to log more helpful info when a sig verification failsRichard van der Hoff2018-06-081-6/+25
* Fixes #3135 - Replace _OpenSSLECCurve with crypto.get_elliptic_curve (#3157)Will Hunt2018-04-301-4/+5
* Merge remote-tracking branch 'origin/develop' into rav/use_run_in_backgroundRichard van der Hoff2018-04-271-45/+48
|\
| * Improve exception handling for background processesRichard van der Hoff2018-04-271-45/+48
* | Use run_in_background in preference to preserve_fnRichard van der Hoff2018-04-271-11/+17
|/
* Use str(e) instead of e.messageAdrian Tschira2018-04-151-4/+4
* Fix 500 when joining matrix-devRichard van der Hoff2017-11-291-3/+10
* replace 'except:' with 'except Exception:'Richard van der Hoff2017-10-233-3/+3
* Merge branch 'develop' into developRichard van der Hoff2017-09-252-136/+166
|\
| * Fix logcontxt leak in keyclient (#2465)Richard van der Hoff2017-09-251-12/+5
| * Fix logcontext handling in verify_json_objects_for_serverRichard van der Hoff2017-09-201-8/+12
| * Turn _start_key_lookups into an inlineCallbacks functionRichard van der Hoff2017-09-201-40/+37
| * Fix potential race in _start_key_lookupsRichard van der Hoff2017-09-201-5/+8
| * Add some comments to _start_key_lookupsRichard van der Hoff2017-09-201-0/+8
| * Consistency for how verify_request.deferred is calledRichard van der Hoff2017-09-201-13/+17
| * Factor out _start_key_lookupsRichard van der Hoff2017-09-201-7/+17
| * Replace `server_and_json` with `verify_requests`Richard van der Hoff2017-09-201-3/+3
| * pull out handle_key_deferred to top levelRichard van der Hoff2017-09-201-43/+44
| * Fix incorrect key_ids in error messageRichard van der Hoff2017-09-201-1/+1
| * Fix concurrent server_key requests (#2458)Richard van der Hoff2017-09-191-1/+3
| * Clean up and document handling of logcontexts in Keyring (#2452)Richard van der Hoff2017-09-181-28/+36
* | Fix iteration of requests_missing_keys; list doesn't have .values()Kenny Keslar2017-07-261-1/+1
|/
* Merge pull request #2050 from matrix-org/rav/federation_backoffRichard van der Hoff2017-03-231-23/+16
|\
| * push federation retry limiter down to matrixfederationclientRichard van der Hoff2017-03-231-23/+16
* | fix up some key verif docstringsRichard van der Hoff2017-03-211-2/+21
|/
* Add some debug to help diagnose weird federation issueRichard van der Hoff2017-03-201-1/+8
* Preserve some logcontextsErik Johnston2016-08-241-18/+18
* Update keyring MeasureErik Johnston2016-08-191-85/+85
* Measure keyringsErik Johnston2016-08-191-34/+36
* Don't print stack traces when failing to get remote keysErik Johnston2016-08-101-12/+16
* Merge branch 'erikj/key_client_fix' of github.com:matrix-org/synapse into rel...Erik Johnston2016-07-281-3/+9
|\
| * Cache getPeerErik Johnston2016-07-211-2/+5
| * Set host not pathErik Johnston2016-07-211-1/+1
| * Send the correct host header when fetching keysErik Johnston2016-07-211-3/+6
* | Merge branch 'develop' into markjh/verifyMark Haines2016-07-271-2/+9
|\ \
| * \ Merge pull request #955 from matrix-org/markjh/only_from2Mark Haines2016-07-271-2/+9
| |\ \
| | * | Add a couple more checks to the keyringMark Haines2016-07-261-2/+9
| | |/
| * / Fix a couple of bugs in the transaction and keyring codeMark Haines2016-07-261-8/+9
| |/
* / Clean up verify_json_objects_for_serverMark Haines2016-07-271-68/+75
|/
* Uncommit accidentally commited edit to cipher listDavid Baker2016-05-101-1/+1
* Pass through _get_event_txnDavid Baker2016-05-101-1/+1
* Make key client send a Host headerErik Johnston2016-03-111-0/+3
* Fix up logcontextsErik Johnston2016-02-081-37/+46
* copyrightsMatthew Hodgson2016-01-075-5/+5
* Actually look up required remote server key IDsPaul "LeoNerd" Evans2015-12-181-1/+3
* Fix typoErik Johnston2015-11-201-1/+1
* Don't limit connections to perspective serversErik Johnston2015-11-201-21/+17
* Fix bug where we sometimes didn't fetch all the keys requested for aErik Johnston2015-09-171-4/+3
* Merge pull request #272 from matrix-org/daniel/insecureclientDaniel Wagner-Hall2015-09-151-2/+2
|\
| * Allow configuration to ignore invalid SSL certsDaniel Wagner-Hall2015-09-091-2/+2
* | Various bug fixes to crypto.keyringErik Johnston2015-09-091-10/+17
|/
* Remove syutil dependency in favour of smaller single-purpose librariesMark Haines2015-08-242-13/+14
* Merge pull request #194 from matrix-org/erikj/bulk_verify_sigsErik Johnston2015-07-101-131/+342
|\
| * Wait for previous attempts at fetching keys for a given server before trying ...Erik Johnston2015-06-261-15/+68
| * Implement bulk verify_signed_json APIErik Johnston2015-06-261-134/+292
* | remove the tls_certificate_chain_path param and simply support tls_certificat...Matthew Hodgson2015-07-091-3/+1
* | oops, context.tls_certificate_chain_file() expects a file, not a certificate.Matthew Hodgson2015-07-081-2/+2
* | typoMatthew Hodgson2015-07-081-1/+1
* | add new optional config for tls_certificate_chain_path for folks with interme...Matthew Hodgson2015-07-081-0/+2
|/
* Handle the case when things return empty but non none thingsErik Johnston2015-05-191-2/+2
* Don't always hit get_server_verify_key_v1_directErik Johnston2015-05-191-5/+10
* SYN-383: Actually, we expect this value to be a dictErik Johnston2015-05-191-1/+2
* SYN-383: Handle the fact the server might not have signed thingsErik Johnston2015-05-191-1/+1
* Don't reuse var namesErik Johnston2015-05-191-2/+2
* SYN-383: Fix parsing of verify_keys and catching of _DefGen_ReturnErik Johnston2015-05-191-18/+18
* SYN-383: Extract the response list from 'server_keys' in the response JSON as...Mark Haines2015-05-191-1/+3
* Merge pull request #143 from matrix-org/erikj/SYN-375Mark Haines2015-05-121-2/+6
|\
| * Change the way we create observers to deferreds so that we don't get spammed ...Erik Johnston2015-05-081-2/+6
* | Change the way we do logging contexts so that they survive divergencesErik Johnston2015-05-081-6/+11
|/
* Use a defer.gatherResults to collect results from the perspective serversMark Haines2015-04-291-11/+21
* Update the query format used by keyring to match current key v2 specMark Haines2015-04-291-1/+12
* Implement minimum_valid_until_ts in the remote key resourceMark Haines2015-04-291-0/+1
* Merge branch 'develop' into key_distributionMark Haines2015-04-271-0/+20
|\
| * Fix newlinesErik Johnston2015-04-271-2/+1
| * Pull inner function out.Erik Johnston2015-04-271-76/+77
| * Implement locks using create_observer for fetching media and server keysErik Johnston2015-04-271-59/+79
* | Add config for setting the perspective serversMark Haines2015-04-241-1/+5
* | Update to match the specification for key/v2Mark Haines2015-04-231-2/+2
* | Implement remote key lookup apiMark Haines2015-04-222-38/+43
* | Implement v2 key lookupMark Haines2015-04-201-17/+251
* | Fail quicker for 4xx responses in the key client, optional hit a different AP...Mark Haines2015-04-151-6/+31
|/
* Don't look for an TLS private key if we have set --no-tlsErik Johnston2015-03-061-1/+4
* Log error message when we fail to fetch remote server keysErik Johnston2015-03-051-2/+11
* Try to only back off if we think we failed to connect to the remoteErik Johnston2015-02-171-54/+54
* Add per server retry limiting.Erik Johnston2015-02-171-15/+7
* Rate limit retries when fetching server keys.Erik Johnston2015-02-171-55/+71
* Blunty replace json with simplejsonErik Johnston2015-02-111-1/+1
* Fix code-styleMark Haines2015-02-101-2/+2
* Fix bug in timeout handling in keyclientErik Johnston2015-01-301-3/+4
* Update copyright noticesMark Haines2015-01-065-5/+5
* Try and figure out how and why signatures are being changed.Erik Johnston2014-12-101-1/+2
* More bug fixesErik Johnston2014-12-081-1/+1
* Convert rest and handlers to use new event structureErik Johnston2014-12-041-1/+1
* WIP for new way of managing events.Erik Johnston2014-12-031-18/+21
* Merge branch 'develop' into http_client_refactorDavid Baker2014-11-202-3/+3
|\
| * Use module loggers rather than the root logger. Exceptions caused by bad clie...Mark Haines2014-11-201-1/+1
| * Add a few missing yields, Move deferred lists inside PreserveLoggingContext b...Mark Haines2014-11-201-2/+2
* | Separate out the matrix http client completely because just about all of its ...David Baker2014-11-201-3/+3
|/
* Merge PDUs and Events into one objectMark Haines2014-11-141-12/+3
* Fix PDU and event signaturesMark Haines2014-11-141-1/+10
* Validate signatures on incoming eventsMark Haines2014-11-141-4/+14
* Merge branch 'develop' into request_loggingMark Haines2014-11-141-0/+98
|\
| * Tidy up some of the unused sql tablesErik Johnston2014-11-101-2/+0
| * Finish redaction algorithm.Erik Johnston2014-11-101-5/+2
| * Add hash of current state to eventsErik Johnston2014-11-071-1/+10
| * Fix bugs in generating event signatures and hashingErik Johnston2014-11-031-62/+38
| * Don't assume event has hashes key alreadyErik Johnston2014-11-031-0/+2
| * Sign evnetsErik Johnston2014-10-311-0/+20
| * Make prev_event signing work again.Erik Johnston2014-10-311-1/+12
| * Merge branch 'develop' of github.com:matrix-org/synapse into federation_autho...Erik Johnston2014-10-304-5/+3
| |\
| * | fix pyflakes warningsMark Haines2014-10-271-4/+4
| * | Merge branch 'develop' into event_signingMark Haines2014-10-273-2/+5
| |\ \
| * | | Remove signatures from pdu when computing hashes to use for prev pdus, make s...Mark Haines2014-10-171-1/+5
| * | | Rename 'meta' to 'unsigned'Mark Haines2014-10-171-1/+3
| * | | Hash the same content covered by the signature when referencing previous PDUs...Mark Haines2014-10-171-5/+14
| * | | Sign outgoing PDUs.Mark Haines2014-10-161-2/+2
| * | | persist hashes and origin signatures for PDUsMark Haines2014-10-151-0/+70
* | | | Merge branch 'develop' into request_loggingMark Haines2014-10-304-5/+3
|\ \ \ \ | | |_|/ | |/| |
| * | | Fix pep8 warningsMark Haines2014-10-304-5/+3
| | |/ | |/|
* / | Add a request-id to each log lineMark Haines2014-10-301-4/+6
|/ /
* | Fix pyflakes warningsMark Haines2014-10-271-1/+0
* | Add log message if we can't enable ECC. Require pyopenssl>=0.14 since 0.13 do...Mark Haines2014-10-241-1/+4
* | add log line for checking verifying signaturesMark Haines2014-10-171-0/+1
|/
* Better response message when signature is missing or unsupportedMark Haines2014-10-131-1/+1
* Respond with more helpful error messages for unsigned requestsMark Haines2014-10-132-4/+33
* SYN-75 Verify signatures on server to server transactionsMark Haines2014-09-304-172/+154
* Add a _matrix/key/v1 resource with the verification keys of the local serverMark Haines2014-09-231-161/+0
* fix the copyright holder from matrix.org to OpenMarket Ltd, as matrix.org has...Matthew Hodgson2014-09-036-6/+6
* Add copyright notices and fix pyflakes errorsMark Haines2014-09-031-1/+15
* enable ECDHE ciphersMark Haines2014-09-011-0/+6
* Add server TLS context factoryMark Haines2014-09-011-0/+23
* Add config tree to synapse. Add support for reading config from a fileMark Haines2014-08-311-160/+0
* add in whitespace after copyright statements to improve legibilityMatthew Hodgson2014-08-136-0/+6
* Reference Matrix Home Servermatrix.org2014-08-126-0/+575